last executing test programs:

2m48.722996981s ago: executing program 0 (id=80):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000740)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000001400000018000180140002006e657464657673696d3000000000000005001900010000000800160000000001080017"], 0x44}}, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x0)
syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
syz_emit_ethernet(0x46, &(0x7f0000000440)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaabb86dd60122d9200103afffe8000000060eeba447ea45204c70000000000000000000035ff020000000000000000000000000001860090780000000000000000000000002124149758067808b6e0e592130fc7ce4390c301ce5bd0d5b032e27d582986fdac7ad574b81a6d628d5e9f1ef44c9fd70b5bfa3c42e97ad04c5802e096100983453f3e218e3509"], 0x0)
sendmmsg$inet6(r2, &(0x7f00000065c0), 0x0, 0x0)
r3 = io_uring_setup(0x4516, &(0x7f0000000140)={0x0, 0x8510, 0x1000, 0x3, 0xf3})
io_uring_register$IORING_REGISTER_CLOCK(r3, 0x1d, &(0x7f0000000040), 0x0)
r4 = socket$inet6(0xa, 0x80002, 0x0)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0xc902)
ioctl$int_in(0xffffffffffffffff, 0x5421, &(0x7f0000001840)=0x5d4)
sched_setscheduler(0x0, 0x1, 0x0)
r5 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0)
r6 = gettid()
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x100)
getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r4, 0x84, 0x1a, &(0x7f0000000580)={0x0, 0xb8, "0f4fd30a9f515b8c0155592869edbdc95a07d4bd69156c13a95cc17c12b7629a711f3d803a9273f9c03902896c7e0e43cf5709270be150412f5d1a0058b9a0638af2da4bb1c9bc2bdfeeea1db32efb199f8d73ca7a1e7a71e5952177b574a1c25990da19fb4e78b78b07e0e0882c7b83c6625f94c07d63bf52cd5d0cf6b4ddc0021a21cace2df5947158808c4ce325fabc0d6923ef3df0e563a865a90749c3a1d2282773ed8cfd525d539324223e6be29877e17345c63539"}, &(0x7f00000001c0)=0xc0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
mount$overlay(0x0, 0x0, &(0x7f0000000080), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@workdir={'workdir', 0x3d, './file1'}}]})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r7 = syz_open_dev$MSR(&(0x7f0000000340), 0x0, 0x0)
read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8)
tkill(r6, 0xb)
fsopen(&(0x7f0000000040)='tracefs\x00', 0x0)

2m47.105613727s ago: executing program 0 (id=85):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'bridge_slave_1\x00', <r2=>0x0})
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="300000001d00d78d40150724e490000007000000", @ANYRES32=r2, @ANYBLOB="8000a6000a000200d82ea1bc01700000060005"], 0x30}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r5 = socket$inet6(0xa, 0x1, 0x8010000000000084)
setrlimit(0xe, &(0x7f0000000080)={0x56, 0x2})
bind$inet6(r5, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c)
connect$inet6(r5, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x318, 0x1, 0x24}, 0x9c)

2m45.780557481s ago: executing program 0 (id=88):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0xe8, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00'})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4048ae9b, &(0x7f0000019180)={0x1a0003, 0x0, [0x7, 0x2, 0x8, 0x1000000100000000, 0xfffffffffffffffd, 0x0, 0x0, 0x7fffffff]})
ioctl$KVM_RUN(r2, 0xae80, 0x3000000)

2m45.262861534s ago: executing program 0 (id=93):
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0xc)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000700))
ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000002c0)={0x1, r1})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)

2m44.523313124s ago: executing program 0 (id=96):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=<r1=>0x0)
timer_settime(r1, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000140)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000000c000000180001801400020076657468315f746f5f6261740664760018000380100002800c0001800500020000000000040001001eff6705aa9f9bcb4878baecd36f9d7ecaa27fffe839d552287dd5e0a00088ef33"], 0x44}}, 0x0)
r4 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2, 0x11, r4, 0x0)
ioctl$IMADDTIMER(r4, 0x80044940, &(0x7f0000000080))
r5 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x40, 0x1, 0x0)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010d00000000000000850a000000000000000500000014000500200100000000000000000100000000001c00090008000000", @ANYRES64=r6], 0x4c}}, 0x0)
sendmmsg(r7, &(0x7f00000002c0), 0x40000000000009f, 0x0)
mq_timedreceive(r5, &(0x7f0000000000)=""/83, 0x9b0c4f391059f39b, 0x20000900, &(0x7f0000000100)={0x77359400})

2m42.01743667s ago: executing program 0 (id=102):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r1, 0x0)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r1, 0xc018937c, &(0x7f0000000040)={{0x1, 0x1, 0x18}, './file0\x00'})
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1)
getpeername$qrtr(r1, &(0x7f0000000000), &(0x7f00000000c0)=0xc)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$fou(0x0, 0xffffffffffffffff)
sendmsg$FOU_CMD_GET(0xffffffffffffffff, 0x0, 0x40000)
socket$inet6_sctp(0xa, 0x5, 0x84)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
r5 = inotify_init1(0x0)
inotify_add_watch(r5, &(0x7f0000000000)='.\x00', 0x2200077d)
write$binfmt_script(r4, &(0x7f0000000040), 0x208e24b)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x3000007, 0x4000010, r4, 0x8000000)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x3)

2m26.638126505s ago: executing program 32 (id=102):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r1, 0x0)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r1, 0xc018937c, &(0x7f0000000040)={{0x1, 0x1, 0x18}, './file0\x00'})
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1)
getpeername$qrtr(r1, &(0x7f0000000000), &(0x7f00000000c0)=0xc)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$fou(0x0, 0xffffffffffffffff)
sendmsg$FOU_CMD_GET(0xffffffffffffffff, 0x0, 0x40000)
socket$inet6_sctp(0xa, 0x5, 0x84)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
r5 = inotify_init1(0x0)
inotify_add_watch(r5, &(0x7f0000000000)='.\x00', 0x2200077d)
write$binfmt_script(r4, &(0x7f0000000040), 0x208e24b)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x3000007, 0x4000010, r4, 0x8000000)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x3)

1m22.717786097s ago: executing program 4 (id=303):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$PIO_UNIMAP(r0, 0x4b67, &(0x7f0000000040)={0x400000000000000c, &(0x7f0000000080)}) (fail_nth: 6)

1m22.041214048s ago: executing program 4 (id=306):
r0 = socket$inet6(0xa, 0x6, 0x0)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}, 0x3}, 0x1c)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = syz_io_uring_setup(0x110, &(0x7f00000003c0)={0x0, 0xfad6, 0x100, 0x1}, &(0x7f0000000140)=<r2=>0x0, &(0x7f0000002a00)=<r3=>0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r1, 0xdb4, 0x0, 0x0, 0x0, 0x0)
setpriority(0x1, 0x0, 0x5)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r1, 0x18, 0x0, 0x1)
r5 = socket$inet_dccp(0x2, 0x6, 0x0)
listen(r0, 0x5)
setsockopt(r5, 0x800000000010d, 0x8000000011, &(0x7f00001c9fff), 0xc5)
r6 = socket$inet6_udplite(0xa, 0x2, 0x88)
recvmsg(r6, &(0x7f0000000680)={&(0x7f0000000040)=@pppol2tpv3in6, 0x80, &(0x7f0000000480)=[{&(0x7f0000000200)=""/12, 0xc}, {0x0}, {&(0x7f0000000280)=""/177, 0xb1}, {&(0x7f0000000640)=""/52, 0x34}], 0x4}, 0x100)
connect$inet(r5, &(0x7f0000000000)={0x2, 0x4e20, @local}, 0x10)
r7 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r7, 0x89f1, &(0x7f00000000c0)={'syztnl2\x00', &(0x7f0000000100)={'syztnl1\x00', 0x0, 0x700, 0x20, 0x0, 0x803, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x69, 0xffff, 0xff, 0x0, 0x0, @empty, @local}}}})
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
r8 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r8, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000500))
syz_io_uring_setup(0xce, &(0x7f0000000480)={0x0, 0x0, 0x800, 0x3}, 0x0, &(0x7f0000000080))

1m19.956163227s ago: executing program 4 (id=309):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @rt={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_RT_DREG={0x8, 0x1, 0x1, 0x0, 0x15}, @NFTA_RT_KEY={0x8, 0x2, 0x1, 0x0, 0x4}]}}}]}]}], {0x14}}, 0xd4}}, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{0x1, <r1=>0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000080)=r0}, 0x20)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000240)={@loopback, <r2=>0x0}, &(0x7f0000000280)=0x14)
socket$kcm(0x2, 0x2, 0x73)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005345c0f63cdc2e82818254950ee03568b8809a1f04c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab66c1aae9314d7381fcfeb970bea672010000000000000043144648a07a975bd89dc398712376610faa54f12495b4659be8673086f6f3543205d4bc4ce05b8b961103673dff7f158052e62bfbdcddde6985f3f1ac5d9a94cc53207899762a07282a1914452d11858e795a3ca30a101af5574f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5ed44039aab46419496362e54cfad05b4004ac71a003d7b85d07191bed4e5a8908263722d4146f7ed569985439baa355cf3d8731f5e7a237bc06d035a8d601f21746d880819f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c5b9f87d988c9fbd2b9d9b4e2d71753b1549fa734f0b2e5fcf9549804cddad721971637f9c9730a9cc384eed30345979db9c93e1c52f42cad0a4d4f9436d3f39b0ed09c395dc6e970366087a8e4daeeb1b017006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f710c490ecd085d2811a7555c53030000007f00000000bfa6478eb96b079c277e2910b7ccdc3d672ed34aa65278c549e2abb549ad954884289130bc71cee2b7de62bf48129ae1af052a2d46a6165eb0954dac7265f1f425735acf6377793946b3229e861d8ea49806b3b533345d36ecef9df700000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c000000aaae37f044bcadeb0f6846582b7653665aa336db9f0384d3c7ddf79c2e0000000000000000000000000000000000000000000000e154aa0d3e41986a668ee1e5ef93a8ceac75f44aae95e26742f895f287111f8ee86f7e3ffb63cfb0e345cf7fc63dd2b0d30977899c6f03640040af4db71f7452bfc79a05118d8bb42b63b195771e42f9942ec626bd4b5461b74324012164e8"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r5 = syz_open_dev$media(&(0x7f00000005c0), 0x0, 0x101000)
ioctl$MEDIA_IOC_REQUEST_ALLOC(r5, 0x80047c05, &(0x7f0000000600))
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000240)={@cgroup=r4, r3, 0x2, 0x0, 0x4000, @void, @value}, 0x10)
socket$kcm(0x2, 0x2, 0x73)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0xa, &(0x7f0000000140)=@raw=[@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}}, @ldst={0x0, 0x3, 0x4, 0xb, 0x8, 0xc, 0xfffffffffffffff0}], &(0x7f00000001c0)='GPL\x00', 0x4, 0xb, &(0x7f0000000200)=""/11, 0x40f00, 0x10, '\x00', r2, 0x25, 0xffffffffffffffff, 0x8, &(0x7f00000002c0)={0x6, 0x3}, 0x8, 0x10, &(0x7f0000000300)={0x0, 0xd, 0x81, 0x80000001}, 0x10, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340), 0x10, 0x401, @void, @value}, 0x94)

1m18.560503898s ago: executing program 4 (id=312):
syz_init_net_socket$x25(0x9, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000880)=ANY=[@ANYBLOB="09000000070000000080000001"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r0, <r1=>0xffffffffffffffff}, &(0x7f00000002c0), &(0x7f0000000280)}, 0x20)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r2}, 0x4)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000440)={{r1, <r3=>0xffffffffffffffff}, &(0x7f0000000380), &(0x7f0000000340)}, 0x8)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x18, 0x19, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000008000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r4}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r1}, &(0x7f0000000080), &(0x7f0000000300)}, 0x20)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fchown(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000040000000160a01020000000000000000010000000900010073797a30000000000900020060f5368f1d8a15448271add77aa8ef73797a300000000014000380080002400000000008000140000000005c000000160a01010000000000000000010000000900020073797a30000000000900010073797a3000000000300003802c00038014000100626f6e643000000000000000000000001400010076657468305f746f5f7465616d0000001400000010"], 0xe4}}, 0x0)
sendmsg$GTP_CMD_ECHOREQ(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000680)={&(0x7f0000000640)={0x34, 0x0, 0x20, 0x70bd2a, 0x25dfdbfd, {}, [@GTPA_I_TEI={0x8, 0x8, 0x3}, @GTPA_I_TEI={0x8, 0x8, 0x3}, @GTPA_PEER_ADDRESS={0x8, 0x4, @loopback}, @GTPA_PEER_ADDRESS={0x8, 0x4, @broadcast}]}, 0x34}, 0x1, 0x0, 0x0, 0x4}, 0x4000010)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
ptrace$pokeuser(0x6, 0x0, 0x80, 0x4)
r8 = socket(0x10, 0x803, 0x4)
getpgid(0x0)
ioctl$sock_SIOCETHTOOL(r8, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000180)=@ethtool_ts_info})
ioctl$sock_SIOCETHTOOL(r8, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', 0x0})
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x200, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})

1m15.329196814s ago: executing program 4 (id=322):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x24}}, 0x0)
r2 = creat(&(0x7f0000000040)='./file0\x00', 0x4b)
close(r2)
r3 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f0000000140)={0x0, &(0x7f0000000380)=[<r4=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f0000000300)={0x0, 0x0, r4, <r5=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000000600)={r5, 0x0, 0x5, 0x4000000, 0x2, [<r6=>0x0, 0x0, 0x0, <r7=>0x0], [0xbc2], [0x805, 0x1001000, 0x0, 0x3], [0x0, 0x1, 0xe8a6]})
ioctl$DRM_IOCTL_MODE_ADDFB2(r2, 0xc06864b8, &(0x7f00000001c0)={0x0, 0xae, 0x3ff, 0x34325241, 0x2, [r6, 0x0, 0x0, r7], [0x2b8]})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0})
getsockname$packet(r1, &(0x7f00000000c0)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0xfe3b)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
r9 = syz_io_uring_setup(0x2c06, &(0x7f0000000240)={0x0, 0x0, 0x2000, 0x400000, 0xffffffbc, 0x0, r2}, &(0x7f00000002c0)=<r10=>0x0, &(0x7f0000000200)=<r11=>0x0)
syz_io_uring_submit(r10, r11, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000000)=""/4, 0x4}], 0x27})
io_uring_enter(r9, 0x567, 0x0, 0x0, 0x0, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r8, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0)
getsockopt$inet_sctp_SCTP_RECVRCVINFO(0xffffffffffffffff, 0x84, 0x20, &(0x7f0000000100), &(0x7f00000001c0)=0x4)
r12 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
mknodat$loop(r12, &(0x7f0000000280)='./file0\x00', 0x800, 0x0)
r13 = syz_genetlink_get_family_id$tipc(&(0x7f0000000480), r0)
sendmsg$TIPC_CMD_GET_NETID(r12, &(0x7f0000000580)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000540)={&(0x7f0000000500)={0x1c, r13, 0x2, 0x70bd26, 0x25dfdbff, {}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x14000000}, 0x80)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)=@deltaction={0xd8, 0x31, 0x1, 0x70bd27, 0x25dfdbfe, {}, [@TCA_ACT_TAB={0x88, 0x1, [{0x10, 0x8, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'vlan\x00'}}, {0x10, 0x19, 0x0, 0x0, @TCA_ACT_KIND={0xa, 0x1, 'pedit\x00'}}, {0xc, 0x11, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'nat\x00'}}, {0x10, 0x1f, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}, {0xc, 0x19, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x2}}, {0xc, 0x10, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x1}}, {0x14, 0x19, 0x0, 0x0, @TCA_ACT_KIND={0xd, 0x1, 'connmark\x00'}}, {0xc, 0x13, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'nat\x00'}}, {0x10, 0x19, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'vlan\x00'}}]}, @TCA_ACT_TAB={0x3c, 0x1, [{0x10, 0x8, 0x0, 0x0, @TCA_ACT_KIND={0xa, 0x1, 'pedit\x00'}}, {0xc, 0x1d, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x8}}, {0xc, 0x16, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x1}}, {0x10, 0xd, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'sample\x00'}}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x4040001}, 0x4000004)
sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=@delchain={0x24, 0x25, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {0x0, 0xfff1}, {0xe, 0xd}}}, 0x24}}, 0x4040840)

54.304729705s ago: executing program 4 (id=322):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x24}}, 0x0)
r2 = creat(&(0x7f0000000040)='./file0\x00', 0x4b)
close(r2)
r3 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f0000000140)={0x0, &(0x7f0000000380)=[<r4=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f0000000300)={0x0, 0x0, r4, <r5=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000000600)={r5, 0x0, 0x5, 0x4000000, 0x2, [<r6=>0x0, 0x0, 0x0, <r7=>0x0], [0xbc2], [0x805, 0x1001000, 0x0, 0x3], [0x0, 0x1, 0xe8a6]})
ioctl$DRM_IOCTL_MODE_ADDFB2(r2, 0xc06864b8, &(0x7f00000001c0)={0x0, 0xae, 0x3ff, 0x34325241, 0x2, [r6, 0x0, 0x0, r7], [0x2b8]})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0})
getsockname$packet(r1, &(0x7f00000000c0)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0xfe3b)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
r9 = syz_io_uring_setup(0x2c06, &(0x7f0000000240)={0x0, 0x0, 0x2000, 0x400000, 0xffffffbc, 0x0, r2}, &(0x7f00000002c0)=<r10=>0x0, &(0x7f0000000200)=<r11=>0x0)
syz_io_uring_submit(r10, r11, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000000)=""/4, 0x4}], 0x27})
io_uring_enter(r9, 0x567, 0x0, 0x0, 0x0, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r8, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0)
getsockopt$inet_sctp_SCTP_RECVRCVINFO(0xffffffffffffffff, 0x84, 0x20, &(0x7f0000000100), &(0x7f00000001c0)=0x4)
r12 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
mknodat$loop(r12, &(0x7f0000000280)='./file0\x00', 0x800, 0x0)
r13 = syz_genetlink_get_family_id$tipc(&(0x7f0000000480), r0)
sendmsg$TIPC_CMD_GET_NETID(r12, &(0x7f0000000580)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000540)={&(0x7f0000000500)={0x1c, r13, 0x2, 0x70bd26, 0x25dfdbff, {}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x14000000}, 0x80)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)=@deltaction={0xd8, 0x31, 0x1, 0x70bd27, 0x25dfdbfe, {}, [@TCA_ACT_TAB={0x88, 0x1, [{0x10, 0x8, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'vlan\x00'}}, {0x10, 0x19, 0x0, 0x0, @TCA_ACT_KIND={0xa, 0x1, 'pedit\x00'}}, {0xc, 0x11, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'nat\x00'}}, {0x10, 0x1f, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}, {0xc, 0x19, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x2}}, {0xc, 0x10, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x1}}, {0x14, 0x19, 0x0, 0x0, @TCA_ACT_KIND={0xd, 0x1, 'connmark\x00'}}, {0xc, 0x13, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'nat\x00'}}, {0x10, 0x19, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'vlan\x00'}}]}, @TCA_ACT_TAB={0x3c, 0x1, [{0x10, 0x8, 0x0, 0x0, @TCA_ACT_KIND={0xa, 0x1, 'pedit\x00'}}, {0xc, 0x1d, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x8}}, {0xc, 0x16, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x1}}, {0x10, 0xd, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'sample\x00'}}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x4040001}, 0x4000004)
sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=@delchain={0x24, 0x25, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {0x0, 0xfff1}, {0xe, 0xd}}}, 0x24}}, 0x4040840)

38.185926782s ago: executing program 2 (id=429):
socket$nl_route(0x10, 0x3, 0x0)
socket$key(0xf, 0x3, 0x2)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000000)={0x6, 0x10, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000060000007b8af0ff00", @ANYRES32=r0], &(0x7f0000000640)='GPL\x00', 0x2, 0x8d, &(0x7f0000000680)=""/141, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r3 = accept4(r2, 0x0, 0x0, 0x800)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000540)={0xffffffffffffffff, 0x0, 0x0}, 0x20)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a", 0x27}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

37.991838661s ago: executing program 2 (id=430):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x3c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}]}, 0x3c}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000000008500000050000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x2, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
openat$rdma_cm(0xffffff9c, &(0x7f00000006c0), 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_io_uring_complete(0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd30", 0x10)
madvise(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0xb)
chdir(&(0x7f0000000080)='./file0\x00')
sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)={0x2c, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)

36.887057618s ago: executing program 2 (id=433):
r0 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x1000002, 0x4018831, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f0000000000)="1eb3bf65654102f4af4d221c8bd458d1e7cbdaf3657d0f34e790c85bdba7931791f6d15c3e681411f7a496c0dace6a3c242f5b016f64b4ef8a9cedaf6bec340dee49474360b24cb8", 0x0, 0x48)

36.77176288s ago: executing program 2 (id=434):
newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x100)
setreuid(r0, r0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000001040)={'gretap0\x00', &(0x7f0000000100)={'syztnl2\x00', 0x0, 0x1, 0x40, 0x0, 0x6, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x2f, 0x0, @broadcast, @multicast1}}}})

36.577290847s ago: executing program 2 (id=435):
io_setup(0x9, 0x0)
syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_remote_host_features={{0x3d, 0xe}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, "a5f2b81eb8feb0b8"}}}, 0x11)
openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xc, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94)
socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0xc2d41, 0x0)
syz_usb_connect$hid(0x6, 0x36, 0x0, 0x0)
setresuid(0x0, 0x0, 0x0)
setuid(0xee00)
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)

34.194399118s ago: executing program 2 (id=444):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000080)={'sit0\x00', &(0x7f0000000040)={'erspan0\x00', <r1=>0x0, 0x7800, 0x7800, 0x9, 0x3, {{0x6, 0x4, 0x1, 0x2, 0x18, 0x64, 0x0, 0x32, 0x4, 0x0, @multicast2, @multicast2, {[@ra={0x94, 0x4}]}}}}})
sendmsg$nl_route_sched(r0, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=@gettfilter={0x2c, 0x2e, 0x20, 0x70bd27, 0x25dfdbfb, {0x0, 0x0, 0x0, r1, {0xfff3, 0xffe0}, {0xd, 0x1}, {0x0, 0xffff}}, [{0x8, 0xb, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000805}, 0xc0)
r2 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$UI_SET_LEDBIT(r2, 0x40045569, 0x7)
ioctl$UI_SET_EVBIT(r2, 0x40045564, 0x11)
r3 = signalfd4(0xffffffffffffffff, &(0x7f0000000140), 0x8, 0x0)
r4 = syz_io_uring_setup(0x39, &(0x7f0000000580)={0x0, 0xe7b7, 0x13500}, &(0x7f0000000240), &(0x7f0000001880))
io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r4, 0x21, &(0x7f0000000440)=r3, 0x1)
ioctl$UI_DEV_SETUP(r2, 0x405c5503, &(0x7f0000000100)={{0x0, 0x6}, 'syz1\x00'})
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_REM(r3, 0x84, 0x65, &(0x7f0000000480)=[@in6={0xa, 0x4e23, 0xa, @empty, 0x97dc}, @in={0x2, 0x4e24, @multicast2}, @in6={0xa, 0x4e21, 0x1, @private1={0xfc, 0x1, '\x00', 0xd}, 0x6}, @in6={0xa, 0x4e20, 0x5, @dev={0xfe, 0x80, '\x00', 0xe}, 0x1ff}, @in6={0xa, 0x4e22, 0x2, @mcast2}, @in6={0xa, 0x4e22, 0x3, @mcast1, 0x9}, @in6={0xa, 0x4e24, 0x8, @private0, 0xc}], 0xb8)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000b80)={{0xeb9f, 0x1, 0x0, 0xfc5f, 0x0, 0x0, 0x0, 0x2}}, 0x0, 0xfc5f, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x16, 0xf, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800020850000007200000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000018000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @flow_dissector, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r6, 0x0, 0x10, 0x38, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
ioctl$UI_DEV_CREATE(r2, 0x5501)
ioctl$UI_DEV_DESTROY(r2, 0x5502)

30.702158108s ago: executing program 5 (id=459):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x8001, 0x0, 0x0, 0x40f00, 0x44, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) (async, rerun: 64)
syz_clone3(&(0x7f0000001240)={0x2d000000, 0x0, 0x0, 0x0, {0x20}, 0x0, 0x0, 0x0, &(0x7f0000001200)=[0x0], 0x1}, 0x58) (async, rerun: 64)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000000000000400000003"], 0x48) (async)
socket$nl_generic(0x10, 0x3, 0x10)
syz_usb_connect(0x3, 0x1c, 0x0, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge_slave_0\x00', <r2=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="240000001d00070f000000000000000007000000", @ANYRES32=r2, @ANYBLOB="40002700060010"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0) (async)
r3 = socket$nl_route(0x10, 0x3, 0x0) (async)
r4 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'vxcan0\x00', <r5=>0x0})
bind$can_j1939(0xffffffffffffffff, &(0x7f0000000100)={0x1d, r5, 0x2, {0x3}}, 0x18)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000100)={'vxcan0\x00', <r6=>0x0}) (async, rerun: 32)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000180), 0xffffffffffffffff) (rerun: 32)
sendmsg$TIPC_NL_KEY_SET(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[@ANYRES32=r6, @ANYRES32, @ANYBLOB="04002cbd7000fddbdf251700000004000380"], 0x18}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@getchain={0x24, 0x11, 0x300, 0x0, 0x4, {0x0, 0x0, 0x0, r6, {0x1}, {0x7}, {0x0, 0x8}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000}, 0x4088000)
ioctl$sock_inet_SIOCGIFNETMASK(r3, 0x891b, &(0x7f00000003c0)={'veth1\x00', {0x2, 0x0, @multicast2}}) (async)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r7 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="9feb01001800000000000000180000001800000004000000020000000000000c02000000000000000000000d0000000000005f"], 0x0, 0x34, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000100)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r7, 0x8, &(0x7f00000000c0)={0x0, 0x1}, 0x1, 0x10, 0x0, 0xf400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) (async)
syz_usb_connect(0x2, 0x34, &(0x7f0000000300)=ANY=[@ANYBLOB="1201000094d9d4084e080110aeed010203010902220001000000000904000001437b6a00090500000000000000070594"], 0x0) (async)
r8 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sysvipc/shm\x00', 0x0, 0x0)
poll(&(0x7f0000000000)=[{r8}], 0x1, 0x0) (async)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)
close(0x3) (async)
ioctl$MEDIA_IOC_REQUEST_ALLOC(r8, 0x80047c05, &(0x7f0000000080)=<r9=>0xffffffffffffffff)
ioctl$VIDIOC_S_EXT_CTRLS(r8, 0xc0205648, &(0x7f0000000340)={0x9a0000, 0x1, 0xd, r9, 0x0, &(0x7f00000002c0)={0x99096b, 0x9, '\x00', @p_u16=&(0x7f00000001c0)=0xc0}})
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)

30.339205363s ago: executing program 5 (id=460):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x449b}, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000340)={<r0=>0xffffffffffffffff})
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000400)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r2 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x1000002, 0x4018831, 0xffffffffffffffff, 0x0)
r3 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0))
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x26, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={0x0, r4, 0x0, 0x6}, 0x11)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$ITER_CREATE(0xb, 0x0, 0x0)
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1})
syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f0000000000)="1eb3bf65654102f4af4d221c8bd458d1e7cbdaf3657d0f34e790c85bdba7931791f6d15c3e681411f7a496c0dace6a3c242f5b016f64b4ef8a9cedaf6bec340dee49474360b24cb8", 0x0, 0x48)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="02000000040000007f00"/20, @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48)
write$UHID_INPUT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r0, 0x8982, &(0x7f0000002800)={0x1, 'vlan0\x00', {}, 0x40})
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000000016001600"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
futex(0x0, 0x84, 0x0, 0x0, 0x0, 0x0)

28.888799181s ago: executing program 5 (id=466):
r0 = socket$alg(0x26, 0x5, 0x0)
r1 = accept4(r0, 0x0, 0x0, 0x80000)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000300)="ad56b6c5820fae9d6dcd3292ea54c7be", 0x10)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r1, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x24000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="64040000", @ANYRES16=0x0, @ANYBLOB="00022cbd7000fcdbdf258900000008000300", @ANYRES32=0x0, @ANYBLOB="04001d803c041d807402008006000500a30000000400040064020d80800002800500060001000000140003000400f30000020600ff0f0700000281000f000200563903281c22164e44412700050007000100000014000500ff072b00043908000200010104000200140005000800572c03ff0c000000cc0f0200000008000100366c1a0405000600010000000f00010060010205016d016c0b1630005c00008014000300370006003c002c0b0a000400020006001c00020035413f18201242435510184c354754272a2211242500284514000500050007000f00000005008a0403000e001400030001011900f6ff020000007300040032eb0c0002800500040001000000800001800500060001000000050007000100000023000100054801010212011605050916480c090600601b480909050502603016162404001000010018360012486c36030c1b01010500040001000000050004000000000005000700000000001000010003740536030b361616041260050004000100000005000600000000007c00018014000500070002000500030000000100fdff080005000600010000000500040002000000070001000c03010014000300040001008100020003000500e5060100140005000800ff0007000500010405000700f200050004000100000014000300030008000010070004000800f7ff020005000400020000002c00008014000300010001000400060000080500faffa00e130001000605302412483624121b0c600c6c600018000280070002000e0004000b000100036002010b6c48003800038005000700020000002c000200020c471b35293744034d07351a2e533e0f372b5114015717431b2f362532170a0a205047422948480c00008005000600010000002800008005000a000100000005000a000100000006000500bd0000000c000300fc27000000000000700100803c010d80380002801b00020038331c0257510451524b05552f28ce5041bc090d213351000e0001006c6e01166c06163b241200000500070002000000640000801c0001001b240b6c301224020b6409360116180309160b16030605022000010067301f061b0302011a04180c5d360105120b03051b6e1848160524090500060001000000140003000300f8ff50090400010000026500030005000600020000009c00018005000700020000001400050009000100050005000300000200000400050004000200000014000300020000080800010000001c000100510814000300d400170001008000010004000400010014000100201230480218120b5a091b24021b062005000600020000001400030009000008e90800800500f5ff0700080005000600000000001400050005000800040003000d0000080d00010105000a000100000005000b0001000000050006000100000005000800ce00000005000c000100000005000c0001000000200000800400040005000c000100000005000c000100000006000500b800000004001d8004001d80"], 0x464}, 0x1, 0x0, 0x0, 0x800}, 0xc010)
r2 = socket$kcm(0x2, 0x1, 0x84)
setsockopt$sock_attach_bpf(r2, 0x84, 0x8, &(0x7f0000000000), 0x8)
sendmsg$inet(r2, &(0x7f0000000380)={&(0x7f0000000600)={0x2, 0x0, @private=0xa010100}, 0x10, &(0x7f0000000280)=[{&(0x7f00000000c0)="85", 0x1}], 0x1}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=<r6=>r4, @ANYBLOB="050000000000000000004400000008000300", @ANYRES32=r5, @ANYBLOB="1c0023800600180008"], 0x38}}, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r8=>0x0})
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL80211_CMD_DEL_TX_TS(r7, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001c80)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r9, @ANYRESDEC=r6, @ANYRES32=r8, @ANYBLOB="0500d200060000000500d200050000000a0006"], 0x48}, 0x1, 0x0, 0x0, 0x40c1}, 0x4000094)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)

28.02050291s ago: executing program 5 (id=467):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x2c, r1, 0x1, 0x0, 0x25dfdbfe, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}]}, 0x2c}}, 0x0) (fail_nth: 1)

27.753623113s ago: executing program 5 (id=468):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), r0)
futex(&(0x7f0000004000), 0x5, 0x0, 0x0, &(0x7f0000004000), 0xb0024000)
r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCDEL6RD(r3, 0x89fa, &(0x7f0000000140)={'sit0\x00', &(0x7f0000000100)={@loopback, @dev={0xac, 0x14, 0x14, 0x3d}, 0xf, 0x1}})
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="be3e9789b6e7740d11232a121d73a13d779ca8fed29137acd928aaf054518fb41db85528196e8acb5c932af1dd36ba033e814fafdd7818343e2dc32a8bea599deed299", @ANYRES16=r1, @ANYRESHEX=r2], 0x2c}}, 0x0)

27.753138541s ago: executing program 5 (id=469):
getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000000)={<r0=>0x0, @in6={{0xa, 0x4e21, 0x0, @dev={0xfe, 0x80, '\x00', 0xb}, 0x5}}, 0xfffffc00, 0xfffd, 0x20, 0x0, 0x1, 0x8000, 0x48}, &(0x7f00000000c0)=0x9c)
setsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000000100)={r0, 0x1}, 0x8)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_AUTH_KEY(r1, 0x84, 0x17, &(0x7f0000000140)={r0, 0x9822, 0x4d, "ad3ad3e6da5c2996538e79600078d478ae51e791fda99a3b97a2e3fcece890a5080f437965203803692996b5c50887b1246bdd6ac2f03f4def33aa8dec39bd8649258235aa07931f2683803b4d"}, 0x55)
r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x100000000)
read$char_usb(r2, &(0x7f00000001c0)=""/173, 0xad)
r3 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0)
ppoll(&(0x7f00000002c0)=[{}, {r1, 0x40b0}, {r1, 0x8241}, {r2, 0x4000}, {r1}, {r3, 0x24}], 0x6, &(0x7f0000000300)={0x0, 0x989680}, &(0x7f0000000340)={[0x9]}, 0x8)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000380)={r0, @in6={{0xa, 0x4e24, 0x100, @empty, 0x4}}, 0x8000, 0x81, 0x1, 0x2, 0x2, 0x8, 0x8}, 0x9c)
ioctl$SNDRV_CTL_IOCTL_PCM_INFO(0xffffffffffffffff, 0xc1205531, &(0x7f0000000440)={0x8, 0x200, 0x0, 0x101, '\x00', '\x00', '\x00', 0xc57d, 0x60000000, 0x5, 0x1, "64364f84fa598fdd737140e3fce1daac"})
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), 0xffffffffffffffff)
sendmsg$IPVS_CMD_NEW_DAEMON(r1, &(0x7f0000000700)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000006c0)={&(0x7f0000000600)={0x90, r5, 0x100, 0x70bd2a, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x2}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x543}, @IPVS_CMD_ATTR_DAEMON={0x58, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x2}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @remote}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @initdev={0xac, 0x1e, 0x1, 0x0}}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e20}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e20}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @broadcast}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x2}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x3}]}, @IPVS_CMD_ATTR_DEST={0x14, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e20}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x18af}]}]}, 0x90}, 0x1, 0x0, 0x0, 0x20000050}, 0x8000)
syz_open_dev$I2C(&(0x7f0000000740), 0x6, 0x801)
r6 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000007c0)={r3, 0x0, 0x25, 0xd, @val=@kprobe_multi=@addrs={0x0, 0x8, 0x0, &(0x7f0000000780)=[0x1000, 0x1000, 0x6, 0x9, 0x4, 0x6, 0x6, 0x725], 0x80000001}}, 0x30)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r6, 0xc038943b, &(0x7f0000000840)={0xd56, 0x30, '\x00', 0x0, &(0x7f0000000800)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r7 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f00000008c0)={'syztnl2\x00', &(0x7f0000000880)={'gre0\x00', <r8=>0x0, 0x0, 0x7800, 0x8, 0x4, {{0x7, 0x4, 0x1, 0x1d, 0x1c, 0x64, 0x0, 0x9, 0x6, 0x0, @broadcast, @dev={0xac, 0x14, 0x14, 0x17}, {[@lsrr={0x83, 0x7, 0xb2, [@remote]}]}}}}})
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r7, 0x89f2, &(0x7f0000000a00)={'syztnl2\x00', &(0x7f0000000900)={'syztnl0\x00', r8, 0x20, 0x1, 0x7, 0x4, {{0x2e, 0x4, 0x1, 0x8, 0xb8, 0x66, 0x0, 0x2, 0x0, 0x0, @private=0xa010102, @initdev={0xac, 0x1e, 0x1, 0x0}, {[@noop, @timestamp={0x44, 0x14, 0x7c, 0x0, 0x1, [0x27, 0x3, 0x3, 0x5]}, @ra={0x94, 0x4}, @timestamp_addr={0x44, 0x1c, 0x28, 0x1, 0x5, [{@empty, 0x1d}, {@dev={0xac, 0x14, 0x14, 0xc}, 0x9ba}, {@local, 0x3}]}, @ssrr={0x89, 0xf, 0x6f, [@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev={0xac, 0x14, 0x14, 0xb}]}, @timestamp_prespec={0x44, 0x1c, 0x93, 0x3, 0xd, [{@empty, 0xc32}, {@empty, 0x572e}, {@broadcast, 0x8}]}, @timestamp_addr={0x44, 0x24, 0x62, 0x1, 0xe, [{@private=0xa010101, 0x10000}, {@rand_addr=0x64010100, 0xe703}, {@empty, 0xd}, {@loopback, 0xffffffff}]}, @noop, @timestamp_prespec={0x44, 0x1c, 0xbd, 0x3, 0x8, [{@remote, 0x8d522b0}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x1000}, {@empty, 0x1000}]}, @noop]}}}}})
getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r4, 0x84, 0x1b, &(0x7f0000000a40)={r0, 0x94, "9505d525f223ab9d1762502fbdc0a6ec2075dde92376c48302028e216fb3b80394707181d595b05c14c3620082b97d3896063c01d3512955e307a73e4de3f6dc12ff218dfd4de56aae3d159e9c360dff531d2d6420f73f4c8e2689332b560753e1ffb920672022181d1e1056d9daf39e470c822ecfa34f9e184eb72f2d90132fc3c8bd032657cd851396024a47e9b2fffe673896"}, &(0x7f0000000b00)=0x9c)
r9 = syz_create_resource$binfmt(&(0x7f0000000b40)='./file0\x00')
openat$binfmt(0xffffffffffffff9c, r9, 0x41, 0x1ff)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000bc0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000c00)={'wlan1\x00', <r12=>0x0})
sendmsg$NL80211_CMD_PROBE_CLIENT(r10, &(0x7f0000000d00)={&(0x7f0000000b80)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000cc0)={&(0x7f0000000c40)={0x4c, r11, 0x2, 0x70bd2a, 0x25dfdbff, {{}, {@val={0x8, 0x3, r12}, @val={0xc, 0x99, {0x1, 0x44}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4004880}, 0x40)
ioctl$UFFDIO_COPY(0xffffffffffffffff, 0xc028aa03, &(0x7f0000000d40)={&(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, 0x2000})
getpid()
read$FUSE(0xffffffffffffffff, &(0x7f0000000d80)={0x2020, 0x0, 0x0, 0x0, 0x0, <r13=>0x0}, 0x2020)
sched_setscheduler(r13, 0x3, &(0x7f0000002dc0)=0x6)

22.281590114s ago: executing program 3 (id=481):
r0 = gettid()
r1 = syz_open_dev$vbi(&(0x7f0000000000), 0x2, 0x2)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
syz_emit_ethernet(0x52, &(0x7f0000000500)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000008004c0000440000000000069078ac1e0001ac14140d8307d7e0000002440c0503000000070000000086060000000000000000000000900dfac9d8745d3424da0316e3ff5724c5600e7cc6d3e9eff0516160c48e243088fe6d70cc340f21c61599fe185e4f3be7c6cac3962fb58efbdced854a668f6216b468323b0a000f807f7c6bdc914e8d3dcf2cc4c6becf4cdeaf607c1237311b00a9789ab42bd9eee00f3eac5307a1c475a1b1560175c2c386e3ad7616120f52372fc9c8993499f9470840c060999ac2aa1ba054cfb7d7", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5000000090780000"], 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x0, 0x0)
ioctl$VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f0000000300)={0x6, 0x8, 0x2, {0x4, @raw_data="d72d2542a3281f1f382dbc96c706fa79efd790872ed933bd576041559976d91ddc3833e21b384367ef8ae0bc24ca7852e546fdae91384ff1d348ab1873e766fe76c678ec7a2aeb2a7e854c904281b5bfa36d8c04b2bebacf52cd75764bfdb08b2d728bf7054448b7852d0b23284b3859a48e2a5da9ccae5382a1044a2553ed34d5fb2f56a6098961b5b45819574dc91258eda599e00f3b400426048c388bd26d50c233be8abb814775f4efff3480b3101bb77449f9ada2ac4bd0f33ca7edfa9c58ab2599735199c5"}, 0x3})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
prlimit64(0x0, 0x3, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000000a00)=""/102384, 0x18ff0)
timer_create(0x0, 0x0, 0x0)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x1c, &(0x7f0000000080)=[@in6={0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}]}, &(0x7f0000000180)=0x10)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f00000000c0)={0x0, @in6={{0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}}}, &(0x7f00000001c0)=0x9b)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x8102, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
syz_usb_connect(0x2, 0x36, &(0x7f0000000440)=ANY=[@ANYBLOB="12010000751c0110e60f00989ad1010203010902240001000000000904"], 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
mount_setattr(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r5 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
r6 = dup(r5)
write$selinux_create(r6, &(0x7f0000000180)=@objname={'system_u:object_r:inetd_var_run_t:s0', 0x20, 'unconfined_u:system_r:insmod_t:s0-s0:c0.c1023', 0x20, 0x2, 0x20, './file0\x00'}, 0x70)
ioctl$DRM_IOCTL_VERSION(r6, 0xc0406400, &(0x7f0000000180)={0x6, 0x7, 0xf970, 0xbd, &(0x7f0000000080)=""/189, 0x1000, &(0x7f0000019a00)=""/4096, 0xf9, &(0x7f0000000400)=""/249})
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000), 0x16b601, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)

21.816548274s ago: executing program 1 (id=483):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001000)={0x1b, 0x0, 0x0, 0x8000, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x60100, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
socket$pppl2tp(0x18, 0x1, 0x1)
openat$drirender128(0xffffffffffffff9c, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
syz_open_dev$loop(&(0x7f0000000040), 0x3, 0xc301)
read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = fsopen(&(0x7f0000000080)='sockfs\x00', 0x1)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/asound/timers\x00', 0x0, 0x0)
read$FUSE(r4, 0x0, 0x0)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_udp_encap(r5, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4)
bind$inet6(r5, &(0x7f0000000000)={0xa, 0xe22, 0x3, @empty}, 0x1c)
syz_emit_ethernet(0x47, &(0x7f0000000100)=ANY=[@ANYBLOB="0180c204008deb4a0678e1a2003200ffffffffffff86dd6001070000111100fc010000000000000000000000000000ff02000000000000000000000000000100000e22001190780100000075a03d97e1"], 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
fsmount(r3, 0x0, 0x1)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r3, 0x7, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000096c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=@newtaction={0x18, 0x30, 0xb, 0x0, 0x25dfdbfe, {}, [{0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
mmap(&(0x7f00005b1000/0x4000)=nil, 0x4000, 0x0, 0x21011, r0, 0x0)
syz_clone(0xa0000280, 0x0, 0x0, 0x0, 0x0, 0x0)

21.413424877s ago: executing program 1 (id=484):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xe)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000000)=0x8)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
r3 = socket$l2tp6(0xa, 0x2, 0x73)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x1}, 0x2)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000007, 0x2010, r3, 0xd33a3000)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
syz_init_net_socket$x25(0x9, 0x5, 0x0)
syz_emit_ethernet(0xfe, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
syz_open_dev$MSR(&(0x7f00000000c0), 0x0, 0x0)

20.543867027s ago: executing program 1 (id=485):
prlimit64(0x0, 0xe, 0x0, 0x0)
mlockall(0x1)

20.093651557s ago: executing program 1 (id=486):
openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
syz_usb_connect$printer(0x2, 0x2d, &(0x7f0000000880)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x10, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0x4, 0x30, 0x4, [{{0x9, 0x4, 0x0, 0x6, 0x2, 0x7, 0x1, 0x2, 0x5, "", {{{0x9, 0x5, 0x1, 0x2, 0x10, 0x2, 0xf7, 0xb}}}}}]}}]}}, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', <r1=>0x0})
socket$inet6_sctp(0xa, 0x5, 0x84)
socket(0x2b, 0x1, 0x1)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000001100a7cc4a37", @ANYRES32=r1, @ANYBLOB="00000000100000001c001a80080002802d00ff0008000200", @ANYRES16=r2, @ANYRES32=r2], 0x44}}, 0x0)

19.176165529s ago: executing program 33 (id=444):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000080)={'sit0\x00', &(0x7f0000000040)={'erspan0\x00', <r1=>0x0, 0x7800, 0x7800, 0x9, 0x3, {{0x6, 0x4, 0x1, 0x2, 0x18, 0x64, 0x0, 0x32, 0x4, 0x0, @multicast2, @multicast2, {[@ra={0x94, 0x4}]}}}}})
sendmsg$nl_route_sched(r0, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=@gettfilter={0x2c, 0x2e, 0x20, 0x70bd27, 0x25dfdbfb, {0x0, 0x0, 0x0, r1, {0xfff3, 0xffe0}, {0xd, 0x1}, {0x0, 0xffff}}, [{0x8, 0xb, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000805}, 0xc0)
r2 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$UI_SET_LEDBIT(r2, 0x40045569, 0x7)
ioctl$UI_SET_EVBIT(r2, 0x40045564, 0x11)
r3 = signalfd4(0xffffffffffffffff, &(0x7f0000000140), 0x8, 0x0)
r4 = syz_io_uring_setup(0x39, &(0x7f0000000580)={0x0, 0xe7b7, 0x13500}, &(0x7f0000000240), &(0x7f0000001880))
io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r4, 0x21, &(0x7f0000000440)=r3, 0x1)
ioctl$UI_DEV_SETUP(r2, 0x405c5503, &(0x7f0000000100)={{0x0, 0x6}, 'syz1\x00'})
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_REM(r3, 0x84, 0x65, &(0x7f0000000480)=[@in6={0xa, 0x4e23, 0xa, @empty, 0x97dc}, @in={0x2, 0x4e24, @multicast2}, @in6={0xa, 0x4e21, 0x1, @private1={0xfc, 0x1, '\x00', 0xd}, 0x6}, @in6={0xa, 0x4e20, 0x5, @dev={0xfe, 0x80, '\x00', 0xe}, 0x1ff}, @in6={0xa, 0x4e22, 0x2, @mcast2}, @in6={0xa, 0x4e22, 0x3, @mcast1, 0x9}, @in6={0xa, 0x4e24, 0x8, @private0, 0xc}], 0xb8)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000b80)={{0xeb9f, 0x1, 0x0, 0xfc5f, 0x0, 0x0, 0x0, 0x2}}, 0x0, 0xfc5f, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x16, 0xf, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800020850000007200000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000018000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @flow_dissector, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r6, 0x0, 0x10, 0x38, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
ioctl$UI_DEV_CREATE(r2, 0x5501)
ioctl$UI_DEV_DESTROY(r2, 0x5502)

19.161195496s ago: executing program 3 (id=488):
r0 = socket$pppoe(0x18, 0x1, 0x0)
madvise(&(0x7f000060c000/0x4000)=nil, 0x4000, 0x16)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
syz_emit_ethernet(0x42, &(0x7f0000000440)={@local, @local, @void, {@ipv4={0x800, @tcp={{0x8, 0x4, 0x0, 0x0, 0x34, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local, {[@timestamp_addr={0x44, 0xc, 0xa, 0x1, 0x0, [{@dev}]}]}}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0xc2}}}}}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r1 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r1, 0x0, 0x0)
bind$qrtr(r1, 0x0, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, 0x1)
accept4(r1, &(0x7f0000000480)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, &(0x7f0000000040)=0x80, 0x800)
syz_emit_ethernet(0x3a, &(0x7f0000000680)={@local, @remote, @val={@void, {0x8100, 0x6, 0x1, 0xffd}}, {@ipv4={0x800, @igmp={{0x8, 0x4, 0x0, 0x7, 0x28, 0x66, 0x0, 0x2, 0x2, 0x0, @broadcast, @multicast2, {[@cipso={0x86, 0x9, 0x0, [{0x2, 0x3, '5'}]}]}}, {0x22, 0x8, 0x0, @rand_addr=0x64010102}}}}}, 0x0)
ioctl$PPPOEIOCDFWD(r0, 0x40047459, 0x1000000000000)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWFLOWTABLE={0x50, 0x16, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x24, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}, @NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'geneve0\x00'}]}]}]}, @NFT_MSG_DELFLOWTABLE={0x30, 0x18, 0xa, 0x101, 0xb00, 0x0, {0x1}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x4}]}], {0x14, 0x10}}, 0xc8}}, 0x0)

18.235110893s ago: executing program 3 (id=489):
r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
sendmsg$inet(r0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f00c00e}, 0x20040085)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)

18.112956512s ago: executing program 3 (id=490):
socket(0x200000000000011, 0x2, 0x0)
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x3}, &(0x7f0000000180)=0x8)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6(0xa, 0x6, 0x20000100)
openat$dsp(0xffffffffffffff9c, 0x0, 0xa8202, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x7f, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0xfffffffffffffff0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
clock_gettime(0xfffffff2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121b01, 0x0)
ioctl$TIOCSETD(r4, 0x5423, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000700)=ANY=[@ANYBLOB="18080000000000000000000000000000851000000600000018020000", @ANYRESHEX=0x0, @ANYBLOB="00000000000000006600020000000000180000000000000000000000000000009500040000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a000000000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0x2, 0xde, &(0x7f0000000340)=""/222, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000001ac0)=0x1)

17.232932536s ago: executing program 3 (id=491):
capset(&(0x7f0000000080)={0x20080522}, &(0x7f0000000040)={0x0, 0x10ffff, 0xfffffffd})
openat$ppp(0xffffffffffffff9c, &(0x7f00000001c0), 0x101c80, 0x0)

17.19080218s ago: executing program 3 (id=492):
r0 = socket(0xa, 0x3, 0x3a)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b07, &(0x7f0000000440)={'wlan1\x00', @random="8dffffffebff"})
userfaultfd(0x801)
r1 = syz_open_dev$swradio(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_S_FMT(r1, 0xc0d05605, 0x0)
r2 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_ADD_MFC(r2, 0x29, 0xcc, 0x0, 0x0)
sendmsg$IPSET_CMD_PROTOCOL(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=ANY=[@ANYBLOB="24000000010601080000000000000102000000b553edf16fa9876c59ab1169000000e2a8"], 0x24}, 0x1, 0x0, 0x0, 0x4004}, 0x10)
setsockopt$MRT6_ADD_MFC(r2, 0x29, 0xcc, 0x0, 0x0)
setsockopt$MRT6_ADD_MFC(r2, 0x29, 0xcc, &(0x7f00000001c0)={{0xa, 0x0, 0x0, @remote}, {0xa, 0x4e22, 0x0, @mcast1}}, 0x5c)
setsockopt$MRT6_ADD_MFC(r2, 0x29, 0xcc, &(0x7f0000000000)={{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x6, 0x0}, 0x2}, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x3}, 0x4, {[0x8, 0x0, 0x0, 0x0, 0x0, 0x20000000]}}, 0x5c)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r4 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r4, 0x11b, 0x4, &(0x7f0000000280)={&(0x7f0000000000)=""/59, 0x304000, 0x1000, 0x0, 0x3}, 0x20)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000300)={0x3, &(0x7f00000000c0)=[{0x9, 0x3, 0x3, 0x4}, {0x7, 0x9, 0x6, 0x6}, {0x6, 0x80, 0x0, 0xa}]})
mkdirat(r5, &(0x7f0000000080)='./file1\x00', 0x48)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1/file3\x00', 0x0)
r6 = landlock_create_ruleset(&(0x7f0000000140)={0x2000}, 0x10, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r6, 0x1, &(0x7f0000000340)={0x2000, r5}, 0x0)
landlock_restrict_self(r6, 0x0)
setsockopt$MRT6_INIT(r0, 0x29, 0xc8, &(0x7f0000000340), 0x4)
syz_emit_ethernet(0x3b6, &(0x7f00000003c0)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaabb86dd60122d9203803afffe8000000000000000000000000000bbff02"], 0x0)

17.06165675s ago: executing program 1 (id=493):
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0xc)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000700)={0x2, 0x0, [{0xf000, 0x101, &(0x7f0000000780)=""/257}, {0x0, 0x51, &(0x7f0000000180)=""/81}]})
ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000002c0)={0x1, r1})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x6, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3ff)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)

15.784519392s ago: executing program 1 (id=494):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
timer_create(0x0, &(0x7f00000026c0)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000002700))
timer_settime(0x0, 0x0, &(0x7f0000000380)={{}, {0x77359400}}, &(0x7f0000000040))
syz_usb_connect(0x0, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$VIDIOC_G_INPUT(0xffffffffffffffff, 0x80045626, &(0x7f00000004c0))
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = creat(&(0x7f0000000040)='./file0\x00', 0x4b)
close(r4)
r5 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
ioctl$DRM_IOCTL_DROP_MASTER(r4, 0x641f)
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000540)=@broute={'broute\x00', 0x20, 0x1, 0x90, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000400], 0x0, 0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000023000000000000000000000000000000000001000000fcffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000001000000feffffff000000006ba5e265375a8b4d87a3061359a9efa2f2bad7d9ca9ce1fb8f254a00b135d980ba001ea854d20caec3727a9ec7f2e2169ae62456a11c81f8d7fa93941fda761066d533036f910e1c5303ae9f580dad3fdafd0f4e5e5cf10423c05d751df8045d55eac126ea6d92ff31fdf606da0605684a6510db11d09c0d5e593eb4c2f3e0f3552baf785b4b74b9eaed3d638afa54fcb8d2f1e2"]}, 0x19c)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f0000000140)={0x0, &(0x7f0000000380), 0x0, 0x0, 0x0, 0x1, 0x1b})
ioctl$DRM_IOCTL_MODE_GETCRTC(r4, 0xc06864a1, &(0x7f0000000300)={0x0, 0xfffffffffffffe7a, 0x0, <r6=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r4, 0xc06864ce, &(0x7f0000000600)={r6, 0x0, 0x0, 0x0, 0x3, [], [0x800000], [0x0, 0x1001000], [0x0, 0x0, 0xe8a6]})
sendmsg$nl_route(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c000000100005ff00000001000000000000004a", @ANYRES32=0x0, @ANYBLOB="0000000100000000140012800b0001006261746164760000", @ANYRES32], 0x3c}, 0x1, 0x0, 0x0, 0x45844}, 0x0)
setsockopt$CAN_RAW_ERR_FILTER(0xffffffffffffffff, 0x65, 0x7, 0x0, 0x0)
syz_usb_connect(0x6, 0x2d, &(0x7f0000001500)=ANY=[@ANYBLOB="1201500285d5c2086004040031960154030109021b000100031003090458080119662194090586d7"], &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x3, [{0x10, &(0x7f0000000040)=ANY=[@ANYBLOB="1003408e62fbcc838b561df332b6c5a1"]}, {0xd5, &(0x7f0000000380)=ANY=[@ANYBLOB="d5031431f3bc0769f9b9874c11b246510ba8489ec3a2cb5b28fa3629e16fa19bd94192a8ea55307e4953355331e6a6f18687a97acec3e3e2f2474543ef8a6f6c0946acfc3a17caca07daf1bc14e528e9e487430072438b137cb71feedf6fe6675d44da88f805fa334122734137b9a4a97829b40c5e4bf99cac126bcb316dd8a538c160b3e3a0d6db0eaab2ad12d15e8f5775451dca77506b436dd646125ed315ceb4b003ec0bb27e6a24574302319883feffbbf16a50ef49c5e075958912b9b5e382f27cfc4b21add68e58ca213058f9b662a14210f075fed69a65df784cf7376861866a1bb2f050cac35b2bd6a713c055de1d4a8ed610ff6ea6d892413b5abb09ead5d85a6551190018b88931c81d6e41bf748d8cb73719c6b453cc0972913f7e7b7231eee13e05df4c28835a"]}, {0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x443}}]})
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00'})
write$sndseq(r0, &(0x7f00000000c0)=[{0x84, 0x77, 0x1, 0x0, @tick=0xb, {0xfd, 0x1}, {0x7}, @raw32={[0x2, 0x0, 0x7fffffe]}}, {0x2, 0x0, 0xff, 0x83, @time={0x1ff, 0x4}, {0xfd}, {0xff}, @note={0x1}}, {0x8, 0x3, 0x9, 0x5, @tick=0x4, {0x9, 0x4}, {0xc, 0x2}, @connect={{0x10, 0x7}, {0x4, 0xb}}}], 0x54)
socket$inet6_tcp(0xa, 0x1, 0x0)

12.514763425s ago: executing program 34 (id=469):
getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000000)={<r0=>0x0, @in6={{0xa, 0x4e21, 0x0, @dev={0xfe, 0x80, '\x00', 0xb}, 0x5}}, 0xfffffc00, 0xfffd, 0x20, 0x0, 0x1, 0x8000, 0x48}, &(0x7f00000000c0)=0x9c)
setsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000000100)={r0, 0x1}, 0x8)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_AUTH_KEY(r1, 0x84, 0x17, &(0x7f0000000140)={r0, 0x9822, 0x4d, "ad3ad3e6da5c2996538e79600078d478ae51e791fda99a3b97a2e3fcece890a5080f437965203803692996b5c50887b1246bdd6ac2f03f4def33aa8dec39bd8649258235aa07931f2683803b4d"}, 0x55)
r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x100000000)
read$char_usb(r2, &(0x7f00000001c0)=""/173, 0xad)
r3 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0)
ppoll(&(0x7f00000002c0)=[{}, {r1, 0x40b0}, {r1, 0x8241}, {r2, 0x4000}, {r1}, {r3, 0x24}], 0x6, &(0x7f0000000300)={0x0, 0x989680}, &(0x7f0000000340)={[0x9]}, 0x8)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000380)={r0, @in6={{0xa, 0x4e24, 0x100, @empty, 0x4}}, 0x8000, 0x81, 0x1, 0x2, 0x2, 0x8, 0x8}, 0x9c)
ioctl$SNDRV_CTL_IOCTL_PCM_INFO(0xffffffffffffffff, 0xc1205531, &(0x7f0000000440)={0x8, 0x200, 0x0, 0x101, '\x00', '\x00', '\x00', 0xc57d, 0x60000000, 0x5, 0x1, "64364f84fa598fdd737140e3fce1daac"})
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), 0xffffffffffffffff)
sendmsg$IPVS_CMD_NEW_DAEMON(r1, &(0x7f0000000700)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000006c0)={&(0x7f0000000600)={0x90, r5, 0x100, 0x70bd2a, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x2}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x543}, @IPVS_CMD_ATTR_DAEMON={0x58, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x2}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @remote}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @initdev={0xac, 0x1e, 0x1, 0x0}}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e20}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e20}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @broadcast}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x2}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x3}]}, @IPVS_CMD_ATTR_DEST={0x14, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e20}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x18af}]}]}, 0x90}, 0x1, 0x0, 0x0, 0x20000050}, 0x8000)
syz_open_dev$I2C(&(0x7f0000000740), 0x6, 0x801)
r6 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000007c0)={r3, 0x0, 0x25, 0xd, @val=@kprobe_multi=@addrs={0x0, 0x8, 0x0, &(0x7f0000000780)=[0x1000, 0x1000, 0x6, 0x9, 0x4, 0x6, 0x6, 0x725], 0x80000001}}, 0x30)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r6, 0xc038943b, &(0x7f0000000840)={0xd56, 0x30, '\x00', 0x0, &(0x7f0000000800)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r7 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f00000008c0)={'syztnl2\x00', &(0x7f0000000880)={'gre0\x00', <r8=>0x0, 0x0, 0x7800, 0x8, 0x4, {{0x7, 0x4, 0x1, 0x1d, 0x1c, 0x64, 0x0, 0x9, 0x6, 0x0, @broadcast, @dev={0xac, 0x14, 0x14, 0x17}, {[@lsrr={0x83, 0x7, 0xb2, [@remote]}]}}}}})
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r7, 0x89f2, &(0x7f0000000a00)={'syztnl2\x00', &(0x7f0000000900)={'syztnl0\x00', r8, 0x20, 0x1, 0x7, 0x4, {{0x2e, 0x4, 0x1, 0x8, 0xb8, 0x66, 0x0, 0x2, 0x0, 0x0, @private=0xa010102, @initdev={0xac, 0x1e, 0x1, 0x0}, {[@noop, @timestamp={0x44, 0x14, 0x7c, 0x0, 0x1, [0x27, 0x3, 0x3, 0x5]}, @ra={0x94, 0x4}, @timestamp_addr={0x44, 0x1c, 0x28, 0x1, 0x5, [{@empty, 0x1d}, {@dev={0xac, 0x14, 0x14, 0xc}, 0x9ba}, {@local, 0x3}]}, @ssrr={0x89, 0xf, 0x6f, [@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev={0xac, 0x14, 0x14, 0xb}]}, @timestamp_prespec={0x44, 0x1c, 0x93, 0x3, 0xd, [{@empty, 0xc32}, {@empty, 0x572e}, {@broadcast, 0x8}]}, @timestamp_addr={0x44, 0x24, 0x62, 0x1, 0xe, [{@private=0xa010101, 0x10000}, {@rand_addr=0x64010100, 0xe703}, {@empty, 0xd}, {@loopback, 0xffffffff}]}, @noop, @timestamp_prespec={0x44, 0x1c, 0xbd, 0x3, 0x8, [{@remote, 0x8d522b0}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x1000}, {@empty, 0x1000}]}, @noop]}}}}})
getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r4, 0x84, 0x1b, &(0x7f0000000a40)={r0, 0x94, "9505d525f223ab9d1762502fbdc0a6ec2075dde92376c48302028e216fb3b80394707181d595b05c14c3620082b97d3896063c01d3512955e307a73e4de3f6dc12ff218dfd4de56aae3d159e9c360dff531d2d6420f73f4c8e2689332b560753e1ffb920672022181d1e1056d9daf39e470c822ecfa34f9e184eb72f2d90132fc3c8bd032657cd851396024a47e9b2fffe673896"}, &(0x7f0000000b00)=0x9c)
r9 = syz_create_resource$binfmt(&(0x7f0000000b40)='./file0\x00')
openat$binfmt(0xffffffffffffff9c, r9, 0x41, 0x1ff)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000bc0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000c00)={'wlan1\x00', <r12=>0x0})
sendmsg$NL80211_CMD_PROBE_CLIENT(r10, &(0x7f0000000d00)={&(0x7f0000000b80)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000cc0)={&(0x7f0000000c40)={0x4c, r11, 0x2, 0x70bd2a, 0x25dfdbff, {{}, {@val={0x8, 0x3, r12}, @val={0xc, 0x99, {0x1, 0x44}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4004880}, 0x40)
ioctl$UFFDIO_COPY(0xffffffffffffffff, 0xc028aa03, &(0x7f0000000d40)={&(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, 0x2000})
getpid()
read$FUSE(0xffffffffffffffff, &(0x7f0000000d80)={0x2020, 0x0, 0x0, 0x0, 0x0, <r13=>0x0}, 0x2020)
sched_setscheduler(r13, 0x3, &(0x7f0000002dc0)=0x6)

2.002334002s ago: executing program 35 (id=492):
r0 = socket(0xa, 0x3, 0x3a)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b07, &(0x7f0000000440)={'wlan1\x00', @random="8dffffffebff"})
userfaultfd(0x801)
r1 = syz_open_dev$swradio(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_S_FMT(r1, 0xc0d05605, 0x0)
r2 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_ADD_MFC(r2, 0x29, 0xcc, 0x0, 0x0)
sendmsg$IPSET_CMD_PROTOCOL(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=ANY=[@ANYBLOB="24000000010601080000000000000102000000b553edf16fa9876c59ab1169000000e2a8"], 0x24}, 0x1, 0x0, 0x0, 0x4004}, 0x10)
setsockopt$MRT6_ADD_MFC(r2, 0x29, 0xcc, 0x0, 0x0)
setsockopt$MRT6_ADD_MFC(r2, 0x29, 0xcc, &(0x7f00000001c0)={{0xa, 0x0, 0x0, @remote}, {0xa, 0x4e22, 0x0, @mcast1}}, 0x5c)
setsockopt$MRT6_ADD_MFC(r2, 0x29, 0xcc, &(0x7f0000000000)={{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x6, 0x0}, 0x2}, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x3}, 0x4, {[0x8, 0x0, 0x0, 0x0, 0x0, 0x20000000]}}, 0x5c)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r4 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r4, 0x11b, 0x4, &(0x7f0000000280)={&(0x7f0000000000)=""/59, 0x304000, 0x1000, 0x0, 0x3}, 0x20)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000300)={0x3, &(0x7f00000000c0)=[{0x9, 0x3, 0x3, 0x4}, {0x7, 0x9, 0x6, 0x6}, {0x6, 0x80, 0x0, 0xa}]})
mkdirat(r5, &(0x7f0000000080)='./file1\x00', 0x48)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1/file3\x00', 0x0)
r6 = landlock_create_ruleset(&(0x7f0000000140)={0x2000}, 0x10, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r6, 0x1, &(0x7f0000000340)={0x2000, r5}, 0x0)
landlock_restrict_self(r6, 0x0)
setsockopt$MRT6_INIT(r0, 0x29, 0xc8, &(0x7f0000000340), 0x4)
syz_emit_ethernet(0x3b6, &(0x7f00000003c0)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaabb86dd60122d9203803afffe8000000000000000000000000000bbff02"], 0x0)

0s ago: executing program 36 (id=494):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
timer_create(0x0, &(0x7f00000026c0)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000002700))
timer_settime(0x0, 0x0, &(0x7f0000000380)={{}, {0x77359400}}, &(0x7f0000000040))
syz_usb_connect(0x0, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$VIDIOC_G_INPUT(0xffffffffffffffff, 0x80045626, &(0x7f00000004c0))
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = creat(&(0x7f0000000040)='./file0\x00', 0x4b)
close(r4)
r5 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
ioctl$DRM_IOCTL_DROP_MASTER(r4, 0x641f)
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000540)=@broute={'broute\x00', 0x20, 0x1, 0x90, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000400], 0x0, 0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000023000000000000000000000000000000000001000000fcffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000001000000feffffff000000006ba5e265375a8b4d87a3061359a9efa2f2bad7d9ca9ce1fb8f254a00b135d980ba001ea854d20caec3727a9ec7f2e2169ae62456a11c81f8d7fa93941fda761066d533036f910e1c5303ae9f580dad3fdafd0f4e5e5cf10423c05d751df8045d55eac126ea6d92ff31fdf606da0605684a6510db11d09c0d5e593eb4c2f3e0f3552baf785b4b74b9eaed3d638afa54fcb8d2f1e2"]}, 0x19c)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f0000000140)={0x0, &(0x7f0000000380), 0x0, 0x0, 0x0, 0x1, 0x1b})
ioctl$DRM_IOCTL_MODE_GETCRTC(r4, 0xc06864a1, &(0x7f0000000300)={0x0, 0xfffffffffffffe7a, 0x0, <r6=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r4, 0xc06864ce, &(0x7f0000000600)={r6, 0x0, 0x0, 0x0, 0x3, [], [0x800000], [0x0, 0x1001000], [0x0, 0x0, 0xe8a6]})
sendmsg$nl_route(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c000000100005ff00000001000000000000004a", @ANYRES32=0x0, @ANYBLOB="0000000100000000140012800b0001006261746164760000", @ANYRES32], 0x3c}, 0x1, 0x0, 0x0, 0x45844}, 0x0)
setsockopt$CAN_RAW_ERR_FILTER(0xffffffffffffffff, 0x65, 0x7, 0x0, 0x0)
syz_usb_connect(0x6, 0x2d, &(0x7f0000001500)=ANY=[@ANYBLOB="1201500285d5c2086004040031960154030109021b000100031003090458080119662194090586d7"], &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x3, [{0x10, &(0x7f0000000040)=ANY=[@ANYBLOB="1003408e62fbcc838b561df332b6c5a1"]}, {0xd5, &(0x7f0000000380)=ANY=[@ANYBLOB="d5031431f3bc0769f9b9874c11b246510ba8489ec3a2cb5b28fa3629e16fa19bd94192a8ea55307e4953355331e6a6f18687a97acec3e3e2f2474543ef8a6f6c0946acfc3a17caca07daf1bc14e528e9e487430072438b137cb71feedf6fe6675d44da88f805fa334122734137b9a4a97829b40c5e4bf99cac126bcb316dd8a538c160b3e3a0d6db0eaab2ad12d15e8f5775451dca77506b436dd646125ed315ceb4b003ec0bb27e6a24574302319883feffbbf16a50ef49c5e075958912b9b5e382f27cfc4b21add68e58ca213058f9b662a14210f075fed69a65df784cf7376861866a1bb2f050cac35b2bd6a713c055de1d4a8ed610ff6ea6d892413b5abb09ead5d85a6551190018b88931c81d6e41bf748d8cb73719c6b453cc0972913f7e7b7231eee13e05df4c28835a"]}, {0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x443}}]})
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00'})
write$sndseq(r0, &(0x7f00000000c0)=[{0x84, 0x77, 0x1, 0x0, @tick=0xb, {0xfd, 0x1}, {0x7}, @raw32={[0x2, 0x0, 0x7fffffe]}}, {0x2, 0x0, 0xff, 0x83, @time={0x1ff, 0x4}, {0xfd}, {0xff}, @note={0x1}}, {0x8, 0x3, 0x9, 0x5, @tick=0x4, {0x9, 0x4}, {0xc, 0x2}, @connect={{0x10, 0x7}, {0x4, 0xb}}}], 0x54)
socket$inet6_tcp(0xa, 0x1, 0x0)

kernel console output (not intermixed with test programs):

=0711, idProduct=0550, bcdDevice=e3.7f
[  140.339150][ T5874] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  140.975050][ T5874] usb 4-1: Product: ኀﮏ뗄▓Ἣ䊢꧿쪍錑ݚể禍̕飡溘ꑓ&ᚿⓏ萱자鞏꺨櫭쁗뱇늃Ⱛ鷓髼㨇﫺衆驮ʮ抉嬒몾師ﳐ뛄䄵㝩ᘃ⨌쏕壔탕辚纛པ싵潟ᮏ꾖涁⁏貗瞜깄吐Ң風㔁콤ꨳ朊袈麗䡼껜짟쓅ࡕՋⷛල箮녫콶歸
[  141.003723][    C1] vkms_vblank_simulate: vblank timer overrun
[  141.050995][ T5874] usb 4-1: Manufacturer: 黆ྮꮎ焟ꆃဆᣢ蘿螝∘豵↻὇繄쌠갉躲鏴㬿폑ᵏ代ﺼ쁴㷱楛᠘榭仲ῥᳰ⬈髷竬㥷
[  141.066244][ T5874] usb 4-1: SerialNumber: syz
[  141.111113][   T30] kauditd_printk_skb: 23 callbacks suppressed
[  141.111125][   T30] audit: type=1400 audit(1745397499.550:362): avc:  denied  { write } for  pid=6837 comm="syz.5.202" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  141.170290][ T6839] SELinux: failed to load policy
[  141.176404][   T30] audit: type=1400 audit(1745397499.600:363): avc:  denied  { load_policy } for  pid=6837 comm="syz.5.202" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[  141.287679][   T30] audit: type=1400 audit(1745397499.720:364): avc:  denied  { ioctl } for  pid=6806 comm="syz.3.198" path="socket:[11732]" dev="sockfs" ino=11732 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  142.358222][   T30] audit: type=1400 audit(1745397500.790:365): avc:  denied  { write } for  pid=6806 comm="syz.3.198" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=socket permissive=1
[  142.395212][   T30] audit: type=1400 audit(1745397500.830:366): avc:  denied  { read } for  pid=6806 comm="syz.3.198" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=socket permissive=1
[  142.414907][   T30] audit: type=1400 audit(1745397500.830:367): avc:  denied  { ioctl } for  pid=6858 comm="syz.1.205" path="user:[4026531837]" dev="nsfs" ino=4026531837 ioctlcmd=0xb704 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  142.900173][   T30] audit: type=1400 audit(1745397501.330:368): avc:  denied  { watch_sb watch_reads } for  pid=6866 comm="syz.5.208" path="/5/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="tmpfs" ino=44 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  142.945091][    C0] vkms_vblank_simulate: vblank timer overrun
[  143.208663][ T6885] netlink: 8 bytes leftover after parsing attributes in process `syz.1.210'.
[  143.226786][   T30] audit: type=1400 audit(1745397501.660:369): avc:  denied  { ioctl } for  pid=6886 comm="syz.2.211" path="/dev/vhost-net" dev="devtmpfs" ino=1274 ioctlcmd=0xaf01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[  143.355549][   T30] audit: type=1400 audit(1745397501.760:370): avc:  denied  { setrlimit } for  pid=6890 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=process permissive=1
[  143.457810][   T30] audit: type=1400 audit(1745397501.890:371): avc:  denied  { write } for  pid=6892 comm="syz.2.212" name="001" dev="devtmpfs" ino=742 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  143.809532][ T5872] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  144.519868][ T5872] usb 2-1: Using ep0 maxpacket: 16
[  144.544208][ T5872] usb 2-1: unable to get BOS descriptor or descriptor too short
[  144.553750][ T5872] usb 2-1: config 9 has an invalid interface number: 212 but max is 0
[  144.581956][ T5872] usb 2-1: config 9 has no interface number 0
[  144.588072][ T5872] usb 2-1: config 9 interface 212 has no altsetting 0
[  144.627811][ T5874] sisusb 4-1:8.229: Invalid USB2VGA device
[  144.641849][ T5872] usb 2-1: New USB device found, idVendor=0b48, idProduct=2003, bcdDevice=7f.22
[  144.662023][ T5872] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  144.670795][ T5874] sisusb 4-1:8.229: probe with driver sisusb failed with error -22
[  144.697249][ T5872] usb 2-1: Product: syz
[  144.707348][ T5872] usb 2-1: Manufacturer: syz
[  144.722913][ T5874] sisusb 4-1:8.238: Invalid USB2VGA device
[  144.744041][ T5872] usb 2-1: SerialNumber: syz
[  144.750101][ T5874] sisusb 4-1:8.238: probe with driver sisusb failed with error -22
[  144.778592][ T6920] sg_write: data in/out 923140578/959 bytes for SCSI command 0x0-- guessing data in;
[  144.778592][ T6920]    program syz.3.217 not setting count and/or reply_len properly
[  144.806310][ T5874] usb 4-1: USB disconnect, device number 8
[  145.094011][ T6900] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  145.913765][ T5832] Bluetooth: hci3: ACL packet for unknown connection handle 457
[  145.914465][ T6900] netlink: 16 bytes leftover after parsing attributes in process `syz.1.213'.
[  145.920973][ T5872] ttusbir 2-1:9.212: cannot find expected altsetting
[  145.924037][ T5872] usb 2-1: USB disconnect, device number 6
[  146.381114][   T30] kauditd_printk_skb: 3 callbacks suppressed
[  146.381130][   T30] audit: type=1400 audit(1745400082.823:375): avc:  denied  { ioctl } for  pid=6949 comm="syz.5.223" path="socket:[11137]" dev="sockfs" ino=11137 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  146.411494][    C0] vkms_vblank_simulate: vblank timer overrun
[  146.441799][   T30] audit: type=1400 audit(1745400082.883:376): avc:  denied  { read } for  pid=6949 comm="syz.5.223" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  146.490394][   T30] audit: type=1400 audit(1745400082.933:377): avc:  denied  { setopt } for  pid=6949 comm="syz.5.223" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  146.535282][   T30] audit: type=1400 audit(1745400082.933:378): avc:  denied  { write } for  pid=6949 comm="syz.5.223" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  146.580423][   T30] audit: type=1400 audit(1745400083.003:379): avc:  denied  { ioctl } for  pid=6949 comm="syz.5.223" path="/dev/rtc0" dev="devtmpfs" ino=921 ioctlcmd=0x700a scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  146.605104][    C0] vkms_vblank_simulate: vblank timer overrun
[  146.748354][ T6947] netdevsim netdevsim2: loading /lib/firmware/. failed with error -22
[  146.766404][ T6947] netdevsim netdevsim2: Direct firmware load for . failed with error -22
[  146.784692][ T6947] netdevsim netdevsim2: Falling back to sysfs fallback for: .
[  146.841409][ T6962] netlink: 16 bytes leftover after parsing attributes in process `syz.1.224'.
[  147.539622][ T6972] netlink: 'syz.5.226': attribute type 4 has an invalid length.
[  147.797979][ T6983] random: crng reseeded on system resumption
[  148.068915][   T30] audit: type=1400 audit(1745400084.503:380): avc:  denied  { getopt } for  pid=6984 comm="syz.1.229" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  148.351690][   T30] audit: type=1326 audit(1745400084.793:381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6990 comm="syz.4.230" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f82be58e169 code=0x7ffc0000
[  148.450212][   T30] audit: type=1326 audit(1745400084.793:382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6990 comm="syz.4.230" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f82be58e169 code=0x7ffc0000
[  148.451847][ T6994] netlink: 8 bytes leftover after parsing attributes in process `syz.4.230'.
[  148.473399][    C1] vkms_vblank_simulate: vblank timer overrun
[  148.475268][   T30] audit: type=1326 audit(1745400084.793:383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6990 comm="syz.4.230" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f82be58e169 code=0x7ffc0000
[  148.484819][ T6994] netlink: 4 bytes leftover after parsing attributes in process `syz.4.230'.
[  148.589656][   T30] audit: type=1326 audit(1745400084.793:384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6990 comm="syz.4.230" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f82be58e169 code=0x7ffc0000
[  149.338842][  T971] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  149.498906][  T971] usb 3-1: Using ep0 maxpacket: 32
[  149.526159][  T971] usb 3-1: config 8 has an invalid interface number: 229 but max is 2
[  149.534691][  T971] usb 3-1: config 8 has an invalid interface number: 238 but max is 2
[  149.543171][  T971] usb 3-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config
[  149.554863][  T971] usb 3-1: config 8 has 2 interfaces, different from the descriptor's value: 3
[  149.564284][  T971] usb 3-1: config 8 has no interface number 0
[  149.570635][  T971] usb 3-1: config 8 has no interface number 1
[  149.576796][  T971] usb 3-1: config 8 interface 229 altsetting 114 endpoint 0x8 has an invalid bInterval 255, changing to 11
[  149.588916][  T971] usb 3-1: config 8 interface 229 altsetting 114 endpoint 0x9 has invalid maxpacket 1024, setting to 64
[  149.601028][  T971] usb 3-1: config 8 interface 229 altsetting 114 endpoint 0xB has invalid maxpacket 1024, setting to 64
[  149.613259][  T971] usb 3-1: config 8 interface 229 altsetting 114 has an invalid descriptor for endpoint zero, skipping
[  149.643242][  T971] usb 3-1: config 8 interface 238 altsetting 8 has an invalid descriptor for endpoint zero, skipping
[  149.655422][  T971] usb 3-1: config 8 interface 238 altsetting 8 endpoint 0x6 has invalid maxpacket 512, setting to 64
[  149.674025][  T971] usb 3-1: config 8 interface 238 altsetting 8 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  149.689009][  T971] usb 3-1: config 8 interface 229 has no altsetting 0
[  149.697113][  T971] usb 3-1: config 8 interface 238 has no altsetting 0
[  149.950776][  T971] usb 3-1: New USB device found, idVendor=0711, idProduct=0550, bcdDevice=e3.7f
[  149.976466][  T971] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  149.994712][  T971] usb 3-1: Product: ኀﮏ뗄▓Ἣ䊢꧿쪍錑ݚể禍̕飡溘ꑓ&ᚿⓏ萱자鞏꺨櫭쁗뱇늃Ⱛ鷓髼㨇﫺衆驮ʮ抉嬒몾師ﳐ뛄䄵㝩ᘃ⨌쏕壔탕辚纛པ싵潟ᮏ꾖涁⁏貗瞜깄吐Ң風㔁콤ꨳ朊袈麗䡼껜짟쓅ࡕՋⷛල箮녫콶歸
[  150.027421][    C1] vkms_vblank_simulate: vblank timer overrun
[  150.034020][ T7008] ptrace attach of "./syz-executor exec"[5819] was attempted by "./syz-executor exec"[7008]
[  150.277882][  T971] usb 3-1: Manufacturer: 黆ྮꮎ焟ꆃဆᣢ蘿螝∘豵↻὇繄쌠갉躲鏴㬿폑ᵏ代ﺼ쁴㷱楛᠘榭仲ῥᳰ⬈髷竬㥷
[  150.332999][  T971] usb 3-1: SerialNumber: syz
[  151.200100][  T971] usb 3-1: can't set config #8, error -71
[  151.225255][  T971] usb 3-1: USB disconnect, device number 9
[  151.340715][ T7013] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  151.475371][   T30] kauditd_printk_skb: 43 callbacks suppressed
[  151.475386][   T30] audit: type=1400 audit(1745400087.914:428): avc:  denied  { ioctl } for  pid=7019 comm="syz.1.236" path="/dev/input/mice" dev="devtmpfs" ino=916 ioctlcmd=0x7c03 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  151.479901][ T7027] : entered promiscuous mode
[  152.071261][ T7020] ip6gre1: entered allmulticast mode
[  152.154369][ T7013] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  152.322510][ T7013] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  152.351583][ T7046] netlink: 36 bytes leftover after parsing attributes in process `syz.2.240'.
[  152.402918][ T7013] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  152.489976][ T7013] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  152.503796][ T7013] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  152.518080][ T7013] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  152.530823][ T7013] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  153.418322][ T5872] usb 3-1: new full-speed USB device number 10 using dummy_hcd
[  153.723843][ T5872] usb 3-1: unable to get BOS descriptor or descriptor too short
[  153.829538][ T5872] usb 3-1: unable to read config index 0 descriptor/start: -71
[  153.837135][ T5872] usb 3-1: can't read configurations, error -71
[  154.418827][   T30] audit: type=1400 audit(1745400090.854:429): avc:  denied  { setopt } for  pid=7072 comm="syz.5.249" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  154.471958][   T30] audit: type=1400 audit(1745400090.894:430): avc:  denied  { mounton } for  pid=7075 comm="syz.4.248" path="/proc/198/task" dev="proc" ino=12474 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[  154.524735][   T30] audit: type=1400 audit(1745400090.964:431): avc:  denied  { write } for  pid=7086 comm="syz.1.250" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  154.644527][ T7089] program syz.1.250 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  154.720326][   T30] audit: type=1400 audit(1745400091.154:432): avc:  denied  { accept } for  pid=7086 comm="syz.1.250" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  154.766496][    C1] IPv4: Oversized IP packet from 172.20.20.24
[  155.325523][   T30] audit: type=1400 audit(1745400091.204:433): avc:  denied  { ioctl } for  pid=7093 comm="syz.3.252" path="socket:[13423]" dev="sockfs" ino=13423 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  156.027893][ T5870] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  156.198416][ T5870] usb 3-1: Using ep0 maxpacket: 16
[  156.226665][ T5870] usb 3-1: config 0 has an invalid interface number: 41 but max is 0
[  156.276063][ T5870] usb 3-1: config 0 has no interface number 0
[  156.297541][   T30] audit: type=1400 audit(1745400092.724:434): avc:  denied  { watch watch_reads } for  pid=7121 comm="syz.3.258" path="/proc/176/net/stat" dev="proc" ino=4026532871 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=dir permissive=1
[  156.322128][    C1] vkms_vblank_simulate: vblank timer overrun
[  156.438198][ T5870] usb 3-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  156.683257][ T5870] usb 3-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  157.017812][ T5870] usb 3-1: config 0 interface 41 has no altsetting 0
[  157.026343][   T30] audit: type=1400 audit(1745400092.894:435): avc:  denied  { mount } for  pid=7118 comm="syz.4.256" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  157.083781][   T30] audit: type=1400 audit(1745400093.434:436): avc:  denied  { remount } for  pid=7118 comm="syz.4.256" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  157.103692][   T30] audit: type=1326 audit(1745400093.434:437): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7118 comm="syz.4.256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f82be58e169 code=0x7ffc0000
[  157.127522][   T30] audit: type=1326 audit(1745400093.434:438): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7118 comm="syz.4.256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f82be58e169 code=0x7ffc0000
[  157.150917][   T30] audit: type=1326 audit(1745400093.434:439): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7118 comm="syz.4.256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=227 compat=0 ip=0x7f82be58e169 code=0x7ffc0000
[  157.179714][ T5870] usb 3-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a
[  157.193000][   T30] audit: type=1326 audit(1745400093.434:440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7118 comm="syz.4.256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f82be58e169 code=0x7ffc0000
[  157.216446][   T30] audit: type=1326 audit(1745400093.434:441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7118 comm="syz.4.256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f82be58e169 code=0x7ffc0000
[  157.240179][   T30] audit: type=1326 audit(1745400093.434:442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7118 comm="syz.4.256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f82be58e169 code=0x7ffc0000
[  157.263558][   T30] audit: type=1326 audit(1745400093.434:443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7118 comm="syz.4.256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f82be58e169 code=0x7ffc0000
[  157.294057][ T5870] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  157.328463][   T30] audit: type=1326 audit(1745400093.434:444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7118 comm="syz.4.256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f82be58e169 code=0x7ffc0000
[  157.548533][ T5870] usb 3-1: Product: syz
[  157.553286][ T5870] usb 3-1: Manufacturer: syz
[  157.561152][ T5870] usb 3-1: SerialNumber: syz
[  157.570385][ T5870] usb 3-1: config 0 descriptor??
[  157.576330][ T7105] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  157.583970][ T7105] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  157.768490][ T7129] Invalid logical block size (1)
[  157.797166][ T7105] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  157.804945][ T7105] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  158.458715][ T5870] Error reading MAC address
[  158.473206][ T7105] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  158.495695][ T7105] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  158.663494][ T7167] netlink: 8 bytes leftover after parsing attributes in process `syz.1.261'.
[  158.672669][ T7167] netlink: 4 bytes leftover after parsing attributes in process `syz.1.261'.
[  158.717824][ T5871] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  158.747696][ T5870] sr9700 3-1:0.41 (unnamed net_device) (uninitialized): Error reading MAC address
[  158.864953][ T5870] usb 3-1: USB disconnect, device number 12
[  158.927550][ T5871] usb 5-1: Using ep0 maxpacket: 32
[  158.936497][ T5871] usb 5-1: config 8 has an invalid interface number: 229 but max is 2
[  158.947366][ T5871] usb 5-1: config 8 has an invalid interface number: 238 but max is 2
[  158.957975][ T5871] usb 5-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config
[  158.970404][ T5871] usb 5-1: config 8 has 2 interfaces, different from the descriptor's value: 3
[  158.979699][ T5871] usb 5-1: config 8 has no interface number 0
[  158.985994][ T5871] usb 5-1: config 8 has no interface number 1
[  158.995956][ T5871] usb 5-1: config 8 interface 229 altsetting 114 endpoint 0x8 has an invalid bInterval 255, changing to 11
[  159.013852][ T5871] usb 5-1: config 8 interface 229 altsetting 114 endpoint 0x9 has invalid maxpacket 1024, setting to 64
[  159.025777][ T5871] usb 5-1: config 8 interface 229 altsetting 114 endpoint 0xB has invalid maxpacket 1024, setting to 64
[  159.040700][ T5871] usb 5-1: config 8 interface 229 altsetting 114 has an invalid descriptor for endpoint zero, skipping
[  159.052094][ T5871] usb 5-1: config 8 interface 238 altsetting 8 has an invalid descriptor for endpoint zero, skipping
[  159.068805][ T5871] usb 5-1: config 8 interface 238 altsetting 8 endpoint 0x6 has invalid maxpacket 512, setting to 64
[  159.084100][ T5871] usb 5-1: config 8 interface 238 altsetting 8 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  159.100957][ T5871] usb 5-1: config 8 interface 229 has no altsetting 0
[  159.108098][ T5871] usb 5-1: config 8 interface 238 has no altsetting 0
[  159.121587][ T5871] usb 5-1: New USB device found, idVendor=0711, idProduct=0550, bcdDevice=e3.7f
[  159.133527][ T5871] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  159.142408][ T5871] usb 5-1: Product: ኀﮏ뗄▓Ἣ䊢꧿쪍錑ݚể禍̕飡溘ꑓ&ᚿⓏ萱자鞏꺨櫭쁗뱇늃Ⱛ鷓髼㨇﫺衆驮ʮ抉嬒몾師ﳐ뛄䄵㝩ᘃ⨌쏕壔탕辚纛པ싵潟ᮏ꾖涁⁏貗瞜깄吐Ң風㔁콤ꨳ朊袈麗䡼껜짟쓅ࡕՋⷛල箮녫콶歸
[  159.172619][ T5871] usb 5-1: Manufacturer: 黆ྮꮎ焟ꆃဆᣢ蘿螝∘豵↻὇繄쌠갉躲鏴㬿폑ᵏ代ﺼ쁴㷱楛᠘榭仲ῥᳰ⬈髷竬㥷
[  159.188744][ T5871] usb 5-1: SerialNumber: syz
[  159.554453][ T7202] RDS: rds_bind could not find a transport for fe80::bb, load rds_tcp or rds_rdma?
[  160.126689][ T7213] tipc: Started in network mode
[  160.131968][ T7213] tipc: Node identity 4, cluster identity 4711
[  160.138217][ T7213] tipc: Node number set to 4
[  160.158630][ T5874] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  160.453139][ T5874] usb 3-1: Using ep0 maxpacket: 32
[  160.485290][ T5874] usb 3-1: config 8 has an invalid interface number: 229 but max is 2
[  160.551024][ T5874] usb 3-1: config 8 has an invalid interface number: 238 but max is 2
[  161.119075][ T5874] usb 3-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config
[  161.134762][ T5874] usb 3-1: config 8 has 2 interfaces, different from the descriptor's value: 3
[  161.144735][ T5874] usb 3-1: config 8 has no interface number 0
[  161.151138][ T5874] usb 3-1: config 8 has no interface number 1
[  161.157561][ T5874] usb 3-1: config 8 interface 229 altsetting 114 endpoint 0x8 has an invalid bInterval 255, changing to 11
[  161.170691][ T5874] usb 3-1: config 8 interface 229 altsetting 114 endpoint 0x9 has invalid maxpacket 1024, setting to 64
[  161.227714][ T5874] usb 3-1: config 8 interface 229 altsetting 114 endpoint 0xB has invalid maxpacket 1024, setting to 64
[  161.259834][ T5874] usb 3-1: config 8 interface 229 altsetting 114 has an invalid descriptor for endpoint zero, skipping
[  161.302648][ T7240] xt_hashlimit: size too large, truncated to 1048576
[  161.311947][ T5874] usb 3-1: config 8 interface 238 altsetting 8 has an invalid descriptor for endpoint zero, skipping
[  161.347666][ T5874] usb 3-1: config 8 interface 238 altsetting 8 endpoint 0x6 has invalid maxpacket 512, setting to 64
[  161.360842][ T5874] usb 3-1: config 8 interface 238 altsetting 8 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  161.369814][ T7242] tipc: Enabled bearer <eth:gre0>, priority 22
[  161.439534][ T5874] usb 3-1: config 8 interface 229 has no altsetting 0
[  161.474199][ T5874] usb 3-1: config 8 interface 238 has no altsetting 0
[  161.596114][ T5874] usb 3-1: New USB device found, idVendor=0711, idProduct=0550, bcdDevice=e3.7f
[  161.738914][ T7248] netlink: 4 bytes leftover after parsing attributes in process `syz.1.270'.
[  161.749045][ T5874] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  161.757039][ T5874] usb 3-1: Product: ኀﮏ뗄▓Ἣ䊢꧿쪍錑ݚể禍̕飡溘ꑓ&ᚿⓏ萱자鞏꺨櫭쁗뱇늃Ⱛ鷓髼㨇﫺衆驮ʮ抉嬒몾師ﳐ뛄䄵㝩ᘃ⨌쏕壔탕辚纛པ싵潟ᮏ꾖涁⁏貗瞜깄吐Ң風㔁콤ꨳ朊袈麗䡼껜짟쓅ࡕՋⷛල箮녫콶歸
[  162.969603][   T30] kauditd_printk_skb: 51 callbacks suppressed
[  162.969622][   T30] audit: type=1400 audit(1745400099.325:496): avc:  denied  { bind } for  pid=7255 comm="syz.3.272" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  163.085758][  T974] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  163.148732][ T5874] usb 3-1: Manufacturer: 黆ྮꮎ焟ꆃဆᣢ蘿螝∘豵↻὇繄쌠갉躲鏴㬿폑ᵏ代ﺼ쁴㷱楛᠘榭仲ῥᳰ⬈髷竬㥷
[  163.201439][ T5871] sisusb 5-1:8.229: Invalid USB2VGA device
[  163.213320][ T5874] usb 3-1: SerialNumber: syz
[  163.252001][ T5871] sisusb 5-1:8.229: probe with driver sisusb failed with error -22
[  163.286334][ T5874] usb 3-1: can't set config #8, error -71
[  163.297038][  T974] usb 2-1: Using ep0 maxpacket: 16
[  163.302236][   T30] audit: type=1326 audit(1745400099.745:497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7264 comm="syz.3.274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a9c78e169 code=0x7ffc0000
[  163.323193][ T5874] usb 3-1: USB disconnect, device number 13
[  163.401131][ T7272] netlink: 8 bytes leftover after parsing attributes in process `syz.3.274'.
[  163.410018][ T7272] netlink: 4 bytes leftover after parsing attributes in process `syz.3.274'.
[  163.765545][ T5871] sisusb 5-1:8.238: Invalid USB2VGA device
[  163.771473][ T5871] sisusb 5-1:8.238: probe with driver sisusb failed with error -22
[  163.780570][   T30] audit: type=1326 audit(1745400099.745:498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7264 comm="syz.3.274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a9c78e169 code=0x7ffc0000
[  164.390467][ T5871] usb 5-1: USB disconnect, device number 7
[  164.398889][  T974] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  164.414892][  T974] usb 2-1: config 0 has no interfaces?
[  164.421005][   T30] audit: type=1326 audit(1745400099.745:499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7264 comm="syz.3.274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f4a9c78e169 code=0x7ffc0000
[  164.444868][  T974] usb 2-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4
[  164.509691][  T974] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  164.581146][   T30] audit: type=1326 audit(1745400099.745:500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7264 comm="syz.3.274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a9c78e169 code=0x7ffc0000
[  164.751111][ T7282] netlink: 16 bytes leftover after parsing attributes in process `syz.3.277'.
[  165.010841][   T30] audit: type=1326 audit(1745400099.745:501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7264 comm="syz.3.274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f4a9c78e169 code=0x7ffc0000
[  165.034043][    C0] vkms_vblank_simulate: vblank timer overrun
[  165.042487][   T30] audit: type=1326 audit(1745400099.745:502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7264 comm="syz.3.274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a9c78e169 code=0x7ffc0000
[  165.065680][    C0] vkms_vblank_simulate: vblank timer overrun
[  165.076687][  T974] usb 2-1: config 0 descriptor??
[  165.162687][   T30] audit: type=1326 audit(1745400099.745:503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7264 comm="syz.3.274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a9c78e169 code=0x7ffc0000
[  165.320676][ T7288] random: crng reseeded on system resumption
[  165.416896][ T7289] netlink: 12 bytes leftover after parsing attributes in process `syz.3.279'.
[  165.615618][   T30] audit: type=1326 audit(1745400099.745:504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7264 comm="syz.3.274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f4a9c78e169 code=0x7ffc0000
[  165.661071][ T7269] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  165.710400][   T30] audit: type=1326 audit(1745400099.745:505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7264 comm="syz.3.274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a9c78e169 code=0x7ffc0000
[  165.733604][    C0] vkms_vblank_simulate: vblank timer overrun
[  168.265557][  T974] usb 2-1: can't set config #0, error -71
[  168.279306][  T974] usb 2-1: USB disconnect, device number 7
[  169.152130][   T30] kauditd_printk_skb: 26 callbacks suppressed
[  169.152149][   T30] audit: type=1326 audit(1745400105.596:532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7324 comm="syz.5.287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f0b38e169 code=0x7ffc0000
[  169.276289][  T974] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  169.669703][   T30] audit: type=1326 audit(1745400105.726:533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7324 comm="syz.5.287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f9f0b38e169 code=0x7ffc0000
[  169.693142][   T30] audit: type=1326 audit(1745400105.726:534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7324 comm="syz.5.287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f0b38e169 code=0x7ffc0000
[  169.716324][    C0] vkms_vblank_simulate: vblank timer overrun
[  169.789384][ T7328] netlink: 8 bytes leftover after parsing attributes in process `syz.5.287'.
[  169.798271][ T7328] netlink: 4 bytes leftover after parsing attributes in process `syz.5.287'.
[  170.011887][   T30] audit: type=1326 audit(1745400106.146:535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7324 comm="syz.5.287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f9f0b38e169 code=0x7ffc0000
[  170.036299][   T30] audit: type=1326 audit(1745400106.146:536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7324 comm="syz.5.287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f0b38e169 code=0x7ffc0000
[  170.042990][  T974] usb 3-1: Using ep0 maxpacket: 32
[  170.059833][   T30] audit: type=1326 audit(1745400106.146:537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7324 comm="syz.5.287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f0b38e169 code=0x7ffc0000
[  170.139148][  T974] usb 3-1: config 8 has an invalid interface number: 229 but max is 2
[  170.146192][   T30] audit: type=1326 audit(1745400106.146:538): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7324 comm="syz.5.287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f9f0b38e169 code=0x7ffc0000
[  170.174767][  T974] usb 3-1: config 8 has an invalid interface number: 238 but max is 2
[  170.201591][  T974] usb 3-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config
[  170.244371][   T30] audit: type=1326 audit(1745400106.146:539): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7324 comm="syz.5.287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f0b38e169 code=0x7ffc0000
[  170.526145][  T974] usb 3-1: config 8 has 2 interfaces, different from the descriptor's value: 3
[  170.535909][  T974] usb 3-1: config 8 has no interface number 0
[  170.608380][   T30] audit: type=1326 audit(1745400106.146:540): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7324 comm="syz.5.287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f9f0b38e169 code=0x7ffc0000
[  170.610322][  T974] usb 3-1: config 8 has no interface number 1
[  170.631564][    C0] vkms_vblank_simulate: vblank timer overrun
[  170.635912][   T30] audit: type=1326 audit(1745400106.146:541): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7324 comm="syz.5.287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f0b38e169 code=0x7ffc0000
[  170.669929][  T974] usb 3-1: config 8 interface 229 altsetting 114 endpoint 0x8 has an invalid bInterval 255, changing to 11
[  170.756283][  T974] usb 3-1: config 8 interface 229 altsetting 114 endpoint 0x9 has invalid maxpacket 1024, setting to 64
[  170.767851][  T974] usb 3-1: config 8 interface 229 altsetting 114 endpoint 0xB has invalid maxpacket 1024, setting to 64
[  170.779303][  T974] usb 3-1: config 8 interface 229 altsetting 114 has an invalid descriptor for endpoint zero, skipping
[  170.792868][  T974] usb 3-1: config 8 interface 238 altsetting 8 has an invalid descriptor for endpoint zero, skipping
[  170.806171][  T974] usb 3-1: config 8 interface 238 altsetting 8 endpoint 0x6 has invalid maxpacket 512, setting to 64
[  170.817315][  T974] usb 3-1: config 8 interface 238 altsetting 8 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  170.831107][  T974] usb 3-1: config 8 interface 229 has no altsetting 0
[  170.853195][  T974] usb 3-1: config 8 interface 238 has no altsetting 0
[  170.969312][  T974] usb 3-1: New USB device found, idVendor=0711, idProduct=0550, bcdDevice=e3.7f
[  170.978626][  T974] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  171.251888][ T7359] netlink: 'syz.3.292': attribute type 4 has an invalid length.
[  172.154178][  T974] usb 3-1: Product: ኀﮏ뗄▓Ἣ䊢꧿쪍錑ݚể禍̕飡溘ꑓ&ᚿⓏ萱자鞏꺨櫭쁗뱇늃Ⱛ鷓髼㨇﫺衆驮ʮ抉嬒몾師ﳐ뛄䄵㝩ᘃ⨌쏕壔탕辚纛པ싵潟ᮏ꾖涁⁏貗瞜깄吐Ң風㔁콤ꨳ朊袈麗䡼껜짟쓅ࡕՋⷛල箮녫콶歸
[  172.182847][    C0] vkms_vblank_simulate: vblank timer overrun
[  172.345639][ T7368] random: crng reseeded on system resumption
[  172.648923][  T974] usb 3-1: Manufacturer: 黆ྮꮎ焟ꆃဆᣢ蘿螝∘豵↻὇繄쌠갉躲鏴㬿폑ᵏ代ﺼ쁴㷱楛᠘榭仲ῥᳰ⬈髷竬㥷
[  172.682969][  T974] usb 3-1: SerialNumber: syz
[  172.735439][  T974] usb 3-1: can't set config #8, error -71
[  172.963097][  T974] usb 3-1: USB disconnect, device number 14
[  174.018347][ T5882] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  174.020178][ T7402] netlink: 8 bytes leftover after parsing attributes in process `syz.1.301'.
[  174.034794][ T7402] netlink: 4 bytes leftover after parsing attributes in process `syz.1.301'.
[  174.301602][   T30] kauditd_printk_skb: 55 callbacks suppressed
[  174.301618][   T30] audit: type=1326 audit(1745400110.737:597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7400 comm="syz.1.301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ccb98e169 code=0x7ffc0000
[  174.330938][    C0] vkms_vblank_simulate: vblank timer overrun
[  174.340103][   T30] audit: type=1326 audit(1745400110.737:598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7400 comm="syz.1.301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ccb98e169 code=0x7ffc0000
[  174.363270][    C0] vkms_vblank_simulate: vblank timer overrun
[  174.369726][ T5882] usb 4-1: Using ep0 maxpacket: 32
[  174.376245][ T7405] FAULT_INJECTION: forcing a failure.
[  174.376245][ T7405] name failslab, interval 1, probability 0, space 0, times 0
[  174.376270][ T7405] CPU: 0 UID: 0 PID: 7405 Comm: syz.4.303 Not tainted 6.15.0-rc3-syzkaller-00019-gbc3372351d0c #0 PREEMPT(full) 
[  174.376290][ T7405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  174.376300][ T7405] Call Trace:
[  174.376305][ T7405]  <TASK>
[  174.376314][ T7405]  dump_stack_lvl+0x16c/0x1f0
[  174.376341][ T7405]  should_fail_ex+0x512/0x640
[  174.376357][ T7405]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  174.376385][ T7405]  should_failslab+0xc2/0x120
[  174.376410][ T7405]  __kmalloc_cache_noprof+0x6a/0x3e0
[  174.376435][ T7405]  ? con_allocate_new+0x8a/0x1a0
[  174.376456][ T7405]  con_allocate_new+0x8a/0x1a0
[  174.376472][ T7405]  con_set_unimap+0x265/0x640
[  174.376499][ T7405]  vt_ioctl+0x1117/0x2f50
[  174.376517][ T7405]  ? lockdep_hardirqs_on+0x7c/0x110
[  174.376542][ T7405]  ? __pfx_vt_ioctl+0x10/0x10
[  174.376569][ T7405]  ? tomoyo_path_number_perm+0x18d/0x580
[  174.376595][ T7405]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  174.376615][ T7405]  ? do_vfs_ioctl+0x512/0x1990
[  174.376636][ T7405]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  174.376656][ T7405]  ? tty_jobctrl_ioctl+0x152/0xe00
[  174.376677][ T7405]  ? __pfx_vt_ioctl+0x10/0x10
[  174.376693][ T7405]  tty_ioctl+0x65a/0x1610
[  174.376719][ T7405]  ? __pfx_tty_ioctl+0x10/0x10
[  174.376743][ T7405]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  174.376778][ T7405]  ? hook_file_ioctl_common+0x145/0x410
[  174.376802][ T7405]  ? selinux_file_ioctl+0x180/0x270
[  174.376825][ T7405]  ? selinux_file_ioctl+0xb4/0x270
[  174.376850][ T7405]  ? __pfx_tty_ioctl+0x10/0x10
[  174.376875][ T7405]  __x64_sys_ioctl+0x190/0x200
[  174.376899][ T7405]  do_syscall_64+0xcd/0x260
[  174.376923][ T7405]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  174.376939][ T7405] RIP: 0033:0x7f82be58e169
[  174.376952][ T7405] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  174.376968][ T7405] RSP: 002b:00007f82bf421038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  174.376984][ T7405] RAX: ffffffffffffffda RBX: 00007f82be7b5fa0 RCX: 00007f82be58e169
[  174.376995][ T7405] RDX: 0000200000000040 RSI: 0000000000004b67 RDI: 0000000000000003
[  174.377005][ T7405] RBP: 00007f82bf421090 R08: 0000000000000000 R09: 0000000000000000
[  174.377014][ T7405] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  174.377024][ T7405] R13: 0000000000000000 R14: 00007f82be7b5fa0 R15: 00007ffef52fec08
[  174.377047][ T7405]  </TASK>
[  174.393017][   T30] audit: type=1400 audit(1745400110.827:599): avc:  denied  { ioctl } for  pid=7406 comm="syz.5.302" path="socket:[13799]" dev="sockfs" ino=13799 ioctlcmd=0x7437 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  174.393057][   T30] audit: type=1400 audit(1745400110.827:600): avc:  denied  { write } for  pid=7406 comm="syz.5.302" name="ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  174.393091][   T30] audit: type=1400 audit(1745400110.827:601): avc:  denied  { ioctl } for  pid=7406 comm="syz.5.302" path="socket:[13795]" dev="sockfs" ino=13795 ioctlcmd=0x941b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  174.393581][ T5882] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  174.662743][    C0] vkms_vblank_simulate: vblank timer overrun
[  174.710538][    C0] vkms_vblank_simulate: vblank timer overrun
[  174.734142][ T5882] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  174.743967][ T5882] usb 4-1: New USB device found, idVendor=0079, idProduct=1801, bcdDevice= 0.00
[  174.745887][ T5836] Bluetooth: hci2: command 0x1003 tx timeout
[  174.756306][ T5832] Bluetooth: hci2: Opcode 0x1003 failed: -110
[  174.766559][ T5882] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  174.808983][ T5882] usb 4-1: config 0 descriptor??
[  174.889626][ T7410] overlayfs: missing 'lowerdir'
[  175.485522][ T5870] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  175.556881][ T5882] hid_mf 0003:0079:1801.0001: item fetching failed at offset 0/2
[  175.816789][ T5882] hid_mf 0003:0079:1801.0001: HID parse failed.
[  176.232867][ T5882] hid_mf 0003:0079:1801.0001: probe with driver hid_mf failed with error -22
[  176.627918][   T30] audit: type=1400 audit(1745400113.027:602): avc:  denied  { create } for  pid=7427 comm="syz.5.307" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  176.649648][ T5870] usb 2-1: Using ep0 maxpacket: 32
[  177.089949][   T30] audit: type=1400 audit(1745400113.237:603): avc:  denied  { ioctl } for  pid=7426 comm="syz.2.308" path="socket:[13834]" dev="sockfs" ino=13834 ioctlcmd=0x89ea scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  177.132925][ T5870] usb 2-1: config 8 has an invalid interface number: 229 but max is 2
[  177.290009][ T7432] netlink: 16 bytes leftover after parsing attributes in process `syz.5.307'.
[  177.301958][ T5870] usb 2-1: config 8 has an invalid interface number: 238 but max is 2
[  177.302020][ T5870] usb 2-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config
[  177.302054][ T5870] usb 2-1: config 8 has 2 interfaces, different from the descriptor's value: 3
[  177.302089][ T5870] usb 2-1: config 8 has no interface number 0
[  177.302121][ T5870] usb 2-1: config 8 has no interface number 1
[  177.302199][ T5870] usb 2-1: config 8 interface 229 altsetting 114 endpoint 0x8 has an invalid bInterval 255, changing to 11
[  177.302240][ T5870] usb 2-1: config 8 interface 229 altsetting 114 endpoint 0x9 has invalid maxpacket 1024, setting to 64
[  177.302298][ T5870] usb 2-1: config 8 interface 229 altsetting 114 endpoint 0xB has invalid maxpacket 1024, setting to 64
[  177.302338][ T5870] usb 2-1: config 8 interface 229 altsetting 114 has an invalid descriptor for endpoint zero, skipping
[  177.302403][ T5870] usb 2-1: config 8 interface 238 altsetting 8 has an invalid descriptor for endpoint zero, skipping
[  177.302440][ T5870] usb 2-1: config 8 interface 238 altsetting 8 endpoint 0x6 has invalid maxpacket 512, setting to 64
[  177.302498][ T5870] usb 2-1: config 8 interface 238 altsetting 8 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  177.302538][ T5870] usb 2-1: config 8 interface 229 has no altsetting 0
[  177.302572][ T5870] usb 2-1: config 8 interface 238 has no altsetting 0
[  177.304583][  T971] usb 4-1: USB disconnect, device number 9
[  177.312964][ T7432] openvswitch: netlink: Missing key (keys=40, expected=80)
[  177.337005][ T5870] usb 2-1: New USB device found, idVendor=0711, idProduct=0550, bcdDevice=e3.7f
[  178.545211][ T5870] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  178.553239][ T5870] usb 2-1: Product: ኀﮏ뗄▓Ἣ䊢꧿쪍錑ݚể禍̕飡溘ꑓ&ᚿⓏ萱자鞏꺨櫭쁗뱇늃Ⱛ鷓髼㨇﫺衆驮ʮ抉嬒몾師ﳐ뛄䄵㝩ᘃ⨌쏕壔탕辚纛པ싵潟ᮏ꾖涁⁏貗瞜깄吐Ң風㔁콤ꨳ朊袈麗䡼껜짟쓅ࡕՋⷛල箮녫콶歸
[  178.582087][ T5870] usb 2-1: Manufacturer: 黆ྮꮎ焟ꆃဆᣢ蘿螝∘豵↻὇繄쌠갉躲鏴㬿폑ᵏ代ﺼ쁴㷱楛᠘榭仲ῥᳰ⬈髷竬㥷
[  178.615128][ T5870] usb 2-1: SerialNumber: syz
[  178.668655][ T5870] usb 2-1: can't set config #8, error -71
[  178.694073][ T7445] random: crng reseeded on system resumption
[  178.778478][ T5870] usb 2-1: USB disconnect, device number 8
[  178.848274][   T30] audit: type=1326 audit(1745400115.297:604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7449 comm="syz.5.315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f0b38e169 code=0x7ffc0000
[  178.944503][ T7452] netlink: 8 bytes leftover after parsing attributes in process `syz.5.315'.
[  178.953386][ T7452] netlink: 4 bytes leftover after parsing attributes in process `syz.5.315'.
[  178.959165][   T30] audit: type=1326 audit(1745400115.297:605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7449 comm="syz.5.315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f0b38e169 code=0x7ffc0000
[  179.683496][   T30] audit: type=1326 audit(1745400115.317:606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7449 comm="syz.5.315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f9f0b38e169 code=0x7ffc0000
[  179.735092][   T30] audit: type=1326 audit(1745400115.317:607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7449 comm="syz.5.315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f0b38e169 code=0x7ffc0000
[  179.850568][   T30] audit: type=1326 audit(1745400115.317:608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7449 comm="syz.5.315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f0b38e169 code=0x7ffc0000
[  180.011473][   T30] audit: type=1326 audit(1745400115.317:609): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7449 comm="syz.5.315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f9f0b38e169 code=0x7ffc0000
[  180.052117][   T30] audit: type=1326 audit(1745400115.317:610): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7449 comm="syz.5.315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f0b38e169 code=0x7ffc0000
[  180.083154][   T30] audit: type=1326 audit(1745400115.317:611): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7449 comm="syz.5.315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f0b38e169 code=0x7ffc0000
[  180.159033][   T30] audit: type=1326 audit(1745400115.317:612): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7449 comm="syz.5.315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f9f0b38e169 code=0x7ffc0000
[  180.182218][    C0] vkms_vblank_simulate: vblank timer overrun
[  180.475184][   T30] audit: type=1326 audit(1745400115.317:613): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7449 comm="syz.5.315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f0b38e169 code=0x7ffc0000
[  180.498838][   T30] audit: type=1326 audit(1745400115.317:614): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7449 comm="syz.5.315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f9f0b38e169 code=0x7ffc0000
[  180.523478][   T30] audit: type=1326 audit(1745400115.317:615): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7449 comm="syz.5.315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f0b38e169 code=0x7ffc0000
[  180.586512][ T5832] Bluetooth: hci3: command 0x0406 tx timeout
[  180.592537][ T5138] Bluetooth: hci0: command 0x0406 tx timeout
[  180.595074][ T5821] Bluetooth: hci1: command 0x0406 tx timeout
[  180.598523][ T5138] Bluetooth: hci4: command 0x0406 tx timeout
[  180.675491][ T5871] usb 6-1: new full-speed USB device number 3 using dummy_hcd
[  180.836321][ T5871] usb 6-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  181.004869][ T5871] usb 6-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid maxpacket 512, setting to 64
[  181.016161][ T5871] usb 6-1: config 0 interface 0 has no altsetting 0
[  181.044860][ T5871] usb 6-1: New USB device found, idVendor=046d, idProduct=c24f, bcdDevice= 0.00
[  181.053964][ T5871] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  181.095567][ T5871] usb 6-1: config 0 descriptor??
[  181.665672][ T7465] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  181.922543][   T12] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  182.005702][   T12] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  182.080048][   T12] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  182.093164][ T5871] logitech 0003:046D:C24F.0002: unbalanced collection at end of report description
[  182.103172][ T5871] logitech 0003:046D:C24F.0002: parse failed
[  182.115419][ T5870] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  182.124305][ T5871] logitech 0003:046D:C24F.0002: probe with driver logitech failed with error -22
[  182.209911][   T12] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  182.277306][ T5870] usb 2-1: Using ep0 maxpacket: 32
[  182.343720][ T7491] netlink: 8 bytes leftover after parsing attributes in process `syz.2.326'.
[  182.352585][ T7491] netlink: 4 bytes leftover after parsing attributes in process `syz.2.326'.
[  182.456855][ T5870] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  182.459915][   T10] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  182.583659][ T5834] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  182.593484][ T5834] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  182.603813][ T5834] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  182.613240][ T5834] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  182.624055][ T5834] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  182.633715][ T7464] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  182.642203][ T7464] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  182.655079][ T5824] usb 6-1: USB disconnect, device number 3
[  182.663693][ T5870] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  182.676792][ T5870] usb 2-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  182.702049][ T5870] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  182.731330][ T5870] usb 2-1: config 0 descriptor??
[  182.740156][   T10] usb 4-1: Using ep0 maxpacket: 16
[  182.747296][   T10] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  182.770933][   T10] usb 4-1: config 1 has an invalid descriptor of length 80, skipping remainder of the config
[  182.788357][   T10] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  182.788718][   T12] bridge_slave_1: left allmulticast mode
[  182.802388][   T10] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  182.803629][   T12] bridge_slave_1: left promiscuous mode
[  182.818215][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  182.818573][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  182.839203][   T10] usb 4-1: Product: syz
[  182.843383][   T10] usb 4-1: Manufacturer: syz
[  182.844188][   T12] bridge_slave_0: left allmulticast mode
[  182.848032][   T10] usb 4-1: SerialNumber: syz
[  182.859082][   T12] bridge_slave_0: left promiscuous mode
[  182.865305][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  183.117085][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  183.128757][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  183.140231][   T12] bond0 (unregistering): Released all slaves
[  183.165052][ T5870] ft260 0003:0403:6030.0003: item fetching failed at offset 0/2
[  183.183346][ T5870] ft260 0003:0403:6030.0003: failed to parse HID
[  183.294972][ T5870] ft260 0003:0403:6030.0003: probe with driver ft260 failed with error -22
[  183.316942][   T10] usb 4-1: 0:2 : does not exist
[  183.838502][ T7481] netlink: 'syz.1.323': attribute type 10 has an invalid length.
[  183.851229][   T12] : left promiscuous mode
[  183.877679][ T7481] bridge0: port 2(bridge_slave_1) entered disabled state
[  183.885197][ T7481] bridge0: port 1(bridge_slave_0) entered disabled state
[  183.906296][ T7481] bridge0: port 2(bridge_slave_1) entered blocking state
[  183.913440][ T7481] bridge0: port 2(bridge_slave_1) entered forwarding state
[  183.921331][ T7481] bridge0: port 1(bridge_slave_0) entered blocking state
[  183.928471][ T7481] bridge0: port 1(bridge_slave_0) entered forwarding state
[  183.943087][ T7481] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  183.982469][ T5870] usb 2-1: USB disconnect, device number 9
[  184.274261][ T7511] netlink: 8 bytes leftover after parsing attributes in process `syz.2.330'.
[  184.369782][   T12] hsr_slave_0: left promiscuous mode
[  184.388846][   T12] hsr_slave_1: left promiscuous mode
[  184.396940][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  184.408302][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  184.420920][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  184.430812][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  184.469938][   T12] veth1_macvtap: left promiscuous mode
[  184.475958][   T12] veth0_macvtap: left promiscuous mode
[  184.481585][   T12] veth1_vlan: left promiscuous mode
[  184.489620][   T12] veth0_vlan: left promiscuous mode
[  184.720215][ T7531] dccp_xmit_packet: Payload too large (65475) for featneg.
[  184.728043][   T30] kauditd_printk_skb: 55 callbacks suppressed
[  184.728072][   T30] audit: type=1400 audit(1745400121.158:671): avc:  denied  { write } for  pid=7528 comm="syz.1.332" laddr=127.0.0.1 lport=33136 faddr=127.0.0.1 fport=20000 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  184.758663][    C0] vkms_vblank_simulate: vblank timer overrun
[  184.764800][  T974] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  184.774390][   T55] Bluetooth: hci0: command tx timeout
[  184.824969][ T5882] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  184.917551][  T974] usb 6-1: Using ep0 maxpacket: 16
[  184.924643][  T974] usb 6-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 16
[  184.950565][  T974] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  184.967565][  T974] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  184.994105][  T974] usb 6-1: Product: syz
[  184.999495][ T5882] usb 3-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  185.010235][ T5882] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  185.033008][  T974] usb 6-1: Manufacturer: syz
[  185.038685][ T5882] usb 3-1: config 0 descriptor??
[  185.043790][  T974] usb 6-1: SerialNumber: syz
[  185.151971][   T10] usb 4-1: USB disconnect, device number 10
[  185.156581][ T7537] FAULT_INJECTION: forcing a failure.
[  185.156581][ T7537] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  185.183539][ T7537] CPU: 0 UID: 0 PID: 7537 Comm: syz.3.334 Not tainted 6.15.0-rc3-syzkaller-00019-gbc3372351d0c #0 PREEMPT(full) 
[  185.183561][ T7537] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  185.183570][ T7537] Call Trace:
[  185.183575][ T7537]  <TASK>
[  185.183584][ T7537]  dump_stack_lvl+0x16c/0x1f0
[  185.183609][ T7537]  should_fail_ex+0x512/0x640
[  185.183627][ T7537]  _copy_from_user+0x2e/0xd0
[  185.183645][ T7537]  copy_msghdr_from_user+0x98/0x160
[  185.183664][ T7537]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  185.183692][ T7537]  ___sys_sendmsg+0xfe/0x1d0
[  185.183711][ T7537]  ? __pfx____sys_sendmsg+0x10/0x10
[  185.183756][ T7537]  __sys_sendmsg+0x16d/0x220
[  185.183773][ T7537]  ? __pfx___sys_sendmsg+0x10/0x10
[  185.183798][ T7537]  ? rcu_is_watching+0x12/0xc0
[  185.183823][ T7537]  do_syscall_64+0xcd/0x260
[  185.183845][ T7537]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  185.183860][ T7537] RIP: 0033:0x7f4a9c78e169
[  185.183873][ T7537] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  185.183900][ T7537] RSP: 002b:00007f4a9d58b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  185.183919][ T7537] RAX: ffffffffffffffda RBX: 00007f4a9c9b5fa0 RCX: 00007f4a9c78e169
[  185.183929][ T7537] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000003
[  185.183938][ T7537] RBP: 00007f4a9d58b090 R08: 0000000000000000 R09: 0000000000000000
[  185.183947][ T7537] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  185.183956][ T7537] R13: 0000000000000000 R14: 00007f4a9c9b5fa0 R15: 00007ffe641e6d18
[  185.183978][ T7537]  </TASK>
[  185.347169][    C0] vkms_vblank_simulate: vblank timer overrun
[  185.463137][ T7539] FAULT_INJECTION: forcing a failure.
[  185.463137][ T7539] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  185.477486][ T7539] CPU: 0 UID: 0 PID: 7539 Comm: syz.2.331 Not tainted 6.15.0-rc3-syzkaller-00019-gbc3372351d0c #0 PREEMPT(full) 
[  185.477510][ T7539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  185.477519][ T7539] Call Trace:
[  185.477524][ T7539]  <TASK>
[  185.477531][ T7539]  dump_stack_lvl+0x16c/0x1f0
[  185.477557][ T7539]  should_fail_ex+0x512/0x640
[  185.477582][ T7539]  should_fail_alloc_page+0xe7/0x130
[  185.477603][ T7539]  prepare_alloc_pages+0x3c2/0x610
[  185.477630][ T7539]  __alloc_frozen_pages_noprof+0x18f/0x23a0
[  185.477651][ T7539]  ? rcu_is_watching+0x12/0xc0
[  185.477673][ T7539]  ? __pv_queued_spin_lock_slowpath+0x28d/0xcf0
[  185.477701][ T7539]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  185.477718][ T7539]  ? __pfx___pv_queued_spin_lock_slowpath+0x10/0x10
[  185.477740][ T7539]  ? __pfx_is_bpf_text_address+0x10/0x10
[  185.477761][ T7539]  ? kvm_sched_clock_read+0x11/0x20
[  185.477779][ T7539]  ? sched_clock+0x38/0x60
[  185.477800][ T7539]  ? __pfx_sched_clock_cpu+0x10/0x10
[  185.477824][ T7539]  ? update_curr_se+0x8b/0x270
[  185.477840][ T7539]  ? find_held_lock+0x2b/0x80
[  185.477859][ T7539]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  185.477878][ T7539]  ? policy_nodemask+0xea/0x4e0
[  185.477899][ T7539]  alloc_pages_mpol+0x1fb/0x550
[  185.477919][ T7539]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  185.477938][ T7539]  ? __lock_acquire+0x5ca/0x1ba0
[  185.477957][ T7539]  folio_alloc_mpol_noprof+0x36/0x2f0
[  185.477979][ T7539]  vma_alloc_folio_noprof+0xed/0x1e0
[  185.478000][ T7539]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  185.478028][ T7539]  do_pte_missing+0x223d/0x3fb0
[  185.478063][ T7539]  __handle_mm_fault+0x103d/0x2a40
[  185.478095][ T7539]  ? __pfx___handle_mm_fault+0x10/0x10
[  185.478119][ T7539]  ? lock_vma_under_rcu+0x47d/0x970
[  185.478141][ T7539]  ? lock_vma_under_rcu+0x47d/0x970
[  185.478182][ T7539]  handle_mm_fault+0x3fe/0xad0
[  185.478212][ T7539]  do_user_addr_fault+0x60c/0x1370
[  185.478239][ T7539]  exc_page_fault+0x5c/0xc0
[  185.478260][ T7539]  asm_exc_page_fault+0x26/0x30
[  185.478282][ T7539] RIP: 0033:0x7fee7265f1f6
[  185.478296][ T7539] Code: ed fe ff 48 c7 c0 ff ff ff ff eb b0 0f 1f 84 00 00 00 00 00 41 56 41 55 41 54 55 53 48 81 ec 40 20 00 00 48 8b 05 0a de 1c 00 <48> 89 7c 24 18 48 89 74 24 10 be 02 55 08 80 48 89 54 24 08 48 8b
[  185.478311][ T7539] RSP: 002b:00007fee736c0fc0 EFLAGS: 00010206
[  185.478325][ T7539] RAX: 0000100000000000 RBX: 00007fee729b6080 RCX: 0000000000000000
[  185.478335][ T7539] RDX: 0000000000000000 RSI: 0000200000000340 RDI: 0000000000000003
[  185.478345][ T7539] RBP: 00007fee736c3090 R08: 0000000000000000 R09: 0000000000000000
[  185.478354][ T7539] R10: 0000000000000003 R11: 0000000000000000 R12: 0000000000000001
[  185.478363][ T7539] R13: 0000000000000000 R14: 00007fee729b6080 R15: 00007fff4806c6b8
[  185.478386][ T7539]  </TASK>
[  185.478626][ T7539] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[  185.494238][ T7513] kvm: emulating exchange as write
[  186.001273][ T5839] udevd[5839]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  186.015029][ T5882] [drm:udl_init] *ERROR* Selecting channel failed
[  186.066981][ T5882] [drm] Initialized udl 0.0.1 for 3-1:0.0 on minor 2
[  186.092495][ T5882] [drm] Initialized udl on minor 2
[  186.107066][ T5882] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  186.138039][ T5882] udl 3-1:0.0: [drm] Cannot find any crtc or sizes
[  186.154686][ T5871] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  186.168460][ T5871] udl 3-1:0.0: [drm] Cannot find any crtc or sizes
[  186.183616][  T974] cdc_ncm 6-1:1.0: bind() failure
[  186.193233][  T974] cdc_ncm 6-1:1.1: CDC Union missing and no IAD found
[  186.206655][ T5882] usb 3-1: USB disconnect, device number 15
[  186.215388][  T974] cdc_ncm 6-1:1.1: bind() failure
[  186.223107][   T12] team0 (unregistering): Port device team_slave_1 removed
[  186.247619][  T974] usb 6-1: USB disconnect, device number 4
[  186.271816][   T12] team0 (unregistering): Port device team_slave_0 removed
[  186.279313][ T5870] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  186.449569][ T5870] usb 4-1: config 0 has an invalid interface number: 253 but max is 0
[  186.459138][ T5870] usb 4-1: config 0 has no interface number 0
[  186.477156][ T5870] usb 4-1: New USB device found, idVendor=0458, idProduct=7003, bcdDevice=a4.41
[  186.489706][ T5870] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  186.511367][ T5870] usb 4-1: config 0 descriptor??
[  186.533240][ T5870] gspca_main: sn9c2028-2.14.0 probing 0458:7003
[  186.587191][   T30] audit: type=1400 audit(1745400123.028:672): avc:  denied  { read write } for  pid=7544 comm="syz.2.336" name="uhid" dev="devtmpfs" ino=1273 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  186.587584][ T7545] netlink: 'syz.2.336': attribute type 1 has an invalid length.
[  186.610465][    C0] vkms_vblank_simulate: vblank timer overrun
[  186.617607][   T30] audit: type=1400 audit(1745400123.028:673): avc:  denied  { open } for  pid=7544 comm="syz.2.336" path="/dev/uhid" dev="devtmpfs" ino=1273 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  186.621413][ T7545] netlink: 228 bytes leftover after parsing attributes in process `syz.2.336'.
[  186.691480][ T7534] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.333'.
[  186.702984][ T7538] bond_slave_0: mtu less than device minimum
[  186.718832][ T7492] chnl_net:caif_netlink_parms(): no params data found
[  186.743534][   T30] audit: type=1400 audit(1745400123.178:674): avc:  denied  { ioctl } for  pid=7544 comm="syz.2.336" path="socket:[14430]" dev="sockfs" ino=14430 ioctlcmd=0x890b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  186.822715][   T30] audit: type=1326 audit(1745400123.248:675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7547 comm="syz.1.337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ccb98e169 code=0x7ffc0000
[  186.845941][    C0] vkms_vblank_simulate: vblank timer overrun
[  186.854505][   T55] Bluetooth: hci0: command tx timeout
[  186.942712][ T7549] netlink: 8 bytes leftover after parsing attributes in process `syz.1.337'.
[  186.951587][ T7549] netlink: 4 bytes leftover after parsing attributes in process `syz.1.337'.
[  186.971130][ T5870] gspca_sn9c2028: read1 error -71
[  186.985206][ T5870] gspca_sn9c2028: read1 error -71
[  186.991237][ T5870] gspca_sn9c2028: read1 error -71
[  186.993611][   T30] audit: type=1326 audit(1745400123.248:676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7547 comm="syz.1.337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ccb98e169 code=0x7ffc0000
[  187.001560][ T5870] sn9c2028 4-1:0.253: probe with driver sn9c2028 failed with error -71
[  187.049692][   T30] audit: type=1326 audit(1745400123.258:677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7547 comm="syz.1.337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f5ccb98e169 code=0x7ffc0000
[  187.066194][ T5870] usb 4-1: USB disconnect, device number 11
[  187.300811][   T30] audit: type=1326 audit(1745400123.258:678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7547 comm="syz.1.337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ccb98e169 code=0x7ffc0000
[  187.324312][   T30] audit: type=1326 audit(1745400123.258:679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7547 comm="syz.1.337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ccb98e169 code=0x7ffc0000
[  187.347479][    C0] vkms_vblank_simulate: vblank timer overrun
[  187.429321][   T30] audit: type=1326 audit(1745400123.308:680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7547 comm="syz.1.337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f5ccb98e169 code=0x7ffc0000
[  187.507121][ T7492] bridge0: port 1(bridge_slave_0) entered blocking state
[  187.524454][ T7492] bridge0: port 1(bridge_slave_0) entered disabled state
[  187.576142][ T7492] bridge_slave_0: entered allmulticast mode
[  187.833721][ T7492] bridge_slave_0: entered promiscuous mode
[  187.866560][ T7492] bridge0: port 2(bridge_slave_1) entered blocking state
[  187.874294][ T7492] bridge0: port 2(bridge_slave_1) entered disabled state
[  187.903920][ T7492] bridge_slave_1: entered allmulticast mode
[  187.961300][ T7492] bridge_slave_1: entered promiscuous mode
[  188.464182][ T5870] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  188.546949][ T7492] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  188.573536][ T7564] netlink: 8 bytes leftover after parsing attributes in process `syz.5.341'.
[  188.577287][ T7492] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  188.638179][ T7492] team0: Port device team_slave_0 added
[  188.656073][ T7492] team0: Port device team_slave_1 added
[  188.726781][ T5870] usb 3-1: Using ep0 maxpacket: 16
[  188.735378][ T7492] batman_adv: batadv0: Adding interface: batadv_slave_0
[  188.748880][ T5870] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  188.761981][ T5870] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  188.771743][ T5882] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  188.782913][ T5870] usb 3-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00
[  188.792017][ T7492] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  188.821584][ T5870] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  188.904088][   T55] Bluetooth: hci0: command tx timeout
[  188.914137][ T5882] usb 2-1: Using ep0 maxpacket: 16
[  188.928902][ T5882] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  188.958693][ T5882] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  188.972793][ T5870] usb 3-1: config 0 descriptor??
[  188.979024][ T7492] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  188.994664][ T7492] batman_adv: batadv0: Adding interface: batadv_slave_1
[  189.002059][ T7492] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  189.036208][ T7492] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  189.050371][ T5882] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 1.40
[  189.097291][ T5882] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  189.264850][ T5882] usb 2-1: Product: syz
[  189.318887][ T5882] usb 2-1: Manufacturer: syz
[  189.362199][ T5882] usb 2-1: SerialNumber: syz
[  189.569634][ T5870] hid-multitouch 0003:1FD2:6007.0004: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.2-1/input0
[  189.639465][ T7492] hsr_slave_0: entered promiscuous mode
[  189.655354][ T7492] hsr_slave_1: entered promiscuous mode
[  189.901698][ T7575] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  189.953766][ T7575] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  189.986367][ T5871] usb 3-1: USB disconnect, device number 16
[  190.170046][ T7575] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  190.214145][ T7575] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  190.262903][ T5882] usb 2-1: 0:2 : does not exist
[  190.310514][ T5882] usb 2-1: 5:0: failed to get current value for ch 0 (-22)
[  190.326736][ T5882] usb 2-1: 5:0: cannot get min/max values for control 2 (id 5)
[  190.386679][ T5882] usb 2-1: USB disconnect, device number 10
[  190.609847][ T5839] udevd[5839]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  190.673692][ T5871] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  190.839432][ T5871] usb 4-1: device descriptor read/64, error -71
[  191.052546][   T55] Bluetooth: hci0: command tx timeout
[  191.146097][ T7492] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  191.193611][ T5871] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  191.207674][ T7492] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  191.234875][ T7627] openvswitch: netlink: Geneve opt len 2 is not a multiple of 4.
[  191.254282][ T7492] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  191.271966][ T7492] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  191.313947][ T5824] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  191.353615][ T5871] usb 4-1: device descriptor read/64, error -71
[  191.479473][ T5871] usb usb4-port1: attempt power cycle
[  191.491741][ T7492] 8021q: adding VLAN 0 to HW filter on device bond0
[  191.502063][ T5824] usb 3-1: config 0 has no interfaces?
[  191.519700][ T5824] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  191.545051][ T5824] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  191.571390][ T7492] 8021q: adding VLAN 0 to HW filter on device team0
[  191.579262][ T5824] usb 3-1: Product: syz
[  191.592183][ T5824] usb 3-1: Manufacturer: syz
[  191.602629][ T5824] usb 3-1: SerialNumber: syz
[  191.755013][ T5824] usb 3-1: config 0 descriptor??
[  191.762495][   T65] bridge0: port 1(bridge_slave_0) entered blocking state
[  191.769639][   T65] bridge0: port 1(bridge_slave_0) entered forwarding state
[  192.446547][ T5871] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  192.495920][ T5973] bridge0: port 2(bridge_slave_1) entered blocking state
[  192.496976][ T5871] usb 4-1: device descriptor read/8, error -71
[  192.503051][ T5973] bridge0: port 2(bridge_slave_1) entered forwarding state
[  192.633459][   T30] kauditd_printk_skb: 25 callbacks suppressed
[  192.633474][   T30] audit: type=1400 audit(1745400129.049:706): avc:  denied  { unmount } for  pid=6351 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  192.659226][    C0] vkms_vblank_simulate: vblank timer overrun
[  192.727780][ T7622] tun0: tun_chr_ioctl cmd 35111
[  192.740259][   T30] audit: type=1326 audit(1745400129.179:707): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7642 comm="syz.1.353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ccb98e169 code=0x7ffc0000
[  192.763438][    C0] vkms_vblank_simulate: vblank timer overrun
[  192.827038][ T5871] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  192.830679][ T7649] netlink: 8 bytes leftover after parsing attributes in process `syz.1.353'.
[  192.844382][ T7649] netlink: 4 bytes leftover after parsing attributes in process `syz.1.353'.
[  192.846037][   T30] audit: type=1326 audit(1745400129.179:708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7642 comm="syz.1.353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ccb98e169 code=0x7ffc0000
[  192.876385][    C0] vkms_vblank_simulate: vblank timer overrun
[  192.906740][ T5871] usb 4-1: device descriptor read/8, error -71
[  192.976916][   T30] audit: type=1326 audit(1745400129.209:709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7642 comm="syz.1.353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f5ccb98e169 code=0x7ffc0000
[  193.000753][   T30] audit: type=1326 audit(1745400129.209:710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7642 comm="syz.1.353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ccb98e169 code=0x7ffc0000
[  193.023956][    C0] vkms_vblank_simulate: vblank timer overrun
[  193.085950][ T5871] usb usb4-port1: unable to enumerate USB device
[  193.633713][   T30] audit: type=1326 audit(1745400129.209:711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7642 comm="syz.1.353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ccb98e169 code=0x7ffc0000
[  193.656910][    C0] vkms_vblank_simulate: vblank timer overrun
[  193.663205][   T30] audit: type=1326 audit(1745400129.209:712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7642 comm="syz.1.353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f5ccb98e169 code=0x7ffc0000
[  193.805767][ T1295] ieee802154 phy0 wpan0: encryption failed: -22
[  193.812124][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[  193.862083][   T30] audit: type=1326 audit(1745400129.219:713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7642 comm="syz.1.353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ccb98e169 code=0x7ffc0000
[  193.979437][   T30] audit: type=1326 audit(1745400129.219:714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7642 comm="syz.1.353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ccb98e169 code=0x7ffc0000
[  193.988100][ T7659] netlink: 8 bytes leftover after parsing attributes in process `syz.3.355'.
[  194.014124][ T7492] 8021q: adding VLAN 0 to HW filter on device batadv0
[  194.084575][   T30] audit: type=1326 audit(1745400129.219:715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7642 comm="syz.1.353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ccb98e169 code=0x7ffc0000
[  194.294231][ T5872] usb 3-1: USB disconnect, device number 17
[  194.380028][ T7676] netlink: 'syz.1.357': attribute type 4 has an invalid length.
[  195.172645][ T7690] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  195.437361][ T7702] netlink: 'syz.3.360': attribute type 2 has an invalid length.
[  195.454700][ T7702] netlink: 8 bytes leftover after parsing attributes in process `syz.3.360'.
[  195.501581][ T7492] veth0_vlan: entered promiscuous mode
[  195.532281][ T7492] veth1_vlan: entered promiscuous mode
[  195.615662][ T7492] veth0_macvtap: entered promiscuous mode
[  195.672672][ T7492] veth1_macvtap: entered promiscuous mode
[  195.985092][ T7492] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  196.009287][ T7710] CIFS: VFS: Malformed UNC in devname
[  196.017955][ T7492] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  196.059159][ T7492] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  196.083119][ T7492] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  196.100283][ T7492] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  196.122807][ T7492] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  196.134661][ T7492] batman_adv: batadv0: Interface activated: batadv_slave_0
[  196.142867][ T7713] netlink: 36 bytes leftover after parsing attributes in process `syz.2.363'.
[  196.284508][ T7492] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  196.351935][ T7492] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  196.420500][ T7492] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  196.481626][ T7724] FAULT_INJECTION: forcing a failure.
[  196.481626][ T7724] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  196.531255][ T7492] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  196.610696][ T7492] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  196.631026][ T7724] CPU: 1 UID: 0 PID: 7724 Comm: syz.5.365 Not tainted 6.15.0-rc3-syzkaller-00019-gbc3372351d0c #0 PREEMPT(full) 
[  196.631049][ T7724] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  196.631059][ T7724] Call Trace:
[  196.631065][ T7724]  <TASK>
[  196.631070][ T7724]  dump_stack_lvl+0x16c/0x1f0
[  196.631097][ T7724]  should_fail_ex+0x512/0x640
[  196.631118][ T7724]  _copy_to_user+0x32/0xd0
[  196.631139][ T7724]  simple_read_from_buffer+0xcb/0x170
[  196.631166][ T7724]  proc_fail_nth_read+0x197/0x270
[  196.631190][ T7724]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  196.631216][ T7724]  ? rw_verify_area+0xcf/0x680
[  196.631236][ T7724]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  196.631259][ T7724]  vfs_read+0x1de/0xc70
[  196.631285][ T7724]  ? __pfx___mutex_lock+0x10/0x10
[  196.631308][ T7724]  ? __pfx_vfs_read+0x10/0x10
[  196.631339][ T7724]  ? __fget_files+0x20e/0x3c0
[  196.631362][ T7724]  ksys_read+0x12a/0x240
[  196.631380][ T7724]  ? __pfx_ksys_read+0x10/0x10
[  196.631402][ T7724]  ? rcu_is_watching+0x12/0xc0
[  196.631430][ T7724]  do_syscall_64+0xcd/0x260
[  196.631454][ T7724]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  196.631470][ T7724] RIP: 0033:0x7f9f0b38cb7c
[  196.631489][ T7724] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  196.631504][ T7724] RSP: 002b:00007f9f091f6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  196.631519][ T7724] RAX: ffffffffffffffda RBX: 00007f9f0b5b5fa0 RCX: 00007f9f0b38cb7c
[  196.631530][ T7724] RDX: 000000000000000f RSI: 00007f9f091f60a0 RDI: 0000000000000004
[  196.631540][ T7724] RBP: 00007f9f091f6090 R08: 0000000000000000 R09: 0000000000000000
[  196.631549][ T7724] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  196.631559][ T7724] R13: 0000000000000000 R14: 00007f9f0b5b5fa0 R15: 00007ffed590a228
[  196.631581][ T7724]  </TASK>
[  196.631910][ T7492] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  196.996849][ T7492] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  197.007734][ T7492] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  197.032930][ T7492] batman_adv: batadv0: Interface activated: batadv_slave_1
[  197.508680][ T7492] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  197.626587][ T7741] vim2m vim2m.0: vidioc_s_fmt queue busy
[  199.056056][ T7492] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  199.093436][   T30] kauditd_printk_skb: 24 callbacks suppressed
[  199.093450][   T30] audit: type=1400 audit(1745400135.500:740): avc:  denied  { create } for  pid=7745 comm="syz.2.369" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  199.162655][ T7492] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  199.171359][ T7492] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  199.223964][   T30] audit: type=1400 audit(1745400135.500:741): avc:  denied  { getopt } for  pid=7745 comm="syz.2.369" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  199.513716][  T974] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  199.674245][   T30] audit: type=1400 audit(1745400136.080:742): avc:  denied  { bind } for  pid=7752 comm="syz.1.371" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  199.779197][  T974] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  199.931693][  T974] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  200.084259][   T65] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  200.102076][  T974] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  200.189661][   T65] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  200.273524][  T974] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  200.439270][ T7750] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  200.489940][ T7759] netlink: 84 bytes leftover after parsing attributes in process `syz.5.372'.
[  200.519308][  T974] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  200.541685][   T30] audit: type=1400 audit(1745400136.980:743): avc:  denied  { write } for  pid=7758 comm="syz.5.372" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  200.562233][ T3002] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  200.587033][ T3002] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  202.099378][   T30] audit: type=1400 audit(1745400138.510:744): avc:  denied  { read } for  pid=7777 comm="syz.3.376" name="mouse0" dev="devtmpfs" ino=1005 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  202.308673][ T7792] netlink: 8 bytes leftover after parsing attributes in process `syz.5.377'.
[  202.324083][ T7792] netlink: 8 bytes leftover after parsing attributes in process `syz.5.377'.
[  202.963535][    T9] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  203.699891][   T65] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  203.755798][ T5948] usb 3-1: USB disconnect, device number 18
[  203.862153][    T9] usb 2-1: Using ep0 maxpacket: 32
[  203.899778][    T9] usb 2-1: config 8 has an invalid interface number: 229 but max is 2
[  203.932373][    T9] usb 2-1: config 8 has an invalid interface number: 238 but max is 2
[  203.946356][    T9] usb 2-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config
[  203.976734][    T9] usb 2-1: config 8 has 2 interfaces, different from the descriptor's value: 3
[  204.124875][    T9] usb 2-1: config 8 has no interface number 0
[  204.141675][    T9] usb 2-1: config 8 has no interface number 1
[  204.154869][    T9] usb 2-1: config 8 interface 229 altsetting 114 endpoint 0x8 has an invalid bInterval 255, changing to 11
[  204.191658][   T65] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  204.239100][    T9] usb 2-1: config 8 interface 229 altsetting 114 endpoint 0x9 has invalid maxpacket 1024, setting to 64
[  204.282873][    T9] usb 2-1: config 8 interface 229 altsetting 114 endpoint 0xB has invalid maxpacket 1024, setting to 64
[  204.450777][    T9] usb 2-1: config 8 interface 229 altsetting 114 has an invalid descriptor for endpoint zero, skipping
[  204.522162][    T9] usb 2-1: config 8 interface 238 altsetting 8 has an invalid descriptor for endpoint zero, skipping
[  204.544820][   T65] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  204.562049][    T9] usb 2-1: config 8 interface 238 altsetting 8 endpoint 0x6 has invalid maxpacket 512, setting to 64
[  204.606904][ T7817] veth0: entered promiscuous mode
[  204.607665][    T9] usb 2-1: config 8 interface 238 altsetting 8 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  204.633572][ T7817] netlink: 4 bytes leftover after parsing attributes in process `syz.2.383'.
[  204.649141][    T9] usb 2-1: config 8 interface 229 has no altsetting 0
[  204.800056][    T9] usb 2-1: config 8 interface 238 has no altsetting 0
[  204.816671][   T65] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  204.828868][    T9] usb 2-1: New USB device found, idVendor=0711, idProduct=0550, bcdDevice=e3.7f
[  204.992139][ T5870] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  205.251154][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  205.252564][ T5834] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  205.266813][ T5870] usb 6-1: Using ep0 maxpacket: 32
[  205.279545][    T9] usb 2-1: Product: ኀﮏ뗄▓Ἣ䊢꧿쪍錑ݚể禍̕飡溘ꑓ&ᚿⓏ萱자鞏꺨櫭쁗뱇늃Ⱛ鷓髼㨇﫺衆驮ʮ抉嬒몾師ﳐ뛄䄵㝩ᘃ⨌쏕壔탕辚纛པ싵潟ᮏ꾖涁⁏貗瞜깄吐Ң風㔁콤ꨳ朊袈麗䡼껜짟쓅ࡕՋⷛල箮녫콶歸
[  205.281510][ T5834] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  205.321363][ T5834] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  205.340580][ T5870] usb 6-1: config 8 has an invalid interface number: 229 but max is 2
[  205.349967][ T5834] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  205.359134][ T5870] usb 6-1: config 8 has an invalid interface number: 238 but max is 2
[  205.367561][ T5870] usb 6-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config
[  205.381551][ T5834] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  205.389903][ T5870] usb 6-1: config 8 has 2 interfaces, different from the descriptor's value: 3
[  205.412639][ T5870] usb 6-1: config 8 has no interface number 0
[  205.419714][ T5870] usb 6-1: config 8 has no interface number 1
[  205.420190][    T9] usb 2-1: Manufacturer: 黆ྮꮎ焟ꆃဆᣢ蘿螝∘豵↻὇繄쌠갉躲鏴㬿폑ᵏ代ﺼ쁴㷱楛᠘榭仲ῥᳰ⬈髷竬㥷
[  205.426032][ T5870] usb 6-1: config 8 interface 229 altsetting 114 endpoint 0x8 has an invalid bInterval 255, changing to 11
[  205.453669][ T5870] usb 6-1: config 8 interface 229 altsetting 114 endpoint 0x9 has invalid maxpacket 1024, setting to 64
[  205.462103][ T7833] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  205.465662][ T5870] usb 6-1: config 8 interface 229 altsetting 114 endpoint 0xB has invalid maxpacket 1024, setting to 64
[  205.487014][ T5870] usb 6-1: config 8 interface 229 altsetting 114 has an invalid descriptor for endpoint zero, skipping
[  205.498120][ T5870] usb 6-1: config 8 interface 238 altsetting 8 has an invalid descriptor for endpoint zero, skipping
[  205.514038][ T5870] usb 6-1: config 8 interface 238 altsetting 8 endpoint 0x6 has invalid maxpacket 512, setting to 64
[  205.525151][ T5870] usb 6-1: config 8 interface 238 altsetting 8 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  205.538269][ T5870] usb 6-1: config 8 interface 229 has no altsetting 0
[  205.549893][ T5870] usb 6-1: config 8 interface 238 has no altsetting 0
[  205.571610][ T5870] usb 6-1: New USB device found, idVendor=0711, idProduct=0550, bcdDevice=e3.7f
[  205.577210][    T9] usb 2-1: SerialNumber: syz
[  205.580844][ T5870] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  205.598865][ T5870] usb 6-1: Product: ኀﮏ뗄▓Ἣ䊢꧿쪍錑ݚể禍̕飡溘ꑓ&ᚿⓏ萱자鞏꺨櫭쁗뱇늃Ⱛ鷓髼㨇﫺衆驮ʮ抉嬒몾師ﳐ뛄䄵㝩ᘃ⨌쏕壔탕辚纛པ싵潟ᮏ꾖涁⁏貗瞜깄吐Ң風㔁콤ꨳ朊袈麗䡼껜짟쓅ࡕՋⷛල箮녫콶歸
[  205.611119][    T9] usb 2-1: can't set config #8, error -71
[  205.695432][ T5870] usb 6-1: Manufacturer: 黆ྮꮎ焟ꆃဆᣢ蘿螝∘豵↻὇繄쌠갉躲鏴㬿폑ᵏ代ﺼ쁴㷱楛᠘榭仲ῥᳰ⬈髷竬㥷
[  205.707099][    T9] usb 2-1: USB disconnect, device number 11
[  205.801118][ T5870] usb 6-1: SerialNumber: syz
[  205.806707][   T65] bridge_slave_1: left allmulticast mode
[  205.812561][   T65] bridge_slave_1: left promiscuous mode
[  205.818268][   T65] bridge0: port 2(bridge_slave_1) entered disabled state
[  205.828045][   T65] bridge_slave_0: left allmulticast mode
[  205.839844][   T65] bridge_slave_0: left promiscuous mode
[  205.845561][ T7820] syz.2.383: attempt to access beyond end of device
[  205.845561][ T7820] nbd2: rw=0, sector=64, nr_sectors = 8 limit=0
[  205.845751][ T7820] syz.2.383: attempt to access beyond end of device
[  205.845751][ T7820] nbd2: rw=0, sector=120, nr_sectors = 8 limit=0
[  205.860129][   T65] bridge0: port 1(bridge_slave_0) entered disabled state
[  205.872824][   T30] audit: type=1400 audit(1745400142.280:745): avc:  denied  { mounton } for  pid=7816 comm="syz.2.383" path="/syzcgroup/unified/syz2" dev="cgroup2" ino=38 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1
[  205.904646][ T7820] Mount JFS Failure: -5
[  206.374192][   T53] Bluetooth: hci2: Frame reassembly failed (-84)
[  206.381098][   T30] audit: type=1400 audit(1745400142.820:746): avc:  denied  { read } for  pid=7852 comm="syz.1.388" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  206.555236][   T65] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  206.563944][   T30] audit: type=1400 audit(1745400143.010:747): avc:  denied  { setopt } for  pid=7851 comm="syz.2.387" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  206.586977][   T65] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  206.598622][   T65] bond0 (unregistering): Released all slaves
[  206.663549][   T30] audit: type=1400 audit(1745400143.110:748): avc:  denied  { attach_queue } for  pid=7851 comm="syz.2.387" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  206.896728][ T7828] chnl_net:caif_netlink_parms(): no params data found
[  206.938411][   T65] hsr_slave_0: left promiscuous mode
[  206.945209][   T65] hsr_slave_1: left promiscuous mode
[  206.951141][   T65] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  206.967646][   T65] batman_adv: batadv0: Removing interface: batadv_slave_0
[  206.981580][   T65] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  206.996401][   T65] batman_adv: batadv0: Removing interface: batadv_slave_1
[  207.068071][   T65] veth1_macvtap: left promiscuous mode
[  207.076607][   T65] veth0_macvtap: left promiscuous mode
[  207.101339][   T65] veth1_vlan: left promiscuous mode
[  207.111579][   T65] veth0_vlan: left promiscuous mode
[  207.131744][ T7872] libceph: resolve '0.' (ret=-3): failed
[  207.473100][   T55] Bluetooth: hci0: command tx timeout
[  207.910738][ T5824] libceph: connect (1)[c::]:6789 error -101
[  207.934959][ T5824] libceph: mon0 (1)[c::]:6789 connect error
[  207.959603][ T5870] sisusb 6-1:8.229: Invalid USB2VGA device
[  207.966892][ T5870] sisusb 6-1:8.229: probe with driver sisusb failed with error -22
[  208.003245][   T30] audit: type=1400 audit(1745400144.451:749): avc:  denied  { shutdown } for  pid=7881 comm="syz.3.390" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  208.043171][ T5870] sisusb 6-1:8.238: Invalid USB2VGA device
[  208.049030][ T5870] sisusb 6-1:8.238: probe with driver sisusb failed with error -22
[  208.127140][ T5870] usb 6-1: USB disconnect, device number 5
[  208.159782][   T30] audit: type=1400 audit(1745400144.601:750): avc:  denied  { bind } for  pid=7895 comm="syz.5.391" lport=60 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  208.160697][ T5839] udevd[5839]: setting mode of /dev/bus/usb/006/005 to 020664 failed: No such file or directory
[  208.202469][ T5824] libceph: connect (1)[c::]:6789 error -101
[  208.208516][ T5824] libceph: mon0 (1)[c::]:6789 connect error
[  208.254690][   T30] audit: type=1400 audit(1745400144.601:751): avc:  denied  { name_bind } for  pid=7895 comm="syz.5.391" src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1
[  208.268111][ T5839] udevd[5839]: setting owner of /dev/bus/usb/006/005 to uid=0, gid=0 failed: No such file or directory
[  208.290178][ T7898] netlink: 'syz.5.392': attribute type 10 has an invalid length.
[  208.307507][   T30] audit: type=1400 audit(1745400144.601:752): avc:  denied  { node_bind } for  pid=7895 comm="syz.5.391" saddr=fe80::bb src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1
[  208.431665][ T5834] Bluetooth: hci2: Opcode 0x1003 failed: -110
[  208.556837][ T7885] ceph: No mds server is up or the cluster is laggy
[  208.679814][   T65] team0 (unregistering): Port device team_slave_1 removed
[  209.012425][   T30] audit: type=1400 audit(1745400145.431:753): avc:  denied  { write } for  pid=7899 comm="syz.1.393" name="msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  209.034949][    C1] vkms_vblank_simulate: vblank timer overrun
[  209.063303][   T65] team0 (unregistering): Port device team_slave_0 removed
[  209.544570][ T5836] Bluetooth: hci0: command tx timeout
[  209.711787][ T7898] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  209.965097][ T7828] bridge0: port 1(bridge_slave_0) entered blocking state
[  209.973689][ T7828] bridge0: port 1(bridge_slave_0) entered disabled state
[  209.980861][ T7828] bridge_slave_0: entered allmulticast mode
[  209.987617][ T7828] bridge_slave_0: entered promiscuous mode
[  209.999050][ T7828] bridge0: port 2(bridge_slave_1) entered blocking state
[  210.006575][ T7828] bridge0: port 2(bridge_slave_1) entered disabled state
[  210.014648][ T7828] bridge_slave_1: entered allmulticast mode
[  210.466120][ T7828] bridge_slave_1: entered promiscuous mode
[  210.656456][ T7931] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  210.769734][ T7828] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  210.839350][ T7828] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  210.939283][ T7828] team0: Port device team_slave_0 added
[  210.957567][ T7828] team0: Port device team_slave_1 added
[  211.059594][ T7828] batman_adv: batadv0: Adding interface: batadv_slave_0
[  211.072274][ T7828] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  211.098154][    C1] vkms_vblank_simulate: vblank timer overrun
[  211.167424][ T7828] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  211.178140][ T5870] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  211.231068][ T7828] batman_adv: batadv0: Adding interface: batadv_slave_1
[  211.241346][ T7828] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  211.267192][    C1] vkms_vblank_simulate: vblank timer overrun
[  211.315011][ T7828] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  211.364440][ T5870] usb 4-1: New USB device found, idVendor=2639, idProduct=0017, bcdDevice=ce.6a
[  211.374147][ T5870] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  211.439599][ T5870] usb 4-1: Product: syz
[  211.457422][ T5870] usb 4-1: Manufacturer: syz
[  211.484717][ T5870] usb 4-1: SerialNumber: syz
[  211.632557][ T5836] Bluetooth: hci0: command 0x040f tx timeout
[  212.438958][ T7828] hsr_slave_0: entered promiscuous mode
[  212.459437][  T974] usb 4-1: USB disconnect, device number 16
[  212.472995][ T7828] hsr_slave_1: entered promiscuous mode
[  212.774939][   T30] audit: type=1400 audit(1745400149.221:754): avc:  denied  { ioctl } for  pid=7963 comm="syz.5.404" path="socket:[17014]" dev="sockfs" ino=17014 ioctlcmd=0x8931 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  213.711330][   T55] Bluetooth: hci0: command 0x040f tx timeout
[  214.200841][  T974] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  214.296486][ T8000] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  214.377409][  T974] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  214.402258][  T974] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  214.459115][   T30] audit: type=1400 audit(1745400150.871:755): avc:  denied  { write } for  pid=5179 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  214.529680][  T974] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  214.539429][  T974] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  214.549408][   T30] audit: type=1400 audit(1745400150.871:756): avc:  denied  { remove_name } for  pid=5179 comm="syslogd" name="messages" dev="tmpfs" ino=7 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  214.581068][ T7982] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  214.593513][  T974] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  214.610175][   T30] audit: type=1400 audit(1745400150.871:757): avc:  denied  { add_name } for  pid=5179 comm="syslogd" name="messages.0" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  214.612567][ T7828] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  214.668827][ T8010] netlink: 8 bytes leftover after parsing attributes in process `syz.1.413'.
[  214.677696][ T8010] netlink: 4 bytes leftover after parsing attributes in process `syz.1.413'.
[  214.773229][   T30] audit: type=1326 audit(1745400151.011:758): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8008 comm="syz.1.413" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ccb98e169 code=0x7ffc0000
[  214.784019][ T7828] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  214.796488][    C0] vkms_vblank_simulate: vblank timer overrun
[  214.831065][ T7828] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  214.858108][ T7828] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  214.874731][   T30] audit: type=1326 audit(1745400151.011:759): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8008 comm="syz.1.413" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ccb98e169 code=0x7ffc0000
[  214.897949][    C0] vkms_vblank_simulate: vblank timer overrun
[  215.045939][   T30] audit: type=1326 audit(1745400151.011:760): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8008 comm="syz.1.413" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f5ccb98e169 code=0x7ffc0000
[  215.100890][   T30] audit: type=1326 audit(1745400151.011:761): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8008 comm="syz.1.413" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ccb98e169 code=0x7ffc0000
[  215.126314][   T30] audit: type=1326 audit(1745400151.011:762): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8008 comm="syz.1.413" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ccb98e169 code=0x7ffc0000
[  215.274083][   T30] audit: type=1326 audit(1745400151.011:763): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8008 comm="syz.1.413" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f5ccb98e169 code=0x7ffc0000
[  215.297276][    C0] vkms_vblank_simulate: vblank timer overrun
[  215.331495][ T8018] netlink: 8 bytes leftover after parsing attributes in process `syz.5.415'.
[  215.360275][ T7828] 8021q: adding VLAN 0 to HW filter on device bond0
[  215.386664][ T7828] 8021q: adding VLAN 0 to HW filter on device team0
[  215.426171][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  215.433305][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  215.494853][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  215.502003][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  215.569799][ T7828] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  215.630952][ T7828] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  215.790755][   T55] Bluetooth: hci0: command 0x040f tx timeout
[  216.147351][ T7828] 8021q: adding VLAN 0 to HW filter on device batadv0
[  216.189742][ T8052] block device autoloading is deprecated and will be removed.
[  216.211479][ T8043] md: md2 stopped.
[  216.564776][ T8058] random: crng reseeded on system resumption
[  217.110767][ T5824] usb 4-1: USB disconnect, device number 17
[  217.746012][ T7828] veth0_vlan: entered promiscuous mode
[  217.795665][ T7828] veth1_vlan: entered promiscuous mode
[  218.535787][ T7828] veth0_macvtap: entered promiscuous mode
[  218.567336][ T7828] veth1_macvtap: entered promiscuous mode
[  218.610504][ T8090] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  218.619044][ T7828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  218.676386][ T7828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  218.679946][ T8093] netlink: 8 bytes leftover after parsing attributes in process `syz.5.426'.
[  218.720916][ T7828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  218.734158][ T7828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  218.745741][ T7828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  218.756514][ T7828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  218.787387][ T7828] batman_adv: batadv0: Interface activated: batadv_slave_0
[  218.838976][ T7828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  218.854689][ T7828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  218.866553][ T8103] netlink: 12 bytes leftover after parsing attributes in process `syz.5.428'.
[  218.875372][ T7828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  218.906696][ T7828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  218.916820][ T7828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  218.939250][ T7828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  218.949912][ T7828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  218.969569][ T7828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  218.991075][ T7828] batman_adv: batadv0: Interface activated: batadv_slave_1
[  219.058661][ T7828] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  219.109160][ T7828] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  219.119705][ T7828] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  219.135726][ T7828] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  219.334755][ T3002] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  219.362981][ T3002] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  219.872479][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  219.899925][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  220.749486][ T8150] random: crng reseeded on system resumption
[  221.111695][   T30] kauditd_printk_skb: 31 callbacks suppressed
[  221.111711][   T30] audit: type=1326 audit(1745400157.562:795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8151 comm="syz.1.436" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ccb98e169 code=0x7ffc0000
[  221.228640][ T8155] netlink: 8 bytes leftover after parsing attributes in process `syz.1.436'.
[  221.237457][ T8155] netlink: 4 bytes leftover after parsing attributes in process `syz.1.436'.
[  221.440051][   T30] audit: type=1326 audit(1745400157.562:796): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8151 comm="syz.1.436" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ccb98e169 code=0x7ffc0000
[  221.557090][   T30] audit: type=1326 audit(1745400157.592:797): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8151 comm="syz.1.436" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f5ccb98e169 code=0x7ffc0000
[  221.620368][   T30] audit: type=1326 audit(1745400157.592:798): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8151 comm="syz.1.436" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ccb98e169 code=0x7ffc0000
[  221.699263][   T30] audit: type=1326 audit(1745400157.592:799): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8151 comm="syz.1.436" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ccb98e169 code=0x7ffc0000
[  221.773765][   T30] audit: type=1326 audit(1745400157.592:800): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8151 comm="syz.1.436" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f5ccb98e169 code=0x7ffc0000
[  221.797729][   T30] audit: type=1326 audit(1745400157.592:801): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8151 comm="syz.1.436" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ccb98e169 code=0x7ffc0000
[  221.837470][   T30] audit: type=1326 audit(1745400157.592:802): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8151 comm="syz.1.436" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ccb98e169 code=0x7ffc0000
[  221.869368][   T30] audit: type=1326 audit(1745400157.592:803): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8151 comm="syz.1.436" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ccb98e169 code=0x7ffc0000
[  221.885422][ T8167] process 'syz.3.439' launched './file0' with NULL argv: empty string added
[  221.899131][   T30] audit: type=1326 audit(1745400157.592:804): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8151 comm="syz.1.436" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ccb98e169 code=0x7ffc0000
[  222.451595][ T8167] CUSE: info not properly terminated
[  223.397695][ T8199] input: syz1 as /devices/virtual/input/input8
[  224.744762][ T8218] netlink: 'syz.1.449': attribute type 2 has an invalid length.
[  224.756107][ T8218] netlink: 8 bytes leftover after parsing attributes in process `syz.1.449'.
[  225.018741][ T8226] xt_CT: No such helper "snmp"
[  225.211236][ T8231] random: crng reseeded on system resumption
[  226.777669][ T8262] netlink: 36 bytes leftover after parsing attributes in process `syz.1.461'.
[  226.787905][ T8262] netlink: 16 bytes leftover after parsing attributes in process `syz.1.461'.
[  226.796985][ T8262] netlink: 36 bytes leftover after parsing attributes in process `syz.1.461'.
[  226.808405][ T8262] netlink: 36 bytes leftover after parsing attributes in process `syz.1.461'.
[  227.497400][   T30] kauditd_printk_skb: 35 callbacks suppressed
[  227.497417][   T30] audit: type=1400 audit(1745400163.653:840): avc:  denied  { write } for  pid=8264 comm="syz.1.462" name="file0" dev="fuse" ino=6 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[  227.828436][ T8271] netlink: 8 bytes leftover after parsing attributes in process `syz.1.463'.
[  227.841663][ T8271] netlink: 8 bytes leftover after parsing attributes in process `syz.1.463'.
[  227.907270][ T8273] PKCS8: Unsupported PKCS#8 version
[  228.233459][ T8280] netlink: 'syz.5.466': attribute type 2 has an invalid length.
[  228.239188][  T974] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  228.241277][ T8280] netlink: 8 bytes leftover after parsing attributes in process `syz.5.466'.
[  228.409152][  T974] usb 2-1: Using ep0 maxpacket: 16
[  228.415692][  T974] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  228.426887][  T974] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  228.439099][  T974] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  228.451950][  T974] usb 2-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  228.461010][  T974] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  229.045610][ T8282] FAULT_INJECTION: forcing a failure.
[  229.045610][ T8282] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  229.062126][ T8282] CPU: 0 UID: 0 PID: 8282 Comm: syz.5.467 Not tainted 6.15.0-rc3-syzkaller-00019-gbc3372351d0c #0 PREEMPT(full) 
[  229.062149][ T8282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  229.062158][ T8282] Call Trace:
[  229.062164][ T8282]  <TASK>
[  229.062170][ T8282]  dump_stack_lvl+0x16c/0x1f0
[  229.062197][ T8282]  should_fail_ex+0x512/0x640
[  229.062219][ T8282]  _copy_from_user+0x2e/0xd0
[  229.062239][ T8282]  copy_msghdr_from_user+0x98/0x160
[  229.062259][ T8282]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  229.062291][ T8282]  ___sys_sendmsg+0xfe/0x1d0
[  229.062312][ T8282]  ? __pfx____sys_sendmsg+0x10/0x10
[  229.062362][ T8282]  __sys_sendmsg+0x16d/0x220
[  229.062382][ T8282]  ? __pfx___sys_sendmsg+0x10/0x10
[  229.062409][ T8282]  ? rcu_is_watching+0x12/0xc0
[  229.062437][ T8282]  do_syscall_64+0xcd/0x260
[  229.062461][ T8282]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  229.062478][ T8282] RIP: 0033:0x7f9f0b38e169
[  229.062491][ T8282] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  229.062506][ T8282] RSP: 002b:00007f9f091f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  229.062522][ T8282] RAX: ffffffffffffffda RBX: 00007f9f0b5b5fa0 RCX: 00007f9f0b38e169
[  229.062533][ T8282] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000003
[  229.062542][ T8282] RBP: 00007f9f091f6090 R08: 0000000000000000 R09: 0000000000000000
[  229.062551][ T8282] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  229.062560][ T8282] R13: 0000000000000000 R14: 00007f9f0b5b5fa0 R15: 00007ffed590a228
[  229.062582][ T8282]  </TASK>
[  229.265019][ T8284] futex_wake_op: syz.5.468 tries to shift op by 36; fix this program
[  231.047893][   T30] audit: type=1400 audit(1745400167.493:841): avc:  denied  { ioctl } for  pid=8293 comm="syz.1.471" path="/dev/sg0" dev="devtmpfs" ino=761 ioctlcmd=0x2285 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  231.098176][ T5197] udevd[5197]: worker [5839] terminated by signal 33 (Unknown signal 33)
[  231.115584][ T5197] udevd[5197]: worker [5839] failed while handling '/devices/virtual/block/loop1'
[  233.121174][ T8310] netlink: 12 bytes leftover after parsing attributes in process `syz.3.476'.
[  233.270964][ T8313] random: crng reseeded on system resumption
[  233.764860][ T8319] libceph: resolve '0.' (ret=-3): failed
[  234.675648][   T30] audit: type=1400 audit(1745400171.124:842): avc:  denied  { create } for  pid=8330 comm="syz.3.480" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[  234.707719][   T30] audit: type=1400 audit(1745400171.124:843): avc:  denied  { bind } for  pid=8330 comm="syz.3.480" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[  234.740366][   T30] audit: type=1400 audit(1745400171.124:844): avc:  denied  { bind } for  pid=8330 comm="syz.3.480" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  237.916039][   T30] audit: type=1400 audit(1745400174.364:845): avc:  denied  { bind } for  pid=8355 comm="syz.3.488" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  238.108404][ T5836] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  238.119357][ T5836] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  238.127710][ T5836] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  238.144097][ T5836] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  238.155276][ T5836] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  238.191218][ T8360] ptrace attach of "./syz-executor exec"[5827] was attempted by "./syz-executor exec"[8360]
[  238.210910][   T30] audit: type=1400 audit(1745400174.654:846): avc:  denied  { accept } for  pid=8355 comm="syz.3.488" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  238.627113][ T8358] chnl_net:caif_netlink_parms(): no params data found
[  238.689840][ T8358] bridge0: port 1(bridge_slave_0) entered blocking state
[  238.696942][ T8358] bridge0: port 1(bridge_slave_0) entered disabled state
[  238.704108][ T8358] bridge_slave_0: entered allmulticast mode
[  238.711423][ T8358] bridge_slave_0: entered promiscuous mode
[  238.718714][ T8358] bridge0: port 2(bridge_slave_1) entered blocking state
[  238.727100][ T8358] bridge0: port 2(bridge_slave_1) entered disabled state
[  238.734550][ T8358] bridge_slave_1: entered allmulticast mode
[  238.742133][ T8358] bridge_slave_1: entered promiscuous mode
[  238.774770][ T8358] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  238.786278][ T8358] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  238.833752][ T8358] team0: Port device team_slave_0 added
[  238.842898][ T8358] team0: Port device team_slave_1 added
[  238.855204][   T30] audit: type=1400 audit(1745400175.304:847): avc:  denied  { write } for  pid=8367 comm="syz.3.489" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  238.892830][ T8358] batman_adv: batadv0: Adding interface: batadv_slave_0
[  238.903353][ T8358] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  238.931429][ T8358] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  238.948515][ T8358] batman_adv: batadv0: Adding interface: batadv_slave_1
[  238.956276][ T8358] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  238.990446][ T8358] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  239.069847][ T8358] hsr_slave_0: entered promiscuous mode
[  239.076073][ T8358] hsr_slave_1: entered promiscuous mode
[  239.082383][ T8358] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  239.090909][ T8358] Cannot create hsr debugfs directory
[  239.825516][   T30] audit: type=1400 audit(1745400176.274:848): avc:  denied  { append } for  pid=8373 comm="syz.3.491" name="ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  240.849326][   T55] Bluetooth: hci2: command tx timeout
[  241.275450][   T30] audit: type=1326 audit(1745400177.725:849): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8384 comm="syz.1.494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ccb98e169 code=0x7ffc0000
[  241.299944][   T30] audit: type=1326 audit(1745400177.725:850): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8384 comm="syz.1.494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ccb98e169 code=0x7ffc0000
[  241.330695][   T30] audit: type=1326 audit(1745400177.725:851): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8384 comm="syz.1.494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f5ccb98e169 code=0x7ffc0000
[  241.355237][   T30] audit: type=1326 audit(1745400177.725:852): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8384 comm="syz.1.494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ccb98e169 code=0x7ffc0000
[  241.407612][ T8386] netlink: 8 bytes leftover after parsing attributes in process `syz.1.494'.
[  241.416488][   T30] audit: type=1326 audit(1745400177.725:853): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8384 comm="syz.1.494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f5ccb98e169 code=0x7ffc0000
[  241.416529][   T30] audit: type=1326 audit(1745400177.725:854): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8384 comm="syz.1.494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ccb98e169 code=0x7ffc0000
[  241.439907][ T8386] netlink: 4 bytes leftover after parsing attributes in process `syz.1.494'.
[  241.472248][   T30] audit: type=1326 audit(1745400177.725:855): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8384 comm="syz.1.494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ccb98e169 code=0x7ffc0000
[  241.496533][   T30] audit: type=1326 audit(1745400177.725:856): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8384 comm="syz.1.494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f5ccb98e169 code=0x7ffc0000
[  241.521779][   T30] audit: type=1326 audit(1745400177.725:857): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8384 comm="syz.1.494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ccb98e169 code=0x7ffc0000
[  242.898041][   T55] Bluetooth: hci2: command tx timeout
[  244.671397][ T5836] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  244.680562][ T5836] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  244.689350][ T5836] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  244.698011][ T5836] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  244.705669][ T5836] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  244.978609][   T55] Bluetooth: hci2: command tx timeout
[  246.737302][   T55] Bluetooth: hci6: command tx timeout
[  247.057527][   T55] Bluetooth: hci2: command tx timeout
[  248.827662][   T55] Bluetooth: hci6: command tx timeout
[  250.897662][   T55] Bluetooth: hci6: command tx timeout
[  252.986359][   T55] Bluetooth: hci6: command tx timeout
[  255.179444][ T5836] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  255.189093][ T5836] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  255.197257][ T5836] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  255.207728][ T5836] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  255.216335][ T5836] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  255.228933][ T1295] ieee802154 phy0 wpan0: encryption failed: -22
[  255.235398][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[  257.179013][   T55] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1
[  257.188441][   T55] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9
[  257.196771][   T55] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9
[  257.205186][   T55] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4
[  257.216816][   T55] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2
[  257.295783][ T5836] Bluetooth: hci7: command tx timeout
[  259.295486][ T5836] Bluetooth: hci8: command tx timeout
[  259.375633][ T5836] Bluetooth: hci7: command tx timeout
[  261.375292][ T5836] Bluetooth: hci8: command tx timeout
[  261.455450][ T5836] Bluetooth: hci7: command tx timeout
[  263.455146][ T5836] Bluetooth: hci8: command tx timeout
[  263.545078][ T5836] Bluetooth: hci7: command tx timeout
[  264.172897][   T55] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1
[  264.188932][   T55] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9
[  264.196933][   T55] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9
[  264.204611][   T55] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4
[  264.212383][   T55] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2
[  265.534719][ T5836] Bluetooth: hci8: command tx timeout
[  266.254787][ T5836] Bluetooth: hci9: command tx timeout
[  268.344399][ T5836] Bluetooth: hci9: command tx timeout
[  270.424150][ T5836] Bluetooth: hci9: command tx timeout
[  272.494235][ T5836] Bluetooth: hci9: command tx timeout
[  277.773483][   T55] Bluetooth: hci5: command 0x0406 tx timeout
[  298.174637][   T55] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1
[  298.183662][   T55] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9
[  298.192810][   T55] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9
[  298.201906][   T55] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4
[  298.209431][   T55] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2
[  300.250978][ T5836] Bluetooth: hci10: command tx timeout
[  302.330665][ T5836] Bluetooth: hci10: command tx timeout
[  304.410189][ T5836] Bluetooth: hci10: command tx timeout
[  305.174344][   T55] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1
[  305.182871][   T55] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9
[  305.194335][   T55] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9
[  305.203557][   T55] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4
[  305.213505][   T55] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2
[  306.489914][ T5836] Bluetooth: hci10: command tx timeout
[  307.299806][ T5836] Bluetooth: hci11: command tx timeout
[  309.370014][ T5836] Bluetooth: hci11: command tx timeout
[  311.449562][ T5836] Bluetooth: hci11: command tx timeout
[  313.529858][ T5836] Bluetooth: hci11: command tx timeout
[  315.679551][   T55] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1
[  315.695434][   T55] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9
[  315.703697][   T55] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9
[  315.713574][   T55] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4
[  315.723356][   T55] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2
[  316.660735][ T1295] ieee802154 phy0 wpan0: encryption failed: -22
[  316.667398][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[  317.769684][   T55] Bluetooth: hci12: command tx timeout
[  318.178988][ T5836] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1
[  318.187282][ T5836] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9
[  318.195492][ T5836] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9
[  318.203488][ T5836] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4
[  318.211993][ T5836] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2
[  319.851623][ T5836] Bluetooth: hci12: command tx timeout
[  320.248298][ T5836] Bluetooth: hci13: command tx timeout
[  321.928593][ T5836] Bluetooth: hci12: command tx timeout
[  322.328072][ T5836] Bluetooth: hci13: command tx timeout
[  324.008259][ T5836] Bluetooth: hci12: command tx timeout
[  324.407924][ T5836] Bluetooth: hci13: command tx timeout
[  324.599722][   T55] Bluetooth: hci14: unexpected cc 0x0c03 length: 249 > 1
[  324.607476][   T55] Bluetooth: hci14: unexpected cc 0x1003 length: 249 > 9
[  324.615886][   T55] Bluetooth: hci14: unexpected cc 0x1001 length: 249 > 9
[  324.624014][   T55] Bluetooth: hci14: unexpected cc 0x0c23 length: 249 > 4
[  324.633934][   T55] Bluetooth: hci14: unexpected cc 0x0c38 length: 249 > 2
[  326.487592][   T55] Bluetooth: hci13: command tx timeout
[  326.647581][   T55] Bluetooth: hci14: command tx timeout
[  328.727280][ T5836] Bluetooth: hci14: command tx timeout
[  328.967566][ T5836] Bluetooth: hci0: command 0x040f tx timeout
[  330.807263][   T55] Bluetooth: hci14: command tx timeout
[  332.886792][   T55] Bluetooth: hci14: command tx timeout
[  358.262938][ T5836] Bluetooth: hci15: unexpected cc 0x0c03 length: 249 > 1
[  358.271187][ T5836] Bluetooth: hci15: unexpected cc 0x1003 length: 249 > 9
[  358.280492][ T5836] Bluetooth: hci15: unexpected cc 0x1001 length: 249 > 9
[  358.288360][ T5836] Bluetooth: hci15: unexpected cc 0x0c23 length: 249 > 4
[  358.297837][ T5836] Bluetooth: hci15: unexpected cc 0x0c38 length: 249 > 2
[  360.323838][ T5836] Bluetooth: hci15: command tx timeout
[  362.403343][ T5836] Bluetooth: hci15: command tx timeout
[  364.483116][   T55] Bluetooth: hci15: command tx timeout
[  364.803330][   T55] Bluetooth: hci2: command 0x0406 tx timeout
[  365.260629][   T55] Bluetooth: hci16: unexpected cc 0x0c03 length: 249 > 1
[  365.269096][   T55] Bluetooth: hci16: unexpected cc 0x1003 length: 249 > 9
[  365.277704][   T55] Bluetooth: hci16: unexpected cc 0x1001 length: 249 > 9
[  365.289150][   T55] Bluetooth: hci16: unexpected cc 0x0c23 length: 249 > 4
[  365.297013][   T55] Bluetooth: hci16: unexpected cc 0x0c38 length: 249 > 2
[  366.563643][ T5836] Bluetooth: hci15: command tx timeout
[  367.362934][ T5836] Bluetooth: hci16: command tx timeout
[  369.442617][   T55] Bluetooth: hci16: command tx timeout
[  369.922511][   T55] Bluetooth: hci6: command 0x0406 tx timeout
[  371.522340][ T5836] Bluetooth: hci16: command tx timeout
[  373.603058][ T5836] Bluetooth: hci16: command tx timeout
[  375.973333][   T55] Bluetooth: hci17: unexpected cc 0x0c03 length: 249 > 1
[  375.982100][   T55] Bluetooth: hci17: unexpected cc 0x1003 length: 249 > 9
[  375.992763][   T55] Bluetooth: hci17: unexpected cc 0x1001 length: 249 > 9
[  376.000865][   T55] Bluetooth: hci17: unexpected cc 0x0c23 length: 249 > 4
[  376.013656][   T55] Bluetooth: hci17: unexpected cc 0x0c38 length: 249 > 2
[  378.084526][ T1295] ieee802154 phy0 wpan0: encryption failed: -22
[  378.087831][ T5836] Bluetooth: hci17: command tx timeout
[  378.090815][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[  378.470389][   T55] Bluetooth: hci18: unexpected cc 0x0c03 length: 249 > 1
[  378.481372][   T55] Bluetooth: hci18: unexpected cc 0x1003 length: 249 > 9
[  378.490052][   T55] Bluetooth: hci18: unexpected cc 0x1001 length: 249 > 9
[  378.500434][   T55] Bluetooth: hci18: unexpected cc 0x0c23 length: 249 > 4
[  378.508417][   T55] Bluetooth: hci18: unexpected cc 0x0c38 length: 249 > 2
[  379.362009][   T31] INFO: task kworker/0:2:974 blocked for more than 143 seconds.
[  379.369665][   T31]       Not tainted 6.15.0-rc3-syzkaller-00019-gbc3372351d0c #0
[  379.377347][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  379.387133][   T31] task:kworker/0:2     state:D stack:22616 pid:974   tgid:974   ppid:2      task_flags:0x4208060 flags:0x00004000
[  379.399253][   T31] Workqueue: usb_hub_wq hub_event
[  379.404311][   T31] Call Trace:
[  379.407948][   T31]  <TASK>
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  379.410878][   T31]  __schedule+0x116f/0x5de0
[  379.415408][   T31]  ? number+0x9aa/0xc70
[  379.419731][   T31]  ? __lock_acquire+0x5ca/0x1ba0
[  379.424738][   T31]  ? __pfx___schedule+0x10/0x10
[  379.429766][   T31]  ? find_held_lock+0x2b/0x80
[  379.461682][   T31]  ? schedule+0x2d7/0x3a0
[  379.466032][   T31]  schedule+0xe7/0x3a0
[  379.479471][   T31]  schedule_timeout+0x257/0x290
[  379.487469][   T31]  ? __pfx_schedule_timeout+0x10/0x10
[  379.493348][   T31]  ? mark_held_locks+0x49/0x80
[  379.498250][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  379.503483][   T31]  __wait_for_common+0x2fc/0x4e0
[  379.508784][   T31]  ? __pfx_schedule_timeout+0x10/0x10
[  379.514226][   T31]  ? __pfx___wait_for_common+0x10/0x10
[  379.519685][   T31]  ? devtmpfs_submit_req+0x94/0x100
[  379.524896][   T31]  devtmpfs_submit_req+0xa8/0x100
[  379.530124][   T31]  devtmpfs_create_node+0x18a/0x230
[  379.536645][   T31]  ? __pfx_devtmpfs_create_node+0x10/0x10
[  379.542425][   T31]  ? up_write+0x1b2/0x520
[  379.546754][   T31]  ? kernfs_create_link+0x1bd/0x240
[  379.551974][   T31]  ? kernfs_put+0x35/0x60
[  379.556301][   T31]  ? sysfs_do_create_link_sd+0xbb/0x140
[  379.561857][   T31]  device_add+0x10bd/0x1a70
[  379.566351][   T31]  ? __pfx_device_add+0x10/0x10
[  379.571172][   T31]  ? usb_detect_static_quirks+0x335/0x3e0
[  379.576928][   T31]  ? __usb_get_extra_descriptor+0x158/0x1c0
[  379.582888][   T31]  usb_new_device+0xd07/0x1a20
[  379.587664][   T31]  ? do_raw_spin_lock+0x12c/0x2b0
[  379.592718][   T31]  ? __pfx_usb_new_device+0x10/0x10
[  379.597926][   T31]  ? mark_held_locks+0x49/0x80
[  379.602807][   T31]  hub_event+0x2eb7/0x4fa0
[  379.607250][   T31]  ? __pfx_hub_event+0x10/0x10
[  379.612588][   T31]  ? debug_object_deactivate+0x1ec/0x3a0
[  379.618236][   T31]  ? rcu_is_watching+0x12/0xc0
[  379.623097][   T31]  process_one_work+0x9cc/0x1b70
[  379.628050][   T31]  ? __pfx_hcd_resume_work+0x10/0x10
[  379.634759][   T31]  ? __pfx_process_one_work+0x10/0x10
[  379.640146][   T31]  ? assign_work+0x1a0/0x250
[  379.644792][   T31]  worker_thread+0x6c8/0xf10
[  379.649381][   T31]  ? __kthread_parkme+0x19e/0x250
[  379.654463][   T31]  ? __pfx_worker_thread+0x10/0x10
[  379.659568][   T31]  kthread+0x3c2/0x780
[  379.663681][   T31]  ? __pfx_kthread+0x10/0x10
[  379.668268][   T31]  ? __pfx_kthread+0x10/0x10
[  379.672888][   T31]  ? __pfx_kthread+0x10/0x10
[  379.677479][   T31]  ? __pfx_kthread+0x10/0x10
[  379.682496][   T31]  ? rcu_is_watching+0x12/0xc0
[  379.687259][   T31]  ? __pfx_kthread+0x10/0x10
[  379.691917][   T31]  ret_from_fork+0x45/0x80
[  379.696329][   T31]  ? __pfx_kthread+0x10/0x10
[  379.700908][   T31]  ret_from_fork_asm+0x1a/0x30
[  379.705745][   T31]  </TASK>
[  379.708814][   T31] INFO: task kworker/1:3:5824 blocked for more than 143 seconds.
[  379.717027][   T31]       Not tainted 6.15.0-rc3-syzkaller-00019-gbc3372351d0c #0
[  379.724676][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  379.733386][   T31] task:kworker/1:3     state:D stack:25808 pid:5824  tgid:5824  ppid:2      task_flags:0x4288060 flags:0x00004000
[  379.746059][   T31] Workqueue: usb_hub_wq hub_event
[  379.751094][   T31] Call Trace:
[  379.755357][   T31]  <TASK>
[  379.758304][   T31]  __schedule+0x116f/0x5de0
[  379.762992][   T31]  ? find_held_lock+0x2b/0x80
[  379.767672][   T31]  ? __pfx___schedule+0x10/0x10
[  379.772569][   T31]  ? find_held_lock+0x2b/0x80
[  379.777256][   T31]  ? schedule+0x2d7/0x3a0
[  379.781618][   T31]  schedule+0xe7/0x3a0
[  379.785681][   T31]  schedule_timeout+0x257/0x290
[  379.790505][   T31]  ? __pfx_schedule_timeout+0x10/0x10
[  379.795932][   T31]  ? mark_held_locks+0x49/0x80
[  379.800702][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  379.805963][   T31]  __wait_for_common+0x2fc/0x4e0
[  379.810896][   T31]  ? __pfx_schedule_timeout+0x10/0x10
[  379.816744][   T31]  ? __pfx___wait_for_common+0x10/0x10
[  379.822264][   T31]  ? devtmpfs_submit_req+0x94/0x100
[  379.827465][   T31]  devtmpfs_submit_req+0xa8/0x100
[  379.832527][   T31]  devtmpfs_delete_node+0xf6/0x160
[  379.837765][   T31]  ? __pfx_devtmpfs_delete_node+0x10/0x10
[  379.843665][   T31]  ? kobject_put+0xab/0x5a0
[  379.848168][   T31]  ? __pfx_klist_children_put+0x10/0x10
[  379.853757][   T31]  ? klist_children_put+0x44/0x60
[  379.858772][   T31]  ? klist_put+0xf9/0x1b0
[  379.863138][   T31]  device_del+0x734/0x9f0
[  379.867473][   T31]  ? __pfx_device_del+0x10/0x10
[  379.872382][   T31]  device_unregister+0x1d/0xc0
[  379.877147][   T31]  device_destroy+0x99/0xe0
[  379.881686][   T31]  ? __pfx_device_destroy+0x10/0x10
[  379.886885][   T31]  ? sound_remove_unit+0xf2/0x210
[  379.891954][   T31]  ? do_raw_spin_unlock+0x172/0x230
[  379.897147][   T31]  sound_remove_unit+0x13f/0x210
[  379.902111][   T31]  snd_unregister_oss_device+0x133/0x2a0
[  379.907745][   T31]  snd_mixer_oss_notify_handler+0x403/0xa50
[  379.913667][   T31]  ? __pfx_snd_mixer_oss_notify_handler+0x10/0x10
[  379.920533][   T31]  snd_card_disconnect.part.0+0x37b/0x810
[  379.926309][   T31]  ? __pfx_snd_card_disconnect.part.0+0x10/0x10
[  379.932591][   T31]  ? __pfx___might_resched+0x10/0x10
[  379.937891][   T31]  ? find_held_lock+0x2b/0x80
[  379.942809][   T31]  snd_card_disconnect+0x1f/0x30
[  379.947751][   T31]  usb_audio_disconnect+0x350/0x890
[  379.952979][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[  379.958178][   T31]  ? _raw_spin_unlock_irq+0x2e/0x50
[  379.963409][   T31]  ? __pfx_usb_audio_disconnect+0x10/0x10
[  379.969132][   T31]  ? usb_disable_interface+0x204/0x4c0
[  379.974625][   T31]  usb_unbind_interface+0x1da/0x9a0
[  379.979817][   T31]  ? kernfs_remove_by_name_ns+0xbe/0x110
[  379.985467][   T31]  ? __pfx_usb_unbind_interface+0x10/0x10
[  379.991179][   T31]  device_remove+0x122/0x170
[  379.996017][   T31]  device_release_driver_internal+0x44b/0x620
[  380.002499][   T31]  bus_remove_device+0x22f/0x420
[  380.007448][   T31]  device_del+0x396/0x9f0
[  380.011805][   T31]  ? __pfx_device_del+0x10/0x10
[  380.016655][   T31]  ? kobject_put+0x210/0x5a0
[  380.022049][   T31]  usb_disable_device+0x355/0x7d0
[  380.027086][   T31]  usb_disconnect+0x2e1/0x920
[  380.031813][   T31]  hub_event+0x1c57/0x4fa0
[  380.036247][   T31]  ? __lock_acquire+0xaa4/0x1ba0
[  380.041190][   T31]  ? __pfx_hub_event+0x10/0x10
[  380.046164][   T31]  ? debug_object_deactivate+0x1ec/0x3a0
[  380.051858][   T31]  ? rcu_is_watching+0x12/0xc0
[  380.056620][   T31]  process_one_work+0x9cc/0x1b70
[  380.061589][   T31]  ? __pfx_process_one_work+0x10/0x10
[  380.066962][   T31]  ? assign_work+0x1a0/0x250
[  380.071572][   T31]  worker_thread+0x6c8/0xf10
[  380.076173][   T31]  ? __kthread_parkme+0x19e/0x250
[  380.081244][   T31]  ? __pfx_worker_thread+0x10/0x10
[  380.086349][   T31]  kthread+0x3c2/0x780
[  380.090394][   T31]  ? __pfx_kthread+0x10/0x10
[  380.095059][   T31]  ? __pfx_kthread+0x10/0x10
[  380.099640][   T31]  ? __pfx_kthread+0x10/0x10
[  380.104230][   T31]  ? __pfx_kthread+0x10/0x10
[  380.108821][   T31]  ? rcu_is_watching+0x12/0xc0
[  380.113611][   T31]  ? __pfx_kthread+0x10/0x10
[  380.118215][   T31]  ret_from_fork+0x45/0x80
[  380.123199][   T31]  ? __pfx_kthread+0x10/0x10
[  380.127795][   T31]  ret_from_fork_asm+0x1a/0x30
[  380.132597][   T31]  </TASK>
[  380.135619][   T31] INFO: task kworker/1:4:5870 blocked for more than 144 seconds.
[  380.146350][   T31]       Not tainted 6.15.0-rc3-syzkaller-00019-gbc3372351d0c #0
[  380.154017][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  380.164905][   T55] Bluetooth: hci17: command tx timeout
[  380.164943][   T31] task:kworker/1:4     state:D
[  380.170391][   T55] Bluetooth: hci7: command 0x0406 tx timeout
[  380.170403][   T31]  stack:22632 pid:5870  tgid:5870  ppid:2      task_flags:0x4288060 flags:0x00004000
[  380.175213][ T5138] Bluetooth: hci8: command 0x0406 tx timeout
[  380.181176][   T31] Workqueue: md_misc mddev_delayed_delete
[  380.202507][   T31] Call Trace:
[  380.205774][   T31]  <TASK>
[  380.208682][   T31]  __schedule+0x116f/0x5de0
[  380.213237][   T31]  ? __lock_acquire+0xa91/0x1ba0
[  380.218171][   T31]  ? __pfx___schedule+0x10/0x10
[  380.223037][   T31]  ? find_held_lock+0x2b/0x80
[  380.228106][   T31]  ? schedule+0x2d7/0x3a0
[  380.232471][   T31]  schedule+0xe7/0x3a0
[  380.236543][   T31]  schedule_timeout+0x257/0x290
[  380.241763][   T31]  ? __pfx_schedule_timeout+0x10/0x10
[  380.247553][   T31]  ? mark_held_locks+0x49/0x80
[  380.252413][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  380.257608][   T31]  __wait_for_common+0x2fc/0x4e0
[  380.262624][   T31]  ? __pfx_schedule_timeout+0x10/0x10
[  380.267996][   T31]  ? __pfx___wait_for_common+0x10/0x10
[  380.273529][   T31]  ? devtmpfs_submit_req+0x94/0x100
[  380.278729][   T31]  devtmpfs_submit_req+0xa8/0x100
[  380.283788][   T31]  devtmpfs_delete_node+0xf6/0x160
[  380.288904][   T31]  ? __pfx_devtmpfs_delete_node+0x10/0x10
[  380.294694][   T31]  ? __call_rcu_common.constprop.0+0x3e5/0x9f0
[  380.300846][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[  380.306107][   T31]  ? kernfs_put+0x4e/0x60
[  380.310432][   T31]  ? sysfs_remove_group+0xc6/0x180
[  380.315642][   T31]  device_del+0x734/0x9f0
[  380.319979][   T31]  ? __pfx_device_del+0x10/0x10
[  380.324875][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[  380.330377][   T31]  ? _raw_spin_unlock_irq+0x2e/0x50
[  380.335642][   T31]  del_gendisk+0x486/0xc40
[  380.340056][   T31]  ? __pfx_del_gendisk+0x10/0x10
[  380.345157][   T31]  ? kernfs_put.part.0+0x18b/0x630
[  380.350534][   T31]  md_kobj_release+0xb2/0x100
[  380.355312][   T31]  kobject_put+0x1e4/0x5a0
[  380.359729][   T31]  process_one_work+0x9cc/0x1b70
[  380.364714][   T31]  ? __pfx_disk_events_workfn+0x10/0x10
[  380.370260][   T31]  ? __pfx_process_one_work+0x10/0x10
[  380.375708][   T31]  ? assign_work+0x1a0/0x250
[  380.380301][   T31]  worker_thread+0x6c8/0xf10
[  380.384938][   T31]  ? __pfx_worker_thread+0x10/0x10
[  380.390052][   T31]  kthread+0x3c2/0x780
[  380.394174][   T31]  ? __pfx_kthread+0x10/0x10
[  380.398755][   T31]  ? __pfx_kthread+0x10/0x10
[  380.403526][   T31]  ? __pfx_kthread+0x10/0x10
[  380.408108][   T31]  ? __pfx_kthread+0x10/0x10
[  380.412744][   T31]  ? rcu_is_watching+0x12/0xc0
[  380.417505][   T31]  ? __pfx_kthread+0x10/0x10
[  380.422119][   T31]  ret_from_fork+0x45/0x80
[  380.426526][   T31]  ? __pfx_kthread+0x10/0x10
[  380.431555][   T31]  ret_from_fork_asm+0x1a/0x30
[  380.436346][   T31]  </TASK>
[  380.439378][   T31] INFO: task syz-executor:7828 blocked for more than 144 seconds.
[  380.450734][   T31]       Not tainted 6.15.0-rc3-syzkaller-00019-gbc3372351d0c #0
[  380.460082][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  380.469133][   T31] task:syz-executor    state:D stack:24360 pid:7828  tgid:7828  ppid:1      task_flags:0x400140 flags:0x00000004
[  380.481248][   T31] Call Trace:
[  380.484519][   T31]  <TASK>
[  380.487425][   T31]  __schedule+0x116f/0x5de0
[  380.492034][   T31]  ? register_lock_class+0x41/0x4c0
[  380.497237][   T31]  ? __lock_acquire+0x5ca/0x1ba0
[  380.502221][   T31]  ? __pfx___schedule+0x10/0x10
[  380.507077][   T31]  ? find_held_lock+0x2b/0x80
[  380.512067][   T31]  ? schedule+0x2d7/0x3a0
[  380.516403][   T31]  schedule+0xe7/0x3a0
[  380.520461][   T31]  schedule_preempt_disabled+0x13/0x30
[  380.525959][   T31]  rwsem_down_write_slowpath+0x524/0x1310
[  380.532411][   T31]  ? __pfx_rwsem_down_write_slowpath+0x10/0x10
[  380.538576][   T31]  ? __pfx___might_resched+0x10/0x10
[  380.543951][   T31]  down_write_nested+0x1da/0x210
[  380.548895][   T31]  ? __pfx_down_write_nested+0x10/0x10
[  380.554541][   T31]  ? mnt_get_write_access+0x20c/0x300
[  380.559918][   T31]  ? mnt_want_write+0x161/0x450
[  380.565314][ T5138] Bluetooth: hci18: command tx timeout
[  380.571620][   T31]  filename_create+0x1bb/0x4a0
[  380.576398][   T31]  ? __pfx_filename_create+0x10/0x10
[  380.581744][   T31]  ? find_held_lock+0x2b/0x80
[  380.586525][   T31]  do_mkdirat+0xaa/0x3e0
[  380.590745][   T31]  ? __pfx_do_mkdirat+0x10/0x10
[  380.595720][   T31]  ? getname_flags.part.0+0x1c5/0x550
[  380.601238][   T31]  ? rcu_is_watching+0x12/0xc0
[  380.606013][   T31]  __x64_sys_mkdirat+0x83/0xb0
[  380.610770][   T31]  do_syscall_64+0xcd/0x260
[  380.615292][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  380.621248][   T31] RIP: 0033:0x7fe86ed8c9d7
[  380.625661][   T31] RSP: 002b:00007fff698fdaf8 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[  380.634583][   T31] RAX: ffffffffffffffda RBX: 00007fe86ee110fa RCX: 00007fe86ed8c9d7
[  380.642607][   T31] RDX: 00000000000001ff RSI: 00007fe86ee110fa RDI: 00000000ffffff9c
[  380.650567][   T31] RBP: 00007fe86ee11074 R08: 0000000000000000 R09: 00007fe86efb6738
[  380.658993][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe86edec1a8
[  380.667001][   T31] R13: 00007fe86edec180 R14: 0000000000000009 R15: 0000000000000000
[  380.675069][   T31]  </TASK>
[  380.678094][   T31] INFO: task syz.2.444:8199 blocked for more than 144 seconds.
[  380.685866][   T31]       Not tainted 6.15.0-rc3-syzkaller-00019-gbc3372351d0c #0
[  380.693503][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  380.702178][   T31] task:syz.2.444       state:D stack:26360 pid:8199  tgid:8198  ppid:5822   task_flags:0x400140 flags:0x00004006
[  380.714152][   T31] Call Trace:
[  380.717417][   T31]  <TASK>
[  380.720324][   T31]  __schedule+0x116f/0x5de0
[  380.724835][   T31]  ? __pfx_widen_string+0x10/0x10
[  380.729860][   T31]  ? __lock_acquire+0x5ca/0x1ba0
[  380.734841][   T31]  ? __pfx___schedule+0x10/0x10
[  380.740002][   T31]  ? find_held_lock+0x2b/0x80
[  380.744708][   T31]  ? schedule+0x2d7/0x3a0
[  380.749031][   T31]  schedule+0xe7/0x3a0
[  380.753157][   T31]  schedule_timeout+0x257/0x290
[  380.758009][   T31]  ? __pfx_schedule_timeout+0x10/0x10
[  380.763858][   T31]  ? mark_held_locks+0x49/0x80
[  380.768620][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  380.773842][   T31]  __wait_for_common+0x2fc/0x4e0
[  380.778775][   T31]  ? __pfx_schedule_timeout+0x10/0x10
[  380.784165][   T31]  ? __pfx___wait_for_common+0x10/0x10
[  380.789622][   T31]  ? devtmpfs_submit_req+0x94/0x100
[  380.795023][   T31]  devtmpfs_submit_req+0xa8/0x100
[  380.800046][   T31]  devtmpfs_create_node+0x18a/0x230
[  380.805260][   T31]  ? __pfx_devtmpfs_create_node+0x10/0x10
[  380.810973][   T31]  ? up_write+0x1b2/0x520
[  380.815329][   T31]  ? kernfs_create_link+0x1bd/0x240
[  380.820712][   T31]  ? kernfs_put+0x35/0x60
[  380.825081][   T31]  ? sysfs_do_create_link_sd+0xbb/0x140
[  380.830618][   T31]  device_add+0x10bd/0x1a70
[  380.835163][   T31]  ? __pfx_device_add+0x10/0x10
[  380.840301][   T31]  ? __pfx_exact_lock+0x10/0x10
[  380.845179][   T31]  ? kobject_get+0xbb/0x150
[  380.849682][   T31]  cdev_device_add+0xc2/0x1e0
[  380.854401][   T31]  evdev_connect+0x3a4/0x4c0
[  380.858990][   T31]  input_attach_handler.isra.0+0x181/0x260
[  380.865171][   T31]  input_register_device+0xa84/0x1130
[  380.870555][   T31]  uinput_ioctl_handler.isra.0+0x1357/0x1df0
[  380.876573][   T31]  ? ioctl_has_perm.constprop.0.isra.0+0x2fe/0x450
[  380.883214][   T31]  ? __pfx_uinput_ioctl_handler.isra.0+0x10/0x10
[  380.889538][   T31]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  380.896455][   T31]  ? selinux_file_ioctl+0x180/0x270
[  380.901768][   T31]  ? selinux_file_ioctl+0xb4/0x270
[  380.906861][   T31]  ? __pfx_uinput_ioctl+0x10/0x10
[  380.911932][   T31]  __x64_sys_ioctl+0x190/0x200
[  380.916703][   T31]  do_syscall_64+0xcd/0x260
[  380.921243][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  380.927111][   T31] RIP: 0033:0x7fee7278e169
[  380.931545][   T31] RSP: 002b:00007fee736e4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  380.939948][   T31] RAX: ffffffffffffffda RBX: 00007fee729b5fa0 RCX: 00007fee7278e169
[  380.948438][   T31] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000004
[  380.956466][   T31] RBP: 00007fee72810a68 R08: 0000000000000000 R09: 0000000000000000
[  380.964866][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  380.972873][   T31] R13: 0000000000000000 R14: 00007fee729b5fa0 R15: 00007fff4806c6b8
[  380.980838][   T31]  </TASK>
[  380.983908][   T31] INFO: task syz.5.469:8286 blocked for more than 144 seconds.
[  380.991914][   T31]       Not tainted 6.15.0-rc3-syzkaller-00019-gbc3372351d0c #0
[  381.001062][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  381.011023][   T31] task:syz.5.469       state:D stack:27176 pid:8286  tgid:8285  ppid:6351   task_flags:0x400040 flags:0x00000004
[  381.023348][   T31] Call Trace:
[  381.026625][   T31]  <TASK>
[  381.029550][   T31]  __schedule+0x116f/0x5de0
[  381.034268][   T31]  ? __lock_acquire+0x5ca/0x1ba0
[  381.039201][   T31]  ? __pfx___schedule+0x10/0x10
[  381.044504][   T31]  ? find_held_lock+0x2b/0x80
[  381.049180][   T31]  ? schedule+0x2d7/0x3a0
[  381.053578][   T31]  schedule+0xe7/0x3a0
[  381.057643][   T31]  schedule_preempt_disabled+0x13/0x30
[  381.063170][   T31]  rwsem_down_read_slowpath+0x62f/0xb60
[  381.068982][   T31]  ? __pfx_rwsem_down_read_slowpath+0x10/0x10
[  381.075115][   T31]  ? __pfx___might_resched+0x10/0x10
[  381.080396][   T31]  ? find_held_lock+0x2b/0x80
[  381.085100][   T31]  down_read+0xef/0x480
[  381.089251][   T31]  ? mnt_get_write_access+0x54/0x300
[  381.094552][   T31]  ? __pfx_down_read+0x10/0x10
[  381.099312][   T31]  ? mnt_get_write_access+0x20c/0x300
[  381.104705][   T31]  path_openat+0x88a/0x2d40
[  381.109203][   T31]  ? __pfx_path_openat+0x10/0x10
[  381.114190][   T31]  do_filp_open+0x20b/0x470
[  381.118690][   T31]  ? __pfx_do_filp_open+0x10/0x10
[  381.123830][   T31]  ? alloc_fd+0x471/0x7d0
[  381.128152][   T31]  do_sys_openat2+0x11b/0x1d0
[  381.132999][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[  381.138195][   T31]  ? __sys_sendmsg+0x199/0x220
[  381.143009][   T31]  __x64_sys_openat+0x174/0x210
[  381.148444][   T31]  ? __pfx___x64_sys_openat+0x10/0x10
[  381.153902][   T31]  do_syscall_64+0xcd/0x260
[  381.158407][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  381.164320][   T31] RIP: 0033:0x7f9f0b38cad0
[  381.168988][   T31] RSP: 002b:00007f9f091f5b70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  381.177425][   T31] RAX: ffffffffffffffda RBX: 0000000000000801 RCX: 00007f9f0b38cad0
[  381.185415][   T31] RDX: 0000000000000801 RSI: 00007f9f091f5c10 RDI: 00000000ffffff9c
[  381.193435][   T31] RBP: 00007f9f091f5c10 R08: 0000000000000000 R09: 00232d6332692f76
[  381.202930][   T31] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  381.210905][   T31] R13: 0000000000000000 R14: 00007f9f0b5b5fa0 R15: 00007ffed590a228
[  381.220210][   T31]  </TASK>
[  381.223388][   T31] 
[  381.223388][   T31] Showing all locks held in the system:
[  381.231373][   T31] 3 locks held by kworker/0:1/10:
[  381.236378][   T31]  #0: ffff88801b479d48 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[  381.248799][   T31]  #1: ffffc900000f7d18 ((reg_check_chans).work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[  381.259393][   T31]  #2: ffffffff9012aea8 (rtnl_mutex){+.+.}-{4:4}, at: reg_check_chans_work+0x83/0x1170
[  381.269191][   T31] 2 locks held by kdevtmpfs/26:
[  381.274247][   T31]  #0: ffff88801c6d8950 (&type->i_mutex_dir_key/1){+.+.}-{4:4}, at: __kern_path_locked+0x132/0x2a0
[  381.285212][   T31]  #1: ffffffff8eef43a8 (major_names_lock){+.+.}-{4:4}, at: blk_probe_dev+0x25/0x1a0
[  381.294769][   T31] 1 lock held by khungtaskd/31:
[  381.299603][   T31]  #0: ffffffff8e3bf5c0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0
[  381.309457][   T31] 3 locks held by kworker/u8:2/36:
[  381.314571][   T31]  #0: ffff88801b481148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[  381.325742][   T31]  #1: ffffc90000ad7d18 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[  381.336112][   T31]  #2: ffffffff9012aea8 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0x51/0xc0
[  381.345216][   T31] 3 locks held by kworker/0:2/974:
[  381.350311][   T31]  #0: ffff88801f282d48 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[  381.361735][   T31]  #1: ffffc900038e7d18 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[  381.373202][   T31]  #2: ffff888029227198 (&dev->mutex){....}-{4:4}, at: hub_event+0x1c0/0x4fa0
[  381.382152][   T31] 2 locks held by kworker/u8:8/3564:
[  381.387428][   T31] 2 locks held by getty/5590:
[  381.392128][   T31]  #0: ffff888036b7a0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80
[  381.401897][   T31]  #1: ffffc9000332e2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x14f0
[  381.411995][   T31] 7 locks held by kworker/1:3/5824:
[  381.417179][   T31]  #0: ffff88801f282d48 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[  381.428017][   T31]  #1: ffffc90003027d18 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[  381.439258][   T31]  #2: ffff8881457df198 (&dev->mutex){....}-{4:4}, at: hub_event+0x1c0/0x4fa0
[  381.448164][   T31]  #3: ffff888024efb198 (&dev->mutex){....}-{4:4}, at: usb_disconnect+0x10a/0x920
[  381.457984][   T31]  #4: ffff88805ff12160 (&dev->mutex){....}-{4:4}, at: device_release_driver_internal+0xa4/0x620
[  381.468579][   T31]  #5: ffffffff900667c8 (register_mutex#7){+.+.}-{4:4}, at: usb_audio_disconnect+0xe9/0x890
[  381.478816][   T31]  #6: ffffffff8ffdb808 (sound_oss_mutex){+.+.}-{4:4}, at: snd_unregister_oss_device+0x96/0x2a0
[  381.489307][   T31] 2 locks held by kworker/1:4/5870:
[  381.494510][   T31]  #0: ffff88801f283948 ((wq_completion)md_misc){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[  381.505098][   T31]  #1: ffffc900044afd18 ((work_completion)(&mddev->del_work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[  381.516687][   T31] 3 locks held by kworker/0:6/5948:
[  381.522102][   T31]  #0: ffff88801b478d48 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[  381.533212][   T31]  #1: ffffc90001587d18 (deferred_process_work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[  381.543776][   T31]  #2: ffffffff9012aea8 (rtnl_mutex){+.+.}-{4:4}, at: switchdev_deferred_process_work+0xe/0x20
[  381.554331][   T31] 3 locks held by kworker/u8:10/6113:
[  381.560092][   T31]  #0: ffff88814d029948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[  381.571444][   T31]  #1: ffffc9000b72fd18 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[  381.584762][   T31]  #2: ffffffff9012aea8 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x12/0x30
[  381.594324][   T31] 2 locks held by syz-executor/7828:
[  381.599588][   T31]  #0: ffff88814128e420 (sb_writers){.+.+}-{0:0}, at: filename_create+0x10e/0x4a0
[  381.608809][   T31]  #1: ffff88801c6d8950 (&type->i_mutex_dir_key/1){+.+.}-{4:4}, at: filename_create+0x1bb/0x4a0
[  381.619275][   T31] 2 locks held by syz.2.444/8199:
[  381.624362][   T31]  #0: ffff888060626870 (&newdev->mutex){+.+.}-{4:4}, at: uinput_ioctl_handler.isra.0+0xcb/0x1df0
[  381.635024][   T31]  #1: ffffffff8f965128 (input_mutex){+.+.}-{4:4}, at: input_register_device+0x98a/0x1130
[  381.644980][   T31] 2 locks held by syz.5.469/8286:
[  381.649992][   T31]  #0: ffff88814128e420 (sb_writers){.+.+}-{0:0}, at: path_openat+0x1f3e/0x2d40
[  381.659433][   T31]  #1: ffff88801c6d8950 (&type->i_mutex_dir_key#2){++++}-{4:4}, at: path_openat+0x88a/0x2d40
[  381.669686][   T31] 2 locks held by syz-executor/8358:
[  381.674995][   T31]  #0: ffffffff90868640 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x113/0x2c0
[  381.684820][   T31]  #1: ffffffff9012aea8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x600/0x2000
[  381.693910][   T31] 1 lock held by syz.3.492/8376:
[  381.698831][   T31]  #0: ffffffff9012aea8 (rtnl_mutex){+.+.}-{4:4}, at: ip6_mroute_setsockopt+0x483/0x20d0
[  381.708689][   T31] 1 lock held by syz.3.492/8377:
[  381.713637][   T31]  #0: ffffffff9012aea8 (rtnl_mutex){+.+.}-{4:4}, at: ip6_mroute_setsockopt+0x483/0x20d0
[  381.723501][   T31] 1 lock held by syz.3.492/8383:
[  381.728416][   T31]  #0: ffffffff9012aea8 (rtnl_mutex){+.+.}-{4:4}, at: ip6_mroute_setsockopt+0x113a/0x20d0
[  381.738343][   T31] 2 locks held by syz.1.494/8386:
[  381.743402][   T31]  #0: ffffffff90886040 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x113/0x2c0
[  381.753011][   T31]  #1: ffffffff9012aea8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x600/0x2000
[  381.762658][   T31] 1 lock held by syz-executor/8389:
[  381.767847][   T31]  #0: ffffffff9012aea8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x30c/0x1540
[  381.777283][   T31] 1 lock held by syz-executor/8394:
[  381.782698][   T31]  #0: ffffffff9012aea8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x30c/0x1540
[  381.792114][   T31] 1 lock held by syz-executor/8398:
[  381.797277][   T31]  #0: ffffffff9012aea8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x30c/0x1540
[  381.806682][   T31] 1 lock held by syz-executor/8402:
[  381.811893][   T31]  #0: ffffffff9012aea8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x30c/0x1540
[  381.821359][   T31] 1 lock held by syz-executor/8407:
[  381.826543][   T31]  #0: ffffffff9012aea8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x30c/0x1540
[  381.835969][   T31] 1 lock held by syz-executor/8411:
[  381.841182][   T31]  #0: ffffffff9012aea8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x30c/0x1540
[  381.850584][   T31] 1 lock held by syz-executor/8416:
[  381.855786][   T31]  #0: ffffffff9012aea8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x30c/0x1540
[  381.865773][   T31] 1 lock held by syz-executor/8421:
[  381.870955][   T31]  #0: ffffffff9012aea8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x30c/0x1540
[  381.880356][   T31] 1 lock held by syz-executor/8424:
[  381.885769][   T31]  #0: ffffffff9012aea8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x30c/0x1540
[  381.895201][   T31] 1 lock held by syz-executor/8435:
[  381.900391][   T31]  #0: ffffffff9012aea8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x30c/0x1540
[  381.909831][   T31] 1 lock held by syz-executor/8443:
[  381.915044][   T31]  #0: ffffffff9012aea8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x30c/0x1540
[  381.924581][   T31] 1 lock held by syz-executor/8449:
[  381.929768][   T31]  #0: ffffffff9012aea8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x30c/0x1540
[  381.939202][   T31] 1 lock held by syz-executor/8454:
[  381.944432][   T31]  #0: ffffffff9012aea8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x30c/0x1540
[  381.953875][   T31] 
[  381.956183][   T31] =============================================
[  381.956183][   T31] 
[  381.964616][   T31] NMI backtrace for cpu 1
[  381.964629][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.15.0-rc3-syzkaller-00019-gbc3372351d0c #0 PREEMPT(full) 
[  381.964648][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  381.964657][   T31] Call Trace:
[  381.964662][   T31]  <TASK>
[  381.964668][   T31]  dump_stack_lvl+0x116/0x1f0
[  381.964696][   T31]  nmi_cpu_backtrace+0x27b/0x390
[  381.964714][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  381.964733][   T31]  nmi_trigger_cpumask_backtrace+0x29c/0x300
[  381.964752][   T31]  watchdog+0xf70/0x12c0
[  381.964774][   T31]  ? __pfx_watchdog+0x10/0x10
[  381.964790][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[  381.964813][   T31]  ? __kthread_parkme+0x19e/0x250
[  381.964839][   T31]  ? __pfx_watchdog+0x10/0x10
[  381.964856][   T31]  kthread+0x3c2/0x780
[  381.964873][   T31]  ? __pfx_kthread+0x10/0x10
[  381.964887][   T31]  ? __pfx_kthread+0x10/0x10
[  381.964903][   T31]  ? __pfx_kthread+0x10/0x10
[  381.964917][   T31]  ? __pfx_kthread+0x10/0x10
[  381.964932][   T31]  ? rcu_is_watching+0x12/0xc0
[  381.964952][   T31]  ? __pfx_kthread+0x10/0x10
[  381.964974][   T31]  ret_from_fork+0x45/0x80
[  381.964991][   T31]  ? __pfx_kthread+0x10/0x10
[  381.965007][   T31]  ret_from_fork_asm+0x1a/0x30
[  381.965040][   T31]  </TASK>
[  381.965949][   T31] Sending NMI from CPU 1 to CPUs 0:
[  382.098000][    C0] NMI backtrace for cpu 0
[  382.098012][    C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.15.0-rc3-syzkaller-00019-gbc3372351d0c #0 PREEMPT(full) 
[  382.098028][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  382.098035][    C0] RIP: 0010:pv_native_safe_halt+0xf/0x20
[  382.098055][    C0] Code: 25 5d 02 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d b3 3a 17 00 fb f4 <c3> cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90
[  382.098067][    C0] RSP: 0018:ffffffff8e007e10 EFLAGS: 000002c6
[  382.098079][    C0] RAX: 0000000000b9ca9d RBX: 0000000000000000 RCX: ffffffff8b72b419
[  382.098087][    C0] RDX: 0000000000000000 RSI: ffffffff8dbef846 RDI: ffffffff8bf465c0
[  382.098095][    C0] RBP: fffffbfff1c12ee8 R08: 0000000000000001 R09: ffffed10170865bd
[  382.098103][    C0] R10: ffff8880b8432deb R11: 0000000000000000 R12: 0000000000000000
[  382.098111][    C0] R13: ffffffff8e097740 R14: ffffffff90864910 R15: 0000000000000000
[  382.098118][    C0] FS:  0000000000000000(0000) GS:ffff8881249b2000(0000) knlGS:0000000000000000
[  382.098131][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  382.098139][    C0] CR2: 000056044ee0f038 CR3: 000000000e180000 CR4: 00000000003526f0
[  382.098147][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  382.098154][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  382.098162][    C0] Call Trace:
[  382.098166][    C0]  <TASK>
[  382.098170][    C0]  default_idle+0x13/0x20
[  382.098187][    C0]  default_idle_call+0x6d/0xb0
[  382.098204][    C0]  do_idle+0x391/0x510
[  382.098221][    C0]  ? __pfx_do_idle+0x10/0x10
[  382.098236][    C0]  ? trace_sched_exit_tp+0x31/0x130
[  382.098255][    C0]  cpu_startup_entry+0x4f/0x60
[  382.098271][    C0]  rest_init+0x16b/0x2b0
[  382.098281][    C0]  ? acpi_subsystem_init+0x133/0x180
[  382.098296][    C0]  ? __pfx_x86_late_time_init+0x10/0x10
[  382.098314][    C0]  start_kernel+0x3e9/0x4d0
[  382.098331][    C0]  x86_64_start_reservations+0x18/0x30
[  382.098348][    C0]  x86_64_start_kernel+0xb0/0xc0
[  382.098364][    C0]  common_startup_64+0x13e/0x148
[  382.098384][    C0]  </TASK>
[  382.099192][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  382.313349][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.15.0-rc3-syzkaller-00019-gbc3372351d0c #0 PREEMPT(full) 
[  382.325133][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  382.335177][   T31] Call Trace:
[  382.338438][   T31]  <TASK>
[  382.341349][   T31]  dump_stack_lvl+0x3d/0x1f0
[  382.345932][   T31]  panic+0x71c/0x800
[  382.349810][   T31]  ? __pfx_panic+0x10/0x10
[  382.354204][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  382.359560][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  382.365518][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  382.370869][   T31]  ? watchdog+0xdda/0x12c0
[  382.375266][   T31]  ? watchdog+0xdcd/0x12c0
[  382.379665][   T31]  watchdog+0xdeb/0x12c0
[  382.383895][   T31]  ? __pfx_watchdog+0x10/0x10
[  382.388554][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[  382.393739][   T31]  ? __kthread_parkme+0x19e/0x250
[  382.398750][   T31]  ? __pfx_watchdog+0x10/0x10
[  382.403406][   T31]  kthread+0x3c2/0x780
[  382.407455][   T31]  ? __pfx_kthread+0x10/0x10
[  382.412023][   T31]  ? __pfx_kthread+0x10/0x10
[  382.416590][   T31]  ? __pfx_kthread+0x10/0x10
[  382.421158][   T31]  ? __pfx_kthread+0x10/0x10
[  382.425724][   T31]  ? rcu_is_watching+0x12/0xc0
[  382.430472][   T31]  ? __pfx_kthread+0x10/0x10
[  382.435039][   T31]  ret_from_fork+0x45/0x80
[  382.439434][   T31]  ? __pfx_kthread+0x10/0x10
[  382.444002][   T31]  ret_from_fork_asm+0x1a/0x30
[  382.448761][   T31]  </TASK>
[  382.451943][   T31] Kernel Offset: disabled
[  382.456239][   T31] Rebooting in 86400 seconds..