last executing test programs:

43.826219604s ago: executing program 4 (id=1407):
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x200000000000000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = gettid()
timer_create(0xb, &(0x7f00000000c0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r1 = syz_open_dev$cec(&(0x7f0000000240), 0x0, 0x2182)
ioctl$CEC_RECEIVE(r1, 0xc0386106, &(0x7f0000000000)={0x4, 0x7, 0x80005, 0x0, 0x0, 0x1, '&\x00', 0xc, 0x0, 0x5, 0x0, 0x0, 0x0, 0xe})
r2 = getpid()
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
r3 = shmget$private(0x0, 0x1000, 0x2, &(0x7f0000598000/0x1000)=nil)
lstat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, <r4=>0x0})
lstat(&(0x7f0000000480)='./file0\x00', &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r6 = getpid()
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x77974000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r7, &(0x7f00000000c0), 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$kcm(0x10, 0x2, 0x10)
getsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x67, 0x0, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000140)=ANY=[@ANYBLOB="8d3cb67941e6fda6539805c4feb2fd00a0901dddc03db27fc4a2b0ffb61f58ee77a54ad80e04ebbd6b466dd3b061990f8a2868713f9606b51ee0ed933de0601c56cb9d3d30110a73c102ef97ba8cb1653d093a"], 0x14}], 0x1, 0x0, 0x0, 0x84}, 0x4000300)
r9 = fsopen(&(0x7f0000000100)='cifs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r9, 0x1, &(0x7f0000000180)='user\x00N\xac]\x86\x8a\xa3\x7f\x00', &(0x7f0000000140), 0x0)
shmctl$IPC_SET(r3, 0x1, &(0x7f0000000580)={{0x1, r4, 0xffffffffffffffff, 0x0, r5, 0x40, 0x5}, 0x80000001, 0x7, 0x40, 0x4, r2, r2, 0x3})
lstat(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140))
getresgid(&(0x7f00000001c0), &(0x7f0000000200), &(0x7f0000000380))

43.575597893s ago: executing program 4 (id=1408):
r0 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0)
write$tcp_congestion(r0, 0x0, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='attr/current\x00')
r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='status\x00')
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=','])
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
mount$9p_virtio(0x0, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x8002, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x48c00, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
setrlimit(0x6, 0x0)
r3 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$inet6_int(r3, 0x29, 0x1000000000021, 0x0, 0x0)
gettid()
r4 = socket$kcm(0x2, 0x1000000000000005, 0x0)
sendmsg$inet(r4, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x20, @rand_addr=0xa9fe0000}, 0x10, &(0x7f00000001c0)=[{&(0x7f0000000040)='r', 0x1}], 0x1}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$IPVS_CMD_GET_DEST(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)={0x28, r6, 0x50dc85624ea6cf59, 0x0, 0x1, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x400c081}, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000040), 0x55af)
openat$binfmt_format(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/fs/binfmt_misc/syz1\x00', 0x2, 0x0)

42.131839522s ago: executing program 4 (id=1413):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x1, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000008c0)={'wlan1\x00'})
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB="600000000206010800000000000000000000000005000400000000000900020073797a31000000001400078008001240000000000500140008000000050005000a000000050001000600000011000300686173683a69702c706f7274"], 0x60}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000c80)=ANY=[@ANYBLOB="5c000000090601080000000000000000070000000900020073797a31000000000500010007000000340007801800018014000240fe8000000000000000000000000000bb060004400e1f00cd050007008800000006000540"], 0x5c}, 0x1, 0x0, 0x0, 0x10000042}, 0x90)
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000a00)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000d00)=ANY=[@ANYRES16, @ANYBLOB="478477977d0f1542e3914be12be7d3293f96057e4e2b736ac45509aeb469bd8fabd4d741d5dc2b212209be48627acb950259fc16e71fc9dd9ec803d822d284371277364e734c", @ANYRES8, @ANYBLOB="628620fcc2e44e443d367f880ee918187928a05c66b4b1f763a7040a76c529c0bf3ded4d93435037840067d387086d1c041509bb841417b43a25e4f1d1754a30fb0b7b128464bf59fce582ddc036e28ff11547528567cade24df1184bf103bd894faaf4031f2cf386fe10392505cfd5156adc023e6a2811d4837b7c99fa2055a7d3dbad716425860289f27e237b2271e82df20cb32bc845aae7a6ed3189f7442623b6a6fe94c8d2a5c979772907045531ea8154878f4cc6cf04f044e1f10903901180a6b0022c0265756fa561d6849a139089f77f831951383a7976f4102cf51258a0f951a04d5a689d9b52ee111d9af4874b59d1cbc01f78a91ba1f93774bc4eb63e7fe585338d763", @ANYRES32], 0x38}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
landlock_restrict_self(0xffffffffffffffff, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r2, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x4)
socket$nl_route(0x10, 0x3, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000004000000ffff00000100000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000ff00000000000018110000", @ANYRES32=r3, @ANYBLOB], 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)

38.835672148s ago: executing program 4 (id=1423):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './mnt\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000000)=0x9, 0x4)
r3 = socket$packet(0x11, 0x0, 0x300)
setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000300)={'ip6_vti0\x00', <r4=>0x0})
sendto$packet(r2, &(0x7f0000000180)="10030600e0fc020004004788aa96a13bb100001100007fca1a00", 0x10608, 0x0, &(0x7f0000000140)={0x11, 0x0, r4}, 0x14)
r5 = gettid()
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
setsockopt$netlink_NETLINK_NO_ENOBUFS(0xffffffffffffffff, 0x10e, 0x5, 0x0, 0x0)
r6 = syz_clone(0x40008800, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r6)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
ptrace(0x10, r6)
ptrace(0x420e, r6)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x5, 0xc, 0x0, &(0x7f0000000000)="219a53f271a76d2608004c65", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
r7 = syz_open_dev$tty20(0xc, 0x4, 0x0)
pipe2$9p(&(0x7f0000000240)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff}, 0x181800)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0x10, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e063c4b662c7266646e6f3d", @ANYRESHEX=r8, @ANYBLOB=',wfdno=', @ANYRESHEX=r7, @ANYBLOB=',\x00'])
write$P9_RVERSION(r9, &(0x7f00000000c0)=ANY=[@ANYBLOB="150000c28d5aa2e33be59147ea896c922dddcf35b9db961bfb1d5638513d5debff30bce233dbce8b63c435b263c6cf519732f6dff5bbf02d6c909f021f83229fdf985dd8c24451769ba592826a3284663601c1ff86b8a6c94e19086b15b5d9d8fc45d4868bcf3a863d74152ca8b09a7b38dbcb457d6b94bca9bac7a3865d98304764d03332a61b1cb2cbfb8086cb00"/156], 0xfffffd97)
ioctl$sock_FIOSETOWN(r1, 0x8901, &(0x7f0000000000)=r5)
lseek(0xffffffffffffffff, 0x1, 0x1)
r10 = socket$alg(0x26, 0x5, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
iopl(0x4)
bind$alg(r10, &(0x7f0000000a00)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64-generic\x00'}, 0x58)

38.306735585s ago: executing program 3 (id=1424):
syz_kvm_setup_syzos_vm$x86(0xffffffffffffffff, &(0x7f0000bfe000/0x400000)=nil)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="0200"/20, @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)="5e5efc4b545028d3eab7c4f42e78322c8cfde3446b87c3685f2e", &(0x7f0000000400)="95d4c22dc0911fc88bb0badaf2e2c420a0e4019719a71f3ec744bd809bb2041cf8b0eb3df6053764b8025174d648ae3c5a49ce7df79d46aa56b5c526ec94353070c1446c36b49f3fc55d724534ebdb0e80a05f888b3aebf1734e8c1126cc7e550dd1df0c1a7fc77083e9b2ee2bfe8bf012e894d7479a41b1fa8aa811810177fce265e3852af90e7a231ecc0100000000000000cc2edd791226b3da74dd94a158d38ee04e73000000000100000017e8c7e73b0dfff166f081b17d4da48f29cb4a9e2a1998af64d7e033c31fe7b2cd841df306e263583fdb40e0fc149940a84b80852b7489c69d812e51f94aa90000000000000000000000002fd21005dd3e003aaa5f586086d39024c8e5deb13f3de792ccc29b3150855f6d7a0c4f322be9d3e7e9692a5ba8c76d761db3e99aa48e6dfc3a7c864d343c3504e67dbbebeda1e091b16a73faaecdfb6d87ab1c1917460a9b6bf279169e1d0ad0df9bf02d8e8bf010b23ad89ba6f3658e006dd054a9cdded751415231270dc8641f1a27e550cad36429c6ab873dc53928a95e76541b787ab0effabe06810a4f0fd0c35c01901c6da8309af7cbd806c13e06001000fceaa372903acede9ffdbd1f7e511a9087db9d072ec49fdc909eff92f1c6ddff3bc4f0633f15572bdc4056eaf4479df008a88ab3ef0f424ae9649f2f595f40b761c2090e61d8343ec94d594c4949d77b2969a8b4a65dc8403fa66e19060d80bfc86c93a030e4d785d92c4b70faf3252ccd930d5b824d5717a0cb4305784fa11fcbe331947afe4e95f2ab858b39bf1d26af5e454767c15504af381010bccd31bbd4e3bd4b554e50e25eb0ba0abc28df63f172fb740481852cadf99ca25a6577b1ad52cabc9c8a8203ae72d7825e353055f6d9054ed3cdfd8f26eb895215480bcc27d0b328713d81742c3651cbc7f86f34a021b4715b49b7ac58ba6a3ed71feaca77287474129c97e57e9edd05e819054dffbbbb09a0d4434a14a995de0a8a71529d854ab5d59a526e7be3aaeed7ad01bab1126605503fbfdfa6da32e6097ce0436b001000000000000013b02eee1e0683", 0xa7c, r1, 0x4}, 0x38)

37.609980629s ago: executing program 4 (id=1429):
prctl$PR_SET_NAME(0xf, &(0x7f00000002c0)='+}[@\x00G5\v\x89n\xb2\x0e\xb7\xb4\x9a\xb3\xb9\xe1\xff@`\x87\xefy\xb7\xe0\xe6c\x91\x81ND\t3\xc4\xca\xf0\xd0Zp\xadbdY\xdcz\xc6lo\xd0\xc7\'CT')
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000a80)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1088d8b8588d72ec29c48f0af5f2d9f51c4b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465ad32b77a74e802a0dc6bf25cca242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767042361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae645ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1fb8f72cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa7956488bef241875f3b4b6ab7929a57affe760e797724f4fce1093b62d7e8c7123d890decacec55bf404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f870b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f154772f514216bdf57d2a40d40b51ab67903ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1594e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c471c784ae7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec30cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd63bed8d31c31c37a373d4efd89f0000377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f0059161c5e0000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe34124172e436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fa03b84f63e022fe755f4007a4a899eaf52c4f491d8e97c862e29e457060000007ac691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104ebc1581848f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c716357d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c24936615ee68538e8fddd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426ca85e82ccf821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ad6acf5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba1c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63c41cbde2ba66ad81168070c8c6e18a6e452a31bdc4a60d637545ed4c8a1c649c3ce54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c5140200000054d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c7340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a3bc38613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f14eafe4b28ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1bfeef448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae0040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483f02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e9180100000000000000654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732e74dd690c57bdfdc1f069f9491bca7a8c59363799be70018c25ece5ad7307dc7a95c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272ab28a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece98c077b358e752b439132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae2676384ff799783f55d7e5a1a092a01b965dc99cb7a9d98440c355927629f2bcf9dc2396eb2f5d25829715b24327642ac48f1201014a95e0e65e12cdf27e19043e3c5d3e798375cead35b9a93190a52cdecaaccc854a1d41ef365303f0e9b4fc969c9dab6df5e8a795b140fcc09e8a7b694d12932917facd8ceaa4e2d0d16bb0b95387fcd5ff136d8abddf94daf442bbff744591931872a36cf921ad69f2127386e8b0f9afee4da8d3fbec809fbb3ca0fded2859cf25d4c6155d396c5b9bd1a928923123f63f4c40688eae69990a9419456247bbaeb7948de84d2ff875414883bb1e503d4bfebc01bc12a53ea06bf38e571157bd642dac25dbee7832c58378374a39483d6721eec96c28911db21c0c006b42afc90000000000000000000000700000000000000000008ce4ea442c1a207108b35511186c5e860278f6463f52f3990ce08b1bfccc3cff4b5ae27b610aa9ba11b47d4f94c439e055cdbb2b12c983885c93ea4ab4ca1e02d831ae162ee104"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xffffffffffffff27}, 0x41)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r2 = syz_open_dev$usbfs(&(0x7f0000000240), 0xb, 0x101301)
ioctl$USBDEVFS_IOCTL(r2, 0xc0105500, &(0x7f0000000040)=@usbdevfs_connect={0x6a0})
r3 = syz_clone(0x80, 0x0, 0x0, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000029c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmsg$inet(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000080)="13", 0x1}], 0x1}, 0x4051)
recvmsg$unix(r4, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x2122)
sendmsg$inet(r5, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000340)="f9", 0x1}], 0x1}, 0x48844)
r6 = syz_pidfd_open(r3, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
io_uring_register$IORING_REGISTER_CLONE_BUFFERS(0xffffffffffffffff, 0x1e, 0x0, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f00000003c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000380)={&(0x7f0000001c00)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_DELFLOWTABLE={0x28, 0x18, 0xa, 0x3, 0x0, 0x0, {0x5, 0x0, 0x9}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_FLOWTABLE_NAME={0x0, 0x2, 'syz1\x00'}]}, @NFT_MSG_DELRULE={0x0, 0x8, 0xa, 0x201, 0x0, 0x0, {0x0, 0x0, 0x9}, [@NFTA_RULE_CHAIN_ID={0x0, 0xb, 0x1, 0x0, 0x2}, @NFTA_RULE_TABLE={0x0, 0x1, 'syz1\x00'}, @NFTA_RULE_CHAIN={0x0, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x0, 0x1, 'syz1\x00'}, @NFTA_RULE_ID={0x0, 0x9, 0x1, 0x0, 0x2}, @NFTA_RULE_POSITION={0x0, 0x6, 0x1, 0x0, 0x2}, @NFTA_RULE_POSITION_ID]}, @NFT_MSG_DELTABLE={0x0, 0x2, 0xa, 0x201, 0x0, 0x0, {0x0, 0x0, 0x6}}, @NFT_MSG_NEWFLOWTABLE={0x0, 0x16, 0xa, 0x301, 0x0, 0x0, {0x7}, [@NFTA_FLOWTABLE_TABLE={0x0, 0x1, 'syz1\x00'}]}, @NFT_MSG_DELTABLE={0x0, 0x2, 0xa, 0x3, 0x0, 0x0, {0x3, 0x0, 0x7}, [@NFTA_TABLE_USERDATA={0x0, 0x6, "2b61439d1bacb873b327c4fee3c1799e8bfb8616c3b6b096e362e93a3c044f0369d1b90cd877b2d7a2eef19ffafbf4e699ac2b62f0316fda99497e8301ae285c55263beb8794831e0f3b0cfcc48d8c5b26dad900d5ec0d674a7c308adfdca342d105b04ff2041e71f6d8c9b3c77b05c1f95bee53d7d12867793c5c4f6fcb0e663369a33b8bab9c82981d7cb1fa6e5633d94324d0ff5ede5030bb1c817b37160481019dd03cbd2ffb122b1f78499be86734b4b1cf606532796da543b434bd6e3346cc1d040ff6cb5f9c"}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x1cc}, 0x1, 0x0, 0x0, 0x20000005}, 0x44000)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r8 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r8, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x4, 0x0, 0x3, 0x0)
r9 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r9, 0x0, 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r9, 0x0, 0x0)
sendmsg$NFT_BATCH(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01040000000000000000010000000900010073797a30000000000900020073797a30000000002c00038008000140000000000800024000000000180003801400010067656e6576653000000000000000000070020000180a0101000b000000000000010000000900020073797a30000000000900010073797a30000000001c000380180003801400010076657468305f746f5f626f6e640000000900010073797a300000000010020380540003801400010067726530000000000000000000000000140001006970766c616e3100000000000000000014000100697076"], 0x310}}, 0x0)
ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r6, 0xff04, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b50a0000000000007910480000000000610410000000000095000080"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)

37.259828237s ago: executing program 3 (id=1430):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x101440, 0x0)
ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000100)=0xcf5)
openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x180300, 0x0)
syz_open_dev$usbfs(0x0, 0x76, 0x103381)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000001c0)={0x0, 0x0})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x4, 0x8001, 0x0, 0xb49, 0x200000000002, 0x7, 0x8, 0x3}, 0x0)
r3 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$FS_IOC_FSSETXATTR(r3, 0x401c5820, &(0x7f0000000000)={0x6, 0x4, 0xd, 0x1})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, 0x0)
r5 = dup3(r4, 0xffffffffffffffff, 0x0)
r6 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1, 0x11, 0xffffffffffffffff, 0xffffffffff)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000140)={0x58, 0x0, &(0x7f0000000540)=[@free_buffer={0x40086303, r6}, @reply_sg={0x40486312, {0x3, 0x0, 0x0, 0x0, 0x12, 0x0, 0x0, 0x60, 0x18, &(0x7f00000002c0)={@ptr={0x70742a85, 0x1, &(0x7f0000000480)=""/164, 0xa4, 0x2, 0x2f}, @fda={0x66646185, 0x7, 0x2, 0xe}, @fd={0x66642a85, 0x0, r2}}, &(0x7f0000000240)={0x0, 0x28, 0x48}}, 0x1400}], 0x0, 0x0, 0x0})
r7 = fsmount(r3, 0x0, 0x0)
fchdir(r7)
r8 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80)
ftruncate(r8, 0x2007ffb)
sendfile(r8, r8, 0x0, 0x1000000201005)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0xfffffffd)

36.077086289s ago: executing program 4 (id=1434):
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x33, 0x0, 0x0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0)=<r4=>0x0)
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r4], 0x1c}}, 0x0)

35.180911325s ago: executing program 3 (id=1437):
r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x1, 0x101401)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='map_files\x00')
getdents64(r1, &(0x7f00000000c0)=""/44, 0x2c)
r2 = userfaultfd(0x801)
munmap(&(0x7f0000800000/0x800000)=nil, 0x800000)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x139})
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8983, &(0x7f0000000040)={0x6, 'xfrm0\x00', {0x1}, 0xff7f})
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r3, 0x8983, &(0x7f0000000080)={0x0, 'bridge_slave_0\x00', {0x1}, 0xfff7})
ioctl$UFFDIO_MOVE(r2, 0xc028aa05, &(0x7f0000000000)={&(0x7f0000ab6000/0x3000)=nil, &(0x7f0000b77000/0x3000)=nil, 0x3000, 0x3})
syz_usb_disconnect(r0)
syz_usb_connect$cdc_ecm(0x5, 0x56, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000020000102505a1a4400000000101090244000101000000090400001202060000052406000005240000000d240f00e50000008700060000090581030002c0b9ff09058202080000fd00090503020002"], 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r5, 0x29, 0x2e, &(0x7f0000000080)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108)
setsockopt$inet6_group_source_req(r5, 0x29, 0x2f, &(0x7f0000000200)={0x0, {{0xa, 0x4e21, 0x80, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @empty, 0xfffffff7}}}, 0x108)
r6 = getpid()
fcntl$lock(r5, 0x25, &(0x7f00000001c0)={0x0, 0x0, 0x5, 0x0, r6})
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000100)={0x1f4, 0x800}, &(0x7f0000000140))
sendmsg$NFT_BATCH(r4, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000a00)={{0x14, 0x10, 0x7c, 0x0, 0x6000, {0x5}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x1}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}]}, @NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x5, 0x1, "d1"}]}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xa4}}, 0x40)
ioctl$EVIOCRMFF(r0, 0x550c, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000180), 0x10800, 0x0)

32.981396813s ago: executing program 3 (id=1446):
syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0, r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xc1103000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$key(0xf, 0x3, 0x2)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
socket$key(0xf, 0x3, 0x2)
sendmsg$key(0xffffffffffffffff, 0x0, 0x4811)
bind$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r4, &(0x7f0000000200)={0x2, 0x0, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r4, 0x0, 0x11, &(0x7f00000002c0)={{{@in=@rand_addr=0x64010102, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x28f, 0x0, 0x3}, {}, 0x0, 0x0, 0x1}, {{@in=@empty, 0x0, 0x33}, 0x0, @in=@remote, 0x0, 0x0, 0x0, 0xb7, 0x9}}, 0xe8)
sendmmsg(r4, &(0x7f0000007fc0), 0x800001d, 0x100000000000000)

32.029114926s ago: executing program 3 (id=1447):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x101440, 0x0)
ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000100)=0xcf5)
openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x180300, 0x0)
syz_open_dev$usbfs(0x0, 0x76, 0x103381)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000001c0)={0x0, 0x0})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x4, 0x8001, 0x0, 0xb49, 0x200000000002, 0x7, 0x8, 0x3}, 0x0)
r3 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$FS_IOC_FSSETXATTR(r3, 0x401c5820, &(0x7f0000000000)={0x6, 0x4, 0xd, 0x1})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, 0x0)
r5 = dup3(r4, 0xffffffffffffffff, 0x0)
r6 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1, 0x11, 0xffffffffffffffff, 0xffffffffff)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000140)={0x58, 0x0, &(0x7f0000000540)=[@free_buffer={0x40086303, r6}, @reply_sg={0x40486312, {0x3, 0x0, 0x0, 0x0, 0x12, 0x0, 0x0, 0x60, 0x18, &(0x7f00000002c0)={@ptr={0x70742a85, 0x1, &(0x7f0000000480)=""/164, 0xa4, 0x2, 0x2f}, @fda={0x66646185, 0x7, 0x2, 0xe}, @fd={0x66642a85, 0x0, r2}}, &(0x7f0000000240)={0x0, 0x28, 0x48}}, 0x1400}], 0x0, 0x0, 0x0})
r7 = fsmount(r3, 0x0, 0x0)
fchdir(r7)
r8 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80)
ftruncate(r8, 0x2007ffb)
sendfile(r8, r8, 0x0, 0x1000000201005)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0xfffffffd)

28.718909792s ago: executing program 3 (id=1454):
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x8000)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)
r0 = socket$inet6(0xa, 0x1, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r1, 0x400455c8, 0x400000009)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000040)=0x3)
setsockopt$inet6_int(r0, 0x29, 0x1000000000021, 0x0, 0x0)
openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000380), 0x40, 0x0)
syz_80211_inject_frame(&(0x7f00000000c0), &(0x7f0000000100)=@mgmt_frame=@beacon={{{}, {}, @device_b, @device_a, @from_mac=@device_b}, 0x0, @default, 0x1, @void, @val, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x26)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4001}, 0x4040000)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x6, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r2, 0x0, 0x0)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$sock_int(r3, 0x1, 0x29, &(0x7f0000000480)=0x7f, 0x4)
bind$bt_hci(r3, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
recvmmsg(r3, &(0x7f0000002cc0)=[{{0x0, 0x0, 0x0}, 0x71d8e07a}], 0x1, 0x12020, 0x0)

23.508633035s ago: executing program 0 (id=1472):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
sendmmsg$sock(0xffffffffffffffff, &(0x7f0000002480)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f0000000340)="8224aca5f41b9e0ec5e7a706c919e7c0e343f0cd0a779c17e7f992396b09252009d2d12e9475a57ec39f71417044cf4151af34ac1dfd5d87cdd80bc4c24478821f64d4d971bbc1fc7bdd181a839344917165bb9cd0fa568aac55d8e38ee30fd3a9bc63e2656b6941c812e6ea0692ec276deb2b7b817906cf8c5429a42164e8bb521e216e554d509a0fd0d86729b5f4b9a01fb336bef1be8a68a628452b83", 0x9e}, {0x0}, {&(0x7f00000005c0)="f2b314c96d500b66f7fd46", 0xb}], 0x3}}], 0x1, 0x0)
syz_open_dev$loop(&(0x7f0000000100), 0xf01c, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000740)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000002c0)="36c1fefc4a84cb34adfedaf464", 0xd}], 0x1, &(0x7f0000000b40)=[@hoplimit={{0x14, 0x29, 0x34, 0x4}}, @hoplimit={{0x14, 0x29, 0x34, 0xfffffffd}}, @dstopts_2292={{0xf8, 0x29, 0x4, {0x4, 0x1b, '\x00', [@calipso={0x7, 0x10, {0x1, 0x2, 0x9, 0x9f, [0x8]}}, @generic={0xfe, 0x51, "f4a4a3142ee1e12b9826287997a6b33d89f3d60da1641d9fe3896c3c1b6c130ef4f01be8f5836d417874540898619050b14420ab124b11de36afb16ef4fc1cf3f4e4fa0e647cd1b07b068d3894180b6aa7"}, @generic={0x80, 0x14, "09e12e5f0b6bdcf72f2ec7008a15fa88b025e0ad"}, @calipso={0x7, 0x40, {0x1, 0xe, 0x7a, 0x8001, [0x5, 0x9, 0x4, 0x6, 0x4, 0x400, 0xb]}}, @ra={0x5, 0x2, 0xa7e}, @pad1, @ra={0x5, 0x2, 0xbf4}, @hao={0xc9, 0x10, @private2}]}}}, @hoplimit={{0x14}}, @rthdrdstopts={{0x20, 0x29, 0x37, {0x73, 0x0, '\x00', [@pad1]}}}, @flowinfo={{0x14, 0x29, 0xb, 0x2}}, @rthdr={{0x18}}, @rthdr_2292={{0x38, 0x29, 0x39, {0x3a, 0x4, 0x2, 0x70, 0x0, [@mcast1, @mcast2]}}}], 0x1c8}}], 0x1, 0x810)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6)
r5 = accept4(r4, 0x0, 0x0, 0x800)
sendmmsg$alg(r5, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
set_mempolicy(0x6005, &(0x7f0000000080)=0xfffffffffffffffd, 0x4)
ptrace$getenv(0x4201, r1, 0x4, &(0x7f0000000040))
socket$phonet(0x23, 0x2, 0x1)
r7 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(r7, 0x84, 0x14, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000096d132478102268d00", @ANYRES32, @ANYBLOB="0000000000000000b7080000002000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000f00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

22.796146294s ago: executing program 0 (id=1474):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
r1 = socket(0x80000000000000a, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0xa, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2, 0x0, 0xffffffffffffffff}, 0x18)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
r7 = syz_genetlink_get_family_id$nl80211(0x0, r0)
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x28, r7, 0x2, 0x70bd27, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x41fa, 0x4c}}}}, [@NL80211_ATTR_DURATION={0x8, 0x57, 0x2cc}]}, 0x28}, 0x1, 0x0, 0x0, 0x24004000}, 0x4814)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r6, 0xc04064a0, &(0x7f00000003c0)={0x0, &(0x7f0000000300)=[<r8=>0x0], &(0x7f0000000340)=[0x0], 0x0, 0x0, 0x1, 0x1})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r6, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000640)=[r8], 0x1})
ioctl$DRM_IOCTL_MODE_LIST_LESSEES(r6, 0xc01064c7, &(0x7f0000000080)={0x28, 0x0, 0x0})
r9 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r9, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88)
setsockopt$inet_MCAST_MSFILTER(r9, 0x0, 0x30, &(0x7f0000000240)=ANY=[@ANYBLOB], 0x110)
setsockopt$inet_group_source_req(r9, 0x0, 0x2e, &(0x7f00000004c0)={0x3, {{0x2, 0xfffd, @multicast2}}, {{0x2, 0x4e20, @local}}}, 0x108)
setsockopt$inet_group_source_req(r9, 0x0, 0x2e, &(0x7f0000000000)={0x2, {{0x2, 0x4e26, @multicast2}}, {{0x2, 0x2, @multicast1}}}, 0x108)

21.280244391s ago: executing program 0 (id=1476):
r0 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0)
write$tcp_congestion(r0, 0x0, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='attr/current\x00')
r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='status\x00')
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=','])
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
mount$9p_virtio(0x0, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x8002, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x48c00, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
setrlimit(0x6, 0x0)
r3 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$inet6_int(r3, 0x29, 0x1000000000021, &(0x7f0000000180)=0x1, 0x23)
gettid()
r4 = socket$kcm(0x2, 0x1000000000000005, 0x0)
sendmsg$inet(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000040)='r', 0x1}], 0x1}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$IPVS_CMD_GET_DEST(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)={0x28, r6, 0x50dc85624ea6cf59, 0x0, 0x1, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x400c081}, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000040), 0x55af)
openat$binfmt_format(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/fs/binfmt_misc/syz1\x00', 0x2, 0x0)

21.225049831s ago: executing program 2 (id=1477):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
syz_open_dev$ttys(0xc, 0x2, 0x1)
syz_open_dev$ttys(0xc, 0x2, 0x1)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x0, 0x0, 0x0, 0x0, 0xb49, 0x100000000, 0x8, 0xffffffff, 0x3}, 0x0)
shmat(0x0, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffcfff)
r3 = syz_open_procfs(0x0, &(0x7f0000000080)='smaps\x00')
lseek(r3, 0x1000000, 0x0)
io_uring_setup(0x1de0, &(0x7f0000000440))
syz_emit_ethernet(0x76, &(0x7f0000000080)=ANY=[], 0x0)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
r4 = socket(0x28, 0x5, 0x0)
r5 = syz_io_uring_setup(0x4f6, &(0x7f00000002c0)={0x0, 0xf5e6, 0x100, 0x1, 0x322}, &(0x7f0000000000)=<r6=>0x0, &(0x7f0000000440)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r4, 0x80, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0xffffffff, @hyper}, 0x0, 0x0, 0x1})
io_uring_enter(r5, 0x47bf, 0xf5, 0x0, 0x0, 0x0)

21.108459911s ago: executing program 1 (id=1478):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
ioctl$KVM_GET_XSAVE(r0, 0x9000aea4, &(0x7f00000004c0))
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x22400)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r2 = socket$inet6(0xa, 0x3, 0x2)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$sock_SIOCGIFVLAN_SET_VLAN_EGRESS_PRIORITY_CMD(r2, 0x8982, &(0x7f0000000680)={0x3, 'batadv_slave_0\x00', {0x230}, 0x5951})
io_submit(0x0, 0x0, 0x0)
syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x127081)
close(r1)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000380)={0xc, 0x0, <r4=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r3, 0x3ba0, &(0x7f0000000200)={0x48, 0x2, r4})
r5 = syz_open_dev$vim2m(&(0x7f0000000180), 0x802000300000000, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r5, 0xc0405602, &(0x7f00000000c0)={0x1b, 0x2, 0x0, "110100e9ff130000010034190000005c4b7c150000000000000000000000c500", 0x39565559})
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f00000001c0)={0xc, 0x0, <r6=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r3, 0x3b85, &(0x7f0000000480)={0x28, 0x4, r6, 0x0, &(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3})
r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080), 0x2, 0x3}}, 0x20)

20.150213087s ago: executing program 32 (id=1434):
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x33, 0x0, 0x0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0)=<r4=>0x0)
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r4], 0x1c}}, 0x0)

20.120243504s ago: executing program 0 (id=1480):
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/fscaps', 0x800, 0x2)
r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
sendfile(r3, r2, 0x0, 0x4)
write$USERIO_CMD_SEND_INTERRUPT(r2, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
madvise(&(0x7f000019a000/0x4000)=nil, 0x4000, 0x1)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r4, 0x8933, &(0x7f0000000000)={'team0\x00', <r5=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="5c0000001000010025bd7000fbdbdf2500000000", @ANYRES32=r5, @ANYBLOB="10080400870a04000a00820000aaaaaaaabb0000300016802c00018028000100f8ffffff"], 0x5c}, 0x1, 0x0, 0x0, 0x1}, 0x4000000)
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r6=>r1, {0x5}}, './file0\x00'})
ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r9, 0xc008ae88, &(0x7f0000000300)=ANY=[@ANYBLOB="020000000000000082000040"])
mremap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x4000, 0x0, &(0x7f0000ffb000/0x4000)=nil)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
socket$netlink(0x10, 0x3, 0x14)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r10, &(0x7f0000000300)={0x0, 0xfffffffffffffc84, &(0x7f00000002c0)={&(0x7f0000000340)=@newtaction={0x8c, 0x30, 0xb, 0x0, 0x0, {}, [{0x78, 0x1, [@m_ct={0x74, 0x1, 0x0, 0x0, {{0x7}, {0x4c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x0, 0x0, 0x10000000}}, @TCA_CT_ACTION={0x6, 0x3, 0x19}, @TCA_CT_NAT_IPV6_MIN={0x14, 0xb, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @TCA_CT_NAT_IPV6_MAX={0x14, 0xc, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x8c}}, 0x0)

19.774611954s ago: executing program 2 (id=1481):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x2204c850, &(0x7f0000000040)={0xa, 0xfefc, 0x0, @loopback={0x0, 0xac141400}}, 0x1c)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000001040)=0x6)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x24, &(0x7f0000000180)={@empty, @empty}, 0xc)
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x110a, 0x2})
r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x2, 0x0)
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f00000024c0)={0x8, 0x0, &(0x7f0000000080)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f0000000480)={0x20, 0x0, &(0x7f0000000000)=[@request_death, @clear_death], 0x0, 0x0, 0x0})

18.818836071s ago: executing program 1 (id=1482):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f00000002c0)={&(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f00000001c0)="bbea0068e802c112f13a4e89b7df9fb0ec086b4400e0da4537c9ec19d5c12b6e6c77727a361bd82faffae021cce547fe05463e248925e908618ff6e1167724b9b847faafbef7924a4d48faf882bc2577e2edf2c03f8ae9e63b32595931eba76fce7f70248e59f01fa7a09dc31d28ba24f6d0de5a18d814ec2b39e093c525796f187e5af1e90687ef637a1f78bd55bdab3d7ed366a0972968b9db2fbb6bb75004ba448c1a1a99855fab0e072e184113f1325cfd8e2b43e83d80826eb55cc65cbd4b53e251139c7f344930c9d13b92944d4629b45913fd71d7d4d106cc17b5c52f5ec91d5e101b0d64", 0xe8, r0}, 0x68)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000180)={@local, @empty, @void, {@ipv6={0x86dd, @generic={0x8, 0x6, "4b38c3", 0x0, 0x29, 0x1, @local, @mcast2}}}}, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0)
syz_io_uring_setup(0x3241, &(0x7f00000000c0)={0x0, 0x3210, 0x800, 0x0, 0x1ff}, &(0x7f0000000040), &(0x7f0000000140))
ioctl$TCSETS(r2, 0x5402, &(0x7f0000000180)={0xfffffffe, 0x0, 0x4, 0x704, 0x18, "008ef164000700000600007d00"})
r3 = dup(r2)
write$UHID_INPUT(r3, &(0x7f0000001040)={0x18, {"a2e3ad21ed6b52f99cfbf4c087f70c9b3e6ee7ff7fc6e5539b9b3b0e8b9b411b5d30091b080d29428f0e1ac6e7049b3468959b4c9a242a9b67f3988f7ef319520100ffe8d178708c523c921b1b25380a169b63d336cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f309f4cff7738596ecae8707ce065cd5b91cd0ae193973735b36d5b1b63e91c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecd03aded6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca5b6bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27afc953854a642c57519544ae15a7e454dea05918b4124351601611c8f11baa500a3621c56cea8d20ff911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a60560a22f1fca567e65d5e880572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5120000008213b704c7fb082ff27590678ef9f190bae979babc7041d860420c5664ba7921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202fd28f28381aab144a5d429a04a689b83c7068ae949ed06e2895810bac9c76600025e19c907f8ea2e2f05dd3318271a1f5f8528f227e79c1388dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eefc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44060bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a7288afe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f48fe4eae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf02b98a269b891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efedfd71af9444e197f47e866101496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615f7084a607a7eceb6243378e0610060f02cca4051c2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c4e15a7b6eb65ca8104e1b4da1fbb77ab2fc043aead87c32ab875ee7c2e7b7019c902cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad948741b2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd73643de50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c1023bf70cc77737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73c497579773767075428067e7f16f4dde374f8211fef42cb468e623daf60b3569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d3414442e863a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae44369ddb4581c55925d0f6f1ba471eba281f259152f85a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b405177548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177070373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e05130935e00785ec27e923911fab964c271556527697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9ddbfb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e7027132f2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5336651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee29165895ac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463181f4b87c10772d2b13f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76d57227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f84fad6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b3110b932a4d02da711b757fe43c06d21e35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc238a081ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cb0b3e35cb80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c60edddab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec014508e5247d33ae6c962d35603ff8454c16f8342856935125102bb784ed714887071f3d998efdd9923c954ab6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee658e4cb5e930ed624806c43a006dc9336d07c2b8081c128ad2706f48261f7897084c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da3932ba5c04c24a560ad80a3ce654578376e599aff3565b1d531f30912b99e6619ebe93cc0b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e6491953264d2700c838fa2c7b34252600c9654e502dcea39cb6bc3eb69992e234b4ca7db2f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c6000064b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ff1aa70826ad01a9b03c37b0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0xfffffffffffffe03}}, 0xfffffdef)

18.817549975s ago: executing program 2 (id=1483):
r0 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeeb, 0x8031, 0xffffffffffffffff, 0x36b78000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
getresuid(0x0, 0x0, 0x0)
r5 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, 0x0, &(0x7f00000001c0))
ioctl$sock_inet_SIOCSIFNETMASK(r0, 0x891c, &(0x7f0000001540)={'tunl0\x00', {0x2, 0x4e23, @local}})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900038073797a3200000000140000001100014707a082b178795ad1fcc02173fc70f8d69cdbd9d470f56c7ae4218d32c5"], 0x7c}, 0x1, 0x0, 0x0, 0x25}, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0xfffffffffffffffd)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0xa}]}], {0x14}}, 0x64}}, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c)

18.060064238s ago: executing program 0 (id=1484):
prlimit64(0x0, 0x7, &(0x7f0000000180)={0x1, 0x8}, 0x0)
memfd_secret(0x80000)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000780)={0x18, 0x3e, 0x107, 0x70bd2d, 0x25dfdbfc, {0x4, 0x7c}, [@typed={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x20040000}, 0x44000)

18.059189007s ago: executing program 0 (id=1485):
bind$inet(0xffffffffffffffff, &(0x7f0000000280)={0x2, 0x4e21, @multicast1}, 0x10)
prlimit64(0x0, 0xe, 0x0, 0x0)
socket(0x15, 0x3, 0x0)
syz_emit_vhci(&(0x7f0000000280)=ANY=[@ANYBLOB="043e0612"], 0x9)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x15, 0x3, &(0x7f0000000000)=@framed={{0x5e, 0xa, 0xa, 0x0, 0x0, 0x71, 0x10, 0x30}}, &(0x7f0000000480)='syzkaller\x00'}, 0x80)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000504000000002e"], 0x0, 0x37}, 0x20)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000004440)=ANY=[@ANYBLOB="0500000004000000040000000700000000000000", @ANYRES32, @ANYRES32=0x0, @ANYRES32=r1, @ANYBLOB="02000000010000002000000000000000a1d093010000000000000000"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000240), 0xfff, r2}, 0x38)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000200)={r2, &(0x7f0000000140), &(0x7f0000000000)=""/85}, 0x20)
r3 = socket$kcm(0x2, 0x4, 0x2)
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000540)=ANY=[@ANYBLOB="78000000680000f6ebe17d615c290e65331dcde4dc022bbd7000fcdbdf250a0001001200000004000b000c0008800600060000280000100008800c000100ffffffffffff95ad040004003c00020002000000090000000100000001000000020000000c00000002000000080000000200000007000000020000000500000002008a5167bd06fa81577e5931712a6e72400f0000000000"], 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x4000140)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
bind$inet6(r5, &(0x7f0000000500)={0xa, 0x4e20, 0xffffffff, @empty, 0x4}, 0x1c)
setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, &(0x7f0000000200)={0x1, &(0x7f0000000000)=[{0x6, 0x9, 0x8}]}, 0x10)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000000)=ANY=[@ANYBLOB="480000001000030500"/20, @ANYRES32=r6, @ANYBLOB="0000000000000000280012800b0001006d61637365630000180002800c0004000100000100c28000050003000f"], 0x48}}, 0x40000)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
r7 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000dc000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r8}, 0x10)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r9)
preadv(r7, &(0x7f0000000040)=[{&(0x7f0000002780)=""/4096, 0x1000}], 0x1, 0x5b3d2934, 0xfffffff8)
ioctl$IOCTL_GET_NCIDEV_IDX(r7, 0x0, &(0x7f00000000c0)=<r11=>0x0)
sendmsg$NFC_CMD_DEV_UP(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r10, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r11], 0x1c}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, 0x0)
write$tun(r0, &(0x7f0000000280)=ANY=[], 0x86)

17.902965305s ago: executing program 2 (id=1486):
r0 = socket(0x2a, 0x2, 0x7fffff)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r0)
sendmsg$ETHTOOL_MSG_LINKINFO_SET(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010028030000000000000000000005000500050000000500020000000000"], 0x24}, 0x1, 0x0, 0x0, 0x4000800}, 0x4080)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x1, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0)
ioctl$TIOCVHANGUP(r5, 0x5437, 0x2)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000400)={0x58, 0x2, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x60000}]}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x58}}, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
get_mempolicy(0x0, 0x0, 0x4, &(0x7f0000740000/0x1000)=nil, 0x0)
set_mempolicy(0x4005, &(0x7f0000000040)=0x1001, 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r8, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r8, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)

17.850202303s ago: executing program 1 (id=1487):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
r1 = socket(0x80000000000000a, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0xa, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2, 0x0, 0xffffffffffffffff}, 0x18)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
r7 = syz_genetlink_get_family_id$nl80211(0x0, r0)
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x28, r7, 0x2, 0x70bd27, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x41fa, 0x4c}}}}, [@NL80211_ATTR_DURATION={0x8, 0x57, 0x2cc}]}, 0x28}, 0x1, 0x0, 0x0, 0x24004000}, 0x4814)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r6, 0xc04064a0, &(0x7f00000003c0)={0x0, &(0x7f0000000300)=[<r8=>0x0], &(0x7f0000000340)=[0x0], 0x0, 0x0, 0x1, 0x1})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r6, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000640)=[r8], 0x1})
ioctl$DRM_IOCTL_MODE_LIST_LESSEES(r6, 0xc01064c7, &(0x7f0000000080)={0x28, 0x0, 0x0})
r9 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r9, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88)
setsockopt$inet_MCAST_MSFILTER(r9, 0x0, 0x30, &(0x7f0000000240)=ANY=[@ANYBLOB], 0x110)
setsockopt$inet_group_source_req(r9, 0x0, 0x2e, &(0x7f00000004c0)={0x3, {{0x2, 0xfffd, @multicast2}}, {{0x2, 0x4e20, @local}}}, 0x108)
setsockopt$inet_group_source_req(r9, 0x0, 0x2e, &(0x7f0000000000)={0x2, {{0x2, 0x4e26, @multicast2}}, {{0x2, 0x2, @multicast1}}}, 0x108)

16.78964058s ago: executing program 1 (id=1488):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_ACCT_NEW(r0, 0x0, 0x0)
sendmsg$NFNL_MSG_ACCT_DEL(r0, 0x0, 0x4044000)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000280)=@newtaction={0x80, 0x30, 0x100, 0x1, 0x0, {}, [{0x6c, 0x1, [@m_skbedit={0x68, 0x1, 0x0, 0x0, {{0xc}, {0x3c, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PTYPE={0x6, 0x7, 0x1}, @TCA_SKBEDIT_PARMS={0x18, 0x2, {0x0, 0x80000, 0x0, 0x2}}, @TCA_SKBEDIT_PTYPE={0x6, 0x4}, @TCA_SKBEDIT_PRIORITY={0x8, 0x3, {0xfff1, 0xfff1}}, @TCA_SKBEDIT_PRIORITY={0x8, 0x3, {0x9, 0x8}}]}, {0x4}, {0xc, 0xa}, {0xc, 0x9, {0xf5}}}}]}]}, 0x80}}, 0x4)
syz_emit_ethernet(0x19, &(0x7f00000001c0)={@link_local, @broadcast, @val={@val={0x88a8, 0x0, 0x0, 0x1}, {0x8100, 0x0, 0x0, 0x4}}, {@x25={0x8100, {0x2, 0x0, 0xfb}}}}, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB="a4000000", @ANYRES16=r2, @ANYBLOB="010026bd7000000000000300000090000180380004001400010002000000ac5414aa0000000000000000200002000a004e2200000d617000000000000000000000080000000077e800000d0001007564703a7379000000000000440002"], 0xa4}}, 0x0)
setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x8008000000010, &(0x7f0000000480)="17000000020001000003be8c5e687a8a6a003c00030100ecff3f0000000300dc290001000098fc5a53d3f5b7e4a96c6b06169da9c0f8d9485bbb2e2f8144243c5197b29f9368bdd6c8db0000dba67e06000000e289c46f8ab8b4028a7a63c9000000000100000000000080c457681f009cee79ac2df5bc080236e2b68c8eec25a02aff06011500000000010000000affff02dfccebf6ba00085dbda1348fe947f1da062a00"/179, 0xb3)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000007940)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x33f}, 0x1, 0x0, 0x0, 0xc0d0}, 0x0)
prlimit64(0x0, 0x6, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0xfffffffffffffeaa, &(0x7f0000000200)=0x400008bc6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
rmdir(&(0x7f0000000040)='./file0\x00')
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r4, 0xc0a85320, &(0x7f00000005c0)={{0x80}, 'port0\x00', 0x72, 0x11cfa, 0x9, 0x5, 0x3, 0x4, 0x1, 0x0, 0x7cce8c743ee810df})
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
read(r4, &(0x7f0000000840)=""/40, 0x28)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r4, 0x4040534e, &(0x7f0000000180)={0x381, @time={0x5, 0x400}, 0x40, {0xc0, 0xff}, 0x7, 0x1, 0x1})
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r5, 0x40505330, &(0x7f0000000bc0)={0x800100, 0x0, 0x0, 0x724f, 0x400, 0x55a})
socket$inet_smc(0x2b, 0x1, 0x0)
timer_create(0xb, 0x0, &(0x7f0000000300))
r6 = open(&(0x7f0000000280)='.\x00', 0x2000, 0x0)
fcntl$notify(r6, 0x402, 0x80000018)

16.386681742s ago: executing program 2 (id=1489):
r0 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0)
write$tcp_congestion(r0, 0x0, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='attr/current\x00')
r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='status\x00')
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=','])
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
mount$9p_virtio(0x0, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x8002, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x48c00, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
setrlimit(0x6, 0x0)
r3 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$inet6_int(r3, 0x29, 0x1000000000021, &(0x7f0000000180)=0x1, 0x23)
gettid()
r4 = socket$kcm(0x2, 0x1000000000000005, 0x0)
sendmsg$inet(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000040)='r', 0x1}], 0x1}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$IPVS_CMD_GET_DEST(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)={0x28, r6, 0x50dc85624ea6cf59, 0x0, 0x1, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x400c081}, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000040), 0x55af)
openat$binfmt_format(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/fs/binfmt_misc/syz1\x00', 0x2, 0x0)

15.974369264s ago: executing program 1 (id=1490):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
syz_open_dev$ttys(0xc, 0x2, 0x1)
syz_open_dev$ttys(0xc, 0x2, 0x1)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x0, 0x0, 0x0, 0x0, 0xb49, 0x100000000, 0x8, 0xffffffff, 0x3}, 0x0)
shmat(0x0, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffcfff)
r3 = syz_open_procfs(0x0, &(0x7f0000000080)='smaps\x00')
lseek(r3, 0x1000000, 0x0)
io_uring_setup(0x1de0, &(0x7f0000000440))
syz_emit_ethernet(0x76, &(0x7f0000000080)=ANY=[], 0x0)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
r4 = socket(0x28, 0x5, 0x0)
r5 = syz_io_uring_setup(0x4f6, &(0x7f00000002c0)={0x0, 0xf5e6, 0x100, 0x1, 0x322}, &(0x7f0000000000)=<r6=>0x0, &(0x7f0000000440)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r4, 0x80, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0xffffffff, @hyper}, 0x0, 0x0, 0x1})
io_uring_enter(r5, 0x47bf, 0xf5, 0x0, 0x0, 0x0)

15.448336931s ago: executing program 1 (id=1491):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
ioctl$KVM_GET_XSAVE(r0, 0x9000aea4, &(0x7f00000004c0))
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x22400)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r2 = socket$inet6(0xa, 0x3, 0x2)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$sock_SIOCGIFVLAN_SET_VLAN_EGRESS_PRIORITY_CMD(r2, 0x8982, &(0x7f0000000680)={0x3, 'batadv_slave_0\x00', {0x230}, 0x5951})
io_submit(0x0, 0x0, 0x0)
syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x127081)
close(r1)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000380)={0xc, 0x0, <r4=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r3, 0x3ba0, &(0x7f0000000200)={0x48, 0x2, r4})
r5 = syz_open_dev$vim2m(&(0x7f0000000180), 0x802000300000000, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r5, 0xc0405602, &(0x7f00000000c0)={0x1b, 0x2, 0x0, "110100e9ff130000010034190000005c4b7c150000000000000000000000c500", 0x39565559})
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f00000001c0)={0xc, 0x0, <r6=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r3, 0x3b85, &(0x7f0000000480)={0x28, 0x4, r6, 0x0, &(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3})
r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080), 0x2, 0x3}}, 0x20)

15.36410193s ago: executing program 2 (id=1492):
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), r4)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_SET_POWER_SAVE(r4, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000440)={0x24, r5, 0x1, 0x70bd2a, 0x25dfdbff, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_PS_STATE={0x8, 0x5d, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x40010}, 0x88c0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r8 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_udp_int(r8, 0x11, 0x68, &(0x7f0000000080)=0xa40, 0x4)
r9 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r9, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r10 = socket$kcm(0x2, 0xa, 0x2)
r11 = dup(0xffffffffffffffff)
sendmsg$nl_route(r11, &(0x7f0000000380)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x10040000}, 0xc, &(0x7f00000002c0)={0x0}, 0x1, 0x0, 0x0, 0x4801}, 0x0)
ioctl$vim2m_VIDIOC_REQBUFS(r11, 0xc0145608, &(0x7f0000000740)={0x7efb2136, 0x1, 0x2, 0x0, 0x4})
ioctl$SIOCSIFHWADDR(r10, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r9, &(0x7f0000000200)=ANY=[@ANYBLOB="0a000000bbbbbbbbbbbbaaaaaaaaaabb86ce6d002000001811ff00000000000000000000000000000000ff0200000000000000000000000000014f194e2000189078040000000b000000000001000000"], 0x52)
sched_setscheduler(r1, 0x6, &(0x7f0000000000)=0x6)
r12 = syz_open_dev$sndpcmc(&(0x7f0000000780), 0x0, 0x0)
io_setup(0x1, &(0x7f00000005c0)=<r13=>0x0)
io_submit(r13, 0x1, &(0x7f0000001a40)=[&(0x7f00000017c0)={0x0, 0x0, 0x0, 0x5, 0x0, r12, 0x0}])
dup(r3)
eventfd2(0x10000, 0x80000)
eventfd(0xfffffffa)

13.545769905s ago: executing program 33 (id=1454):
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x8000)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)
r0 = socket$inet6(0xa, 0x1, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r1, 0x400455c8, 0x400000009)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000040)=0x3)
setsockopt$inet6_int(r0, 0x29, 0x1000000000021, 0x0, 0x0)
openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000380), 0x40, 0x0)
syz_80211_inject_frame(&(0x7f00000000c0), &(0x7f0000000100)=@mgmt_frame=@beacon={{{}, {}, @device_b, @device_a, @from_mac=@device_b}, 0x0, @default, 0x1, @void, @val, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x26)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4001}, 0x4040000)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x6, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r2, 0x0, 0x0)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$sock_int(r3, 0x1, 0x29, &(0x7f0000000480)=0x7f, 0x4)
bind$bt_hci(r3, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
recvmmsg(r3, &(0x7f0000002cc0)=[{{0x0, 0x0, 0x0}, 0x71d8e07a}], 0x1, 0x12020, 0x0)

3.027454131s ago: executing program 34 (id=1485):
bind$inet(0xffffffffffffffff, &(0x7f0000000280)={0x2, 0x4e21, @multicast1}, 0x10)
prlimit64(0x0, 0xe, 0x0, 0x0)
socket(0x15, 0x3, 0x0)
syz_emit_vhci(&(0x7f0000000280)=ANY=[@ANYBLOB="043e0612"], 0x9)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x15, 0x3, &(0x7f0000000000)=@framed={{0x5e, 0xa, 0xa, 0x0, 0x0, 0x71, 0x10, 0x30}}, &(0x7f0000000480)='syzkaller\x00'}, 0x80)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000504000000002e"], 0x0, 0x37}, 0x20)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000004440)=ANY=[@ANYBLOB="0500000004000000040000000700000000000000", @ANYRES32, @ANYRES32=0x0, @ANYRES32=r1, @ANYBLOB="02000000010000002000000000000000a1d093010000000000000000"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000240), 0xfff, r2}, 0x38)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000200)={r2, &(0x7f0000000140), &(0x7f0000000000)=""/85}, 0x20)
r3 = socket$kcm(0x2, 0x4, 0x2)
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000540)=ANY=[@ANYBLOB="78000000680000f6ebe17d615c290e65331dcde4dc022bbd7000fcdbdf250a0001001200000004000b000c0008800600060000280000100008800c000100ffffffffffff95ad040004003c00020002000000090000000100000001000000020000000c00000002000000080000000200000007000000020000000500000002008a5167bd06fa81577e5931712a6e72400f0000000000"], 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x4000140)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
bind$inet6(r5, &(0x7f0000000500)={0xa, 0x4e20, 0xffffffff, @empty, 0x4}, 0x1c)
setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, &(0x7f0000000200)={0x1, &(0x7f0000000000)=[{0x6, 0x9, 0x8}]}, 0x10)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000000)=ANY=[@ANYBLOB="480000001000030500"/20, @ANYRES32=r6, @ANYBLOB="0000000000000000280012800b0001006d61637365630000180002800c0004000100000100c28000050003000f"], 0x48}}, 0x40000)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
r7 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000dc000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r8}, 0x10)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r9)
preadv(r7, &(0x7f0000000040)=[{&(0x7f0000002780)=""/4096, 0x1000}], 0x1, 0x5b3d2934, 0xfffffff8)
ioctl$IOCTL_GET_NCIDEV_IDX(r7, 0x0, &(0x7f00000000c0)=<r11=>0x0)
sendmsg$NFC_CMD_DEV_UP(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r10, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r11], 0x1c}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, 0x0)
write$tun(r0, &(0x7f0000000280)=ANY=[], 0x86)

27.203123ms ago: executing program 35 (id=1491):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
ioctl$KVM_GET_XSAVE(r0, 0x9000aea4, &(0x7f00000004c0))
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x22400)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r2 = socket$inet6(0xa, 0x3, 0x2)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$sock_SIOCGIFVLAN_SET_VLAN_EGRESS_PRIORITY_CMD(r2, 0x8982, &(0x7f0000000680)={0x3, 'batadv_slave_0\x00', {0x230}, 0x5951})
io_submit(0x0, 0x0, 0x0)
syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x127081)
close(r1)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000380)={0xc, 0x0, <r4=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r3, 0x3ba0, &(0x7f0000000200)={0x48, 0x2, r4})
r5 = syz_open_dev$vim2m(&(0x7f0000000180), 0x802000300000000, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r5, 0xc0405602, &(0x7f00000000c0)={0x1b, 0x2, 0x0, "110100e9ff130000010034190000005c4b7c150000000000000000000000c500", 0x39565559})
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f00000001c0)={0xc, 0x0, <r6=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r3, 0x3b85, &(0x7f0000000480)={0x28, 0x4, r6, 0x0, &(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3})
r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080), 0x2, 0x3}}, 0x20)

0s ago: executing program 36 (id=1492):
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), r4)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_SET_POWER_SAVE(r4, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000440)={0x24, r5, 0x1, 0x70bd2a, 0x25dfdbff, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_PS_STATE={0x8, 0x5d, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x40010}, 0x88c0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r8 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_udp_int(r8, 0x11, 0x68, &(0x7f0000000080)=0xa40, 0x4)
r9 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r9, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r10 = socket$kcm(0x2, 0xa, 0x2)
r11 = dup(0xffffffffffffffff)
sendmsg$nl_route(r11, &(0x7f0000000380)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x10040000}, 0xc, &(0x7f00000002c0)={0x0}, 0x1, 0x0, 0x0, 0x4801}, 0x0)
ioctl$vim2m_VIDIOC_REQBUFS(r11, 0xc0145608, &(0x7f0000000740)={0x7efb2136, 0x1, 0x2, 0x0, 0x4})
ioctl$SIOCSIFHWADDR(r10, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r9, &(0x7f0000000200)=ANY=[@ANYBLOB="0a000000bbbbbbbbbbbbaaaaaaaaaabb86ce6d002000001811ff00000000000000000000000000000000ff0200000000000000000000000000014f194e2000189078040000000b000000000001000000"], 0x52)
sched_setscheduler(r1, 0x6, &(0x7f0000000000)=0x6)
r12 = syz_open_dev$sndpcmc(&(0x7f0000000780), 0x0, 0x0)
io_setup(0x1, &(0x7f00000005c0)=<r13=>0x0)
io_submit(r13, 0x1, &(0x7f0000001a40)=[&(0x7f00000017c0)={0x0, 0x0, 0x0, 0x5, 0x0, r12, 0x0}])
dup(r3)
eventfd2(0x10000, 0x80000)
eventfd(0xfffffffa)

kernel console output (not intermixed with test programs):

  332.907700][ T9150] Call Trace:
[  332.907705][ T9150]  <TASK>
[  332.907712][ T9150]  dump_stack_lvl+0x16c/0x1f0
[  332.907742][ T9150]  should_fail_ex+0x512/0x640
[  332.907768][ T9150]  _copy_from_user+0x2e/0xd0
[  332.907791][ T9150]  write_ldt+0xfc/0xd20
[  332.907808][ T9150]  ? __pfx___schedule+0x10/0x10
[  332.907834][ T9150]  ? __pfx_write_ldt+0x10/0x10
[  332.907862][ T9150]  __x64_sys_modify_ldt+0xdb/0x170
[  332.907881][ T9150]  do_syscall_64+0xcd/0xfa0
[  332.907908][ T9150]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  332.907925][ T9150] RIP: 0033:0x7fecf2d8f6c9
[  332.907939][ T9150] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  332.907955][ T9150] RSP: 002b:00007fecf3bf1038 EFLAGS: 00000246 ORIG_RAX: 000000000000009a
[  332.907972][ T9150] RAX: ffffffffffffffda RBX: 00007fecf2fe5fa0 RCX: 00007fecf2d8f6c9
[  332.907988][ T9150] RDX: 0000000000000010 RSI: 0000200000000040 RDI: 0000000000000011
[  332.907999][ T9150] RBP: 00007fecf3bf1090 R08: 0000000000000000 R09: 0000000000000000
[  332.908009][ T9150] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  332.908019][ T9150] R13: 00007fecf2fe6038 R14: 00007fecf2fe5fa0 R15: 00007fffea1557e8
[  332.908044][ T9150]  </TASK>
[  333.138369][   T30] audit: type=1400 audit(1762377240.908:1067): avc:  denied  { map } for  pid=9149 comm="syz.0.785" path="/dev/uinput" dev="devtmpfs" ino=920 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  334.598468][ T5873] usb 3-1: new low-speed USB device number 34 using dummy_hcd
[  334.647994][ T5894] usb 2-1: USB disconnect, device number 31
[  334.878431][ T5873] usb 3-1: device descriptor read/64, error -71
[  335.301560][ T5873] usb 3-1: new low-speed USB device number 35 using dummy_hcd
[  335.448357][ T5820] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  335.497183][ T9195] binder: 9187:9195 ioctl c0306201 0 returned -14
[  336.128440][ T5873] usb 3-1: device descriptor read/64, error -71
[  336.198344][ T5820] usb 2-1: device descriptor read/64, error -71
[  336.259271][ T5873] usb usb3-port1: attempt power cycle
[  336.451320][ T5820] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  336.493274][   T30] audit: type=1400 audit(1762377244.298:1068): avc:  denied  { bind } for  pid=9205 comm="syz.0.801" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  336.516093][ T9206] syz.0.801 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  336.609045][ T5820] usb 2-1: device descriptor read/64, error -71
[  336.819294][ T5873] usb 3-1: new low-speed USB device number 36 using dummy_hcd
[  336.895664][ T5873] usb 3-1: device descriptor read/8, error -71
[  337.145058][ T5820] usb usb2-port1: attempt power cycle
[  337.638528][ T5820] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  337.858611][ T5873] usb 3-1: new low-speed USB device number 37 using dummy_hcd
[  337.889069][ T5873] usb 3-1: device descriptor read/8, error -71
[  338.151321][ T5873] usb usb3-port1: unable to enumerate USB device
[  338.860403][ T9221] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  338.904066][ T9221] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  339.055291][ T5820] usb 2-1: device descriptor read/8, error -71
[  339.076070][  T191] Bluetooth: hci5: Frame reassembly failed (-84)
[  339.400571][ T9235] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  339.838368][ T5820] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  339.858775][ T5820] usb 2-1: Using ep0 maxpacket: 32
[  339.865064][ T5820] usb 2-1: config 0 has an invalid interface number: 12 but max is 0
[  339.873227][ T5820] usb 2-1: config 0 has no interface number 0
[  339.879336][ T5820] usb 2-1: config 0 interface 12 has no altsetting 0
[  339.887754][ T5820] usb 2-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  339.896841][ T5820] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  339.904881][ T5820] usb 2-1: Product: syz
[  339.909069][ T5820] usb 2-1: Manufacturer: syz
[  339.913684][ T5820] usb 2-1: SerialNumber: syz
[  339.919795][ T5820] usb 2-1: config 0 descriptor??
[  339.925997][ T5820] f81534 2-1:0.12: required endpoints missing
[  340.143044][   T48] usb 2-1: USB disconnect, device number 35
[  340.273362][ T5819] Bluetooth: hci0: unexpected event for opcode 0x0c46
[  340.309764][   T30] audit: type=1400 audit(1762377248.118:1069): avc:  denied  { append } for  pid=9263 comm="syz.2.816" name="pfkey" dev="proc" ino=4026533455 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1
[  341.128882][ T5827] Bluetooth: hci5: Entering manufacturer mode failed (-110)
[  341.136593][ T5819] Bluetooth: hci5: command 0xfc11 tx timeout
[  341.176089][ T9273] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  341.203611][   T48] usb 3-1: new high-speed USB device number 38 using dummy_hcd
[  341.220240][ T9273] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  341.358915][   T48] usb 3-1: device descriptor read/64, error -71
[  341.628484][   T48] usb 3-1: new high-speed USB device number 39 using dummy_hcd
[  341.880413][   T48] usb 3-1: device descriptor read/64, error -71
[  341.995134][   T48] usb usb3-port1: attempt power cycle
[  342.036128][ T9302] FAULT_INJECTION: forcing a failure.
[  342.036128][ T9302] name failslab, interval 1, probability 0, space 0, times 0
[  342.049075][ T9302] CPU: 1 UID: 0 PID: 9302 Comm: syz.1.824 Not tainted syzkaller #0 PREEMPT(full) 
[  342.049098][ T9302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  342.049108][ T9302] Call Trace:
[  342.049114][ T9302]  <TASK>
[  342.049121][ T9302]  dump_stack_lvl+0x16c/0x1f0
[  342.049150][ T9302]  should_fail_ex+0x512/0x640
[  342.049182][ T9302]  ? __kmalloc_noprof+0xca/0x880
[  342.049209][ T9302]  should_failslab+0xc2/0x120
[  342.049225][ T9302]  __kmalloc_noprof+0xdd/0x880
[  342.049244][ T9302]  ? do_raw_spin_lock+0x12c/0x2b0
[  342.049258][ T9302]  ? sock_kmalloc+0x111/0x170
[  342.049283][ T9302]  ? sock_kmalloc+0x111/0x170
[  342.049301][ T9302]  sock_kmalloc+0x111/0x170
[  342.049322][ T9302]  hash_alloc_result+0xd7/0x150
[  342.049337][ T9302]  hash_sendmsg+0x6d6/0xfa0
[  342.049359][ T9302]  sock_sendmsg+0x3cc/0x470
[  342.049371][ T9302]  ? __lock_acquire+0x622/0x1c90
[  342.049391][ T9302]  ? __pfx_sock_sendmsg+0x10/0x10
[  342.049413][ T9302]  ? find_held_lock+0x2b/0x80
[  342.049432][ T9302]  splice_to_socket+0xaf4/0x1110
[  342.049447][ T9302]  ? find_held_lock+0x2b/0x80
[  342.049472][ T9302]  ? __pfx_splice_to_socket+0x10/0x10
[  342.049486][ T9302]  ? current_time+0x11d/0x1a0
[  342.049507][ T9302]  ? atime_needs_update+0x8b/0x710
[  342.049540][ T9302]  ? __pfx_shmem_file_splice_read+0x10/0x10
[  342.049563][ T9302]  ? __pfx_pipe_lock_cmp_fn+0x10/0x10
[  342.049577][ T9302]  ? __pfx_splice_to_socket+0x10/0x10
[  342.049592][ T9302]  direct_splice_actor+0x192/0x6c0
[  342.049608][ T9302]  splice_direct_to_actor+0x345/0xa30
[  342.049622][ T9302]  ? __pfx_direct_splice_actor+0x10/0x10
[  342.049640][ T9302]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  342.049653][ T9302]  ? __pfx_file_has_perm+0x10/0x10
[  342.049677][ T9302]  do_splice_direct+0x174/0x240
[  342.049691][ T9302]  ? __pfx_do_splice_direct+0x10/0x10
[  342.049705][ T9302]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  342.049727][ T9302]  ? bpf_lsm_file_permission+0x9/0x10
[  342.049741][ T9302]  ? security_file_permission+0x71/0x210
[  342.049758][ T9302]  ? rw_verify_area+0xcf/0x6c0
[  342.049779][ T9302]  do_sendfile+0xb06/0xe50
[  342.049803][ T9302]  ? __pfx_do_sendfile+0x10/0x10
[  342.049824][ T9302]  ? __fget_files+0x20e/0x3c0
[  342.049843][ T9302]  __x64_sys_sendfile64+0x1d8/0x220
[  342.049858][ T9302]  ? ksys_write+0x1ac/0x250
[  342.049870][ T9302]  ? __pfx___x64_sys_sendfile64+0x10/0x10
[  342.049892][ T9302]  do_syscall_64+0xcd/0xfa0
[  342.049915][ T9302]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  342.049928][ T9302] RIP: 0033:0x7f60fa58f6c9
[  342.049940][ T9302] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  342.049953][ T9302] RSP: 002b:00007f60fb3f4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  342.049967][ T9302] RAX: ffffffffffffffda RBX: 00007f60fa7e6180 RCX: 00007f60fa58f6c9
[  342.049976][ T9302] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000007
[  342.049984][ T9302] RBP: 00007f60fb3f4090 R08: 0000000000000000 R09: 0000000000000000
[  342.049992][ T9302] R10: 0000000002000081 R11: 0000000000000246 R12: 0000000000000001
[  342.050000][ T9302] R13: 00007f60fa7e6218 R14: 00007f60fa7e6180 R15: 00007ffc21840c98
[  342.050020][ T9302]  </TASK>
[  342.428337][ T5873] usb 4-1: new high-speed USB device number 47 using dummy_hcd
[  342.580037][ T5873] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  342.590368][ T5873] usb 4-1: config 0 has no interfaces?
[  342.595904][ T5873] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  342.604983][ T5873] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  342.614302][ T5873] usb 4-1: config 0 descriptor??
[  342.638317][   T48] usb 3-1: new high-speed USB device number 40 using dummy_hcd
[  342.658911][   T48] usb 3-1: device descriptor read/8, error -71
[  342.807038][   T30] audit: type=1400 audit(1762377250.608:1070): avc:  denied  { read } for  pid=9306 comm="syz.1.826" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  342.846811][   T30] audit: type=1400 audit(1762377250.638:1071): avc:  denied  { ioctl } for  pid=9306 comm="syz.1.826" path="socket:[21484]" dev="sockfs" ino=21484 ioctlcmd=0xf50e scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  343.020326][   T48] usb 3-1: new high-speed USB device number 41 using dummy_hcd
[  343.049364][   T48] usb 3-1: device descriptor read/8, error -71
[  343.158556][   T48] usb usb3-port1: unable to enumerate USB device
[  343.287423][ T9316] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  343.555019][   T30] audit: type=1400 audit(1762377251.358:1072): avc:  denied  { read write } for  pid=9314 comm="syz.1.827" name="autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  343.748363][   T30] audit: type=1400 audit(1762377251.358:1073): avc:  denied  { open } for  pid=9314 comm="syz.1.827" path="/dev/autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  343.772103][   T30] audit: type=1400 audit(1762377251.398:1074): avc:  denied  { ioctl } for  pid=9314 comm="syz.1.827" path="/dev/autofs" dev="devtmpfs" ino=98 ioctlcmd=0x9374 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  344.807670][   T36] Bluetooth: hci5: Frame reassembly failed (-84)
[  344.814968][ T9332] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  345.521567][   T48] usb 4-1: USB disconnect, device number 47
[  346.850685][ T5827] Bluetooth: hci5: Entering manufacturer mode failed (-110)
[  346.913695][ T9357] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  346.925242][ T9357] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  347.500706][ T9371] IPVS: lblc: FWM 3 0x00000003 - no destination available
[  347.630332][ T9371] bridge1: entered promiscuous mode
[  350.023759][ T5827] Bluetooth: hci4: unexpected event for opcode 0x202d
[  352.413098][ T9421] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  352.426382][ T1088] Bluetooth: hci5: Frame reassembly failed (-84)
[  353.041110][   T30] audit: type=1400 audit(1762377260.838:1075): avc:  denied  { ioctl } for  pid=9423 comm="syz.2.855" path="socket:[21841]" dev="sockfs" ino=21841 ioctlcmd=0x891c scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  353.065720][    C0] vkms_vblank_simulate: vblank timer overrun
[  353.130788][ T9426] netlink: 4 bytes leftover after parsing attributes in process `syz.2.855'.
[  353.202447][ T9426] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  353.385883][   T30] audit: type=1400 audit(1762377260.938:1076): avc:  denied  { bind } for  pid=9423 comm="syz.2.855" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  353.564350][   T30] audit: type=1400 audit(1762377261.368:1077): avc:  denied  { watch watch_reads } for  pid=9430 comm="syz.4.856" path="/187" dev="tmpfs" ino=1006 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  353.587207][    C0] vkms_vblank_simulate: vblank timer overrun
[  354.015736][   T48] usb 4-1: new high-speed USB device number 48 using dummy_hcd
[  354.046680][ T9417] netlink: 116 bytes leftover after parsing attributes in process `syz.1.853'.
[  354.055968][ T9441] netlink: 116 bytes leftover after parsing attributes in process `syz.1.853'.
[  354.365251][ T9443] netlink: 8 bytes leftover after parsing attributes in process `syz.4.860'.
[  354.383514][ T9443] netlink: 20 bytes leftover after parsing attributes in process `syz.4.860'.
[  354.433058][   T48] usb 4-1: Using ep0 maxpacket: 16
[  354.439673][   T48] usb 4-1: config 0 has an invalid interface number: 8 but max is 0
[  354.447747][   T48] usb 4-1: config 0 has no interface number 0
[  354.456281][   T48] usb 4-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 48, changing to 9
[  354.467584][   T48] usb 4-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid maxpacket 8240, setting to 1024
[  354.484480][   T48] usb 4-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  354.494034][ T5827] Bluetooth: hci5: Entering manufacturer mode failed (-110)
[  354.498502][ T5819] Bluetooth: hci5: command 0xfc11 tx timeout
[  354.501686][   T48] usb 4-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  354.517439][   T48] usb 4-1: Product: syz
[  354.527880][   T48] usb 4-1: SerialNumber: syz
[  354.537224][   T48] usb 4-1: config 0 descriptor??
[  354.544100][   T48] cm109 4-1:0.8: invalid payload size 1024, expected 4
[  354.551881][   T48] input: CM109 USB driver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.8/input/input14
[  354.786921][    T9] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[  355.569961][    T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  355.785517][    T9] usb 2-1: config 0 has no interfaces?
[  355.797924][    T9] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  355.821516][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  355.835716][    C1] cm109 4-1:0.8: cm109_urb_irq_callback: urb status -71
[  355.836307][ T5820] usb 4-1: USB disconnect, device number 48
[  355.842672][    C1] cm109 4-1:0.8: cm109_submit_ctl: usb_submit_urb (urb_ctl) failed -19
[  355.878628][    T9] usb 2-1: config 0 descriptor??
[  355.884476][ T5820] cm109 4-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[  356.006661][ T9465] vlan2: entered allmulticast mode
[  356.119468][ T9467] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  357.393326][ T9482] netlink: 16 bytes leftover after parsing attributes in process `syz.4.868'.
[  357.414973][ T9482] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  357.423836][ T9482] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  357.438612][   T30] audit: type=1400 audit(1762377265.238:1078): avc:  denied  { append } for  pid=9481 comm="syz.4.868" name="ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  357.472035][ T9482] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  357.482831][ T9482] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  357.500245][ T9482] netlink: 104 bytes leftover after parsing attributes in process `syz.4.868'.
[  357.619493][    T9] usb 2-1: USB disconnect, device number 36
[  357.758290][   T30] audit: type=1400 audit(1762377265.558:1079): avc:  denied  { setopt } for  pid=9490 comm="syz.1.871" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  359.328143][   T30] audit: type=1400 audit(1762377267.128:1080): avc:  denied  { read } for  pid=9496 comm="syz.2.874" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  359.347519][    C0] vkms_vblank_simulate: vblank timer overrun
[  359.380895][ T9508] /dev/nullb0: Can't open blockdev
[  360.253116][ T9533] binder: 9526:9533 ioctl c0306201 0 returned -14
[  360.378951][    T9] usb 4-1: new high-speed USB device number 49 using dummy_hcd
[  360.697009][    T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  360.707343][    T9] usb 4-1: config 0 has no interfaces?
[  360.712901][    T9] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  361.271160][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  361.281774][    T9] usb 4-1: config 0 descriptor??
[  361.298318][ T1207] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[  361.458332][ T1207] usb 1-1: Using ep0 maxpacket: 16
[  361.703595][ T1207] usb 1-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5
[  361.717940][ T1207] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  361.726769][ T1207] usb 1-1: Product: syz
[  361.744564][ T1207] usb 1-1: Manufacturer: syz
[  361.749279][ T1207] usb 1-1: SerialNumber: syz
[  361.755430][   T30] audit: type=1400 audit(1762377269.558:1081): avc:  denied  { read write } for  pid=9548 comm="syz.1.885" name="uhid" dev="devtmpfs" ino=1273 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  361.763827][ T5894] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0
[  361.780046][ T1207] usb 1-1: config 0 descriptor??
[  361.820030][   T30] audit: type=1400 audit(1762377269.558:1082): avc:  denied  { open } for  pid=9548 comm="syz.1.885" path="/dev/uhid" dev="devtmpfs" ino=1273 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  361.857223][ T1207] visor 1-1:0.0: Sony Clie 3.5 converter detected
[  361.987811][ T5894] hid-generic 0000:0000:0000.000D: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  362.351471][ T1207] usb 1-1: clie_3_5_startup: get interface number failed: -71
[  362.359151][ T1207] visor 1-1:0.0: probe with driver visor failed with error -71
[  362.377367][ T1207] usb 1-1: USB disconnect, device number 28
[  362.778788][ T9558] fuse: Unknown parameter 'A]@2'
[  363.484704][ T1207] usb 3-1: new high-speed USB device number 42 using dummy_hcd
[  363.535992][    T9] usb 4-1: USB disconnect, device number 49
[  364.262352][ T1207] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  364.293840][ T1207] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  364.452636][ T9572] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  364.478814][ T9572] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  364.497020][ T1207] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  364.511262][ T1207] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  364.605635][    T9] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[  364.613798][ T1207] usb 3-1: Product: syz
[  364.618033][ T1207] usb 3-1: Manufacturer: syz
[  364.622833][ T1207] usb 3-1: SerialNumber: syz
[  364.863120][ T9558] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  365.255995][ T9558] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  365.401458][ T1207] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -22
[  365.416810][ T1207] usb 3-1: USB disconnect, device number 42
[  365.425867][    T9] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  365.436993][    T9] usb 2-1: config 27 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  365.465621][    T9] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  366.013804][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  366.418726][    T9] usb 2-1: can't set config #27, error -71
[  366.532655][    T9] usb 2-1: USB disconnect, device number 37
[  366.608362][ T1207] usb 3-1: new high-speed USB device number 43 using dummy_hcd
[  367.594289][   T30] audit: type=1400 audit(1762377274.478:1083): avc:  denied  { connect } for  pid=9589 comm="syz.4.896" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  367.614076][    C0] vkms_vblank_simulate: vblank timer overrun
[  367.653817][ T9598] netlink: 20 bytes leftover after parsing attributes in process `syz.1.898'.
[  367.711043][   T30] audit: type=1400 audit(1762377274.808:1084): avc:  denied  { create } for  pid=9589 comm="syz.4.896" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1
[  367.732177][    C0] vkms_vblank_simulate: vblank timer overrun
[  369.950334][   T30] audit: type=1400 audit(1762377277.668:1085): avc:  denied  { block_suspend } for  pid=9628 comm="syz.4.904" capability=36  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  370.258385][   T48] usb 3-1: new high-speed USB device number 44 using dummy_hcd
[  370.418395][   T48] usb 3-1: Using ep0 maxpacket: 16
[  370.437960][   T48] usb 3-1: config 0 interface 0 has no altsetting 0
[  370.445876][   T48] usb 3-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  370.464582][   T48] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  370.479062][   T48] usb 3-1: config 0 descriptor??
[  371.208824][ T5873] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  371.496001][ T5873] usb 2-1: New USB device found, idVendor=055f, idProduct=c420, bcdDevice=6a.33
[  371.511541][   T48] usb 3-1: USB disconnect, device number 44
[  371.518732][ T5873] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  371.562147][ T5873] usb 2-1: config 0 descriptor??
[  371.570584][ T5873] gspca_main: sunplus-2.14.0 probing 055f:c420
[  371.621788][   T30] audit: type=1400 audit(1762377279.428:1086): avc:  denied  { write } for  pid=9651 comm="syz.3.910" name="random" dev="devtmpfs" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1
[  371.737497][ T9657] lo speed is unknown, defaulting to 1000
[  371.973031][ T9642] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  371.981692][ T9642] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  371.991288][ T5873] gspca_sunplus: reg_w_riv err -71
[  371.996744][ T5873] sunplus 2-1:0.0: probe with driver sunplus failed with error -71
[  372.006504][ T5873] usb 2-1: USB disconnect, device number 38
[  373.452773][ T9677] vlan0: entered allmulticast mode
[  373.542269][ T9676] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  374.311998][   T30] audit: type=1400 audit(1762377281.718:1087): avc:  denied  { getopt } for  pid=9679 comm="syz.1.918" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  374.768373][    T9] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[  375.200391][    T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  375.222642][    T9] usb 2-1: config 0 has no interfaces?
[  375.233984][    T9] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  375.264707][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  375.348016][    T9] usb 2-1: config 0 descriptor??
[  375.819209][   T30] audit: type=1400 audit(1762377283.618:1088): avc:  denied  { write } for  pid=9713 comm="syz.2.926" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  376.256279][   T30] audit: type=1400 audit(1762377283.978:1089): avc:  denied  { read } for  pid=9713 comm="syz.2.926" name="nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  377.309152][   T30] audit: type=1400 audit(1762377283.978:1090): avc:  denied  { open } for  pid=9713 comm="syz.2.926" path="/dev/nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  377.812882][    T9] usb 2-1: USB disconnect, device number 39
[  377.898420][   T48] usb 3-1: new high-speed USB device number 45 using dummy_hcd
[  377.914803][ T9733] syzkaller1: entered promiscuous mode
[  377.924884][ T9733] syzkaller1: entered allmulticast mode
[  377.936269][ T9733] FAULT_INJECTION: forcing a failure.
[  377.936269][ T9733] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  377.949491][ T9733] CPU: 1 UID: 0 PID: 9733 Comm: syz.1.931 Not tainted syzkaller #0 PREEMPT(full) 
[  377.949518][ T9733] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  377.949529][ T9733] Call Trace:
[  377.949534][ T9733]  <TASK>
[  377.949542][ T9733]  dump_stack_lvl+0x16c/0x1f0
[  377.949575][ T9733]  should_fail_ex+0x512/0x640
[  377.949601][ T9733]  _copy_from_iter+0x29f/0x1720
[  377.949629][ T9733]  ? __pfx__copy_from_iter+0x10/0x10
[  377.949651][ T9733]  ? _copy_from_iter+0x15d/0x1720
[  377.949682][ T9733]  skb_copy_datagram_from_iter+0x124/0x740
[  377.949708][ T9733]  ? iov_iter_advance+0x7d/0x6c0
[  377.949733][ T9733]  tun_get_user+0x1850/0x3cc0
[  377.949770][ T9733]  ? __pfx_tun_get_user+0x10/0x10
[  377.949795][ T9733]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  377.949827][ T9733]  ? find_held_lock+0x2b/0x80
[  377.949851][ T9733]  ? tun_get+0x191/0x370
[  377.949879][ T9733]  tun_chr_write_iter+0xdc/0x210
[  377.949905][ T9733]  vfs_write+0x7d3/0x11d0
[  377.949924][ T9733]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  377.949951][ T9733]  ? __pfx_vfs_write+0x10/0x10
[  377.949966][ T9733]  ? find_held_lock+0x2b/0x80
[  377.950003][ T9733]  ksys_write+0x12a/0x250
[  377.950021][ T9733]  ? __pfx_ksys_write+0x10/0x10
[  377.950050][ T9733]  do_syscall_64+0xcd/0xfa0
[  377.950080][ T9733]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  377.950097][ T9733] RIP: 0033:0x7f60fa58f6c9
[  377.950112][ T9733] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  377.950128][ T9733] RSP: 002b:00007f60fb436038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  377.950146][ T9733] RAX: ffffffffffffffda RBX: 00007f60fa7e5fa0 RCX: 00007f60fa58f6c9
[  377.950158][ T9733] RDX: 0000000000000086 RSI: 0000200000000280 RDI: 0000000000000003
[  377.950168][ T9733] RBP: 00007f60fb436090 R08: 0000000000000000 R09: 0000000000000000
[  377.950179][ T9733] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  377.950188][ T9733] R13: 00007f60fa7e6038 R14: 00007f60fa7e5fa0 R15: 00007ffc21840c98
[  377.950213][ T9733]  </TASK>
[  378.161684][    C1] vkms_vblank_simulate: vblank timer overrun
[  378.216524][   T30] audit: type=1400 audit(1762377286.018:1091): avc:  denied  { append } for  pid=9714 comm="syz.3.928" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  378.252599][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  378.258922][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  378.268294][   T48] usb 3-1: Using ep0 maxpacket: 8
[  378.275159][   T48] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  378.285028][   T48] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  378.294786][   T48] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  378.304736][   T48] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  378.317727][   T48] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  378.326771][   T48] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  378.366226][ T9740] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  378.373929][ T9740] /dev/nullb0: Can't open blockdev
[  378.682064][   T48] usb 3-1: GET_CAPABILITIES returned 0
[  378.723756][   T48] usbtmc 3-1:16.0: can't read capabilities
[  378.882323][ T9753] netlink: 124 bytes leftover after parsing attributes in process `syz.0.936'.
[  380.483979][ T1207] usb 4-1: new high-speed USB device number 50 using dummy_hcd
[  380.607790][ T9770] TCP: TCP_TX_DELAY enabled
[  380.668297][ T1207] usb 4-1: Using ep0 maxpacket: 16
[  380.734014][ T1207] usb 4-1: config index 0 descriptor too short (expected 64018, got 18)
[  380.746723][ T1207] usb 4-1: config 0 has an invalid interface number: 0 but max is -1
[  380.754961][ T1207] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 0
[  380.766403][ T1207] usb 4-1: New USB device found, idVendor=03fd, idProduct=ebbe, bcdDevice=ed.e2
[  380.970975][ T1207] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  381.003005][ T1207] usb 4-1: Product: syz
[  381.021447][ T1207] usb 4-1: Manufacturer: syz
[  381.040742][ T1207] usb 4-1: SerialNumber: syz
[  381.082804][ T1207] usb 4-1: config 0 descriptor??
[  381.157523][ T9777] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  381.318435][ T5894] usb 2-1: new high-speed USB device number 40 using dummy_hcd
[  381.597272][ T5894] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  381.608032][ T5894] usb 2-1: config 0 has no interfaces?
[  381.613609][ T5894] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  381.622773][ T5894] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  381.634187][ T5894] usb 2-1: config 0 descriptor??
[  381.802645][ T1207] usb 4-1: USB disconnect, device number 50
[  382.735651][ T9790] netlink: 'syz.3.946': attribute type 10 has an invalid length.
[  382.748450][ T9790] team0: Device dummy0 is up. Set it down before adding it as a team port
[  382.945381][ T9793] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  383.208502][ T5827] Bluetooth: hci5: Entering manufacturer mode failed (-110)
[  383.339787][ T9725] Set syz1 is full, maxelem 65536 reached
[  383.364119][   T48] usb 3-1: USB disconnect, device number 45
[  383.424319][   T30] audit: type=1400 audit(1762377291.228:1092): avc:  denied  { ioctl } for  pid=9798 comm="syz.2.948" path="socket:[22476]" dev="sockfs" ino=22476 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  383.681833][ T9804] binder: 9800:9804 ioctl c0306201 0 returned -14
[  383.738322][   T48] usb 3-1: new high-speed USB device number 46 using dummy_hcd
[  384.462131][ T1207] usb 2-1: USB disconnect, device number 40
[  384.518359][   T48] usb 3-1: Using ep0 maxpacket: 8
[  384.538679][   T48] usb 3-1: unable to get BOS descriptor or descriptor too short
[  384.541190][ T9807] 8021q: VLANs not supported on ip_vti0
[  384.547243][   T48] usb 3-1: config 2 has an invalid interface number: 153 but max is 0
[  384.564027][ T9809] No source specified
[  384.571524][ T9807] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  384.579975][   T48] usb 3-1: config 2 has no interface number 0
[  384.580893][ T9807] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  384.603888][   T48] usb 3-1: config 2 interface 153 has no altsetting 0
[  384.626290][   T48] usb 3-1: New USB device found, idVendor=1199, idProduct=683b, bcdDevice=95.ac
[  384.635509][   T48] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  384.643649][   T48] usb 3-1: Product: syz
[  384.648843][   T48] usb 3-1: Manufacturer: syz
[  384.653464][   T48] usb 3-1: SerialNumber: syz
[  385.036967][ T5819] Bluetooth: hci6: Entering manufacturer mode failed (-110)
[  385.049617][ T5819] Bluetooth: hci3: unexpected Set CIG Parameters response data
[  385.057986][ T5819] Bluetooth: hci3: unexpected event for opcode 0x2062
[  385.331440][ T9819] binder: 9798:9819 ioctl c0306201 0 returned -14
[  385.410725][ T9823] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  385.480075][ T9823] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  389.122927][   T48] hub 3-1:2.153: bad descriptor, ignoring hub
[  389.138533][   T48] hub 3-1:2.153: probe with driver hub failed with error -5
[  389.138658][ T5819] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[  389.146494][   T48] sierra 3-1:2.153: Sierra USB modem converter detected
[  389.155422][ T5819] Bluetooth: hci3: Injecting HCI hardware error event
[  389.170088][ T5819] Bluetooth: hci3: hardware error 0x00
[  389.194512][   T48] usb 3-1: USB disconnect, device number 46
[  389.726615][   T48] sierra 3-1:2.153: device disconnected
[  389.749311][ T5820] usb 2-1: new high-speed USB device number 41 using dummy_hcd
[  389.924685][ T9862] netlink: 128 bytes leftover after parsing attributes in process `syz.2.965'.
[  389.934993][ T9863] input: syz0 as /devices/virtual/input/input16
[  390.071633][ T5820] usb 2-1: Using ep0 maxpacket: 16
[  390.079898][ T5820] usb 2-1: config 1 has an invalid interface number: 105 but max is 0
[  390.088422][ T5820] usb 2-1: config 1 has no interface number 0
[  390.099238][ T5820] usb 2-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  390.359980][ T5820] usb 2-1: config 1 interface 105 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  390.508337][ T5820] usb 2-1: config 1 interface 105 has no altsetting 0
[  390.545510][ T5820] usb 2-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d
[  390.575862][ T5820] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  390.622407][ T5820] usb 2-1: Product: syz
[  390.788264][ T5820] usb 2-1: Manufacturer: syz
[  390.904449][ T5820] usb 2-1: SerialNumber: syz
[  390.960592][ T9854] raw-gadget.4 gadget.1: fail, usb_ep_enable returned -22
[  390.978414][ T9854] raw-gadget.4 gadget.1: fail, usb_ep_enable returned -22
[  391.197045][ T9854] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  391.278746][ T9854] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  391.289252][ T5819] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[  391.825207][ T9854] raw-gadget.4 gadget.1: fail, usb_ep_enable returned -22
[  391.837978][ T9854] raw-gadget.4 gadget.1: fail, usb_ep_enable returned -22
[  392.748370][ T5820] aqc111 2-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -32
[  392.869853][ T1207] usb 3-1: new high-speed USB device number 47 using dummy_hcd
[  393.006254][ T5820] aqc111 2-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71
[  393.041118][ T5820] aqc111 2-1:1.105 eth1: register 'aqc111' at usb-dummy_hcd.1-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter, 9a:04:b9:42:8d:f1
[  393.058737][ T5820] usb 2-1: USB disconnect, device number 41
[  393.066214][ T5820] aqc111 2-1:1.105 eth1: unregister 'aqc111' usb-dummy_hcd.1-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter
[  393.098079][ T9912] FAULT_INJECTION: forcing a failure.
[  393.098079][ T9912] name failslab, interval 1, probability 0, space 0, times 0
[  393.111067][ T1207] usb 3-1: Using ep0 maxpacket: 32
[  393.116234][ T9912] CPU: 0 UID: 0 PID: 9912 Comm: syz.3.980 Not tainted syzkaller #0 PREEMPT(full) 
[  393.116255][ T9912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  393.116266][ T9912] Call Trace:
[  393.116270][ T9912]  <TASK>
[  393.116274][ T9912]  dump_stack_lvl+0x16c/0x1f0
[  393.116294][ T9912]  should_fail_ex+0x512/0x640
[  393.116306][ T9912]  ? __kmalloc_noprof+0xca/0x880
[  393.116323][ T9912]  should_failslab+0xc2/0x120
[  393.116339][ T9912]  __kmalloc_noprof+0xdd/0x880
[  393.116353][ T9912]  ? __list_lru_init+0xe8/0x4c0
[  393.116371][ T9912]  ? __list_lru_init+0xe8/0x4c0
[  393.116385][ T9912]  __list_lru_init+0xe8/0x4c0
[  393.116402][ T9912]  alloc_super+0x86d/0xb60
[  393.116420][ T9912]  ? __pfx_super_s_dev_test+0x10/0x10
[  393.116434][ T9912]  sget_fc+0x116/0xc20
[  393.116443][ T9912]  ? get_tree_bdev_flags+0xc9/0x620
[  393.116452][ T9912]  ? __pfx_super_s_dev_set+0x10/0x10
[  393.116468][ T9912]  get_tree_bdev_flags+0x1ba/0x620
[  393.116477][ T9912]  ? __pfx_f2fs_fill_super+0x10/0x10
[  393.116490][ T9912]  ? __pfx_get_tree_bdev_flags+0x10/0x10
[  393.116502][ T9912]  ? bpf_lsm_capable+0x9/0x10
[  393.116515][ T9912]  ? security_capable+0x7e/0x260
[  393.116532][ T9912]  vfs_get_tree+0x8e/0x340
[  393.116546][ T9912]  path_mount+0x7b9/0x23a0
[  393.116561][ T9912]  ? __pfx_path_mount+0x10/0x10
[  393.116574][ T9912]  ? putname+0x154/0x1a0
[  393.116589][ T9912]  ? putname+0x154/0x1a0
[  393.116600][ T9912]  ? putname+0x154/0x1a0
[  393.116613][ T9912]  ? __x64_sys_mount+0x293/0x310
[  393.116624][ T9912]  __x64_sys_mount+0x293/0x310
[  393.116636][ T9912]  ? __pfx___x64_sys_mount+0x10/0x10
[  393.116653][ T9912]  do_syscall_64+0xcd/0xfa0
[  393.116674][ T9912]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  393.116685][ T9912] RIP: 0033:0x7f0b7078f6c9
[  393.116694][ T9912] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  393.116704][ T9912] RSP: 002b:00007f0b715e2038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  393.116713][ T9912] RAX: ffffffffffffffda RBX: 00007f0b709e6090 RCX: 00007f0b7078f6c9
[  393.116720][ T9912] RDX: 0000200000000140 RSI: 0000200000000040 RDI: 0000200000000240
[  393.116726][ T9912] RBP: 00007f0b715e2090 R08: 0000000000000000 R09: 0000000000000000
[  393.116732][ T9912] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  393.116738][ T9912] R13: 00007f0b709e6128 R14: 00007f0b709e6090 R15: 00007fff2428fed8
[  393.116752][ T9912]  </TASK>
[  393.357473][    C0] vkms_vblank_simulate: vblank timer overrun
[  393.368576][ T1207] usb 3-1: config 4 has an invalid interface number: 128 but max is 0
[  393.376753][ T1207] usb 3-1: config 4 has no interface number 0
[  393.382850][ T1207] usb 3-1: config 4 interface 128 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  393.393947][ T1207] usb 3-1: config 4 interface 128 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  393.403887][ T1207] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  393.412918][ T1207] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  393.419179][ T9913] netlink: 'syz.4.979': attribute type 1 has an invalid length.
[  393.424492][ T1207] hub 3-1:4.128: USB hub found
[  393.428631][ T9913] netlink: 'syz.4.979': attribute type 1 has an invalid length.
[  393.440201][ T5820] aqc111 2-1:1.105 eth1 (unregistered): Failed to write(0x1) reg index 0x0002: -19
[  393.444626][ T9913] ALSA: mixer_oss: invalid OSS volume 'PHONEXÛ0ØIN'
[  393.450483][ T5820] aqc111 2-1:1.105 eth1 (unregistered): Failed to write(0x1) reg index 0x0002: -19
[  393.466328][ T5820] aqc111 2-1:1.105 eth1 (unregistered): Failed to write(0x61) reg index 0x0000: -19
[  393.498552][   T30] audit: type=1400 audit(1762377301.298:1093): avc:  denied  { accept } for  pid=9910 comm="syz.4.979" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  393.627886][ T1207] hub 3-1:4.128: 2 ports detected
[  393.633162][ T1207] hub 3-1:4.128: Using single TT (err -22)
[  393.847217][ T9901] lo speed is unknown, defaulting to 1000
[  394.440301][   T30] audit: type=1326 audit(1762377302.248:1094): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9933 comm="syz.4.987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ce438f6c9 code=0x7ffc0000
[  394.465323][   T30] audit: type=1326 audit(1762377302.268:1095): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9933 comm="syz.4.987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ce438f6c9 code=0x7ffc0000
[  394.468581][ T5820] usb 2-1: new high-speed USB device number 42 using dummy_hcd
[  394.514053][   T30] audit: type=1326 audit(1762377302.318:1096): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9933 comm="syz.4.987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f9ce438f6c9 code=0x7ffc0000
[  394.585021][   T30] audit: type=1326 audit(1762377302.318:1097): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9933 comm="syz.4.987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ce438f6c9 code=0x7ffc0000
[  394.645692][   T30] audit: type=1326 audit(1762377302.318:1098): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9933 comm="syz.4.987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ce438f6c9 code=0x7ffc0000
[  394.675580][   T30] audit: type=1326 audit(1762377302.318:1099): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9933 comm="syz.4.987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7f9ce438f6c9 code=0x7ffc0000
[  394.700257][   T30] audit: type=1326 audit(1762377302.348:1100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9933 comm="syz.4.987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ce438f6c9 code=0x7ffc0000
[  394.709752][ T1207] hub 3-1:4.128: hub_hub_status failed (err = -32)
[  394.724770][   T30] audit: type=1326 audit(1762377302.348:1101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9933 comm="syz.4.987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ce438f6c9 code=0x7ffc0000
[  394.756847][   T30] audit: type=1326 audit(1762377302.358:1102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9933 comm="syz.4.987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f9ce438f6c9 code=0x7ffc0000
[  394.782487][ T5820] usb 2-1: New USB device found, idVendor=0bda, idProduct=0177, bcdDevice=7d.0b
[  394.792525][ T5820] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  394.800866][ T1207] hub 3-1:4.128: config failed, can't get hub status (err -32)
[  394.811840][ T5820] usb 2-1: config 0 descriptor??
[  394.835609][ T5820] ums-realtek 2-1:0.0: USB Mass Storage device detected
[  395.063346][ T5894] usb 3-1: USB disconnect, device number 47
[  395.174477][ T9923] fuse: Unknown parameter ''
[  395.579656][ T5820] usb 4-1: new high-speed USB device number 51 using dummy_hcd
[  395.738316][ T5820] usb 4-1: Using ep0 maxpacket: 32
[  395.751864][ T5820] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  395.768069][ T5820] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  395.781035][ T5820] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  395.789482][ T5820] usb 4-1: Product: syz
[  395.793676][ T5820] usb 4-1: Manufacturer: syz
[  395.799478][ T5820] usb 4-1: SerialNumber: syz
[  395.806409][ T5820] usb 4-1: config 0 descriptor??
[  395.815144][ T5820] quatech2 4-1:0.0: Quatech 2nd gen USB to Serial Driver converter detected
[  397.334410][ T9966] io-wq is not configured for unbound workers
[  397.443260][    T9] usb 2-1: USB disconnect, device number 42
[  397.929335][ T9975] FAULT_INJECTION: forcing a failure.
[  397.929335][ T9975] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  397.958429][ T9975] CPU: 0 UID: 0 PID: 9975 Comm: syz.1.996 Not tainted syzkaller #0 PREEMPT(full) 
[  397.958454][ T9975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  397.958465][ T9975] Call Trace:
[  397.958471][ T9975]  <TASK>
[  397.958478][ T9975]  dump_stack_lvl+0x16c/0x1f0
[  397.958509][ T9975]  should_fail_ex+0x512/0x640
[  397.958537][ T9975]  _copy_from_user+0x2e/0xd0
[  397.958561][ T9975]  copy_msghdr_from_user+0x98/0x160
[  397.958586][ T9975]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  397.958613][ T9975]  ? kfree+0x252/0x6d0
[  397.958634][ T9975]  ? __pfx__kstrtoull+0x10/0x10
[  397.958665][ T9975]  ___sys_sendmsg+0xfe/0x1d0
[  397.958690][ T9975]  ? __pfx____sys_sendmsg+0x10/0x10
[  397.958735][ T9975]  ? __pfx___might_resched+0x10/0x10
[  397.958763][ T9975]  __sys_sendmmsg+0x200/0x420
[  397.958790][ T9975]  ? __pfx___sys_sendmmsg+0x10/0x10
[  397.958821][ T9975]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  397.958849][ T9975]  ? fput+0x9b/0xd0
[  397.958876][ T9975]  ? ksys_write+0x1ac/0x250
[  397.958892][ T9975]  ? __pfx_ksys_write+0x10/0x10
[  397.958913][ T9975]  __x64_sys_sendmmsg+0x9c/0x100
[  397.958935][ T9975]  ? lockdep_hardirqs_on+0x7c/0x110
[  397.958959][ T9975]  do_syscall_64+0xcd/0xfa0
[  397.958988][ T9975]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  397.959005][ T9975] RIP: 0033:0x7f60fa58f6c9
[  397.959019][ T9975] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  397.959035][ T9975] RSP: 002b:00007f60fb436038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  397.959052][ T9975] RAX: ffffffffffffffda RBX: 00007f60fa7e5fa0 RCX: 00007f60fa58f6c9
[  397.959063][ T9975] RDX: 0000000000000002 RSI: 0000200000004f00 RDI: 0000000000000003
[  397.959074][ T9975] RBP: 00007f60fb436090 R08: 0000000000000000 R09: 0000000000000000
[  397.959084][ T9975] R10: 0000000004040001 R11: 0000000000000246 R12: 0000000000000001
[  397.959094][ T9975] R13: 00007f60fa7e6038 R14: 00007f60fa7e5fa0 R15: 00007ffc21840c98
[  397.959120][ T9975]  </TASK>
[  398.157733][    C0] vkms_vblank_simulate: vblank timer overrun
[  398.388306][ T5820] usb 4-1: qt2_attach - failed to power on unit: -71
[  398.395158][ T5820] quatech2 4-1:0.0: probe with driver quatech2 failed with error -71
[  398.425886][ T5820] usb 4-1: USB disconnect, device number 51
[  398.858693][ T5820] usb 2-1: new high-speed USB device number 43 using dummy_hcd
[  399.023767][ T5820] usb 2-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice=11.64
[  399.114531][ T5820] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  399.198556][ T5820] usb 2-1: Product: syz
[  399.207076][ T5820] usb 2-1: Manufacturer: syz
[  399.224850][ T5820] usb 2-1: SerialNumber: syz
[  399.246109][ T5820] usb 2-1: config 0 descriptor??
[  399.263128][ T5820] dvb-usb: found a 'Nebula Electronics uDigiTV DVB-T USB2.0)' in warm state.
[  399.274542][ T9986] vlan2: entered allmulticast mode
[  399.283009][ T5820] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  399.293291][ T5820] dvbdev: DVB: registering new adapter (Nebula Electronics uDigiTV DVB-T USB2.0))
[  399.389143][ T9987] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  399.417590][ T5820] usb 2-1: media controller created
[  399.488867][ T9979] dvb-usb: bulk message failed: -22 (7/0)
[  399.516405][ T5820] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  400.195658][ T5820] DVB: Unable to find symbol mt352_attach()
[  400.308739][ T5820] DVB: Unable to find symbol nxt6000_attach()
[  400.324655][ T5820] dvb-usb: no frontend was attached by 'Nebula Electronics uDigiTV DVB-T USB2.0)'
[  400.640105][ T5820] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input17
[  400.641575][ T5820] dvb-usb: schedule remote query interval to 1000 msecs.
[  400.641588][ T5820] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0) successfully initialized and connected.
[  400.641603][ T5820] dvb-usb: bulk message failed: -22 (7/0)
[  400.641622][ T5820] dvb-usb: bulk message failed: -22 (7/0)
[  400.645984][ T5820] usb 2-1: USB disconnect, device number 43
[  400.708582][ T5820] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0 successfully deinitialized and disconnected.
[  401.235442][T10022] delete_channel: no stack
[  401.938519][   T30] kauditd_printk_skb: 33 callbacks suppressed
[  401.938538][   T30] audit: type=1400 audit(1762377309.058:1136): avc:  denied  { setopt } for  pid=10011 comm="syz.1.1005" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  401.995601][T10026] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  402.933996][ T5873] kernel write not supported for file [eventfd] (pid: 5873 comm: kworker/1:4)
[  403.089129][ T5894] usb 2-1: new high-speed USB device number 44 using dummy_hcd
[  403.158405][   T48] usb 3-1: new high-speed USB device number 48 using dummy_hcd
[  403.238295][ T5894] usb 2-1: Using ep0 maxpacket: 8
[  403.378370][   T48] usb 3-1: Using ep0 maxpacket: 16
[  403.385698][   T48] usb 3-1: config 1 has an invalid interface number: 161 but max is 2
[  403.394102][   T48] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  403.404622][   T48] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  403.413591][   T48] usb 3-1: config 1 has no interface number 0
[  403.423347][   T48] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.53
[  403.432461][   T48] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  403.440581][   T48] usb 3-1: Product: syz
[  403.444923][   T48] usb 3-1: Manufacturer: syz
[  403.449990][   T48] usb 3-1: SerialNumber: syz
[  403.512838][T10038] siw: device registration error -23
[  404.042694][T10041] evm: overlay not supported
[  404.435129][ T5894] usb 2-1: unable to get BOS descriptor or descriptor too short
[  404.453604][ T5894] usb 2-1: no configurations
[  404.461273][ T5894] usb 2-1: can't read configurations, error -22
[  405.203818][   T48] usb 3-1: 161:2 : does not exist
[  405.210515][   T48] usb 3-1: unit 9 not found!
[  405.232288][   T48] usb 3-1: USB disconnect, device number 48
[  405.248880][T10053] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  405.257414][T10053] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  405.666127][   T30] audit: type=1400 audit(1762377313.468:1137): avc:  denied  { map } for  pid=10062 comm="syz.3.1017" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  408.446910][   T30] audit: type=1400 audit(1762377316.248:1138): avc:  denied  { listen } for  pid=10095 comm="syz.1.1026" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  408.469645][   T30] audit: type=1400 audit(1762377316.278:1139): avc:  denied  { read } for  pid=10095 comm="syz.1.1026" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  408.747794][   T30] audit: type=1400 audit(1762377316.278:1140): avc:  denied  { bind } for  pid=10095 comm="syz.1.1026" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  408.936344][T10106] input: syz1 as /devices/virtual/input/input18
[  409.013137][T10112] FAULT_INJECTION: forcing a failure.
[  409.013137][T10112] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  409.038483][T10112] CPU: 0 UID: 0 PID: 10112 Comm: syz.4.1028 Not tainted syzkaller #0 PREEMPT(full) 
[  409.038507][T10112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  409.038517][T10112] Call Trace:
[  409.038523][T10112]  <TASK>
[  409.038530][T10112]  dump_stack_lvl+0x16c/0x1f0
[  409.038561][T10112]  should_fail_ex+0x512/0x640
[  409.038584][T10112]  _copy_from_user+0x2e/0xd0
[  409.038606][T10112]  input_event_from_user+0x133/0x3b0
[  409.038633][T10112]  ? __pfx_input_event_from_user+0x10/0x10
[  409.038659][T10112]  ? __pfx___might_resched+0x10/0x10
[  409.038680][T10112]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  409.038704][T10112]  ? input_event+0xb6/0xd0
[  409.038728][T10112]  uinput_write+0xbb4/0x12b0
[  409.038753][T10112]  ? __pfx_uinput_write+0x10/0x10
[  409.038773][T10112]  ? bpf_lsm_file_permission+0x9/0x10
[  409.038789][T10112]  ? security_file_permission+0x71/0x210
[  409.038811][T10112]  ? rw_verify_area+0xcf/0x6c0
[  409.038842][T10112]  ? __pfx_uinput_write+0x10/0x10
[  409.038859][T10112]  vfs_write+0x2a0/0x11d0
[  409.038881][T10112]  ? __pfx_vfs_write+0x10/0x10
[  409.038895][T10112]  ? find_held_lock+0x2b/0x80
[  409.038917][T10112]  ? __fget_files+0x204/0x3c0
[  409.038938][T10112]  ? __fget_files+0x20e/0x3c0
[  409.038963][T10112]  ksys_write+0x1f8/0x250
[  409.038979][T10112]  ? __pfx_ksys_write+0x10/0x10
[  409.039004][T10112]  do_syscall_64+0xcd/0xfa0
[  409.039031][T10112]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  409.039049][T10112] RIP: 0033:0x7f9ce438f6c9
[  409.039064][T10112] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  409.039081][T10112] RSP: 002b:00007f9ce25d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  409.039098][T10112] RAX: ffffffffffffffda RBX: 00007f9ce45e6090 RCX: 00007f9ce438f6c9
[  409.039110][T10112] RDX: 000000000000fe4f RSI: 0000200000000000 RDI: 0000000000000003
[  409.039120][T10112] RBP: 00007f9ce25d5090 R08: 0000000000000000 R09: 0000000000000000
[  409.039131][T10112] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  409.039141][T10112] R13: 00007f9ce45e6128 R14: 00007f9ce45e6090 R15: 00007ffc2fffebb8
[  409.039166][T10112]  </TASK>
[  409.261997][    C0] vkms_vblank_simulate: vblank timer overrun
[  409.353479][T10120] Bluetooth: hci0: load_link_keys: expected 3 bytes, got 7 bytes
[  410.040369][   T30] audit: type=1400 audit(1762377317.848:1141): avc:  denied  { bind } for  pid=10135 comm="syz.0.1036" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  410.060304][   T30] audit: type=1400 audit(1762377317.848:1142): avc:  denied  { setopt } for  pid=10135 comm="syz.0.1036" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  411.137674][   T30] audit: type=1400 audit(1762377318.938:1143): avc:  denied  { read write } for  pid=10119 comm="syz.3.1031" name="file0" dev="fuse" ino=6 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[  411.168530][   T30] audit: type=1400 audit(1762377318.958:1144): avc:  denied  { open } for  pid=10119 comm="syz.3.1031" path="/197/file0/file0" dev="fuse" ino=6 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[  411.227482][T10129] cgroup: none used incorrectly
[  412.115840][T10178] netlink: 620 bytes leftover after parsing attributes in process `syz.2.1044'.
[  413.731514][T10202] netlink: 'syz.4.1051': attribute type 1 has an invalid length.
[  413.739318][T10202] netlink: 'syz.4.1051': attribute type 2 has an invalid length.
[  413.751006][T10202] tmpfs: Bad value for 'mpol'
[  414.423464][ T5820] usb 4-1: new high-speed USB device number 52 using dummy_hcd
[  414.437325][T10206] syzkaller1: entered promiscuous mode
[  414.445560][T10206] syzkaller1: entered allmulticast mode
[  414.655566][   T30] audit: type=1400 audit(1762377322.458:1145): avc:  denied  { module_load } for  pid=10207 comm="syz.1.1053" path="/sys/power/wakeup_count" dev="sysfs" ino=1413 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=system permissive=1
[  414.664364][ T5820] usb 4-1: Using ep0 maxpacket: 16
[  414.680015][    C1] vkms_vblank_simulate: vblank timer overrun
[  414.726236][T10210] netlink: 256 bytes leftover after parsing attributes in process `syz.1.1053'.
[  414.846788][ T5820] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  414.935062][ T5820] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2
[  414.954301][ T5820] usb 4-1: config 1 interface 0 altsetting 0 has an invalid endpoint descriptor of length 2, skipping
[  414.977974][ T5820] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  415.054015][T10216] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1055'.
[  415.516442][ T5820] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  415.524506][ T5820] usb 4-1: Product: syz
[  415.528784][ T5820] usb 4-1: Manufacturer: syz
[  415.533557][ T5820] usb 4-1: SerialNumber: syz
[  415.663301][T10219] netlink: 'syz.1.1057': attribute type 10 has an invalid length.
[  415.671235][T10219] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1057'.
[  416.066730][T10223] new mount options do not match the existing superblock, will be ignored
[  416.141949][   T30] audit: type=1800 audit(1762377323.928:1146): pid=10228 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.1.1059" name="bus" dev="overlay" ino=1182 res=0 errno=0
[  416.163823][    C1] vkms_vblank_simulate: vblank timer overrun
[  416.959375][ T5820] cdc_ncm 4-1:1.0: CDC Union missing and no IAD found
[  416.966380][ T5820] cdc_ncm 4-1:1.0: bind() failure
[  416.976101][ T5820] usb 4-1: USB disconnect, device number 52
[  417.467248][T10244] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1062'.
[  417.972852][T10253] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  417.982529][T10253] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  418.184307][T10259] syzkaller1: entered promiscuous mode
[  418.190366][T10259] syzkaller1: entered allmulticast mode
[  418.702994][T10270] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  418.788538][ T5894] usb 3-1: new high-speed USB device number 49 using dummy_hcd
[  418.850119][T10270] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  418.955191][ T5894] usb 3-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=8a.b0
[  418.988148][ T5894] usb 3-1: New USB device strings: Mfr=7, Product=218, SerialNumber=3
[  419.034863][ T5894] usb 3-1: Product: syz
[  419.052110][ T5894] usb 3-1: Manufacturer: syz
[  419.068253][ T5894] usb 3-1: SerialNumber: syz
[  419.108320][ T5894] usb 3-1: config 0 descriptor??
[  419.899063][   T30] audit: type=1400 audit(1762377327.678:1147): avc:  denied  { kexec_image_load } for  pid=10263 comm="syz.2.1068" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1
[  420.179723][ T5894] usb 3-1: Firmware version (0.0) predates our first public release.
[  420.517832][T10292] netlink: 120 bytes leftover after parsing attributes in process `syz.3.1075'.
[  420.525251][ T5894] usb 3-1: Please update to version 0.2 or newer
[  420.685544][   T30] audit: type=1400 audit(1762377328.488:1148): avc:  denied  { write } for  pid=10299 comm="syz.3.1077" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=socket permissive=1
[  420.746669][   T30] audit: type=1400 audit(1762377328.488:1149): avc:  denied  { read } for  pid=10299 comm="syz.3.1077" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=socket permissive=1
[  420.766578][   T30] audit: type=1400 audit(1762377328.538:1150): avc:  denied  { listen } for  pid=10272 comm="syz.0.1070" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  420.788605][T10303] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1077'.
[  420.861860][T10305] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1077'.
[  420.951630][T10307] syzkaller1: entered promiscuous mode
[  420.957392][T10307] syzkaller1: entered allmulticast mode
[  421.093521][T10311] FAULT_INJECTION: forcing a failure.
[  421.093521][T10311] name failslab, interval 1, probability 0, space 0, times 0
[  421.125061][T10311] CPU: 0 UID: 0 PID: 10311 Comm: syz.0.1080 Not tainted syzkaller #0 PREEMPT(full) 
[  421.125078][T10311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  421.125085][T10311] Call Trace:
[  421.125089][T10311]  <TASK>
[  421.125094][T10311]  dump_stack_lvl+0x16c/0x1f0
[  421.125114][T10311]  should_fail_ex+0x512/0x640
[  421.125126][T10311]  ? __kmalloc_cache_noprof+0x5f/0x780
[  421.125143][T10311]  should_failslab+0xc2/0x120
[  421.125156][T10311]  __kmalloc_cache_noprof+0x72/0x780
[  421.125171][T10311]  ? nft_netdev_hook_alloc+0x242/0x450
[  421.125187][T10311]  ? nft_netdev_hook_alloc+0x242/0x450
[  421.125200][T10311]  nft_netdev_hook_alloc+0x242/0x450
[  421.125216][T10311]  nf_tables_parse_netdev_hooks+0x2e2/0x7d0
[  421.125235][T10311]  nft_chain_parse_hook+0xca0/0x12b0
[  421.125254][T10311]  ? __pfx_nft_chain_parse_hook+0x10/0x10
[  421.125277][T10311]  nf_tables_addchain.constprop.0+0xbfa/0x1c90
[  421.125293][T10311]  ? nf_tables_bind_set+0x6b5/0x9d0
[  421.125310][T10311]  ? nft_chain_lookup+0x5be/0xaa0
[  421.125322][T10311]  ? __pfx_nf_tables_addchain.constprop.0+0x10/0x10
[  421.125350][T10311]  ? nla_strcmp+0xff/0x130
[  421.125366][T10311]  ? nft_table_lookup.part.0+0x1e3/0x230
[  421.125383][T10311]  nf_tables_newchain+0x206d/0x2da0
[  421.125397][T10311]  ? __print_lock_name+0x25/0xe0
[  421.125410][T10311]  ? net_generic+0xea/0x2a0
[  421.125426][T10311]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  421.125442][T10311]  ? __nla_validate_parse+0x600/0x2880
[  421.125459][T10311]  ? __pfx_nf_tables_newchain+0x10/0x10
[  421.125474][T10311]  ? __pfx___nla_validate_parse+0x10/0x10
[  421.125499][T10311]  ? __nla_parse+0x40/0x60
[  421.125516][T10311]  nfnetlink_rcv_batch+0x190d/0x2350
[  421.125535][T10311]  ? __pfx_nfnetlink_rcv_batch+0x10/0x10
[  421.125556][T10311]  ? avc_has_perm_noaudit+0x149/0x3b0
[  421.125584][T10311]  ? __nla_parse+0x40/0x60
[  421.125601][T10311]  nfnetlink_rcv+0x3c1/0x430
[  421.125612][T10311]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  421.125649][T10311]  netlink_unicast+0x5aa/0x870
[  421.125667][T10311]  ? __pfx_netlink_unicast+0x10/0x10
[  421.125688][T10311]  netlink_sendmsg+0x8c8/0xdd0
[  421.125705][T10311]  ? __pfx_netlink_sendmsg+0x10/0x10
[  421.125725][T10311]  ____sys_sendmsg+0xa98/0xc70
[  421.125738][T10311]  ? copy_msghdr_from_user+0x10a/0x160
[  421.125752][T10311]  ? __pfx_____sys_sendmsg+0x10/0x10
[  421.125768][T10311]  ___sys_sendmsg+0x134/0x1d0
[  421.125783][T10311]  ? __pfx____sys_sendmsg+0x10/0x10
[  421.125795][T10311]  ? __lock_acquire+0x622/0x1c90
[  421.125828][T10311]  __sys_sendmsg+0x16d/0x220
[  421.125842][T10311]  ? __pfx___sys_sendmsg+0x10/0x10
[  421.125864][T10311]  do_syscall_64+0xcd/0xfa0
[  421.125881][T10311]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  421.125892][T10311] RIP: 0033:0x7fecf2d8f6c9
[  421.125901][T10311] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  421.125914][T10311] RSP: 002b:00007fecf3bf1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  421.125924][T10311] RAX: ffffffffffffffda RBX: 00007fecf2fe5fa0 RCX: 00007fecf2d8f6c9
[  421.125931][T10311] RDX: 0000000000000000 RSI: 000020000000c2c0 RDI: 0000000000000003
[  421.125937][T10311] RBP: 00007fecf3bf1090 R08: 0000000000000000 R09: 0000000000000000
[  421.125942][T10311] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  421.125948][T10311] R13: 00007fecf2fe6038 R14: 00007fecf2fe5fa0 R15: 00007fffea1557e8
[  421.125962][T10311]  </TASK>
[  421.647362][T10317] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1079'.
[  421.661362][T10317] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  421.670450][T10317] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  422.814169][ T5894] usb 3-1: USB disconnect, device number 49
[  424.392440][T10357] netlink: 'syz.3.1091': attribute type 2 has an invalid length.
[  424.404502][T10357] netlink: 'syz.3.1091': attribute type 1 has an invalid length.
[  424.906293][   T30] audit: type=1400 audit(1762377332.708:1151): avc:  denied  { setopt } for  pid=10358 comm="syz.2.1093" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  425.811051][T10380] bond1 (unregistering): Released all slaves
[  425.870772][ T5894] usb 4-1: new low-speed USB device number 53 using dummy_hcd
[  426.567476][ T5894] usb 4-1: device descriptor read/64, error -71
[  426.858319][ T5894] usb 4-1: new low-speed USB device number 54 using dummy_hcd
[  427.252633][ T5894] usb 4-1: device descriptor read/64, error -71
[  427.413107][T10408] siw: device registration error -23
[  427.821210][ T5894] usb usb4-port1: attempt power cycle
[  428.918544][ T5894] usb 4-1: new low-speed USB device number 55 using dummy_hcd
[  429.168380][ T5894] usb 4-1: device not accepting address 55, error -71
[  429.270734][T10429] netlink: 'syz.4.1111': attribute type 1 has an invalid length.
[  429.285315][T10431] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  429.302175][T10429] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1111'.
[  429.758319][   T30] audit: type=1400 audit(1762377337.558:1152): avc:  denied  { setopt } for  pid=10422 comm="syz.3.1109" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  429.801344][T10425] xt_TCPMSS: Only works on TCP SYN packets
[  430.638359][ T5894] usb 4-1: new high-speed USB device number 57 using dummy_hcd
[  430.787787][   T30] audit: type=1400 audit(1762377338.578:1153): avc:  denied  { mount } for  pid=10455 comm="syz.0.1118" name="/" dev="autofs" ino=26128 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1
[  430.868287][ T5894] usb 4-1: device descriptor read/64, error -71
[  430.875210][   T30] audit: type=1400 audit(1762377338.618:1154): avc:  denied  { mounton } for  pid=10455 comm="syz.0.1118" path="/207/file1" dev="autofs" ino=26128 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=dir permissive=1
[  432.041211][ T5894] usb 4-1: new high-speed USB device number 58 using dummy_hcd
[  432.875170][ T5894] usb 4-1: device descriptor read/64, error -71
[  433.001899][ T5894] usb usb4-port1: attempt power cycle
[  435.263135][T10498] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1129'.
[  435.275904][T10500] netlink: 'syz.1.1129': attribute type 9 has an invalid length.
[  435.285939][T10498] netlink: 'syz.1.1129': attribute type 30 has an invalid length.
[  435.315084][T10498] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1129'.
[  435.327428][T10500] bridge1: the hash_elasticity option has been deprecated and is always 16
[  435.756233][   T30] audit: type=1400 audit(1762377343.558:1155): avc:  denied  { unmount } for  pid=5811 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1
[  436.433628][T10517] netlink: 116 bytes leftover after parsing attributes in process `syz.3.1134'.
[  436.526589][   T30] audit: type=1400 audit(1762377344.328:1156): avc:  denied  { create } for  pid=10521 comm="syz.4.1136" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  436.573738][   T30] audit: type=1400 audit(1762377344.358:1157): avc:  denied  { ioctl } for  pid=10521 comm="syz.4.1136" path="socket:[26643]" dev="sockfs" ino=26643 ioctlcmd=0x89e2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  436.598887][   T30] audit: type=1400 audit(1762377344.358:1158): avc:  denied  { write } for  pid=10521 comm="syz.4.1136" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  436.842756][T10535] FAULT_INJECTION: forcing a failure.
[  436.842756][T10535] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  436.856292][T10535] CPU: 1 UID: 0 PID: 10535 Comm: syz.3.1137 Not tainted syzkaller #0 PREEMPT(full) 
[  436.856315][T10535] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  436.856325][T10535] Call Trace:
[  436.856331][T10535]  <TASK>
[  436.856338][T10535]  dump_stack_lvl+0x16c/0x1f0
[  436.856368][T10535]  should_fail_ex+0x512/0x640
[  436.856392][T10535]  _copy_from_user+0x2e/0xd0
[  436.856414][T10535]  copy_from_sockptr_offset+0x15c/0x1b0
[  436.856436][T10535]  ? __pfx_copy_from_sockptr_offset+0x10/0x10
[  436.856462][T10535]  do_ipt_set_ctl+0x544/0xae0
[  436.856481][T10535]  ? nf_sockopt_find.constprop.0+0x222/0x290
[  436.856508][T10535]  ? find_held_lock+0x2b/0x80
[  436.856531][T10535]  ? __pfx_do_ipt_set_ctl+0x10/0x10
[  436.856550][T10535]  ? lockdep_hardirqs_on+0x7c/0x110
[  436.856576][T10535]  ? sockopt_release_sock+0x52/0x60
[  436.856599][T10535]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  436.856614][T10535]  ? sockopt_release_sock+0x52/0x60
[  436.856649][T10535]  ? nf_sockopt_find.constprop.0+0x222/0x290
[  436.856678][T10535]  nf_setsockopt+0x8d/0xf0
[  436.856711][T10535]  ip_setsockopt+0xcb/0xf0
[  436.856733][T10535]  udp_setsockopt+0x7d/0xd0
[  436.856750][T10535]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  436.856778][T10535]  do_sock_setsockopt+0xf3/0x1d0
[  436.856806][T10535]  __sys_setsockopt+0x1a0/0x230
[  436.856832][T10535]  __x64_sys_setsockopt+0xbd/0x160
[  436.856851][T10535]  ? do_syscall_64+0x91/0xfa0
[  436.856876][T10535]  ? lockdep_hardirqs_on+0x7c/0x110
[  436.856901][T10535]  do_syscall_64+0xcd/0xfa0
[  436.856927][T10535]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  436.856944][T10535] RIP: 0033:0x7f0b7078f6c9
[  436.856958][T10535] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  436.856973][T10535] RSP: 002b:00007f0b715c1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  436.856990][T10535] RAX: ffffffffffffffda RBX: 00007f0b709e6180 RCX: 00007f0b7078f6c9
[  436.857001][T10535] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000006
[  436.857011][T10535] RBP: 00007f0b715c1090 R08: 00000000000004a0 R09: 0000000000000000
[  436.857021][T10535] R10: 0000200000000540 R11: 0000000000000246 R12: 0000000000000001
[  436.857030][T10535] R13: 00007f0b709e6218 R14: 00007f0b709e6180 R15: 00007fff2428fed8
[  436.857054][T10535]  </TASK>
[  437.184157][   T30] audit: type=1400 audit(1762377344.988:1159): avc:  denied  { connect } for  pid=10532 comm="syz.2.1139" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  438.339853][T10550] vlan0: entered allmulticast mode
[  438.678843][T10550] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  438.928394][ T1207] usb 3-1: new high-speed USB device number 50 using dummy_hcd
[  439.500214][ T1207] usb 3-1: Using ep0 maxpacket: 16
[  439.519209][ T1207] usb 3-1: config 0 interface 0 has no altsetting 0
[  439.527320][ T1207] usb 3-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  439.537653][ T1207] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  439.550369][ T1207] usb 3-1: config 0 descriptor??
[  439.567534][T10567] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1148'.
[  439.587356][   T30] audit: type=1400 audit(1762377347.388:1160): avc:  denied  { view } for  pid=10566 comm="syz.4.1148" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1
[  439.691430][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  439.697823][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  439.730228][ T5819] Bluetooth: hci2: unexpected event for opcode 0x0c5b
[  439.848154][T10573] 

: renamed from veth1_to_hsr (while UP)
[  440.167029][ T1207] usbhid 3-1:0.0: can't add hid device: -71
[  440.173577][ T1207] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  440.265980][T10578] FAULT_INJECTION: forcing a failure.
[  440.265980][T10578] name failslab, interval 1, probability 0, space 0, times 0
[  440.316999][ T1207] usb 3-1: USB disconnect, device number 50
[  440.333225][T10578] CPU: 1 UID: 0 PID: 10578 Comm: syz.4.1152 Not tainted syzkaller #0 PREEMPT(full) 
[  440.333251][T10578] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  440.333260][T10578] Call Trace:
[  440.333266][T10578]  <TASK>
[  440.333274][T10578]  dump_stack_lvl+0x16c/0x1f0
[  440.333304][T10578]  should_fail_ex+0x512/0x640
[  440.333324][T10578]  ? __kmalloc_noprof+0xca/0x880
[  440.333351][T10578]  should_failslab+0xc2/0x120
[  440.333372][T10578]  __kmalloc_noprof+0xdd/0x880
[  440.333393][T10578]  ? __pfx___mutex_trylock_common+0x10/0x10
[  440.333416][T10578]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[  440.333441][T10578]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[  440.333458][T10578]  genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[  440.333477][T10578]  ? __mutex_lock+0x1c5/0x1060
[  440.333495][T10578]  genl_family_rcv_msg_doit+0xbf/0x2f0
[  440.333514][T10578]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  440.333531][T10578]  ? genl_get_cmd+0x194/0x580
[  440.333565][T10578]  ? __radix_tree_lookup+0x21f/0x2c0
[  440.333592][T10578]  genl_rcv_msg+0x55c/0x800
[  440.333612][T10578]  ? __pfx_genl_rcv_msg+0x10/0x10
[  440.333629][T10578]  ? __pfx_tipc_nl_node_set_monitor+0x10/0x10
[  440.333666][T10578]  netlink_rcv_skb+0x158/0x420
[  440.333691][T10578]  ? __pfx_genl_rcv_msg+0x10/0x10
[  440.333709][T10578]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  440.333744][T10578]  ? netlink_deliver_tap+0x1ae/0xd30
[  440.333772][T10578]  genl_rcv+0x28/0x40
[  440.333796][T10578]  netlink_unicast+0x5aa/0x870
[  440.333825][T10578]  ? __pfx_netlink_unicast+0x10/0x10
[  440.333860][T10578]  netlink_sendmsg+0x8c8/0xdd0
[  440.333890][T10578]  ? __pfx_netlink_sendmsg+0x10/0x10
[  440.333925][T10578]  ____sys_sendmsg+0xa98/0xc70
[  440.333944][T10578]  ? copy_msghdr_from_user+0x10a/0x160
[  440.333966][T10578]  ? __pfx_____sys_sendmsg+0x10/0x10
[  440.333996][T10578]  ___sys_sendmsg+0x134/0x1d0
[  440.334020][T10578]  ? __pfx____sys_sendmsg+0x10/0x10
[  440.334040][T10578]  ? __lock_acquire+0x622/0x1c90
[  440.334100][T10578]  __sys_sendmsg+0x16d/0x220
[  440.334123][T10578]  ? __pfx___sys_sendmsg+0x10/0x10
[  440.334163][T10578]  do_syscall_64+0xcd/0xfa0
[  440.334191][T10578]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  440.334208][T10578] RIP: 0033:0x7f9ce438f6c9
[  440.334223][T10578] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  440.334239][T10578] RSP: 002b:00007f9ce25f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  440.334255][T10578] RAX: ffffffffffffffda RBX: 00007f9ce45e5fa0 RCX: 00007f9ce438f6c9
[  440.334266][T10578] RDX: 0000000004008848 RSI: 0000200000000100 RDI: 0000000000000003
[  440.334277][T10578] RBP: 00007f9ce25f6090 R08: 0000000000000000 R09: 0000000000000000
[  440.334287][T10578] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  440.334297][T10578] R13: 00007f9ce45e6038 R14: 00007f9ce45e5fa0 R15: 00007ffc2fffebb8
[  440.334323][T10578]  </TASK>
[  442.039334][T10595] lo speed is unknown, defaulting to 1000
[  442.346579][T10592] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1156'.
[  443.040298][   T30] audit: type=1400 audit(1762377350.788:1161): avc:  denied  { setopt } for  pid=10601 comm="syz.2.1159" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  443.696646][   T30] audit: type=1400 audit(1762377351.498:1162): avc:  denied  { ioctl } for  pid=10608 comm="syz.4.1160" path="/dev/ptyqd" dev="devtmpfs" ino=132 ioctlcmd=0x4b63 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1
[  443.721775][    C0] vkms_vblank_simulate: vblank timer overrun
[  443.748954][   T30] audit: type=1400 audit(1762377351.538:1163): avc:  denied  { create } for  pid=10608 comm="syz.4.1160" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmpvc_socket permissive=1
[  445.341609][   T30] audit: type=1400 audit(1762377353.138:1164): avc:  denied  { write } for  pid=10619 comm="syz.4.1164" name="renderD128" dev="devtmpfs" ino=626 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  445.738305][   T30] audit: type=1400 audit(1762377353.518:1165): avc:  denied  { ioctl } for  pid=10619 comm="syz.4.1164" path="socket:[26859]" dev="sockfs" ino=26859 ioctlcmd=0x942d scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  445.844100][T10630] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  445.884013][T10630] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  446.028374][    T9] usb 2-1: new full-speed USB device number 46 using dummy_hcd
[  446.190426][T10635] vlan2: entered allmulticast mode
[  446.191067][T10636] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  446.252101][    T9] usb 2-1: too many configurations: 36, using maximum allowed: 8
[  446.261908][    T9] usb 2-1: unable to read config index 0 descriptor/start: -61
[  446.269769][    T9] usb 2-1: can't read configurations, error -61
[  446.327576][   T30] audit: type=1400 audit(1762377354.108:1166): avc:  denied  { name_bind } for  pid=10633 comm="syz.0.1168" src=65530 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=rawip_socket permissive=1
[  446.454021][    T9] usb 2-1: new full-speed USB device number 47 using dummy_hcd
[  446.630806][    T9] usb 2-1: too many configurations: 36, using maximum allowed: 8
[  446.646191][    T9] usb 2-1: unable to read config index 0 descriptor/start: -61
[  446.659083][    T9] usb 2-1: can't read configurations, error -61
[  446.676897][    T9] usb usb2-port1: attempt power cycle
[  446.941556][T10653] overlayfs: missing 'lowerdir'
[  446.952257][T10653] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1172'.
[  447.399366][    T9] usb 2-1: new full-speed USB device number 48 using dummy_hcd
[  447.447477][    T9] usb 2-1: too many configurations: 36, using maximum allowed: 8
[  447.481812][    T9] usb 2-1: unable to read config index 0 descriptor/start: -61
[  447.505283][    T9] usb 2-1: can't read configurations, error -61
[  447.672963][    T9] usb 2-1: new full-speed USB device number 49 using dummy_hcd
[  447.838994][T10663] siw: device registration error -23
[  448.210420][    T9] usb 2-1: too many configurations: 36, using maximum allowed: 8
[  448.250533][    T9] usb 2-1: unable to read config index 0 descriptor/start: -71
[  448.287979][    T9] usb 2-1: can't read configurations, error -71
[  448.321079][    T9] usb usb2-port1: unable to enumerate USB device
[  448.586081][T10670] FAULT_INJECTION: forcing a failure.
[  448.586081][T10670] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  448.602962][T10670] CPU: 1 UID: 0 PID: 10670 Comm: syz.1.1181 Not tainted syzkaller #0 PREEMPT(full) 
[  448.602986][T10670] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  448.602997][T10670] Call Trace:
[  448.603003][T10670]  <TASK>
[  448.603010][T10670]  dump_stack_lvl+0x16c/0x1f0
[  448.603042][T10670]  should_fail_ex+0x512/0x640
[  448.603066][T10670]  copy_fpstate_to_sigframe+0x854/0xaf0
[  448.603096][T10670]  ? __pfx_copy_fpstate_to_sigframe+0x10/0x10
[  448.603127][T10670]  ? collect_signal+0x263/0x540
[  448.603152][T10670]  ? x86_task_fpu+0x5f/0x90
[  448.603176][T10670]  get_sigframe+0x4a8/0x9c0
[  448.603201][T10670]  ? __pfx_get_sigframe+0x10/0x10
[  448.603223][T10670]  ? _raw_spin_unlock_irq+0x23/0x50
[  448.603247][T10670]  ? siginfo_layout+0x1d2/0x290
[  448.603271][T10670]  x64_setup_rt_frame+0x12e/0xcf0
[  448.603299][T10670]  ? __pfx_x64_setup_rt_frame+0x10/0x10
[  448.603328][T10670]  arch_do_signal_or_restart+0x5e4/0x7c0
[  448.603357][T10670]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  448.603385][T10670]  ? ksys_write+0x1ac/0x250
[  448.603402][T10670]  ? __pfx_ksys_write+0x10/0x10
[  448.603424][T10670]  exit_to_user_mode_loop+0x85/0x130
[  448.603444][T10670]  do_syscall_64+0x426/0xfa0
[  448.603474][T10670]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  448.603491][T10670] RIP: 0033:0x7f60fa58f6c9
[  448.603506][T10670] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  448.603524][T10670] RSP: 002b:00007f60fb436038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  448.603541][T10670] RAX: ffffffffffffffe0 RBX: 00007f60fa7e5fa0 RCX: 00007f60fa58f6c9
[  448.603553][T10670] RDX: 0000000000000001 RSI: 0000200000003c00 RDI: 0000000000000003
[  448.603563][T10670] RBP: 00007f60fb436090 R08: 0000000000000000 R09: 0000000000000000
[  448.603573][T10670] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  448.603582][T10670] R13: 00007f60fa7e6038 R14: 00007f60fa7e5fa0 R15: 00007ffc21840c98
[  448.603606][T10670]  </TASK>
[  448.936648][   T30] audit: type=1400 audit(1762377356.708:1167): avc:  denied  { append } for  pid=10664 comm="syz.4.1178" name="sg0" dev="devtmpfs" ino=767 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  448.960405][    C0] vkms_vblank_simulate: vblank timer overrun
[  449.714350][T10665] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  450.114638][T10689] lo speed is unknown, defaulting to 1000
[  450.120554][T10689] lo speed is unknown, defaulting to 1000
[  450.126906][T10689] lo speed is unknown, defaulting to 1000
[  450.151985][T10689] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  450.195595][T10684] netlink: 72 bytes leftover after parsing attributes in process `syz.4.1184'.
[  450.277430][T10689] lo speed is unknown, defaulting to 1000
[  450.379719][T10689] lo speed is unknown, defaulting to 1000
[  450.438624][   T30] audit: type=1400 audit(1762377358.248:1168): avc:  denied  { setopt } for  pid=10695 comm="syz.3.1187" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  450.449615][T10689] lo speed is unknown, defaulting to 1000
[  450.475146][T10689] lo speed is unknown, defaulting to 1000
[  450.546383][T10689] lo speed is unknown, defaulting to 1000
[  451.531194][T10715] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  451.545896][T10715] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  453.845440][T10729] siw: device registration error -23
[  454.960276][T10747] netlink: 'syz.4.1199': attribute type 21 has an invalid length.
[  454.968312][T10747] netlink: 176 bytes leftover after parsing attributes in process `syz.4.1199'.
[  455.062276][T10747] F2FS-fs (loop9): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  455.077966][T10747] F2FS-fs (loop9): Can't find valid F2FS filesystem in 1th superblock
[  455.300336][T10747] F2FS-fs (loop9): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  455.308137][T10747] F2FS-fs (loop9): Can't find valid F2FS filesystem in 2th superblock
[  459.258322][   T30] audit: type=1400 audit(1762377367.038:1169): avc:  denied  { mount } for  pid=10778 comm="syz.3.1208" name="/" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[  459.308445][ T5873] usb 2-1: new high-speed USB device number 50 using dummy_hcd
[  459.693722][T10788] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  459.702588][T10788] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  459.718343][ T5873] usb 2-1: device descriptor read/64, error -71
[  459.808130][T10788] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  459.824407][T10790] can: request_module (can-proto-4) failed.
[  460.290415][T10788] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  460.362345][T10790] tipc: Started in network mode
[  460.370145][T10790] tipc: Node identity ac1414aa, cluster identity 4711
[  460.379512][T10790] tipc: Enabled bearer <udp:syz2>, priority 10
[  460.392077][T10790] tipc: Enabled bearer <ib:wg1>, priority 0
[  460.408518][ T5873] usb 2-1: new high-speed USB device number 51 using dummy_hcd
[  460.551928][ T5873] usb 2-1: device descriptor read/64, error -71
[  460.679710][ T5873] usb usb2-port1: attempt power cycle
[  461.228942][ T5873] usb 2-1: new high-speed USB device number 52 using dummy_hcd
[  461.393290][T10799] binder: 10796:10799 ioctl c0306201 0 returned -14
[  461.898250][T10810] delete_channel: no stack
[  462.149297][ T5873] usb 2-1: device not accepting address 52, error -71
[  462.330164][   T48] tipc: Node number set to 2886997162
[  462.888393][ T5873] usb 2-1: new high-speed USB device number 53 using dummy_hcd
[  462.908781][ T5873] usb 2-1: Using ep0 maxpacket: 8
[  462.918645][   T30] audit: type=1400 audit(1762377370.268:1170): avc:  denied  { ioctl } for  pid=10809 comm="syz.4.1215" path="socket:[28000]" dev="sockfs" ino=28000 ioctlcmd=0x7437 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  464.047286][T10821] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  464.072828][T10821] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  464.163333][T10823] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  464.172943][T10823] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  464.305336][ T5873] usb 2-1: unable to get BOS descriptor or descriptor too short
[  464.313116][ T5873] usb 2-1: no configurations
[  464.318237][ T5873] usb 2-1: can't read configurations, error -22
[  464.328567][ T5873] usb usb2-port1: unable to enumerate USB device
[  464.419018][T10825] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  464.881940][T10824] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1218'.
[  465.553978][   T30] audit: type=1400 audit(1762377373.348:1171): avc:  denied  { lock } for  pid=10827 comm="syz.1.1220" path="/dev/input/mice" dev="devtmpfs" ino=916 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  465.650468][T10831] loop2: detected capacity change from 0 to 7
[  465.659353][T10831] Dev loop2: unable to read RDB block 7
[  465.664902][T10831]  loop2: unable to read partition table
[  465.671910][T10831] loop2: partition table beyond EOD, truncated
[  465.692581][T10831] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  466.158404][T10844] /dev/nullb0: Can't open blockdev
[  466.996393][T10857] delete_channel: no stack
[  467.511048][ T5873] usb 3-1: new high-speed USB device number 51 using dummy_hcd
[  467.566296][ T5934] Bluetooth: hci5: Frame reassembly failed (-84)
[  467.575365][T10860] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  467.668246][ T5873] usb 3-1: Using ep0 maxpacket: 16
[  467.675267][ T5873] usb 3-1: config 0 interface 0 has no altsetting 0
[  467.682100][ T5873] usb 3-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  467.691433][ T5873] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  467.713696][ T5873] usb 3-1: config 0 descriptor??
[  467.738260][    T9] usb 4-1: new high-speed USB device number 60 using dummy_hcd
[  467.888302][    T9] usb 4-1: Using ep0 maxpacket: 8
[  468.140897][    C1] raw-gadget.4 gadget.2: ignoring, device is not running
[  468.148706][ T5873] usbhid 3-1:0.0: can't add hid device: -71
[  468.154723][ T5873] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  468.176142][ T5873] usb 3-1: USB disconnect, device number 51
[  469.502019][T10878] siw: device registration error -23
[  469.608656][ T5819] Bluetooth: hci5: Entering manufacturer mode failed (-110)
[  469.689707][ T9778] Bluetooth: hci0: Opcode 0x1407 failed: -110
[  469.768487][ T9778] Bluetooth: hci0: command 0x0c1a tx timeout
[  469.885946][    T9] usb 4-1: unable to get BOS descriptor or descriptor too short
[  469.898817][    T9] usb 4-1: no configurations
[  469.903426][    T9] usb 4-1: can't read configurations, error -22
[  471.731865][T10902] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1243'.
[  471.917730][T10904] input: syz1 as /devices/virtual/input/input19
[  472.617173][   T30] audit: type=1400 audit(1762377380.328:1172): avc:  denied  { ioctl } for  pid=10897 comm="syz.4.1242" path="/dev/input/mice" dev="devtmpfs" ino=916 ioctlcmd=0x5501 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  472.911717][T10912] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  472.923868][T10912] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  473.098410][T10913] vlan2: entered allmulticast mode
[  473.191911][T10914] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  473.327011][ T5820] usb 3-1: new full-speed USB device number 52 using dummy_hcd
[  474.398972][ T5820] usb 3-1: too many configurations: 36, using maximum allowed: 8
[  474.417788][ T5820] usb 3-1: unable to read config index 0 descriptor/start: -61
[  474.427333][ T5820] usb 3-1: can't read configurations, error -61
[  474.619725][ T5820] usb 3-1: new full-speed USB device number 53 using dummy_hcd
[  474.798886][ T5820] usb 3-1: too many configurations: 36, using maximum allowed: 8
[  474.808476][ T5820] usb 3-1: unable to read config index 0 descriptor/start: -61
[  474.816073][ T5820] usb 3-1: can't read configurations, error -61
[  474.970467][T10935] delete_channel: no stack
[  475.299176][T10938] siw: device registration error -23
[  475.803206][ T5820] usb usb3-port1: attempt power cycle
[  478.356142][   T30] audit: type=1400 audit(1762377386.148:1173): avc:  denied  { append } for  pid=10955 comm="syz.4.1256" name="rtc0" dev="devtmpfs" ino=921 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  478.379371][    C0] vkms_vblank_simulate: vblank timer overrun
[  479.628626][ T5820] usb 3-1: new high-speed USB device number 55 using dummy_hcd
[  479.845095][ T5820] usb 3-1: Using ep0 maxpacket: 16
[  480.071728][ T5820] usb 3-1: config 0 interface 0 has no altsetting 0
[  480.098448][ T5820] usb 3-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  480.107505][ T5820] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  480.529997][T10992] delete_channel: no stack
[  481.303873][ T5820] usb 3-1: config 0 descriptor??
[  481.493314][ T5820] usbhid 3-1:0.0: can't add hid device: -71
[  481.523310][ T5820] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  481.545541][ T5820] usb 3-1: USB disconnect, device number 55
[  481.634487][    T9] usb 4-1: new high-speed USB device number 62 using dummy_hcd
[  482.028515][    T9] usb 4-1: Using ep0 maxpacket: 8
[  482.244124][T11008] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(9)
[  482.250954][T11008] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  482.477951][T11012] futex_wake_op: syz.2.1267 tries to shift op by -1; fix this program
[  482.491142][T11008] vhci_hcd vhci_hcd.0: Device attached
[  482.554778][T11019] IPVS: set_ctl: invalid protocol: 47 172.20.20.44:20004
[  482.728270][ T5820] usb 37-1: new low-speed USB device number 2 using vhci_hcd
[  483.228806][    T9] usb 4-1: unable to get BOS descriptor or descriptor too short
[  483.236525][    T9] usb 4-1: no configurations
[  483.271000][    T9] usb 4-1: can't read configurations, error -22
[  483.321625][T11010] vhci_hcd: connection reset by peer
[  483.343900][ T5934] vhci_hcd: stop threads
[  483.353718][ T5934] vhci_hcd: release socket
[  483.365245][ T5934] vhci_hcd: disconnect device
[  485.128293][    T9] usb 3-1: new high-speed USB device number 56 using dummy_hcd
[  486.553707][    T9] usb 3-1: Using ep0 maxpacket: 16
[  486.589477][    T9] usb 3-1: config 0 interface 0 has no altsetting 0
[  486.596138][    T9] usb 3-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  486.608203][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  486.626071][    T9] usb 3-1: config 0 descriptor??
[  486.808661][T11066] netdevsim netdevsim0: Direct firmware load for .
[  486.808661][T11066]  failed with error -2
[  486.830892][T11066] netdevsim netdevsim0: Falling back to sysfs fallback for: .
[  486.830892][T11066] 
[  486.861277][   T30] audit: type=1400 audit(1762377394.638:1174): avc:  denied  { firmware_load } for  pid=11058 comm="syz.0.1279" scontext=system_u:system_r:kernel_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  487.102570][    T9] usbhid 3-1:0.0: can't add hid device: -71
[  487.121506][    T9] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  487.165036][    T9] usb 3-1: USB disconnect, device number 56
[  487.171323][T11069] siw: device registration error -23
[  488.013531][ T5820] vhci_hcd: vhci_device speed not set
[  488.018892][   T30] audit: type=1400 audit(1762377395.818:1175): avc:  denied  { map } for  pid=11077 comm="syz.4.1285" path="socket:[28774]" dev="sockfs" ino=28774 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1
[  488.118295][    T9] usb 4-1: new high-speed USB device number 64 using dummy_hcd
[  488.268276][    T9] usb 4-1: device descriptor read/64, error -71
[  488.317229][   T30] audit: type=1400 audit(1762377396.058:1176): avc:  denied  { write } for  pid=11091 comm="syz.2.1288" path="socket:[28644]" dev="sockfs" ino=28644 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  488.869990][    T9] usb 4-1: new high-speed USB device number 65 using dummy_hcd
[  488.928233][ T5872] usb 2-1: new high-speed USB device number 54 using dummy_hcd
[  489.029341][    T9] usb 4-1: device descriptor read/64, error -71
[  489.158677][    T9] usb usb4-port1: attempt power cycle
[  489.203102][ T5872] usb 2-1: device descriptor read/64, error -71
[  489.383596][T11101] siw: device registration error -23
[  489.478307][ T5872] usb 2-1: new high-speed USB device number 55 using dummy_hcd
[  489.788223][    T9] usb 4-1: new high-speed USB device number 66 using dummy_hcd
[  489.808740][    T9] usb 4-1: device descriptor read/8, error -71
[  489.945688][ T5872] usb 2-1: device descriptor read/64, error -71
[  490.081663][ T5872] usb usb2-port1: attempt power cycle
[  490.284161][    T9] usb 4-1: new high-speed USB device number 67 using dummy_hcd
[  490.599284][    T9] usb 4-1: device not accepting address 67, error -71
[  490.610269][    T9] usb usb4-port1: unable to enumerate USB device
[  490.658265][ T5872] usb 2-1: new high-speed USB device number 56 using dummy_hcd
[  490.690280][ T5872] usb 2-1: device descriptor read/8, error -71
[  490.938342][ T5872] usb 2-1: new high-speed USB device number 57 using dummy_hcd
[  490.960528][ T5872] usb 2-1: device descriptor read/8, error -71
[  491.089329][ T5872] usb usb2-port1: unable to enumerate USB device
[  491.221068][T11128] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1299'.
[  491.240929][T11130] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1298'.
[  491.447272][T11136] mkiss: ax0: crc mode is auto.
[  491.471967][   T30] audit: type=1400 audit(1762377399.268:1177): avc:  denied  { accept } for  pid=11133 comm="syz.1.1301" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  491.508286][ T5820] usb 4-1: new high-speed USB device number 68 using dummy_hcd
[  491.567466][T11139] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  491.619761][T11139] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  491.668267][ T5820] usb 4-1: Using ep0 maxpacket: 32
[  491.677675][ T5820] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  491.686379][ T5820] usb 4-1: config 0 has no interface number 0
[  491.698118][ T5820] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  491.855333][ T5820] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  491.866104][ T5820] usb 4-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00
[  491.885326][ T5820] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  491.896203][ T5820] usb 4-1: config 0 descriptor??
[  491.991032][T11144] siw: device registration error -23
[  492.884731][ T5820] uclogic 0003:28BD:0094.000F: failed retrieving string descriptor #100: -71
[  492.893803][ T5820] uclogic 0003:28BD:0094.000F: failed retrieving pen parameters: -71
[  492.951464][ T5820] uclogic 0003:28BD:0094.000F: pen probing failed: -71
[  493.067005][ T5820] uclogic 0003:28BD:0094.000F: failed probing parameters: -71
[  493.080855][ T5820] uclogic 0003:28BD:0094.000F: probe with driver uclogic failed with error -71
[  493.100587][ T5820] usb 4-1: USB disconnect, device number 68
[  493.600618][ T5819] Bluetooth: hci4: command 0x0c1a tx timeout
[  494.876850][T11189] FAULT_INJECTION: forcing a failure.
[  494.876850][T11189] name failslab, interval 1, probability 0, space 0, times 0
[  494.890084][T11189] CPU: 0 UID: 0 PID: 11189 Comm: syz.4.1315 Not tainted syzkaller #0 PREEMPT(full) 
[  494.890107][T11189] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  494.890117][T11189] Call Trace:
[  494.890123][T11189]  <TASK>
[  494.890130][T11189]  dump_stack_lvl+0x16c/0x1f0
[  494.890162][T11189]  should_fail_ex+0x512/0x640
[  494.890184][T11189]  ? __kmalloc_cache_noprof+0x5f/0x780
[  494.890211][T11189]  should_failslab+0xc2/0x120
[  494.890231][T11189]  __kmalloc_cache_noprof+0x72/0x780
[  494.890256][T11189]  ? find_get_pid+0x19b/0x310
[  494.890271][T11189]  ? __scm_send+0xf0e/0x1660
[  494.890296][T11189]  ? __scm_send+0xf0e/0x1660
[  494.890315][T11189]  __scm_send+0xf0e/0x1660
[  494.890346][T11189]  ? __pfx___scm_send+0x10/0x10
[  494.890374][T11189]  unix_dgram_sendmsg+0x785/0x17f0
[  494.890400][T11189]  ? __pfx_tomoyo_socket_sendmsg_permission+0x10/0x10
[  494.890425][T11189]  ? __pfx_unix_dgram_sendmsg+0x10/0x10
[  494.890465][T11189]  ____sys_sendmsg+0xa98/0xc70
[  494.890486][T11189]  ? __pfx_____sys_sendmsg+0x10/0x10
[  494.890506][T11189]  ? __pfx__kstrtoull+0x10/0x10
[  494.890538][T11189]  ___sys_sendmsg+0x134/0x1d0
[  494.890563][T11189]  ? __pfx____sys_sendmsg+0x10/0x10
[  494.890598][T11189]  ? find_held_lock+0x2b/0x80
[  494.890636][T11189]  __sys_sendmmsg+0x200/0x420
[  494.890663][T11189]  ? __pfx___sys_sendmmsg+0x10/0x10
[  494.890694][T11189]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  494.890722][T11189]  ? fput+0x9b/0xd0
[  494.890743][T11189]  ? ksys_write+0x1ac/0x250
[  494.890760][T11189]  ? __pfx_ksys_write+0x10/0x10
[  494.890781][T11189]  __x64_sys_sendmmsg+0x9c/0x100
[  494.890803][T11189]  ? lockdep_hardirqs_on+0x7c/0x110
[  494.890830][T11189]  do_syscall_64+0xcd/0xfa0
[  494.890859][T11189]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  494.890876][T11189] RIP: 0033:0x7f9ce438f6c9
[  494.890890][T11189] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  494.890906][T11189] RSP: 002b:00007f9ce25b4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  494.890923][T11189] RAX: ffffffffffffffda RBX: 00007f9ce45e6180 RCX: 00007f9ce438f6c9
[  494.890934][T11189] RDX: 0000000000000001 RSI: 0000200000000700 RDI: 0000000000000005
[  494.890944][T11189] RBP: 00007f9ce25b4090 R08: 0000000000000000 R09: 0000000000000000
[  494.890954][T11189] R10: 0000000004014000 R11: 0000000000000246 R12: 0000000000000001
[  494.890963][T11189] R13: 00007f9ce45e6218 R14: 00007f9ce45e6180 R15: 00007ffc2fffebb8
[  494.890989][T11189]  </TASK>
[  495.669994][   T30] audit: type=1400 audit(1762377403.478:1178): avc:  denied  { ioctl } for  pid=11192 comm="syz.4.1317" path="socket:[28964]" dev="sockfs" ino=28964 ioctlcmd=0x5411 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  495.779320][T11196] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  495.812495][   T30] audit: type=1400 audit(1762377403.608:1179): avc:  denied  { setopt } for  pid=11197 comm="syz.4.1320" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  495.902329][   T30] audit: type=1400 audit(1762377403.698:1180): avc:  denied  { setattr } for  pid=11203 comm="syz.4.1322" name="ocfs2_control" dev="devtmpfs" ino=101 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  497.595758][ T5820] usb 4-1: new high-speed USB device number 69 using dummy_hcd
[  497.606313][T11231] vlan2: entered allmulticast mode
[  497.771735][ T5820] usb 4-1: New USB device found, idVendor=0856, idProduct=ac31, bcdDevice=93.1e
[  497.780899][ T5820] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  497.795395][ T5820] usb 4-1: Product: syz
[  497.810222][ T5820] usb 4-1: Manufacturer: syz
[  497.824109][ T5820] usb 4-1: SerialNumber: syz
[  497.840573][ T5820] usb 4-1: config 0 descriptor??
[  497.848243][ T9778] Bluetooth: hci5: command 0xfc11 tx timeout
[  497.871958][T11231] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  497.886307][ T5819] Bluetooth: hci5: Entering manufacturer mode failed (-110)
[  498.061730][ T5820] mos7840 4-1:0.0: required endpoints missing
[  498.667331][ T5873] usb 4-1: USB disconnect, device number 69
[  499.262753][T11249] delete_channel: no stack
[  499.894871][T11251] input: syz0 as /devices/virtual/input/input20
[  500.124778][T11252] kernel profiling enabled (shift: 17)
[  500.726372][ T5873] usb 3-1: new high-speed USB device number 57 using dummy_hcd
[  500.878334][ T5873] usb 3-1: Using ep0 maxpacket: 8
[  501.132705][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  501.139020][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  501.160650][T11268] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  501.173841][T11268] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  501.480639][   T48] usb 2-1: new high-speed USB device number 58 using dummy_hcd
[  501.940257][   T48] usb 2-1: config 0 has an invalid interface number: 22 but max is 0
[  501.948942][   T48] usb 2-1: config 0 has no interface number 0
[  501.963736][   T48] usb 2-1: New USB device found, idVendor=04e7, idProduct=0030, bcdDevice= 0.00
[  501.979276][   T48] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  501.995813][   T48] usb 2-1: config 0 descriptor??
[  502.067744][ T5873] usb 3-1: unable to get BOS descriptor or descriptor too short
[  502.118667][ T5819] Bluetooth: hci0: command 0x0c1a tx timeout
[  502.127779][ T1207] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  502.141702][ T1207] Bluetooth: hci0: Error when powering off device on rfkill (-110)
[  502.163828][ T5873] usb 3-1: no configurations
[  502.178288][ T5873] usb 3-1: can't read configurations, error -22
[  502.424458][T11271] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  502.434598][T11271] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  502.703107][   T30] audit: type=1400 audit(1762377410.508:1181): avc:  denied  { mount } for  pid=11294 comm="syz.0.1346" name="/" dev="hugetlbfs" ino=30052 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1
[  504.552080][ T1207] Bluetooth: hci1: Opcode 0x0c1a failed: -110
[  504.558214][ T1207] Bluetooth: hci1: Error when powering off device on rfkill (-110)
[  504.570235][ T5819] Bluetooth: hci1: command 0x0c1a tx timeout
[  504.588839][T11309] FAULT_INJECTION: forcing a failure.
[  504.588839][T11309] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  504.618756][   T48] usbhid 2-1:0.22: can't add hid device: -71
[  504.624784][   T48] usbhid 2-1:0.22: probe with driver usbhid failed with error -71
[  504.639367][   T48] usb 2-1: USB disconnect, device number 58
[  504.648818][T11309] CPU: 1 UID: 0 PID: 11309 Comm: syz.4.1349 Not tainted syzkaller #0 PREEMPT(full) 
[  504.648840][T11309] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  504.648850][T11309] Call Trace:
[  504.648856][T11309]  <TASK>
[  504.648862][T11309]  dump_stack_lvl+0x16c/0x1f0
[  504.648892][T11309]  should_fail_ex+0x512/0x640
[  504.648916][T11309]  _copy_from_user+0x2e/0xd0
[  504.648941][T11309]  copy_from_sockptr_offset.constprop.0+0x153/0x1a0
[  504.648962][T11309]  ? __pfx_copy_from_sockptr_offset.constprop.0+0x10/0x10
[  504.648984][T11309]  ? rcu_is_watching+0x12/0xc0
[  504.649010][T11309]  copy_group_source_from_sockptr+0x17a/0x570
[  504.649030][T11309]  ? __pfx_copy_group_source_from_sockptr+0x10/0x10
[  504.649050][T11309]  ? bpf_trace_run2+0x3e1/0x590
[  504.649071][T11309]  ? find_held_lock+0x2b/0x80
[  504.649092][T11309]  ? bpf_trace_run2+0x26b/0x590
[  504.649116][T11309]  ? bpf_trace_run2+0x2ab/0x590
[  504.649137][T11309]  ? __pfx_bpf_trace_run2+0x10/0x10
[  504.649161][T11309]  ? __lock_acquire+0xb8a/0x1c90
[  504.649191][T11309]  ? do_ip_setsockopt+0xf6/0x3240
[  504.649212][T11309]  do_mcast_group_source+0xd0/0x2e0
[  504.649231][T11309]  ? __pfx_do_mcast_group_source+0x10/0x10
[  504.649249][T11309]  ? __pfx___mutex_trylock_common+0x10/0x10
[  504.649302][T11309]  ? __local_bh_enable_ip+0xa4/0x120
[  504.649323][T11309]  ? lockdep_hardirqs_on+0x7c/0x110
[  504.649352][T11309]  do_ip_setsockopt+0xebb/0x3240
[  504.649375][T11309]  ? __pfx_do_ip_setsockopt+0x10/0x10
[  504.649396][T11309]  ? selinux_netlbl_socket_setsockopt+0x183/0x470
[  504.649417][T11309]  ? __pfx_selinux_netlbl_socket_setsockopt+0x10/0x10
[  504.649446][T11309]  ip_setsockopt+0x59/0xf0
[  504.649467][T11309]  udp_setsockopt+0x7d/0xd0
[  504.649485][T11309]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  504.649514][T11309]  do_sock_setsockopt+0xf3/0x1d0
[  504.649543][T11309]  __sys_setsockopt+0x1a0/0x230
[  504.649569][T11309]  __x64_sys_setsockopt+0xbd/0x160
[  504.649589][T11309]  ? do_syscall_64+0x91/0xfa0
[  504.649614][T11309]  ? lockdep_hardirqs_on+0x7c/0x110
[  504.649639][T11309]  do_syscall_64+0xcd/0xfa0
[  504.649666][T11309]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  504.649684][T11309] RIP: 0033:0x7f9ce438f6c9
[  504.649698][T11309] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  504.649715][T11309] RSP: 002b:00007f9ce25f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  504.649731][T11309] RAX: ffffffffffffffda RBX: 00007f9ce45e5fa0 RCX: 00007f9ce438f6c9
[  504.649743][T11309] RDX: 000000000000002e RSI: 0000000000000000 RDI: 0000000000000003
[  504.649753][T11309] RBP: 00007f9ce25f6090 R08: 0000000000000108 R09: 0000000000000000
[  504.649763][T11309] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001
[  504.649773][T11309] R13: 00007f9ce45e6038 R14: 00007f9ce45e5fa0 R15: 00007ffc2fffebb8
[  504.649799][T11309]  </TASK>
[  505.240324][T11323] binder: 11307:11323 ioctl c0306201 0 returned -14
[  506.268238][ T5941] usb 4-1: new full-speed USB device number 70 using dummy_hcd
[  506.475227][ T5941] usb 4-1: config 0 has an invalid interface number: 237 but max is 0
[  506.497662][ T5941] usb 4-1: config 0 has no interface number 0
[  506.514128][ T5941] usb 4-1: config 0 interface 237 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 4
[  506.680611][ T5819] Bluetooth: hci2: command 0x0c1a tx timeout
[  506.779808][ T1207] Bluetooth: hci2: Opcode 0x0c1a failed: -110
[  506.787824][ T1207] Bluetooth: hci2: Error when powering off device on rfkill (-110)
[  506.797923][ T5941] usb 4-1: config 0 interface 237 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 10
[  506.868290][ T5941] usb 4-1: config 0 interface 237 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[  506.903630][ T5941] usb 4-1: New USB device found, idVendor=045e, idProduct=01bd, bcdDevice=89.00
[  506.912798][ T5941] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  507.017685][ T5941] usb 4-1: Product: syz
[  507.033485][ T5941] usb 4-1: Manufacturer: syz
[  507.053712][ T5941] usb 4-1: SerialNumber: syz
[  507.090400][ T5941] usb 4-1: config 0 descriptor??
[  507.323319][ T5873] usb 4-1: USB disconnect, device number 70
[  507.366261][T11353] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  507.405912][T11353] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  508.304921][T11365] vlan0: entered allmulticast mode
[  508.477316][T11372] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  509.614314][ T9778] Bluetooth: hci4: command 0x0c1a tx timeout
[  509.622551][ T1207] Bluetooth: hci4: Opcode 0x0c1a failed: -110
[  509.629468][T11369] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  509.643174][ T1207] Bluetooth: hci4: Error when powering off device on rfkill (-110)
[  510.118702][T11368] vlan2: entered allmulticast mode
[  510.175282][T11385] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  510.731354][T11388] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  511.094080][T11397] vlan2: entered allmulticast mode
[  511.169186][T11398] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  511.448849][ T5820] usb 2-1: new high-speed USB device number 59 using dummy_hcd
[  511.579246][ T5873] usb 3-1: new high-speed USB device number 59 using dummy_hcd
[  511.598940][ T5820] usb 2-1: Using ep0 maxpacket: 32
[  511.609357][ T5820] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  511.620440][ T5820] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  511.630258][ T5820] usb 2-1: New USB device found, idVendor=1b96, idProduct=0008, bcdDevice= 0.00
[  511.642421][ T5820] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  511.657714][ T5820] usb 2-1: config 0 descriptor??
[  511.741291][ T5873] usb 3-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96
[  511.761563][ T5873] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  512.424664][ T5819] Bluetooth: hci5: command 0xfc11 tx timeout
[  512.461386][ T9778] Bluetooth: hci5: Entering manufacturer mode failed (-110)
[  512.470475][ T5873] usb 3-1: Product: syz
[  512.490868][ T5873] usb 3-1: Manufacturer: syz
[  512.733222][ T5873] usb 3-1: SerialNumber: syz
[  512.869170][ T5873] usb 3-1: config 0 descriptor??
[  513.045307][T11405] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  513.093641][ T5820] ntrig 0003:1B96:0008.0010: unknown main item tag 0x7
[  513.102375][T11403] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  513.185848][T11403] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  513.206593][ T5820] ntrig 0003:1B96:0008.0010: hidraw0: USB HID v0.00 Device [HID 1b96:0008] on usb-dummy_hcd.1-1/input0
[  513.208993][T11403] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  513.654503][ T5873] peak_usb 3-1:0.0 can0: unable to request usb[type=0 value=1] err=-71
[  513.700860][ T5873] peak_usb 3-1:0.0: unable to read PCAN-USB FD firmware info (err -71)
[  513.844208][   T30] audit: type=1400 audit(1762377421.648:1182): avc:  denied  { wake_alarm } for  pid=11427 comm="syz.4.1381" capability=35  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  513.868074][T11430] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  513.885957][T11430] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  513.897195][ T5873] peak_usb 3-1:0.0: probe with driver peak_usb failed with error -71
[  514.715875][ T5873] usb 3-1: USB disconnect, device number 59
[  514.741974][   T48] usb 2-1: USB disconnect, device number 59
[  514.812994][ T5872] lo speed is unknown, defaulting to 1000
[  515.195517][T11435] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  518.328225][ T5873] usb 4-1: new high-speed USB device number 71 using dummy_hcd
[  518.558218][ T5873] usb 4-1: Using ep0 maxpacket: 8
[  518.564934][ T5873] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  518.576220][ T5873] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  518.648452][ T5873] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 8
[  518.673633][ T5873] usb 4-1: New USB device found, idVendor=056e, idProduct=00fe, bcdDevice= 0.00
[  518.682926][ T5873] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  518.731903][T11485] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  518.739874][ T5873] usb 4-1: config 0 descriptor??
[  519.114531][   T30] audit: type=1400 audit(1762377426.908:1183): avc:  denied  { module_request } for  pid=11497 comm="syz.0.1402" kmod="netdev-syzkaller0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  519.421043][ T5873] elecom 0003:056E:00FE.0011: collection stack underflow
[  519.441699][ T5873] elecom 0003:056E:00FE.0011: item 0 2 0 12 parsing failed
[  519.490197][ T5873] elecom 0003:056E:00FE.0011: probe with driver elecom failed with error -22
[  519.690848][T11512] netlink: 'syz.2.1404': attribute type 1 has an invalid length.
[  519.892949][T11486] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  519.930776][T11486] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  520.310372][T11486] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  520.350484][T11486] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  520.433622][T11486] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  520.688793][T11486] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  520.700971][   T30] audit: type=1400 audit(1762377428.508:1184): avc:  denied  { getopt } for  pid=11484 comm="syz.3.1399" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  520.705692][ T5873] usb 4-1: USB disconnect, device number 71
[  520.743898][T11513] /dev/nullb0: Can't open blockdev
[  520.810007][T11523] Failed to get privilege flags for destination (handle=0x2:0x25)
[  520.838676][T10098] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  520.860139][T10098] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  520.861243][T11508] ceph: No mds server is up or the cluster is laggy
[  520.873660][T10098] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  520.968753][T10098] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  521.579906][T11539] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1409'.
[  523.022224][T11545] netlink: 96 bytes leftover after parsing attributes in process `syz.3.1412'.
[  523.034932][T11545] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1412'.
[  523.044434][T11545] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1412'.
[  523.820982][T11559] binder: 11552:11559 ioctl c0306201 0 returned -14
[  523.877444][   T30] audit: type=1400 audit(1762377431.678:1185): avc:  denied  { write } for  pid=11566 comm="syz.2.1417" path="socket:[29536]" dev="sockfs" ino=29536 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  523.901058][    C0] vkms_vblank_simulate: vblank timer overrun
[  524.218230][ T5873] usb 3-1: new high-speed USB device number 60 using dummy_hcd
[  525.228410][ T5873] usb 3-1: Using ep0 maxpacket: 16
[  525.270466][ T5873] usb 3-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0
[  525.501269][ T5873] usb 3-1: config 0 interface 0 altsetting 1 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  525.515521][ T5873] usb 3-1: config 0 interface 0 altsetting 1 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  525.526590][ T5873] usb 3-1: config 0 interface 0 altsetting 1 endpoint 0x8F has invalid wMaxPacketSize 0
[  525.536583][ T5873] usb 3-1: config 0 interface 0 has no altsetting 0
[  525.547036][ T5873] usb 3-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb
[  525.556218][ T5873] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  525.564351][ T5873] usb 3-1: Product: syz
[  525.569148][ T5873] usb 3-1: Manufacturer: syz
[  525.573821][ T5873] usb 3-1: SerialNumber: syz
[  525.609070][ T5873] usb 3-1: config 0 descriptor??
[  525.857242][ T5873] input: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input21
[  525.886612][ T5168] synaptics_usb 3-1:0.0: synusb_open - usb_submit_urb failed, error: -90
[  525.901400][ T5168] synaptics_usb 3-1:0.0: synusb_open - usb_submit_urb failed, error: -90
[  525.933456][ T5168] synaptics_usb 3-1:0.0: synusb_open - usb_submit_urb failed, error: -90
[  525.948707][ T5168] synaptics_usb 3-1:0.0: synusb_open - usb_submit_urb failed, error: -90
[  526.063568][T11567] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  526.072377][T11567] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  526.083397][T11567] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  526.095321][T11567] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  526.106554][ T5820] usb 3-1: USB disconnect, device number 60
[  526.116762][   T30] audit: type=1326 audit(1762377433.928:1186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11587 comm="syz.4.1423" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9ce438f6c9 code=0x0
[  527.268343][ T5820] usb 2-1: new full-speed USB device number 60 using dummy_hcd
[  527.678390][ T5820] usb 2-1: device descriptor read/64, error -71
[  527.767282][T11616] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1429'.
[  527.778510][T11616] netlink: 440 bytes leftover after parsing attributes in process `syz.4.1429'.
[  528.460022][ T5820] usb 2-1: new full-speed USB device number 61 using dummy_hcd
[  528.608252][ T5820] usb 2-1: device descriptor read/64, error -71
[  528.629132][T11624] binder: 11612:11624 ioctl c0306201 0 returned -14
[  528.715325][T11626] FAULT_INJECTION: forcing a failure.
[  528.715325][T11626] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  528.731326][ T5820] usb usb2-port1: attempt power cycle
[  528.738881][T11626] CPU: 0 UID: 0 PID: 11626 Comm: syz.0.1433 Not tainted syzkaller #0 PREEMPT(full) 
[  528.738913][T11626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  528.738924][T11626] Call Trace:
[  528.738930][T11626]  <TASK>
[  528.738937][T11626]  dump_stack_lvl+0x16c/0x1f0
[  528.738968][T11626]  should_fail_ex+0x512/0x640
[  528.738992][T11626]  _copy_to_user+0x32/0xd0
[  528.739016][T11626]  simple_read_from_buffer+0xcb/0x170
[  528.739046][T11626]  proc_fail_nth_read+0x197/0x240
[  528.739069][T11626]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  528.739089][T11626]  ? rw_verify_area+0xcf/0x6c0
[  528.739114][T11626]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  528.739134][T11626]  vfs_read+0x1e4/0xcf0
[  528.739154][T11626]  ? __pfx___mutex_lock+0x10/0x10
[  528.739171][T11626]  ? __pfx_vfs_read+0x10/0x10
[  528.739194][T11626]  ? __fget_files+0x20e/0x3c0
[  528.739220][T11626]  ksys_read+0x12a/0x250
[  528.739236][T11626]  ? __pfx_ksys_read+0x10/0x10
[  528.739252][T11626]  ? fput+0x9b/0xd0
[  528.739277][T11626]  do_syscall_64+0xcd/0xfa0
[  528.739304][T11626]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  528.739322][T11626] RIP: 0033:0x7fecf2d8e0dc
[  528.739337][T11626] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  528.739354][T11626] RSP: 002b:00007fecf3bf1030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  528.739371][T11626] RAX: ffffffffffffffda RBX: 00007fecf2fe5fa0 RCX: 00007fecf2d8e0dc
[  528.739382][T11626] RDX: 000000000000000f RSI: 00007fecf3bf10a0 RDI: 0000000000000004
[  528.739392][T11626] RBP: 00007fecf3bf1090 R08: 0000000000000000 R09: 0000000000000000
[  528.739402][T11626] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  528.739412][T11626] R13: 00007fecf2fe6038 R14: 00007fecf2fe5fa0 R15: 00007fffea1557e8
[  528.739438][T11626]  </TASK>
[  529.088692][   T30] audit: type=1400 audit(1762377436.888:1187): avc:  denied  { getopt } for  pid=11622 comm="syz.2.1432" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  529.243753][ T5820] usb 2-1: new full-speed USB device number 62 using dummy_hcd
[  529.351583][ T5820] usb 2-1: device descriptor read/8, error -71
[  529.548953][T11643] use of bytesused == 0 is deprecated and will be removed in the future,
[  529.565866][T11643] use the actual size instead.
[  529.628214][ T5820] usb 2-1: new full-speed USB device number 63 using dummy_hcd
[  529.653614][ T5820] usb 2-1: device descriptor read/8, error -71
[  529.768676][ T5820] usb usb2-port1: unable to enumerate USB device
[  530.176574][   T30] audit: type=1400 audit(1762377437.978:1188): avc:  denied  { map } for  pid=11649 comm="syz.1.1438" path="socket:[30904]" dev="sockfs" ino=30904 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1
[  530.769742][ T5941] usb 3-1: new high-speed USB device number 61 using dummy_hcd
[  530.828251][ T5820] usb 4-1: new high-speed USB device number 72 using dummy_hcd
[  530.928192][ T5941] usb 3-1: Using ep0 maxpacket: 32
[  530.934552][ T5941] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  530.945498][ T5941] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  530.955297][ T5941] usb 3-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  530.964361][ T5941] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  530.973712][ T5941] usb 3-1: config 0 descriptor??
[  530.988322][ T5820] usb 4-1: Using ep0 maxpacket: 16
[  530.997204][ T5820] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 192, changing to 11
[  531.008454][ T5820] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8
[  531.018269][ T5820] usb 4-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 18
[  531.032238][ T5820] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  531.041308][ T5820] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  531.049353][ T5820] usb 4-1: SerialNumber: syz
[  531.055811][T11648] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[  531.268496][   T30] audit: type=1400 audit(1762377439.078:1189): avc:  denied  { lock } for  pid=11645 comm="syz.3.1437" path="socket:[31824]" dev="sockfs" ino=31824 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=udp_socket permissive=1
[  531.293216][ T5820] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -22
[  531.304020][ T5820] usb 4-1: USB disconnect, device number 72
[  531.388791][ T5941] ft260 0003:0403:6030.0012: unknown main item tag 0x7
[  531.450232][T11671] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  531.457150][T11671] /dev/nullb0: Can't open blockdev
[  531.479991][   T30] audit: type=1400 audit(1762377439.288:1190): avc:  denied  { write } for  pid=11669 comm="syz.0.1444" path="socket:[31833]" dev="sockfs" ino=31833 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  531.586255][ T5941] ft260 0003:0403:6030.0012: chip code: 6424 8183
[  531.787387][ T5941] ft260 0003:0403:6030.0012: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.2-1/input0
[  531.988110][ T5941] ft260 0003:0403:6030.0012: failed to retrieve status: -32, no wakeup
[  532.074807][T11681] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  532.456997][T11682] netlink: 277 bytes leftover after parsing attributes in process `syz.1.1445'.
[  532.606822][T11654] i2c i2c-1: adapter quirk: 2nd comb msg must be read (addr 0x0081, size 0, write)
[  532.661989][ T5941] usb 3-1: reset high-speed USB device number 61 using dummy_hcd
[  532.678362][T11654] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  532.687529][T11654] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  533.677007][T11694] binder: 11683:11694 ioctl c0306201 0 returned -14
[  534.452737][ T5820] usb 3-1: USB disconnect, device number 61
[  535.648675][T11708] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1450'.
[  536.643198][T11719] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  538.633096][T11761] delete_channel: no stack
[  539.339573][T11760] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  539.378264][ T5820] usb 2-1: new high-speed USB device number 64 using dummy_hcd
[  539.549509][ T5820] usb 2-1: Using ep0 maxpacket: 8
[  540.221219][ T5872] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0
[  540.231742][ T5872] hid-generic 0000:0000:0000.0013: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  540.654758][   T30] audit: type=1400 audit(1762377448.458:1191): avc:  denied  { create } for  pid=11778 comm="syz.0.1471" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  540.898257][ T5941] usb 3-1: new full-speed USB device number 62 using dummy_hcd
[  541.038176][ T5941] usb 3-1: device descriptor read/64, error -71
[  541.278312][ T5941] usb 3-1: new full-speed USB device number 63 using dummy_hcd
[  541.408448][ T5941] usb 3-1: device descriptor read/64, error -71
[  541.492821][ T5820] usb 2-1: unable to get BOS descriptor or descriptor too short
[  541.503801][ T5820] usb 2-1: no configurations
[  541.519418][ T5820] usb 2-1: can't read configurations, error -22
[  541.581152][ T5941] usb usb3-port1: attempt power cycle
[  542.008206][ T5941] usb 3-1: new full-speed USB device number 64 using dummy_hcd
[  542.028822][ T5941] usb 3-1: device descriptor read/8, error -71
[  542.283469][ T5941] usb 3-1: new full-speed USB device number 65 using dummy_hcd
[  542.711266][ T5941] usb 3-1: device descriptor read/8, error -71
[  542.849174][ T5941] usb usb3-port1: unable to enumerate USB device
[  544.694163][    T9] usb 5-1: USB disconnect, device number 3
[  545.817690][T11806] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  546.943718][   T30] audit: type=1400 audit(1762377454.748:1192): avc:  denied  { write } for  pid=11836 comm="syz.2.1486" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  548.048060][T11845] netlink: 'syz.1.1488': attribute type 6 has an invalid length.
[  562.570533][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  562.576861][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  624.012202][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  624.018570][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  679.048264][   T31] INFO: task kworker/1:1:48 blocked for more than 143 seconds.
[  679.055853][   T31]       Not tainted syzkaller #0
[  679.060885][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  679.069593][   T31] task:kworker/1:1     state:D stack:22760 pid:48    tgid:48    ppid:2      task_flags:0x4208060 flags:0x00080000
[  679.081631][   T31] Workqueue: events rfkill_sync_work
[  679.086917][   T31] Call Trace:
[  679.090195][   T31]  <TASK>
[  679.093106][   T31]  __schedule+0x1190/0x5de0
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  679.097589][   T31]  ? __lock_acquire+0xae1/0x1c90
[  679.102578][   T31]  ? __pfx___schedule+0x10/0x10
[  679.107444][   T31]  ? find_held_lock+0x2b/0x80
[  679.112404][   T31]  ? schedule+0x2d7/0x3a0
[  679.116746][   T31]  schedule+0xe7/0x3a0
[  679.138102][   T31]  schedule_preempt_disabled+0x13/0x30
[  679.143599][   T31]  __mutex_lock+0x818/0x1060
[  679.161685][   T31]  ? nfc_dev_down+0x2d/0x2e0
[  679.168358][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  679.173408][   T31]  ? do_raw_spin_lock+0x12c/0x2b0
[  679.178499][   T31]  ? nfc_dev_down+0x2d/0x2e0
[  679.183101][   T31]  ? mark_held_locks+0x49/0x80
[  679.187861][   T31]  nfc_dev_down+0x2d/0x2e0
[  679.192575][   T31]  nfc_rfkill_set_block+0x39/0xe0
[  679.197585][   T31]  ? __pfx_nfc_rfkill_set_block+0x10/0x10
[  679.203317][   T31]  rfkill_set_block+0x1fe/0x550
[  679.208319][   T31]  rfkill_sync+0x10a/0x1c0
[  679.212731][   T31]  rfkill_sync_work+0x27/0x40
[  679.217382][   T31]  process_one_work+0x9cf/0x1b70
[  679.222335][   T31]  ? __pfx_process_srcu+0x10/0x10
[  679.227340][   T31]  ? __pfx_process_one_work+0x10/0x10
[  679.232724][   T31]  ? assign_work+0x1a0/0x250
[  679.237290][   T31]  worker_thread+0x6c8/0xf10
[  679.241899][   T31]  ? __kthread_parkme+0x19e/0x250
[  679.246899][   T31]  ? __pfx_worker_thread+0x10/0x10
[  679.252085][   T31]  kthread+0x3c5/0x780
[  679.256149][   T31]  ? __pfx_kthread+0x10/0x10
[  679.260796][   T31]  ? rcu_is_watching+0x12/0xc0
[  679.265554][   T31]  ? __pfx_kthread+0x10/0x10
[  679.270166][   T31]  ret_from_fork+0x675/0x7d0
[  679.274736][   T31]  ? __pfx_kthread+0x10/0x10
[  679.279552][   T31]  ret_from_fork_asm+0x1a/0x30
[  679.284343][   T31]  </TASK>
[  679.287427][   T31] INFO: task kworker/1:4:5873 blocked for more than 143 seconds.
[  679.296736][   T31]       Not tainted syzkaller #0
[  679.301691][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  679.310376][   T31] task:kworker/1:4     state:D stack:22536 pid:5873  tgid:5873  ppid:2      task_flags:0x4208060 flags:0x00080000
[  679.322352][   T31] Workqueue: events rfkill_global_led_trigger_worker
[  679.329520][   T31] Call Trace:
[  679.332791][   T31]  <TASK>
[  679.335699][   T31]  __schedule+0x1190/0x5de0
[  679.340204][   T31]  ? __lock_acquire+0xae1/0x1c90
[  679.345126][   T31]  ? __pfx___schedule+0x10/0x10
[  679.349971][   T31]  ? find_held_lock+0x2b/0x80
[  679.354620][   T31]  ? schedule+0x2d7/0x3a0
[  679.358938][   T31]  ? rfkill_global_led_trigger_worker+0x1b/0x160
[  679.365239][   T31]  schedule+0xe7/0x3a0
[  679.369344][   T31]  schedule_preempt_disabled+0x13/0x30
[  679.374783][   T31]  __mutex_lock+0x818/0x1060
[  679.379536][   T31]  ? rfkill_global_led_trigger_worker+0x1b/0x160
[  679.385892][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  679.390917][   T31]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  679.396735][   T31]  ? rfkill_global_led_trigger_worker+0x1b/0x160
[  679.403072][   T31]  rfkill_global_led_trigger_worker+0x1b/0x160
[  679.409242][   T31]  process_one_work+0x9cf/0x1b70
[  679.414187][   T31]  ? __pfx_process_one_work+0x10/0x10
[  679.419567][   T31]  ? assign_work+0x1a0/0x250
[  679.424128][   T31]  worker_thread+0x6c8/0xf10
[  679.428713][   T31]  ? __kthread_parkme+0x19e/0x250
[  679.433715][   T31]  ? __pfx_worker_thread+0x10/0x10
[  679.438820][   T31]  kthread+0x3c5/0x780
[  679.442862][   T31]  ? __pfx_kthread+0x10/0x10
[  679.447423][   T31]  ? rcu_is_watching+0x12/0xc0
[  679.452188][   T31]  ? __pfx_kthread+0x10/0x10
[  679.456770][   T31]  ret_from_fork+0x675/0x7d0
[  679.461357][   T31]  ? __pfx_kthread+0x10/0x10
[  679.465920][   T31]  ret_from_fork_asm+0x1a/0x30
[  679.470689][   T31]  </TASK>
[  679.473711][   T31] INFO: task syz.4.1434:11628 blocked for more than 143 seconds.
[  679.481983][   T31]       Not tainted syzkaller #0
[  679.486887][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  679.495672][   T31] task:syz.4.1434      state:D stack:26712 pid:11628 tgid:11628 ppid:5816   task_flags:0x400040 flags:0x00080002
[  679.507586][   T31] Call Trace:
[  679.510880][   T31]  <TASK>
[  679.513788][   T31]  __schedule+0x1190/0x5de0
[  679.518306][   T31]  ? stack_trace_save+0x8e/0xc0
[  679.523156][   T31]  ? __lock_acquire+0x622/0x1c90
[  679.528182][   T31]  ? __pfx___schedule+0x10/0x10
[  679.533039][   T31]  ? find_held_lock+0x2b/0x80
[  679.537721][   T31]  ? schedule+0x2d7/0x3a0
[  679.542065][   T31]  schedule+0xe7/0x3a0
[  679.546117][   T31]  schedule_timeout+0x257/0x290
[  679.550974][   T31]  ? __pfx_schedule_timeout+0x10/0x10
[  679.556348][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  679.561539][   T31]  __wait_for_common+0x2fc/0x4e0
[  679.566462][   T31]  ? __pfx_schedule_timeout+0x10/0x10
[  679.571844][   T31]  ? __pfx___wait_for_common+0x10/0x10
[  679.577282][   T31]  ? find_held_lock+0x2b/0x80
[  679.581950][   T31]  ? __flush_work+0x938/0xcc0
[  679.586602][   T31]  ? __flush_work+0x4d0/0xcc0
[  679.591272][   T31]  __flush_work+0x7d7/0xcc0
[  679.595752][   T31]  ? __pfx___might_resched+0x10/0x10
[  679.601119][   T31]  ? __pfx___flush_work+0x10/0x10
[  679.606121][   T31]  ? __pfx_wq_barrier_func+0x10/0x10
[  679.613282][   T31]  ? __pfx___might_resched+0x10/0x10
[  679.618576][   T31]  __cancel_work_sync+0x10c/0x130
[  679.623595][   T31]  rfkill_unregister+0x95/0x2c0
[  679.628441][   T31]  nfc_unregister_device+0x94/0x330
[  679.633620][   T31]  ? __pfx_virtual_ncidev_close+0x10/0x10
[  679.639334][   T31]  virtual_ncidev_close+0x4b/0xa0
[  679.644357][   T31]  __fput+0x402/0xb70
[  679.648341][   T31]  task_work_run+0x150/0x240
[  679.652906][   T31]  ? __pfx_task_work_run+0x10/0x10
[  679.657996][   T31]  ? __pfx___do_sys_close_range+0x10/0x10
[  679.663753][   T31]  exit_to_user_mode_loop+0xec/0x130
[  679.669053][   T31]  do_syscall_64+0x426/0xfa0
[  679.673628][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  679.679521][   T31] RIP: 0033:0x7f9ce438f6c9
[  679.683907][   T31] RSP: 002b:00007ffc2fffed18 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  679.692411][   T31] RAX: 0000000000000000 RBX: 00007f9ce45e7da0 RCX: 00007f9ce438f6c9
[  679.700392][   T31] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  679.708505][   T31] RBP: 00007f9ce45e7da0 R08: 00000000000001b0 R09: 0000000a2ffff00f
[  679.716472][   T31] R10: 00007f9ce45e7cb0 R11: 0000000000000246 R12: 000000000008156d
[  679.724479][   T31] R13: 00007ffc2fffee10 R14: ffffffffffffffff R15: 00007ffc2fffee30
[  679.732468][   T31]  </TASK>
[  679.735499][   T31] 
[  679.735499][   T31] Showing all locks held in the system:
[  679.744792][   T31] 2 locks held by ksoftirqd/1/23:
[  679.750021][   T31]  #0: ffff8880b843a398 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x7e/0x130
[  679.759998][   T31]  #1: ffff8880b8524088 (psi_seq){-.-.}-{0:0}, at: __schedule+0x1861/0x5de0
[  679.769128][   T31] 1 lock held by khungtaskd/31:
[  679.773976][   T31]  #0: ffffffff8e3c4760 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0
[  679.783925][   T31] 4 locks held by kworker/1:1/48:
[  679.788947][   T31]  #0: ffff88813ff11948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[  679.799398][   T31]  #1: ffffc90000b97d00 ((work_completion)(&rfkill->sync_work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[  679.811153][   T31]  #2: ffffffff90591488 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_sync_work+0x1b/0x40
[  679.821175][   T31]  #3: ffff888055310100 (&dev->mutex){....}-{4:4}, at: nfc_dev_down+0x2d/0x2e0
[  679.830168][   T31] 2 locks held by getty/5576:
[  679.834822][   T31]  #0: ffff8880358f00a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80
[  679.844651][   T31]  #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x14f0
[  679.854795][   T31] 3 locks held by kworker/1:4/5873:
[  679.859993][   T31]  #0: ffff88813ff11948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[  679.870422][   T31]  #1: ffffc90002f27d00 ((work_completion)(&rfkill_global_led_trigger_work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[  679.883290][   T31]  #2: ffffffff90591488 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_global_led_trigger_worker+0x1b/0x160
[  679.894711][   T31] 1 lock held by syz.4.1434/11628:
[  679.899843][   T31]  #0: ffff888055310100 (&dev->mutex){....}-{4:4}, at: nfc_unregister_device+0x60/0x330
[  679.909585][   T31] 2 locks held by syz.3.1454/11718:
[  679.914749][   T31]  #0: ffff88802523f0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80
[  679.924480][   T31]  #1: ffffffff90591488 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x3a/0xb40
[  679.934543][   T31] 2 locks held by syz-executor/11818:
[  679.939910][   T31]  #0: ffff888022735918 (&data->open_mutex){+.+.}-{4:4}, at: vhci_write+0x2b4/0x480
[  679.949291][   T31]  #1: ffffffff90591488 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x3a/0xb40
[  679.959198][   T31] 3 locks held by syz.0.1485/11829:
[  679.964362][   T31]  #0: ffffffff8f074368 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x63/0x450
[  679.972782][   T31]  #1: ffff888024a08100 (&dev->mutex){....}-{4:4}, at: nfc_register_device+0x9a/0x3c0
[  679.982337][   T31]  #2: ffffffff90591488 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x3a/0xb40
[  679.992234][   T31] 1 lock held by syz.1.1491/11860:
[  679.997313][   T31]  #0: ffffffff8f074368 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x63/0x450
[  680.005745][   T31] 1 lock held by syz.1.1491/11863:
[  680.010847][   T31]  #0: ffffffff8f074368 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x63/0x450
[  680.019285][   T31] 1 lock held by syz.2.1492/11864:
[  680.024362][   T31]  #0: ffffffff8f074368 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x63/0x450
[  680.032785][   T31] 1 lock held by syz-executor/11871:
[  680.038204][   T31]  #0: ffffffff8f074368 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x63/0x450
[  680.046660][   T31] 1 lock held by syz-executor/11874:
[  680.051962][   T31]  #0: ffffffff8f074368 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x63/0x450
[  680.060441][   T31] 1 lock held by syz-executor/11877:
[  680.065720][   T31]  #0: ffffffff8f074368 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x63/0x450
[  680.074232][   T31] 1 lock held by syz-executor/11878:
[  680.079535][   T31]  #0: ffffffff8f074368 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x63/0x450
[  680.087959][   T31] 1 lock held by syz-executor/11880:
[  680.093529][   T31]  #0: ffffffff8f074368 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x63/0x450
[  680.102049][   T31] 1 lock held by syz-executor/11882:
[  680.107318][   T31]  #0: ffffffff8f074368 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x63/0x450
[  680.115751][   T31] 1 lock held by syz-executor/11888:
[  680.121046][   T31]  #0: ffffffff8f074368 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x63/0x450
[  680.129492][   T31] 1 lock held by syz-executor/11891:
[  680.134745][   T31]  #0: ffffffff8f074368 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x63/0x450
[  680.143176][   T31] 1 lock held by syz-executor/11892:
[  680.148599][   T31]  #0: ffffffff8f074368 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x63/0x450
[  680.157041][   T31] 1 lock held by syz-executor/11894:
[  680.162352][   T31]  #0: ffffffff8f074368 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x63/0x450
[  680.170825][   T31] 1 lock held by syz-executor/11896:
[  680.176110][   T31]  #0: ffffffff8f074368 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x63/0x450
[  680.184589][   T31] 2 locks held by dhcpcd/11900:
[  680.189427][   T31]  #0: ffff88802a1bc260 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x2c/0xf60
[  680.199081][   T31]  #1: ffffffff8e3cfcf8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x284/0x3c0
[  680.209111][   T31] 
[  680.211432][   T31] =============================================
[  680.211432][   T31] 
[  680.219899][   T31] NMI backtrace for cpu 1
[  680.219908][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[  680.219920][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  680.219926][   T31] Call Trace:
[  680.219930][   T31]  <TASK>
[  680.219934][   T31]  dump_stack_lvl+0x116/0x1f0
[  680.219954][   T31]  nmi_cpu_backtrace+0x27b/0x390
[  680.219965][   T31]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  680.219981][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  680.219998][   T31]  nmi_trigger_cpumask_backtrace+0x29c/0x300
[  680.220011][   T31]  watchdog+0xf3f/0x1170
[  680.220026][   T31]  ? rcu_is_watching+0x12/0xc0
[  680.220040][   T31]  ? __pfx_watchdog+0x10/0x10
[  680.220052][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[  680.220068][   T31]  ? __kthread_parkme+0x19e/0x250
[  680.220095][   T31]  ? __pfx_watchdog+0x10/0x10
[  680.220107][   T31]  kthread+0x3c5/0x780
[  680.220118][   T31]  ? __pfx_kthread+0x10/0x10
[  680.220128][   T31]  ? rcu_is_watching+0x12/0xc0
[  680.220141][   T31]  ? __pfx_kthread+0x10/0x10
[  680.220151][   T31]  ret_from_fork+0x675/0x7d0
[  680.220160][   T31]  ? __pfx_kthread+0x10/0x10
[  680.220170][   T31]  ret_from_fork_asm+0x1a/0x30
[  680.220190][   T31]  </TASK>
[  680.220194][   T31] Sending NMI from CPU 1 to CPUs 0:
[  680.346046][    C0] NMI backtrace for cpu 0
[  680.346060][    C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted syzkaller #0 PREEMPT(full) 
[  680.346076][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  680.346083][    C0] RIP: 0010:pv_native_safe_halt+0xf/0x20
[  680.346108][    C0] Code: e7 6c 02 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 03 a6 29 00 fb f4 <e9> 3c 0a 03 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90
[  680.346122][    C0] RSP: 0018:ffffffff8e007df8 EFLAGS: 000002c6
[  680.346134][    C0] RAX: 00000000028cded7 RBX: 0000000000000000 RCX: ffffffff8b6082a9
[  680.346142][    C0] RDX: 0000000000000000 RSI: ffffffff8da2b0e0 RDI: ffffffff8bf07040
[  680.346151][    C0] RBP: fffffbfff1c12f40 R08: 0000000000000001 R09: ffffed1017086655
[  680.346160][    C0] R10: ffff8880b84332ab R11: 0000000000000001 R12: 0000000000000000
[  680.346168][    C0] R13: ffffffff8e097a00 R14: ffffffff908204d0 R15: 0000000000000000
[  680.346177][    C0] FS:  0000000000000000(0000) GS:ffff888124a08000(0000) knlGS:0000000000000000
[  680.346192][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  680.346201][    C0] CR2: 000055740f6db168 CR3: 000000000e182000 CR4: 00000000003526f0
[  680.346210][    C0] Call Trace:
[  680.346214][    C0]  <TASK>
[  680.346219][    C0]  default_idle+0x13/0x20
[  680.346233][    C0]  default_idle_call+0x6c/0xb0
[  680.346247][    C0]  do_idle+0x38d/0x500
[  680.346266][    C0]  ? __pfx_do_idle+0x10/0x10
[  680.346282][    C0]  ? trace_sched_exit_tp+0x2f/0x120
[  680.346299][    C0]  cpu_startup_entry+0x4f/0x60
[  680.346315][    C0]  rest_init+0x16b/0x2b0
[  680.346329][    C0]  ? acpi_subsystem_init+0x133/0x180
[  680.346346][    C0]  ? __pfx_x86_late_time_init+0x10/0x10
[  680.346370][    C0]  start_kernel+0x3f6/0x4e0
[  680.346386][    C0]  x86_64_start_reservations+0x18/0x30
[  680.346402][    C0]  x86_64_start_kernel+0x130/0x190
[  680.346418][    C0]  common_startup_64+0x13e/0x148
[  680.346437][    C0]  </TASK>
[  685.450549][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  685.456852][ T1298] ieee802154 phy1 wpan1: encryption failed: -22