last executing test programs:

3m34.431890565s ago: executing program 0 (id=462):
syz_open_dev$media(&(0x7f0000000000), 0x8000009, 0x8800)
r0 = getpid()
rt_tgsigqueueinfo(0x0, r0, 0x9, &(0x7f0000000380)={0x5, 0x5, 0xc})
openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0)
fcntl$setown(0xffffffffffffffff, 0x8, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, 0x0, 0x0)
sendmmsg$unix(r2, 0x0, 0x0, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$inet6(0xa, 0x3, 0xff)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = socket$xdp(0x2c, 0x3, 0x0)
getsockopt$XDP_STATISTICS(r3, 0x11b, 0x7, &(0x7f0000000040), &(0x7f00000001c0)=0x30)
getpid()
syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100009dea7840b418fbff7bdc010203010902"], 0x0)
r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040), 0x106}}, 0x20)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7f7c}]})
exit(0x6)
close_range(r5, 0xffffffffffffffff, 0x0)

3m30.249062156s ago: executing program 0 (id=471):
openat$binderfs(0xffffffffffffff9c, 0x0, 0x2, 0x0)
creat(0x0, 0x1a3)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
prctl$PR_SET_IO_FLUSHER(0x43, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xb, &(0x7f0000000140)=ANY=[@ANYRES8=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='cachefiles_trunc\x00', r2, 0x0, 0x2}, 0x18)
r3 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
r4 = gettid()
r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
sendmsg$RDMA_NLDEV_CMD_RES_GET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="309c00000914e73f"], 0x30}, 0x1, 0x0, 0x0, 0xbe9b70533f0d9e1}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
recvfrom(0xffffffffffffffff, 0x0, 0x0, 0x20, 0x0, 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r5, &(0x7f00000006c0)={0x15, 0x110, 0xfa00, {0xffffffffffffffff, 0xffffaa8b, 0x30, 0x30, 0x700, @in6={0x1b, 0x0, 0x0, @loopback, 0x3fb}, @ib={0x1b, 0xffff, 0x9, {"0000000002000000001393000000dd00"}, 0x8074, 0x0, 0x7fff}}}, 0x118)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
tkill(r4, 0xb)
socket$kcm(0x10, 0x2, 0x0)

3m26.83490588s ago: executing program 0 (id=482):
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r0 = getpid()
sched_setscheduler(r0, 0x2, 0x0)
prlimit64(r0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$alg(0x26, 0x5, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x2, 0x0)
sendfile(r5, r4, 0x0, 0x6)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x8)
bind$bt_hci(r6, &(0x7f0000000000)={0x1f, 0x5, 0x3}, 0x6)
write$binfmt_misc(r6, &(0x7f0000000100), 0x6)
mount(&(0x7f00000000c0)=@loop={'/dev/loop', 0x0}, &(0x7f0000000300)='./cgroup\x00', &(0x7f0000000040)='romfs\x00', 0x200440, 0x0)

3m25.715020256s ago: executing program 0 (id=487):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r2, 0x4068aea3, &(0x7f0000000240))
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000fe5000/0x18000)=nil, &(0x7f00000000c0)=[@text64={0x40, 0x0}], 0x1, 0x41, 0x0, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000100)={0x6, 0x1f, 0x6})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f0000000080)={0x2, 0x5, 0x3})
syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x1)
close_range(r0, 0xffffffffffffffff, 0x0)

3m24.20116899s ago: executing program 0 (id=492):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
migrate_pages(0x0, 0x3, &(0x7f0000000300)=0x3, 0x0)

3m23.892353111s ago: executing program 0 (id=493):
socket$inet_mptcp(0x2, 0x1, 0x106)
openat$dir(0xffffffffffffff9c, &(0x7f0000001a00)='./file1\x00', 0x40, 0x0)
r0 = syz_open_dev$ndb(&(0x7f00000000c0), 0x0, 0x80000)
mount(&(0x7f0000000000)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000004a00)='./file1\x00', &(0x7f0000000080)='udf\x00', 0x2008087, 0x0)
ioctl$NBD_CLEAR_SOCK(r0, 0xab04)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(0xffffffffffffffff, 0x40505330, 0x0)
preadv(0xffffffffffffffff, &(0x7f00000003c0), 0x0, 0x7, 0x4)
mount$fuse(0x0, 0x0, 0x0, 0x1930bd, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
r1 = socket$inet6(0xa, 0x3, 0x6)
setsockopt$inet6_buf(r1, 0x29, 0x39, &(0x7f0000000040)="ff02040000b5ffffffffffffffff2e2be82db1af00000000", 0x18)
connect$inet6(r1, &(0x7f0000000080)={0xa, 0x4e20, 0x1000040, @private1={0xfc, 0x1, '\x00', 0xa}, 0xae3c}, 0x1c)
setsockopt$inet6_IPV6_DSTOPTS(r1, 0x29, 0x3b, &(0x7f0000000200)=ANY=[], 0x8)
setsockopt$inet6_IPV6_RTHDRDSTOPTS(r1, 0x29, 0x37, &(0x7f00000000c0)=ANY=[@ANYBLOB="320000006ed3"], 0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000032680)=""/102400, 0x19000)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x800, 0x0)
socket$kcm(0x10, 0x2, 0x0)
r3 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r3, &(0x7f0000000000), 0x10)
socket(0x10, 0x803, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'vlan0\x00', <r5=>0x0})
sendmsg$can_bcm(r3, &(0x7f0000000280)={&(0x7f0000000040)={0x1d, r5}, 0x10, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="04000000980000000800000000000000", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="000000a001000000037a1a977bb386dd0af905030f6f7b6de25c62ab15f922e4078870be10e2c8d93fdc6e38803e0d054bd14399d094e26353b1e432562d758a1ba6961e84041d4f86afbcd863b5a95253fb7be7067977d2852e080361156f"], 0x48}, 0x1, 0x0, 0x0, 0x8081}, 0x4000804)
r6 = dup(0xffffffffffffffff)
setsockopt$WPAN_WANTLQI(r6, 0x0, 0x3, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000400), r6)

3m8.377344661s ago: executing program 32 (id=493):
socket$inet_mptcp(0x2, 0x1, 0x106)
openat$dir(0xffffffffffffff9c, &(0x7f0000001a00)='./file1\x00', 0x40, 0x0)
r0 = syz_open_dev$ndb(&(0x7f00000000c0), 0x0, 0x80000)
mount(&(0x7f0000000000)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000004a00)='./file1\x00', &(0x7f0000000080)='udf\x00', 0x2008087, 0x0)
ioctl$NBD_CLEAR_SOCK(r0, 0xab04)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(0xffffffffffffffff, 0x40505330, 0x0)
preadv(0xffffffffffffffff, &(0x7f00000003c0), 0x0, 0x7, 0x4)
mount$fuse(0x0, 0x0, 0x0, 0x1930bd, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
r1 = socket$inet6(0xa, 0x3, 0x6)
setsockopt$inet6_buf(r1, 0x29, 0x39, &(0x7f0000000040)="ff02040000b5ffffffffffffffff2e2be82db1af00000000", 0x18)
connect$inet6(r1, &(0x7f0000000080)={0xa, 0x4e20, 0x1000040, @private1={0xfc, 0x1, '\x00', 0xa}, 0xae3c}, 0x1c)
setsockopt$inet6_IPV6_DSTOPTS(r1, 0x29, 0x3b, &(0x7f0000000200)=ANY=[], 0x8)
setsockopt$inet6_IPV6_RTHDRDSTOPTS(r1, 0x29, 0x37, &(0x7f00000000c0)=ANY=[@ANYBLOB="320000006ed3"], 0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000032680)=""/102400, 0x19000)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x800, 0x0)
socket$kcm(0x10, 0x2, 0x0)
r3 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r3, &(0x7f0000000000), 0x10)
socket(0x10, 0x803, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'vlan0\x00', <r5=>0x0})
sendmsg$can_bcm(r3, &(0x7f0000000280)={&(0x7f0000000040)={0x1d, r5}, 0x10, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="04000000980000000800000000000000", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="000000a001000000037a1a977bb386dd0af905030f6f7b6de25c62ab15f922e4078870be10e2c8d93fdc6e38803e0d054bd14399d094e26353b1e432562d758a1ba6961e84041d4f86afbcd863b5a95253fb7be7067977d2852e080361156f"], 0x48}, 0x1, 0x0, 0x0, 0x8081}, 0x4000804)
r6 = dup(0xffffffffffffffff)
setsockopt$WPAN_WANTLQI(r6, 0x0, 0x3, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000400), r6)

2m28.566284343s ago: executing program 2 (id=648):
r0 = syz_open_dev$MSR(0x0, 0x2, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, 0x0})
io_cancel(0x0, 0xfffffffffffffffe, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000280)=ANY=[@ANYRES64=r0], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r1}, 0x18)
recvmsg$unix(0xffffffffffffffff, 0x0, 0x2121)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='jffs2\x00', 0x2, 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
syz_io_uring_setup(0x7294, 0x0, &(0x7f0000000400), &(0x7f0000000440))
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
add_key(0x0, &(0x7f0000000180), &(0x7f0000000100), 0x0, 0xfffffffffffffffe)
add_key(0x0, 0x0, &(0x7f0000000100), 0x0, 0xfffffffffffffffe)
clock_getres(0x2, 0x0)

2m27.537659984s ago: executing program 2 (id=650):
r0 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000080000000b"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0x14, &(0x7f0000000700)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002300000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r2}, 0x18)
r3 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
r4 = openat$binfmt(0xffffffffffffff9c, r3, 0x42, 0x1ff)
write$binfmt_elf64(r4, &(0x7f0000000040)=ANY=[@ANYBLOB="7f454c4602010103fcffffffffffffff03003e005666d37500010000000000004000000000000000df012000040000000000000003003800010007000200010003000000000000000300000000010100ff"], 0x509)
close(r4)
r5 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
write(r5, &(0x7f00000000c0)="15757ca33c8ded19bc0bd03f14feadfa8822df606e5c83c0db084a91508f5ddc93609c9ea60378e3778eeea596456ae33916f57e", 0x34)
close(r5)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x401, 0x0)
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0)

2m26.755306398s ago: executing program 2 (id=654):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbeed, 0x8031, 0xffffffffffffffff, 0x6a2f6000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r0, &(0x7f00000003c0), 0x0, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0x0, 0x0, &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x15, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x102, 0x0)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000080)=0xff)
r3 = syz_open_procfs$pagemap(0x0, &(0x7f0000000000))
r4 = socket(0x2000000000000021, 0x2, 0x10000000000002)
setsockopt$inet_sctp6_SCTP_RECVRCVINFO(r4, 0x84, 0x20, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x5d032, 0xffffffffffffffff, 0x0)
ioctl$PAGEMAP_SCAN(r3, 0xc0606610, &(0x7f0000000400)={0x60, 0x0, &(0x7f0000180000/0x4000)=nil, &(0x7f0000977000/0x3000)=nil, 0x9, 0x0, 0x0, 0x1c, 0x46, 0x4, 0x0, 0x67})
r5 = openat2(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0xc2480, 0x34, 0x8}, 0x18)
setsockopt$IP_VS_SO_SET_ADDDEST(r5, 0x0, 0x487, &(0x7f0000000340)={{0x0, @remote, 0x4e21, 0x4, 'lc\x00', 0x8, 0x8001, 0x6d}, {@loopback, 0x4e22, 0x2, 0x6, 0x44a, 0x3ff}}, 0x44)
sendmsg(r1, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x5, 0x10000051, 0x0, 0x1000, 0xb49, 0xa, 0x4, 0xffffff82, 0x1}, 0x0)
sendmmsg$unix(r5, 0x0, 0x0, 0x804)
r6 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r6, 0x29, 0xb, &(0x7f0000000040)=0x9, 0x4)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB='T\x00'/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000340012800ee9000069703665727370616e0000002000028004001200060018000900000005001700010000000500160002000000", @ANYBLOB="248aa52bc36f595d68", @ANYRES64=0x0], 0x54}}, 0x0)
socket$netlink(0x10, 0x3, 0x0)
bind$inet6(r6, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty, 0x1000}, 0x1c)
sendto$inet6(r6, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @private0, 0x2c}, 0x1c)
mremap(&(0x7f0000064000/0x3000)=nil, 0x3000, 0x600000, 0x3, &(0x7f0000a00000/0x600000)=nil)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x10b200, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000400)={0x1ff, 0x4, 0xeeef0000, 0x2000, &(0x7f0000000000/0x2000)=nil})

2m25.211493796s ago: executing program 2 (id=658):
prlimit64(0x0, 0xe, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x104000, 0x0)
mount$9p_unix(&(0x7f0000000140)='./file0\x00', &(0x7f00000004c0)='./file0\x00', 0x0, 0x12c5c18, 0x0)
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x2a05004, 0x0)
umount2(&(0x7f0000000180)='./file0/file0\x00', 0x0)
read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000ec0)={'batadv0\x00', <r2=>0x0})
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)={0x1c, r3, 0x303, 0x0, 0xfffffffc, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x0)

2m23.108788135s ago: executing program 2 (id=663):
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) (async)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) (async)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) (async)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
socket$nl_route(0x10, 0x3, 0x0) (async)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x80002, 0x0) (async)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19) (async)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) (async)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) (async)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) (async)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
munlockall()
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8)
syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff) (async)
write$rfkill(0xffffffffffffffff, 0x0, 0x0) (async)
socket$netlink(0x10, 0x3, 0x0) (async)
openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) (async)
socket$kcm(0x10, 0x2, 0x0) (async)
syz_open_dev$tty1(0xc, 0x4, 0x1)

2m22.661805782s ago: executing program 2 (id=665):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r1=>0x0})
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$SIOCRSSL2CALL(r2, 0x89e2, &(0x7f0000000240)=@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0})
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x10, 0x4, 0x8, 0x5}, 0x48)
set_mempolicy(0x8000, &(0x7f0000000100)=0x5, 0xffffffffffffffa7)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008900000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r3}, &(0x7f0000000000), &(0x7f0000000040)=r4}, 0x20)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000003c0)={r4, r1}, 0x14)
syz_emit_ethernet(0xfdef, &(0x7f0000000540)=ANY=[], 0x0)

2m21.889630562s ago: executing program 33 (id=665):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r1=>0x0})
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$SIOCRSSL2CALL(r2, 0x89e2, &(0x7f0000000240)=@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0})
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x10, 0x4, 0x8, 0x5}, 0x48)
set_mempolicy(0x8000, &(0x7f0000000100)=0x5, 0xffffffffffffffa7)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008900000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r3}, &(0x7f0000000000), &(0x7f0000000040)=r4}, 0x20)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000003c0)={r4, r1}, 0x14)
syz_emit_ethernet(0xfdef, &(0x7f0000000540)=ANY=[], 0x0)

30.100548669s ago: executing program 5 (id=976):
r0 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000780), 0x220002, 0x0)
ioctl$sock_qrtr_TIOCINQ(r0, 0x541b, &(0x7f00000007c0))
socket$inet_sctp(0x2, 0x1, 0x84)
openat$uhid(0xffffff9c, 0x0, 0x802, 0x0)
unshare(0x24020400)
r1 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000004380)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000100)=ANY=[@ANYBLOB="240000001800090400000000000000000a201000ff0000000074d5d447001e0001000000"], 0x24}}, 0x0)
add_key$fscrypt_v1(0x0, &(0x7f0000000040)={'fscrypt:', @desc3}, &(0x7f0000000080)={0x0, "6d3cbbb62532c269dca454cb53b94ab848259001ac948c5fdb400a57c261c2288359c48f8d9c0000cf34d669d822bc6192565eb908c0134e07f3dd890ca33531", 0x2f}, 0x48, r1)
prlimit64(0x0, 0x1, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$inet6(0xa, 0x1, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
syz_clone3(&(0x7f0000000600)={0x100, &(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440), {}, &(0x7f0000000480)=""/236, 0xec, &(0x7f0000000580)=""/56, &(0x7f00000005c0)=[0xffffffffffffffff], 0x1}, 0x58)
add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0xfe3a, 0xfffffffffffffffe)

28.305269642s ago: executing program 5 (id=980):
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6(0xa, 0x2, 0x0)
mount$binderfs(0x0, &(0x7f00000023c0)='./binderfs\x00', &(0x7f0000002400), 0x4000, 0x0)
sendmmsg$unix(r2, &(0x7f0000001a40), 0x0, 0x40)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6)
socket$netlink(0x10, 0x3, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a50000000060a09040000000000000000020000000900020073797a32000000000900010073797a30000000002400048020000180070001006374000014000280080001400000000a080002400000000e140000001100010000000000000000000000000a2c3a0ddbf8cfdac1b5cb5bad6192775785be3a919b4fe2b7a325f4d1b16a692debd09f14a595e73dbd2db173704301f996ccedbbc356c7a17989129b3fca7c09ff283efca5f873f8dcb6eb8174c182f2233926afa2bc07"], 0x78}}, 0x0)
syz_emit_ethernet(0x5a, &(0x7f00000004c0)={@broadcast, @dev, @void, {@ipv4={0x800, @icmp={{0xc, 0x4, 0x0, 0x0, 0x4c, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local, {[@timestamp_prespec={0x44, 0x1c, 0xff, 0x3, 0x2, [{@multicast1, 0x7}, {@empty, 0xe6a5}, {@rand_addr=0x64010100, 0x8}]}]}}, @dest_unreach={0xc, 0x0, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @dev, @multicast1}}}}}}, 0x0)

27.33503904s ago: executing program 5 (id=984):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$fou(&(0x7f0000000100), 0xffffffffffffffff)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
syz_open_procfs(0x0, &(0x7f00000003c0)='net/mcfilter6\x00')
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00')
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000180)=@abs, 0x6e)
ioctl$SIOCRSGL2CALL(r2, 0x89e5, &(0x7f0000000300))
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r6, 0x29, 0x8, 0x0, 0x0)
r7 = syz_open_procfs(0x0, &(0x7f0000000140)='uid_map\x00')
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r8, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000d00)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}]}, @NFT_MSG_NEWSETELEM={0x2c, 0xc, 0xa, 0x5, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_ELEMENTS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x4}, @NFTA_SET_ELEM_TIMEOUT={0xc, 0x4, 0x1, 0x0, 0xf}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x90}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
faccessat(r7, 0x0, 0x10)
fanotify_mark(0xffffffffffffffff, 0x1, 0x40001019, 0xffffffffffffffff, 0x0)
sendmsg$FOU_CMD_ADD(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x24, r1, 0xd1bd17c4b9ef5e5b, 0x70bd26, 0x25dfdbff, {}, [@FOU_ATTR_TYPE={0x5, 0x4, 0x2}, @FOU_ATTR_LOCAL_V4={0x8, 0x6, @dev={0xac, 0x14, 0x14, 0x14}}]}, 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x200040d0)
sendmsg$FOU_CMD_ADD(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="0b0528bd70000500040002"], 0x1c}, 0x1, 0x0, 0x0, 0x2405c000}, 0x4000000)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)

26.092187972s ago: executing program 5 (id=986):
syz_usb_connect(0x2, 0x24, &(0x7f0000000100)=ANY=[@ANYBLOB="1201000011620140480b05101e8c00000001090212000100000000090401"], 0x0)
r0 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x80402)
getresuid(&(0x7f0000002f80), &(0x7f0000002fc0), &(0x7f0000003000))
socket$inet6(0xa, 0x3, 0x3c)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0}, 0x94)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0x12, r2, 0x0)
r3 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r3, 0xc0189374, &(0x7f0000000240)={{0x1, 0x1, 0x1018, 0xffffffffffffffff, {0x29}}, './file0\x00'})
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x0, 0xc, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x14, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='writeback_bdi_register\x00', r4}, 0x10)
dup(r1)
mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="1b00000000ae2a18479d862cc5ed7ef72ccfd640c70000000000090000e03093db2a", @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000300000000000000feffffff18", @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020040010000008500000085000000b70000000000000095000000000000006fec816860b2672bffca2561dcb2371f187b03c6d8"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r8}, 0x2d)
pwrite64(r0, &(0x7f00000004c0)="2ad0f8654ad1097e98d1bbe495953836040e41cb0f6c783efd616c41", 0x1c, 0x9)

22.685058523s ago: executing program 5 (id=998):
syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000300)={'wlan0\x00'})
r1 = syz_open_dev$media(&(0x7f00000000c0), 0x103, 0x0)
ioctl$MEDIA_IOC_REQUEST_ALLOC(r1, 0x80047c05, &(0x7f0000000080))
io_setup(0x23, &(0x7f0000000280))
creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39ddd8)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = socket(0x2, 0x80805, 0x0)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x10, &(0x7f0000000200)=@sack_info={0x0, 0x0, 0x2}, 0xc)
socket$netlink(0x10, 0x3, 0xf)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setscheduler(0x0, 0x1, &(0x7f00000002c0)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x20040, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_GET_STATS_FD_cpu(r8, 0xaece)
r9 = gettid()
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x7], 0x0, 0x0, 0x1, 0x0, r9}}, 0x40)

20.728858823s ago: executing program 5 (id=1006):
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f00000002c0)='GPL\x00'}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x6, 0x3, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @xdp=0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(r1, 0x80089419, &(0x7f0000000340))
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000580)={'netdevsim0\x00', <r3=>0x0})
r4 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000a40)={r0, r3, 0x25, 0x4, @void}, 0x10)
r5 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCDELRT(r5, 0x890c, &(0x7f00000000c0)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x6, @null, @bpq0, 0x1, [@bcast, @default, @default, @default, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @default]})
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000000)={r4, r1, 0x4, r0}, 0x6)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
capset(&(0x7f0000a31000)={0x20080522}, &(0x7f0000000080))
shmat(0x0, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffcfff)
r6 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi4\x00', 0x101000, 0x0)
ioctl$COMEDI_CMD(r6, 0x80506409, &(0x7f0000000100)={0xffffffff, 0x20, 0x10, 0x6dd, 0x4, 0x0, 0x2, 0xb05, 0x20, 0x2, 0x40, 0x6, &(0x7f0000000000)=[0x4], 0x1, 0x0})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x40, &(0x7f0000000380))
r7 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r7, 0x1, 0x25, &(0x7f0000000200)=0x5d4c, 0x4)
bind$inet(r7, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r7, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r7, &(0x7f0000007fc0), 0x800001d, 0x0)
setsockopt$MRT6_ADD_MFC_PROXY(0xffffffffffffffff, 0x29, 0xd2, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000dc0)={0x6, 0xf, 0x0, 0x0, 0x10, 0x0, 0x0, 0x40f00, 0x8, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
recvfrom(r7, 0x0, 0x0, 0x40010001, 0x0, 0x0)
getsockopt$ARPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x61, 0x0, 0x0)
recvmmsg(r7, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x20000004)
quotactl$Q_SYNC(0xffffffff80000101, 0x0, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000140)='net/tcp6\x00')

9.503027655s ago: executing program 4 (id=1035):
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
r0 = socket$tipc(0x1e, 0x5, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
timer_create(0x2, 0x0, &(0x7f0000000040))
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='timers\x00')
read$usbfs(r3, &(0x7f0000000100)=""/129, 0x81)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
mmap(&(0x7f0000cc9000/0x4000)=nil, 0x4000, 0x1000002, 0x20010, r0, 0x200000)
openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x61c001, 0x100)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0x5)
r4 = dup(0xffffffffffffffff)
sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(r4, &(0x7f0000000300)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x50060}, 0x4)
ioctl$SIOCSIFHWADDR(r4, 0x8926, &(0x7f0000002640)={'team_slave_0\x00', @random="76f64c34b99d"})
listen(r0, 0x100)

8.52058242s ago: executing program 6 (id=1038):
bind$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x47)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0, 0x0, 0xffffffffffffffff}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = syz_open_procfs(0x0, &(0x7f00000001c0)='pagemap\x00')
pread64(r4, &(0x7f0000000200)=""/102400, 0x19000, 0x1000000000)
add_key$keyring(&(0x7f0000000a40), &(0x7f0000000a80)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r6=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(0xffffffffffffffff, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r6})
ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, &(0x7f0000000280)={0x28, 0x4, r6, 0x0, &(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1})
ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, &(0x7f0000000000)={0x28, 0x4, r6, 0x0, &(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x8})
close_range(r5, 0xffffffffffffffff, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000600)={'ip6gre0\x00', &(0x7f0000000000)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x6, 0x0, 0x39, @dev={0x12, 0x80, '\x00', 0xfe}, @mcast2={0xff, 0x3}, 0x2000, 0xba08}})

7.100524349s ago: executing program 6 (id=1041):
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6(0xa, 0x2, 0x0)
mount$binderfs(0x0, &(0x7f00000023c0)='./binderfs\x00', &(0x7f0000002400), 0x4000, 0x0)
sendmmsg$unix(r2, &(0x7f0000001a40), 0x0, 0x40)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6)
socket$netlink(0x10, 0x3, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
syz_emit_ethernet(0x5a, &(0x7f00000004c0)={@broadcast, @dev, @void, {@ipv4={0x800, @icmp={{0xc, 0x4, 0x0, 0x0, 0x4c, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local, {[@timestamp_prespec={0x44, 0x1c, 0xff, 0x3, 0x2, [{@multicast1, 0x7}, {@empty, 0xe6a5}, {@rand_addr=0x64010100, 0x8}]}]}}, @dest_unreach={0xc, 0x0, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @dev, @multicast1}}}}}}, 0x0)

6.678624664s ago: executing program 1 (id=1042):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f0000000040)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x8, 0x0, 0x0, 0x40f00, 0x23, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='sched_switch\x00', r0, 0x0, 0x1}, 0x18)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
creat(0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mlock2(&(0x7f0000627000/0x3000)=nil, 0x3000, 0x0)
mlock(&(0x7f0000626000/0x5000)=nil, 0x5000)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r4, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r5=>0x0})
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r7=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)=@newlink={0x40, 0x10, 0x503, 0x200000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x15a11}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r7}]}}}]}, 0x40}}, 0x44)
syz_emit_ethernet(0x66, &(0x7f00000003c0)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x14}, @void, {@ipv4={0x88fb, @gre={{0x5, 0x4, 0x2, 0x1, 0x58, 0x66, 0x0, 0x8, 0x2f, 0x0, @multicast2, @initdev={0xac, 0x1e, 0x81, 0x0}}, {{0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x880b, 0x0, 0x1}, {0x1, 0x0, 0x0, 0x1}, {0x1}, {0x8, 0x88be, 0x3, {{0x5, 0x1, 0x6, 0x2, 0x1, 0x1, 0x6, 0x4}, 0x1, {0x500c}}}, {0x8, 0x22eb, 0x4, {{0xe, 0x2, 0xf8, 0x3, 0x1, 0x2, 0x4, 0xf9}, 0x2, {0x1, 0x9, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1}}}, {0x8, 0x6558, 0x3}}}}}}, 0x0)

5.797970889s ago: executing program 4 (id=1044):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r0 = openat2(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', &(0x7f0000000280)={0x591002, 0x1, 0xc}, 0x18)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x4206, r1)
tkill(r1, 0x12)
tkill(r1, 0x12)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r0, 0xc0189375, &(0x7f0000000080)={{0x1, 0x1, 0x18, r0}, './file0\x00'})
ptrace(0x4208, r1)
open(&(0x7f0000000040)='./file0\x00', 0x551083, 0x28)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./bus\x00', 0x4d)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x44004000)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500d584ba750000060a010400000000000000000a00000154000480500001800b00010074617267657400004000028008000240000000012c0003007339f2f10455afb9fdd672bad09dfb78c7699c74e891a0c70000000000000000000000000000000008000100544545000900020073797b32000000000900010073797a3100000000140005800800014000008917080002400000000214000000000100000a"], 0xbc}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000840)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000180)={'vxcan1\x00', <r5=>0x0})
openat$selinux_status(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=@getchain={0x24, 0x11, 0x839, 0x70bd25, 0x0, {0x0, 0x0, 0x0, r5, {0x1}, {0xffff, 0xfff1}, {0x1}}}, 0x24}}, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000000)=0x5d2f)
rename(&(0x7f0000000180)='./bus\x00', &(0x7f00000001c0)='./file0\x00')

5.205557245s ago: executing program 34 (id=1006):
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f00000002c0)='GPL\x00'}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x6, 0x3, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @xdp=0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(r1, 0x80089419, &(0x7f0000000340))
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000580)={'netdevsim0\x00', <r3=>0x0})
r4 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000a40)={r0, r3, 0x25, 0x4, @void}, 0x10)
r5 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCDELRT(r5, 0x890c, &(0x7f00000000c0)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x6, @null, @bpq0, 0x1, [@bcast, @default, @default, @default, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @default]})
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000000)={r4, r1, 0x4, r0}, 0x6)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
capset(&(0x7f0000a31000)={0x20080522}, &(0x7f0000000080))
shmat(0x0, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffcfff)
r6 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi4\x00', 0x101000, 0x0)
ioctl$COMEDI_CMD(r6, 0x80506409, &(0x7f0000000100)={0xffffffff, 0x20, 0x10, 0x6dd, 0x4, 0x0, 0x2, 0xb05, 0x20, 0x2, 0x40, 0x6, &(0x7f0000000000)=[0x4], 0x1, 0x0})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x40, &(0x7f0000000380))
r7 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r7, 0x1, 0x25, &(0x7f0000000200)=0x5d4c, 0x4)
bind$inet(r7, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r7, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r7, &(0x7f0000007fc0), 0x800001d, 0x0)
setsockopt$MRT6_ADD_MFC_PROXY(0xffffffffffffffff, 0x29, 0xd2, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000dc0)={0x6, 0xf, 0x0, 0x0, 0x10, 0x0, 0x0, 0x40f00, 0x8, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
recvfrom(r7, 0x0, 0x0, 0x40010001, 0x0, 0x0)
getsockopt$ARPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x61, 0x0, 0x0)
recvmmsg(r7, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x20000004)
quotactl$Q_SYNC(0xffffffff80000101, 0x0, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000140)='net/tcp6\x00')

5.196552969s ago: executing program 6 (id=1046):
syz_open_dev$evdev(&(0x7f0000000080), 0x2, 0x842)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000106161154d0000000000010902240001000000000904e800010300000009210000000122f80409058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220508"], 0x0}, 0x0)
r1 = memfd_create(&(0x7f0000000280)='\x00\x00\x00\x00\x00\x00z\x9b\xb6\xe8t;\xfc\x02\x00\x00\x009\xa0\x8b\x14d\xa2\xa1\xa8!\xe8\xd1\xa0\x8a\xce0\x1c\xb7\xf1\xccm\xce\xd4\xdb\x89\xe5\x8f\xe2\xb6\xd6\x9cF\xbd\xff\x14\x05\x00\x00\x00\x00\x00\x00\x00\xf3\xdc\x91\'\x06\\8\r\xfc\xeeG\xbe\x90C\x1c)5\x98\xa3\xfa\a\xf9\x98\xbb}\xeb\x86P=\xe51\x9d,\xb7\xe6_M\xbe\x19\xea#\xff[\xd1\xc3\x9a\xa3\x1b\xf9\xe9\x1d \xce1\xc9\x9f\xb0\x14\xc2\xeb\xf9\xceE\xad\xa4\x92\f\xef\x87g\xb6\xabW\xac\rP\xf42\xb7\xc8\xaajn\xd7\n\r\x802\xd7\x1b$\x95tO*\xf4\xae\xb8\xb8m\xbf\r\xd5\xbf*\xfd\xc7\x85\x1b\x8b\xe5\x97j`c\xe0\x88?\xda\x8a#t>r\xae\xe8\xc9)', 0x0)
execveat(r1, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
r2 = socket$kcm(0xa, 0x2, 0x0)
sendmsg$kcm(r2, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f00000005c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = socket$l2tp(0x2, 0x2, 0x73)
getsockname$l2tp(r3, 0x0, &(0x7f0000000080))
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeef, 0x8031, 0xffffffffffffffff, 0x55779000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000740)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
syz_open_procfs(0x0, &(0x7f0000000180)='task\x00')
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, 0x0, 0x0)
accept$alg(r7, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)

5.171279944s ago: executing program 3 (id=1047):
ioctl$CEC_ADAP_G_PHYS_ADDR(0xffffffffffffffff, 0x80026101, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
gettid()
timer_create(0x2, 0x0, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000000)={{}, {0x0, 0x989680}}, 0x0)
syz_open_dev$video(&(0x7f0000000b40), 0x80000001, 0x8a800)
socket$nl_route(0x10, 0x3, 0x0)
openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
syz_io_uring_setup(0x497, 0x0, 0x0, &(0x7f0000000280))
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x8004}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000180)=@RTM_GETMDB={0x18, 0x56, 0xf23, 0xfffffffc}, 0x18}}, 0x20008050)
mount(&(0x7f00000000c0)=@sr0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='ubifs\x00', 0x808f53, 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000400)=ANY=[], 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone3(&(0x7f0000000380)={0x22140000, 0x0, 0x0, 0x0, {0x1a}, 0x0, 0x0, 0x0, 0x0}, 0x58)
accept(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='X'], 0x58}, 0x1, 0x0, 0x0, 0x90}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$SNDRV_CTL_IOCTL_PVERSION(0xffffffffffffffff, 0x80045500, &(0x7f00000002c0))
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x2, 0x8, 0x0, 0x3}, 0x0)
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0)

5.023054321s ago: executing program 1 (id=1048):
r0 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r0, &(0x7f0000000540), 0x0)

4.757760453s ago: executing program 4 (id=1049):
r0 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000080000000b"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10)
r1 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
r2 = openat$binfmt(0xffffffffffffff9c, r1, 0x42, 0x1ff)
write$binfmt_elf64(r2, &(0x7f0000000040)=ANY=[@ANYBLOB="7f454c4602010103fcffffffffffffff03003e005666d37500010000000000004000000000000000df"], 0x509)
close(r2)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x401, 0x0)
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0)

4.542841565s ago: executing program 1 (id=1050):
r0 = ioctl$UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, 0x0)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mount(&(0x7f00000002c0)=@nullb, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="60000000020601020000000000000000000000000900020073797a31000000000500010007000000050005000a00000014000780080013400000040008001240fffffffa11000300686173683a6e65742c6e657400000000050004"], 0x60}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0xd, 0x3, &(0x7f0000000480)=ANY=[@ANYBLOB="180000000200000000000000"], &(0x7f0000000040)='syzkaller\x00', 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}, 0x94)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmmsg$unix(0xffffffffffffffff, &(0x7f000000ba40)=[{{&(0x7f0000000240)=@abs={0x0, 0x0, 0x4e22}, 0x6e, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xee01}}}, @cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [r2, r1, r3]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xffffffffffffffff}}}, @rights={{0x2c, 0x1, 0x1, [r0, r0, 0xffffffffffffffff, r0, r0, 0xffffffffffffffff, r1]}}, @cred={{0x1c}}], 0x110, 0x40080}}, {{&(0x7f0000001980)=@abs={0x0, 0x0, 0x4e24}, 0x6e, &(0x7f0000001d40)=[{&(0x7f0000001a00)="926d2abc866a25fb51b4bb5323ee71e5beab9ad13fdf6e6fddc39cba5b2e553b0a8c969f7eb62b5ec1a12500d3a757a673d281b076333f5849de7fffd36a7887be5a6f463ab005e78d2e6047ba64fa4eac84dffe3ef6b995b1450bee8f72035f51b10d1ad888bb2f7c1d815942b152d0880b5d6492917d37b22008faec4a9eb4744ea2529c3d5ae909fe4922f07c43825ad6161c112e7dfdebdce19257b7", 0x9e}, {&(0x7f00000008c0)="4a7d7a62a2a71248", 0x8}, {&(0x7f0000001ac0)="e92985ba77df65a3e51aa0dcab5836187046610795b614569e8d38ce9b66d32cc2643e2af3b3593b596b08b9a449da7a8618326ab6285878809ee3842d532ef1039d8be356a055931328401bb5ca00026283049b8fdb9130bffce6012d76aa92ee7d70ffbe9b2b63fc464fb0d39a93b6b5a102332a0dcdfe41224a7b9fa3d3026dd997869aa68541fa070953124eb4a35be35482bf48d417fae9ac29a122ea7ea726f8e596a8c00736b95d59160db45df2511b6cd2a78b098b9fa66fd8006b37b19503", 0xc3}, {&(0x7f0000001bc0)="6caa7a06b0f40a22e3a9cb123f803e7e25c02722df139add75cfbc4461361331e13b14468144d5644a55bc570a8ae95c7b596989a873e99fa7471d638cb4d9f6d60c28b7ba65a86d564fa6da0e8e74ed5abc77c81811a7a8e76a4fc55e6ff02d272ca6e27a7377dab1ed", 0x6a}, {&(0x7f0000001c40)="a1d9d3dae43718d5afc328fe88e2551927b70781abb8fa997c75253f237b032594ab96776c3dd460e904f6bae93e39737c881ee8d4887bf5ebd8833a92f44fc9820b68d84341a61519ea4a60652b559afe567c615ace3177fe8928efd5f70f700eb170846e8e11d5eb73df4e64bd3c7adfd67b7c489dd15c73ac6ba338a7cfc48b52c16546715cb5af0ed161d74c6437d9176d79cbe9f90e833275bac76506d00da36209ea61a56572952f23b75023b8b252bf2e9bf3677a29f21adc493935cc1f9082781ceb1a2e0e7336", 0xcb}], 0x5, &(0x7f0000001e00)=[@rights={{0x18, 0x1, 0x1, [r2, r3]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0x70, 0x24008000}}, {{&(0x7f0000001e80)=@abs={0x0, 0x0, 0x4e21}, 0x6e, &(0x7f000000b680)=[{&(0x7f0000001f00)="5dc05127aef4e1f8b2b5a452b819f37282f2c7af07049896ce2d8ab574e1b0e7c2d80abb68ac3b4484d289e956fe92b517cf82267d24618dc00d884aa18816794f9861e6e56cbbed3474ad27057728a1fc8d6bb328a304f26bf978c149d37e9aa5a677fb26d62985a0911c4bdc98846f321a63c8518aaed64874441c2794", 0x7e}, {&(0x7f000000b400)="23785e9ad3e659f691f75a252c3fccbd368f48d3928ab546d8f15966d293ab3f78e915bf92790f2d089aa7a77f601716248d04a0ce940beb45a1e8bc17b9f874ca8c82f3495975bb28fe6133ebd8b9cc212b174841aa9b08c5b44f95d08f045b8f328acecdb1249ff057b429a55df08e1031365ac91a69dc33c16c0399ad1dc3d554901049db4a85f923e1624ca83c97857758a859addc912f2aca92db95f697179e5e2673426cf6b831806f5e20e95a3e6128a33d34b73a70aa0c24e9f2e27e9adaeafec16508a2daf7d3aa07b36c144eeedd473f", 0xd5}, {&(0x7f0000001f80)="32fed516db6e37110b3fdb38963216c7566d570fad91bb15847df3776f74fae1133e87ef14405333bd6d242d98fb0b8bf883167dffe0038dae3be6d765bce0687ac46c15ec91459ccadaf252bef4301bb86d217c1d23b663f2cba9445a85e18a57fab484", 0x64}, {&(0x7f000000b500)="e436b5107cbcb9af39f9b8d894c1d16f9e2bd955deae997c9415e2f3ef6ba5f87cab881227f7d78e823f48de172ed187aff32905dcbb1ba62569220758fc5a4b6961cec4b61e331a3560a68269a503eebfe94d4380fc5b905f4685c79db78d158db9f6acda8ca70de8736eacb3bb2996b4348baf9882fa201c02fa6c8f9a8dc12a6370fe9c2a9ff400cbc256bd21e0265d3bd13f8e", 0x95}, {&(0x7f000000b5c0)="685c3ebb989185112c65759cd22938eda20985b6ef094df12ad8bb46e0d02d0143520ce238c09454941f3fe69fb3b3f8cd6bfc948682ca5723b6e3eb498f25bc181342249e9379309bef9520529252f05515a1cae43e8d8ed3077e029556b05f2a937ab6f5fbb8c85ddbedf2806ddf2573a6a2d74d085feaaf47fe079a2b9202237e15e06c3317a69217897328c5088f0e8b70081f2e37622f0cf35ca4b2ad1d667399aeb1aad910009908e89756", 0xae}], 0x5, &(0x7f000000b980)=[@rights={{0x34, 0x1, 0x1, [r1, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r2, 0xffffffffffffffff, r1, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff}}}, @cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, r3]}}], 0xb8, 0x4881}}], 0x3, 0x8000)
symlinkat(&(0x7f0000003040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000002040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00')
memfd_create(0x0, 0x0)
r4 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f0000000540), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000004980)=[{{0x0, 0x0, 0x0}}], 0x1, 0x20008000)
r6 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r6, 0x4008af00, &(0x7f0000000940)=0x200000000)

4.396439798s ago: executing program 4 (id=1051):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
getpid()
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000006"], 0x66)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xd, &(0x7f0000000f80)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000085000000a000000095"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

3.743670741s ago: executing program 4 (id=1052):
socket$nl_route(0x10, 0x3, 0x0)
getdents64(0xffffffffffffffff, 0x0, 0x0)
getdents64(0xffffffffffffffff, &(0x7f0000002f40)=""/4098, 0x1002)
r0 = socket(0x10, 0x3, 0x0)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000300)={'syz1\x00', {0x2, 0x57e, 0x63a7, 0x1456}, 0xc, [0xbcf, 0x80, 0x9, 0x7fff, 0x4, 0x8, 0x7, 0x8, 0x3, 0x6, 0x3, 0xd, 0x401, 0x8, 0x7fff, 0x2, 0x40000, 0xff, 0xe256, 0x81, 0x0, 0xea36, 0x1000, 0x3ff, 0x8, 0x0, 0xffffffff, 0x6, 0xd23, 0x800, 0x100, 0x2, 0x7, 0x1, 0x6603, 0x5, 0x1, 0x6, 0xfffffffd, 0x5, 0x7, 0x239, 0x8, 0xfff, 0x626, 0x4, 0x1, 0x5, 0x400, 0x81, 0x8, 0x401, 0x2, 0x81, 0xb0, 0x40, 0x4, 0x81, 0xe, 0x1, 0xc6a0, 0x4, 0x401, 0x5], [0x10001, 0x7, 0x1, 0x1, 0x9, 0x0, 0xfffffffe, 0x3, 0x9, 0x7fff, 0x9, 0x1000, 0x2, 0x2, 0xfffffffa, 0xffff9b7f, 0x573, 0x0, 0x4, 0xcce, 0x1, 0x1, 0xfffffffb, 0x9, 0x9, 0xb, 0x7, 0x5, 0x4, 0x0, 0x80000001, 0x1c3a, 0x4, 0xe4, 0x1000, 0x3, 0x644200b5, 0x800, 0xf, 0x80000001, 0x1b7, 0x6d25, 0xffff7fff, 0x7d, 0x9, 0x2, 0x6, 0x7, 0x0, 0xa, 0x80000001, 0xffff, 0xd947, 0x0, 0xffff, 0x5, 0xffff, 0xffffffff, 0x0, 0x1, 0x0, 0xc9, 0x200, 0x80000001], [0x8, 0x9, 0x0, 0x2, 0xffff, 0x9, 0x0, 0x0, 0x80, 0x8, 0xddf5, 0x6, 0x0, 0x1, 0x4, 0xd, 0x103, 0x3, 0x0, 0x0, 0x7, 0x2, 0x5, 0xf, 0x80, 0x8, 0x4, 0x80000001, 0x78b, 0x5, 0x10000, 0x4, 0x4, 0x3, 0x7f, 0x4, 0x8, 0x5, 0x800, 0xec, 0xfffffff6, 0x0, 0x5, 0x800, 0x7f, 0x0, 0x1, 0x40, 0xfff, 0x6, 0x7, 0x2, 0x1, 0x5, 0x2, 0x4, 0x1000, 0xfffffffe, 0x7, 0x1, 0x3, 0x9, 0x5cf, 0x1], [0xc, 0x7, 0x178, 0x5, 0x9, 0xff, 0xd, 0x10000, 0x2, 0x3, 0x3, 0x4, 0x1, 0x759, 0x8, 0x24, 0xfffffff7, 0xea0, 0x3, 0x5, 0x8f, 0x5b7f503, 0x94, 0x2, 0x1000, 0xa5c0, 0x40b50c25, 0xfffffffe, 0x8, 0x8000, 0x8, 0xde76, 0x1, 0x1, 0x80000000, 0xe6ab, 0x0, 0x3bee5b16, 0x8, 0x81, 0xb828, 0x1dd30, 0x6, 0x6, 0x6, 0x10000, 0x7ff, 0x8000, 0x0, 0x558, 0x4b1f6667, 0x6, 0x1, 0x7, 0x0, 0x6, 0x7fffffff, 0x7, 0x101, 0x938, 0x3, 0x7, 0x5, 0x1935]}, 0x45c)
syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000500)=ANY=[@ANYBLOB="12010000020000402505a1a440000102030109025c0002010000000904000001020d0000052406000105240000000d0b939d60a53067d50000200006241a0000000905810300020000000904010000020d00000904010102020d0000090582020002000000090b"], 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
openat$sndseq(0xffffffffffffff9c, 0x0, 0x2082)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket(0x2b, 0x1, 0x1)
setsockopt$inet6_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4)
connect$inet6(r2, &(0x7f00000004c0)={0xa, 0x4e1f, 0x2, @empty, 0x802}, 0x1c)
recvfrom$ax25(r0, &(0x7f0000000100)=""/87, 0x57, 0xeb59d7796265ba1a, &(0x7f00000002c0)={{0x3, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x4}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @bcast, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}]}, 0x48)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'lo\x00', <r4=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r4, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x4, 0x2, 0x0, 0x0, 0x7, 0x8}, {0x12, 0x3, 0x0, 0x1, 0x1, 0x400}, 0xa5, 0x4, 0x10000000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}}, 0x44080)
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x24, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r4, {0x0, 0xf}, {0xd, 0xa}, {0x6}}}, 0x24}}, 0x4000)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r5, &(0x7f0000000080)={0x1f, 0x1, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, 0x0, 0x0}, 0x94)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r6, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}, 0x50)
socket$inet6_tcp(0xa, 0x1, 0x0)
r7 = syz_open_dev$sndpcmc(0x0, 0x0, 0x0)
mmap$snddsp_control(&(0x7f0000000000/0x3000)=nil, 0x1000, 0x1, 0x11, r7, 0x82000000)

3.035639015s ago: executing program 3 (id=1053):
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x2)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r2)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000005840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=@newqdisc={0x48, 0x24, 0x5820a61ca228651, 0x0, 0x2, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0x1}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x7fffffff, 0x1}}]}}]}, 0x48}}, 0x8d0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=@newtfilter={0x24, 0x28, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x8}, {0xfff2}, {0xfff1, 0x10}}, [@filter_kind_options=@f_bpf={{0x8}, {0x108, 0x2, [@TCA_BPF_ACT={0x104, 0x1, [@m_ctinfo={0x100, 0x13, 0x0, 0x0, {{0xb}, {0x4}, {0xd1, 0x6, "a0773f2bb49483a66924317d3b4b588c7981f0c577e78b34b033d53c664d7d5adcd0a977eb1d127ae75aca24bbcec1a2f6d11f7507733a6410d1fb177adcbb9264d3675c55fb051448096a40717113285248b37b3e771781660545032fd181c60c30c760d2ab0d4ae183aef4ff4dbaf779ff7aed43a23c6a5146637cb0966b37936580f1c2459e480c7cd54f1accdb5905e0fbce30cc11d07c4dc542965f788bcb24b46bd76645a41fc53b80f074c17aec055ab44ccebe8c1425fe66385998ed7963651982992e2b2bcaed4288"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x2}}}}]}]}}]}, 0x134}, 0x1, 0x0, 0x0, 0x20044001}, 0x0)

2.806701986s ago: executing program 1 (id=1054):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$fou(&(0x7f0000000100), 0xffffffffffffffff)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
syz_open_procfs(0x0, &(0x7f00000003c0)='net/mcfilter6\x00')
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00')
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000180)=@abs, 0x6e)
ioctl$SIOCRSGL2CALL(r2, 0x89e5, &(0x7f0000000300))
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r6, 0x29, 0x8, 0x0, 0x0)
r7 = syz_open_procfs(0x0, &(0x7f0000000140)='uid_map\x00')
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r8, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000d00)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}]}, @NFT_MSG_NEWSETELEM={0x2c, 0xc, 0xa, 0x5, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_ELEMENTS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x4}, @NFTA_SET_ELEM_TIMEOUT={0xc, 0x4, 0x1, 0x0, 0xf}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x90}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
faccessat(r7, 0x0, 0x10)
fanotify_mark(0xffffffffffffffff, 0x1, 0x40001019, 0xffffffffffffffff, 0x0)
sendmsg$FOU_CMD_ADD(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x24, r1, 0xd1bd17c4b9ef5e5b, 0x70bd26, 0x25dfdbff, {}, [@FOU_ATTR_TYPE={0x5, 0x4, 0x2}, @FOU_ATTR_LOCAL_V4={0x8, 0x6, @dev={0xac, 0x14, 0x14, 0x14}}]}, 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x200040d0)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000080)=@o_path={&(0x7f0000000000)='./file0\x00', 0x0, 0x4000, r9}, 0x18)

2.722946069s ago: executing program 3 (id=1055):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="02000000040000000800000001"], 0xe)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8ae8ff00000000b7080000000000007b8af0ff00000000bfa10000000000000701000000feffffbfa40000000000000704000000feffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000c500000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000, 0x0, 0x4000000}, 0x1c)
setsockopt$XDP_UMEM_COMPLETION_RING(r2, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4)
r3 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$XDP_RX_RING(r2, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4)
setsockopt$XDP_UMEM_FILL_RING(r2, 0x11b, 0x5, &(0x7f0000000340)=0x8000, 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000400)={'batadv_slave_0\x00', <r4=>0x0})
bind$xdp(r2, &(0x7f0000000100)={0x2c, 0x0, r4}, 0x10)
bind$xdp(r2, &(0x7f0000000200)={0x2c, 0xd, r4, 0x2}, 0x10)
getsockopt(r0, 0x111, 0x1, 0x0, &(0x7f0000000600)=0x4f)

2.006023084s ago: executing program 6 (id=1056):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x2}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd28, 0x25dfdbff, {0x0, 0x0, 0x0, r3, {0x10, 0xfff2}, {}, {0xfff2, 0x9}}, [@filter_kind_options=@f_bpf={{0x8}, {0x41, 0x2, [@TCA_BPF_OPS={{0x6}, {0x4}}]}}]}, 0x3c}, 0x1, 0x8100, 0x0, 0x8058}, 0x20004844)

1.664107248s ago: executing program 1 (id=1057):
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/comedi4\x00', 0x120842, 0x0)
ioctl$COMEDI_UNLOCK(r0, 0x6406)
openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x80, 0x0)
openat$ttyprintk(0xffffffffffffff9c, &(0x7f00000000c0), 0x400800, 0x0)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xb0a54e68b1cd2fdb, 0x103)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065fffff530000008003950323030302e75"], 0x15)
listen(0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, 0x0, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000050a03000000000000000000020000000c00024000000000000000010900010073797a30000000002c000000030a05000000000000000000020000000900010073797a30000000000900030073797a32"], 0x80}}, 0x810)
sched_getattr(0xffffffffffffffff, 0x0, 0x0, 0x0)
r4 = socket$kcm(0x10, 0x400000002, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b000000000000000000000000800000000000", @ANYRES32, @ANYBLOB='\x00'/10, @ANYRES32=0x0, @ANYRES32], 0x48)
write$cgroup_subtree(r4, 0x0, 0xfe33)
recvmsg(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)}, 0x0)
syz_emit_ethernet(0x258, &(0x7f00000003c0)=ANY=[], 0x0)
syz_open_dev$loop(&(0x7f00000002c0), 0x9d, 0x8902)
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='numa_maps\x00')
lseek(r5, 0x1000000, 0x0)
r6 = syz_open_procfs(0x0, &(0x7f0000000080)='net/netlink\x00')
pread64(r6, &(0x7f0000000100)=""/253, 0xfd, 0xadc)
setns(r6, 0x80)
setsockopt$inet_MCAST_JOIN_GROUP(r5, 0x0, 0x2a, &(0x7f0000000000)={0x0, {{0x2, 0x4e23, @rand_addr=0x64010101}}}, 0x84)

937.855524ms ago: executing program 6 (id=1058):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in6=@rand_addr=' \x01\x00', @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa9, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x40800000000000, 0x800000000000000}}}, 0xb8}}, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000740)=@migrate={0xa0, 0x21, 0x1, 0x0, 0x0, {{@in6=@private2, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa}}, [@migrate={0x50, 0x11, [{@in=@loopback, @in=@private=0xa010100, @in=@private=0xa010100, @in=@rand_addr=0x64010100, 0x3c, 0x0, 0x0, 0x0, 0xa, 0x2}]}]}, 0xa0}}, 0x0) (fail_nth: 9)

861.00876ms ago: executing program 3 (id=1059):
r0 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r0, &(0x7f0000000540), 0x0)

674.590292ms ago: executing program 3 (id=1060):
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
fspick(0xffffffffffffff9c, 0x0, 0x1)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x2)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000200)="ad56b6", 0x3)
write$binfmt_register(0xffffffffffffffff, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000000), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
openat2(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x0, 0x0)
sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000001b00)={0x1c, 0x2d, 0x1, 0x70bd27, 0x25dfdbfc, {0x4}, [@typed={0x8, 0xc, 0x0, 0x0, @u32=0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4c00d}, 0x20000000) (fail_nth: 3)

181.740224ms ago: executing program 6 (id=1061):
socket$xdp(0x2c, 0x3, 0x0)
getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x8, &(0x7f0000000340)=0x4, 0x4)
bind$inet6(r0, &(0x7f0000000280)={0xa, 0x4e22, 0x9, @loopback, 0x4}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22, 0x23, @loopback={0x700}, 0x23}, 0x1c)

180.968689ms ago: executing program 4 (id=1062):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts-aes-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="adcd1a9a3fc36e961ed00fe41b0cd695", 0x20)
r1 = accept4$alg(r0, 0x0, 0x0, 0x0)
sendmmsg$alg(r1, &(0x7f00000021c0)=[{0x0, 0x0, &(0x7f0000001000)=[{&(0x7f0000000100)="a92e81d0991808e33c2330164cf023df", 0xfffffc81}], 0x1, &(0x7f0000001040)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x880}], 0x1, 0x80001)
recvmmsg(r1, &(0x7f0000000c00)=[{{0x0, 0x0, &(0x7f0000000b40)=[{&(0x7f0000000200)=""/23, 0x17}], 0x1}, 0x10000}], 0x1, 0x2000, 0x0)

119.942901ms ago: executing program 3 (id=1063):
r0 = ioctl$UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, 0x0)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mount(&(0x7f00000002c0)=@nullb, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="60000000020601020000000000000000000000000900020073797a31000000000500010007000000050005000a00000014000780080013400000040008001240fffffffa11000300686173683a6e65742c6e657400000000050004"], 0x60}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0xd, 0x3, &(0x7f0000000480)=ANY=[@ANYBLOB="180000000200000000000000"], &(0x7f0000000040)='syzkaller\x00', 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}, 0x94)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmmsg$unix(0xffffffffffffffff, &(0x7f000000ba40)=[{{&(0x7f0000000240)=@abs={0x0, 0x0, 0x4e22}, 0x6e, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xee01}}}, @cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [r2, r1, r3]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xffffffffffffffff}}}, @rights={{0x2c, 0x1, 0x1, [r0, r0, 0xffffffffffffffff, r0, r0, 0xffffffffffffffff, r1]}}, @cred={{0x1c}}], 0x110, 0x40080}}, {{&(0x7f0000001980)=@abs={0x0, 0x0, 0x4e24}, 0x6e, &(0x7f0000001d40)=[{&(0x7f0000001a00)="926d2abc866a25fb51b4bb5323ee71e5beab9ad13fdf6e6fddc39cba5b2e553b0a8c969f7eb62b5ec1a12500d3a757a673d281b076333f5849de7fffd36a7887be5a6f463ab005e78d2e6047ba64fa4eac84dffe3ef6b995b1450bee8f72035f51b10d1ad888bb2f7c1d815942b152d0880b5d6492917d37b22008faec4a9eb4744ea2529c3d5ae909fe4922f07c43825ad6161c112e7dfdebdce19257b7", 0x9e}, {&(0x7f00000008c0)="4a7d7a62a2a71248", 0x8}, {&(0x7f0000001ac0)="e92985ba77df65a3e51aa0dcab5836187046610795b614569e8d38ce9b66d32cc2643e2af3b3593b596b08b9a449da7a8618326ab6285878809ee3842d532ef1039d8be356a055931328401bb5ca00026283049b8fdb9130bffce6012d76aa92ee7d70ffbe9b2b63fc464fb0d39a93b6b5a102332a0dcdfe41224a7b9fa3d3026dd997869aa68541fa070953124eb4a35be35482bf48d417fae9ac29a122ea7ea726f8e596a8c00736b95d59160db45df2511b6cd2a78b098b9fa66fd8006b37b19503", 0xc3}, {&(0x7f0000001bc0)="6caa7a06b0f40a22e3a9cb123f803e7e25c02722df139add75cfbc4461361331e13b14468144d5644a55bc570a8ae95c7b596989a873e99fa7471d638cb4d9f6d60c28b7ba65a86d564fa6da0e8e74ed5abc77c81811a7a8e76a4fc55e6ff02d272ca6e27a7377dab1ed", 0x6a}, {&(0x7f0000001c40)="a1d9d3dae43718d5afc328fe88e2551927b70781abb8fa997c75253f237b032594ab96776c3dd460e904f6bae93e39737c881ee8d4887bf5ebd8833a92f44fc9820b68d84341a61519ea4a60652b559afe567c615ace3177fe8928efd5f70f700eb170846e8e11d5eb73df4e64bd3c7adfd67b7c489dd15c73ac6ba338a7cfc48b52c16546715cb5af0ed161d74c6437d9176d79cbe9f90e833275bac76506d00da36209ea61a56572952f23b75023b8b252bf2e9bf3677a29f21adc493935cc1f9082781ceb1a2e0e7336", 0xcb}], 0x5, &(0x7f0000001e00)=[@rights={{0x18, 0x1, 0x1, [r2, r3]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0x70, 0x24008000}}, {{&(0x7f0000001e80)=@abs={0x0, 0x0, 0x4e21}, 0x6e, &(0x7f000000b680)=[{&(0x7f0000001f00)="5dc05127aef4e1f8b2b5a452b819f37282f2c7af07049896ce2d8ab574e1b0e7c2d80abb68ac3b4484d289e956fe92b517cf82267d24618dc00d884aa18816794f9861e6e56cbbed3474ad27057728a1fc8d6bb328a304f26bf978c149d37e9aa5a677fb26d62985a0911c4bdc98846f321a63c8518aaed64874441c2794", 0x7e}, {&(0x7f000000b400)="23785e9ad3e659f691f75a252c3fccbd368f48d3928ab546d8f15966d293ab3f78e915bf92790f2d089aa7a77f601716248d04a0ce940beb45a1e8bc17b9f874ca8c82f3495975bb28fe6133ebd8b9cc212b174841aa9b08c5b44f95d08f045b8f328acecdb1249ff057b429a55df08e1031365ac91a69dc33c16c0399ad1dc3d554901049db4a85f923e1624ca83c97857758a859addc912f2aca92db95f697179e5e2673426cf6b831806f5e20e95a3e6128a33d34b73a70aa0c24e9f2e27e9adaeafec16508a2daf7d3aa07b36c144eeedd473f", 0xd5}, {&(0x7f0000001f80)="32fed516db6e37110b3fdb38963216c7566d570fad91bb15847df3776f74fae1133e87ef14405333bd6d242d98fb0b8bf883167dffe0038dae3be6d765bce0687ac46c15ec91459ccadaf252bef4301bb86d217c1d23b663f2cba9445a85e18a57fab484", 0x64}, {&(0x7f000000b500)="e436b5107cbcb9af39f9b8d894c1d16f9e2bd955deae997c9415e2f3ef6ba5f87cab881227f7d78e823f48de172ed187aff32905dcbb1ba62569220758fc5a4b6961cec4b61e331a3560a68269a503eebfe94d4380fc5b905f4685c79db78d158db9f6acda8ca70de8736eacb3bb2996b4348baf9882fa201c02fa6c8f9a8dc12a6370fe9c2a9ff400cbc256bd21e0265d3bd13f8e", 0x95}, {&(0x7f000000b5c0)="685c3ebb989185112c65759cd22938eda20985b6ef094df12ad8bb46e0d02d0143520ce238c09454941f3fe69fb3b3f8cd6bfc948682ca5723b6e3eb498f25bc181342249e9379309bef9520529252f05515a1cae43e8d8ed3077e029556b05f2a937ab6f5fbb8c85ddbedf2806ddf2573a6a2d74d085feaaf47fe079a2b9202237e15e06c3317a69217897328c5088f0e8b70081f2e37622f0cf35ca4b2ad1d667399aeb1aad910009908e89756", 0xae}], 0x5, &(0x7f000000b980)=[@rights={{0x34, 0x1, 0x1, [r1, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r2, 0xffffffffffffffff, r1, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff}}}, @cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, r3]}}], 0xb8, 0x4881}}], 0x3, 0x8000)
symlinkat(&(0x7f0000003040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000002040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00')
memfd_create(0x0, 0x0)
r4 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f0000000540), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000004980)=[{{0x0, 0x0, 0x0}}], 0x1, 0x20008000)
r6 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r6, 0x4008af00, &(0x7f0000000940)=0x200000000)

0s ago: executing program 1 (id=1064):
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x2)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r2)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000005840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=@newqdisc={0x48, 0x24, 0x5820a61ca228651, 0x0, 0x2, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0x1}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x7fffffff, 0x1}}]}}]}, 0x48}}, 0x8d0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=@newtfilter={0x24, 0x28, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x8}, {0xfff2}, {0xfff1, 0x10}}, [@filter_kind_options=@f_bpf={{0x8}, {0x108, 0x2, [@TCA_BPF_ACT={0x104, 0x1, [@m_ctinfo={0x100, 0x13, 0x0, 0x0, {{0xb}, {0x4}, {0xd1, 0x6, "a0773f2bb49483a66924317d3b4b588c7981f0c577e78b34b033d53c664d7d5adcd0a977eb1d127ae75aca24bbcec1a2f6d11f7507733a6410d1fb177adcbb9264d3675c55fb051448096a40717113285248b37b3e771781660545032fd181c60c30c760d2ab0d4ae183aef4ff4dbaf779ff7aed43a23c6a5146637cb0966b37936580f1c2459e480c7cd54f1accdb5905e0fbce30cc11d07c4dc542965f788bcb24b46bd76645a41fc53b80f074c17aec055ab44ccebe8c1425fe66385998ed7963651982992e2b2bcaed4288"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x2}}}}]}]}}]}, 0x134}, 0x1, 0x0, 0x0, 0x20044001}, 0x0)

kernel console output (not intermixed with test programs):

 config 0 has 1 interface, different from the descriptor's value: 0
[  577.310536][ T5954] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 246, using maximum allowed: 30
[  577.321639][ T5954] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 is Bulk; changing to Interrupt
[  577.334980][ T5954] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 246
[  577.355967][ T5954] usb 4-1: string descriptor 0 read error: -22
[  577.363608][ T5954] usb 4-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de
[  577.373384][ T5954] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  577.383822][ T5954] usb 4-1: config 0 descriptor??
[  577.391039][T10449] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  577.482579][ T5954] hub 4-1:0.0: bad descriptor, ignoring hub
[  577.505176][ T5954] hub 4-1:0.0: probe with driver hub failed with error -5
[  577.610229][ T5954] input: USB Acecad 302 Tablet 0460:0008 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input29
[  577.645142][   T30] audit: type=1400 audit(1757287839.740:430): avc:  denied  { setopt } for  pid=10450 comm="syz.2.654" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  579.084924][T10514] MTD: Attempt to mount non-MTD device "/dev/loop4"
[  579.094425][T10514] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  579.272786][    C0] wlan1: beacon TX faster than countdown (channel/color switch) completion
[  579.654250][T10510] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  579.660456][T10510] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  579.669934][T10510] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  579.687937][T10510] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  579.780305][T10510] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  580.008119][ T6005] usb 4-1: USB disconnect, device number 17
[  580.537264][   T13] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  580.749774][   T13] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  580.929371][   T13] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  581.141314][   T13] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  581.423749][ T5172] Bluetooth: hci1: command 0x0c1a tx timeout
[  581.733181][ T5889] Bluetooth: hci2: command 0x0401 tx timeout
[  581.739253][ T5172] Bluetooth: hci4: command 0x0c1a tx timeout
[  581.813024][ T5172] Bluetooth: hci5: command 0x040f tx timeout
[  582.280614][ T5889] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  582.291738][ T5889] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  582.303586][ T5889] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  582.312778][ T5889] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  582.321551][ T5889] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  583.296959][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  583.312725][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  583.325046][   T13] bond0 (unregistering): Released all slaves
[  583.732785][T10673] hub 9-0:1.0: USB hub found
[  583.739423][T10673] hub 9-0:1.0: 1 port detected
[  584.375176][T10694] syzkaller1: tun_chr_ioctl cmd 1074025677
[  584.381388][T10694] syzkaller1: linktype set to 776
[  584.392861][ T5889] Bluetooth: hci3: command tx timeout
[  584.435483][T10714] No source specified
[  585.006470][   T30] audit: type=1400 audit(1757287847.103:431): avc:  denied  { connect } for  pid=10721 comm="syz.1.676" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  585.106231][   T30] audit: type=1400 audit(1757287847.163:432): avc:  denied  { bind } for  pid=10721 comm="syz.1.676" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  585.156513][   T30] audit: type=1400 audit(1757287847.163:433): avc:  denied  { listen } for  pid=10721 comm="syz.1.676" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  585.217908][   T30] audit: type=1400 audit(1757287847.163:434): avc:  denied  { accept } for  pid=10721 comm="syz.1.676" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  585.259245][   T13] hsr_slave_0: left promiscuous mode
[  585.272027][   T13] hsr_slave_1: left promiscuous mode
[  585.278732][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  585.286607][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  585.309742][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  585.338637][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  585.420639][   T13] veth1_macvtap: left promiscuous mode
[  585.434458][   T13] veth0_macvtap: left promiscuous mode
[  585.448484][   T13] veth1_vlan: left promiscuous mode
[  585.463727][   T13] veth0_vlan: left promiscuous mode
[  585.834017][T10753] FAULT_INJECTION: forcing a failure.
[  585.834017][T10753] name failslab, interval 1, probability 0, space 0, times 0
[  585.846789][T10753] CPU: 1 UID: 0 PID: 10753 Comm: syz.4.678 Not tainted syzkaller #0 PREEMPT(full) 
[  585.846812][T10753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  585.846822][T10753] Call Trace:
[  585.846828][T10753]  <TASK>
[  585.846835][T10753]  dump_stack_lvl+0x16c/0x1f0
[  585.846861][T10753]  should_fail_ex+0x512/0x640
[  585.846881][T10753]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  585.846902][T10753]  should_failslab+0xc2/0x120
[  585.846917][T10753]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  585.846931][T10753]  ? __alloc_skb+0x2b2/0x380
[  585.846950][T10753]  __alloc_skb+0x2b2/0x380
[  585.846964][T10753]  ? __pfx___alloc_skb+0x10/0x10
[  585.846981][T10753]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  585.847002][T10753]  netlink_alloc_large_skb+0x69/0x130
[  585.847021][T10753]  netlink_sendmsg+0x6a1/0xdd0
[  585.847041][T10753]  ? __pfx_netlink_sendmsg+0x10/0x10
[  585.847065][T10753]  ____sys_sendmsg+0xa98/0xc70
[  585.847086][T10753]  ? copy_msghdr_from_user+0x10a/0x160
[  585.847102][T10753]  ? __pfx_____sys_sendmsg+0x10/0x10
[  585.847130][T10753]  ___sys_sendmsg+0x134/0x1d0
[  585.847147][T10753]  ? __pfx____sys_sendmsg+0x10/0x10
[  585.847187][T10753]  __sys_sendmsg+0x16d/0x220
[  585.847203][T10753]  ? __pfx___sys_sendmsg+0x10/0x10
[  585.847239][T10753]  do_syscall_64+0xcd/0x4c0
[  585.847257][T10753]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  585.847271][T10753] RIP: 0033:0x7f5f5258ebe9
[  585.847282][T10753] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  585.847295][T10753] RSP: 002b:00007f5f533a1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  585.847308][T10753] RAX: ffffffffffffffda RBX: 00007f5f527c6180 RCX: 00007f5f5258ebe9
[  585.847317][T10753] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000006
[  585.847325][T10753] RBP: 00007f5f533a1090 R08: 0000000000000000 R09: 0000000000000000
[  585.847333][T10753] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  585.847340][T10753] R13: 00007f5f527c6218 R14: 00007f5f527c6180 R15: 00007ffd6f0d7a08
[  585.847359][T10753]  </TASK>
[  586.357571][   T13] pim6reg (unregistering): left allmulticast mode
[  586.455837][ T5889] Bluetooth: hci3: command tx timeout
[  587.629447][   T13] team0 (unregistering): Port device team_slave_1 removed
[  587.674745][   T13] team0 (unregistering): Port device team_slave_0 removed
[  588.533857][ T5889] Bluetooth: hci3: command tx timeout
[  588.888498][T10644] chnl_net:caif_netlink_parms(): no params data found
[  589.073793][ T6014] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  589.265203][ T6014] usb 6-1: Using ep0 maxpacket: 32
[  589.281024][ T6014] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  589.348000][T10904] No source specified
[  589.729701][ T6014] usb 6-1: New USB device found, idVendor=9022, idProduct=d662, bcdDevice=b3.0e
[  589.747361][ T6014] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  589.761819][ T6014] usb 6-1: config 0 descriptor??
[  589.776027][ T6014] dvb-usb: found a 'TeVii S662' in warm state.
[  589.792060][   T30] audit: type=1400 audit(1757287851.896:435): avc:  denied  { name_connect } for  pid=10870 comm="syz.1.685" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=sctp_socket permissive=1
[  589.869653][ T6014] dw2102: su3000_power_ctrl: 1, initialized 0
[  589.894399][   T30] audit: type=1400 audit(1757287851.966:436): avc:  denied  { listen } for  pid=10870 comm="syz.1.685" lport=58364 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  589.901098][ T6014] dvb-usb: bulk message failed: -22 (2/0)
[  589.937515][   T30] audit: type=1400 audit(1757287852.036:437): avc:  denied  { accept } for  pid=10870 comm="syz.1.685" lport=58364 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  590.464633][ T6014] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  590.646387][ T5889] Bluetooth: hci3: command tx timeout
[  590.697966][ T6014] dvbdev: DVB: registering new adapter (TeVii S662)
[  590.718648][ T6014] usb 6-1: media controller created
[  590.723893][ T6014] dvb-usb: bulk message failed: -22 (6/0)
[  590.729780][ T6014] dw2102: i2c transfer failed.
[  590.734783][ T6014] dvb-usb: bulk message failed: -22 (6/0)
[  590.744389][ T6014] dw2102: i2c transfer failed.
[  590.749364][ T6014] dvb-usb: bulk message failed: -22 (6/0)
[  590.978396][ T6014] dw2102: i2c transfer failed.
[  590.983215][ T6014] dvb-usb: bulk message failed: -22 (6/0)
[  591.045335][ T6014] dw2102: i2c transfer failed.
[  591.062570][ T6014] dvb-usb: bulk message failed: -22 (6/0)
[  591.074813][T10644] bridge0: port 1(bridge_slave_0) entered blocking state
[  591.083884][ T6014] dw2102: i2c transfer failed.
[  591.158413][ T6014] dvb-usb: bulk message failed: -22 (6/0)
[  591.168433][T10644] bridge0: port 1(bridge_slave_0) entered disabled state
[  591.188734][ T6014] dw2102: i2c transfer failed.
[  591.215087][T10644] bridge_slave_0: entered allmulticast mode
[  591.221364][ T6014] dvb-usb: MAC address: 02:02:02:02:02:02
[  591.239991][T10644] bridge_slave_0: entered promiscuous mode
[  591.266806][   T13] IPVS: stop unused estimator thread 0...
[  591.275724][T10644] bridge0: port 2(bridge_slave_1) entered blocking state
[  591.284012][ T6014] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  591.292785][T10644] bridge0: port 2(bridge_slave_1) entered disabled state
[  591.448836][T10644] bridge_slave_1: entered allmulticast mode
[  591.546890][T10973] MTD: Attempt to mount non-MTD device "/dev/loop5"
[  591.555224][T10973] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  591.614994][ T6014] dvb-usb: bulk message failed: -22 (3/0)
[  591.865194][T10644] bridge_slave_1: entered promiscuous mode
[  591.899250][ T6014] dw2102: command 0x0e transfer failed.
[  591.905074][ T6014] dvb-usb: bulk message failed: -22 (3/0)
[  591.911332][ T6014] dw2102: command 0x0e transfer failed.
[  592.036534][T10966] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  592.059305][T10966] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  592.068423][T10966] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  592.094331][T10644] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  592.115663][T10966] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  592.168061][T10966] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  592.342597][T10966] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  592.381420][T10644] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  592.454765][T10966] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  592.623905][ T6014] dvb-usb: bulk message failed: -22 (3/0)
[  592.984027][ T6014] dw2102: command 0x0e transfer failed.
[  592.991824][ T6014] dvb-usb: bulk message failed: -22 (3/0)
[  592.998049][ T6014] dw2102: command 0x0e transfer failed.
[  593.003694][ T6014] dvb-usb: bulk message failed: -22 (1/0)
[  593.010578][ T6014] dw2102: command 0x51 transfer failed.
[  593.016788][ T6014] dvb-usb: bulk message failed: -22 (5/0)
[  593.027370][ T6014] dw2102: i2c probe for address 0x68 failed.
[  593.033360][ T6014] dvb-usb: bulk message failed: -22 (5/0)
[  593.039123][ T6014] dw2102: i2c probe for address 0x69 failed.
[  593.046016][ T6014] dvb-usb: bulk message failed: -22 (5/0)
[  593.051814][ T6014] dw2102: i2c probe for address 0x6a failed.
[  593.060980][ T6014] dw2102: probing for demodulator failed. Is the external power switched on?
[  593.060986][ T5954] usb 4-1: new low-speed USB device number 18 using dummy_hcd
[  593.069766][ T6014] dvb-usb: no frontend was attached by 'TeVii S662'
[  593.296664][T10644] team0: Port device team_slave_0 added
[  593.399950][T10644] team0: Port device team_slave_1 added
[  593.415475][ T5954] usb 4-1: config index 0 descriptor too short (expected 1307, got 27)
[  593.425652][ T5954] usb 4-1: config 0 has an invalid interface number: 0 but max is -1
[  593.437169][ T6014] rc_core: IR keymap rc-tt-1500 not found
[  593.507287][ T5954] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 0
[  593.656485][ T5954] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 246, using maximum allowed: 30
[  593.673746][ T6014] Registered IR keymap rc-empty
[  593.711276][T10644] batman_adv: batadv0: Adding interface: batadv_slave_0
[  593.722795][T10644] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  593.733748][ T6014] rc rc0: TeVii S662 as /devices/platform/dummy_hcd.5/usb6/6-1/rc/rc0
[  593.748726][    C0] vkms_vblank_simulate: vblank timer overrun
[  593.754287][ T5954] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 is Bulk; changing to Interrupt
[  593.823439][ T5954] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 246
[  593.848456][T10644] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  593.883826][ T6014] input: TeVii S662 as /devices/platform/dummy_hcd.5/usb6/6-1/rc/rc0/input30
[  593.900696][ T6014] dvb-usb: schedule remote query interval to 250 msecs.
[  593.911930][ T5954] usb 4-1: string descriptor 0 read error: -22
[  593.919187][ T5954] usb 4-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de
[  593.921838][ T6014] dw2102: su3000_power_ctrl: 0, initialized 1
[  593.929273][T10644] batman_adv: batadv0: Adding interface: batadv_slave_1
[  593.951799][ T5954] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  594.017070][ T5889] Bluetooth: hci1: command 0x0c1a tx timeout
[  594.045750][ T6014] dvb-usb: TeVii S662 successfully initialized and connected.
[  594.059939][ T6014] usb 6-1: USB disconnect, device number 3
[  594.073842][T10644] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  594.099781][    C0] vkms_vblank_simulate: vblank timer overrun
[  594.106073][ T5954] usb 4-1: config 0 descriptor??
[  594.174250][T10977] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  594.181899][ T5889] Bluetooth: hci5: command 0x040f tx timeout
[  594.188962][ T5954] hub 4-1:0.0: bad descriptor, ignoring hub
[  594.192768][ T5172] Bluetooth: hci4: command 0x0c1a tx timeout
[  594.194920][ T5954] hub 4-1:0.0: probe with driver hub failed with error -5
[  594.208669][ T5889] Bluetooth: hci2: command 0x0401 tx timeout
[  594.214824][T10644] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  594.228748][ T5889] Bluetooth: hci3: command 0x0c1a tx timeout
[  594.253606][ T5954] input: USB Acecad 302 Tablet 0460:0008 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input31
[  594.619960][ T6014] dvb-usb: TeVii S662 successfully deinitialized and disconnected.
[  594.653069][T10644] hsr_slave_0: entered promiscuous mode
[  594.671549][T10644] hsr_slave_1: entered promiscuous mode
[  594.687577][T10644] debugfs: 'hsr0' already exists in 'hsr'
[  594.708745][T10644] Cannot create hsr debugfs directory
[  595.153390][ T6005] usb 4-1: USB disconnect, device number 18
[  595.211593][   T30] audit: type=1400 audit(1757287857.298:438): avc:  denied  { read write } for  pid=11180 comm="syz.1.695" name="uhid" dev="devtmpfs" ino=1273 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  595.390061][   T30] audit: type=1400 audit(1757287857.298:439): avc:  denied  { open } for  pid=11180 comm="syz.1.695" path="/dev/uhid" dev="devtmpfs" ino=1273 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  595.413398][    C0] vkms_vblank_simulate: vblank timer overrun
[  595.527940][T11217] No source specified
[  596.049797][T10644] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  596.079749][T10644] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  596.214414][T10644] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  596.286685][ T5889] Bluetooth: hci3: command 0x0c1a tx timeout
[  596.546626][ T6014] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  596.669953][T10644] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  596.786040][ T6014] usb 4-1: device descriptor read/64, error -71
[  597.065382][ T6014] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  597.365412][ T6014] usb 4-1: device descriptor read/64, error -71
[  597.490535][ T6014] usb usb4-port1: attempt power cycle
[  597.857165][ T6014] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  598.123070][T11310] netlink: 56 bytes leftover after parsing attributes in process `syz.1.701'.
[  598.355283][ T6014] usb 4-1: device descriptor read/8, error -71
[  598.375076][ T5889] Bluetooth: hci3: command 0x0c1a tx timeout
[  598.568457][T10644] 8021q: adding VLAN 0 to HW filter on device bond0
[  598.653727][T11323] netlink: 'syz.4.703': attribute type 4 has an invalid length.
[  598.661538][T11323] netlink: 17 bytes leftover after parsing attributes in process `syz.4.703'.
[  598.673752][ T6014] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  599.013880][T10644] 8021q: adding VLAN 0 to HW filter on device team0
[  599.030223][T11318] netlink: 48 bytes leftover after parsing attributes in process `syz.5.702'.
[  599.101118][   T30] audit: type=1400 audit(1757287861.140:440): avc:  denied  { nlmsg_read } for  pid=11307 comm="syz.5.702" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  599.150204][ T5914] bridge0: port 1(bridge_slave_0) entered blocking state
[  599.157386][ T5914] bridge0: port 1(bridge_slave_0) entered forwarding state
[  599.214465][ T6014] usb 4-1: device descriptor read/8, error -71
[  599.240938][T10582] bridge0: port 2(bridge_slave_1) entered blocking state
[  599.248080][T10582] bridge0: port 2(bridge_slave_1) entered forwarding state
[  599.386424][ T6014] usb usb4-port1: unable to enumerate USB device
[  599.662041][T11345] netlink: 'syz.1.704': attribute type 4 has an invalid length.
[  599.669864][T11345] netlink: 17 bytes leftover after parsing attributes in process `syz.1.704'.
[  599.954174][ T5976] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  600.215683][ T5976] usb 5-1: New USB device found, idVendor=2c42, idProduct=1709, bcdDevice=ca.b7
[  600.235168][ T5976] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  600.244620][ T5976] usb 5-1: Product: syz
[  600.249631][ T5976] usb 5-1: Manufacturer: syz
[  600.259753][ T5976] usb 5-1: SerialNumber: syz
[  600.274383][ T5976] usb 5-1: config 0 descriptor??
[  600.511628][T11357] No source specified
[  601.747295][T10644] 8021q: adding VLAN 0 to HW filter on device batadv0
[  602.878444][ T5976] usb 5-1: f81604_write: reg: 105 data: 0 failed: -EPROTO
[  602.885962][ T5976] f81604 5-1:0.0: Setting termination of CH#1 failed: -EPROTO
[  602.918014][ T5976] f81604 5-1:0.0: probe with driver f81604 failed with error -71
[  602.962010][ T5976] usb 5-1: USB disconnect, device number 24
[  603.552214][ T5954] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  603.615275][T10644] veth0_vlan: entered promiscuous mode
[  603.689898][T11419] netlink: 56 bytes leftover after parsing attributes in process `syz.5.712'.
[  604.110843][T10644] veth1_vlan: entered promiscuous mode
[  604.142215][ T5954] usb 2-1: Using ep0 maxpacket: 32
[  604.150217][ T5954] usb 2-1: unable to get BOS descriptor or descriptor too short
[  604.160603][ T5954] usb 2-1: config 7 has an invalid interface number: 128 but max is 0
[  604.160689][T10644] veth0_macvtap: entered promiscuous mode
[  604.170671][ T5954] usb 2-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config
[  604.189328][ T5954] usb 2-1: config 7 has no interface number 0
[  604.195621][    T9] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  604.203044][T10644] veth1_macvtap: entered promiscuous mode
[  604.209024][ T5954] usb 2-1: config 7 interface 128 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 6
[  604.229476][T10644] batman_adv: batadv0: Interface activated: batadv_slave_0
[  604.233792][ T5954] usb 2-1: config 7 interface 128 has no altsetting 0
[  604.244479][T10644] batman_adv: batadv0: Interface activated: batadv_slave_1
[  604.260232][ T6711] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  604.269745][ T6711] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  604.273100][ T5954] usb 2-1: New USB device found, idVendor=6033, idProduct=4108, bcdDevice=cc.13
[  604.282471][ T6711] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  604.288358][ T5954] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  604.305754][ T5954] usb 2-1: Product: syz
[  604.308060][ T6711] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  604.319098][ T5954] usb 2-1: Manufacturer: syz
[  604.324138][ T5954] usb 2-1: SerialNumber: syz
[  604.406440][    T9] usb 4-1: config 0 has no interfaces?
[  604.414716][    T9] usb 4-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  604.425609][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  604.437480][    T9] usb 4-1: Product: syz
[  604.443601][    T9] usb 4-1: Manufacturer: syz
[  604.448370][    T9] usb 4-1: SerialNumber: syz
[  604.486216][    T9] usb 4-1: config 0 descriptor??
[  604.644322][ T6722] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  604.657246][ T6722] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  604.688208][T10541] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  605.045058][T10541] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  605.235784][   T30] audit: type=1400 audit(1757287867.353:441): avc:  denied  { write } for  pid=11452 comm="syz.4.716" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  605.293266][    T9] usb 4-1: USB disconnect, device number 23
[  606.650559][T11481] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  606.893926][ T5954] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  606.901129][ T5954] usb 2-1: MIDIStreaming interface descriptor not found
[  607.015903][ T5954] usb 2-1: USB disconnect, device number 21
[  607.295409][T11508] netlink: 24 bytes leftover after parsing attributes in process `syz.3.721'.
[  607.299543][ T6691] block nbd0: Possible stuck request ffff888026cd71c0: control (read@0,1024B). Runtime 120 seconds
[  607.315512][ T6691] block nbd0: Possible stuck request ffff888026cd7380: control (read@1024,1024B). Runtime 120 seconds
[  607.393116][T11516] netlink: 'syz.1.720': attribute type 4 has an invalid length.
[  607.401112][T11516] netlink: 17 bytes leftover after parsing attributes in process `syz.1.720'.
[  607.733512][ T6691] block nbd0: Possible stuck request ffff888026cd7540: control (read@2048,1024B). Runtime 120 seconds
[  607.744562][ T6691] block nbd0: Possible stuck request ffff888026cd7700: control (read@3072,1024B). Runtime 120 seconds
[  608.220079][ T5976] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  608.280593][T11538] netlink: 56 bytes leftover after parsing attributes in process `syz.1.724'.
[  608.770987][ T5976] usb 4-1: Using ep0 maxpacket: 16
[  608.788659][ T5976] usb 4-1: config 0 has an invalid interface number: 232 but max is 0
[  608.841531][ T5976] usb 4-1: config 0 has no interface number 0
[  608.872296][ T5976] usb 4-1: config 0 interface 232 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  608.922200][ T5976] usb 4-1: config 0 interface 232 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  609.019670][ T5976] usb 4-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00
[  609.041049][ T5976] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  609.413457][ T5976] usb 4-1: config 0 descriptor??
[  609.864998][T11579] netlink: 'syz.1.729': attribute type 4 has an invalid length.
[  609.931688][   T30] audit: type=1400 audit(1757287872.046:442): avc:  denied  { read } for  pid=11549 comm="syz.4.725" path="socket:[22524]" dev="sockfs" ino=22524 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  609.969776][T11585] netlink: 'syz.1.729': attribute type 4 has an invalid length.
[  610.737304][T11607] FAULT_INJECTION: forcing a failure.
[  610.737304][T11607] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  610.786242][ T6020] hid-generic 0004:00FF:FFFFFFFF.000E: unknown main item tag 0x0
[  610.798088][T11607] CPU: 1 UID: 0 PID: 11607 Comm: syz.4.732 Not tainted syzkaller #0 PREEMPT(full) 
[  610.798114][T11607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  610.798122][T11607] Call Trace:
[  610.798128][T11607]  <TASK>
[  610.798134][T11607]  dump_stack_lvl+0x16c/0x1f0
[  610.798162][T11607]  should_fail_ex+0x512/0x640
[  610.798188][T11607]  _copy_to_user+0x32/0xd0
[  610.798215][T11607]  simple_read_from_buffer+0xcb/0x170
[  610.798235][T11607]  proc_fail_nth_read+0x197/0x240
[  610.798257][T11607]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  610.798278][T11607]  ? rw_verify_area+0xcf/0x6c0
[  610.798304][T11607]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  610.798323][T11607]  vfs_read+0x1e1/0xcf0
[  610.798343][T11607]  ? __pfx___mutex_lock+0x10/0x10
[  610.798366][T11607]  ? __pfx_vfs_read+0x10/0x10
[  610.798393][T11607]  ? __fget_files+0x20e/0x3c0
[  610.798416][T11607]  ksys_read+0x12a/0x250
[  610.798432][T11607]  ? __pfx_ksys_read+0x10/0x10
[  610.798455][T11607]  do_syscall_64+0xcd/0x4c0
[  610.798477][T11607]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  610.798493][T11607] RIP: 0033:0x7f5f5258d5fc
[  610.798507][T11607] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  610.798524][T11607] RSP: 002b:00007f5f533e3030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  610.798541][T11607] RAX: ffffffffffffffda RBX: 00007f5f527c5fa0 RCX: 00007f5f5258d5fc
[  610.798552][T11607] RDX: 000000000000000f RSI: 00007f5f533e30a0 RDI: 0000000000000005
[  610.798562][T11607] RBP: 00007f5f533e3090 R08: 0000000000000000 R09: 0000000000000000
[  610.798572][T11607] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  610.798581][T11607] R13: 00007f5f527c6038 R14: 00007f5f527c5fa0 R15: 00007ffd6f0d7a08
[  610.798605][T11607]  </TASK>
[  610.815187][ T6020] hid-generic 0004:00FF:FFFFFFFF.000E: unknown main item tag 0x0
[  610.865817][   T30] audit: type=1400 audit(1757287872.976:443): avc:  denied  { ioctl } for  pid=11616 comm="syz.5.733" path="socket:[23131]" dev="sockfs" ino=23131 ioctlcmd=0x89f0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  610.903036][ T6020] hid-generic 0004:00FF:FFFFFFFF.000E: unknown main item tag 0x0
[  610.903064][ T6020] hid-generic 0004:00FF:FFFFFFFF.000E: unknown main item tag 0x0
[  610.903083][ T6020] hid-generic 0004:00FF:FFFFFFFF.000E: unknown main item tag 0x0
[  610.903101][ T6020] hid-generic 0004:00FF:FFFFFFFF.000E: unknown main item tag 0x0
[  610.903121][ T6020] hid-generic 0004:00FF:FFFFFFFF.000E: unknown main item tag 0x0
[  610.903140][ T6020] hid-generic 0004:00FF:FFFFFFFF.000E: unknown main item tag 0x0
[  610.903161][ T6020] hid-generic 0004:00FF:FFFFFFFF.000E: unknown main item tag 0x0
[  610.903182][ T6020] hid-generic 0004:00FF:FFFFFFFF.000E: unknown main item tag 0x0
[  611.077232][ T6020] hid-generic 0004:00FF:FFFFFFFF.000E: hidraw0: <UNKNOWN> HID v4.00 Device [syz1] on syz1
[  611.243274][   T30] audit: type=1400 audit(1757287873.316:444): avc:  denied  { ioctl } for  pid=11608 comm="syz.6.731" path="/dev/uhid" dev="devtmpfs" ino=1273 ioctlcmd=0x9375 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  611.276866][T11629] tipc: Invalid UDP bearer configuration
[  611.276911][T11629] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[  611.300825][T11629] netlink: 8 bytes leftover after parsing attributes in process `syz.4.735'.
[  611.321231][T11629] netlink: 24 bytes leftover after parsing attributes in process `syz.4.735'.
[  611.388280][ T5889] Bluetooth: hci5: unexpected event for opcode 0x201c
[  611.411570][   T30] audit: type=1400 audit(1757287873.356:445): avc:  denied  { create } for  pid=11608 comm="syz.6.731" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_nflog_socket permissive=1
[  611.536493][   T30] audit: type=1400 audit(1757287873.646:446): avc:  denied  { unmount } for  pid=9334 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  611.898269][ T5976] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  612.253350][ T5976] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  612.274862][ T5976] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  612.337082][ T5976] usb 2-1: config 1 has no interface number 1
[  612.369727][ T5976] usb 2-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0
[  612.520305][ T5976] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x6 has invalid wMaxPacketSize 0
[  612.551672][ T5976] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  612.561528][ T5976] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  612.571061][ T5976] usb 2-1: Product: syz
[  612.579759][ T5976] usb 2-1: Manufacturer: syz
[  612.591001][ T5976] usb 2-1: SerialNumber: syz
[  612.620967][T11638] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  612.710565][ T5954] usb 4-1: USB disconnect, device number 24
[  613.379379][ T5954] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  613.394595][ T5976] usb 2-1: USB disconnect, device number 22
[  613.641566][ T5954] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  613.657974][ T5954] usb 7-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  613.671982][ T5954] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  613.687671][ T5954] usb 7-1: config 0 descriptor??
[  613.698473][ T5954] pwc: Askey VC010 type 2 USB webcam detected.
[  613.987340][   T30] audit: type=1400 audit(1757287876.098:447): avc:  denied  { write } for  pid=11749 comm="syz.4.745" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  614.135155][T11759] netlink: 4 bytes leftover after parsing attributes in process `syz.1.746'.
[  614.364380][ T5954] pwc: recv_control_msg error -32 req 02 val 2b00
[  616.255500][ T5954] pwc: recv_control_msg error -71 req 02 val 2700
[  616.296347][ T5954] pwc: recv_control_msg error -71 req 02 val 2c00
[  616.317490][ T5954] pwc: recv_control_msg error -71 req 04 val 1000
[  616.335081][ T5954] pwc: recv_control_msg error -71 req 04 val 1300
[  616.452842][ T5954] pwc: recv_control_msg error -71 req 04 val 1400
[  616.463872][ T5954] pwc: recv_control_msg error -71 req 02 val 2000
[  616.483256][ T5954] pwc: recv_control_msg error -71 req 02 val 2100
[  616.493373][ T5954] pwc: recv_control_msg error -71 req 04 val 1500
[  616.663094][T11786] MTD: Attempt to mount non-MTD device "/dev/loop4"
[  616.665502][T11786] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  616.762316][T11788] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  616.765260][ T5954] pwc: recv_control_msg error -71 req 02 val 2500
[  616.766704][ T5954] pwc: recv_control_msg error -71 req 02 val 2400
[  616.768002][ T5954] pwc: recv_control_msg error -71 req 02 val 2600
[  616.769359][ T5954] pwc: recv_control_msg error -71 req 02 val 2900
[  616.771714][ T5954] pwc: recv_control_msg error -71 req 02 val 2800
[  616.774087][ T5954] pwc: recv_control_msg error -71 req 04 val 1100
[  616.776112][ T5954] pwc: recv_control_msg error -71 req 04 val 1200
[  617.031530][T11772] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  617.037037][T11772] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  617.037183][T11772] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  617.037314][T11772] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  617.037518][T11772] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  617.063833][ T5954] pwc: Registered as video103.
[  617.081386][ T5172] Bluetooth: hci1: unexpected event for opcode 0x201c
[  617.095063][ T5954] input: PWC snapshot button as /devices/platform/dummy_hcd.6/usb7/7-1/input/input32
[  617.936108][ T5954] usb 7-1: USB disconnect, device number 2
[  618.229147][T11836] smc: net device bond0 applied user defined pnetid SYZ0
[  618.793440][   T30] audit: type=1400 audit(1757287880.910:448): avc:  denied  { name_connect } for  pid=11825 comm="syz.4.755" dest=6 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=sctp_socket permissive=1
[  619.055928][   T30] audit: type=1400 audit(1757287881.180:449): avc:  denied  { setopt } for  pid=11859 comm="syz.1.758" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  619.077278][ T5172] Bluetooth: hci3: command 0x0c1a tx timeout
[  619.077294][ T5889] Bluetooth: hci5: command 0x040f tx timeout
[  619.083308][ T5172] Bluetooth: hci4: command 0x0c1a tx timeout
[  619.090157][ T5893] Bluetooth: hci2: command 0x0401 tx timeout
[  619.697143][ T5954] usb 6-1: new full-speed USB device number 4 using dummy_hcd
[  619.987041][T11881] syz_tun: entered allmulticast mode
[  619.996492][ T5954] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[  620.135714][ T5954] usb 6-1: config 0 has no interface number 0
[  620.142391][ T5954] usb 6-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  620.161879][T11893] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  620.252502][ T5954] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  620.478067][ T5954] usb 6-1: config 0 descriptor??
[  620.500926][T11881] bpq0: entered allmulticast mode
[  620.542751][ T5954] usb 6-1: selecting invalid altsetting 1
[  620.559021][   T30] audit: type=1400 audit(1757287882.681:450): avc:  denied  { create } for  pid=11877 comm="syz.4.761" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  620.567589][ T5954] dvb_ttusb_budget: ttusb_init_controller: error
[  620.591783][ T5954] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  620.610247][   T30] audit: type=1400 audit(1757287882.691:451): avc:  denied  { ioctl } for  pid=11877 comm="syz.4.761" path="socket:[23979]" dev="sockfs" ino=23979 ioctlcmd=0x890c scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  620.634854][    C1] vkms_vblank_simulate: vblank timer overrun
[  620.660914][   T30] audit: type=1400 audit(1757287882.771:452): avc:  denied  { listen } for  pid=11898 comm="syz.1.763" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  620.685504][   T30] audit: type=1400 audit(1757287882.781:453): avc:  denied  { accept } for  pid=11898 comm="syz.1.763" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  620.883591][ T5954] DVB: Unable to find symbol cx22700_attach()
[  621.382553][ T5954] DVB: Unable to find symbol tda10046_attach()
[  621.395214][ T5954] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  621.652380][   T30] audit: type=1400 audit(1757287883.692:454): avc:  denied  { create } for  pid=11906 comm="syz.3.765" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  621.701806][   T30] audit: type=1400 audit(1757287883.702:455): avc:  denied  { bind } for  pid=11906 comm="syz.3.765" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  622.037375][T11931] MTD: Attempt to mount non-MTD device "/dev/loop4"
[  622.046770][T11931] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  622.441563][ T5956] usb 6-1: USB disconnect, device number 4
[  622.579066][T11924] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  622.754057][T11924] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  622.899026][T11924] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  622.968271][T11924] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  622.977462][T11962] fuse: Bad value for 'fd'
[  623.047102][   T30] audit: type=1326 audit(1757287885.152:456): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11956 comm="syz.1.768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95a258ebe9 code=0x7ffc0000
[  623.219260][T11924] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  623.410589][   T30] audit: type=1326 audit(1757287885.162:457): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11956 comm="syz.1.768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f95a258ebe9 code=0x7ffc0000
[  623.917172][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  624.166639][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  624.431786][ T5889] Bluetooth: hci1: command 0x0c1a tx timeout
[  624.787800][T11994] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  624.891711][ T5889] Bluetooth: hci2: command 0x0401 tx timeout
[  625.161347][ T5889] Bluetooth: hci4: command 0x0c1a tx timeout
[  625.161433][ T5893] Bluetooth: hci5: command 0x040f tx timeout
[  625.233550][ T5893] Bluetooth: hci3: command 0x0c1a tx timeout
[  626.350778][    T9] usb 5-1: new full-speed USB device number 25 using dummy_hcd
[  626.510814][    T9] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  626.519183][    T9] usb 5-1: config 0 has no interface number 0
[  626.527733][    T9] usb 5-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  626.628193][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  626.665330][T12020] netlink: 12 bytes leftover after parsing attributes in process `syz.1.780'.
[  626.717617][    T9] usb 5-1: config 0 descriptor??
[  626.738886][    T9] usb 5-1: selecting invalid altsetting 1
[  626.822368][    T9] dvb_ttusb_budget: ttusb_init_controller: error
[  627.187011][    T9] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  627.709986][T12031] netdevsim netdevsim1 netdevsim0: entered promiscuous mode
[  628.052823][    T9] DVB: Unable to find symbol cx22700_attach()
[  628.122314][T12043] netlink: 52 bytes leftover after parsing attributes in process `syz.3.784'.
[  628.309854][T12043] netlink: 52 bytes leftover after parsing attributes in process `syz.3.784'.
[  628.413471][T12043] netlink: 52 bytes leftover after parsing attributes in process `syz.3.784'.
[  628.489425][T12050] netlink: 'syz.1.783': attribute type 4 has an invalid length.
[  628.497186][T12050] netlink: 17 bytes leftover after parsing attributes in process `syz.1.783'.
[  628.590305][    T9] DVB: Unable to find symbol tda10046_attach()
[  628.618406][    T9] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  628.856907][T12055] tmpfs: Bad value for 'grpquota_block_hardlimit'
[  628.881533][   T30] kauditd_printk_skb: 12 callbacks suppressed
[  628.881658][   T30] audit: type=1400 audit(1757287890.995:470): avc:  denied  { name_bind } for  pid=12054 comm="syz.3.785" src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1
[  628.979495][    T9] usb 5-1: USB disconnect, device number 25
[  629.690148][   T30] audit: type=1400 audit(1757287891.706:471): avc:  denied  { map } for  pid=12059 comm="syz.4.786" path="socket:[24752]" dev="sockfs" ino=24752 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1
[  629.723990][ T6719] Bluetooth: hci6: Frame reassembly failed (-84)
[  630.157242][T12087] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  631.478164][   T30] audit: type=1400 audit(1757287893.596:472): avc:  denied  { mount } for  pid=12118 comm="syz.1.796" name="/" dev="nfsd" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfsd_fs_t tclass=filesystem permissive=1
[  631.511624][T12124] FAULT_INJECTION: forcing a failure.
[  631.511624][T12124] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  631.524908][T12124] CPU: 1 UID: 0 PID: 12124 Comm: syz.6.798 Not tainted syzkaller #0 PREEMPT(full) 
[  631.524932][T12124] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  631.524943][T12124] Call Trace:
[  631.524949][T12124]  <TASK>
[  631.524955][T12124]  dump_stack_lvl+0x16c/0x1f0
[  631.524981][T12124]  should_fail_ex+0x512/0x640
[  631.525006][T12124]  _copy_from_user+0x2e/0xd0
[  631.525031][T12124]  copy_msghdr_from_user+0x98/0x160
[  631.525052][T12124]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  631.525085][T12124]  ___sys_sendmsg+0xfe/0x1d0
[  631.525107][T12124]  ? __pfx____sys_sendmsg+0x10/0x10
[  631.525158][T12124]  __sys_sendmsg+0x16d/0x220
[  631.525179][T12124]  ? __pfx___sys_sendmsg+0x10/0x10
[  631.525215][T12124]  do_syscall_64+0xcd/0x4c0
[  631.525240][T12124]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  631.525257][T12124] RIP: 0033:0x7f9a46d8ebe9
[  631.525271][T12124] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  631.525288][T12124] RSP: 002b:00007f9a47cb5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  631.525304][T12124] RAX: ffffffffffffffda RBX: 00007f9a46fc5fa0 RCX: 00007f9a46d8ebe9
[  631.525315][T12124] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003
[  631.525325][T12124] RBP: 00007f9a47cb5090 R08: 0000000000000000 R09: 0000000000000000
[  631.525335][T12124] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  631.525345][T12124] R13: 00007f9a46fc6038 R14: 00007f9a46fc5fa0 R15: 00007ffebc7c3e58
[  631.525368][T12124]  </TASK>
[  631.708265][ T5893] Bluetooth: hci6: Opcode 0x1003 failed: -110
[  631.708477][ T5172] Bluetooth: hci6: command 0x1003 tx timeout
[  632.881161][T12157] netlink: 12 bytes leftover after parsing attributes in process `syz.6.802'.
[  633.104062][T12161] netlink: 8 bytes leftover after parsing attributes in process `syz.6.804'.
[  633.212915][T12169] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12169 comm=syz.1.807
[  633.550859][T12182] MTD: Attempt to mount non-MTD device "/dev/loop5"
[  633.559851][T12182] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  633.876956][   T30] audit: type=1400 audit(1757287895.978:473): avc:  denied  { write } for  pid=12159 comm="syz.6.804" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1
[  634.072477][T12172] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  634.078635][T12172] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  634.088283][T12172] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  634.130778][T12172] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  634.138143][T12172] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  634.331426][T12186] block nbd4: Attempted send on invalid socket
[  634.347341][T12186] I/O error, dev nbd4, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  634.506626][ T5976] usb 2-1: new full-speed USB device number 23 using dummy_hcd
[  634.580351][T12186] block nbd4: Attempted send on invalid socket
[  634.593650][T12186] I/O error, dev nbd4, sector 256 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  634.667151][T12186] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256
[  634.857823][ T5976] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  634.904599][ T5976] usb 2-1: config 0 has no interface number 0
[  634.914834][T12186] block nbd4: Attempted send on invalid socket
[  634.921116][ T5976] usb 2-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  634.932494][T12186] I/O error, dev nbd4, sector 512 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  634.944347][T12186] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512
[  634.958043][ T5976] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  634.969102][T12186] block nbd4: Attempted send on invalid socket
[  634.986014][ T5976] usb 2-1: config 0 descriptor??
[  635.024445][T12186] I/O error, dev nbd4, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  635.049719][ T5976] usb 2-1: selecting invalid altsetting 1
[  635.079931][ T5976] dvb_ttusb_budget: ttusb_init_controller: error
[  635.103089][ T5976] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  635.126169][T12186] block nbd4: Attempted send on invalid socket
[  635.138918][T12186] I/O error, dev nbd4, sector 512 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  635.152347][T12195] kvm: vcpu 2: requested 128 ns lapic timer period limited to 200000 ns
[  635.176696][T12195] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  635.201957][T12186] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256
[  635.212500][T12186] block nbd4: Attempted send on invalid socket
[  635.219615][T12186] I/O error, dev nbd4, sector 1024 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  635.229650][T12186] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512
[  635.243511][T12186] block nbd4: Attempted send on invalid socket
[  635.250830][T12186] I/O error, dev nbd4, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  635.265861][T12186] block nbd4: Attempted send on invalid socket
[  635.296442][ T6020] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  635.396243][ T5893] Bluetooth: hci1: command 0x0c1a tx timeout
[  635.405266][ T5976] DVB: Unable to find symbol cx22700_attach()
[  635.890469][T12186] I/O error, dev nbd4, sector 1024 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  635.903325][ T5976] DVB: Unable to find symbol tda10046_attach()
[  635.912266][ T5976] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  635.921910][T12186] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256
[  635.946171][ T6020] usb 7-1: Using ep0 maxpacket: 32
[  635.955072][ T6020] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  635.956120][T12186] block nbd4: Attempted send on invalid socket
[  635.992915][T12186] I/O error, dev nbd4, sector 2048 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  635.995028][ T6020] usb 7-1: New USB device found, idVendor=9022, idProduct=d662, bcdDevice=b3.0e
[  636.023344][ T6020] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  636.049952][T12186] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512
[  636.065542][ T6020] usb 7-1: config 0 descriptor??
[  636.073511][ T6020] dvb-usb: found a 'TeVii S662' in warm state.
[  636.083975][ T6020] dw2102: su3000_power_ctrl: 1, initialized 0
[  636.091908][ T6020] dvb-usb: bulk message failed: -22 (2/0)
[  636.093171][T12186] block nbd4: Attempted send on invalid socket
[  636.110239][ T5893] Bluetooth: hci4: command 0x0c1a tx timeout
[  636.117115][T12186] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256
[  636.127199][ T5893] Bluetooth: hci2: command 0x0401 tx timeout
[  636.134073][T12186] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512
[  636.155896][T12186] UDF-fs: warning (device nbd4): udf_fill_super: No partition found (1)
[  636.175144][ T6020] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  636.186070][ T5172] Bluetooth: hci3: command 0x0c1a tx timeout
[  636.192175][ T5893] Bluetooth: hci5: command 0x040f tx timeout
[  636.251884][ T6020] dvbdev: DVB: registering new adapter (TeVii S662)
[  636.668700][ T6020] usb 7-1: media controller created
[  636.674087][ T6020] dvb-usb: bulk message failed: -22 (6/0)
[  637.072574][ T5947] usb 2-1: USB disconnect, device number 23
[  637.224068][ T6020] dw2102: i2c transfer failed.
[  637.245988][ T6020] dvb-usb: bulk message failed: -22 (6/0)
[  637.260964][T12234] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  637.278681][ T6020] dw2102: i2c transfer failed.
[  637.305762][ T6691] block nbd0: Possible stuck request ffff888026cd71c0: control (read@0,1024B). Runtime 150 seconds
[  637.321312][ T6020] dvb-usb: bulk message failed: -22 (6/0)
[  637.438079][T12259] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  637.735134][   T30] audit: type=1400 audit(1757287899.619:474): avc:  denied  { create } for  pid=12257 comm="syz.5.816" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  637.755363][ T6691] block nbd0: Possible stuck request ffff888026cd7380: control (read@1024,1024B). Runtime 150 seconds
[  637.766378][ T6691] block nbd0: Possible stuck request ffff888026cd7540: control (read@2048,1024B). Runtime 150 seconds
[  637.779960][ T6020] dw2102: i2c transfer failed.
[  637.784747][ T6020] dvb-usb: bulk message failed: -22 (6/0)
[  637.790736][ T6691] block nbd0: Possible stuck request ffff888026cd7700: control (read@3072,1024B). Runtime 150 seconds
[  637.802945][ T6020] dw2102: i2c transfer failed.
[  637.807894][ T6020] dvb-usb: bulk message failed: -22 (6/0)
[  637.815012][ T6020] dw2102: i2c transfer failed.
[  637.821023][ T6020] dvb-usb: bulk message failed: -22 (6/0)
[  637.825189][   T30] audit: type=1400 audit(1757287899.639:475): avc:  denied  { write } for  pid=12257 comm="syz.5.816" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  637.827258][ T6020] dw2102: i2c transfer failed.
[  637.847744][    C1] vkms_vblank_simulate: vblank timer overrun
[  637.873229][ T6020] dvb-usb: MAC address: 02:02:02:02:02:02
[  637.921422][   T30] audit: type=1400 audit(1757287899.649:476): avc:  denied  { nlmsg_write } for  pid=12257 comm="syz.5.816" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  638.037425][ T6020] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  638.092053][   T30] audit: type=1400 audit(1757287900.220:477): avc:  denied  { read } for  pid=12272 comm="syz.5.818" name="ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  638.114693][    C1] vkms_vblank_simulate: vblank timer overrun
[  638.358285][ T6020] dvb-usb: bulk message failed: -22 (3/0)
[  638.483040][ T6020] dw2102: command 0x0e transfer failed.
[  638.493467][ T6020] dvb-usb: bulk message failed: -22 (3/0)
[  638.513401][ T6020] dw2102: command 0x0e transfer failed.
[  638.549579][T12280] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  638.764867][T12290] Bluetooth: hci6: Frame reassembly failed (-84)
[  638.781407][T10580] Bluetooth: hci6: Frame reassembly failed (-84)
[  638.835006][ T6020] dvb-usb: bulk message failed: -22 (3/0)
[  638.855784][ T6020] dw2102: command 0x0e transfer failed.
[  639.306753][ T6020] dvb-usb: bulk message failed: -22 (3/0)
[  639.340761][ T6020] dw2102: command 0x0e transfer failed.
[  639.383396][ T6020] dvb-usb: bulk message failed: -22 (1/0)
[  639.404357][ T6020] dw2102: command 0x51 transfer failed.
[  639.411547][ T6020] dvb-usb: bulk message failed: -22 (5/0)
[  639.428490][ T6020] dw2102: i2c probe for address 0x68 failed.
[  639.440503][ T6020] dvb-usb: bulk message failed: -22 (5/0)
[  639.459271][ T6020] dw2102: i2c probe for address 0x69 failed.
[  639.469898][ T6020] dvb-usb: bulk message failed: -22 (5/0)
[  639.477202][ T6020] dw2102: i2c probe for address 0x6a failed.
[  639.483257][ T6020] dw2102: probing for demodulator failed. Is the external power switched on?
[  639.496606][ T6020] dvb-usb: no frontend was attached by 'TeVii S662'
[  639.634060][ T6020] rc_core: IR keymap rc-tt-1500 not found
[  639.658323][ T6020] Registered IR keymap rc-empty
[  639.694193][ T6020] rc rc0: TeVii S662 as /devices/platform/dummy_hcd.6/usb7/7-1/rc/rc0
[  639.718208][ T6020] input: TeVii S662 as /devices/platform/dummy_hcd.6/usb7/7-1/rc/rc0/input33
[  639.733006][T12312] FAULT_INJECTION: forcing a failure.
[  639.733006][T12312] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  639.781025][   T30] audit: type=1400 audit(1757287901.911:478): avc:  denied  { write } for  pid=12319 comm="syz.1.824" name="loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  639.876689][ T6020] dvb-usb: schedule remote query interval to 250 msecs.
[  639.883673][ T6020] dw2102: su3000_power_ctrl: 0, initialized 1
[  639.890072][T12312] CPU: 0 UID: 0 PID: 12312 Comm: syz.4.821 Not tainted syzkaller #0 PREEMPT(full) 
[  639.890098][T12312] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  639.890106][T12312] Call Trace:
[  639.890112][T12312]  <TASK>
[  639.890119][T12312]  dump_stack_lvl+0x16c/0x1f0
[  639.890144][T12312]  should_fail_ex+0x512/0x640
[  639.890177][T12312]  _copy_to_user+0x32/0xd0
[  639.890200][T12312]  simple_read_from_buffer+0xcb/0x170
[  639.890219][T12312]  proc_fail_nth_read+0x197/0x240
[  639.890237][T12312]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  639.890257][T12312]  ? rw_verify_area+0xcf/0x6c0
[  639.890281][T12312]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  639.890298][T12312]  vfs_read+0x1e1/0xcf0
[  639.890317][T12312]  ? __pfx___mutex_lock+0x10/0x10
[  639.890339][T12312]  ? __pfx_vfs_read+0x10/0x10
[  639.890361][T12312]  ? __fget_files+0x20e/0x3c0
[  639.890390][T12312]  ksys_read+0x12a/0x250
[  639.890405][T12312]  ? __pfx_ksys_read+0x10/0x10
[  639.890427][T12312]  do_syscall_64+0xcd/0x4c0
[  639.890455][T12312]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  639.890471][T12312] RIP: 0033:0x7f5f5258d5fc
[  639.890485][T12312] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  639.890499][T12312] RSP: 002b:00007f5f533e3030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  639.890514][T12312] RAX: ffffffffffffffda RBX: 00007f5f527c5fa0 RCX: 00007f5f5258d5fc
[  639.890525][T12312] RDX: 000000000000000f RSI: 00007f5f533e30a0 RDI: 0000000000000004
[  639.890534][T12312] RBP: 00007f5f533e3090 R08: 0000000000000000 R09: 0000000000000000
[  639.890543][T12312] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  639.890553][T12312] R13: 00007f5f527c6038 R14: 00007f5f527c5fa0 R15: 00007ffd6f0d7a08
[  639.890575][T12312]  </TASK>
[  639.893714][ T6020] dvb-usb: TeVii S662 successfully initialized and connected.
[  640.058548][T12326] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  640.106947][   T30] audit: type=1400 audit(1757287901.941:479): avc:  denied  { open } for  pid=12319 comm="syz.1.824" path="/dev/loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  640.145076][    T9] dvb-usb: bulk message failed: -22 (1/0)
[  640.232548][T12329] tipc: Started in network mode
[  640.237971][T12329] tipc: Node identity ac14140f, cluster identity 4711
[  640.255309][T12329] tipc: New replicast peer: 255.255.255.255
[  640.264920][T12329] tipc: Enabled bearer <udp:syz2>, priority 10
[  640.278202][    T9] dw2102: i2c transfer failed.
[  640.643037][    T9] dvb-usb: bulk message failed: -22 (1/0)
[  640.648952][    T9] dw2102: i2c transfer failed.
[  640.790704][ T6020] usb 7-1: USB disconnect, device number 3
[  640.828105][ T5172] Bluetooth: hci6: Opcode 0x1003 failed: -110
[  641.413811][ T5947] tipc: Node number set to 2886997007
[  641.715927][T12341] tipc: Started in network mode
[  641.721186][T12341] tipc: Node identity ac14140f, cluster identity 4711
[  641.854364][T12341] tipc: New replicast peer: 255.255.255.255
[  641.882583][T12341] tipc: Enabled bearer <udp:syz2>, priority 10
[  642.477294][ T6020] dvb-usb: TeVii S662 successfully deinitialized and disconnected.
[  642.652333][T12347] pim6reg: entered allmulticast mode
[  642.796753][T12387] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.833'.
[  642.821330][T12318] pim6reg: left allmulticast mode
[  642.972405][ T6020] tipc: Node number set to 2886997007
[  644.156238][T12407] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer.
[  644.174036][    T9] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  644.604882][    T9] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21
[  644.652875][    T9] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  644.708822][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  644.757484][    T9] usb 6-1: config 0 descriptor??
[  644.770122][    T9] usbhid 6-1:0.0: couldn't find an input interrupt endpoint
[  645.095062][T12409] netlink: 100 bytes leftover after parsing attributes in process `syz.5.835'.
[  645.601386][ T6020] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  645.799123][T12501] netlink: 'syz.6.837': attribute type 4 has an invalid length.
[  645.806899][T12501] netlink: 17 bytes leftover after parsing attributes in process `syz.6.837'.
[  646.508303][    T9] usb 6-1: USB disconnect, device number 5
[  646.541832][ T6020] usb 5-1: Using ep0 maxpacket: 32
[  646.574440][ T5947] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  646.597790][ T6020] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  646.879840][ T6020] usb 5-1: New USB device found, idVendor=9022, idProduct=d662, bcdDevice=b3.0e
[  646.889286][ T6020] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  646.901850][ T6020] usb 5-1: config 0 descriptor??
[  646.909591][ T6020] dvb-usb: found a 'TeVii S662' in warm state.
[  646.923273][ T6020] dw2102: su3000_power_ctrl: 1, initialized 0
[  646.936740][ T6020] dvb-usb: bulk message failed: -22 (2/0)
[  646.957388][ T5947] usb 4-1: Using ep0 maxpacket: 16
[  646.982709][ T6020] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  647.041301][ T5947] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  647.061276][ T5947] usb 4-1: config 1 has no interface number 1
[  647.067858][ T6020] dvbdev: DVB: registering new adapter (TeVii S662)
[  647.079185][ T5947] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  647.092694][ T6020] usb 5-1: media controller created
[  647.097935][ T6020] dvb-usb: bulk message failed: -22 (6/0)
[  647.230077][ T6020] dw2102: i2c transfer failed.
[  647.237184][ T5947] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  647.325624][T12531] MTD: Attempt to mount non-MTD device "/dev/loop6"
[  647.335758][T12531] blk_print_req_error: 3 callbacks suppressed
[  647.335801][T12531] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  647.644284][ T6020] dvb-usb: bulk message failed: -22 (6/0)
[  647.658772][T12534] netlink: 20 bytes leftover after parsing attributes in process `syz.5.843'.
[  647.670742][ T6020] dw2102: i2c transfer failed.
[  647.675739][ T6020] dvb-usb: bulk message failed: -22 (6/0)
[  647.691371][ T6020] dw2102: i2c transfer failed.
[  647.696675][ T6020] dvb-usb: bulk message failed: -22 (6/0)
[  647.702708][ T5947] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  647.712042][ T6020] dw2102: i2c transfer failed.
[  647.720073][ T5947] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  647.728171][ T6020] dvb-usb: bulk message failed: -22 (6/0)
[  647.734226][ T6020] dw2102: i2c transfer failed.
[  647.739086][ T5947] usb 4-1: Product: syz
[  647.743434][ T6020] dvb-usb: bulk message failed: -22 (6/0)
[  647.750415][ T5947] usb 4-1: Manufacturer: syz
[  647.756119][ T6020] dw2102: i2c transfer failed.
[  647.761046][ T5947] usb 4-1: SerialNumber: syz
[  647.766400][ T6020] dvb-usb: MAC address: 02:02:02:02:02:02
[  647.801094][ T6020] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  647.810609][T12534] FAULT_INJECTION: forcing a failure.
[  647.810609][T12534] name failslab, interval 1, probability 0, space 0, times 0
[  647.825401][T12524] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  647.831744][T12534] CPU: 0 UID: 0 PID: 12534 Comm: syz.5.843 Not tainted syzkaller #0 PREEMPT(full) 
[  647.831759][T12534] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  647.831766][T12534] Call Trace:
[  647.831769][T12534]  <TASK>
[  647.831773][T12534]  dump_stack_lvl+0x16c/0x1f0
[  647.831791][T12534]  should_fail_ex+0x512/0x640
[  647.831805][T12534]  ? fs_reclaim_acquire+0xae/0x150
[  647.831821][T12534]  ? tomoyo_encode2+0x100/0x3e0
[  647.831835][T12534]  should_failslab+0xc2/0x120
[  647.831848][T12534]  __kmalloc_noprof+0xd2/0x510
[  647.831862][T12534]  tomoyo_encode2+0x100/0x3e0
[  647.831879][T12534]  tomoyo_encode+0x29/0x50
[  647.831894][T12534]  tomoyo_realpath_from_path+0x18f/0x6e0
[  647.831911][T12534]  ? tomoyo_profile+0x47/0x60
[  647.831922][T12534]  tomoyo_path_number_perm+0x245/0x580
[  647.831935][T12534]  ? tomoyo_path_number_perm+0x237/0x580
[  647.831950][T12534]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  647.831964][T12534]  ? find_held_lock+0x2b/0x80
[  647.831989][T12534]  ? find_held_lock+0x2b/0x80
[  647.832001][T12534]  ? hook_file_ioctl_common+0x145/0x410
[  647.832014][T12534]  ? __fget_files+0x20e/0x3c0
[  647.832029][T12534]  security_file_ioctl+0x9b/0x240
[  647.832045][T12534]  __x64_sys_ioctl+0xb7/0x210
[  647.832063][T12534]  do_syscall_64+0xcd/0x4c0
[  647.832078][T12534]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  647.832088][T12534] RIP: 0033:0x7fbc4618ebe9
[  647.832097][T12534] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  647.832108][T12534] RSP: 002b:00007fbc47054038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  647.832118][T12534] RAX: ffffffffffffffda RBX: 00007fbc463c5fa0 RCX: 00007fbc4618ebe9
[  647.832125][T12534] RDX: 00002000000000c0 RSI: 000000000000890c RDI: 0000000000000007
[  647.832131][T12534] RBP: 00007fbc47054090 R08: 0000000000000000 R09: 0000000000000000
[  647.832137][T12534] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  647.832143][T12534] R13: 00007fbc463c6038 R14: 00007fbc463c5fa0 R15: 00007ffc701cff78
[  647.832156][T12534]  </TASK>
[  647.832167][T12534] ERROR: Out of memory at tomoyo_realpath_from_path.
[  648.050100][T12524] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  648.057797][T12524] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  648.065626][ T6020] dvb-usb: bulk message failed: -22 (3/0)
[  648.073286][T12524] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  648.079847][ T6020] dw2102: command 0x0e transfer failed.
[  648.087588][T12524] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  648.093609][ T6020] dvb-usb: bulk message failed: -22 (3/0)
[  648.106604][ T6020] dw2102: command 0x0e transfer failed.
[  648.419946][ T6020] dvb-usb: bulk message failed: -22 (3/0)
[  648.502012][ T6020] dw2102: command 0x0e transfer failed.
[  648.541245][ T6020] dvb-usb: bulk message failed: -22 (3/0)
[  648.574229][ T6020] dw2102: command 0x0e transfer failed.
[  648.630982][ T6020] dvb-usb: bulk message failed: -22 (1/0)
[  648.763554][ T6020] dw2102: command 0x51 transfer failed.
[  648.795372][ T6020] dvb-usb: bulk message failed: -22 (5/0)
[  648.828795][ T6020] dw2102: i2c probe for address 0x68 failed.
[  648.849551][ T6020] dvb-usb: bulk message failed: -22 (5/0)
[  648.863260][ T6020] dw2102: i2c probe for address 0x69 failed.
[  648.869267][ T6020] dvb-usb: bulk message failed: -22 (5/0)
[  648.928444][ T6020] dw2102: i2c probe for address 0x6a failed.
[  648.979402][ T6020] dw2102: probing for demodulator failed. Is the external power switched on?
[  649.034476][ T6020] dvb-usb: no frontend was attached by 'TeVii S662'
[  649.139754][ T5893] Bluetooth: hci1: command 0x0c1a tx timeout
[  649.186078][ T5947] usb 4-1: 2:1 : invalid channels 0
[  649.330931][ T5947] usb 4-1: USB disconnect, device number 25
[  649.339200][ T6020] rc_core: IR keymap rc-tt-1500 not found
[  649.344934][ T6020] Registered IR keymap rc-empty
[  649.491090][ T6020] rc rc0: TeVii S662 as /devices/platform/dummy_hcd.4/usb5/5-1/rc/rc0
[  649.594589][ T6020] input: TeVii S662 as /devices/platform/dummy_hcd.4/usb5/5-1/rc/rc0/input34
[  649.638843][T12589] netlink: 8 bytes leftover after parsing attributes in process `syz.1.846'.
[  649.692583][ T6020] dvb-usb: schedule remote query interval to 250 msecs.
[  649.722621][ T6020] dw2102: su3000_power_ctrl: 0, initialized 1
[  649.773210][ T6020] dvb-usb: TeVii S662 successfully initialized and connected.
[  649.979279][ T6020] usb 5-1: USB disconnect, device number 26
[  650.060341][T12611] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  650.098975][ T5172] Bluetooth: hci3: command 0x0c1a tx timeout
[  650.107087][ T5172] Bluetooth: hci5: command 0x040f tx timeout
[  650.113798][ T5889] Bluetooth: hci4: command 0x0c1a tx timeout
[  650.123649][ T5893] Bluetooth: hci2: command 0x0401 tx timeout
[  650.298785][ T5947] dvb-usb: bulk message failed: -22 (1/0)
[  650.458792][ T5947] dw2102: i2c transfer failed.
[  650.670861][   T30] audit: type=1400 audit(1757287912.776:480): avc:  denied  { create } for  pid=12594 comm="syz.3.847" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[  650.704532][T12617] netlink: 56 bytes leftover after parsing attributes in process `syz.3.847'.
[  650.842109][ T6020] dvb-usb: TeVii S662 successfully deinitialized and disconnected.
[  650.969857][   T30] audit: type=1400 audit(1757287912.836:481): avc:  denied  { write } for  pid=12594 comm="syz.3.847" path="socket:[25507]" dev="sockfs" ino=25507 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[  651.058539][ T5956] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  651.376951][T12647] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  651.999267][ T5956] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21
[  652.097675][ T5956] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  652.154922][ T5956] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  652.381525][T12658] MTD: Attempt to mount non-MTD device "/dev/loop5"
[  652.388528][T12658] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  652.523501][ T5956] usb 7-1: config 0 descriptor??
[  652.580777][ T5956] usbhid 7-1:0.0: couldn't find an input interrupt endpoint
[  652.927978][T12656] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  652.936398][T12628] netlink: 100 bytes leftover after parsing attributes in process `syz.6.851'.
[  652.960645][T12656] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  652.987141][T12656] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  652.993952][T12656] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  653.007408][T12656] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  653.415414][T12679] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  653.437882][T12678] syzkaller0: entered promiscuous mode
[  653.473924][T12678] syzkaller0: entered allmulticast mode
[  653.566532][T12677] tipc: Resetting bearer <eth:syzkaller0>
[  653.676530][ T5954] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  653.816628][T12677] tipc: Disabling bearer <eth:syzkaller0>
[  653.873173][ T5947] usb 7-1: USB disconnect, device number 4
[  654.076824][ T5954] usb 6-1: Using ep0 maxpacket: 32
[  654.083770][ T5954] usb 6-1: config 0 has an invalid interface number: 51 but max is 0
[  654.092373][ T5954] usb 6-1: config 0 has no interface number 0
[  654.102627][ T5954] usb 6-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  654.125168][ T5954] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  654.140204][ T5954] usb 6-1: Product: syz
[  654.145430][ T5954] usb 6-1: Manufacturer: syz
[  654.151831][ T5954] usb 6-1: SerialNumber: syz
[  654.166516][ T5954] usb 6-1: config 0 descriptor??
[  654.173588][T12691] hub 9-0:1.0: USB hub found
[  654.179539][T12691] hub 9-0:1.0: 1 port detected
[  654.224400][ T5954] quatech2 6-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  654.277896][   T30] audit: type=1400 audit(1757287916.418:482): avc:  denied  { getopt } for  pid=12704 comm="syz.6.856" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  654.426025][ T5954] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  654.515466][ T5954] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  654.576800][T12613] Bluetooth: hci1: command 0x0c1a tx timeout
[  654.636891][ T6006] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[  654.829917][   T30] audit: type=1400 audit(1757287916.968:483): avc:  denied  { watch } for  pid=12733 comm="syz.4.859" path="/174/file1" dev="tmpfs" ino=941 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  654.854154][    C0] usb 6-1: qt2_read_bulk_callback - non-zero urb status: -71
[  654.861898][ T5954] usb 6-1: USB disconnect, device number 6
[  654.884570][ T5954] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  654.915717][ T5954] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  654.931734][   T30] audit: type=1400 audit(1757287916.968:484): avc:  denied  { watch_sb watch_reads } for  pid=12733 comm="syz.4.859" path="/174/file1" dev="tmpfs" ino=941 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  654.937361][ T6006] usb 2-1: Using ep0 maxpacket: 32
[  654.983625][ T6006] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  655.003184][ T6006] usb 2-1: New USB device found, idVendor=9022, idProduct=d662, bcdDevice=b3.0e
[  655.017028][ T5954] quatech2 6-1:0.51: device disconnected
[  655.030389][T12613] Bluetooth: hci2: command 0x0401 tx timeout
[  655.086661][T12613] Bluetooth: hci3: command 0x0c1a tx timeout
[  655.092725][T12613] Bluetooth: hci5: command 0x040f tx timeout
[  655.098933][T12613] Bluetooth: hci4: command 0x0c1a tx timeout
[  655.105132][ T6006] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  655.115423][ T6006] usb 2-1: config 0 descriptor??
[  655.124026][ T6006] dvb-usb: found a 'TeVii S662' in warm state.
[  655.150376][ T6006] dw2102: su3000_power_ctrl: 1, initialized 0
[  655.156781][ T6006] dvb-usb: bulk message failed: -22 (2/0)
[  655.183349][ T6006] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  655.219420][ T6006] dvbdev: DVB: registering new adapter (TeVii S662)
[  655.253716][ T6006] usb 2-1: media controller created
[  655.270180][ T6006] dvb-usb: bulk message failed: -22 (6/0)
[  655.284800][ T6006] dw2102: i2c transfer failed.
[  655.299102][ T6006] dvb-usb: bulk message failed: -22 (6/0)
[  655.312744][ T6006] dw2102: i2c transfer failed.
[  655.323894][ T6006] dvb-usb: bulk message failed: -22 (6/0)
[  655.341370][ T6006] dw2102: i2c transfer failed.
[  655.363830][ T6006] dvb-usb: bulk message failed: -22 (6/0)
[  655.506187][ T6006] dw2102: i2c transfer failed.
[  655.531299][ T6006] dvb-usb: bulk message failed: -22 (6/0)
[  655.543063][ T6006] dw2102: i2c transfer failed.
[  655.561603][ T6006] dvb-usb: bulk message failed: -22 (6/0)
[  655.598055][ T6006] dw2102: i2c transfer failed.
[  655.621270][T12791] netlink: 16 bytes leftover after parsing attributes in process `syz.6.863'.
[  655.669172][ T6006] dvb-usb: MAC address: 02:02:02:02:02:02
[  655.734289][T12795] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  656.093200][   T30] audit: type=1400 audit(1757287918.229:485): avc:  denied  { ioctl } for  pid=12785 comm="syz.6.863" path="/dev/nullb0" dev="devtmpfs" ino=696 ioctlcmd=0x5420 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  656.120045][ T6006] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  656.485854][ T6006] dvb-usb: bulk message failed: -22 (3/0)
[  656.523549][ T6006] dw2102: command 0x0e transfer failed.
[  656.544891][ T6006] dvb-usb: bulk message failed: -22 (3/0)
[  656.574961][ T6006] dw2102: command 0x0e transfer failed.
[  656.739707][T12824] FAULT_INJECTION: forcing a failure.
[  656.739707][T12824] name failslab, interval 1, probability 0, space 0, times 0
[  656.752716][T12824] CPU: 1 UID: 0 PID: 12824 Comm: syz.4.868 Not tainted syzkaller #0 PREEMPT(full) 
[  656.752742][T12824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  656.752751][T12824] Call Trace:
[  656.752759][T12824]  <TASK>
[  656.752766][T12824]  dump_stack_lvl+0x16c/0x1f0
[  656.752791][T12824]  should_fail_ex+0x512/0x640
[  656.752811][T12824]  ? __kmalloc_noprof+0xbf/0x510
[  656.752829][T12824]  ? iter_file_splice_write+0x1cc/0x12e0
[  656.752847][T12824]  should_failslab+0xc2/0x120
[  656.752866][T12824]  __kmalloc_noprof+0xd2/0x510
[  656.752887][T12824]  iter_file_splice_write+0x1cc/0x12e0
[  656.752906][T12824]  ? shmem_get_folio_gfp+0x311/0x1600
[  656.752929][T12824]  ? splice_folio_into_pipe+0x4f1/0x5e0
[  656.752951][T12824]  ? __pfx_iter_file_splice_write+0x10/0x10
[  656.752968][T12824]  ? __lock_acquire+0xb97/0x1ce0
[  656.753013][T12824]  ? __pfx_iter_file_splice_write+0x10/0x10
[  656.753031][T12824]  direct_splice_actor+0x192/0x6c0
[  656.753051][T12824]  splice_direct_to_actor+0x345/0xa30
[  656.753069][T12824]  ? __pfx_direct_splice_actor+0x10/0x10
[  656.753090][T12824]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  656.753107][T12824]  ? __lock_acquire+0xb97/0x1ce0
[  656.753133][T12824]  do_splice_direct+0x174/0x240
[  656.753150][T12824]  ? __pfx_do_splice_direct+0x10/0x10
[  656.753166][T12824]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  656.753191][T12824]  vfs_copy_file_range+0x5e8/0x15f0
[  656.753216][T12824]  ? __pfx_vfs_copy_file_range+0x10/0x10
[  656.753238][T12824]  ? __pfx_ovl_real_file+0x10/0x10
[  656.753262][T12824]  ovl_copyfile+0x208/0x290
[  656.753281][T12824]  ovl_copy_file_range+0x3e/0x50
[  656.753300][T12824]  ? __pfx_ovl_copy_file_range+0x10/0x10
[  656.753318][T12824]  vfs_copy_file_range+0x775/0x15f0
[  656.753343][T12824]  ? __pfx_vfs_copy_file_range+0x10/0x10
[  656.753360][T12824]  ? __might_fault+0xe3/0x190
[  656.753374][T12824]  ? __might_fault+0xe3/0x190
[  656.753387][T12824]  ? __might_fault+0x13b/0x190
[  656.753411][T12824]  __do_sys_copy_file_range+0x1a1/0x460
[  656.753434][T12824]  ? __pfx___do_sys_copy_file_range+0x10/0x10
[  656.753452][T12824]  ? ksys_write+0x1ac/0x250
[  656.753468][T12824]  ? __pfx_ksys_write+0x10/0x10
[  656.753491][T12824]  do_syscall_64+0xcd/0x4c0
[  656.753630][T12824]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  656.753648][T12824] RIP: 0033:0x7f5f5258ebe9
[  656.753662][T12824] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  656.753684][T12824] RSP: 002b:00007f5f533e3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000146
[  656.753701][T12824] RAX: ffffffffffffffda RBX: 00007f5f527c5fa0 RCX: 00007f5f5258ebe9
[  656.753711][T12824] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000004
[  656.753721][T12824] RBP: 00007f5f533e3090 R08: fffffffffffffff8 R09: 0000000000000000
[  656.753730][T12824] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  656.753739][T12824] R13: 00007f5f527c6038 R14: 00007f5f527c5fa0 R15: 00007ffd6f0d7a08
[  656.753762][T12824]  </TASK>
[  656.923772][T12829] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  656.925912][    C1] vkms_vblank_simulate: vblank timer overrun
[  657.059137][    C1] vkms_vblank_simulate: vblank timer overrun
[  657.070974][ T6006] dvb-usb: bulk message failed: -22 (3/0)
[  657.076735][ T6006] dw2102: command 0x0e transfer failed.
[  657.082263][ T6006] dvb-usb: bulk message failed: -22 (3/0)
[  657.087996][ T6006] dw2102: command 0x0e transfer failed.
[  657.093534][ T6006] dvb-usb: bulk message failed: -22 (1/0)
[  657.099246][ T6006] dw2102: command 0x51 transfer failed.
[  657.104770][ T6006] dvb-usb: bulk message failed: -22 (5/0)
[  657.110495][ T6006] dw2102: i2c probe for address 0x68 failed.
[  657.116479][ T6006] dvb-usb: bulk message failed: -22 (5/0)
[  657.122212][ T6006] dw2102: i2c probe for address 0x69 failed.
[  657.128218][ T6006] dvb-usb: bulk message failed: -22 (5/0)
[  657.134235][ T6006] dw2102: i2c probe for address 0x6a failed.
[  657.141047][ T6006] dw2102: probing for demodulator failed. Is the external power switched on?
[  657.149844][ T6006] dvb-usb: no frontend was attached by 'TeVii S662'
[  657.207609][ T6006] rc_core: IR keymap rc-tt-1500 not found
[  657.213369][ T6006] Registered IR keymap rc-empty
[  657.219405][ T6006] rc rc0: TeVii S662 as /devices/platform/dummy_hcd.1/usb2/2-1/rc/rc0
[  657.229197][ T6006] input: TeVii S662 as /devices/platform/dummy_hcd.1/usb2/2-1/rc/rc0/input35
[  657.239479][ T6006] dvb-usb: schedule remote query interval to 250 msecs.
[  657.246698][ T6006] dw2102: su3000_power_ctrl: 0, initialized 1
[  657.252785][ T6006] dvb-usb: TeVii S662 successfully initialized and connected.
[  657.264999][ T6006] usb 2-1: USB disconnect, device number 24
[  657.365021][ T6006] dvb-usb: TeVii S662 successfully deinitialized and disconnected.
[  657.761534][T12862] hub 9-0:1.0: USB hub found
[  657.768176][T12862] hub 9-0:1.0: 1 port detected
[  657.795520][ T5954] usb 5-1: new low-speed USB device number 27 using dummy_hcd
[  658.086580][ T5954] usb 5-1: config 7 has an invalid interface number: 252 but max is 0
[  658.110067][T12867] netlink: 56 bytes leftover after parsing attributes in process `syz.3.872'.
[  658.197897][ T5954] usb 5-1: config 7 has no interface number 0
[  658.205959][ T5954] usb 5-1: config 7 interface 252 has no altsetting 0
[  658.216478][ T5954] usb 5-1: string descriptor 0 read error: -22
[  658.222803][ T5954] usb 5-1: New USB device found, idVendor=0681, idProduct=0005, bcdDevice=56.c0
[  658.233913][ T5954] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  658.335152][ T5947] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  658.840161][ T5947] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  658.874281][ T5947] usb 6-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  658.899261][ T5947] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  659.526364][ T5947] usb 6-1: config 0 descriptor??
[  659.563070][ T5947] pwc: Askey VC010 type 2 USB webcam detected.
[  660.018548][ T5947] pwc: recv_control_msg error -32 req 02 val 2b00
[  660.025931][ T5947] pwc: recv_control_msg error -32 req 02 val 2700
[  660.033176][ T5947] pwc: recv_control_msg error -32 req 02 val 2c00
[  660.045068][ T5947] pwc: recv_control_msg error -32 req 04 val 1000
[  660.052870][ T5947] pwc: recv_control_msg error -32 req 04 val 1300
[  660.060786][ T5947] pwc: recv_control_msg error -32 req 04 val 1400
[  660.069322][ T5947] pwc: recv_control_msg error -32 req 02 val 2000
[  660.076429][ T5947] pwc: recv_control_msg error -32 req 02 val 2100
[  660.093006][ T5947] pwc: recv_control_msg error -32 req 04 val 1500
[  660.123629][ T5947] pwc: recv_control_msg error -32 req 02 val 2500
[  660.136389][ T5947] pwc: recv_control_msg error -32 req 02 val 2400
[  660.288908][T12920] Invalid source name
[  660.347133][ T5947] pwc: recv_control_msg error -32 req 02 val 2600
[  660.576301][ T5956] usb 5-1: USB disconnect, device number 27
[  660.640017][T12921] netlink: 4 bytes leftover after parsing attributes in process `syz.1.878'.
[  660.817104][T12931] netlink: 4 bytes leftover after parsing attributes in process `syz.5.874'.
[  661.077883][T12931] bridge0: port 2(bridge_slave_1) entered disabled state
[  661.131736][T12931] bridge_slave_1: left allmulticast mode
[  661.143088][T12931] bridge_slave_1: left promiscuous mode
[  661.160882][T12931] bridge0: port 2(bridge_slave_1) entered disabled state
[  661.318326][    C0] vxcan0: j1939_tp_rxtimer: 0xffff8880577f3000: rx timeout, send abort
[  661.348621][   T30] audit: type=1400 audit(1757287923.481:486): avc:  denied  { search } for  pid=5203 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  661.683090][ T5947] pwc: recv_control_msg error -71 req 02 val 2800
[  661.691046][ T5947] pwc: recv_control_msg error -71 req 04 val 1100
[  661.703540][ T5947] pwc: recv_control_msg error -71 req 04 val 1200
[  661.712253][ T5947] pwc: Registered as video103.
[  661.794848][ T5947] input: PWC snapshot button as /devices/platform/dummy_hcd.5/usb6/6-1/input/input36
[  661.889341][ T5947] usb 6-1: USB disconnect, device number 7
[  662.680611][T12990] tipc: Started in network mode
[  662.698683][T12990] tipc: Node identity 5e544d56119c, cluster identity 4711
[  662.764209][T12990] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  662.772492][ T5947] usb 5-1: new full-speed USB device number 28 using dummy_hcd
[  662.918376][T12990] tipc: Resetting bearer <eth:syzkaller0>
[  662.964157][ T5947] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  663.088075][ T5947] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  663.109178][ T5947] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00
[  663.217720][T12997] netlink: 'syz.3.887': attribute type 4 has an invalid length.
[  663.225508][T12997] netlink: 17 bytes leftover after parsing attributes in process `syz.3.887'.
[  663.518351][ T5947] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  663.526412][ T5947] usb 5-1: SerialNumber: syz
[  663.549110][ T5947] usb 5-1: 0:2 : does not exist
[  663.559166][T12985] tipc: Disabling bearer <eth:syzkaller0>
[  665.281654][T13024] syz_tun: entered promiscuous mode
[  665.303564][T13024] batadv_slave_0: entered promiscuous mode
[  665.325905][T13024] hsr1: entered allmulticast mode
[  665.331149][T13024] syz_tun: entered allmulticast mode
[  665.336583][T13024] batadv_slave_0: entered allmulticast mode
[  665.716741][ T5947] usb 5-1: USB disconnect, device number 28
[  666.100111][T13047] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  667.432369][T13069] hub 9-0:1.0: USB hub found
[  667.444200][ T6691] block nbd0: Possible stuck request ffff888026cd71c0: control (read@0,1024B). Runtime 180 seconds
[  667.454663][T13073] fuse: Bad value for 'fd'
[  667.456969][T13069] hub 9-0:1.0: 1 port detected
[  667.640395][T13073] fuse: Bad value for 'fd'
[  667.677825][T13073] fuse: Bad value for 'fd'
[  667.729997][T13073] fuse: Bad value for 'fd'
[  667.734720][T13073] fuse: Bad value for 'fd'
[  667.739254][   T30] audit: type=1400 audit(1757287929.865:487): avc:  denied  { mounton } for  pid=13072 comm="syz.3.897" path="/177/file0" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  667.768517][ T6691] block nbd0: Possible stuck request ffff888026cd7380: control (read@1024,1024B). Runtime 180 seconds
[  667.779715][ T6691] block nbd0: Possible stuck request ffff888026cd7540: control (read@2048,1024B). Runtime 180 seconds
[  667.800158][ T6691] block nbd0: Possible stuck request ffff888026cd7700: control (read@3072,1024B). Runtime 180 seconds
[  667.841638][T13073] fuse: Bad value for 'fd'
[  667.847173][T13073] fuse: Bad value for 'fd'
[  667.867103][T13073] fuse: Unknown parameter 'P'
[  667.881252][T13073] fuse: Unknown parameter 'P'
[  667.892039][T13073] fuse: Unknown parameter 'P'
[  667.903041][T13073] fuse: Unknown parameter 'P'
[  668.320516][T13073] fuse: Unknown parameter 'P'
[  668.336456][T13088] netlink: 8 bytes leftover after parsing attributes in process `syz.4.899'.
[  668.362577][T13091] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  669.189250][ T5956] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  669.359235][ T5956] usb 6-1: Using ep0 maxpacket: 32
[  669.392726][ T5956] usb 6-1: config 0 has an invalid interface number: 51 but max is 0
[  669.402936][ T5956] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  669.485823][ T5956] usb 6-1: config 0 has no interface number 0
[  669.532275][ T5956] usb 6-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  669.589425][ T5956] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  669.609663][ T5956] usb 6-1: Product: syz
[  669.629531][ T5956] usb 6-1: Manufacturer: syz
[  669.647130][ T5956] usb 6-1: SerialNumber: syz
[  669.691217][ T5956] usb 6-1: config 0 descriptor??
[  669.776803][ T5956] quatech2 6-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  669.841512][T13178] netlink: 24 bytes leftover after parsing attributes in process `syz.6.905'.
[  669.872244][T13178] misc userio: Invalid payload size
[  669.964769][ T5956] usb 6-1: qt2_setup_urbs - submit read urb failed -8
[  670.081593][ T5956] quatech2 6-1:0.51: probe with driver quatech2 failed with error -8
[  670.647819][ T5947] usb 6-1: USB disconnect, device number 8
[  670.724288][T13207] 9pnet_fd: Insufficient options for proto=fd
[  671.682857][T13224] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  671.924765][ T5956] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[  672.184027][ T5956] usb 2-1: Using ep0 maxpacket: 16
[  672.320838][T13238] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  672.321309][ T5956] usb 2-1: config 0 has an invalid interface number: 232 but max is 0
[  672.336340][ T5956] usb 2-1: config 0 has no interface number 0
[  672.674457][T13241] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=63009 sclass=netlink_route_socket pid=13241 comm=syz.6.916
[  672.687549][ T5956] usb 2-1: config 0 interface 232 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  672.698693][ T5956] usb 2-1: config 0 interface 232 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  672.708852][ T5956] usb 2-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00
[  672.717907][ T5956] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  672.727988][ T5956] usb 2-1: config 0 descriptor??
[  673.908605][T13266] Invalid source name
[  674.464233][   T30] audit: type=1400 audit(1757287936.518:488): avc:  denied  { ioctl } for  pid=13268 comm="syz.3.920" path="socket:[28327]" dev="sockfs" ino=28327 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  674.976380][   T30] audit: type=1400 audit(1757287936.768:489): avc:  denied  { write } for  pid=13268 comm="syz.3.920" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  675.032654][ T6006] usb 2-1: USB disconnect, device number 25
[  676.458012][T13297] nbd_handle_cmd: 2 callbacks suppressed
[  676.458033][T13297] block nbd3: Attempted send on invalid socket
[  676.661193][T13321] 9pnet_fd: Insufficient options for proto=fd
[  676.814691][T13297] I/O error, dev nbd3, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  677.350942][ T6691] block nbd3: Attempted send on invalid socket
[  677.358332][ T6691] I/O error, dev nbd3, sector 256 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  677.413712][T13297] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[  677.423618][T13297] block nbd3: Attempted send on invalid socket
[  677.448437][T13297] I/O error, dev nbd3, sector 512 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  677.458182][T13297] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[  677.471751][T13297] block nbd3: Attempted send on invalid socket
[  677.479348][T13297] I/O error, dev nbd3, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  677.498124][T13297] block nbd3: Attempted send on invalid socket
[  677.529230][T13297] I/O error, dev nbd3, sector 512 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  677.565179][T13297] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[  677.730685][T13297] block nbd3: Attempted send on invalid socket
[  677.737289][T13297] I/O error, dev nbd3, sector 1024 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  677.745648][T13342] 9pnet_fd: Insufficient options for proto=fd
[  677.754361][T13297] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[  677.779234][T13297] block nbd3: Attempted send on invalid socket
[  677.795327][T13297] I/O error, dev nbd3, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  677.932601][T13297] block nbd3: Attempted send on invalid socket
[  678.387656][T13297] I/O error, dev nbd3, sector 1024 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  678.399015][T13297] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[  678.409086][T13297] block nbd3: Attempted send on invalid socket
[  678.415401][T13297] I/O error, dev nbd3, sector 2048 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  678.425065][T13297] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[  678.438005][T13297] block nbd3: Attempted send on invalid socket
[  678.444238][T13297] I/O error, dev nbd3, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  678.453997][T13297] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[  678.467280][T13297] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[  678.505503][T13297] UDF-fs: warning (device nbd3): udf_fill_super: No partition found (1)
[  678.594830][T13348] Invalid source name
[  679.143987][   T30] audit: type=1400 audit(1757287940.860:490): avc:  denied  { create } for  pid=13338 comm="syz.1.928" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmpvc_socket permissive=1
[  679.186238][T13356] netlink: 8 bytes leftover after parsing attributes in process `syz.4.931'.
[  679.666365][ T5956] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  679.868814][ T5956] usb 7-1: Using ep0 maxpacket: 16
[  679.898581][ T5956] usb 7-1: config 0 has an invalid interface number: 232 but max is 0
[  679.914037][ T5956] usb 7-1: config 0 has no interface number 0
[  679.932836][ T5956] usb 7-1: config 0 interface 232 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  680.077335][T13380] netlink: 4 bytes leftover after parsing attributes in process `syz.3.935'.
[  680.109791][ T5956] usb 7-1: config 0 interface 232 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  680.517703][ T5956] usb 7-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00
[  680.527307][ T5956] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  680.550122][   T30] audit: type=1400 audit(1757287942.353:491): avc:  denied  { write } for  pid=13376 comm="syz.4.937" name="nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  680.551554][ T5956] usb 7-1: config 0 descriptor??
[  681.081473][T13388] hub 9-0:1.0: USB hub found
[  681.087528][T13388] hub 9-0:1.0: 1 port detected
[  681.104544][   T30] audit: type=1400 audit(1757287942.353:492): avc:  denied  { open } for  pid=13376 comm="syz.4.937" path="/dev/nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  681.937609][T13411] hub 9-0:1.0: USB hub found
[  681.943455][T13411] hub 9-0:1.0: 1 port detected
[  683.379769][ T5956] usb 7-1: USB disconnect, device number 5
[  683.523497][T13449] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(4)
[  683.530166][T13449] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  683.669044][T13449] vhci_hcd vhci_hcd.0: Device attached
[  683.864106][   T30] audit: type=1400 audit(1757287945.993:493): avc:  denied  { read } for  pid=13448 comm="syz.6.945" path="socket:[28596]" dev="sockfs" ino=28596 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  684.074074][ T6006] vhci_hcd: vhci_device speed not set
[  684.139596][ T6006] usb 45-1: new full-speed USB device number 2 using vhci_hcd
[  684.543512][T13469] netlink: 8 bytes leftover after parsing attributes in process `syz.5.947'.
[  684.680677][T13450] vhci_hcd: connection reset by peer
[  684.710394][T10580] vhci_hcd: stop threads
[  684.714780][T10580] vhci_hcd: release socket
[  684.727119][T10580] vhci_hcd: disconnect device
[  685.286481][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  685.297843][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  686.285351][T13499] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  686.343142][T13506] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  686.984314][T13527] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  687.297804][T13533] netlink: 'syz.1.960': attribute type 10 has an invalid length.
[  687.457965][T13533] 8021q: adding VLAN 0 to HW filter on device batadv0
[  687.570410][T13533] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  688.484138][ T5947] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  688.634103][ T5947] usb 6-1: Using ep0 maxpacket: 32
[  688.672023][ T5947] usb 6-1: config 1 has an invalid interface number: 197 but max is 0
[  688.780226][T13562] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  689.016559][ T5947] usb 6-1: config 1 has no interface number 0
[  689.037344][ T5947] usb 6-1: config 1 interface 197 has no altsetting 0
[  689.077095][ T5947] usb 6-1: New USB device found, idVendor=0499, idProduct=1030, bcdDevice=2b.ef
[  689.104187][ T5947] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  689.122189][ T5947] usb 6-1: Product: syz
[  689.134648][ T5947] usb 6-1: Manufacturer: syz
[  689.152775][ T5947] usb 6-1: SerialNumber: syz
[  689.294460][ T6006] vhci_hcd: vhci_device speed not set
[  689.431642][   T30] audit: type=1400 audit(1757287951.583:494): avc:  denied  { map } for  pid=13570 comm="syz.6.966" path="/dev/ocfs2_control" dev="devtmpfs" ino=101 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  689.435322][T13571] EXT4-fs (nullb0): VFS: Can't find ext4 filesystem
[  689.480668][ T5947] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  689.569878][ T5947] snd-usb-audio 6-1:1.197: probe with driver snd-usb-audio failed with error -2
[  689.619395][ T5947] usb 6-1: USB disconnect, device number 9
[  689.682454][ T5894] udevd[5894]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.197/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  690.024081][ T5956] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  690.099040][T13597] syz_tun: entered promiscuous mode
[  690.109970][T13597] batadv_slave_0: entered promiscuous mode
[  690.119766][T13597] debugfs: 'hsr1' already exists in 'hsr'
[  690.125658][T13597] Cannot create hsr debugfs directory
[  690.132229][T13597] hsr1: entered allmulticast mode
[  690.137361][T13597] syz_tun: entered allmulticast mode
[  690.142719][T13597] batadv_slave_0: entered allmulticast mode
[  690.564098][ T5956] usb 7-1: Using ep0 maxpacket: 32
[  690.604250][ T5956] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  690.814193][ T5956] usb 7-1: New USB device found, idVendor=9022, idProduct=d662, bcdDevice=b3.0e
[  691.315264][ T5956] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  691.330117][   T30] audit: type=1400 audit(1757287953.483:495): avc:  denied  { read } for  pid=13607 comm="syz.3.970" dev="sockfs" ino=28888 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  691.360089][T13608] netlink: 68 bytes leftover after parsing attributes in process `syz.3.970'.
[  691.378178][ T5956] usb 7-1: config 0 descriptor??
[  691.505471][ T5956] dvb-usb: found a 'TeVii S662' in warm state.
[  691.524038][ T5956] dw2102: su3000_power_ctrl: 1, initialized 0
[  691.531939][   T30] audit: type=1400 audit(1757287953.553:496): avc:  denied  { name_bind } for  pid=13607 comm="syz.3.970" src=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=udp_socket permissive=1
[  691.629635][ T5956] dvb-usb: bulk message failed: -22 (2/0)
[  691.696376][ T5956] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  692.064523][ T5956] dvbdev: DVB: registering new adapter (TeVii S662)
[  692.071186][ T5956] usb 7-1: media controller created
[  692.128297][ T5956] dvb-usb: bulk message failed: -22 (6/0)
[  692.146534][ T5956] dw2102: i2c transfer failed.
[  692.151342][ T5956] dvb-usb: bulk message failed: -22 (6/0)
[  692.176069][ T5956] dw2102: i2c transfer failed.
[  692.191197][ T5956] dvb-usb: bulk message failed: -22 (6/0)
[  692.213979][ T5956] dw2102: i2c transfer failed.
[  692.317520][ T5956] dvb-usb: bulk message failed: -22 (6/0)
[  692.370152][ T5956] dw2102: i2c transfer failed.
[  692.401977][ T5956] dvb-usb: bulk message failed: -22 (6/0)
[  692.444676][ T5956] dw2102: i2c transfer failed.
[  692.462336][ T5956] dvb-usb: bulk message failed: -22 (6/0)
[  692.477283][ T5956] dw2102: i2c transfer failed.
[  692.487615][ T5956] dvb-usb: MAC address: 02:02:02:02:02:02
[  692.526165][ T5956] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  692.581749][ T5956] dvb-usb: bulk message failed: -22 (3/0)
[  692.607864][ T5956] dw2102: command 0x0e transfer failed.
[  692.621105][ T5956] dvb-usb: bulk message failed: -22 (3/0)
[  692.639399][ T5956] dw2102: command 0x0e transfer failed.
[  692.868737][T13634] 9pnet_fd: Insufficient options for proto=fd
[  692.970722][ T5956] dvb-usb: bulk message failed: -22 (3/0)
[  693.409328][ T5956] dw2102: command 0x0e transfer failed.
[  693.415717][ T5956] dvb-usb: bulk message failed: -22 (3/0)
[  693.421430][ T5956] dw2102: command 0x0e transfer failed.
[  693.427256][ T5956] dvb-usb: bulk message failed: -22 (1/0)
[  693.432962][ T5956] dw2102: command 0x51 transfer failed.
[  693.438742][ T5956] dvb-usb: bulk message failed: -22 (5/0)
[  693.444873][ T5956] dw2102: i2c probe for address 0x68 failed.
[  693.450843][ T5956] dvb-usb: bulk message failed: -22 (5/0)
[  693.469098][ T5956] dw2102: i2c probe for address 0x69 failed.
[  693.543322][ T5956] dvb-usb: bulk message failed: -22 (5/0)
[  693.553340][ T5956] dw2102: i2c probe for address 0x6a failed.
[  693.560871][ T5956] dw2102: probing for demodulator failed. Is the external power switched on?
[  693.595504][ T5956] dvb-usb: no frontend was attached by 'TeVii S662'
[  693.644360][T13646] netlink: 8 bytes leftover after parsing attributes in process `syz.5.976'.
[  693.699202][ T5956] rc_core: IR keymap rc-tt-1500 not found
[  693.727267][ T5956] Registered IR keymap rc-empty
[  693.751123][ T5956] rc rc0: TeVii S662 as /devices/platform/dummy_hcd.6/usb7/7-1/rc/rc0
[  693.801708][ T5956] input: TeVii S662 as /devices/platform/dummy_hcd.6/usb7/7-1/rc/rc0/input38
[  693.834178][ T2151] usb 5-1: new full-speed USB device number 29 using dummy_hcd
[  693.883740][T13657] Invalid source name
[  693.941988][ T5956] dvb-usb: schedule remote query interval to 250 msecs.
[  694.027247][ T2151] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  694.196896][ T5956] dw2102: su3000_power_ctrl: 0, initialized 1
[  694.232017][ T5956] dvb-usb: TeVii S662 successfully initialized and connected.
[  694.258763][ T2151] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64
[  694.295257][ T5956] usb 7-1: USB disconnect, device number 6
[  694.306057][ T2151] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  694.599326][ T2151] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 512, setting to 64
[  694.618473][ T2151] usb 5-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  694.638384][ T2151] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  694.827367][ T2151] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  694.838830][ T2151] usb 5-1: Product: syz
[  694.843091][ T2151] usb 5-1: Manufacturer: syz
[  694.854746][ T5956] dvb-usb: TeVii S662 successfully deinitialized and disconnected.
[  694.863332][ T2151] usb 5-1: SerialNumber: syz
[  694.876369][T13639] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  695.153594][   T30] audit: type=1400 audit(1757287957.253:497): avc:  denied  { mounton } for  pid=13675 comm="syz.5.980" path="/dev/binderfs" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  695.434423][T13639] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  695.654933][T13699] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate.
[  695.685489][   T30] audit: type=1400 audit(1757287957.843:498): avc:  denied  { write } for  pid=13698 comm="syz.1.982" name="/" dev="9p" ino=17889801302421081418 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  696.027955][T13707] 9pnet_fd: Insufficient options for proto=fd
[  696.133627][T13708] netlink: 8 bytes leftover after parsing attributes in process `syz.5.984'.
[  696.468465][T13639] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  696.974887][ T2151] cdc_ncm 5-1:1.0: bind() failure
[  696.989891][ T2151] cdc_ncm 5-1:1.1: probe with driver cdc_ncm failed with error -71
[  697.093148][ T2151] cdc_mbim 5-1:1.1: probe with driver cdc_mbim failed with error -71
[  697.205956][ T2151] usbtest 5-1:1.1: probe with driver usbtest failed with error -71
[  697.226019][T13726] 9pnet_fd: Insufficient options for proto=fd
[  697.235961][ T2151] usb 5-1: USB disconnect, device number 29
[  697.380549][T13734] netlink: 'syz.3.987': attribute type 4 has an invalid length.
[  697.388274][T13734] netlink: 17 bytes leftover after parsing attributes in process `syz.3.987'.
[  697.854243][ T5947] usb 6-1: new full-speed USB device number 10 using dummy_hcd
[  698.018585][ T5947] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[  698.040129][ T5947] usb 6-1: config 0 has no interface number 0
[  698.051702][ T5947] usb 6-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  698.067983][ T5947] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  698.084945][ T6691] block nbd0: Possible stuck request ffff888026cd71c0: control (read@0,1024B). Runtime 210 seconds
[  698.095827][ T6691] block nbd0: Possible stuck request ffff888026cd7380: control (read@1024,1024B). Runtime 210 seconds
[  698.106951][ T6691] block nbd0: Possible stuck request ffff888026cd7540: control (read@2048,1024B). Runtime 210 seconds
[  698.118114][ T6691] block nbd0: Possible stuck request ffff888026cd7700: control (read@3072,1024B). Runtime 210 seconds
[  698.130469][ T5947] usb 6-1: config 0 descriptor??
[  698.146827][ T5947] usb 6-1: selecting invalid altsetting 1
[  698.158419][ T5947] dvb_ttusb_budget: ttusb_init_controller: error
[  698.164928][ T5947] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  698.799588][ T5947] DVB: Unable to find symbol cx22700_attach()
[  699.466480][T13761] hub 9-0:1.0: USB hub found
[  699.471854][T13761] hub 9-0:1.0: 1 port detected
[  699.820089][T13768] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  699.847299][T13767] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  699.861889][ T5947] DVB: Unable to find symbol tda10046_attach()
[  699.879966][T13768] syzkaller0: entered promiscuous mode
[  699.885199][ T5947] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  699.902894][T13768] syzkaller0: entered allmulticast mode
[  699.923844][T13767] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  700.035045][T13767] tipc: Resetting bearer <eth:syzkaller0>
[  700.064489][T13766] tipc: Resetting bearer <eth:syzkaller0>
[  700.114721][T13766] tipc: Disabling bearer <eth:syzkaller0>
[  700.403487][ T6014] usb 6-1: USB disconnect, device number 10
[  700.874120][ T5956] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  700.913069][T13812] macsec1: entered promiscuous mode
[  701.049351][ T5956] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  701.060315][ T5956] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  701.090579][ T5956] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  701.132019][ T5956] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  701.165574][ T5956] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  701.203160][ T5956] usb 4-1: config 0 descriptor??
[  702.040514][T13844] MTD: Attempt to mount non-MTD device "/dev/loop4"
[  702.050319][T13844] blk_print_req_error: 2 callbacks suppressed
[  702.050379][T13844] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  702.576083][T13838] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  702.629485][T13838] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  702.645008][T13838] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  702.872392][T13847] netlink: 100 bytes leftover after parsing attributes in process `syz.3.999'.
[  702.883456][T13838] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  702.892104][T13838] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  703.120422][ T5956] plantronics 0003:047F:FFFF.0011: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  703.164193][ T5976] usb 2-1: new full-speed USB device number 26 using dummy_hcd
[  703.222258][T13864] ptm ptm24: ldisc open failed (-12), clearing slot 24
[  703.345085][ T5976] usb 2-1: not running at top speed; connect to a high speed hub
[  703.369054][ T5976] usb 2-1: config 1 has an invalid interface number: 78 but max is 0
[  703.378236][ T5976] usb 2-1: config 1 has no interface number 0
[  703.391365][ T5976] usb 2-1: config 1 interface 78 has no altsetting 0
[  703.400848][ T5956] usb 4-1: USB disconnect, device number 26
[  703.432980][ T5976] usb 2-1: New USB device found, idVendor=11ba, idProduct=1001, bcdDevice=ec.57
[  703.447669][ T5976] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  703.457121][ T5976] usb 2-1: Product: syz
[  703.460262][T13887] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1012'.
[  703.461288][ T5976] usb 2-1: Manufacturer: syz
[  703.479049][ T5976] usb 2-1: SerialNumber: syz
[  703.480805][T13887] netlink: 'syz.4.1012': attribute type 30 has an invalid length.
[  703.558123][T13904] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1014'.
[  703.571245][T13904] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1014'.
[  703.717118][T13908] FAULT_INJECTION: forcing a failure.
[  703.717118][T13908] name failslab, interval 1, probability 0, space 0, times 0
[  703.730505][   T30] audit: type=1400 audit(1757287965.873:499): avc:  denied  { block_suspend } for  pid=13906 comm="syz.4.1015" capability=36  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  703.735619][ T2151] usb 7-1: new full-speed USB device number 7 using dummy_hcd
[  703.752226][T13908] CPU: 0 UID: 0 PID: 13908 Comm: syz.4.1015 Not tainted syzkaller #0 PREEMPT(full) 
[  703.752246][T13908] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  703.752256][T13908] Call Trace:
[  703.752264][T13908]  <TASK>
[  703.752271][T13908]  dump_stack_lvl+0x16c/0x1f0
[  703.752294][T13908]  should_fail_ex+0x512/0x640
[  703.752313][T13908]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  703.752332][T13908]  should_failslab+0xc2/0x120
[  703.752349][T13908]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  703.752365][T13908]  ? do_epoll_ctl+0x24d7/0x3790
[  703.752386][T13908]  do_epoll_ctl+0x24d7/0x3790
[  703.752412][T13908]  ? __pfx_do_epoll_ctl+0x10/0x10
[  703.752427][T13908]  ? find_held_lock+0x2b/0x80
[  703.752444][T13908]  ? __might_fault+0xe3/0x190
[  703.752458][T13908]  ? __might_fault+0xe3/0x190
[  703.752481][T13908]  ? __x64_sys_epoll_ctl+0x15c/0x1e0
[  703.752496][T13908]  __x64_sys_epoll_ctl+0x15c/0x1e0
[  703.752513][T13908]  ? __pfx___x64_sys_epoll_ctl+0x10/0x10
[  703.752537][T13908]  do_syscall_64+0xcd/0x4c0
[  703.752558][T13908]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  703.752574][T13908] RIP: 0033:0x7f5f5258ebe9
[  703.752586][T13908] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  703.752600][T13908] RSP: 002b:00007f5f533c2038 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9
[  703.752614][T13908] RAX: ffffffffffffffda RBX: 00007f5f527c6090 RCX: 00007f5f5258ebe9
[  703.752624][T13908] RDX: 0000000000000004 RSI: 0000000000000001 RDI: 0000000000000009
[  703.752632][T13908] RBP: 00007f5f533c2090 R08: 0000000000000000 R09: 0000000000000000
[  703.752641][T13908] R10: 0000200000000200 R11: 0000000000000246 R12: 0000000000000001
[  703.752649][T13908] R13: 00007f5f527c6128 R14: 00007f5f527c6090 R15: 00007ffd6f0d7a08
[  703.752671][T13908]  </TASK>
[  703.941097][ T5899] Bluetooth: hci1: command 0x0c1a tx timeout
[  704.287942][   T30] audit: type=1400 audit(1757287966.433:500): avc:  denied  { getopt } for  pid=13841 comm="syz.1.1005" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  704.295681][ T5976] pvrusb2: Hardware description: OnAir USB2 Hybrid USB tuner
[  704.382708][ T5976] usb 2-1: selecting invalid altsetting 0
[  704.411893][ T2334] pvrusb2: control-write URB failure, status=-71
[  704.416058][ T5976] usb 2-1: USB disconnect, device number 26
[  704.469492][ T2334] pvrusb2: Device being rendered inoperable
[  704.506412][ T2151] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  704.524198][ T2151] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E
[  704.544153][ T2334] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  704.576888][ T2151] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10
[  704.586623][ T2334] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  704.596236][ T2151] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[  704.650209][ T5899] Bluetooth: hci2: command 0x0401 tx timeout
[  704.725821][ T5899] Bluetooth: hci4: command 0x0c1a tx timeout
[  704.750405][ T2151] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  704.766510][ T2151] usb 7-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[  704.776967][ T2151] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[  704.784682][T13923] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  704.785344][ T2151] usb 7-1: Product: syz
[  704.796248][ T2151] usb 7-1: Manufacturer: syz
[  704.802184][ T2151] usb 7-1: SerialNumber: syz
[  704.865592][ T2151] usb 7-1: config 0 descriptor??
[  704.884060][ T5899] Bluetooth: hci5: command 0x040f tx timeout
[  704.964211][ T5899] Bluetooth: hci3: command 0x0c1a tx timeout
[  705.118384][ T2151] radio-si470x 7-1:0.0: DeviceID=0x0000 ChipID=0x0000
[  705.126128][ T2151] radio-si470x 7-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0.
[  705.199042][   T30] audit: type=1326 audit(1757287967.353:501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13936 comm="syz.3.1018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe38c98ebe9 code=0x7ffc0000
[  705.228143][   T30] audit: type=1326 audit(1757287967.353:502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13936 comm="syz.3.1018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe38c98ebe9 code=0x7ffc0000
[  705.259362][   T30] audit: type=1326 audit(1757287967.353:503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13936 comm="syz.3.1018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe38c98ebe9 code=0x7ffc0000
[  705.291601][   T30] audit: type=1326 audit(1757287967.353:504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13936 comm="syz.3.1018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe38c98ebe9 code=0x7ffc0000
[  705.327283][T13896] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  705.350040][   T30] audit: type=1326 audit(1757287967.353:505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13936 comm="syz.3.1018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=326 compat=0 ip=0x7fe38c98ebe9 code=0x7ffc0000
[  705.354397][T13896] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  705.391710][   T30] audit: type=1326 audit(1757287967.353:506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13936 comm="syz.3.1018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe38c98ebe9 code=0x7ffc0000
[  705.479767][   T30] audit: type=1326 audit(1757287967.353:507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13936 comm="syz.3.1018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe38c98d550 code=0x7ffc0000
[  705.570313][   T30] audit: type=1326 audit(1757287967.353:508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13936 comm="syz.3.1018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe38c98ebe9 code=0x7ffc0000
[  705.595509][ T2151] radio-si470x 7-1:0.0: software version 0, hardware version 0
[  705.603078][ T2151] radio-si470x 7-1:0.0: This driver is known to work with hardware version 1, but the device has hardware version 0.
[  705.615938][ T2151] radio-si470x 7-1:0.0: If you have some trouble using this driver, please report to V4L ML at linux-media@vger.kernel.org
[  705.711157][T13949] netlink: 'syz.1.1019': attribute type 4 has an invalid length.
[  705.719170][T13949] netlink: 17 bytes leftover after parsing attributes in process `syz.1.1019'.
[  705.935372][ T2151] radio-si470x 7-1:0.0: submitting int urb failed (-90)
[  706.701248][T13957] MTD: Attempt to mount non-MTD device "/dev/loop4"
[  706.711071][T13957] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  707.031754][ T2151] radio-si470x 7-1:0.0: si470x_set_report: usb_control_msg returned -71
[  707.043885][ T2151] radio-si470x 7-1:0.0: si470x_get_report: usb_control_msg returned -71
[  707.072206][ T2151] usb 7-1: USB disconnect, device number 7
[  707.731916][T13973] fuse: Bad value for 'fd'
[  707.954672][T13954] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  707.960790][T13954] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  707.975969][T13954] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  707.982268][T13954] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  707.988742][T13954] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  709.152341][T14005] Invalid source name
[  709.424488][ T5947] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  709.605438][ T5947] usb 7-1: Using ep0 maxpacket: 16
[  709.629979][ T5947] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  709.679778][T14016] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  709.923829][ T5947] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  709.935125][ T5976] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[  709.939289][ T5947] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  709.963530][ T5947] usb 7-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  709.973146][ T5947] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  709.992034][ T5947] usb 7-1: config 0 descriptor??
[  710.007672][T12613] Bluetooth: hci3: command 0x0c1a tx timeout
[  710.007689][ T5899] Bluetooth: hci5: command 0x040f tx timeout
[  710.007727][ T5899] Bluetooth: hci4: command 0x0c1a tx timeout
[  710.025979][T12613] Bluetooth: hci2: command 0x0401 tx timeout
[  710.032007][T12613] Bluetooth: hci1: command 0x0c1a tx timeout
[  710.126805][ T5976] usb 5-1: Using ep0 maxpacket: 16
[  710.157019][ T5976] usb 5-1: config 0 has an invalid interface number: 232 but max is 0
[  710.189695][ T5976] usb 5-1: config 0 has no interface number 0
[  710.317632][ T5976] usb 5-1: config 0 interface 232 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  710.875876][T14028] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  710.876155][ T5976] usb 5-1: config 0 interface 232 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  710.892389][T14028] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  710.931495][ T5976] usb 5-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00
[  710.952739][ T5976] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  710.954277][T14032] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1030'.
[  710.976901][ T5976] usb 5-1: config 0 descriptor??
[  711.165014][ T5947] hid_parser_main: 66 callbacks suppressed
[  711.165031][ T5947] microsoft 0003:045E:07DA.0012: unknown main item tag 0x6
[  711.196673][ T5947] microsoft 0003:045E:07DA.0012: reserved main item tag 0xd
[  711.556551][ T5947] microsoft 0003:045E:07DA.0012: item fetching failed at offset 30/34
[  711.565406][ T5947] microsoft 0003:045E:07DA.0012: parse failed
[  711.582404][ T5947] microsoft 0003:045E:07DA.0012: probe with driver microsoft failed with error -22
[  711.668948][ T5947] usb 7-1: USB disconnect, device number 8
[  713.507692][ T5976] usb 5-1: USB disconnect, device number 30
[  713.513828][T14064] syz_tun: entered promiscuous mode
[  713.584438][T14064] batadv_slave_0: entered promiscuous mode
[  713.646540][T14064] debugfs: 'hsr1' already exists in 'hsr'
[  713.670480][T14064] Cannot create hsr debugfs directory
[  713.686341][T14064] hsr1: entered allmulticast mode
[  713.701651][T14064] syz_tun: entered allmulticast mode
[  713.760092][T14064] batadv_slave_0: entered allmulticast mode
[  713.946454][T14086] 9pnet_fd: Insufficient options for proto=fd
[  714.070146][   T30] kauditd_printk_skb: 28 callbacks suppressed
[  714.070161][   T30] audit: type=1400 audit(1757287976.223:537): avc:  denied  { mounton } for  pid=14080 comm="syz.6.1036" path="/proc/279/task" dev="proc" ino=29958 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[  716.033613][T14102] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  716.077092][T14100] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1039'.
[  717.405352][T14120] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1044'.
[  718.083170][T14143] Invalid source name
[  718.235684][ T5976] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  718.474151][ T5976] usb 7-1: Using ep0 maxpacket: 16
[  718.509999][ T5976] usb 7-1: config 0 has an invalid interface number: 232 but max is 0
[  718.528096][ T5976] usb 7-1: config 0 has no interface number 0
[  718.537854][ T5976] usb 7-1: config 0 interface 232 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  718.581859][ T5976] usb 7-1: config 0 interface 232 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  718.613651][ T5976] usb 7-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00
[  718.652301][ T5976] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  718.682022][ T5889] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  718.712873][ T5976] usb 7-1: config 0 descriptor??
[  718.838560][ T5889] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  718.870072][ T5889] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  719.147189][ T5889] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  719.219069][ T5889] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  720.214550][ T6014] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[  720.272335][T14156] chnl_net:caif_netlink_parms(): no params data found
[  720.376168][ T6014] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  720.396710][ T6014] usb 5-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  720.414260][ T6014] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  720.548650][ T6014] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  720.963026][ T6014] usb 5-1: Product: syz
[  720.967671][ T6014] usb 5-1: Manufacturer: syz
[  720.972362][ T6014] usb 5-1: SerialNumber: syz
[  721.006473][ T2151] usb 7-1: USB disconnect, device number 9
[  721.022859][ T6014] cdc_ncm 5-1:1.0: skipping garbage
[  721.034173][ T6014] cdc_ncm 5-1:1.0: NCM or ECM functional descriptors missing
[  721.046651][ T6014] cdc_ncm 5-1:1.0: bind() failure
[  721.099692][ T6014] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found
[  721.106916][ T6014] cdc_ncm 5-1:1.1: bind() failure
[  721.171561][   T30] audit: type=1400 audit(1757287983.323:538): avc:  denied  { setopt } for  pid=14331 comm="syz.3.1055" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  721.175027][T14156] bridge0: port 1(bridge_slave_0) entered blocking state
[  721.221391][T14156] bridge0: port 1(bridge_slave_0) entered disabled state
[  721.242360][T14156] bridge_slave_0: entered allmulticast mode
[  721.391751][ T5889] Bluetooth: hci6: command tx timeout
[  721.421771][T14156] bridge_slave_0: entered promiscuous mode
[  721.544211][T14156] bridge0: port 2(bridge_slave_1) entered blocking state
[  721.551491][T14156] bridge0: port 2(bridge_slave_1) entered disabled state
[  721.564025][T14156] bridge_slave_1: entered allmulticast mode
[  721.593370][T14156] bridge_slave_1: entered promiscuous mode
[  721.674286][T14359] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1056'.
[  721.694085][   T30] audit: type=1400 audit(1757287983.843:539): avc:  denied  { bind } for  pid=14331 comm="syz.3.1055" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  721.714554][T14360] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[  721.751203][ T5956] usb 5-1: USB disconnect, device number 31
[  721.833163][   T30] audit: type=1400 audit(1757287983.983:540): avc:  denied  { getopt } for  pid=14331 comm="syz.3.1055" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  722.082886][T14156] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  722.113433][T14156] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  722.222595][T14414] FAULT_INJECTION: forcing a failure.
[  722.222595][T14414] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  722.242798][T14414] CPU: 1 UID: 0 PID: 14414 Comm: syz.6.1058 Not tainted syzkaller #0 PREEMPT(full) 
[  722.242823][T14414] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  722.242833][T14414] Call Trace:
[  722.242839][T14414]  <TASK>
[  722.242846][T14414]  dump_stack_lvl+0x16c/0x1f0
[  722.242872][T14414]  should_fail_ex+0x512/0x640
[  722.242896][T14414]  _copy_to_user+0x32/0xd0
[  722.242923][T14414]  simple_read_from_buffer+0xcb/0x170
[  722.242942][T14414]  proc_fail_nth_read+0x197/0x240
[  722.242964][T14414]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  722.242985][T14414]  ? rw_verify_area+0xcf/0x6c0
[  722.243010][T14414]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  722.243029][T14414]  vfs_read+0x1e1/0xcf0
[  722.243049][T14414]  ? __pfx___mutex_lock+0x10/0x10
[  722.243072][T14414]  ? __pfx_vfs_read+0x10/0x10
[  722.243097][T14414]  ? __fget_files+0x20e/0x3c0
[  722.243124][T14414]  ksys_read+0x12a/0x250
[  722.243141][T14414]  ? __pfx_ksys_read+0x10/0x10
[  722.243167][T14414]  do_syscall_64+0xcd/0x4c0
[  722.243192][T14414]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  722.243210][T14414] RIP: 0033:0x7f9a46d8d5fc
[  722.243225][T14414] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  722.243242][T14414] RSP: 002b:00007f9a47cb5030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  722.243258][T14414] RAX: ffffffffffffffda RBX: 00007f9a46fc5fa0 RCX: 00007f9a46d8d5fc
[  722.243269][T14414] RDX: 000000000000000f RSI: 00007f9a47cb50a0 RDI: 0000000000000005
[  722.243280][T14414] RBP: 00007f9a47cb5090 R08: 0000000000000000 R09: 0000000000000000
[  722.243289][T14414] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  722.243298][T14414] R13: 00007f9a46fc6038 R14: 00007f9a46fc5fa0 R15: 00007ffebc7c3e58
[  722.243323][T14414]  </TASK>
[  722.926913][T14156] team0: Port device team_slave_0 added
[  722.954317][T14156] team0: Port device team_slave_1 added
[  723.055294][   T31] INFO: task syz.0.493:8934 blocked for more than 163 seconds.
[  723.083403][   T31]       Not tainted syzkaller #0
[  723.096589][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  723.120346][   T31] task:syz.0.493       state:D stack:28392 pid:8934  tgid:8932  ppid:5900   task_flags:0x400040 flags:0x00004004
[  723.134010][   T31] Call Trace:
[  723.137388][   T31]  <TASK>
[  723.140446][   T31]  __schedule+0x1190/0x5de0
[  723.145782][   T31]  ? __lock_acquire+0x62e/0x1ce0
[  723.150944][   T31]  ? __pfx___schedule+0x10/0x10
[  723.156897][   T31]  ? find_held_lock+0x2b/0x80
[  723.161622][   T31]  ? schedule+0x2d7/0x3a0
[  723.168279][   T31]  ? bdev_open+0x41a/0xe40
[  723.172774][   T31]  schedule+0xe7/0x3a0
[  723.176982][   T31]  schedule_preempt_disabled+0x13/0x30
[  723.182582][   T31]  __mutex_lock+0x81b/0x1060
[  723.189468][   T31]  ? bdev_open+0x41a/0xe40
[  723.196412][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  723.201581][   T31]  ? __pfx_ilookup+0x10/0x10
[  723.206777][   T31]  ? _atomic_dec_and_lock+0xa2/0x120
[  723.212188][   T31]  ? bdev_open+0x41a/0xe40
[  723.216803][   T31]  bdev_open+0x41a/0xe40
[  723.221239][   T31]  blkdev_open+0x277/0x3f0
[  723.225919][   T31]  do_dentry_open+0x982/0x1530
[  723.230822][   T31]  ? __pfx_blkdev_open+0x10/0x10
[  723.241251][   T31]  vfs_open+0x82/0x3f0
[  723.252311][   T31]  path_openat+0x1de4/0x2cb0
[  723.258282][   T31]  ? __pfx_path_openat+0x10/0x10
[  723.263550][   T31]  do_filp_open+0x20b/0x470
[  723.269957][   T31]  ? __pfx_do_filp_open+0x10/0x10
[  723.276598][   T31]  ? alloc_fd+0x471/0x7d0
[  723.281154][   T31]  do_sys_openat2+0x11b/0x1d0
[  723.287554][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[  723.292881][   T31]  ? find_held_lock+0x2b/0x80
[  723.302141][   T31]  ? handle_mm_fault+0x2ab/0xd10
[  723.308291][   T31]  __x64_sys_openat+0x174/0x210
[  723.313269][   T31]  ? __pfx___x64_sys_openat+0x10/0x10
[  723.318986][   T31]  ? do_user_addr_fault+0x843/0x1370
[  723.324392][   T31]  do_syscall_64+0xcd/0x4c0
[  723.329264][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  723.335318][   T31] RIP: 0033:0x7fddd158d550
[  723.340058][   T31] RSP: 002b:00007fddd2488b70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  723.348673][   T31] RAX: ffffffffffffffda RBX: 0000000000080000 RCX: 00007fddd158d550
[  723.356817][   T31] RDX: 0000000000080000 RSI: 00007fddd2488c10 RDI: 00000000ffffff9c
[  723.365188][   T31] RBP: 00007fddd2488c10 R08: 0000000000000000 R09: 002364626e2f7665
[  723.374082][   T31] R10: 0000000000000000 R11: 0000000000000293 R12: cccccccccccccccd
[  723.382873][   T31] R13: 00007fddd17c6038 R14: 00007fddd17c5fa0 R15: 00007ffd87d52968
[  723.391450][   T31]  </TASK>
[  723.394970][   T31] INFO: task syz.0.493:8940 blocked for more than 163 seconds.
[  723.402675][   T31]       Not tainted syzkaller #0
[  723.409037][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  723.418052][   T31] task:syz.0.493       state:D stack:28280 pid:8940  tgid:8932  ppid:5900   task_flags:0x400140 flags:0x00004004
[  723.430291][   T31] Call Trace:
[  723.433737][   T31]  <TASK>
[  723.436929][   T31]  __schedule+0x1190/0x5de0
[  723.441727][   T31]  ? __pfx___schedule+0x10/0x10
[  723.446965][   T31]  ? find_held_lock+0x2b/0x80
[  723.451795][   T31]  ? schedule+0x2d7/0x3a0
[  723.454030][ T5889] Bluetooth: hci6: command tx timeout
[  723.456926][   T31]  ? bdev_open+0xa2/0xe40
[  723.467540][   T31]  schedule+0xe7/0x3a0
[  723.471732][   T31]  schedule_preempt_disabled+0x13/0x30
[  723.478402][   T31]  __mutex_lock+0x81b/0x1060
[  723.483122][   T31]  ? bdev_open+0xa2/0xe40
[  723.489476][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  723.494966][   T31]  ? __pfx_bd_prepare_to_claim+0x10/0x10
[  723.500906][   T31]  ? bdev_open+0xa2/0xe40
[  723.508733][   T31]  bdev_open+0xa2/0xe40
[  723.514412][   T31]  bdev_file_open_by_dev+0x182/0x210
[  723.519918][   T31]  setup_bdev_super+0x78/0x730
[  723.525148][   T31]  get_tree_bdev_flags+0x363/0x620
[  723.530476][   T31]  ? __pfx_udf_fill_super+0x10/0x10
[  723.536899][   T31]  ? __pfx_get_tree_bdev_flags+0x10/0x10
[  723.542912][   T31]  ? bpf_lsm_capable+0x9/0x10
[  723.547941][   T31]  ? security_capable+0x7e/0x260
[  723.553207][   T31]  vfs_get_tree+0x8b/0x340
[  723.557874][   T31]  path_mount+0x1513/0x2000
[  723.562629][   T31]  ? __pfx_path_mount+0x10/0x10
[  723.567623][   T31]  ? kmem_cache_free+0x2d1/0x4d0
[  723.572616][   T31]  ? putname+0x154/0x1a0
[  723.577061][   T31]  ? putname+0x154/0x1a0
[  723.581358][   T31]  ? __x64_sys_mount+0x28d/0x310
[  723.586440][   T31]  __x64_sys_mount+0x28d/0x310
[  723.591928][   T31]  ? __pfx___x64_sys_mount+0x10/0x10
[  723.597339][   T31]  do_syscall_64+0xcd/0x4c0
[  723.601913][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  723.608031][   T31] RIP: 0033:0x7fddd158ebe9
[  723.612498][   T31] RSP: 002b:00007fddd2468038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  723.621072][   T31] RAX: ffffffffffffffda RBX: 00007fddd17c6090 RCX: 00007fddd158ebe9
[  723.629287][   T31] RDX: 0000200000000080 RSI: 0000200000004a00 RDI: 0000200000000000
[  723.637886][   T31] RBP: 00007fddd1611e19 R08: 0000000000000000 R09: 0000000000000000
[  723.646846][   T31] R10: 0000000002008087 R11: 0000000000000246 R12: 0000000000000000
[  723.655901][   T31] R13: 00007fddd17c6128 R14: 00007fddd17c6090 R15: 00007ffd87d52968
[  723.664234][   T31]  </TASK>
[  723.667564][   T31] 
[  723.667564][   T31] Showing all locks held in the system:
[  723.669543][T14156] batman_adv: batadv0: Adding interface: batadv_slave_0
[  723.683741][T14156] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  723.710396][   T31] 2 locks held by ksoftirqd/1/23:
[  723.715749][   T31]  #0: ffff8880b843a318 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x7e/0x130
[  723.716554][T14156] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  723.726179][   T31]  #1: ffffffff8e5c1260 (rcu_read_lock){....}-{1:3}, at: bpf_trace_run4+0x1d5/0x5b0
[  723.742612][T14156] batman_adv: batadv0: Adding interface: batadv_slave_1
[  723.755376][T14156] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  723.790188][   T31] 1 lock held by khungtaskd/31:
[  723.790291][T14156] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  723.825738][   T31]  #0: ffffffff8e5c1260 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0
[  723.839427][   T31] 2 locks held by getty/5605:
[  723.845252][   T31]  #0: ffff88814d9960a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80
[  723.855569][   T31]  #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x14f0
[  723.879550][   T31] 1 lock held by udevd/5887:
[  723.885960][   T31]  #0: ffff888026bac358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0x41a/0xe40
[  723.905705][   T31] 1 lock held by syz.0.493/8934:
[  723.922038][   T31]  #0: ffff888026bac358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0x41a/0xe40
[  723.971926][   T31] 2 locks held by syz.0.493/8940:
[  723.981288][   T31]  #0: ffff8880689e80e0 (&type->s_umount_key#90/1){+.+.}-{4:4}, at: alloc_super+0x235/0xbd0
[  723.993850][   T31]  #1: ffff888026bac358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xa2/0xe40
[  724.007515][   T31] 3 locks held by kworker/u8:20/10541:
[  724.013059][   T31]  #0: ffff88801b881148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[  724.024396][   T31]  #1: ffffc9001fe97d10 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[  724.035257][   T31]  #2: ffffffff90384a88 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0x51/0xc0
[  724.044855][   T31] 2 locks held by kworker/u8:43/10564:
[  724.050390][   T31]  #0: ffff8880b843a318 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x7e/0x130
[  724.060709][   T31]  #1: ffffffff8e5c1260 (rcu_read_lock){....}-{1:3}, at: bpf_trace_run4+0x1d5/0x5b0
[  724.070510][   T31] 3 locks held by syz-executor/14156:
[  724.076059][   T31]  #0: ffffffff8f71ad60 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x113/0x2c0
[  724.087024][   T31]  #1: ffffffff90384a88 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x600/0x2000
[  724.097258][   T31]  #2: ffffffff8e5cc7f8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x284/0x3c0
[  724.107740][   T31] 1 lock held by syz.3.1063/14453:
[  724.112898][   T31]  #0: ffffffff8e5cc7f8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x1a3/0x3c0
[  724.125692][   T31] 
[  724.128219][   T31] =============================================
[  724.128219][   T31] 
[  724.141740][   T31] NMI backtrace for cpu 0
[  724.141754][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[  724.141773][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  724.141782][   T31] Call Trace:
[  724.141787][   T31]  <TASK>
[  724.141793][   T31]  dump_stack_lvl+0x116/0x1f0
[  724.141818][   T31]  nmi_cpu_backtrace+0x27b/0x390
[  724.141833][   T31]  ? _raw_spin_unlock_irqrestore+0x61/0x80
[  724.141854][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  724.141881][   T31]  nmi_trigger_cpumask_backtrace+0x29c/0x300
[  724.141906][   T31]  watchdog+0xf0e/0x1260
[  724.141927][   T31]  ? __pfx_watchdog+0x10/0x10
[  724.141942][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[  724.141964][   T31]  ? __kthread_parkme+0x19e/0x250
[  724.141990][   T31]  ? __pfx_watchdog+0x10/0x10
[  724.142008][   T31]  kthread+0x3c2/0x780
[  724.142026][   T31]  ? __pfx_kthread+0x10/0x10
[  724.142045][   T31]  ? rcu_is_watching+0x12/0xc0
[  724.142066][   T31]  ? __pfx_kthread+0x10/0x10
[  724.142083][   T31]  ret_from_fork+0x5d4/0x6f0
[  724.142099][   T31]  ? __pfx_kthread+0x10/0x10
[  724.142116][   T31]  ret_from_fork_asm+0x1a/0x30
[  724.142147][   T31]  </TASK>
[  724.142153][   T31] Sending NMI from CPU 0 to CPUs 1:
[  724.265384][    C1] NMI backtrace for cpu 1
[  724.265397][    C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted syzkaller #0 PREEMPT(full) 
[  724.265413][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  724.265420][    C1] RIP: 0010:pv_native_safe_halt+0xf/0x20
[  724.265440][    C1] Code: dc 61 02 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 53 c3 15 00 fb f4 <e9> 8c 09 03 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90
[  724.265452][    C1] RSP: 0018:ffffc90000197df8 EFLAGS: 000002c2
[  724.265463][    C1] RAX: 00000000017e4141 RBX: 0000000000000001 RCX: ffffffff8b944c29
[  724.265471][    C1] RDX: 0000000000000000 RSI: ffffffff8de522d8 RDI: ffffffff8c162d80
[  724.265480][    C1] RBP: ffffed1003c5d488 R08: 0000000000000001 R09: ffffed10170a6655
[  724.265487][    C1] R10: ffff8880b85332ab R11: 0000000000000000 R12: 0000000000000001
[  724.265495][    C1] R13: ffff88801e2ea440 R14: ffffffff90ab6b90 R15: 0000000000000000
[  724.265504][    C1] FS:  0000000000000000(0000) GS:ffff8881247b5000(0000) knlGS:0000000000000000
[  724.265517][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  724.265525][    C1] CR2: fffffffffffffffd CR3: 00000000794e9000 CR4: 00000000003526f0
[  724.265533][    C1] Call Trace:
[  724.265538][    C1]  <TASK>
[  724.265542][    C1]  default_idle+0x13/0x20
[  724.265559][    C1]  default_idle_call+0x6d/0xb0
[  724.265576][    C1]  do_idle+0x391/0x510
[  724.265594][    C1]  ? __pfx_do_idle+0x10/0x10
[  724.265608][    C1]  ? do_idle+0x1c/0x510
[  724.265623][    C1]  cpu_startup_entry+0x4f/0x60
[  724.265644][    C1]  start_secondary+0x21d/0x2b0
[  724.265662][    C1]  ? __pfx_start_secondary+0x10/0x10
[  724.265681][    C1]  common_startup_64+0x13e/0x148
[  724.265700][    C1]  </TASK>
[  724.450506][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  724.457376][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[  724.466482][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  724.476605][   T31] Call Trace:
[  724.479871][   T31]  <TASK>
[  724.482781][   T31]  dump_stack_lvl+0x3d/0x1f0
[  724.487348][   T31]  vpanic+0x6e8/0x7a0
[  724.491310][   T31]  ? __pfx_vpanic+0x10/0x10
[  724.495790][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  724.501749][   T31]  panic+0xca/0xd0
[  724.505452][   T31]  ? __pfx_panic+0x10/0x10
[  724.509862][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  724.515216][   T31]  ? nmi_trigger_cpumask_backtrace+0x1b1/0x300
[  724.521341][   T31]  ? watchdog+0xd78/0x1260
[  724.525730][   T31]  ? watchdog+0xd6b/0x1260
[  724.530118][   T31]  watchdog+0xd89/0x1260
[  724.534346][   T31]  ? __pfx_watchdog+0x10/0x10
[  724.538998][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[  724.544174][   T31]  ? __kthread_parkme+0x19e/0x250
[  724.549184][   T31]  ? __pfx_watchdog+0x10/0x10
[  724.553833][   T31]  kthread+0x3c2/0x780
[  724.557881][   T31]  ? __pfx_kthread+0x10/0x10
[  724.562456][   T31]  ? rcu_is_watching+0x12/0xc0
[  724.567199][   T31]  ? __pfx_kthread+0x10/0x10
[  724.571766][   T31]  ret_from_fork+0x5d4/0x6f0
[  724.576330][   T31]  ? __pfx_kthread+0x10/0x10
[  724.580901][   T31]  ret_from_fork_asm+0x1a/0x30
[  724.585653][   T31]  </TASK>
[  724.588843][   T31] Kernel Offset: disabled
[  724.593141][   T31] Rebooting in 86400 seconds..