last executing test programs:

4m11.863636791s ago: executing program 3 (id=3019):
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='status\x00')
read$FUSE(r0, 0x0, 0x0)

4m11.677930773s ago: executing program 3 (id=3023):
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x18, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000040000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1000000, @void, @value}, 0x94)
r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000002c00)=ANY=[@ANYBLOB="bf16000000000000b70700000900f0ff4070000000000000500000000000000095000000000000002ba728041598d6fbd30cb599e8c73d24a3aa81d36bb3019c13bd23212fb56fa54f26fb0b71d0e6adfefc41d86bd917487960717142fa9ea4318123741c0a0e168c1886d0d4d94f2f4e345c652ebc1626e3a2a2ad35806150ae0209e62f51ee988e6e0dc8ce974a22a550d6fd70800c86ae3b3e05df3ceb9fc474c2a100c788b277beee1cbf9b0a4def23d410f6296b32a8343881dcc7b1b85f3c3d44aeaccd3641110bec4e90a6341965c39e4b3449abe802f5ab3e89cf6c662ed4048d3b3e22278d00031e5388ee6f867ddd58211d6ececb0cd2b6d357b8580218ce740068725837074e468ee23fd2f73902ebcfcf49822775985bf31b715f5888b2c81f96a810b946855c9fc52ac17cbc97a616811a4c2dc3470009b966abaf41939aeca3e7b00c2e9d5db7a34fe2a29ac88c360a878a2b9ab9440c1961e80477166f3f847e855cdddc941d996d61ea0ce23b37e9d21c849d1e1e53087a3b109012e3a3ecbd219265048bf5c72b7ba2806b73323301b4bc94d0e4afde44867d71049a7c89bc615e215571ac910d80a58b5169576ff9906c34d2342806960b6bcb00000000000000000000000000113ee640b9ed1e04a0bfb125204d30990361bf45ef45277a167cd2c2e6ce9138143aa5ea7ee6f7c6d8b00437e070b004c5aa90766538b4fe45a16f14b270904d36eaa87508ac6d46639b3971ac6a88dc531fcc5ffc6b76b334795d88156336a9a452a9022485bb572dacb7aa25f748bc75918a16d9d5ae21004cd799ac4951beb2c6c9b5baf60081b86cc2e31c49f4ea055fb3639036c95c69b1ae60e685d486dbd1d5e7d0daacd73acfc80b9c9c92"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
mmap$IORING_OFF_SQ_RING(&(0x7f000085a000/0x4000)=nil, 0x4000, 0x0, 0x4000010, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f00000000c0)=[{0x20, 0x0, 0x0, 0xfffff00c}, {0x20, 0x0, 0x0, 0xfffff034}, {0x6}]}, 0x10)
sendmmsg(r2, &(0x7f0000000180), 0x4000190, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r4 = syz_open_dev$MSR(&(0x7f0000000380), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x110)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000e00000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='sys_enter\x00', r6}, 0x10)
clock_getres(0x2, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x9)
setsockopt$sock_attach_bpf(r7, 0x1, 0x32, &(0x7f00000017c0)=r1, 0x4)
r8 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
setsockopt$nfc_llcp_NFC_LLCP_RW(r8, 0x118, 0x0, &(0x7f0000000000)=0x10009, 0x4)
sendmsg$AUDIT_SET(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x10}, 0x3c}}, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='net/vlan/vlan0\x00')
r9 = socket$nl_route(0x10, 0x3, 0x0)
r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r10, &(0x7f0000000000), 0xfea7)
mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x1, 0x10012, r10, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=@newtaction={0xe94, 0x30, 0x25, 0x0, 0x0, {}, [{0xe80, 0x1, [@m_pedit={0xe7c, 0x1, 0x0, 0x0, {{0xa}, {0xe50, 0x2, 0x0, 0x1, [@TCA_PEDIT_KEYS_EX={0x2c, 0x5, 0x0, 0x1, [{0x14, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6}, @TCA_PEDIT_KEY_EX_HTYPE={0x6}]}, {0x14, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_HTYPE={0x6}, @TCA_PEDIT_KEY_EX_CMD={0x6}]}]}, @TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{}, 0x2}, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x80}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x100}], [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x3}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe94}}, 0x0)
read$FUSE(r0, &(0x7f0000002e80)={0x2020}, 0x2020)

4m10.806470249s ago: executing program 3 (id=3026):
bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x3)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, 0x0, 0x0)
mount$fuse(0x0, 0x0, &(0x7f0000002100), 0x40, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x128}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kvm_userspace_exit\x00'}, 0x18)
openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
r1 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4)
r2 = socket$igmp6(0xa, 0x3, 0x2)
dup3(r2, r1, 0x0)
ftruncate(0xffffffffffffffff, 0xffff)
fcntl$addseals(0xffffffffffffffff, 0x409, 0x7)

4m10.709388493s ago: executing program 3 (id=3028):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000880)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000010000000850000000e00000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r0}, 0x10)
syz_clone(0xa49a4080, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc)

4m9.472111164s ago: executing program 3 (id=3033):
socket(0x10, 0x3, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c)
syz_emit_ethernet(0xd2, &(0x7f00000009c0)={@link_local, @random="ece65fbcee55", @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010100", 0x9c, 0x11, 0x0, @remote, @local, {[], {0x0, 0xe22, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "643022af983e0c3b942b96be5bcfe0cc1000a8b3f45f8d2f465bb22b32241fd3", "065534169ea4d225c75690405e33b4f672dc79ccfd457f772607a23172a1b9bdeb5bdafcc4cc0be3864c06263bfe37ef", "fa8ec61fcc165c8cfe7da02b42c77f62999fee935f4552b68b2cab59", {"381c17e3295fb3a7636a16686c00020d", "3ad685507bf8adc0edc769d0be352856"}}}}}}}}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r1 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001240)={&(0x7f0000000840)=ANY=[@ANYBLOB="640000001800010000000000000000001d0109004d000f80"], 0x64}}, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
gettid()
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
clock_gettime(0x0, &(0x7f00000010c0)={<r2=>0x0})
futex_waitv(&(0x7f0000001080)=[{0x3, &(0x7f0000001040)=0x3, 0x82}], 0x1, 0x0, &(0x7f0000001100)={r2}, 0x1)

4m8.149857659s ago: executing program 3 (id=3036):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000900000000000000213f0025c50000000e800000850000000e00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='mmap_lock_acquire_returned\x00', r0}, 0x10)
r2 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r1}, 0x8)
write$cgroup_int(r2, &(0x7f00000001c0), 0xfffffdef)
write$cgroup_pid(r2, &(0x7f0000000280), 0x12)

4m6.60415639s ago: executing program 32 (id=3036):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000900000000000000213f0025c50000000e800000850000000e00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='mmap_lock_acquire_returned\x00', r0}, 0x10)
r2 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r1}, 0x8)
write$cgroup_int(r2, &(0x7f00000001c0), 0xfffffdef)
write$cgroup_pid(r2, &(0x7f0000000280), 0x12)

1m10.008666276s ago: executing program 5 (id=3545):
openat$audio1(0xffffffffffffff9c, &(0x7f0000000040), 0x129202, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x8, 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800"/13], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
r2 = fsmount(r1, 0x0, 0x0)
r3 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000400)={r0, r2, 0x0, 0x0, @val=@uprobe_multi={&(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)=[0x6], &(0x7f0000000340)=[0x0, 0x2, 0x4, 0x1, 0x5, 0x5], 0x8bfcc3a, 0x1, 0x1}}, 0x40)
openat$ptp0(0xffffffffffffff9c, &(0x7f00000000c0), 0x12b0c0, 0x0)
bpf$ITER_CREATE(0x22, &(0x7f0000000040)={r3}, 0x8)
io_uring_setup(0x30d5, &(0x7f0000000240)={0x0, 0x8b63c, 0x800, 0x0, 0x1c8})
socket$kcm(0x21, 0x7, 0x2)
pipe(&(0x7f0000000280))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f00000004c0)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
preadv(r4, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'macsec0\x00', <r7=>0x0})
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000001e80)=ANY=[@ANYBLOB="3c00000010000100"/20, @ANYRES32=r7, @ANYBLOB="00000000000200000c00025b05000f0002000000"], 0x3c}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x18, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r8 = fsopen(&(0x7f0000000040)='proc\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r8, 0x6, 0x0, 0x0, 0x0)
r9 = fsmount(r8, 0x0, 0x0)
fsconfig$FSCONFIG_SET_PATH_EMPTY(r8, 0x4, &(0x7f0000000140)='ro\x00\x04\x05j3\xd6\xe3\x1f!9\x15d/\x19\x02E\x91\x14\xca<dBN\x8b\\\x85\xe7\xf3\xae\xa2(P\xdb\xaf\x06\x1c\v\xaa9\x8eL\x17\xa3\x9a\xa8_\xa1b\xca\xf1+\x04I\x13\xb3\xe5\ac\x13\b\x8fG*<\xab\x04\xea\x1e\xdd\xce\xed\x93\xeb\x87x,w\a\x93\\\xfe\xc8\xee\x13>\xfeT\x04\"\x00\xf7\x16\'\xe7\x1e+\x7f\x93\xb2\xe1\xb5\x04i]\xdd\xdd\xc3\xf6\xf7\xc4B\xf8\xd0\xa5+\xc3\x1amJ\x8c\x8aF\xb3\xb1O\xfbL%\xceI\xc7Od\xfe\xa0`I\x1d\xb0\x97\x1a$6\x96\xb8zF/\xd2:\x8fG\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000100)='./file1\x00', r9)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r8, 0x7, 0x0, 0x0, 0x0)

1m3.452329845s ago: executing program 5 (id=3549):
socket$packet(0x11, 0x3, 0x300)
r0 = socket(0x15, 0x5, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x3f, 0x7a, 0x7e, 0x40, 0xc72, 0x12, 0x2296, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x72, 0x0, 0x0, 0xab, 0x38, 0x48}}]}}]}}, 0x0)
getsockopt$nfc_llcp(r0, 0x114, 0x2721, 0x0, 0x20000000)
socket$inet_sctp(0x2, 0x1, 0x84)
pipe2$watch_queue(0x0, 0x80)
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_usb_connect(0x0, 0x24, 0x0, 0x0)
io_uring_setup(0x26ce, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000200)='sched_switch\x00'}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
syz_emit_ethernet(0x4e, &(0x7f0000000440)=ANY=[@ANYBLOB="b8a3eb209aa0aaaaaaaaaa0086dd6000010000183afffe800000000000000000000000000000ff020000000000000000000000000001860090780000000000000000000000000000010021000000c0a5f7e42c"], 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$inet(0x2, 0x4000000000000001, 0x0)
sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendmmsg$inet(r4, &(0x7f0000003b00)=[{{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000180)=';', 0xfffffdef}], 0x1}}, {{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000400)="bb", 0x1}], 0x1, 0x0, 0xfffffffffffffd96}}], 0x2, 0x16da)

59.740541042s ago: executing program 5 (id=3557):
chdir(&(0x7f0000000480)='./cgroup\x00')
r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080), 0x1c0002, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x1abb01, 0x0)
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaabb8100400008004526005c016700005d119078ac1e0001e00000014e234e22004890780300000001000000cf24e32481831aec3d74ad335d981f9cead0ce9ab78a3c6e6346a8d16a4263470cfd0b63ec6331239ed149bff2d96edbfe35572f5292dc21"], 0x6e)
write$vga_arbiter(r0, &(0x7f0000000140)=ANY=[], 0xc)
syz_io_uring_setup(0x8000031, &(0x7f0000000080)={0x0, 0x0, 0x10100, 0x0, 0x2f7}, &(0x7f0000000300)=<r3=>0x0, &(0x7f0000000100)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffffffffffff31})
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x7, 0x8f}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = socket$phonet_pipe(0x23, 0x5, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000001c0)='sched_switch\x00'}, 0x10)
ioctl$SIOCPNENABLEPIPE(r7, 0x89ed, 0x500)
syz_open_dev$ttys(0xc, 0x2, 0x1)

58.638382333s ago: executing program 5 (id=3559):
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
r0 = syz_open_dev$vbi(&(0x7f0000000080), 0x1, 0x2)
ioctl$VIDIOC_SUBDEV_G_EDID(r0, 0xc0285628, &(0x7f0000000440)={0x0, 0x3, 0x6, '\x00', &(0x7f0000000400)=0x4})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000000), 0xfea7)
r2 = syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2)
ioctl$VIDIOC_S_EXT_CTRLS(r2, 0xc0205649, &(0x7f0000000100)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x98f90a, 0x8000, '\x00', @ptr=0x20002000}})

53.719698989s ago: executing program 5 (id=3565):
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000200)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r1, &(0x7f0000000480)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000440)={&(0x7f00000004c0)={0x1cc, r2, 0x300, 0x70bd2c, 0x25dfdbfd, {{}, {@val={0x8, 0x1, 0x40}, @val={0x8, 0x3, r3}, @val={0xc, 0x99, {0xf, 0x54}}}}, [@mon_options=[@NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @device_b}, @NL80211_ATTR_MNTR_FLAGS={0x8, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_FCSFAIL={0x4}]}, @NL80211_ATTR_MNTR_FLAGS={0x18, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}, @NL80211_MNTR_FLAG_COOK_FRAMES={0x4}]}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "5de4b5332508d42f895b603323aeaa067dd3e394d87953cc"}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa}, @NL80211_ATTR_MNTR_FLAGS={0x10, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}]}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @device_b}, @NL80211_ATTR_MNTR_FLAGS={0x8, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_FCSFAIL={0x4}]}], @mon_options=[@NL80211_ATTR_MNTR_FLAGS={0x24, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_PLCPFAIL={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}]}, @NL80211_ATTR_MNTR_FLAGS={0xc, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}]}, @NL80211_ATTR_MNTR_FLAGS={0x4}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "9d9f4b0d2fa7c86b596800db03da266fcddcc9fa6c2ab699"}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "2b8299f4552b5679a9a17c2993ae10ad6fc4b6c529a7dc2a"}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "d80a01ec1263283e6ba3dff661f5d077373c00da8d962dbd"}, @NL80211_ATTR_MNTR_FLAGS={0x28, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_PLCPFAIL={0x4}, @NL80211_MNTR_FLAG_PLCPFAIL={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}, @NL80211_MNTR_FLAG_PLCPFAIL={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}]}, @NL80211_ATTR_MNTR_FLAGS={0x20, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_CONTROL={0x4}, @NL80211_MNTR_FLAG_PLCPFAIL={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}, @NL80211_MNTR_FLAG_PLCPFAIL={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}]}, @NL80211_ATTR_MNTR_FLAGS={0x10, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}]}], @mon_options=[@NL80211_ATTR_MNTR_FLAGS={0xc, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_PLCPFAIL={0x4}]}, @NL80211_ATTR_MNTR_FLAGS={0x20, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_PLCPFAIL={0x4}, @NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}]}]]}, 0x1cc}, 0x1, 0x0, 0x0, 0x4000814}, 0x20040003)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000280)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x7}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000380)={r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x37)
ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000040)={0x53, 0xfffffffffffffffd, 0x6, 0x7, @buffer={0x2, 0x51, &(0x7f00000000c0)=""/81}, &(0x7f0000000140)="259374c96ee3", 0x0, 0x0, 0x2, 0xffffffffffffffff, 0x0})

53.536655714s ago: executing program 5 (id=3566):
r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
r1 = memfd_create(&(0x7f0000000340)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\xdenJ\xeb\x87\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\xe0\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf0\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12', 0x2)
ftruncate(r1, 0xffff)
fcntl$addseals(r1, 0x409, 0x7)
ioctl$UDMABUF_CREATE(r0, 0x40187542, &(0x7f0000000140)={r1, 0x0, 0x0, 0x4000})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x4)
ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8929, &(0x7f0000000280)={'gre0\x00', 0x2000081})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$midi(&(0x7f0000000040), 0x2, 0x0)
ioctl$SNDRV_RAWMIDI_IOCTL_INFO(r2, 0x810c5701, &(0x7f0000000580))
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_S_INPUT(r4, 0xc0045627, &(0x7f0000000100)=0x3)
mount$bpf(0x0, &(0x7f00000003c0)='./cgroup\x00', &(0x7f0000000280), 0x18, &(0x7f0000000480)=ANY=[@ANYBLOB='eode=00000000000000000000010,\x00'])
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r5)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @netfilter=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000008c0)={r6, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r10=>0x0})
sendmsg$NL80211_CMD_ASSOCIATE(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="01002bbd7000fedbdf252600000008000300", @ANYRES32=r10], 0x24}, 0x1, 0x0, 0x0, 0x4000815}, 0x850)

38.19039009s ago: executing program 33 (id=3566):
r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
r1 = memfd_create(&(0x7f0000000340)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\xdenJ\xeb\x87\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\xe0\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf0\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12', 0x2)
ftruncate(r1, 0xffff)
fcntl$addseals(r1, 0x409, 0x7)
ioctl$UDMABUF_CREATE(r0, 0x40187542, &(0x7f0000000140)={r1, 0x0, 0x0, 0x4000})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x4)
ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8929, &(0x7f0000000280)={'gre0\x00', 0x2000081})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$midi(&(0x7f0000000040), 0x2, 0x0)
ioctl$SNDRV_RAWMIDI_IOCTL_INFO(r2, 0x810c5701, &(0x7f0000000580))
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_S_INPUT(r4, 0xc0045627, &(0x7f0000000100)=0x3)
mount$bpf(0x0, &(0x7f00000003c0)='./cgroup\x00', &(0x7f0000000280), 0x18, &(0x7f0000000480)=ANY=[@ANYBLOB='eode=00000000000000000000010,\x00'])
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r5)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @netfilter=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000008c0)={r6, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r10=>0x0})
sendmsg$NL80211_CMD_ASSOCIATE(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="01002bbd7000fedbdf252600000008000300", @ANYRES32=r10], 0x24}, 0x1, 0x0, 0x0, 0x4000815}, 0x850)

12.573107194s ago: executing program 1 (id=3639):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0xd21, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x8031, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, &(0x7f0000000040))
openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
r2 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65)
ioctl$SNDRV_PCM_IOCTL_STATUS_EXT64(r2, 0xc0984124, &(0x7f00000006c0))
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x89f0, &(0x7f0000001440)={'bridge0\x00', &(0x7f0000000400)=@ethtool_ringparam={0x12, 0x0, 0x20240001, 0x0, 0x1, 0x0, 0x2, 0x0, 0xd}})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
socket$inet_udp(0x2, 0x2, 0x0)
r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
futex(&(0x7f000000cffc), 0xb, 0x0, 0x0, &(0x7f0000048000), 0x0)
futex(&(0x7f000000cffc)=0x1, 0x5, 0x1, 0x0, &(0x7f0000000040)=0x2, 0x2000000)
ioctl$LOOP_CTL_ADD(r3, 0x4c80, 0xb)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r4=>0x0], 0x0, 0x0, 0x0, 0x1})
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_REMOVE(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x14, r7, 0x1, 0x0, 0x0, {0x4}}, 0x14}, 0x1, 0xfcffffff00000000}, 0x0)
ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f0000000840)={0x0, 0x0, r4, <r8=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r0, 0xc06864ce, &(0x7f0000000440)={r8, 0x0, 0x0, 0x0, 0x3, [], [], [0x428e050d], [0x0, 0x3ff]})
r9 = creat(&(0x7f0000000180)='./file0\x00', 0x0)
close(r9)
syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r9, 0x100000000)

10.901026229s ago: executing program 0 (id=3641):
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, 0x0)
r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000003005740ed0b0011c3ec000000010902120001000000000904"], 0x0)
mkdir(&(0x7f0000005740)='./file0\x00', 0x3b)
mount(0x0, 0x0, 0x0, 0x4408, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x0)
getdents(r2, &(0x7f0000000300)=""/132, 0x84)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0xd, &(0x7f0000000000)=@assoc_value, &(0x7f0000000240)=0x8)
r4 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000000)='source', &(0x7f0000000100)='00.:/', 0x0)
syz_usb_connect$cdc_ecm(0x6, 0xe3, &(0x7f00000007c0)={{0x12, 0x1, 0x201, 0x2, 0x0, 0x0, 0xff, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xd1, 0x1, 0x1, 0x1, 0x0, 0xe, [{{0x9, 0x4, 0x0, 0x3, 0x3, 0x2, 0x6, 0x0, 0x9c, {{0x5}, {0x5, 0x24, 0x0, 0x2}, {0xd, 0x24, 0xf, 0x1, 0x1, 0x401, 0x221, 0x6}, [@mdlm_detail={0x96, 0x24, 0x13, 0x5, "07b4dbe6f14dd3471a58288a1942687b16758f4c80ab1dbbe3e47a943fde94b9265ffc2d948411c53c2c0e5298f1bea8b4546f1261542707a5adfd695d41a6ede901e19dd4e8205168de1b147a2a665b7d4c6bcdaa99015eba061d5f15bdbf15a9b91b963c08bd338ddbe81a7ca26b842c5816193b7590de00fc1fa943005c8309f916f7f413738d26842ed6b2752ffaf878"}]}, {[], {{0x9, 0x5, 0x82, 0x2, 0x10, 0x1, 0x4}}, {{0x9, 0x5, 0x3, 0x2, 0x20, 0xe6, 0x2, 0x4}}}}}]}}]}}, 0x0)
syz_usb_control_io$uac1(r1, 0x0, &(0x7f00000004c0)={0x44, &(0x7f0000000280)=ANY=[@ANYBLOB="00000108000021"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r1, 0x0, 0x0)
syz_usb_control_io(r1, 0x0, &(0x7f0000000700)={0x84, &(0x7f0000000640)=ANY=[@ANYBLOB="201104060000000101"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

10.855454805s ago: executing program 4 (id=3642):
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x8, &(0x7f0000005c00)=ANY=[], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x4, 0x5}, 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r1 = syz_open_dev$MSR(0x0, 0x0, 0x0)
read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8)
clock_getres(0xfffffffffffffff1, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f00000001c0)={0x0, "28d7b07d54891881fe02c1203fe49696b9f26f2da4149683f065714f8a61d1f32c990658bd27b2aa77459cee5a6d79db5762969d51ed5bef3d63520d260804d0", 0x2}, 0x48, 0xfffffffffffffffd)
r2 = msgget$private(0x0, 0x20)
msgrcv(r2, 0x0, 0x0, 0x2, 0x1000)
msgsnd(r2, &(0x7f0000001800)=ANY=[], 0x8, 0x0)
getsockopt(0xffffffffffffffff, 0x200000000114, 0x271e, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$DRM_IOCTL_MODE_GETFB(0xffffffffffffffff, 0xc01c64ad, &(0x7f0000000240))
syz_io_uring_submit(0x0, 0x0, 0x0)
syz_emit_ethernet(0x6e, 0x0, 0x0)
socket$l2tp6(0xa, 0x2, 0x73)
r3 = openat$cgroup_pressure(r0, &(0x7f0000000040)='io.pressure\x00', 0x2, 0x0)
openat$cgroup_pressure(r0, &(0x7f00000000c0)='io.pressure\x00', 0x2, 0x0)
ppoll(&(0x7f0000000180)=[{r3}], 0x1, 0x0, 0x0, 0x0)

10.476537319s ago: executing program 1 (id=3643):
r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
syz_open_dev$vbi(&(0x7f0000000080), 0x1, 0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
syz_emit_ethernet(0x46, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa000000000000080045f000380000000000069078ac1414bbac1414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="94100000907800001e102900ce06000000000000ffffffff"], 0x0)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000500)='/sys/kernel/kexec_crash_size', 0x202, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000000), 0xfea7)
r5 = syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2)
ioctl$VIDIOC_S_EXT_CTRLS(r5, 0xc0205649, &(0x7f0000000100)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x98f90a, 0x8000, '\x00', @ptr=0x20002000}})
sendfile(r0, r4, 0x0, 0x2)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000005"], 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000d, 0x4008031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
poll(0x0, 0x0, 0x0)

9.899239026s ago: executing program 6 (id=3645):
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x18, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000040000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1000000, @void, @value}, 0x94)
r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000002c00)=ANY=[@ANYBLOB="bf16000000000000b70700000900f0ff4070000000000000500000000000000095000000000000002ba728041598d6fbd30cb599e8c73d24a3aa81d36bb3019c13bd23212fb56fa54f26fb0b71d0e6adfefc41d86bd917487960717142fa9ea4318123741c0a0e168c1886d0d4d94f2f4e345c652ebc1626e3a2a2ad35806150ae0209e62f51ee988e6e0dc8ce974a22a550d6fd70800c86ae3b3e05df3ceb9fc474c2a100c788b277beee1cbf9b0a4def23d410f6296b32a8343881dcc7b1b85f3c3d44aeaccd3641110bec4e90a6341965c39e4b3449abe802f5ab3e89cf6c662ed4048d3b3e22278d00031e5388ee6f867ddd58211d6ececb0cd2b6d357b8580218ce740068725837074e468ee23fd2f73902ebcfcf49822775985bf31b715f5888b2c81f96a810b946855c9fc52ac17cbc97a616811a4c2dc3470009b966abaf41939aeca3e7b00c2e9d5db7a34fe2a29ac88c360a878a2b9ab9440c1961e80477166f3f847e855cdddc941d996d61ea0ce23b37e9d21c849d1e1e53087a3b109012e3a3ecbd219265048bf5c72b7ba2806b73323301b4bc94d0e4afde44867d71049a7c89bc615e215571ac910d80a58b5169576ff9906c34d2342806960b6bcb00000000000000000000000000113ee640b9ed1e04a0bfb125204d30990361bf45ef45277a167cd2c2e6ce9138143aa5ea7ee6f7c6d8b00437e070b004c5aa90766538b4fe45a16f14b270904d36eaa87508ac6d46639b3971ac6a88dc531fcc5ffc6b76b334795d88156336a9a452a9022485bb572dacb7aa25f748bc75918a16d9d5ae21004cd799ac4951beb2c6c9b5baf60081b86cc2e31c49f4ea055fb3639036c95c69b1ae60e685d486dbd1d5e7d0daacd73acfc80b9c9c92"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
mmap$IORING_OFF_SQ_RING(&(0x7f000085a000/0x4000)=nil, 0x4000, 0x0, 0x4000010, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f00000000c0)=[{0x20, 0x0, 0x0, 0xfffff00c}, {0x20, 0x0, 0x0, 0xfffff034}, {0x6}]}, 0x10)
sendmmsg(r2, &(0x7f0000000180), 0x4000190, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r4 = syz_open_dev$MSR(&(0x7f0000000380), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x110)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000e0000000000000000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf09"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='sys_enter\x00', r6}, 0x10)
clock_getres(0x2, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x9)
setsockopt$sock_attach_bpf(r7, 0x1, 0x32, &(0x7f00000017c0)=r1, 0x4)
r8 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
setsockopt$nfc_llcp_NFC_LLCP_RW(r8, 0x118, 0x0, &(0x7f0000000000)=0x10009, 0x4)
sendmsg$AUDIT_SET(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x10}, 0x3c}}, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='net/vlan/vlan0\x00')
r9 = socket$nl_route(0x10, 0x3, 0x0)
r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r10, &(0x7f0000000000), 0xfea7)
mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x1, 0x10012, r10, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=@newtaction={0xe94, 0x30, 0x25, 0x0, 0x0, {}, [{0xe80, 0x1, [@m_pedit={0xe7c, 0x1, 0x0, 0x0, {{0xa}, {0xe50, 0x2, 0x0, 0x1, [@TCA_PEDIT_KEYS_EX={0x2c, 0x5, 0x0, 0x1, [{0x14, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6}, @TCA_PEDIT_KEY_EX_HTYPE={0x6}]}, {0x14, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_HTYPE={0x6}, @TCA_PEDIT_KEY_EX_CMD={0x6}]}]}, @TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{}, 0x2}, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x80}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x100}], [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x3}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe94}}, 0x0)
read$FUSE(r0, &(0x7f0000002e80)={0x2020}, 0x2020)

9.839539489s ago: executing program 4 (id=3646):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
r1 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_S_INPUT(r1, 0xc0045627, &(0x7f00000000c0)=0x1)
ioctl$VIDIOC_TRY_FMT(r1, 0xc0d05640, &(0x7f0000000200)={0x6, @raw_data="98fe6404cf625acfeb28dab7e6d302fa41d603e654530adfc86e6de429a5c423dea3163539765c8bb504d9bb98811dc9b0ec716ad4204bf3905d4259a432c139bc30b99a3090f761f570251524eac6683f7ea95677bf4dbc8c0f34d58fc8a2ff41e5dae8eaa63bb7da7f484daca02d7cd565d96d5e8695f57a4fb3dc96422672507efa68c66781fb294a0bc84b61784cf4003b548bc4b1a251d83e1630c40520e82f3bfd10663f097190cfc72b9c2dfed700e315a95d527c5ded47f4b5dad398b164473fea66532c"})
syz_usb_connect(0x0, 0x24, &(0x7f0000001080)=ANY=[@ANYBLOB="120100000575c820490d00702f260102030109021200"], 0x0)
r2 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_emit_ethernet(0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
socket$inet6(0xa, 0x2, 0x0)
syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB], &(0x7f0000000640)={0x0, 0x0, 0x5, &(0x7f00000001c0)={0x5, 0xf, 0x5}, 0x7, [{0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x2, &(0x7f00000003c0)=@string={0x2}}, {0x2, &(0x7f0000000440)=@string={0x2}}, {0x2, &(0x7f00000004c0)=@string={0x2}}, {0x0, 0x0}]})
write$P9_RVERSION(0xffffffffffffffff, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
ioctl$NBD_SET_SOCK(r2, 0xab00, 0xffffffffffffffff)
ioctl$NBD_SET_FLAGS(0xffffffffffffffff, 0xab0a, 0x1000001000104)
syz_open_dev$hiddev(0x0, 0x1, 0x412081)
openat$tcp_congestion(0xffffffffffffff9c, 0x0, 0x1, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r4, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00'})
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r4]) (fail_nth: 1)
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000180)=@abs, 0x6e)

9.359902454s ago: executing program 6 (id=3647):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@gettaction={0x1c, 0x32, 0x6dd711a25f4cb68b, 0x0, 0x0, {}, [@action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x100}]}, 0x1c}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[], 0x44}, 0x1, 0x0, 0x0, 0x40000}, 0x0)

9.204088311s ago: executing program 6 (id=3648):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
statx(0xffffffffffffff9c, &(0x7f0000000940)='./file0\x00', 0x4000, 0x100, &(0x7f0000000980)={0x0, 0x0, 0x0, 0x0, <r0=>0x0, <r1=>0x0})
r2 = syz_open_dev$sndmidi(&(0x7f0000000a80), 0x5, 0x10040)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000bc0)=[{{&(0x7f0000000340)=@abs={0x1, 0x0, 0x4e21}, 0x6e, &(0x7f0000000400)=[{&(0x7f0000000500)="2f92976e8dd4d7d560545231464c05f6067b92a6f8575556ecc30be6a2a6fb8fb34d17024bf41aaea3aa0b7a332586fca3a9769b8e7e5e045eb4a655c712c091ed143c2dca1642ad11b91dbf3829241d9337a97aad6fb220d32177c751fb8b4acc7d64c681ed881ac6523ecf7bdcc4a2d77b81ca0f984fcf0dd4c62f8c18baf950a86f2593011e12f5c7d1d8e339117415fd64256c0304a7eab43d7a34b0bd76a56cc0762942a314168ed93d404e67b5d761579007424d1a2186d14b71b6fd627ff2b5603c2d41859c85530b78dcd33e1eb019c4134c56075677a1", 0xdb}], 0x1, &(0x7f0000000ac0)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xee01}}}, @cred={{0x1c}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0x0, r0, r1}}}, @rights={{0x14, 0x1, 0x1, [r2]}}], 0xe8, 0x20000800}}], 0x1, 0x44801)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
r4 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_S_INPUT(r4, 0xc0045627, &(0x7f00000000c0)=0x1)
ioctl$VIDIOC_TRY_FMT(r4, 0xc0d05640, &(0x7f0000000200)={0x6, @raw_data="98fe6404cf625acfeb28dab7e6d302fa41d603e654530adfc86e6de429a5c423dea3163539765c8bb504d9bb98811dc9b0ec716ad4204bf3905d4259a432c139bc30b99a3090f761f570251524eac6683f7ea95677bf4dbc8c0f34d58fc8a2ff41e5dae8eaa63bb7da7f484daca02d7cd565d96d5e8695f57a4fb3dc96422672507efa68c66781fb294a0bc84b61784cf4003b548bc4b1a251d83e1630c40520e82f3bfd10663f097190cfc72b9c2dfed700e315a95d527c5ded47f4b5dad398b164473fea66532c"})
syz_usb_connect(0x0, 0x24, &(0x7f0000001080)=ANY=[@ANYBLOB="120100000575c820490d00702f260102030109021200"], 0x0)
r5 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_emit_ethernet(0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
socket$inet6(0xa, 0x2, 0x0)
syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB], &(0x7f0000000640)={0x0, 0x0, 0x5, &(0x7f00000001c0)={0x5, 0xf, 0x5}, 0x7, [{0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x2, &(0x7f00000003c0)=@string={0x2}}, {0x2, &(0x7f0000000440)=@string={0x2}}, {0x2, &(0x7f00000004c0)=@string={0x2}}, {0x0, 0x0}]})
write$P9_RVERSION(0xffffffffffffffff, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
ioctl$NBD_SET_SOCK(r5, 0xab00, 0xffffffffffffffff)
ioctl$NBD_SET_FLAGS(0xffffffffffffffff, 0xab0a, 0x1000001000104)
syz_open_dev$hiddev(0x0, 0x1, 0x412081)
openat$tcp_congestion(0xffffffffffffff9c, 0x0, 0x1, 0x0)
r6 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r7, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00'})
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r6, @ANYBLOB=',wfdno=', @ANYRESHEX=r7])
sched_setscheduler(r3, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={<r8=>0xffffffffffffffff})
connect$unix(r8, &(0x7f0000000180)=@abs, 0x6e)

8.028143533s ago: executing program 0 (id=3651):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
syz_emit_ethernet(0x36, &(0x7f0000000080)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_io_uring_setup(0x10d, &(0x7f00000000c0)={0x0, 0x40000, 0x0, 0xfffffffc, 0x358}, &(0x7f0000000380)=<r4=>0x0, &(0x7f0000000280)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r6 = fsopen(&(0x7f0000000040)='befs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0)
r7 = fsmount(r6, 0x0, 0x1)
fsconfig$FSCONFIG_SET_STRING(r6, 0x1, &(0x7f0000000000)='{\'\x00', &(0x7f00000001c0)='&}.\'-:{\x00', 0x0)
ioctl$VIDIOC_QUERY_DV_TIMINGS(r7, 0x80845663, &(0x7f00000002c0)={0x0, @reserved})
fchdir(r7)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000480)={[{@workdir={'workdir', 0x3d, './bus'}}]})
syz_io_uring_submit(r4, r5, &(0x7f0000000180)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x23456})
io_uring_enter(r3, 0x3f70, 0x0, 0x0, 0x0, 0x0)

8.007288226s ago: executing program 1 (id=3652):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0xd21, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x8031, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, &(0x7f0000000040))
r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x0, 0x0}}, 0xfdbc)
ioctl$SNDRV_PCM_IOCTL_STATUS_EXT64(0xffffffffffffffff, 0xc0984124, &(0x7f00000006c0))
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x89f0, &(0x7f0000001440)={'bridge0\x00', &(0x7f0000000400)=@ethtool_ringparam={0x12, 0x0, 0x20240001, 0x0, 0x1, 0x0, 0x2, 0x0, 0xd}})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
socket$inet_udp(0x2, 0x2, 0x0)
r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
futex(&(0x7f000000cffc), 0xb, 0x0, 0x0, &(0x7f0000048000), 0x0)
futex(&(0x7f000000cffc)=0x1, 0x5, 0x1, 0x0, &(0x7f0000000040)=0x2, 0x2000000)
ioctl$LOOP_CTL_ADD(r3, 0x4c80, 0xb)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r4=>0x0], 0x0, 0x0, 0x0, 0x1})
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_REMOVE(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x14, r7, 0x1, 0x0, 0x0, {0x4}}, 0x14}, 0x1, 0xfcffffff00000000}, 0x0)
ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f0000000840)={0x0, 0x0, r4, <r8=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r0, 0xc06864ce, &(0x7f0000000440)={r8, 0x0, 0x0, 0x0, 0x3, [], [], [0x428e050d], [0x0, 0x3ff]})
r9 = creat(&(0x7f0000000180)='./file0\x00', 0x0)
close(r9)
syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r9, 0x100000000)

6.444892274s ago: executing program 0 (id=3653):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
setsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, &(0x7f00000041c0)={0x4}, 0x2)

6.045009423s ago: executing program 0 (id=3655):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket(0x15, 0x5, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x3f, 0x7a, 0x7e, 0x40, 0xc72, 0x12, 0x2296, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x72, 0x0, 0x0, 0xab, 0x38, 0x48}}]}}]}}, 0x0)
getsockopt$nfc_llcp(r1, 0x114, 0x2721, 0x0, 0x20000000)
socket$inet_sctp(0x2, 0x1, 0x84)
pipe2$watch_queue(0x0, 0x80)
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_usb_connect(0x0, 0x24, 0x0, 0x0)
io_uring_setup(0x26ce, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000200)='sched_switch\x00'}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r2 = getpid()
syz_emit_ethernet(0x4e, &(0x7f0000000440)=ANY=[@ANYBLOB="b8a3eb209aa0aaaaaaaaaa0086dd6000010000183afffe800000000000000000000000000000ff020000000000000000000000000001860090780000000000000000000000000000010021000000c0a5f7e42c"], 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r5, &(0x7f0000000300)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r5, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000000)='batadv_slave_1\x00', 0x10)
sendmmsg$inet(r5, &(0x7f0000003b00)=[{{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000180)=';', 0xfffffdef}], 0x1}}, {{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000400)="bb", 0x1}], 0x1, 0x0, 0xfffffffffffffd96}}], 0x2, 0x16da)
getsockopt$packet_int(r0, 0x107, 0xb, 0x0, &(0x7f0000000040)=0x3a)

5.821858173s ago: executing program 4 (id=3656):
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x8, &(0x7f0000005c00)=ANY=[], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x4, 0x5}, 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, 0x0, 0x0)
clock_getres(0xfffffffffffffff1, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f00000001c0)={0x0, "28d7b07d54891881fe02c1203fe49696b9f26f2da4149683f065714f8a61d1f32c990658bd27b2aa77459cee5a6d79db5762969d51ed5bef3d63520d260804d0", 0x2}, 0x48, 0xfffffffffffffffd)
r2 = msgget$private(0x0, 0x20)
msgrcv(r2, 0x0, 0x0, 0x2, 0x1000)
msgsnd(r2, &(0x7f0000001800)=ANY=[], 0x8, 0x0)
getsockopt(0xffffffffffffffff, 0x200000000114, 0x271e, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$DRM_IOCTL_MODE_GETFB(0xffffffffffffffff, 0xc01c64ad, &(0x7f0000000240))
syz_io_uring_submit(0x0, 0x0, 0x0)
syz_emit_ethernet(0x6e, 0x0, 0x0)
socket$l2tp6(0xa, 0x2, 0x73)
r3 = openat$cgroup_pressure(r0, &(0x7f0000000040)='io.pressure\x00', 0x2, 0x0)
openat$cgroup_pressure(r0, &(0x7f00000000c0)='io.pressure\x00', 0x2, 0x0)
ppoll(&(0x7f0000000180)=[{r3}], 0x1, 0x0, 0x0, 0x0)

4.993046766s ago: executing program 6 (id=3658):
r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080), 0x1c0002, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x1abb01, 0x0)
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaabb8100400008004526005c016700005d119078ac1e0001e00000014e234e22004890780300000001000000cf24e32481831aec3d74ad335d981f9cead0ce9ab78a3c6e6346a8d16a4263470cfd0b63ec6331239ed149bff2d96edbfe35572f5292dc21"], 0x6e)
write$vga_arbiter(r0, &(0x7f0000000140)=ANY=[], 0xc)
syz_io_uring_setup(0x8000031, &(0x7f0000000080)={0x0, 0x0, 0x10100, 0x0, 0x2f7}, &(0x7f0000000300)=<r3=>0x0, &(0x7f0000000100)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffffffffffff31})
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x7, 0x8f}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = socket$phonet_pipe(0x23, 0x5, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000001c0)='sched_switch\x00'}, 0x10)
ioctl$SIOCPNENABLEPIPE(r7, 0x89ed, 0x500)
syz_open_dev$ttys(0xc, 0x2, 0x1)

4.394160649s ago: executing program 4 (id=3659):
socket(0x10, 0x3, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
read$msr(0xffffffffffffffff, 0x0, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
clock_gettime(0x0, &(0x7f00000010c0)={<r1=>0x0})
futex_waitv(&(0x7f0000001080)=[{0x3, 0x0, 0x82}], 0x1, 0x0, &(0x7f0000001100)={r1}, 0x1)

4.351519624s ago: executing program 2 (id=3660):
r0 = syz_open_dev$sndctrl(0x0, 0xde, 0x0)
r1 = creat(&(0x7f00000001c0)='./bus\x00', 0x18)
r2 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
close(r1)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000001000900030073797a3200000000140000001100"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a01080000000000000000020000000900020073797a2a0000000008000440000000000900010073797a3000000000080003400000000a14000000110001"], 0x64}}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[], 0x74}}, 0x0)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6a471000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TCSETS(r7, 0x40045431, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, "7f12ddb357f7adf97affffffff7d1800"})
r8 = syz_open_pts(r7, 0x0)
ioctl$TIOCVHANGUP(r8, 0x5437, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
dup3(r7, r8, 0x0)
ioctl$TCSETA(r8, 0x5406, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x12, "0700f362368300"})
ioctl$TIOCGPTPEER(r7, 0x5441, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0xe, &(0x7f0000001500)=ANY=[@ANYBLOB="b7020000ff0d0000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000006f6400000000000045040400010000001704000001000a00b7040000ff0100006a0a00fe0000000085000000bd000000b70000000000000095000000000000009e17f199a68b06d83298a8cdc21ce784909b849d5550ad857d0454d8877a6db61d69f2ffcaa10350e11cb97c8adf1bc9a0c4eeceb9971e43405d621ffbc9ce000000d8ca56b50d0c010d631f6dde53a9a53608c10556e5734eb84049761451ce540c772e2d9f8004e26f7fcc059c062234d5595f6fbaa187b81d1106000000000fd60000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7e43c5cbd80450f859ce8122a79c3e40000b59b0fc46d6cec3c0802882add4e3179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3a32efa04137d4524847d2638da3261c8162bb7c7824be6195a66d2e17e122040e1100000200928612a29fc691e4f1f7bd053abb885f39381f1759410b1059f05684261f332d606834669b49ec99320ca7712d7e79bd5bf5ed818ecc7640917f6a559a47db608fcf9f6c131b84e41c354c66838f72b9e12d36e996f316f0812ca83efb30c7f6c6d57c4a64590401eec22523dd712c680013e87f649a1ede7142ca9d5d8a8c9f9b440fe4331ad5532c74d9a31a5d737537f7a2caa30581253d14dd3e92af7dc836686365ae01bdec561c0402b67801267a8df97d2f85426a5963d4fa3e26cc05972c162f223f000000d999e80de00fcbcc02d0aed7bb0f7ba337d59c14f39dcd4aad4139ef6425a9367f1bd1467fc6b95a4df7669839771ce9d5788029901e5a79d8b9990ace8f74087f25ad50c46088000000008000"/686, @ANYRES16=r0], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, r2, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000340), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

4.228900144s ago: executing program 4 (id=3661):
r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0x4020565a, &(0x7f0000000040)={0x5, 0x2})
ioctl$VIDIOC_DQEVENT(r0, 0x80885659, 0x0)
ioctl$VIDIOC_S_INPUT(r0, 0xc0045627, &(0x7f00000000c0)=0x3) (fail_nth: 1)

3.824918588s ago: executing program 1 (id=3662):
r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
syz_open_dev$vbi(&(0x7f0000000080), 0x1, 0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
syz_emit_ethernet(0x46, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa000000000000080045f000380000000000069078ac1414bbac1414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="94100000907800001e102900ce06000000000000ffffffff"], 0x0)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000500)='/sys/kernel/kexec_crash_size', 0x202, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000000), 0xfea7)
r5 = syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2)
ioctl$VIDIOC_S_EXT_CTRLS(r5, 0xc0205649, &(0x7f0000000100)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x98f90a, 0x8000, '\x00', @ptr=0x20002000}})
sendfile(r0, r4, 0x0, 0x2)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000005"], 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000d, 0x4008031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
poll(0x0, 0x0, 0x0)

3.802082493s ago: executing program 6 (id=3663):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket(0x15, 0x5, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x3f, 0x7a, 0x7e, 0x40, 0xc72, 0x12, 0x2296, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x72, 0x0, 0x0, 0xab, 0x38, 0x48}}]}}]}}, 0x0)
getsockopt$nfc_llcp(r1, 0x114, 0x2721, 0x0, 0x20000000)
socket$inet_sctp(0x2, 0x1, 0x84)
pipe2$watch_queue(0x0, 0x80)
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_usb_connect(0x0, 0x24, 0x0, 0x0)
io_uring_setup(0x26ce, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000200)='sched_switch\x00'}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
syz_emit_ethernet(0x4e, &(0x7f0000000440)=ANY=[@ANYBLOB="b8a3eb209aa0aaaaaaaaaa0086dd6000010000183afffe800000000000000000000000000000ff020000000000000000000000000001860090780000000000000000000000000000010021000000c0a5f7e42c"], 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r6, &(0x7f0000000300)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r6, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_BINDTODEVICE(r6, 0x1, 0x19, &(0x7f0000000000)='batadv_slave_1\x00', 0x10)
sendmmsg$inet(r6, &(0x7f0000003b00)=[{{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000180)=';', 0xfffffdef}], 0x1}}, {{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000400)="bb", 0x1}], 0x1, 0x0, 0xfffffffffffffd96}}], 0x2, 0x16da)
getsockopt$packet_int(r0, 0x107, 0xb, 0x0, &(0x7f0000000040)=0x3a)

3.273055433s ago: executing program 4 (id=3664):
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, 0x0)
r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000003005740ed0b0011c3ec000000010902120001000000000904"], 0x0)
mkdir(&(0x7f0000005740)='./file0\x00', 0x3b)
mount(0x0, 0x0, &(0x7f0000000580)='tracefs\x00', 0x4408, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x0)
getdents(r2, &(0x7f0000000300)=""/132, 0x84)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0xd, &(0x7f0000000000)=@assoc_value, &(0x7f0000000240)=0x8)
r4 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000000)='source', &(0x7f0000000100)='00.:/', 0x0)
syz_usb_connect$cdc_ecm(0x6, 0xe3, &(0x7f00000007c0)={{0x12, 0x1, 0x201, 0x2, 0x0, 0x0, 0xff, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xd1, 0x1, 0x1, 0x1, 0x0, 0xe, [{{0x9, 0x4, 0x0, 0x3, 0x3, 0x2, 0x6, 0x0, 0x9c, {{0x5}, {0x5, 0x24, 0x0, 0x2}, {0xd, 0x24, 0xf, 0x1, 0x1, 0x401, 0x221, 0x6}, [@mdlm_detail={0x96, 0x24, 0x13, 0x5, "07b4dbe6f14dd3471a58288a1942687b16758f4c80ab1dbbe3e47a943fde94b9265ffc2d948411c53c2c0e5298f1bea8b4546f1261542707a5adfd695d41a6ede901e19dd4e8205168de1b147a2a665b7d4c6bcdaa99015eba061d5f15bdbf15a9b91b963c08bd338ddbe81a7ca26b842c5816193b7590de00fc1fa943005c8309f916f7f413738d26842ed6b2752ffaf878"}]}, {[], {{0x9, 0x5, 0x82, 0x2, 0x10, 0x1, 0x4}}, {{0x9, 0x5, 0x3, 0x2, 0x20, 0xe6, 0x2, 0x4}}}}}]}}]}}, 0x0)
syz_usb_control_io$uac1(r1, 0x0, &(0x7f00000004c0)={0x44, &(0x7f0000000280)=ANY=[@ANYBLOB="00000108000021"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r1, 0x0, 0x0)
syz_usb_control_io(r1, 0x0, &(0x7f0000000700)={0x84, &(0x7f0000000640)=ANY=[@ANYBLOB="201104060000000101"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

3.165514666s ago: executing program 2 (id=3665):
r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
r1 = memfd_create(&(0x7f0000000340)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\xdenJ\xeb\x87\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\xe0\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf0\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12', 0x2)
fcntl$addseals(r1, 0x409, 0x7)
ioctl$UDMABUF_CREATE(r0, 0x40187542, &(0x7f0000000140)={r1, 0x0, 0x0, 0x4000})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x4)
ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8929, &(0x7f0000000280)={'gre0\x00', 0x2000081})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$midi(&(0x7f0000000040), 0x2, 0x0)
ioctl$SNDRV_RAWMIDI_IOCTL_INFO(r2, 0x810c5701, &(0x7f0000000580))
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
mount$bpf(0x0, &(0x7f00000003c0)='./cgroup\x00', &(0x7f0000000280), 0x18, &(0x7f0000000480)=ANY=[@ANYBLOB='eode=00000000000000000000010,\x00'])
syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @netfilter=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})

2.336903596s ago: executing program 2 (id=3666):
openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f00000000c0)=0x4)
ptrace(0x10, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000ec0)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
shmget$private(0x0, 0x4000, 0x20, &(0x7f00005c6000/0x4000)=nil)
syz_open_dev$tty1(0xc, 0x4, 0x1)
getsockopt$inet_sctp_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f0000000580)={0x0, 0x2, 0x3ff, 0x9, 0x5, 0xa987, 0xffd1, 0x10001, {0x0, @in={{0x2, 0x4e21, @private=0xa010100}}, 0xd, 0x4, 0x8, 0x4, 0x100}}, &(0x7f0000000980)=0xb0)
sched_rr_get_interval(0x0, &(0x7f00000001c0))
mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0)

1.311924565s ago: executing program 2 (id=3667):
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=ANY=[@ANYBLOB="14000000100001000b000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000044000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f08000340000000045c0000000c0a01020000000000000000010000000900020073797a32000000000900010073797a3000000000300003802c00008028000180230001"], 0xe8}}, 0x0)
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f00000000c0))
ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000200))
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000140)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xb, &(0x7f0000000100)=ANY=[@ANYRESOCT=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000100)=ANY=[@ANYRES8, @ANYRES32, @ANYBLOB="0000000000000000400012800c00"], 0x68}, 0x1, 0x0, 0x0, 0x44800}, 0x0)
r3 = socket$igmp6(0xa, 0x3, 0x2)
r4 = socket$inet6(0xa, 0x805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000080)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @private1}]}, &(0x7f00000002c0)=0x10)
getsockopt$bt_hci(r4, 0x84, 0x81, &(0x7f0000000080)=""/4076, &(0x7f00000010c0)=0xfec)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r3, 0x8983, &(0x7f0000001080)={0x0, 'syzkaller1\x00', {0x2}})
r5 = syz_io_uring_setup(0x7b, &(0x7f00000003c0)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
syz_io_uring_submit(r6, r7, &(0x7f0000000600)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r9, 0x0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000019c0)=[{&(0x7f00000002c0)=""/183, 0xb7}], 0x1}, 0x0, 0x40000103})
io_uring_enter(r5, 0x46f3, 0x0, 0x0, 0x0, 0x0)
r10 = signalfd(r2, &(0x7f0000000080)={[0x696e]}, 0x3)
read(r10, &(0x7f0000000740)=""/384, 0x200008c0)
write(r8, 0x0, 0x0)
r11 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='stat\x00')
preadv(r11, &(0x7f00000001c0)=[{&(0x7f0000000100)=""/24, 0x18}], 0x1, 0x0, 0x0)
openat$incfs(r11, &(0x7f0000000240)='.log\x00', 0x40200, 0x10)
write$tun(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="06000000bbbbbbbbbbbbaaaaaaaaaabb88f5"], 0x72)
ioctl$PPPIOCSFLAGS1(r0, 0x40047459, &(0x7f0000000100)=0x2000004)
pwritev(r0, &(0x7f0000000540)=[{&(0x7f00000002c0)="00214717a70700000000030600710a069d317ebb906ce74b18272786533b905a56fef73ab452dbae5d5d4d50e7182ce0ab6d", 0x32}], 0x1, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)

956.966732ms ago: executing program 1 (id=3668):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_mtu(r0, 0x0, 0x33, 0x0, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
lseek(r1, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYRES16=r0, @ANYRESDEC=r0, @ANYRES8=r0, @ANYRESOCT=r0, @ANYRESDEC=r0, @ANYRES64=r1, @ANYRESDEC=0x0], 0x16)

932.20165ms ago: executing program 0 (id=3669):
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x8, &(0x7f0000005c00)=ANY=[], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x4, 0x5}, 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, 0x0, 0x0)
clock_getres(0xfffffffffffffff1, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f00000001c0)={0x0, "28d7b07d54891881fe02c1203fe49696b9f26f2da4149683f065714f8a61d1f32c990658bd27b2aa77459cee5a6d79db5762969d51ed5bef3d63520d260804d0", 0x2}, 0x48, 0xfffffffffffffffd)
r2 = msgget$private(0x0, 0x20)
msgrcv(r2, 0x0, 0x0, 0x2, 0x1000)
msgsnd(r2, &(0x7f0000001800)=ANY=[], 0x8, 0x0)
getsockopt(0xffffffffffffffff, 0x200000000114, 0x271e, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$DRM_IOCTL_MODE_GETFB(0xffffffffffffffff, 0xc01c64ad, &(0x7f0000000240))
syz_io_uring_submit(0x0, 0x0, 0x0)
syz_emit_ethernet(0x6e, 0x0, 0x0)
socket$l2tp6(0xa, 0x2, 0x73)
r3 = openat$cgroup_pressure(r0, &(0x7f0000000040)='io.pressure\x00', 0x2, 0x0)
openat$cgroup_pressure(r0, &(0x7f00000000c0)='io.pressure\x00', 0x2, 0x0)
ppoll(&(0x7f0000000180)=[{r3}], 0x1, 0x0, 0x0, 0x0)

812.97966ms ago: executing program 1 (id=3670):
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r3, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r4, &(0x7f0000000000)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0x1c}, 0x1c)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
splice(r4, 0x0, r5, 0x0, 0x800000008ec1, 0xa)

664.04565ms ago: executing program 2 (id=3671):
socket(0x10, 0x3, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
read$msr(0xffffffffffffffff, 0x0, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
clock_gettime(0x0, &(0x7f00000010c0)={<r1=>0x0})
futex_waitv(&(0x7f0000001080)=[{0x3, 0x0, 0x82}], 0x1, 0x0, &(0x7f0000001100)={r1}, 0x1)

450.953434ms ago: executing program 2 (id=3672):
r0 = syz_open_dev$vim2m(&(0x7f0000000100), 0x69c, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7c2c)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
socket$igmp(0x2, 0x3, 0x2)
socket$kcm(0x29, 0x2, 0x0)
ioctl$SIOCAX25GETINFOOLD(0xffffffffffffffff, 0x89e9, 0x0)
ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000040)={0x8, 0x1, 0x3, "a701f6dd566a4ab69e1f83b4051d09a83971e3aece62c53bb500", 0x20385655})

431.13176ms ago: executing program 6 (id=3673):
chdir(0x0)
r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080), 0x1c0002, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x1abb01, 0x0)
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaabb8100400008004526005c016700005d119078ac1e0001e00000014e234e22004890780300000001000000cf24e32481831aec3d74ad335d981f9cead0ce9ab78a3c6e6346a8d16a4263470cfd0b63ec6331239ed149bff2d96edbfe35572f5292dc21"], 0x6e)
write$vga_arbiter(r0, &(0x7f0000000140)=ANY=[], 0xc)
syz_io_uring_setup(0x8000031, &(0x7f0000000080)={0x0, 0x0, 0x10100, 0x0, 0x2f7}, &(0x7f0000000300)=<r3=>0x0, &(0x7f0000000100)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffffffffffff31})
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x7, 0x8f}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = socket$phonet_pipe(0x23, 0x5, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000001c0)='sched_switch\x00'}, 0x10)
ioctl$SIOCPNENABLEPIPE(r7, 0x89ed, 0x500)
syz_open_dev$ttys(0xc, 0x2, 0x1)

0s ago: executing program 0 (id=3674):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = getpgid(0xffffffffffffffff)
r1 = syz_open_procfs(r0, &(0x7f0000000180)='smaps_rollup\x00')
connect$inet(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000380)='sched_switch\x00'}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
r3 = getpgrp(0x0)
r4 = syz_pidfd_open(r3, 0x0)
setns(r4, 0x34020000)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f0000000340)=[{{0x0, 0xffffffffffffff80, &(0x7f0000000000)=[{&(0x7f0000000500)=""/231, 0xe7}, {&(0x7f00000000c0)=""/103, 0x67}], 0x2, &(0x7f00000002c0)=""/12, 0xc}, 0x2}], 0x1, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r7 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r8 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/stat\x00', 0x0, 0x0)
sendfile(r7, r8, 0x0, 0xdc)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0xd, 0x4, &(0x7f00000002c0)=ANY=[], 0x0, 0x4, 0x98, &(0x7f0000000440)=""/152, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffa556, @void, @value}, 0x94)
r9 = socket$can_j1939(0x1d, 0x2, 0x7)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$TIPC_NL_LINK_RESET_STATS(r1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000000}, 0x80)
setsockopt$SO_J1939_SEND_PRIO(r9, 0x6b, 0x3, &(0x7f0000000080)=0x5, 0x4)
openat$rtc(0xffffffffffffff9c, 0x0, 0x22601, 0x0)
preadv(r1, &(0x7f0000000ac0)=[{&(0x7f0000000640)=""/221, 0xdd}, {0x0}, {&(0x7f0000000740)=""/66, 0x42}, {&(0x7f0000000d40)=""/164, 0xa4}, {&(0x7f0000000880)=""/75, 0x7}, {&(0x7f0000000900)=""/236, 0xec}, {&(0x7f0000000280)=""/45, 0x2d}, {&(0x7f0000000a00)=""/130, 0x82}, {&(0x7f0000002ec0)=""/4096, 0x1000}], 0x9, 0x8c, 0x0)

kernel console output (not intermixed with test programs):

: cp210x converter detected
[  987.403436][ T9878] bridge0: port 1(bridge_slave_0) entered blocking state
[  987.410591][ T9878] bridge0: port 1(bridge_slave_0) entered forwarding state
[  987.451015][ T9874] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  987.503171][T14745] bridge0: port 2(bridge_slave_1) entered blocking state
[  987.510329][T14745] bridge0: port 2(bridge_slave_1) entered forwarding state
[  987.636139][T17195] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  987.682212][T17305] libceph: resolve '00.' (ret=-3): failed
[  987.757580][ T9874] bridge_slave_1: left allmulticast mode
[  987.781052][ T9874] bridge_slave_1: left promiscuous mode
[  987.816181][ T9874] bridge0: port 2(bridge_slave_1) entered disabled state
[  987.896173][T14904] cp210x 1-1:0.0: failed to get vendor val 0x0010 size 3: -32
[  987.936557][ T9874] bridge_slave_0: left allmulticast mode
[  987.961358][T14904] usb 1-1: cp210x converter now attached to ttyUSB0
[  987.968780][ T9874] bridge_slave_0: left promiscuous mode
[  987.988373][ T9874] bridge0: port 1(bridge_slave_0) entered disabled state
[  988.152517][    T8] usb 1-1: USB disconnect, device number 59
[  988.170349][T11566] Bluetooth: hci3: command tx timeout
[  988.180985][    T8] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  988.198935][    T8] cp210x 1-1:0.0: device disconnected
[  988.220307][ T5904] vhci_hcd: vhci_device speed not set
[  988.432208][ T9874] bond1 (unregistering): (slave ip6gretap1): Releasing active interface
[  989.180730][ T9874] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  989.202357][ T9874] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  989.212704][ T9874] bond0 (unregistering): Released all slaves
[  989.427048][ T9874] bond1 (unregistering): Released all slaves
[  989.773180][T17195] 8021q: adding VLAN 0 to HW filter on device batadv0
[  989.920624][T17195] veth0_vlan: entered promiscuous mode
[  989.930228][T17195] veth1_vlan: entered promiscuous mode
[  989.978989][ T9874] batadv_slave_0: left promiscuous mode
[  990.013439][ T9874] hsr_slave_0: left promiscuous mode
[  990.032765][ T9874] hsr_slave_1: left promiscuous mode
[  990.069086][ T9874] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  990.089712][ T9874] batman_adv: batadv0: Removing interface: batadv_slave_0
[  990.108877][ T9874] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  990.124360][ T9874] batman_adv: batadv0: Removing interface: batadv_slave_1
[  990.199215][ T9874] veth0_macvtap: left promiscuous mode
[  990.219421][ T9874] veth1_vlan: left promiscuous mode
[  990.231139][T11566] Bluetooth: hci3: command tx timeout
[  990.355554][ T9874] veth0_vlan: left promiscuous mode
[  990.939258][T17381] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3130'.
[  991.168225][T17387] netlink: 80 bytes leftover after parsing attributes in process `syz.5.3131'.
[  991.566308][ T9874] team0 (unregistering): Port device team_slave_0 removed
[  992.094400][T17195] veth0_macvtap: entered promiscuous mode
[  992.146949][T17195] veth1_macvtap: entered promiscuous mode
[  992.211078][T17195] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  992.270125][T17195] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  992.302496][T17195] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  992.328937][T17195] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  992.361165][T17195] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  992.399732][T17195] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  992.450106][T17195] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  992.461615][T17195] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  992.480183][T17195] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  992.495740][T17195] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  992.548558][T17195] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  992.559517][T14904] usb 5-1: new high-speed USB device number 54 using dummy_hcd
[  992.712057][T17195] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  992.736655][T17195] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  992.772332][T17195] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  992.809311][T17195] batman_adv: batadv0: Interface activated: batadv_slave_0
[  992.867631][ T1292] ieee802154 phy0 wpan0: encryption failed: -22
[  993.139417][T14904] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  993.161670][   T29] audit: type=1400 audit(2000000338.249:1063): avc:  denied  { mount } for  pid=17403 comm="syz.5.3135" name="/" dev="gadgetfs" ino=54222 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  993.371204][T14904] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  993.451934][T14904] usb 5-1: config 0 descriptor??
[  993.459808][T14904] cp210x 5-1:0.0: cp210x converter detected
[  993.542994][T17195] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  993.560338][T17195] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  993.594611][T17195] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  993.636020][T17195] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  993.665683][T17393] libceph: resolve '00.' (ret=-3): failed
[  993.693575][T17195] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  993.720012][ T9878] Bluetooth: hci4: received HCILL_GO_TO_SLEEP_ACK in state 1
[  993.723816][T17195] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  993.752319][T17195] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  993.795645][T17195] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  993.822614][T17195] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  993.840011][T17195] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  993.849859][T17195] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  993.860442][T17195] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  993.871898][T17195] batman_adv: batadv0: Interface activated: batadv_slave_1
[  993.902343][T17195] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  993.910652][T14904] cp210x 5-1:0.0: failed to get vendor val 0x0010 size 3: -32
[  993.926640][T14904] usb 5-1: cp210x converter now attached to ttyUSB0
[  993.930555][T17195] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  993.962371][T17195] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  993.979691][T17195] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  994.136328][  T969] usb 5-1: USB disconnect, device number 54
[  994.152783][  T969] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  994.208806][  T969] cp210x 5-1:0.0: device disconnected
[  994.356017][ T9878] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  994.368267][ T9878] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  994.390789][T17422] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  994.408797][ T9875] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  994.416716][ T9875] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  994.424807][T17422] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  994.583814][T17429] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  994.786327][T17442] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  995.005763][T17445] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3140'.
[  995.021967][T17445] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3140'.
[  995.100694][ T5129] Bluetooth: hci4: command 0x1003 tx timeout
[  995.107654][T12896] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  995.460527][T17455] netlink: 80 bytes leftover after parsing attributes in process `syz.1.3141'.
[  995.851804][T17464] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3143'.
[  996.774842][T17475] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  996.794476][T17475] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  997.268760][T17489] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3150'.
[  997.344356][T17490] ieee802154 phy0 wpan0: encryption failed: -22
[  997.662911][ T9827] Bluetooth: hci4: Frame reassembly failed (-84)
[  998.030203][T14904] usb 3-1: new high-speed USB device number 77 using dummy_hcd
[  998.480039][    T8] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  998.770082][    T8] usb 6-1: Using ep0 maxpacket: 32
[  998.787464][    T8] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1
[  998.791953][T14904] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  998.806766][T14904] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  998.821112][T14904] usb 3-1: config 0 descriptor??
[  998.841514][T14904] cp210x 3-1:0.0: cp210x converter detected
[  998.999352][    T8] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  999.009600][    T8] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  999.017905][    T8] usb 6-1: Product: syz
[  999.022648][    T8] usb 6-1: Manufacturer: syz
[  999.029063][    T8] usb 6-1: SerialNumber: syz
[  999.036318][T17499] libceph: resolve '00.' (ret=-3): failed
[  999.044067][T17516] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  999.311226][T14904] cp210x 3-1:0.0: failed to get vendor val 0x0010 size 3: -32
[  999.321758][    T8] usblp 6-1:1.0: usblp0: USB Unidirectional printer dev 2 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  999.468176][T14904] usb 3-1: cp210x converter now attached to ttyUSB0
[  999.523393][   T25] usb 6-1: USB disconnect, device number 2
[  999.740473][ T5129] Bluetooth: hci4: command 0x1003 tx timeout
[  999.757638][T14904] usb 3-1: USB disconnect, device number 77
[  999.760114][T12896] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  999.809130][   T25] usblp0: removed
[  999.879059][T17533] Bluetooth: MGMT ver 1.23
[  999.899238][T14904] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[ 1000.251425][T14904] cp210x 3-1:0.0: device disconnected
[ 1000.523298][T17537] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3160'.
[ 1000.532326][T17537] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3160'.
[ 1000.820117][T17547] overlayfs: failed to resolve './bus': -2
[ 1001.371491][T17564] xt_CT: You must specify a L4 protocol and not use inversions on it
[ 1002.697472][T17600] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3170'.
[ 1002.728383][T17600] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3170'.
[ 1004.340285][T17634] overlayfs: missing 'lowerdir'
[ 1004.689435][T17640] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3176'.
[ 1004.775633][T17640] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3176'.
[ 1005.686145][T17659] netlink: 80 bytes leftover after parsing attributes in process `syz.0.3179'.
[ 1007.420317][T14904] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[ 1007.588383][T14904] usb 6-1: config 0 has an invalid interface number: 114 but max is 0
[ 1007.603488][T14904] usb 6-1: config 0 has no interface number 0
[ 1007.673011][T14904] usb 6-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96
[ 1007.682924][T14904] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1007.707445][T14904] usb 6-1: Product: syz
[ 1007.724038][T14904] usb 6-1: Manufacturer: syz
[ 1007.742011][T14904] usb 6-1: SerialNumber: syz
[ 1007.882075][T14904] usb 6-1: config 0 descriptor??
[ 1007.898454][T14904] peak_usb 6-1:0.114: probe with driver peak_usb failed with error 114
[ 1008.013590][T17695] overlayfs: missing 'lowerdir'
[ 1008.150077][T14904] usb 1-1: new high-speed USB device number 60 using dummy_hcd
[ 1008.729199][T14904] usb 1-1: config 0 has an invalid interface number: 114 but max is 0
[ 1008.737753][T14904] usb 1-1: config 0 has no interface number 0
[ 1008.960408][    T8] usb 5-1: new high-speed USB device number 55 using dummy_hcd
[ 1008.963970][T14904] usb 1-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96
[ 1008.984784][T14904] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1008.994616][T14904] usb 1-1: Product: syz
[ 1008.998788][T14904] usb 1-1: Manufacturer: syz
[ 1009.009135][T14904] usb 1-1: SerialNumber: syz
[ 1009.696584][T14904] usb 1-1: config 0 descriptor??
[ 1009.744579][    T8] usb 5-1: config 0 has an invalid interface number: 114 but max is 0
[ 1009.775912][T14904] peak_usb 1-1:0.114: probe with driver peak_usb failed with error 114
[ 1009.794267][    T8] usb 5-1: config 0 has no interface number 0
[ 1010.057017][    T8] usb 5-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96
[ 1010.087220][    T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1010.107847][    T8] usb 5-1: Product: syz
[ 1010.126871][    T8] usb 5-1: Manufacturer: syz
[ 1010.140587][    T8] usb 5-1: SerialNumber: syz
[ 1010.159421][    T8] usb 5-1: config 0 descriptor??
[ 1010.180907][    T8] peak_usb 5-1:0.114: probe with driver peak_usb failed with error 114
[ 1010.366705][T17736] program syz.2.3193 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1010.978980][T17736] libceph: resolve '00.' (ret=-3): failed
[ 1011.114229][  T969] usb 6-1: USB disconnect, device number 3
[ 1011.844536][T17750] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3194'.
[ 1011.951454][T17755] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3194'.
[ 1012.098409][ T5896] usb 1-1: USB disconnect, device number 60
[ 1013.127138][T15572] usb 5-1: USB disconnect, device number 55
[ 1013.186334][T17775] netlink: 80 bytes leftover after parsing attributes in process `syz.0.3197'.
[ 1013.525413][T17781] overlayfs: missing 'workdir'
[ 1014.010431][T17793] netlink: 172 bytes leftover after parsing attributes in process `syz.0.3202'.
[ 1014.111476][T17795] netlink: 'syz.0.3202': attribute type 3 has an invalid length.
[ 1014.119324][T17795] netlink: 224 bytes leftover after parsing attributes in process `syz.0.3202'.
[ 1015.174633][T17803] netlink: 80 bytes leftover after parsing attributes in process `syz.0.3204'.
[ 1015.414047][T17806] overlayfs: missing 'workdir'
[ 1016.895254][T17825] xt_CT: You must specify a L4 protocol and not use inversions on it
[ 1017.040264][  T969] usb 1-1: new high-speed USB device number 61 using dummy_hcd
[ 1017.110265][T17836] netlink: 172 bytes leftover after parsing attributes in process `syz.5.3214'.
[ 1017.480912][T17840] netlink: 'syz.5.3214': attribute type 3 has an invalid length.
[ 1017.488713][T17840] netlink: 224 bytes leftover after parsing attributes in process `syz.5.3214'.
[ 1017.644934][T17841] netlink: 80 bytes leftover after parsing attributes in process `syz.1.3215'.
[ 1017.757011][  T969] usb 1-1: config 0 has an invalid interface number: 114 but max is 0
[ 1017.769236][  T969] usb 1-1: config 0 has no interface number 0
[ 1017.810386][   T25] usb 5-1: new high-speed USB device number 56 using dummy_hcd
[ 1017.842499][  T969] usb 1-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96
[ 1017.858367][  T969] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1017.868696][  T969] usb 1-1: Product: syz
[ 1017.947693][T17845] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3216'.
[ 1018.451749][  T969] usb 1-1: Manufacturer: syz
[ 1018.456481][  T969] usb 1-1: SerialNumber: syz
[ 1018.465986][  T969] usb 1-1: config 0 descriptor??
[ 1018.472446][  T969] peak_usb 1-1:0.114: probe with driver peak_usb failed with error 114
[ 1018.481020][   T25] usb 5-1: Using ep0 maxpacket: 32
[ 1018.488537][   T25] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1
[ 1018.502512][   T25] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 1018.705367][   T25] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1018.809466][   T25] usb 5-1: Product: syz
[ 1018.819744][   T25] usb 5-1: Manufacturer: syz
[ 1018.941417][T17852] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3219'.
[ 1019.052674][   T25] usb 5-1: SerialNumber: syz
[ 1019.690994][T17858] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3219'.
[ 1019.847478][T17837] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[ 1020.007172][   T25] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 56 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1020.041475][   T25] usb 5-1: USB disconnect, device number 56
[ 1020.055182][   T25] usblp0: removed
[ 1020.109248][T17865] netlink: 80 bytes leftover after parsing attributes in process `syz.5.3221'.
[ 1020.955656][    T8] usb 1-1: USB disconnect, device number 61
[ 1021.327983][T17889] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3225'.
[ 1022.202890][T17898] netlink: 172 bytes leftover after parsing attributes in process `syz.0.3229'.
[ 1022.328069][T17902] netlink: 'syz.0.3229': attribute type 3 has an invalid length.
[ 1022.336025][T17902] netlink: 224 bytes leftover after parsing attributes in process `syz.0.3229'.
[ 1022.983659][T17905] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3231'.
[ 1022.992651][T17905] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3231'.
[ 1023.627232][T17904] netlink: 80 bytes leftover after parsing attributes in process `syz.4.3230'.
[ 1024.373401][T17933] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4)
[ 1024.379944][T17933] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1024.400491][T15572] usb 5-1: new high-speed USB device number 57 using dummy_hcd
[ 1024.420219][T17933] vhci_hcd vhci_hcd.0: Device attached
[ 1024.600060][T15572] usb 5-1: Using ep0 maxpacket: 16
[ 1024.663250][T15572] usb 5-1: config 0 has no interfaces?
[ 1024.671159][T15572] usb 5-1: New USB device found, idVendor=07d0, idProduct=4101, bcdDevice=a7.5c
[ 1024.681996][T15572] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=19
[ 1024.690639][    T8] usb 33-1: new low-speed USB device number 5 using vhci_hcd
[ 1024.709458][T15572] usb 5-1: Product: syz
[ 1024.744845][T15572] usb 5-1: Manufacturer: syz
[ 1024.785486][T15572] usb 5-1: SerialNumber: syz
[ 1024.812211][T15572] usb 5-1: config 0 descriptor??
[ 1025.042611][T17924] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1025.080099][T17924] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1025.117514][T17951] netlink: 172 bytes leftover after parsing attributes in process `syz.2.3243'.
[ 1025.265973][T17953] ieee802154 phy0 wpan0: encryption failed: -22
[ 1026.032912][T17958] program syz.2.3245 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1026.067297][T17934] vhci_hcd: connection reset by peer
[ 1026.081982][ T9878] vhci_hcd: stop threads
[ 1026.086220][ T9878] vhci_hcd: release socket
[ 1026.098287][ T9878] vhci_hcd: disconnect device
[ 1026.180846][T15572] usb 5-1: USB disconnect, device number 57
[ 1026.421834][  T969] usb 3-1: new high-speed USB device number 78 using dummy_hcd
[ 1026.472079][T17962] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3246'.
[ 1026.720094][  T969] usb 3-1: device descriptor read/64, error -71
[ 1026.960570][  T969] usb 3-1: new high-speed USB device number 79 using dummy_hcd
[ 1026.980053][T15572] usb 2-1: new high-speed USB device number 53 using dummy_hcd
[ 1027.121040][  T969] usb 3-1: device descriptor read/64, error -71
[ 1027.161920][T15572] usb 2-1: config 0 has an invalid interface number: 114 but max is 0
[ 1027.200116][T15572] usb 2-1: config 0 has no interface number 0
[ 1027.222521][T15572] usb 2-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96
[ 1027.874507][  T969] usb usb3-port1: attempt power cycle
[ 1027.898470][T15572] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1027.910673][T15572] usb 2-1: Product: syz
[ 1027.914854][T15572] usb 2-1: Manufacturer: syz
[ 1027.919587][T15572] usb 2-1: SerialNumber: syz
[ 1027.937187][T15572] usb 2-1: config 0 descriptor??
[ 1027.954263][T15572] peak_usb 2-1:0.114: probe with driver peak_usb failed with error 114
[ 1028.160077][T15572] usb 5-1: new high-speed USB device number 58 using dummy_hcd
[ 1028.260032][  T969] usb 3-1: new high-speed USB device number 80 using dummy_hcd
[ 1028.288505][  T969] usb 3-1: device descriptor read/8, error -71
[ 1028.340086][T15572] usb 5-1: Using ep0 maxpacket: 32
[ 1028.351943][T15572] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1
[ 1028.382246][T15572] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 1028.400959][T15572] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1028.418797][T15572] usb 5-1: Product: syz
[ 1028.437056][T15572] usb 5-1: Manufacturer: syz
[ 1028.456242][T15572] usb 5-1: SerialNumber: syz
[ 1028.470344][T17978] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[ 1028.560258][  T969] usb 3-1: new high-speed USB device number 81 using dummy_hcd
[ 1028.591818][  T969] usb 3-1: device descriptor read/8, error -71
[ 1028.727095][T15572] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 58 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1028.738094][  T969] usb usb3-port1: unable to enumerate USB device
[ 1028.939510][  T969] usb 5-1: USB disconnect, device number 58
[ 1028.948426][  T969] usblp0: removed
[ 1029.341707][T17995] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3257'.
[ 1029.737314][ T5896] usb 2-1: USB disconnect, device number 53
[ 1029.877401][    T8] vhci_hcd: vhci_device speed not set
[ 1030.016288][T18005] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3258'.
[ 1030.113386][T18006] ieee802154 phy0 wpan0: encryption failed: -22
[ 1030.750256][ T5896] usb 2-1: new high-speed USB device number 54 using dummy_hcd
[ 1030.920151][ T5896] usb 2-1: Using ep0 maxpacket: 16
[ 1030.929382][ T5896] usb 2-1: config 0 has no interfaces?
[ 1031.136066][ T5896] usb 2-1: New USB device found, idVendor=07d0, idProduct=4101, bcdDevice=a7.5c
[ 1031.139306][T18018] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3263'.
[ 1031.145449][ T5896] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=19
[ 1031.145517][ T5896] usb 2-1: Product: syz
[ 1031.154635][T18018] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3263'.
[ 1031.242532][ T5896] usb 2-1: Manufacturer: syz
[ 1031.247378][ T5896] usb 2-1: SerialNumber: syz
[ 1031.276189][ T5896] usb 2-1: config 0 descriptor??
[ 1031.520281][T18004] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1031.530778][T18004] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1031.618213][  T969] usb 2-1: USB disconnect, device number 54
[ 1031.925053][T18028] program syz.5.3267 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1032.170068][ T5896] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[ 1032.196327][T18033] netlink: 80 bytes leftover after parsing attributes in process `syz.2.3269'.
[ 1032.240161][  T969] usb 1-1: new high-speed USB device number 62 using dummy_hcd
[ 1032.310224][ T5896] usb 6-1: device descriptor read/64, error -71
[ 1032.432706][  T969] usb 1-1: config 0 has an invalid interface number: 114 but max is 0
[ 1032.459553][  T969] usb 1-1: config 0 has no interface number 0
[ 1032.527827][  T969] usb 1-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96
[ 1032.549311][  T969] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1032.558141][  T969] usb 1-1: Product: syz
[ 1032.562530][  T969] usb 1-1: Manufacturer: syz
[ 1032.567168][  T969] usb 1-1: SerialNumber: syz
[ 1032.567213][ T5896] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[ 1032.580971][  T969] usb 1-1: config 0 descriptor??
[ 1032.600047][    T8] usb 2-1: new high-speed USB device number 55 using dummy_hcd
[ 1032.617671][  T969] peak_usb 1-1:0.114: probe with driver peak_usb failed with error 114
[ 1032.740189][ T5896] usb 6-1: device descriptor read/64, error -71
[ 1032.763602][    T8] usb 2-1: config 0 has an invalid interface number: 114 but max is 0
[ 1032.772399][    T8] usb 2-1: config 0 has no interface number 0
[ 1032.780885][    T8] usb 2-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96
[ 1032.795283][    T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1032.809464][    T8] usb 2-1: Product: syz
[ 1032.815391][    T8] usb 2-1: Manufacturer: syz
[ 1032.824053][    T8] usb 2-1: SerialNumber: syz
[ 1032.831510][    T8] usb 2-1: config 0 descriptor??
[ 1032.838269][    T8] peak_usb 2-1:0.114: probe with driver peak_usb failed with error 114
[ 1032.890200][ T5896] usb usb6-port1: attempt power cycle
[ 1033.893797][ T5896] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[ 1033.930599][ T5896] usb 6-1: device descriptor read/8, error -71
[ 1034.200055][ T5896] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[ 1034.221256][ T5896] usb 6-1: device descriptor read/8, error -71
[ 1034.321970][T18050] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3274'.
[ 1034.336764][ T5896] usb usb6-port1: unable to enumerate USB device
[ 1034.360283][T18050] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3274'.
[ 1035.322377][   T25] usb 1-1: USB disconnect, device number 62
[ 1035.519583][   T25] usb 2-1: USB disconnect, device number 55
[ 1036.444932][T18078] netlink: 172 bytes leftover after parsing attributes in process `syz.4.3281'.
[ 1036.456184][T18078] netlink: 'syz.4.3281': attribute type 3 has an invalid length.
[ 1036.464010][T18078] netlink: 224 bytes leftover after parsing attributes in process `syz.4.3281'.
[ 1036.570107][    T8] usb 3-1: new high-speed USB device number 82 using dummy_hcd
[ 1036.731625][    T8] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[ 1036.741898][T18081] netlink: 80 bytes leftover after parsing attributes in process `syz.0.3282'.
[ 1036.754223][    T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1036.783065][    T8] usb 3-1: config 0 descriptor??
[ 1036.795230][    T8] cp210x 3-1:0.0: cp210x converter detected
[ 1036.940839][T18083] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3283'.
[ 1036.958916][T18083] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3283'.
[ 1037.040672][T18075] libceph: resolve '00.' (ret=-3): failed
[ 1037.278669][    T8] cp210x 3-1:0.0: failed to get vendor val 0x0010 size 3: -32
[ 1037.700960][T18085] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3284'.
[ 1037.709942][T18085] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3284'.
[ 1037.717182][    T8] usb 3-1: cp210x converter now attached to ttyUSB0
[ 1037.965846][    T8] usb 3-1: USB disconnect, device number 82
[ 1038.003029][    T8] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[ 1038.046973][    T8] cp210x 3-1:0.0: device disconnected
[ 1038.130414][ T5129] Bluetooth: hci4: sending frame failed (-49)
[ 1038.137566][T12896] Bluetooth: hci4: Opcode 0x1003 failed: -49
[ 1038.662997][T18098] netlink: 80 bytes leftover after parsing attributes in process `syz.5.3287'.
[ 1038.696650][ T5904] usb 1-1: new high-speed USB device number 63 using dummy_hcd
[ 1039.157484][T18105] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3290'.
[ 1039.474197][ T5904] usb 1-1: config 0 has an invalid interface number: 114 but max is 0
[ 1039.482560][ T5904] usb 1-1: config 0 has no interface number 0
[ 1039.491211][ T5904] usb 1-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96
[ 1039.509512][ T5904] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1039.629669][ T5904] usb 1-1: Product: syz
[ 1039.935555][ T5904] usb 1-1: Manufacturer: syz
[ 1040.017667][ T5904] usb 1-1: SerialNumber: syz
[ 1040.281123][ T5904] usb 1-1: config 0 descriptor??
[ 1040.303168][ T5904] peak_usb 1-1:0.114: probe with driver peak_usb failed with error 114
[ 1040.590533][T18127] netlink: 'syz.2.3295': attribute type 3 has an invalid length.
[ 1040.598762][T18127] __nla_validate_parse: 1 callbacks suppressed
[ 1040.598776][T18127] netlink: 224 bytes leftover after parsing attributes in process `syz.2.3295'.
[ 1041.830369][T18144] netlink: 80 bytes leftover after parsing attributes in process `syz.5.3297'.
[ 1042.031038][ T9874] Bluetooth: hci4: Frame reassembly failed (-84)
[ 1042.111640][T18135] usb 1-1: USB disconnect, device number 63
[ 1043.561782][ T5904] usb 1-1: new high-speed USB device number 64 using dummy_hcd
[ 1043.765222][ T5904] usb 1-1: Using ep0 maxpacket: 32
[ 1043.808657][ T5904] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1
[ 1043.910341][ T5904] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 1043.929601][ T5904] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1043.954335][ T5904] usb 1-1: Product: syz
[ 1043.970233][ T5904] usb 1-1: Manufacturer: syz
[ 1043.975240][ T5904] usb 1-1: SerialNumber: syz
[ 1044.009156][T18173] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 1044.061994][T11566] Bluetooth: hci4: command 0x1003 tx timeout
[ 1044.072220][T12896] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 1044.208185][T18179] netlink: 'syz.5.3309': attribute type 3 has an invalid length.
[ 1044.216130][T18179] netlink: 224 bytes leftover after parsing attributes in process `syz.5.3309'.
[ 1044.255624][ T5904] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 64 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1044.446865][ T5904] usb 1-1: USB disconnect, device number 64
[ 1044.938966][ T5904] usblp0: removed
[ 1045.865124][T18198] netlink: 80 bytes leftover after parsing attributes in process `syz.5.3314'.
[ 1046.128651][T18203] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3316'.
[ 1046.139645][T18203] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3316'.
[ 1046.148698][T12896] Bluetooth: hci5: command 0x0406 tx timeout
[ 1046.709996][    T8] usb 1-1: new high-speed USB device number 65 using dummy_hcd
[ 1047.630395][    T8] usb 1-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[ 1047.640882][    T8] usb 1-1: config 27 has 0 interfaces, different from the descriptor's value: 1
[ 1047.682940][    T8] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1047.697084][    T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1047.770156][T14904] usb 2-1: new high-speed USB device number 56 using dummy_hcd
[ 1047.922154][T14904] usb 2-1: Using ep0 maxpacket: 32
[ 1047.938088][T14904] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1
[ 1047.946097][    T8] usb 1-1: USB disconnect, device number 65
[ 1048.090353][T14904] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 1048.099498][T14904] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1048.187675][T14904] usb 2-1: Product: syz
[ 1048.237337][T14904] usb 2-1: Manufacturer: syz
[ 1048.290223][   T25] usb 3-1: new high-speed USB device number 83 using dummy_hcd
[ 1048.307369][T14904] usb 2-1: SerialNumber: syz
[ 1048.408461][T18220] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[ 1048.483106][   T25] usb 3-1: Using ep0 maxpacket: 32
[ 1048.501198][   T25] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1
[ 1048.611538][   T25] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 1048.633321][   T25] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1048.644188][T14904] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 56 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1048.695801][   T25] usb 3-1: Product: syz
[ 1048.720228][   T25] usb 3-1: Manufacturer: syz
[ 1048.727152][   T25] usb 3-1: SerialNumber: syz
[ 1048.734735][T18228] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[ 1048.970572][   T25] usblp 3-1:1.0: usblp1: USB Unidirectional printer dev 83 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1048.986537][T14904] usb 2-1: USB disconnect, device number 56
[ 1049.446979][T14904] usblp0: removed
[ 1049.521690][   T25] usb 3-1: USB disconnect, device number 83
[ 1049.804136][   T25] usblp1: removed
[ 1050.139208][T18246] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3329'.
[ 1050.458410][T18251] netlink: 80 bytes leftover after parsing attributes in process `syz.2.3331'.
[ 1051.017415][ T9827] Bluetooth: hci4: Frame reassembly failed (-84)
[ 1051.510169][    T8] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[ 1051.839646][    T8] usb 6-1: Using ep0 maxpacket: 32
[ 1051.847293][    T8] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1
[ 1051.880674][    T8] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 1051.946011][    T8] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1051.980344][    T8] usb 6-1: Product: syz
[ 1051.984538][    T8] usb 6-1: Manufacturer: syz
[ 1052.026250][    T8] usb 6-1: SerialNumber: syz
[ 1052.049134][T18267] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 1052.324859][    T8] usblp 6-1:1.0: usblp0: USB Unidirectional printer dev 8 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1052.341231][    T8] usb 6-1: USB disconnect, device number 8
[ 1052.356797][    T8] usblp0: removed
[ 1052.450112][    T9] usb 1-1: new high-speed USB device number 66 using dummy_hcd
[ 1052.611439][    T9] usb 1-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[ 1052.627304][    T9] usb 1-1: config 27 has 0 interfaces, different from the descriptor's value: 1
[ 1052.657960][    T9] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1052.672109][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1053.056104][ T5129] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 1053.064195][T12896] Bluetooth: hci4: command 0x1003 tx timeout
[ 1053.391314][    T8] usb 1-1: USB disconnect, device number 66
[ 1053.410116][    T9] usb 2-1: new high-speed USB device number 57 using dummy_hcd
[ 1053.610115][    T9] usb 2-1: Using ep0 maxpacket: 32
[ 1053.648911][    T9] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1
[ 1053.679826][    T9] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 1053.702145][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1053.716809][    T9] usb 2-1: Product: syz
[ 1053.722913][    T9] usb 2-1: Manufacturer: syz
[ 1053.727610][    T9] usb 2-1: SerialNumber: syz
[ 1053.756254][T18285] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1054.029866][    T9] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 57 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1054.244686][    T9] usb 2-1: USB disconnect, device number 57
[ 1054.272566][    T9] usblp0: removed
[ 1054.282033][T18294] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3342'.
[ 1054.291114][T18294] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3342'.
[ 1054.304490][ T1292] ieee802154 phy0 wpan0: encryption failed: -22
[ 1054.565366][T18300] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3343'.
[ 1055.515882][T18306] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3346'.
[ 1055.525042][T18306] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3346'.
[ 1055.542034][T18308] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4)
[ 1055.548564][T18308] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1055.573027][T18308] vhci_hcd vhci_hcd.0: Device attached
[ 1055.646363][T18311] vhci_hcd: connection closed
[ 1055.647554][T14745] vhci_hcd: stop threads
[ 1055.727918][T14745] vhci_hcd: release socket
[ 1055.911918][T14745] vhci_hcd: disconnect device
[ 1056.015953][    T8] usb 33-1: new low-speed USB device number 6 using vhci_hcd
[ 1056.023638][    T8] usb 33-1: enqueue for inactive port 0
[ 1056.883745][    T8] vhci_hcd: vhci_device speed not set
[ 1057.655458][ T9877] Bluetooth: hci4: Frame reassembly failed (-84)
[ 1058.110079][T15572] usb 3-1: new high-speed USB device number 84 using dummy_hcd
[ 1058.282951][T15572] usb 3-1: config 0 has an invalid interface number: 114 but max is 0
[ 1058.306030][T15572] usb 3-1: config 0 has no interface number 0
[ 1058.325722][T15572] usb 3-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96
[ 1058.339739][T15572] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1058.357051][T15572] usb 3-1: Product: syz
[ 1058.365847][T15572] usb 3-1: Manufacturer: syz
[ 1058.375624][T15572] usb 3-1: SerialNumber: syz
[ 1058.388118][T15572] usb 3-1: config 0 descriptor??
[ 1058.412725][T15572] peak_usb 3-1:0.114: probe with driver peak_usb failed with error 114
[ 1058.510081][T14904] usb 5-1: new high-speed USB device number 59 using dummy_hcd
[ 1058.671479][T14904] usb 5-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[ 1058.682046][T14904] usb 5-1: config 27 has 0 interfaces, different from the descriptor's value: 1
[ 1058.691745][T14904] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1058.915945][T14904] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1059.350458][ T5129] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 1059.540930][    T9] usb 5-1: USB disconnect, device number 59
[ 1059.713092][T18353] ieee802154 phy0 wpan0: encryption failed: -22
[ 1060.320370][T14904] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[ 1060.540187][T14904] usb 6-1: Using ep0 maxpacket: 32
[ 1060.554640][T14904] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1
[ 1060.703525][T18360] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3357'.
[ 1060.815548][T14904] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 1060.824879][T14904] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1060.833103][T14904] usb 6-1: Product: syz
[ 1060.837282][T14904] usb 6-1: Manufacturer: syz
[ 1060.842169][T14904] usb 6-1: SerialNumber: syz
[ 1060.856781][T18357] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[ 1061.697855][ T5129] Bluetooth: hci2: command 0x0406 tx timeout
[ 1061.820024][   T25] usb 3-1: USB disconnect, device number 84
[ 1062.840537][T18377] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3363'.
[ 1065.199040][T14904] usblp 6-1:1.0: usblp0: USB Unidirectional printer dev 9 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1065.216784][T14904] usb 6-1: USB disconnect, device number 9
[ 1065.289605][T14904] usblp0: removed
[ 1065.524586][T18401] ieee802154 phy0 wpan0: encryption failed: -22
[ 1066.004738][T18407] netlink: 80 bytes leftover after parsing attributes in process `syz.2.3369'.
[ 1066.040491][T14904] usb 1-1: new high-speed USB device number 67 using dummy_hcd
[ 1066.297565][T14904] usb 1-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[ 1066.308269][T14904] usb 1-1: config 27 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1066.319366][T14904] usb 1-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1066.332537][T14904] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1066.341768][T14904] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1066.358751][T14904] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[ 1066.490662][T14904] snd-usb-audio 1-1:27.0: probe with driver snd-usb-audio failed with error -2
[ 1066.530317][T14379] udevd[14379]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1066.563981][    T9] usb 1-1: USB disconnect, device number 67
[ 1068.304790][T18426] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3374'.
[ 1068.316311][T18426] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3374'.
[ 1068.359289][    T9] usb 2-1: new high-speed USB device number 58 using dummy_hcd
[ 1068.525680][    T9] usb 2-1: Using ep0 maxpacket: 32
[ 1068.535168][    T9] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1
[ 1069.140669][    T9] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 1069.150781][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1069.158815][    T9] usb 2-1: Product: syz
[ 1069.163038][    T9] usb 2-1: Manufacturer: syz
[ 1069.168037][    T9] usb 2-1: SerialNumber: syz
[ 1069.175623][T18424] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1069.402468][    T9] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 58 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1069.722625][    T9] usb 2-1: USB disconnect, device number 58
[ 1069.830939][    T9] usblp0: removed
[ 1070.107852][T18451] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3381'.
[ 1070.251248][T18455] netlink: 80 bytes leftover after parsing attributes in process `syz.4.3380'.
[ 1070.470112][    T9] usb 2-1: new high-speed USB device number 59 using dummy_hcd
[ 1070.573953][T18462] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3383'.
[ 1070.759907][T18460] netlink: 80 bytes leftover after parsing attributes in process `syz.5.3384'.
[ 1070.811595][    T9] usb 2-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[ 1070.830042][    T9] usb 2-1: config 27 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1070.890207][    T9] usb 2-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1070.903587][    T9] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1071.046186][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1071.262199][    T9] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[ 1071.394914][T18468] xt_CT: You must specify a L4 protocol and not use inversions on it
[ 1072.217259][T18475] netlink: 80 bytes leftover after parsing attributes in process `syz.0.3388'.
[ 1072.234425][    T9] snd-usb-audio 2-1:27.0: probe with driver snd-usb-audio failed with error -2
[ 1072.265092][    T9] usb 2-1: USB disconnect, device number 59
[ 1072.283810][T14379] udevd[14379]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1072.342469][T18479] netlink: 80 bytes leftover after parsing attributes in process `syz.5.3389'.
[ 1073.400978][T18497] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(4)
[ 1073.407525][T18497] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1073.520680][T18497] vhci_hcd vhci_hcd.0: Device attached
[ 1074.170120][T15572] usb 1-1: new high-speed USB device number 68 using dummy_hcd
[ 1074.330065][T15572] usb 1-1: Using ep0 maxpacket: 32
[ 1074.339562][T15572] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1
[ 1074.537777][T15572] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 1074.570115][T14904] usb 37-1: new low-speed USB device number 11 using vhci_hcd
[ 1074.582071][T15572] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1074.671445][T15572] usb 1-1: Product: syz
[ 1074.675744][T15572] usb 1-1: Manufacturer: syz
[ 1074.711106][T15572] usb 1-1: SerialNumber: syz
[ 1074.731868][T18508] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 1074.874562][T18499] vhci_hcd: connection reset by peer
[ 1074.888747][T17542] vhci_hcd: stop threads
[ 1074.899267][T18514] netlink: 80 bytes leftover after parsing attributes in process `syz.5.3397'.
[ 1074.913641][T17542] vhci_hcd: release socket
[ 1075.300263][T17542] vhci_hcd: disconnect device
[ 1075.670648][T15572] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 68 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1075.735866][T15572] usb 1-1: USB disconnect, device number 68
[ 1075.748589][T15572] usblp0: removed
[ 1075.772216][T18518] program syz.4.3399 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1076.043434][T18526] netlink: 80 bytes leftover after parsing attributes in process `syz.5.3401'.
[ 1076.130244][  T969] usb 5-1: new high-speed USB device number 60 using dummy_hcd
[ 1076.282262][  T969] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1076.306603][  T969] usb 5-1: config 0 has no interfaces?
[ 1076.314313][  T969] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[ 1076.328434][  T969] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1076.336775][T15572] usb 1-1: new high-speed USB device number 69 using dummy_hcd
[ 1076.359753][  T969] usb 5-1: config 0 descriptor??
[ 1076.502155][T15572] usb 1-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[ 1076.539441][T15572] usb 1-1: config 27 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1076.554960][T15572] usb 1-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1076.588674][T15572] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1076.640065][T15572] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1076.663861][T18518] libceph: resolve '00.' (ret=-3): failed
[ 1076.674670][T15572] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[ 1076.714854][T15572] snd-usb-audio 1-1:27.0: probe with driver snd-usb-audio failed with error -2
[ 1076.818882][T14379] udevd[14379]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1076.879124][T15572] usb 1-1: USB disconnect, device number 69
[ 1077.302204][    T8] usb 2-1: new high-speed USB device number 60 using dummy_hcd
[ 1077.635397][    T8] usb 2-1: config 0 has an invalid interface number: 114 but max is 0
[ 1077.656336][    T8] usb 2-1: config 0 has no interface number 0
[ 1078.496134][    T8] usb 2-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96
[ 1078.505323][    T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1078.533642][    T8] usb 2-1: Product: syz
[ 1078.545573][    T8] usb 2-1: Manufacturer: syz
[ 1078.557605][    T8] usb 2-1: SerialNumber: syz
[ 1078.629223][    T8] usb 2-1: config 0 descriptor??
[ 1078.641609][T18555] netlink: 80 bytes leftover after parsing attributes in process `syz.2.3411'.
[ 1078.970232][    T9] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[ 1079.411606][    T8] peak_usb 2-1:0.114: probe with driver peak_usb failed with error 114
[ 1079.436542][T18558] netlink: 80 bytes leftover after parsing attributes in process `syz.0.3410'.
[ 1079.530691][   T25] usb 5-1: USB disconnect, device number 60
[ 1079.563147][    T9] usb 6-1: Using ep0 maxpacket: 32
[ 1079.603046][    T9] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1
[ 1079.654170][    T9] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 1079.681817][T14904] vhci_hcd: vhci_device speed not set
[ 1079.694179][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1080.694304][    T9] usb 6-1: Product: syz
[ 1080.699581][    T9] usb 6-1: Manufacturer: syz
[ 1080.706225][    T9] usb 6-1: SerialNumber: syz
[ 1081.091251][T18557] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22
[ 1081.347991][    T9] usblp 6-1:1.0: usblp0: USB Unidirectional printer dev 10 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1081.915293][    T9] usb 6-1: USB disconnect, device number 10
[ 1081.928297][T18589] netlink: 80 bytes leftover after parsing attributes in process `syz.0.3417'.
[ 1081.967270][    T9] usblp0: removed
[ 1081.982451][T14904] usb 2-1: USB disconnect, device number 60
[ 1082.020005][T18590] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(4)
[ 1082.026531][T18590] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1082.129147][T18590] vhci_hcd vhci_hcd.0: Device attached
[ 1082.530044][T18135] usb 41-1: new low-speed USB device number 4 using vhci_hcd
[ 1082.530102][ T5869] usb 3-1: new high-speed USB device number 85 using dummy_hcd
[ 1082.719846][T18603] netlink: 80 bytes leftover after parsing attributes in process `syz.1.3422'.
[ 1082.738168][ T5869] usb 3-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[ 1082.754642][T18591] vhci_hcd: connection reset by peer
[ 1082.767331][T17542] vhci_hcd: stop threads
[ 1082.775624][ T5869] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1082.787049][T12896] Bluetooth: hci1: command 0x0406 tx timeout
[ 1082.803595][T17542] vhci_hcd: release socket
[ 1082.879219][T17542] vhci_hcd: disconnect device
[ 1082.909414][ T5869] usb 3-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1082.970147][ T5869] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1083.010143][ T5869] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1083.035034][ T5869] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[ 1083.044310][ T5869] usb 3-1: invalid MIDI out EP 0
[ 1084.126071][ T5869] snd-usb-audio 3-1:27.0: probe with driver snd-usb-audio failed with error -22
[ 1084.226238][T18611] ieee802154 phy0 wpan0: encryption failed: -22
[ 1084.263312][T15314] udevd[15314]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1084.333776][   T25] usb 1-1: new high-speed USB device number 70 using dummy_hcd
[ 1084.409788][ T5869] usb 3-1: USB disconnect, device number 85
[ 1084.730036][   T25] usb 1-1: Using ep0 maxpacket: 32
[ 1084.736726][   T25] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1
[ 1084.750158][   T25] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 1085.440146][   T25] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1085.450092][   T25] usb 1-1: Product: syz
[ 1085.454276][   T25] usb 1-1: Manufacturer: syz
[ 1085.458887][   T25] usb 1-1: SerialNumber: syz
[ 1085.473819][T18609] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[ 1085.746989][   T25] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 70 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1085.960759][ T5869] usb 1-1: USB disconnect, device number 70
[ 1085.991481][ T5869] usblp0: removed
[ 1086.156542][T18632] xt_CT: You must specify a L4 protocol and not use inversions on it
[ 1087.479515][T18641] xt_CT: You must specify a L4 protocol and not use inversions on it
[ 1087.650495][T11566] Bluetooth: hci0: command 0x0406 tx timeout
[ 1088.340036][T18135] vhci_hcd: vhci_device speed not set
[ 1090.075306][T18659] ieee802154 phy0 wpan0: encryption failed: -22
[ 1091.113655][    T8] usb 2-1: new high-speed USB device number 61 using dummy_hcd
[ 1091.809123][    T8] usb 2-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[ 1091.819610][    T8] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1091.866080][    T8] usb 2-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1092.149588][    T8] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1092.480106][T14904] usb 5-1: new high-speed USB device number 61 using dummy_hcd
[ 1092.650124][T14904] usb 5-1: Using ep0 maxpacket: 32
[ 1092.843171][    T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1092.858177][    T8] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[ 1092.865848][    T8] usb 2-1: invalid MIDI out EP 0
[ 1092.870849][T14904] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1
[ 1092.888389][    T8] snd-usb-audio 2-1:27.0: probe with driver snd-usb-audio failed with error -22
[ 1092.945897][T14904] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 1092.959524][T14904] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1093.061358][T14904] usb 5-1: Product: syz
[ 1093.092776][T14904] usb 5-1: Manufacturer: syz
[ 1093.163424][T14904] usb 5-1: SerialNumber: syz
[ 1093.316318][   T25] usb 2-1: USB disconnect, device number 61
[ 1093.370878][T15314] udevd[15314]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1093.373527][T18679] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3443'.
[ 1093.397170][T18679] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3443'.
[ 1093.738791][T18682] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[ 1093.981292][T14904] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 61 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1094.215181][T18697] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(4)
[ 1094.221725][T18697] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1094.237997][T18697] vhci_hcd vhci_hcd.0: Device attached
[ 1094.470104][T15572] usb 35-1: new low-speed USB device number 7 using vhci_hcd
[ 1094.733709][T18703] netlink: 80 bytes leftover after parsing attributes in process `syz.2.3448'.
[ 1095.219603][ T5869] usb 5-1: USB disconnect, device number 61
[ 1095.291489][ T5869] usblp0: removed
[ 1095.403877][T18705] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3449'.
[ 1095.413008][T18705] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3449'.
[ 1095.779245][T18698] vhci_hcd: connection reset by peer
[ 1095.987986][T18717] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3452'.
[ 1096.232022][ T9878] vhci_hcd: stop threads
[ 1096.236332][ T9878] vhci_hcd: release socket
[ 1096.286536][T18712] ieee802154 phy0 wpan0: encryption failed: -22
[ 1096.410225][ T9878] vhci_hcd: disconnect device
[ 1097.772982][T18735] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3456'.
[ 1097.781968][T18735] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3456'.
[ 1098.097221][   T25] usb 2-1: new high-speed USB device number 62 using dummy_hcd
[ 1099.018529][   T25] usb 2-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[ 1099.030872][   T25] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1099.068659][   T25] usb 2-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1099.190308][  T865] usb 1-1: new high-speed USB device number 71 using dummy_hcd
[ 1099.202931][   T25] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1099.245478][   T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1099.361225][  T865] usb 1-1: Using ep0 maxpacket: 32
[ 1099.369511][  T865] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1
[ 1099.414494][  T865] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 1099.436458][   T25] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[ 1099.460160][  T865] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1099.469613][   T25] usb 2-1: invalid MIDI out EP 0
[ 1099.479706][  T865] usb 1-1: Product: syz
[ 1099.491069][  T865] usb 1-1: Manufacturer: syz
[ 1099.495691][  T865] usb 1-1: SerialNumber: syz
[ 1099.508210][T18746] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[ 1099.570060][T15572] vhci_hcd: vhci_device speed not set
[ 1099.696041][   T25] snd-usb-audio 2-1:27.0: probe with driver snd-usb-audio failed with error -22
[ 1099.709082][   T25] usb 2-1: USB disconnect, device number 62
[ 1099.925715][  T865] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 71 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1100.062155][T14745] Bluetooth: hci4: Frame reassembly failed (-84)
[ 1100.077818][T14745] Bluetooth: hci4: Frame reassembly failed (-84)
[ 1100.347278][  T865] usb 1-1: USB disconnect, device number 71
[ 1100.398259][  T865] usblp0: removed
[ 1100.400649][T14484] udevd[14484]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1102.094428][T11566] Bluetooth: hci4: command 0x1003 tx timeout
[ 1102.094888][T12896] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 1102.402109][   T25] usb 3-1: new high-speed USB device number 86 using dummy_hcd
[ 1102.655157][T18799] ieee802154 phy0 wpan0: encryption failed: -22
[ 1102.722048][   T25] usb 3-1: config 0 has an invalid interface number: 114 but max is 0
[ 1102.742607][   T25] usb 3-1: config 0 has no interface number 0
[ 1102.767652][   T25] usb 3-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96
[ 1102.805727][   T25] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1102.870348][   T25] usb 3-1: Product: syz
[ 1102.899850][   T25] usb 3-1: Manufacturer: syz
[ 1102.933677][   T25] usb 3-1: SerialNumber: syz
[ 1102.988608][   T25] usb 3-1: config 0 descriptor??
[ 1103.039632][   T25] peak_usb 3-1:0.114: probe with driver peak_usb failed with error 114
[ 1103.534768][   T29] audit: type=1400 audit(2000000448.789:1064): avc:  denied  { connect } for  pid=18805 comm="syz.5.3474" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[ 1104.006205][T18811] FAULT_INJECTION: forcing a failure.
[ 1104.006205][T18811] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1104.033913][T18811] CPU: 0 UID: 0 PID: 18811 Comm: syz.4.3475 Not tainted 6.13.0-rc1-syzkaller-00001-ge70140ba0d2b #0
[ 1104.044678][T18811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 1104.054735][T18811] Call Trace:
[ 1104.057995][T18811]  <TASK>
[ 1104.060935][T18811]  dump_stack_lvl+0x16c/0x1f0
[ 1104.065604][T18811]  should_fail_ex+0x497/0x5b0
[ 1104.070278][T18811]  _copy_from_user+0x2e/0xd0
[ 1104.074853][T18811]  video_usercopy+0xedb/0x1620
[ 1104.079612][T18811]  ? __pfx___video_do_ioctl+0x10/0x10
[ 1104.085007][T18811]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[ 1104.091849][T18811]  ? __pfx_video_usercopy+0x10/0x10
[ 1104.097060][T18811]  v4l2_ioctl+0x1ba/0x250
[ 1104.101386][T18811]  ? __pfx_v4l2_ioctl+0x10/0x10
[ 1104.106238][T18811]  __x64_sys_ioctl+0x190/0x200
[ 1104.110997][T18811]  do_syscall_64+0xcd/0x250
[ 1104.115489][T18811]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1104.121382][T18811] RIP: 0033:0x7fe34997ff19
[ 1104.125787][T18811] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1104.145582][T18811] RSP: 002b:00007fe34a78f058 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1104.154024][T18811] RAX: ffffffffffffffda RBX: 00007fe349b45fa0 RCX: 00007fe34997ff19
[ 1104.162037][T18811] RDX: 0000000020000080 RSI: 00000000c02c5638 RDI: 0000000000000003
[ 1104.170017][T18811] RBP: 00007fe34a78f0a0 R08: 0000000000000000 R09: 0000000000000000
[ 1104.177996][T18811] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1104.185974][T18811] R13: 0000000000000000 R14: 00007fe349b45fa0 R15: 00007ffce2679428
[ 1104.193973][T18811]  </TASK>
[ 1104.634982][T18815] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3476'.
[ 1104.852903][   T29] audit: type=1400 audit(2000000450.109:1065): avc:  denied  { setopt } for  pid=18816 comm="syz.4.3477" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[ 1105.396887][  T865] usb 3-1: USB disconnect, device number 86
[ 1105.670632][T18135] usb 2-1: new high-speed USB device number 63 using dummy_hcd
[ 1106.767640][T18135] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1106.780096][T18135] usb 2-1: config 27 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1106.791047][T18135] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1106.800142][T18135] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1106.926629][T18135] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[ 1106.934976][T18135] usb 2-1: invalid MIDI out EP 0
[ 1106.961386][T18135] snd-usb-audio 2-1:27.0: probe with driver snd-usb-audio failed with error -22
[ 1107.460152][  T865] usb 5-1: new high-speed USB device number 62 using dummy_hcd
[ 1107.590807][T11566] Bluetooth: hci3: command 0x0406 tx timeout
[ 1107.718115][T14484] udevd[14484]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1107.944149][   T25] usb 2-1: USB disconnect, device number 63
[ 1108.096500][T18850] FAULT_INJECTION: forcing a failure.
[ 1108.096500][T18850] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1108.135097][T18850] CPU: 1 UID: 0 PID: 18850 Comm: syz.0.3485 Not tainted 6.13.0-rc1-syzkaller-00001-ge70140ba0d2b #0
[ 1108.145898][T18850] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 1108.155965][T18850] Call Trace:
[ 1108.159253][T18850]  <TASK>
[ 1108.162191][T18850]  dump_stack_lvl+0x16c/0x1f0
[ 1108.166892][T18850]  should_fail_ex+0x497/0x5b0
[ 1108.171613][T18850]  _copy_to_user+0x32/0xd0
[ 1108.176055][T18850]  simple_read_from_buffer+0xd0/0x160
[ 1108.181450][T18850]  proc_fail_nth_read+0x198/0x270
[ 1108.186497][T18850]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1108.192064][T18850]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1108.197627][T18850]  vfs_read+0x1df/0xbe0
[ 1108.201796][T18850]  ? __pfx___mutex_lock+0x10/0x10
[ 1108.206838][T18850]  ? __pfx_vfs_read+0x10/0x10
[ 1108.211524][T18850]  ? rcu_is_watching+0x12/0xc0
[ 1108.216311][T18850]  ? __rcu_read_unlock+0x2b4/0x580
[ 1108.221441][T18850]  ? __fget_files+0x206/0x3a0
[ 1108.226129][T18850]  ksys_read+0x12b/0x250
[ 1108.230370][T18850]  ? __pfx_ksys_read+0x10/0x10
[ 1108.235135][T18850]  do_syscall_64+0xcd/0x250
[ 1108.239640][T18850]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1108.245531][T18850] RIP: 0033:0x7f6cd237e92c
[ 1108.249945][T18850] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1108.269555][T18850] RSP: 002b:00007f6cd01f6050 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1108.277966][T18850] RAX: ffffffffffffffda RBX: 00007f6cd2545fa0 RCX: 00007f6cd237e92c
[ 1108.285931][T18850] RDX: 000000000000000f RSI: 00007f6cd01f60b0 RDI: 0000000000000004
[ 1108.293902][T18850] RBP: 00007f6cd01f60a0 R08: 0000000000000000 R09: 0000000000000000
[ 1108.301863][T18850] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1108.309827][T18850] R13: 0000000000000000 R14: 00007f6cd2545fa0 R15: 00007ffc63d19e88
[ 1108.317807][T18850]  </TASK>
[ 1108.320907][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1108.361013][  T865] usb 5-1: Using ep0 maxpacket: 32
[ 1108.368679][  T865] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1
[ 1109.283038][T18857] FAULT_INJECTION: forcing a failure.
[ 1109.283038][T18857] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1109.345303][   T29] audit: type=1400 audit(2000000454.509:1066): avc:  denied  { read } for  pid=18856 comm="syz.5.3486" name="ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[ 1109.368098][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1109.388196][T18857] CPU: 0 UID: 0 PID: 18857 Comm: syz.5.3486 Not tainted 6.13.0-rc1-syzkaller-00001-ge70140ba0d2b #0
[ 1109.398987][T18857] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 1109.409045][T18857] Call Trace:
[ 1109.409973][   T29] audit: type=1400 audit(2000000454.509:1067): avc:  denied  { open } for  pid=18856 comm="syz.5.3486" path="/dev/ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[ 1109.412309][T18857]  <TASK>
[ 1109.412320][T18857]  dump_stack_lvl+0x16c/0x1f0
[ 1109.443078][T18857]  should_fail_ex+0x497/0x5b0
[ 1109.447783][T18857]  _copy_to_user+0x32/0xd0
[ 1109.452222][T18857]  simple_read_from_buffer+0xd0/0x160
[ 1109.457621][T18857]  proc_fail_nth_read+0x198/0x270
[ 1109.462665][T18857]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1109.468233][T18857]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1109.473798][T18857]  vfs_read+0x1df/0xbe0
[ 1109.477964][T18857]  ? irqentry_exit+0x3b/0x90
[ 1109.482568][T18857]  ? __pfx___mutex_lock+0x10/0x10
[ 1109.487603][T18857]  ? __pfx_vfs_read+0x10/0x10
[ 1109.492287][T18857]  ? __fget_files+0x20d/0x3a0
[ 1109.496972][T18857]  ksys_read+0x12b/0x250
[ 1109.501216][T18857]  ? __pfx_ksys_read+0x10/0x10
[ 1109.505982][T18857]  do_syscall_64+0xcd/0x250
[ 1109.510486][T18857]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1109.516383][T18857] RIP: 0033:0x7f2a97b7e92c
[ 1109.520795][T18857] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1109.540398][T18857] RSP: 002b:00007f2a989cf050 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1109.548808][T18857] RAX: ffffffffffffffda RBX: 00007f2a97d45fa0 RCX: 00007f2a97b7e92c
[ 1109.556774][T18857] RDX: 000000000000000f RSI: 00007f2a989cf0b0 RDI: 0000000000000005
[ 1109.564740][T18857] RBP: 00007f2a989cf0a0 R08: 0000000000000000 R09: 0000000000000000
[ 1109.572709][T18857] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1109.580672][T18857] R13: 0000000000000000 R14: 00007f2a97d45fa0 R15: 00007fff4ff38fc8
[ 1109.588654][T18857]  </TASK>
[ 1109.938921][   T29] audit: type=1400 audit(2000000454.509:1068): avc:  denied  { ioctl } for  pid=18856 comm="syz.5.3486" path="/dev/ppp" dev="devtmpfs" ino=709 ioctlcmd=0x7438 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[ 1110.197051][T18871] ieee802154 phy0 wpan0: encryption failed: -22
[ 1111.096257][  T865] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 1111.151757][  T865] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1111.203313][  T865] usb 5-1: can't set config #1, error -71
[ 1111.242907][  T865] usb 5-1: USB disconnect, device number 62
[ 1113.187765][T18896] raw_sendmsg: syz.1.3496 forgot to set AF_INET. Fix it!
[ 1113.256349][   T29] audit: type=1400 audit(2000000458.389:1069): avc:  denied  { read } for  pid=18893 comm="syz.1.3496" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[ 1114.119448][T18910] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(4)
[ 1114.125987][T18910] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1114.240089][T18910] vhci_hcd vhci_hcd.0: Device attached
[ 1115.100831][    T9] usb 35-1: new low-speed USB device number 8 using vhci_hcd
[ 1115.380241][T18911] vhci_hcd: connection reset by peer
[ 1115.407034][T18965] vhci_hcd: stop threads
[ 1115.411441][T18965] vhci_hcd: release socket
[ 1115.417556][T18965] vhci_hcd: disconnect device
[ 1115.682015][T18240] usb 3-1: new high-speed USB device number 87 using dummy_hcd
[ 1115.750031][T18968] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3501'.
[ 1115.841119][ T1292] ieee802154 phy0 wpan0: encryption failed: -22
[ 1115.903999][   T29] audit: type=1400 audit(2000000461.159:1070): avc:  denied  { setopt } for  pid=18961 comm="syz.4.3502" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[ 1116.050329][T18240] usb 3-1: Using ep0 maxpacket: 32
[ 1116.058549][T18240] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1
[ 1116.085208][   T29] audit: type=1400 audit(2000000461.159:1071): avc:  denied  { read } for  pid=18961 comm="syz.4.3502" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[ 1116.266021][T18240] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 1116.275221][T18240] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1116.283792][T18975] ieee802154 phy0 wpan0: encryption failed: -22
[ 1116.312540][T18240] usb 3-1: Product: syz
[ 1116.316725][T18240] usb 3-1: Manufacturer: syz
[ 1116.330020][T18240] usb 3-1: SerialNumber: syz
[ 1116.357491][T18944] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[ 1117.071949][T18240] usblp 3-1:1.0: usblp0: USB Unidirectional printer dev 87 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1117.196777][T18240] usb 3-1: USB disconnect, device number 87
[ 1117.267923][T18240] usblp0: removed
[ 1117.385518][T18985] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3505'.
[ 1121.477006][    T9] vhci_hcd: vhci_device speed not set
[ 1122.566921][   T29] audit: type=1400 audit(2000000467.799:1072): avc:  denied  { name_bind } for  pid=19013 comm="syz.4.3512" src=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=sctp_socket permissive=1
[ 1122.708965][   T29] audit: type=1400 audit(2000000467.959:1073): avc:  denied  { node_bind } for  pid=19010 comm="syz.5.3511" saddr=172.20.20.170 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1
[ 1123.080163][T15572] usb 5-1: new high-speed USB device number 63 using dummy_hcd
[ 1123.550076][T15572] usb 5-1: Using ep0 maxpacket: 32
[ 1123.606403][T15572] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1
[ 1123.623672][T19023] netlink: 'syz.5.3514': attribute type 4 has an invalid length.
[ 1123.636285][T15572] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 1123.662428][T15572] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1123.676015][T15572] usb 5-1: Product: syz
[ 1123.682720][T15572] usb 5-1: Manufacturer: syz
[ 1123.687396][T15572] usb 5-1: SerialNumber: syz
[ 1123.705900][T19021] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 1124.236827][T15572] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 63 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1124.326151][T15572] usb 5-1: USB disconnect, device number 63
[ 1124.713926][T15572] usblp0: removed
[ 1125.801012][T19044] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3520'.
[ 1127.687647][   T25] usb 2-1: new high-speed USB device number 64 using dummy_hcd
[ 1127.850055][   T25] usb 2-1: Using ep0 maxpacket: 16
[ 1127.856929][   T25] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1127.872819][   T25] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1127.938932][   T25] usb 2-1: New USB device found, idVendor=060b, idProduct=500a, bcdDevice= 0.00
[ 1127.975846][   T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1128.005666][T12896] Bluetooth: hci0: unexpected event for opcode 0x0c12
[ 1128.013452][T12896] Bluetooth: hci0: unexpected event for opcode 0x0c12
[ 1128.031692][   T25] usb 2-1: config 0 descriptor??
[ 1128.641703][ T9875] Bluetooth: hci4: received HCILL_GO_TO_SLEEP_ACK in state 1
[ 1128.701860][   T25] hid (null): global environment stack underflow
[ 1128.899050][   T25] hid (null): unknown global tag 0x84
[ 1128.900441][ T9874] Bluetooth: hci4: Frame reassembly failed (-84)
[ 1128.910959][ T9874] Bluetooth: hci4: Frame reassembly failed (-84)
[ 1128.917381][ T9877] Bluetooth: hci4: Frame reassembly failed (-84)
[ 1128.935030][   T25] hid (null): report_id 0 is invalid
[ 1128.948695][ T9877] Bluetooth: hci4: Frame reassembly failed (-84)
[ 1128.957032][   T25] hid (null): unknown global tag 0xc
[ 1128.963041][   T25] hid (null): unknown global tag 0xd
[ 1128.968570][   T25] hid (null): report_id 2863014418 is invalid
[ 1128.980845][   T25] hid (null): report_id 2384115945 is invalid
[ 1129.692104][   T25] cougar 0003:060B:500A.0009: unknown main item tag 0x0
[ 1129.699312][   T25] cougar 0003:060B:500A.0009: unknown main item tag 0x0
[ 1129.706809][   T25] cougar 0003:060B:500A.0009: unexpected long global item
[ 1129.717175][   T25] cougar 0003:060B:500A.0009: parse failed
[ 1129.723585][   T25] cougar 0003:060B:500A.0009: probe with driver cougar failed with error -22
[ 1129.771194][   T25] usb 2-1: USB disconnect, device number 64
[ 1129.880120][T18240] usb 1-1: new high-speed USB device number 72 using dummy_hcd
[ 1130.160307][T18240] usb 1-1: Using ep0 maxpacket: 32
[ 1130.167100][T18240] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1
[ 1130.180758][T18240] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 1130.190510][T18240] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1130.203160][T18240] usb 1-1: Product: syz
[ 1130.207883][T18240] usb 1-1: Manufacturer: syz
[ 1130.213857][T18240] usb 1-1: SerialNumber: syz
[ 1130.224427][T19068] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 1130.447741][T18240] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 72 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1130.490057][ T5869] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[ 1130.620200][T12896] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 1130.644500][ T5869] usb 6-1: Using ep0 maxpacket: 32
[ 1130.688318][T15572] usb 1-1: USB disconnect, device number 72
[ 1130.721228][ T5869] usb 6-1: unable to get BOS descriptor or descriptor too short
[ 1130.761085][T15572] usblp0: removed
[ 1130.786215][ T5869] usb 6-1: config 123 has an invalid interface number: 146 but max is 0
[ 1130.860080][ T5869] usb 6-1: config 123 has no interface number 0
[ 1130.866403][ T5869] usb 6-1: config 123 interface 146 has no altsetting 0
[ 1130.953343][ T5869] usb 6-1: language id specifier not provided by device, defaulting to English
[ 1131.181257][T19085] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3532'.
[ 1136.076825][T19087] ieee802154 phy0 wpan0: encryption failed: -22
[ 1136.142242][ T5869] usb 6-1: New USB device found, idVendor=0bb4, idProduct=0a1a, bcdDevice=35.e8
[ 1136.163673][ T5869] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1136.297858][ T5869] usb 6-1: Manufacturer: ４ዴ䩋葯鶾⩠调䟂伿㜥檶㴷뿿앖쉌뙤翠뻾⼯䢶壃뺒깯ₓ⬲莹䖐끊⽔ᠡ盤鳃᧟厊뢭쓖鞶ꠍᎫ㡋꙲摣쪡媬㔓຺뜩녘ᄽ沴回㏔騺䰾᳦ᘰ╦᭟㢕〲ᴮDZ钨姿犯틀ᾶ휻䐬帇͑쮲鸔똛脿ꋬḟ♕뤹又䐜崑ἑ땡훲⒃ꭺ㪟쮎
[ 1136.550236][T19096] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3534'.
[ 1136.784664][ T5869] usb 6-1: can't set config #123, error -71
[ 1136.809444][ T5869] usb 6-1: USB disconnect, device number 11
[ 1137.981336][ T5869] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[ 1138.077147][   T29] audit: type=1400 audit(2000000483.329:1074): avc:  denied  { read } for  pid=19109 comm="syz.2.3538" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[ 1138.106679][T19110] sp0: Synchronizing with TNC
[ 1138.121551][   T29] audit: type=1400 audit(2000000483.329:1075): avc:  denied  { open } for  pid=19109 comm="syz.2.3538" path="/dev/fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[ 1138.149384][ T5869] usb 6-1: Using ep0 maxpacket: 8
[ 1138.171242][ T5869] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[ 1138.179444][ T5869] usb 6-1: config 0 has no interface number 0
[ 1138.188332][ T5869] usb 6-1: New USB device found, idVendor=0b48, idProduct=1003, bcdDevice=7b.54
[ 1138.197494][ T5869] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1138.205599][ T5869] usb 6-1: Product: syz
[ 1138.209836][ T5869] usb 6-1: Manufacturer: syz
[ 1138.214536][ T5869] usb 6-1: SerialNumber: syz
[ 1138.229773][ T5869] usb 6-1: config 0 descriptor??
[ 1138.242722][ T5869] usb 6-1: selecting invalid altsetting 1
[ 1138.251726][   T29] audit: type=1400 audit(2000000483.329:1076): avc:  denied  { getopt } for  pid=19109 comm="syz.2.3538" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[ 1138.255841][ T5869] dvb_ttusb_budget: ttusb_init_controller: error
[ 1138.271412][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1138.332924][T19111] input: syz0 as /devices/virtual/input/input18
[ 1138.351683][ T5869] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[ 1138.380196][   T29] audit: type=1400 audit(2000000483.329:1077): avc:  denied  { ioctl } for  pid=19109 comm="syz.2.3538" path="/dev/fb0" dev="devtmpfs" ino=629 ioctlcmd=0x9418 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[ 1138.405341][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1138.551956][T19103] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1138.639225][T19103] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1139.405550][ T5869] DVB: Unable to find symbol stv0299_attach()
[ 1139.437221][ T5869] DVB: Unable to find symbol tda8083_attach()
[ 1139.443394][ T5869] dvb_ttusb_budget: no frontend driver found for device [0b48:1003]
[ 1139.454181][ T5869] usb 6-1: USB disconnect, device number 12
[ 1139.489756][T19127] bridge0: entered promiscuous mode
[ 1139.547698][   T29] audit: type=1400 audit(2000000484.799:1078): avc:  denied  { read } for  pid=19130 comm="syz.1.3543" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[ 1139.841555][T19144] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3545'.
[ 1139.963158][ T5865] usb 2-1: new high-speed USB device number 65 using dummy_hcd
[ 1140.262069][ T5865] usb 2-1: Using ep0 maxpacket: 8
[ 1144.634378][ T5865] usb 2-1: unable to read config index 0 descriptor/all
[ 1144.685113][ T5865] usb 2-1: can't read configurations, error -71
[ 1144.711497][T19126] bridge0: left promiscuous mode
[ 1145.467460][   T29] audit: type=1400 audit(2000000490.149:1079): avc:  denied  { recv } for  pid=19149 comm="syz.0.3547" saddr=10.128.0.169 src=30006 daddr=10.128.1.32 dest=34210 netif=eth0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1
[ 1145.492936][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1145.525649][    T8] usb 3-1: new high-speed USB device number 88 using dummy_hcd
[ 1145.960104][    T8] usb 3-1: Using ep0 maxpacket: 32
[ 1145.990620][    T8] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1
[ 1146.004698][    T8] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 1146.017784][    T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1146.025888][    T8] usb 3-1: Product: syz
[ 1146.030130][    T8] usb 3-1: Manufacturer: syz
[ 1146.037030][    T8] usb 3-1: SerialNumber: syz
[ 1146.080300][T19155] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[ 1146.162978][   T29] audit: type=1400 audit(2000000491.419:1080): avc:  denied  { connect } for  pid=19162 comm="syz.4.3550" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[ 1146.310176][  T865] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[ 1146.342633][    T8] usblp 3-1:1.0: usblp0: USB Unidirectional printer dev 88 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1146.450066][T18240] usb 5-1: new high-speed USB device number 64 using dummy_hcd
[ 1146.984958][    T8] usb 3-1: USB disconnect, device number 88
[ 1147.002257][  T865] usb 6-1: config 0 has an invalid interface number: 114 but max is 0
[ 1147.016357][    T8] usblp0: removed
[ 1147.040046][  T865] usb 6-1: config 0 has no interface number 0
[ 1147.185888][  T865] usb 6-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96
[ 1147.195176][  T865] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1147.207443][  T865] usb 6-1: Product: syz
[ 1147.214833][  T865] usb 6-1: Manufacturer: syz
[ 1147.231248][  T865] usb 6-1: SerialNumber: syz
[ 1147.239100][  T865] usb 6-1: config 0 descriptor??
[ 1147.249523][T18240] usb 5-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config
[ 1147.261192][T18240] usb 5-1: config 7 has 1 interface, different from the descriptor's value: 2
[ 1147.280345][   T25] usb 2-1: new high-speed USB device number 67 using dummy_hcd
[ 1147.292834][T19177] netlink: 80 bytes leftover after parsing attributes in process `syz.2.3554'.
[ 1147.299238][T18240] usb 5-1: New USB device found, idVendor=19d2, idProduct=1275, bcdDevice= 0.84
[ 1147.370129][T18240] usb 5-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[ 1147.378252][T18240] usb 5-1: Product: syz
[ 1147.383694][T18240] usb 5-1: SerialNumber: syz
[ 1147.390139][  T865] peak_usb 6-1:0.114: probe with driver peak_usb failed with error 114
[ 1147.420925][T18240] option 5-1:7.0: GSM modem (1-port) converter detected
[ 1147.500018][   T25] usb 2-1: Using ep0 maxpacket: 32
[ 1147.522611][   T25] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1
[ 1147.555217][   T25] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 1147.580126][   T25] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1147.588768][   T25] usb 2-1: Product: syz
[ 1147.603205][   T25] usb 2-1: Manufacturer: syz
[ 1147.610062][   T25] usb 2-1: SerialNumber: syz
[ 1147.624037][T19172] raw-gadget.3 gadget.1: fail, usb_ep_enable returned -22
[ 1147.911252][   T25] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 67 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1148.505847][   T25] usb 2-1: USB disconnect, device number 67
[ 1148.549091][   T25] usblp0: removed
[ 1149.206612][T11566] Bluetooth: hci5: unexpected Set CIG Parameters response data
[ 1149.528809][T11566] Bluetooth: hci5: unexpected event for opcode 0x2062
[ 1149.582433][T18240] usb 5-1: USB disconnect, device number 64
[ 1149.591641][T18240] option 5-1:7.0: device disconnected
[ 1149.677085][T14904] usb 6-1: USB disconnect, device number 13
[ 1150.060068][   T25] usb 2-1: new high-speed USB device number 68 using dummy_hcd
[ 1150.252485][   T25] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1150.274156][   T25] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[ 1150.302472][   T25] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0
[ 1150.325355][   T25] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1150.348193][   T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1150.382983][   T25] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[ 1150.498610][   T25] snd-usb-audio 2-1:27.0: probe with driver snd-usb-audio failed with error -12
[ 1150.517180][T19092] udevd[19092]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1150.746678][   T25] usb 2-1: USB disconnect, device number 68
[ 1151.105683][T19206] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3560'.
[ 1153.597154][T11566] Bluetooth: hci5: Controller not accepting commands anymore: ncmd = 0
[ 1153.614662][T11566] Bluetooth: hci5: Injecting HCI hardware error event
[ 1153.713259][T11566] Bluetooth: hci5: hardware error 0x00
[ 1155.621106][T18240] usb 2-1: new high-speed USB device number 69 using dummy_hcd
[ 1155.797072][T18240] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1155.817945][T18240] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1155.856646][T18240] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1155.903075][T18240] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1155.921661][T18240] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1155.945907][T18240] usb 2-1: config 0 descriptor??
[ 1156.186271][T19227] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3566'.
[ 1156.313743][   T29] audit: type=1400 audit(2000000501.569:1081): avc:  denied  { accept } for  pid=19209 comm="syz.1.3562" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[ 1156.731467][   T29] audit: type=1400 audit(2000000501.569:1082): avc:  denied  { setopt } for  pid=19209 comm="syz.1.3562" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[ 1157.673878][   T29] audit: type=1400 audit(2000000501.569:1083): avc:  denied  { write } for  pid=19209 comm="syz.1.3562" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[ 1158.851833][T11566] Bluetooth: hci5: Opcode 0x0c03 failed: -110
[ 1159.965357][T18240] usbhid 2-1:0.0: can't add hid device: -71
[ 1159.971735][T18240] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[ 1159.993442][T18240] usb 2-1: USB disconnect, device number 69
[ 1160.199817][T19236] netlink: 80 bytes leftover after parsing attributes in process `syz.1.3567'.
[ 1160.480454][T14904] usb 1-1: new high-speed USB device number 73 using dummy_hcd
[ 1160.642214][T14904] usb 1-1: config 0 has an invalid interface number: 114 but max is 0
[ 1160.928852][T14904] usb 1-1: config 0 has no interface number 0
[ 1161.024358][T14904] usb 1-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96
[ 1161.043516][T14904] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1161.100094][T14904] usb 1-1: Product: syz
[ 1161.126720][T14904] usb 1-1: Manufacturer: syz
[ 1161.139569][T14904] usb 1-1: SerialNumber: syz
[ 1161.169768][T14904] usb 1-1: config 0 descriptor??
[ 1161.194361][T14904] peak_usb 1-1:0.114: probe with driver peak_usb failed with error 114
[ 1162.991109][   T29] audit: type=1400 audit(2000000508.219:1084): avc:  denied  { setopt } for  pid=19249 comm="syz.4.3572" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 1163.074272][T19244] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3571'.
[ 1163.083311][T19244] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3571'.
[ 1163.261797][T19261] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3574'.
[ 1163.531509][T19088] usb 2-1: new high-speed USB device number 70 using dummy_hcd
[ 1168.235104][T19088] usb 2-1: unable to read config index 0 descriptor/start: -71
[ 1168.400014][T19088] usb 2-1: can't read configurations, error -71
[ 1168.411211][  T865] usb 1-1: USB disconnect, device number 73
[ 1169.452460][T15572] usb 1-1: new high-speed USB device number 74 using dummy_hcd
[ 1169.730115][T15572] usb 1-1: Using ep0 maxpacket: 32
[ 1169.781321][T15572] usb 1-1: config index 0 descriptor too short (expected 35577, got 27)
[ 1169.863275][T15572] usb 1-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[ 1170.030245][T15572] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 92
[ 1170.039248][T15572] usb 1-1: config 1 has no interface number 0
[ 1170.045424][T15572] usb 1-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1170.056372][T15572] usb 1-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[ 1170.069439][T15572] usb 1-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[ 1170.078551][T15572] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1170.157473][T15572] snd_usb_pod 1-1:1.1: Line 6 Pocket POD found
[ 1170.397964][T19278] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1170.446419][T19278] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1171.156501][T15572] snd_usb_pod 1-1:1.1: Line 6 Pocket POD now attached
[ 1171.385583][   T29] audit: type=1400 audit(2000000516.639:1085): avc:  denied  { setopt } for  pid=19300 comm="syz.2.3585" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[ 1171.480446][T15572] usb 1-1: USB disconnect, device number 74
[ 1171.487338][T15572] snd_usb_pod 1-1:1.1: Line 6 Pocket POD now disconnected
[ 1171.561627][T19298] ieee802154 phy0 wpan0: encryption failed: -22
[ 1172.797131][T12896] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1172.813139][T12896] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1173.331406][T12896] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1173.390214][T12896] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1173.402932][T12896] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 1173.419141][T12896] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1173.679709][T19334] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3591'.
[ 1174.767631][ T9883] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1176.184529][T11566] Bluetooth: hci0: command tx timeout
[ 1176.423672][T19089] Bluetooth: hci4: received HCILL_GO_TO_SLEEP_ACK in state 1
[ 1177.186975][   T29] audit: type=1400 audit(2000000522.439:1086): avc:  denied  { egress } for  pid=24 comm="ksoftirqd/1" saddr=fe80::1b daddr=ff02::2 netif=teql0 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:netif_t tclass=netif permissive=1
[ 1177.212363][   T29] audit: type=1400 audit(2000000522.439:1087): avc:  denied  { sendto } for  pid=24 comm="ksoftirqd/1" saddr=fe80::1b daddr=ff02::2 netif=teql0 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:node_t tclass=node permissive=1
[ 1177.249062][ T1292] ieee802154 phy0 wpan0: encryption failed: -22
[ 1177.337546][ T9883] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1177.509797][ T9883] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1177.697590][ T9883] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1178.220252][T11566] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 1178.321135][T19314] chnl_net:caif_netlink_parms(): no params data found
[ 1178.389288][ T9883] bridge_slave_1: left allmulticast mode
[ 1178.395236][ T9883] bridge_slave_1: left promiscuous mode
[ 1178.440376][ T9883] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1178.488210][T11566] Bluetooth: hci0: command tx timeout
[ 1178.495929][ T9883] bridge_slave_0: left allmulticast mode
[ 1178.501892][ T9883] bridge_slave_0: left promiscuous mode
[ 1178.507746][ T9883] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1178.591253][T19350] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3598'.
[ 1178.640182][  T865] usb 2-1: new high-speed USB device number 72 using dummy_hcd
[ 1178.870905][ T5129] Bluetooth: hci6: Opcode 0x1003 failed: -110
[ 1179.351077][  T865] usb 2-1: Using ep0 maxpacket: 32
[ 1179.371716][  T865] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 18, changing to 8
[ 1179.432381][  T865] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 57493, setting to 1024
[ 1179.478816][  T865] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[ 1179.497223][  T865] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1179.518609][  T865] usb 2-1: config 0 descriptor??
[ 1179.529319][  T865] hub 2-1:0.0: USB hub found
[ 1179.715292][   T25] usb 3-1: new high-speed USB device number 89 using dummy_hcd
[ 1179.735690][  T865] hub 2-1:0.0: 1 port detected
[ 1179.915567][   T25] usb 3-1: config index 0 descriptor too short (expected 4148, got 36)
[ 1179.923982][   T25] usb 3-1: config 0 has an invalid interface number: 161 but max is 0
[ 1179.932300][   T25] usb 3-1: config 0 has no interface number 0
[ 1179.938488][   T25] usb 3-1: config 0 interface 161 altsetting 0 endpoint 0xE has an invalid bInterval 172, changing to 11
[ 1179.950157][   T25] usb 3-1: config 0 interface 161 altsetting 0 endpoint 0xE has invalid maxpacket 1164, setting to 1024
[ 1179.961767][   T25] usb 3-1: config 0 interface 161 altsetting 0 endpoint 0xA has an invalid bInterval 177, changing to 7
[ 1179.973181][   T25] usb 3-1: config 0 interface 161 altsetting 0 endpoint 0xA has invalid maxpacket 9125, setting to 1024
[ 1180.008757][   T25] usb 3-1: New USB device found, idVendor=04f1, idProduct=3008, bcdDevice=4a.be
[ 1180.017947][   T25] usb 3-1: New USB device strings: Mfr=170, Product=233, SerialNumber=3
[ 1180.026470][   T25] usb 3-1: Product: syz
[ 1180.030904][   T25] usb 3-1: Manufacturer: syz
[ 1180.035634][   T25] usb 3-1: SerialNumber: syz
[ 1180.048195][   T25] usb 3-1: config 0 descriptor??
[ 1180.054131][T19370] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[ 1180.100016][ T9883] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1180.113022][ T9883] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1180.164403][ T9883] bond0 (unregistering): Released all slaves
[ 1180.373725][   T29] audit: type=1800 audit(2000000525.629:1088): pid=19370 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.2.3602" name="file1" dev="overlay" ino=532 res=0 errno=0
[ 1180.404724][   T25] asix 3-1:0.161 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[ 1180.428466][   T25] asix 3-1:0.161: probe with driver asix failed with error -71
[ 1180.431277][T19314] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1180.454452][T19314] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1180.475188][T19314] bridge_slave_0: entered allmulticast mode
[ 1180.480171][   T25] usb 3-1: USB disconnect, device number 89
[ 1180.492129][T19314] bridge_slave_0: entered promiscuous mode
[ 1180.530332][ T5869] usb 5-1: new high-speed USB device number 65 using dummy_hcd
[ 1180.541049][ T5129] Bluetooth: hci0: command tx timeout
[ 1180.570024][T19088] usb 1-1: new high-speed USB device number 75 using dummy_hcd
[ 1180.589033][T19314] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1180.606040][T19314] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1180.618246][T19314] bridge_slave_1: entered allmulticast mode
[ 1180.640278][T19314] bridge_slave_1: entered promiscuous mode
[ 1180.695629][ T5869] usb 5-1: config 0 has an invalid interface number: 114 but max is 0
[ 1180.704270][ T5869] usb 5-1: config 0 has no interface number 0
[ 1180.722407][T19088] usb 1-1: config 0 has an invalid interface number: 114 but max is 0
[ 1180.731063][T19088] usb 1-1: config 0 has no interface number 0
[ 1180.737765][ T5869] usb 5-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96
[ 1180.752121][T19088] usb 1-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96
[ 1180.768693][ T5869] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1180.777267][T19088] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1180.788378][ T5869] usb 5-1: Product: syz
[ 1180.794025][ T5869] usb 5-1: Manufacturer: syz
[ 1180.798761][T19088] usb 1-1: Product: syz
[ 1180.803505][ T5869] usb 5-1: SerialNumber: syz
[ 1180.821923][T19088] usb 1-1: Manufacturer: syz
[ 1180.826560][T19088] usb 1-1: SerialNumber: syz
[ 1180.840928][ T9883] hsr_slave_0: left promiscuous mode
[ 1180.857581][ T5869] usb 5-1: config 0 descriptor??
[ 1180.863803][T19088] usb 1-1: config 0 descriptor??
[ 1180.873466][ T9883] hsr_slave_1: left promiscuous mode
[ 1180.884179][ T5869] peak_usb 5-1:0.114: probe with driver peak_usb failed with error 114
[ 1180.902217][T19088] peak_usb 1-1:0.114: probe with driver peak_usb failed with error 114
[ 1180.919268][ T9883] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1180.928271][ T9883] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1180.941336][ T9883] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1180.948969][ T9883] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1181.003150][ T9883] veth1_macvtap: left promiscuous mode
[ 1181.008721][ T9883] veth0_macvtap: left promiscuous mode
[ 1181.019349][ T9883] veth1_vlan: left promiscuous mode
[ 1181.025548][   T25] usb 2-1: USB disconnect, device number 72
[ 1181.033756][ T9883] veth0_vlan: left promiscuous mode
[ 1181.303819][  T865] usb 2-1-port1: config error
[ 1182.063672][T19401] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3606'.
[ 1182.753606][ T5129] Bluetooth: hci0: command tx timeout
[ 1183.379760][ T5869] usb 1-1: USB disconnect, device number 75
[ 1183.804118][ T9883] team0 (unregistering): Port device team_slave_1 removed
[ 1183.869046][ T9883] team0 (unregistering): Port device team_slave_0 removed
[ 1184.077524][ T5869] usb 5-1: USB disconnect, device number 65
[ 1184.289628][   T29] audit: type=1400 audit(2000000529.509:1089): avc:  denied  { setopt } for  pid=19417 comm="syz.4.3610" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[ 1184.323244][   T29] audit: type=1400 audit(2000000529.539:1090): avc:  denied  { execute_no_trans } for  pid=19417 comm="syz.4.3610" path=2F6D656D66643A202864656C6574656429 dev="tmpfs" ino=1683 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[ 1184.738409][T19314] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1184.749682][T19314] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1185.498195][T19314] team0: Port device team_slave_0 added
[ 1185.531341][T19314] team0: Port device team_slave_1 added
[ 1185.612486][   T29] audit: type=1400 audit(2000000530.849:1091): avc:  denied  { ioctl } for  pid=19432 comm="syz.2.3613" path="socket:[62941]" dev="sockfs" ino=62941 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[ 1185.745505][T19437] FAULT_INJECTION: forcing a failure.
[ 1185.745505][T19437] name failslab, interval 1, probability 0, space 0, times 0
[ 1185.776415][T19437] CPU: 0 UID: 0 PID: 19437 Comm: syz.1.3614 Not tainted 6.13.0-rc1-syzkaller-00001-ge70140ba0d2b #0
[ 1185.787236][T19437] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 1185.797316][T19437] Call Trace:
[ 1185.800603][T19437]  <TASK>
[ 1185.803548][T19437]  dump_stack_lvl+0x16c/0x1f0
[ 1185.808246][T19437]  should_fail_ex+0x497/0x5b0
[ 1185.812941][T19437]  ? fs_reclaim_acquire+0xae/0x150
[ 1185.818073][T19437]  should_failslab+0xc2/0x120
[ 1185.822765][T19437]  __kmalloc_noprof+0xcb/0x510
[ 1185.827561][T19437]  ? rcu_is_watching+0x12/0xc0
[ 1185.832356][T19437]  tomoyo_encode2+0x100/0x3e0
[ 1185.837057][T19437]  tomoyo_encode+0x29/0x50
[ 1185.841501][T19437]  tomoyo_realpath_from_path+0x19d/0x720
[ 1185.847154][T19437]  ? tomoyo_path_number_perm+0x235/0x590
[ 1185.852801][T19437]  tomoyo_path_number_perm+0x248/0x590
[ 1185.858277][T19437]  ? tomoyo_path_number_perm+0x235/0x590
[ 1185.863937][T19437]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1185.869957][T19437]  ? __pfx_lock_release+0x10/0x10
[ 1185.874995][T19437]  ? trace_lock_acquire+0x14e/0x1f0
[ 1185.880223][T19437]  ? lock_acquire+0x2f/0xb0
[ 1185.884744][T19437]  ? __fget_files+0x40/0x3a0
[ 1185.889361][T19437]  ? __fget_files+0x206/0x3a0
[ 1185.894067][T19437]  security_file_ioctl+0x9b/0x240
[ 1185.899122][T19437]  __x64_sys_ioctl+0xb7/0x200
[ 1185.903819][T19437]  do_syscall_64+0xcd/0x250
[ 1185.908317][T19437]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1185.914198][T19437] RIP: 0033:0x7efe0d97ff19
[ 1185.918597][T19437] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1185.938207][T19437] RSP: 002b:00007efe0e808058 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1185.946646][T19437] RAX: ffffffffffffffda RBX: 00007efe0db46080 RCX: 00007efe0d97ff19
[ 1185.954638][T19437] RDX: 00000000200003c0 RSI: 00000000c020aa07 RDI: 0000000000000004
[ 1185.962622][T19437] RBP: 00007efe0e8080a0 R08: 0000000000000000 R09: 0000000000000000
[ 1185.970609][T19437] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1185.978592][T19437] R13: 0000000000000000 R14: 00007efe0db46080 R15: 00007ffc5f2e0d68
[ 1185.986595][T19437]  </TASK>
[ 1186.002850][T19437] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1186.033568][T19314] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1186.046400][T19314] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1186.080461][T19443] netlink: 14 bytes leftover after parsing attributes in process `syz.4.3615'.
[ 1186.098894][T19314] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1186.115277][T19314] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1186.122446][T19314] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1186.148611][T19314] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1186.174217][   T29] audit: type=1400 audit(2000000531.399:1092): avc:  denied  { connect } for  pid=19441 comm="syz.4.3615" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[ 1186.195644][    T8] usb 3-1: new high-speed USB device number 90 using dummy_hcd
[ 1186.310268][   T29] audit: type=1400 audit(2000000531.399:1093): avc:  denied  { read } for  pid=19441 comm="syz.4.3615" dev="sockfs" ino=62955 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[ 1186.593487][    T8] usb 3-1: Using ep0 maxpacket: 32
[ 1186.704786][    T8] usb 3-1: config 0 has an invalid interface number: 61 but max is 1
[ 1186.718675][    T8] usb 3-1: config 0 has an invalid interface number: 98 but max is 1
[ 1186.727178][    T8] usb 3-1: config 0 has no interface number 0
[ 1186.733609][    T8] usb 3-1: config 0 has no interface number 1
[ 1186.753796][    T8] usb 3-1: New USB device found, idVendor=2058, idProduct=1005, bcdDevice=b5.f6
[ 1186.778049][    T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1186.813434][    T8] usb 3-1: Product: syz
[ 1186.817632][    T8] usb 3-1: Manufacturer: syz
[ 1186.834936][    T8] usb 3-1: SerialNumber: syz
[ 1186.863696][    T8] usb 3-1: config 0 descriptor??
[ 1186.935120][T19443] netlink: 52 bytes leftover after parsing attributes in process `syz.4.3615'.
[ 1186.947401][T19314] hsr_slave_0: entered promiscuous mode
[ 1186.987327][T19462] netlink: 80 bytes leftover after parsing attributes in process `syz.0.3617'.
[ 1187.020218][   T25] usb 2-1: new high-speed USB device number 73 using dummy_hcd
[ 1187.078945][T19314] hsr_slave_1: entered promiscuous mode
[ 1187.087001][T19314] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1187.100221][T19314] Cannot create hsr debugfs directory
[ 1187.180660][    T8] viperboard 3-1:0.61: version 0.00 found at bus 003 address 090
[ 1187.201664][   T25] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1187.241261][   T25] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1187.268211][   T25] usb 2-1: New USB device found, idVendor=05ac, idProduct=4262, bcdDevice= 0.00
[ 1187.289953][   T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1187.336486][    T8] viperboard-i2c viperboard-i2c.2.auto: failure setting i2c_bus_freq to 100
[ 1187.336871][   T25] usb 2-1: config 0 descriptor??
[ 1187.354440][T19433] xt_hashlimit: overflow, rate too high: 0
[ 1187.520976][T19433] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3613'.
[ 1187.538897][    T8] viperboard-i2c viperboard-i2c.2.auto: probe with driver viperboard-i2c failed with error -5
[ 1188.457614][   T25] usbhid 2-1:0.0: can't add hid device: -71
[ 1188.464237][   T25] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[ 1188.474988][   T25] usb 2-1: USB disconnect, device number 73
[ 1188.558833][    T8] viperboard 3-1:0.98: version 0.00 found at bus 003 address 090
[ 1188.626259][    T8] viperboard-i2c viperboard-i2c.5.auto: failure setting i2c_bus_freq to 100
[ 1188.703296][    T8] viperboard-i2c viperboard-i2c.5.auto: probe with driver viperboard-i2c failed with error -5
[ 1188.735193][T19479] bridge0: entered promiscuous mode
[ 1188.850090][T19482] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3619'.
[ 1189.086529][    T8] usb 3-1: USB disconnect, device number 90
[ 1189.122742][T19482] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3619'.
[ 1189.484362][T19314] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 1189.552664][T19314] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 1189.577566][T19314] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 1189.616453][T19314] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 1189.654935][T19478] bridge0: left promiscuous mode
[ 1189.790074][    T8] usb 3-1: new high-speed USB device number 91 using dummy_hcd
[ 1189.913594][T19314] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1189.958245][    T8] usb 3-1: Using ep0 maxpacket: 32
[ 1189.973981][    T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1190.024257][T19520] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3625'.
[ 1190.030058][    T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1190.040737][T19520] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3625'.
[ 1190.049870][    T8] usb 3-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[ 1190.063236][    T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1190.143457][T19314] 8021q: adding VLAN 0 to HW filter on device team0
[ 1190.242947][    T8] usb 3-1: config 0 descriptor??
[ 1190.253900][ T9883] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1190.259076][T19523] ieee802154 phy0 wpan0: encryption failed: -22
[ 1190.261294][ T9883] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1190.365050][ T9883] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1190.372186][ T9883] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1190.628962][    T8] usbhid 3-1:0.0: can't add hid device: -71
[ 1190.655589][    T8] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[ 1190.735910][    T8] usb 3-1: USB disconnect, device number 91
[ 1190.872847][T19314] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1191.752381][   T29] audit: type=1400 audit(2000000537.009:1094): avc:  denied  { read } for  pid=19550 comm="syz.1.3629" path="socket:[63698]" dev="sockfs" ino=63698 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[ 1191.866686][   T29] audit: type=1400 audit(2000000537.119:1095): avc:  denied  { ioctl } for  pid=19550 comm="syz.1.3629" path="socket:[63698]" dev="sockfs" ino=63698 ioctlcmd=0x54d0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[ 1192.067367][T19570] netlink: 'syz.2.3631': attribute type 4 has an invalid length.
[ 1192.295263][T19314] veth0_vlan: entered promiscuous mode
[ 1192.324482][T19314] veth1_vlan: entered promiscuous mode
[ 1193.002895][T19314] veth0_macvtap: entered promiscuous mode
[ 1193.012698][T19314] veth1_macvtap: entered promiscuous mode
[ 1193.167178][T19314] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1193.190855][T19314] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1193.200783][T19314] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1193.211328][T19314] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1193.222349][T19314] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1193.236001][T19314] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1193.246025][T19314] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1193.256963][T19314] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1193.275070][T19314] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1193.286532][T19314] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1193.296612][T19314] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1193.307254][T19314] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1193.317222][T19314] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1193.328356][T19314] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1193.342765][T19314] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1193.356282][T19314] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1193.369345][T19314] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1193.379987][T19314] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1193.391291][T19314] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1193.401359][T19314] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1193.419939][T19314] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1193.430041][T19314] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1193.441392][T19314] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1193.452515][T19314] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1193.465630][T19314] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1193.475751][T19314] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1193.487918][T19314] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1193.500930][T19314] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1193.587562][T18135] usb 3-1: new high-speed USB device number 92 using dummy_hcd
[ 1193.649295][T19579] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3632'.
[ 1193.659268][T19579] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3632'.
[ 1193.715327][T19314] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1193.747124][T19314] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1193.809358][T19314] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1193.883937][T18135] usb 3-1: config 0 has an invalid interface number: 114 but max is 0
[ 1193.890270][T19314] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1193.892213][T18135] usb 3-1: config 0 has no interface number 0
[ 1193.919570][T18135] usb 3-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96
[ 1193.931221][T18135] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1193.939239][T18135] usb 3-1: Product: syz
[ 1193.967173][T18135] usb 3-1: Manufacturer: syz
[ 1193.972194][T18135] usb 3-1: SerialNumber: syz
[ 1194.008689][T18135] usb 3-1: config 0 descriptor??
[ 1194.067643][T18135] peak_usb 3-1:0.114: probe with driver peak_usb failed with error 114
[ 1194.206520][ T9883] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1194.250065][ T9883] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1194.452382][T18955] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1195.116193][T18955] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1195.850068][ T5869] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[ 1196.015951][ T5869] usb 7-1: config 0 has an invalid interface number: 114 but max is 0
[ 1196.035563][ T5869] usb 7-1: config 0 has no interface number 0
[ 1196.057439][ T5869] usb 7-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96
[ 1196.095465][ T5869] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1196.160434][ T5869] usb 7-1: Product: syz
[ 1196.740292][ T5869] usb 7-1: Manufacturer: syz
[ 1196.744944][ T5869] usb 7-1: SerialNumber: syz
[ 1196.753161][ T5869] usb 7-1: config 0 descriptor??
[ 1196.802880][ T5869] peak_usb 7-1:0.114: probe with driver peak_usb failed with error 114
[ 1196.905644][ T5869] usb 3-1: USB disconnect, device number 92
[ 1198.190002][T18135] usb 3-1: new high-speed USB device number 93 using dummy_hcd
[ 1198.360844][T18135] usb 3-1: too many configurations: 9, using maximum allowed: 8
[ 1198.379256][T18135] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1198.403464][T18135] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1198.462730][T18135] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1198.497962][T18135] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1198.526030][T18135] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1198.549557][T18135] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1198.594371][T18135] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1198.609847][T18135] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1198.658431][T18135] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1198.674344][T18135] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1198.683951][T18135] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1198.707179][T18135] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1198.724441][T18135] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1198.735761][T18135] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1198.736867][T19655] program syz.0.3641 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1198.757645][T18135] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1198.774595][T18135] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1198.801258][T18135] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1198.827106][T18135] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1198.844394][T18135] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1198.857155][T18135] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1198.882845][T18135] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1198.907263][T18135] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1198.920434][T18135] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1198.952478][T18135] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1198.974821][T18135] usb 3-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[ 1198.996005][T18135] usb 3-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[ 1199.005537][T18135] usb 3-1: Product: syz
[ 1199.012105][T18135] usb 3-1: Manufacturer: syz
[ 1199.016889][T18135] usb 3-1: SerialNumber: syz
[ 1199.030046][T15572] usb 1-1: new high-speed USB device number 76 using dummy_hcd
[ 1199.031356][T18135] usb 3-1: config 0 descriptor??
[ 1199.048642][T18135] yurex 3-1:0.0: USB YUREX device now attached to Yurex #0
[ 1199.123119][T19088] usb 7-1: USB disconnect, device number 2
[ 1199.191947][T15572] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[ 1199.209033][T15572] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1199.234455][T15572] usb 1-1: config 0 descriptor??
[ 1199.251447][T15572] cp210x 1-1:0.0: cp210x converter detected
[ 1199.392552][   T29] audit: type=1400 audit(2000000544.649:1096): avc:  denied  { set_context_mgr } for  pid=19671 comm="syz.6.3644" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[ 1199.405679][T19632] Invalid source name
[ 1199.450443][T18135] usb 3-1: USB disconnect, device number 93
[ 1199.456289][T19655] overlayfs: overlapping lowerdir path
[ 1199.462995][T18135] yurex 3-1:0.0: USB YUREX #0 now disconnected
[ 1199.480287][   T29] audit: type=1400 audit(2000000544.649:1097): avc:  denied  { mounton } for  pid=19631 comm="syz.2.3640" path="/102/bus" dev="tmpfs" ino=574 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[ 1199.540187][T19655] libceph: resolve '00.' (ret=-3): failed
[ 1199.820322][T15572] cp210x 1-1:0.0: failed to get vendor val 0x0010 size 3: -32
[ 1199.881832][T15572] usb 1-1: cp210x converter now attached to ttyUSB0
[ 1199.898416][T19679] netlink: 28 bytes leftover after parsing attributes in process `syz.6.3645'.
[ 1199.908164][  T865] usb 5-1: new high-speed USB device number 66 using dummy_hcd
[ 1199.970591][T19679] netlink: 28 bytes leftover after parsing attributes in process `syz.6.3645'.
[ 1200.077484][T19088] usb 1-1: USB disconnect, device number 76
[ 1200.092825][T19088] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[ 1200.131264][T19088] cp210x 1-1:0.0: device disconnected
[ 1200.141544][  T865] usb 5-1: Using ep0 maxpacket: 32
[ 1200.153627][T19686] tc_dump_action: action bad kind
[ 1200.161641][  T865] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1200.184284][T19688] ieee802154 phy0 wpan0: encryption failed: -22
[ 1200.201268][  T865] usb 5-1: config 0 has no interfaces?
[ 1200.251912][  T865] usb 5-1: New USB device found, idVendor=0d49, idProduct=7000, bcdDevice=26.2f
[ 1200.263566][  T865] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1200.272817][  T865] usb 5-1: Product: syz
[ 1200.302766][  T865] usb 5-1: Manufacturer: syz
[ 1200.307403][  T865] usb 5-1: SerialNumber: syz
[ 1200.342670][  T865] usb 5-1: config 0 descriptor??
[ 1200.549613][T19678] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1200.559458][T19678] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1200.734639][   T25] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[ 1200.920223][   T25] usb 7-1: Using ep0 maxpacket: 32
[ 1200.932771][   T25] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1201.270431][   T25] usb 7-1: config 0 has no interfaces?
[ 1201.332860][T19088] usb 5-1: USB disconnect, device number 66
[ 1201.339584][   T25] usb 7-1: New USB device found, idVendor=0d49, idProduct=7000, bcdDevice=26.2f
[ 1201.436454][T19706] netlink: 'syz.2.3650': attribute type 4 has an invalid length.
[ 1201.477601][   T25] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1201.509360][   T25] usb 7-1: Product: syz
[ 1201.520053][   T25] usb 7-1: Manufacturer: syz
[ 1202.492474][   T25] usb 7-1: SerialNumber: syz
[ 1202.521037][   T25] usb 7-1: config 0 descriptor??
[ 1202.980766][T19691] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1202.989851][T19691] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1203.011373][T19088] kernel write not supported for file /snd/seq (pid: 19088 comm: kworker/0:6)
[ 1203.351030][T19088] usb 7-1: USB disconnect, device number 3
[ 1203.418910][   T29] audit: type=1400 audit(2000000548.669:1098): avc:  denied  { append } for  pid=19723 comm="syz.2.3654" name="event3" dev="devtmpfs" ino=1014 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[ 1203.492198][   T29] audit: type=1400 audit(2000000548.749:1099): avc:  denied  { write } for  pid=19723 comm="syz.2.3654" name="001" dev="devtmpfs" ino=727 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[ 1203.710088][ T5869] usb 1-1: new high-speed USB device number 77 using dummy_hcd
[ 1203.874852][ T5869] usb 1-1: config 0 has an invalid interface number: 114 but max is 0
[ 1203.895683][ T5869] usb 1-1: config 0 has no interface number 0
[ 1203.949281][ T5869] usb 1-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96
[ 1203.991741][ T5869] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1204.145448][ T5869] usb 1-1: Product: syz
[ 1204.264896][ T5869] usb 1-1: Manufacturer: syz
[ 1204.275133][ T5869] usb 1-1: SerialNumber: syz
[ 1204.283547][ T5869] usb 1-1: config 0 descriptor??
[ 1204.297494][ T5869] peak_usb 1-1:0.114: probe with driver peak_usb failed with error 114
[ 1204.936217][T19745] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3657'.
[ 1204.945423][T19745] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3657'.
[ 1205.299084][T19764] FAULT_INJECTION: forcing a failure.
[ 1205.299084][T19764] name failslab, interval 1, probability 0, space 0, times 0
[ 1205.332589][T19764] CPU: 0 UID: 0 PID: 19764 Comm: syz.4.3661 Not tainted 6.13.0-rc1-syzkaller-00001-ge70140ba0d2b #0
[ 1205.343392][T19764] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 1205.353462][T19764] Call Trace:
[ 1205.356747][T19764]  <TASK>
[ 1205.359682][T19764]  dump_stack_lvl+0x16c/0x1f0
[ 1205.364377][T19764]  should_fail_ex+0x497/0x5b0
[ 1205.369073][T19764]  ? fs_reclaim_acquire+0xae/0x150
[ 1205.374211][T19764]  should_failslab+0xc2/0x120
[ 1205.378900][T19764]  __kmalloc_noprof+0xcb/0x510
[ 1205.383676][T19764]  ? __pfx_lock_acquire.part.0+0x10/0x10
[ 1205.389326][T19764]  tomoyo_realpath_from_path+0xb9/0x720
[ 1205.394894][T19764]  ? tomoyo_path_number_perm+0x235/0x590
[ 1205.400548][T19764]  ? tomoyo_path_number_perm+0x235/0x590
[ 1205.406205][T19764]  tomoyo_path_number_perm+0x248/0x590
[ 1205.411681][T19764]  ? tomoyo_path_number_perm+0x235/0x590
[ 1205.417334][T19764]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1205.423358][T19764]  ? __pfx_lock_release+0x10/0x10
[ 1205.428395][T19764]  ? trace_lock_acquire+0x14e/0x1f0
[ 1205.433613][T19764]  ? lock_acquire+0x2f/0xb0
[ 1205.438133][T19764]  ? __fget_files+0x40/0x3a0
[ 1205.442746][T19764]  ? __fget_files+0x206/0x3a0
[ 1205.447443][T19764]  security_file_ioctl+0x9b/0x240
[ 1205.452487][T19764]  __x64_sys_ioctl+0xb7/0x200
[ 1205.457191][T19764]  do_syscall_64+0xcd/0x250
[ 1205.461713][T19764]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1205.467621][T19764] RIP: 0033:0x7fe34997ff19
[ 1205.472043][T19764] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1205.491659][T19764] RSP: 002b:00007fe34a76e058 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1205.500084][T19764] RAX: ffffffffffffffda RBX: 00007fe349b46080 RCX: 00007fe34997ff19
[ 1205.508054][T19764] RDX: 00000000200000c0 RSI: 00000000c0045627 RDI: 0000000000000003
[ 1205.516021][T19764] RBP: 00007fe34a76e0a0 R08: 0000000000000000 R09: 0000000000000000
[ 1205.523984][T19764] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1205.531947][T19764] R13: 0000000000000001 R14: 00007fe349b46080 R15: 00007ffce2679428
[ 1205.539929][T19764]  </TASK>
[ 1205.543072][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1205.576904][T19764] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1206.148576][T19772] program syz.4.3664 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1208.117016][T19791] ieee802154 phy0 wpan0: encryption failed: -22
[ 1208.218820][ T5868] usb 1-1: USB disconnect, device number 77
[ 1208.400091][  T865] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[ 1208.407756][   T25] usb 5-1: new high-speed USB device number 67 using dummy_hcd
[ 1208.427183][   T29] audit: type=1400 audit(2000000553.679:1100): avc:  denied  { write } for  pid=19793 comm="syz.2.3667" name="ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[ 1208.450028][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1208.489312][ T5129] Bluetooth: hci1: SCO packet for unknown connection handle 0
[ 1208.591588][  T865] usb 7-1: config 0 has an invalid interface number: 114 but max is 0
[ 1208.618859][  T865] usb 7-1: config 0 has no interface number 0
[ 1208.626919][   T25] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[ 1208.643618][   T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1208.659488][   T25] usb 5-1: config 0 descriptor??
[ 1208.674922][   T25] cp210x 5-1:0.0: cp210x converter detected
[ 1208.688045][  T865] usb 7-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96
[ 1208.708669][  T865] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1208.744451][  T865] usb 7-1: Product: syz
[ 1208.753537][  T865] usb 7-1: Manufacturer: syz
[ 1208.762718][  T865] usb 7-1: SerialNumber: syz
[ 1208.780645][  T865] usb 7-1: config 0 descriptor??
[ 1208.799743][  T865] peak_usb 7-1:0.114: probe with driver peak_usb failed with error 114
[ 1208.927492][T19088] usb 7-1: USB disconnect, device number 4
[ 1208.935718][T19816] libceph: resolve '00.' (ret=-3): failed
[ 1209.197877][   T25] cp210x 5-1:0.0: failed to get vendor val 0x0010 size 3: -32
[ 1209.218650][   T25] usb 5-1: cp210x converter now attached to ttyUSB0
[ 1209.424188][T19088] usb 5-1: USB disconnect, device number 67
[ 1209.448556][T19088] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[ 1209.480969][T19088] cp210x 5-1:0.0: device disconnected
[ 1209.824356][    C1] ==================================================================
[ 1209.832434][    C1] BUG: KASAN: slab-use-after-free in selinux_ip_output+0x1e0/0x1f0
[ 1209.840318][    C1] Read of size 8 at addr ffff888060fd25f8 by task syz.1.3670/19805
[ 1209.848189][    C1] 
[ 1209.850509][    C1] CPU: 1 UID: 0 PID: 19805 Comm: syz.1.3670 Not tainted 6.13.0-rc1-syzkaller-00001-ge70140ba0d2b #0
[ 1209.861277][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 1209.871339][    C1] Call Trace:
[ 1209.874633][    C1]  <IRQ>
[ 1209.877486][    C1]  dump_stack_lvl+0x116/0x1f0
[ 1209.878577][   T29] audit: type=1400 audit(2000000555.129:1101): avc:  denied  { write } for  pid=5801 comm="syz-executor" path="pipe:[5322]" dev="pipefs" ino=5322 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[ 1209.882167][    C1]  print_report+0xc3/0x620
[ 1209.882198][    C1]  ? __virt_addr_valid+0x5e/0x590
[ 1209.882229][    C1]  ? __phys_addr+0xc6/0x150
[ 1209.882259][    C1]  kasan_report+0xd9/0x110
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1209.923629][    C1]  ? selinux_ip_output+0x1e0/0x1f0
[ 1209.928771][    C1]  ? selinux_ip_output+0x1e0/0x1f0
[ 1209.933909][    C1]  selinux_ip_output+0x1e0/0x1f0
[ 1209.938869][    C1]  ? __pfx_selinux_ip_output+0x10/0x10
[ 1209.944351][    C1]  nf_hook_slow+0xbb/0x200
[ 1209.948781][    C1]  nf_hook+0x474/0x7d0
[ 1209.952865][    C1]  ? __pfx_dst_output+0x10/0x10
[ 1209.957744][    C1]  ? __pfx_nf_hook+0x10/0x10
[ 1209.962351][    C1]  ? __pfx_lock_release+0x10/0x10
[ 1209.967395][    C1]  ? __pfx_dst_output+0x10/0x10
[ 1209.972268][    C1]  ip6_xmit+0xd44/0x2130
[ 1209.976526][    C1]  ? __pfx_dst_output+0x10/0x10
[ 1209.981406][    C1]  ? __pfx_ip6_xmit+0x10/0x10
[ 1209.986105][    C1]  ? xfrm_lookup_route+0x6a/0x200
[ 1209.991158][    C1]  ? ip6_dst_lookup_flow+0x164/0x1d0
[ 1209.996461][    C1]  ? __pfx_ip6_dst_lookup_flow+0x10/0x10
[ 1210.002116][    C1]  tcp_v6_send_response+0x11d9/0x25e0
[ 1210.007513][    C1]  ? __pfx_tcp_v6_send_response+0x10/0x10
[ 1210.013260][    C1]  ? mark_held_locks+0x9f/0xe0
[ 1210.018049][    C1]  tcp_v6_rcv+0x2c9c/0x3fd0
[ 1210.022584][    C1]  ? __pfx_tcp_v6_rcv+0x10/0x10
[ 1210.027453][    C1]  ? __pfx___lock_acquire+0x10/0x10
[ 1210.032674][    C1]  ? find_held_lock+0x2d/0x110
[ 1210.037467][    C1]  ? __pfx_tcp_v6_rcv+0x10/0x10
[ 1210.042331][    C1]  ip6_protocol_deliver_rcu+0x180/0x1510
[ 1210.047993][    C1]  ip6_input_finish+0x14f/0x2f0
[ 1210.052870][    C1]  ip6_input+0xa1/0xd0
[ 1210.056959][    C1]  ? __pfx_ip6_input+0x10/0x10
[ 1210.061743][    C1]  ipv6_rcv+0x265/0x680
[ 1210.065915][    C1]  ? __pfx_ipv6_rcv+0x10/0x10
[ 1210.070606][    C1]  __netif_receive_skb_one_core+0x12e/0x1e0
[ 1210.076523][    C1]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[ 1210.082967][    C1]  ? rcu_is_watching+0x12/0xc0
[ 1210.087757][    C1]  ? process_backlog+0x3f1/0x15f0
[ 1210.092808][    C1]  ? process_backlog+0x3f1/0x15f0
[ 1210.097857][    C1]  __netif_receive_skb+0x1d/0x160
[ 1210.102905][    C1]  process_backlog+0x443/0x15f0
[ 1210.107783][    C1]  __napi_poll.constprop.0+0xb7/0x550
[ 1210.113177][    C1]  net_rx_action+0xa94/0x1010
[ 1210.117882][    C1]  ? __pfx_net_rx_action+0x10/0x10
[ 1210.123011][    C1]  ? __pfx_mark_lock+0x10/0x10
[ 1210.127790][    C1]  ? trace_lock_acquire+0x14e/0x1f0
[ 1210.133013][    C1]  ? kvm_sched_clock_read+0x11/0x20
[ 1210.138227][    C1]  ? sched_clock+0x38/0x60
[ 1210.142671][    C1]  ? sched_clock_cpu+0x6d/0x4d0
[ 1210.147543][    C1]  ? mark_held_locks+0x9f/0xe0
[ 1210.152325][    C1]  handle_softirqs+0x213/0x8f0
[ 1210.157111][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[ 1210.162415][    C1]  ? irqtime_account_irq+0x18d/0x2e0
[ 1210.167723][    C1]  ? __dev_queue_xmit+0x89b/0x43e0
[ 1210.172856][    C1]  do_softirq+0xb2/0xf0
[ 1210.177032][    C1]  </IRQ>
[ 1210.179962][    C1]  <TASK>
[ 1210.182880][    C1]  __local_bh_enable_ip+0x100/0x120
[ 1210.188057][    C1]  ? __dev_queue_xmit+0x89b/0x43e0
[ 1210.193159][    C1]  __dev_queue_xmit+0x8b0/0x43e0
[ 1210.198120][    C1]  ? hlock_class+0x4e/0x130
[ 1210.202642][    C1]  ? __lock_acquire+0x15a9/0x3c40
[ 1210.207689][    C1]  ? __pfx___dev_queue_xmit+0x10/0x10
[ 1210.213079][    C1]  ? __free_zapped_classes+0x300/0x320
[ 1210.218565][    C1]  ? __pfx___lock_acquire+0x10/0x10
[ 1210.223780][    C1]  ? __pfx_mark_lock+0x10/0x10
[ 1210.228563][    C1]  ? find_held_lock+0x2d/0x110
[ 1210.233354][    C1]  ? ip6_finish_output+0x3f9/0x1360
[ 1210.238578][    C1]  ? __pfx_lock_release+0x10/0x10
[ 1210.243619][    C1]  ? mark_held_locks+0x9f/0xe0
[ 1210.248396][    C1]  ip6_finish_output2+0x1801/0x2070
[ 1210.253624][    C1]  ip6_finish_output+0x3f9/0x1360
[ 1210.258672][    C1]  ip6_output+0x1f8/0x540
[ 1210.263021][    C1]  ? __pfx_ip6_output+0x10/0x10
[ 1210.267879][    C1]  ip6_xmit+0x1234/0x2130
[ 1210.272195][    C1]  ? __pfx_ip6_xmit+0x10/0x10
[ 1210.276852][    C1]  ? __pfx_lock_acquire.part.0+0x10/0x10
[ 1210.282464][    C1]  ? rcu_is_watching+0x12/0xc0
[ 1210.287226][    C1]  ? trace_lock_acquire+0x14e/0x1f0
[ 1210.292440][    C1]  ? mark_lock+0xb5/0xc60
[ 1210.296748][    C1]  ? inet6_csk_xmit+0x18a/0x740
[ 1210.301583][    C1]  inet6_csk_xmit+0x3ce/0x740
[ 1210.306242][    C1]  ? __pfx_inet6_csk_xmit+0x10/0x10
[ 1210.311423][    C1]  ? csum_ipv6_magic+0x296/0x310
[ 1210.316339][    C1]  ? __pfx_inet6_csk_xmit+0x10/0x10
[ 1210.321524][    C1]  __tcp_transmit_skb+0x1b02/0x3df0
[ 1210.326701][    C1]  ? __pfx___tcp_transmit_skb+0x10/0x10
[ 1210.332225][    C1]  ? __pfx_lock_release+0x10/0x10
[ 1210.337227][    C1]  ? ktime_get+0x206/0x300
[ 1210.341620][    C1]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1210.346815][    C1]  tcp_write_xmit+0x12b1/0x8560
[ 1210.351662][    C1]  ? tcp_current_mss+0x27e/0x500
[ 1210.356584][    C1]  __tcp_push_pending_frames+0xaf/0x390
[ 1210.362112][    C1]  tcp_send_fin+0x154/0xc70
[ 1210.366593][    C1]  ? __pfx_tcp_send_fin+0x10/0x10
[ 1210.371593][    C1]  ? __pfx_lock_release+0x10/0x10
[ 1210.376598][    C1]  __tcp_close+0x96b/0xff0
[ 1210.380994][    C1]  tcp_close+0x28/0x120
[ 1210.385127][    C1]  inet_release+0x13c/0x280
[ 1210.389608][    C1]  inet6_release+0x4f/0x70
[ 1210.394000][    C1]  __sock_release+0xb0/0x270
[ 1210.398569][    C1]  ? __pfx_sock_close+0x10/0x10
[ 1210.403486][    C1]  sock_close+0x1c/0x30
[ 1210.407621][    C1]  __fput+0x3f8/0xb60
[ 1210.411585][    C1]  task_work_run+0x14e/0x250
[ 1210.416150][    C1]  ? __pfx_task_work_run+0x10/0x10
[ 1210.421236][    C1]  ? __pfx___do_sys_close_range+0x10/0x10
[ 1210.426933][    C1]  syscall_exit_to_user_mode+0x27b/0x2a0
[ 1210.432546][    C1]  do_syscall_64+0xda/0x250
[ 1210.437029][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1210.442904][    C1] RIP: 0033:0x7efe0d97ff19
[ 1210.447294][    C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1210.466889][    C1] RSP: 002b:00007ffc5f2e0ec8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 1210.475287][    C1] RAX: 0000000000000000 RBX: 00007efe0db47ba0 RCX: 00007efe0d97ff19
[ 1210.483241][    C1] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 1210.491189][    C1] RBP: 00007efe0db47ba0 R08: 0000000000000000 R09: 00007ffc5f2e11af
[ 1210.499137][    C1] R10: 00007efe0db47ac0 R11: 0000000000000246 R12: 00000000001275cb
[ 1210.507087][    C1] R13: 00007efe0db45fa0 R14: 0000000000000032 R15: ffffffffffffffff
[ 1210.515044][    C1]  </TASK>
[ 1210.518050][    C1] 
[ 1210.520353][    C1] Allocated by task 12979:
[ 1210.524742][    C1]  kasan_save_stack+0x33/0x60
[ 1210.529402][    C1]  kasan_save_track+0x14/0x30
[ 1210.534060][    C1]  __kasan_slab_alloc+0x89/0x90
[ 1210.538903][    C1]  kmem_cache_alloc_noprof+0x226/0x3d0
[ 1210.544346][    C1]  inet_twsk_alloc+0x120/0x970
[ 1210.549090][    C1]  tcp_time_wait+0x5f/0xe10
[ 1210.553569][    C1]  tcp_rcv_state_process+0x1fda/0x4c40
[ 1210.559010][    C1]  tcp_v6_do_rcv+0x492/0x1730
[ 1210.563686][    C1]  __release_sock+0x14c/0x400
[ 1210.568379][    C1]  __tcp_close+0x4f3/0xff0
[ 1210.572772][    C1]  tcp_close+0x28/0x120
[ 1210.576902][    C1]  inet_release+0x13c/0x280
[ 1210.581399][    C1]  inet6_release+0x4f/0x70
[ 1210.585814][    C1]  __sock_release+0xb0/0x270
[ 1210.590397][    C1]  sock_close+0x1c/0x30
[ 1210.594527][    C1]  __fput+0x3f8/0xb60
[ 1210.598492][    C1]  task_work_run+0x14e/0x250
[ 1210.603146][    C1]  syscall_exit_to_user_mode+0x27b/0x2a0
[ 1210.608758][    C1]  do_syscall_64+0xda/0x250
[ 1210.613242][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1210.619127][    C1] 
[ 1210.621447][    C1] Freed by task 13707:
[ 1210.625537][    C1]  kasan_save_stack+0x33/0x60
[ 1210.630218][    C1]  kasan_save_track+0x14/0x30
[ 1210.634871][    C1]  kasan_save_free_info+0x3b/0x60
[ 1210.639873][    C1]  __kasan_slab_free+0x51/0x70
[ 1210.644617][    C1]  slab_free_after_rcu_debug+0x115/0x340
[ 1210.650229][    C1]  rcu_core+0x79d/0x14d0
[ 1210.654452][    C1]  handle_softirqs+0x213/0x8f0
[ 1210.659201][    C1]  __irq_exit_rcu+0x109/0x170
[ 1210.663858][    C1]  irq_exit_rcu+0x9/0x30
[ 1210.668085][    C1]  sysvec_apic_timer_interrupt+0xa4/0xc0
[ 1210.673696][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1210.679655][    C1] 
[ 1210.681955][    C1] Last potentially related work creation:
[ 1210.687650][    C1]  kasan_save_stack+0x33/0x60
[ 1210.692316][    C1]  __kasan_record_aux_stack+0xba/0xd0
[ 1210.697673][    C1]  kmem_cache_free+0x305/0x4c0
[ 1210.702447][    C1]  inet_twsk_free+0x12b/0x190
[ 1210.707125][    C1]  inet_twsk_put+0x6a/0x90
[ 1210.711518][    C1]  call_timer_fn+0x1a0/0x610
[ 1210.716084][    C1]  __run_timers+0x6e8/0x930
[ 1210.720565][    C1]  run_timer_base+0x114/0x190
[ 1210.725217][    C1]  run_timer_softirq+0x1a/0x40
[ 1210.729961][    C1]  handle_softirqs+0x213/0x8f0
[ 1210.734712][    C1]  __irq_exit_rcu+0x109/0x170
[ 1210.739369][    C1]  irq_exit_rcu+0x9/0x30
[ 1210.743590][    C1]  sysvec_apic_timer_interrupt+0xa4/0xc0
[ 1210.749202][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1210.755168][    C1] 
[ 1210.757475][    C1] The buggy address belongs to the object at ffff888060fd2580
[ 1210.757475][    C1]  which belongs to the cache tw_sock_TCPv6 of size 288
[ 1210.771684][    C1] The buggy address is located 120 bytes inside of
[ 1210.771684][    C1]  freed 288-byte region [ffff888060fd2580, ffff888060fd26a0)
[ 1210.785460][    C1] 
[ 1210.787758][    C1] The buggy address belongs to the physical page:
[ 1210.794148][    C1] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888060fd2420 pfn:0x60fd2
[ 1210.804188][    C1] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 1210.812659][    C1] memcg:ffff888024fe5c01
[ 1210.816869][    C1] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 1210.824411][    C1] page_type: f5(slab)
[ 1210.828367][    C1] raw: 00fff00000000040 ffff88814c6e53c0 dead000000000122 0000000000000000
[ 1210.836926][    C1] raw: ffff888060fd2420 0000000080170014 00000001f5000000 ffff888024fe5c01
[ 1210.845486][    C1] head: 00fff00000000040 ffff88814c6e53c0 dead000000000122 0000000000000000
[ 1210.854136][    C1] head: ffff888060fd2420 0000000080170014 00000001f5000000 ffff888024fe5c01
[ 1210.862787][    C1] head: 00fff00000000001 ffffea000183f481 ffffffffffffffff 0000000000000000
[ 1210.871436][    C1] head: ffff888000000002 0000000000000000 00000000ffffffff 0000000000000000
[ 1210.880077][    C1] page dumped because: kasan: bad access detected
[ 1210.886469][    C1] page_owner tracks the page as allocated
[ 1210.892157][    C1] page last allocated via order 1, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 11957, tgid 11957 (syz.0.1689), ts 556812748970, free_ts 556373766837
[ 1210.911676][    C1]  post_alloc_hook+0x2d1/0x350
[ 1210.916422][    C1]  get_page_from_freelist+0xfce/0x2f80
[ 1210.921857][    C1]  __alloc_pages_noprof+0x223/0x25b0
[ 1210.927116][    C1]  alloc_pages_mpol_noprof+0x2c9/0x610
[ 1210.932554][    C1]  new_slab+0x2c9/0x410
[ 1210.936682][    C1]  ___slab_alloc+0xdac/0x1870
[ 1210.941333][    C1]  __slab_alloc.constprop.0+0x56/0xb0
[ 1210.946697][    C1]  kmem_cache_alloc_noprof+0xfa/0x3d0
[ 1210.952047][    C1]  inet_twsk_alloc+0x120/0x970
[ 1210.956784][    C1]  tcp_time_wait+0x5f/0xe10
[ 1210.961268][    C1]  tcp_rcv_state_process+0x1fda/0x4c40
[ 1210.966737][    C1]  tcp_v6_do_rcv+0x492/0x1730
[ 1210.971393][    C1]  __release_sock+0x14c/0x400
[ 1210.976056][    C1]  __tcp_close+0x4f3/0xff0
[ 1210.980450][    C1]  tcp_close+0x28/0x120
[ 1210.984579][    C1]  inet_release+0x13c/0x280
[ 1210.989065][    C1] page last free pid 11948 tgid 11948 stack trace:
[ 1210.995537][    C1]  free_unref_page+0x661/0x1080
[ 1211.000367][    C1]  __mmdrop+0xd5/0x460
[ 1211.004415][    C1]  __mmput+0x404/0x4c0
[ 1211.008459][    C1]  mmput+0x62/0x70
[ 1211.012160][    C1]  do_exit+0x9bf/0x2d70
[ 1211.016312][    C1]  do_group_exit+0xd3/0x2a0
[ 1211.020837][    C1]  get_signal+0x24ed/0x26c0
[ 1211.025346][    C1]  arch_do_signal_or_restart+0x90/0x7e0
[ 1211.030872][    C1]  irqentry_exit_to_user_mode+0x13f/0x280
[ 1211.036570][    C1]  asm_exc_page_fault+0x26/0x30
[ 1211.041399][    C1] 
[ 1211.043693][    C1] Memory state around the buggy address:
[ 1211.049294][    C1]  ffff888060fd2480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1211.057342][    C1]  ffff888060fd2500: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 1211.065399][    C1] >ffff888060fd2580: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1211.073431][    C1]                                                                 ^
[ 1211.081383][    C1]  ffff888060fd2600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1211.089416][    C1]  ffff888060fd2680: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc
[ 1211.097458][    C1] ==================================================================
[ 1211.105613][    C1] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 1211.112814][    C1] CPU: 1 UID: 0 PID: 19805 Comm: syz.1.3670 Not tainted 6.13.0-rc1-syzkaller-00001-ge70140ba0d2b #0
[ 1211.123575][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 1211.133609][    C1] Call Trace:
[ 1211.136877][    C1]  <IRQ>
[ 1211.139696][    C1]  dump_stack_lvl+0x3d/0x1f0
[ 1211.144272][    C1]  panic+0x71d/0x800
[ 1211.148148][    C1]  ? __pfx_panic+0x10/0x10
[ 1211.152551][    C1]  ? check_panic_on_warn+0x1f/0xb0
[ 1211.157640][    C1]  check_panic_on_warn+0xab/0xb0
[ 1211.162555][    C1]  end_report+0x117/0x180
[ 1211.166864][    C1]  kasan_report+0xe9/0x110
[ 1211.171259][    C1]  ? selinux_ip_output+0x1e0/0x1f0
[ 1211.176350][    C1]  ? selinux_ip_output+0x1e0/0x1f0
[ 1211.181446][    C1]  selinux_ip_output+0x1e0/0x1f0
[ 1211.186374][    C1]  ? __pfx_selinux_ip_output+0x10/0x10
[ 1211.191810][    C1]  nf_hook_slow+0xbb/0x200
[ 1211.196205][    C1]  nf_hook+0x474/0x7d0
[ 1211.200255][    C1]  ? __pfx_dst_output+0x10/0x10
[ 1211.205081][    C1]  ? __pfx_nf_hook+0x10/0x10
[ 1211.209647][    C1]  ? __pfx_lock_release+0x10/0x10
[ 1211.214649][    C1]  ? __pfx_dst_output+0x10/0x10
[ 1211.219496][    C1]  ip6_xmit+0xd44/0x2130
[ 1211.223719][    C1]  ? __pfx_dst_output+0x10/0x10
[ 1211.228565][    C1]  ? __pfx_ip6_xmit+0x10/0x10
[ 1211.233254][    C1]  ? xfrm_lookup_route+0x6a/0x200
[ 1211.238309][    C1]  ? ip6_dst_lookup_flow+0x164/0x1d0
[ 1211.243616][    C1]  ? __pfx_ip6_dst_lookup_flow+0x10/0x10
[ 1211.249269][    C1]  tcp_v6_send_response+0x11d9/0x25e0
[ 1211.254630][    C1]  ? __pfx_tcp_v6_send_response+0x10/0x10
[ 1211.260333][    C1]  ? mark_held_locks+0x9f/0xe0
[ 1211.265078][    C1]  tcp_v6_rcv+0x2c9c/0x3fd0
[ 1211.269564][    C1]  ? __pfx_tcp_v6_rcv+0x10/0x10
[ 1211.274399][    C1]  ? __pfx___lock_acquire+0x10/0x10
[ 1211.279607][    C1]  ? find_held_lock+0x2d/0x110
[ 1211.284379][    C1]  ? __pfx_tcp_v6_rcv+0x10/0x10
[ 1211.289208][    C1]  ip6_protocol_deliver_rcu+0x180/0x1510
[ 1211.294829][    C1]  ip6_input_finish+0x14f/0x2f0
[ 1211.299684][    C1]  ip6_input+0xa1/0xd0
[ 1211.303738][    C1]  ? __pfx_ip6_input+0x10/0x10
[ 1211.308485][    C1]  ipv6_rcv+0x265/0x680
[ 1211.312623][    C1]  ? __pfx_ipv6_rcv+0x10/0x10
[ 1211.317276][    C1]  __netif_receive_skb_one_core+0x12e/0x1e0
[ 1211.323150][    C1]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[ 1211.329543][    C1]  ? rcu_is_watching+0x12/0xc0
[ 1211.334286][    C1]  ? process_backlog+0x3f1/0x15f0
[ 1211.339292][    C1]  ? process_backlog+0x3f1/0x15f0
[ 1211.344383][    C1]  __netif_receive_skb+0x1d/0x160
[ 1211.349389][    C1]  process_backlog+0x443/0x15f0
[ 1211.354226][    C1]  __napi_poll.constprop.0+0xb7/0x550
[ 1211.359582][    C1]  net_rx_action+0xa94/0x1010
[ 1211.364242][    C1]  ? __pfx_net_rx_action+0x10/0x10
[ 1211.369332][    C1]  ? __pfx_mark_lock+0x10/0x10
[ 1211.374086][    C1]  ? trace_lock_acquire+0x14e/0x1f0
[ 1211.379270][    C1]  ? kvm_sched_clock_read+0x11/0x20
[ 1211.384455][    C1]  ? sched_clock+0x38/0x60
[ 1211.388862][    C1]  ? sched_clock_cpu+0x6d/0x4d0
[ 1211.393691][    C1]  ? mark_held_locks+0x9f/0xe0
[ 1211.398436][    C1]  handle_softirqs+0x213/0x8f0
[ 1211.403189][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[ 1211.408454][    C1]  ? irqtime_account_irq+0x18d/0x2e0
[ 1211.413718][    C1]  ? __dev_queue_xmit+0x89b/0x43e0
[ 1211.418806][    C1]  do_softirq+0xb2/0xf0
[ 1211.422944][    C1]  </IRQ>
[ 1211.425850][    C1]  <TASK>
[ 1211.428755][    C1]  __local_bh_enable_ip+0x100/0x120
[ 1211.433931][    C1]  ? __dev_queue_xmit+0x89b/0x43e0
[ 1211.439022][    C1]  __dev_queue_xmit+0x8b0/0x43e0
[ 1211.443949][    C1]  ? hlock_class+0x4e/0x130
[ 1211.448434][    C1]  ? __lock_acquire+0x15a9/0x3c40
[ 1211.453444][    C1]  ? __pfx___dev_queue_xmit+0x10/0x10
[ 1211.458798][    C1]  ? __free_zapped_classes+0x300/0x320
[ 1211.464249][    C1]  ? __pfx___lock_acquire+0x10/0x10
[ 1211.469448][    C1]  ? __pfx_mark_lock+0x10/0x10
[ 1211.474195][    C1]  ? find_held_lock+0x2d/0x110
[ 1211.478948][    C1]  ? ip6_finish_output+0x3f9/0x1360
[ 1211.484139][    C1]  ? __pfx_lock_release+0x10/0x10
[ 1211.489167][    C1]  ? mark_held_locks+0x9f/0xe0
[ 1211.493913][    C1]  ip6_finish_output2+0x1801/0x2070
[ 1211.499099][    C1]  ip6_finish_output+0x3f9/0x1360
[ 1211.504122][    C1]  ip6_output+0x1f8/0x540
[ 1211.508439][    C1]  ? __pfx_ip6_output+0x10/0x10
[ 1211.513268][    C1]  ip6_xmit+0x1234/0x2130
[ 1211.517578][    C1]  ? __pfx_ip6_xmit+0x10/0x10
[ 1211.522236][    C1]  ? __pfx_lock_acquire.part.0+0x10/0x10
[ 1211.527848][    C1]  ? rcu_is_watching+0x12/0xc0
[ 1211.532593][    C1]  ? trace_lock_acquire+0x14e/0x1f0
[ 1211.537774][    C1]  ? mark_lock+0xb5/0xc60
[ 1211.542081][    C1]  ? inet6_csk_xmit+0x18a/0x740
[ 1211.546916][    C1]  inet6_csk_xmit+0x3ce/0x740
[ 1211.551573][    C1]  ? __pfx_inet6_csk_xmit+0x10/0x10
[ 1211.556755][    C1]  ? csum_ipv6_magic+0x296/0x310
[ 1211.561675][    C1]  ? __pfx_inet6_csk_xmit+0x10/0x10
[ 1211.566858][    C1]  __tcp_transmit_skb+0x1b02/0x3df0
[ 1211.572047][    C1]  ? __pfx___tcp_transmit_skb+0x10/0x10
[ 1211.577586][    C1]  ? __pfx_lock_release+0x10/0x10
[ 1211.582616][    C1]  ? ktime_get+0x206/0x300
[ 1211.587058][    C1]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1211.592265][    C1]  tcp_write_xmit+0x12b1/0x8560
[ 1211.597100][    C1]  ? tcp_current_mss+0x27e/0x500
[ 1211.602018][    C1]  __tcp_push_pending_frames+0xaf/0x390
[ 1211.607573][    C1]  tcp_send_fin+0x154/0xc70
[ 1211.612064][    C1]  ? __pfx_tcp_send_fin+0x10/0x10
[ 1211.617070][    C1]  ? __pfx_lock_release+0x10/0x10
[ 1211.622080][    C1]  __tcp_close+0x96b/0xff0
[ 1211.626479][    C1]  tcp_close+0x28/0x120
[ 1211.630612][    C1]  inet_release+0x13c/0x280
[ 1211.635100][    C1]  inet6_release+0x4f/0x70
[ 1211.639497][    C1]  __sock_release+0xb0/0x270
[ 1211.644069][    C1]  ? __pfx_sock_close+0x10/0x10
[ 1211.648907][    C1]  sock_close+0x1c/0x30
[ 1211.653056][    C1]  __fput+0x3f8/0xb60
[ 1211.657028][    C1]  task_work_run+0x14e/0x250
[ 1211.661616][    C1]  ? __pfx_task_work_run+0x10/0x10
[ 1211.666747][    C1]  ? __pfx___do_sys_close_range+0x10/0x10
[ 1211.672474][    C1]  syscall_exit_to_user_mode+0x27b/0x2a0
[ 1211.678089][    C1]  do_syscall_64+0xda/0x250
[ 1211.682595][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1211.688472][    C1] RIP: 0033:0x7efe0d97ff19
[ 1211.692866][    C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1211.712459][    C1] RSP: 002b:00007ffc5f2e0ec8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 1211.720850][    C1] RAX: 0000000000000000 RBX: 00007efe0db47ba0 RCX: 00007efe0d97ff19
[ 1211.728797][    C1] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 1211.736747][    C1] RBP: 00007efe0db47ba0 R08: 0000000000000000 R09: 00007ffc5f2e11af
[ 1211.744701][    C1] R10: 00007efe0db47ac0 R11: 0000000000000246 R12: 00000000001275cb
[ 1211.752671][    C1] R13: 00007efe0db45fa0 R14: 0000000000000032 R15: ffffffffffffffff
[ 1211.760629][    C1]  </TASK>
[ 1211.763835][    C1] Kernel Offset: disabled
[ 1211.768137][    C1] Rebooting in 86400 seconds..