last executing test programs:

5m43.134588315s ago: executing program 4 (id=1070):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
prlimit64(r0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x6a)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x200000, 0x0)
r2 = socket$phonet_pipe(0x23, 0x5, 0x2)
setsockopt$PNPIPE_ENCAP(r2, 0x113, 0x1, &(0x7f00000000c0)=0x1, 0x4)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001900)=@newtaction={0x14, 0x30, 0xb}, 0x14}}, 0x0)
ioperm(0x0, 0x6, 0x8000000000004)
io_destroy(0x0)
r3 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f0000000700)={0x0, &(0x7f0000000640)=[<r5=>0x0], 0x0, 0x0, 0x0, 0x1})
r6 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r6, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r7=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r4, 0xc06864a1, &(0x7f0000000440)={0x0, 0x0, r5, <r8=>0x0})
ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r3, 0xc01864b0, &(0x7f0000000080)={r5, r8})
ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r3, 0xc01864b0, &(0x7f0000000180)={r7, r8, 0x1})
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone(0x800c000, 0x0, 0x0, 0x0, 0x0, 0x0)

5m41.99664387s ago: executing program 4 (id=1073):
r0 = syz_init_net_socket$ax25(0x3, 0x3, 0x7)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000000000000020000009511000000000000"], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x8, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
syz_clone(0x800c000, &(0x7f0000001480)="627807434619734911420e123cb6f44fb54d82", 0x13, 0x0, 0x0, 0x0)
r1 = getpid()
bpf$MAP_CREATE(0x0, &(0x7f0000000900)=ANY=[], 0x50)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_FLUSH(r4, &(0x7f0000000380)={0x0, 0xfff5, &(0x7f0000000340)={&(0x7f0000000300)={0x1c, 0x4, 0x6, 0x201, 0x0, 0x0, {0x1, 0x0, 0x9}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x800)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0x40305839, &(0x7f0000000000)=ANY=[])
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r5, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
getsockopt$inet6_mptcp_buf(r5, 0x11c, 0x4, &(0x7f0000000000)=""/152, &(0x7f00000000c0)=0x98)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000000000)={0x0, 0x3, &(0x7f0000000080)={&(0x7f00000002c0)=ANY=[@ANYBLOB="020300090a00000000000000000000000300060000000e0002000000e0000009000000000000000002000100000000000000000200000000030005000000000002000000e00000010000000000000000017f8c98"], 0x50}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
openat$uinput(0xffffff9c, &(0x7f0000000700), 0x0, 0x0)
openat$snapshot(0xffffff9c, &(0x7f0000000240), 0x800, 0x0)
ioctl$SIOCAX25GETINFOOLD(r0, 0x5411, &(0x7f0000000000))
sendmsg$NFNL_MSG_CTHELPER_DEL(r0, &(0x7f0000000480)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x34, 0x2, 0x9, 0x801, 0x0, 0x0, {0x7, 0x0, 0x3}, [@NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8}}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_QUEUE_NUM={0x8, 0x3, 0x1, 0x0, 0x997}]}, 0x34}, 0x1, 0x0, 0x0, 0x800}, 0x14000)

5m40.645175105s ago: executing program 4 (id=1080):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_int(r0, 0x6, 0x18, &(0x7f0000000080)=0xd, 0x4)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000340)=[@sack_perm, @mss, @sack_perm, @timestamp, @timestamp, @mss, @timestamp, @sack_perm], 0x20000000000000ec)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0x4)
sendto$inet(r0, &(0x7f00000004c0)="3ce2de4d8d957a8de4e490b6cd03b988d4edef164bd3377aa381b5f50b7ca414516489f78cd7208982e9bde22b2b7c1c7606d565477f3db9d2b077283644c0f27ab52a863a42863e06944e40a0b3c5d21c8cbe102e7f72", 0x57, 0x0, 0x0, 0x0)

5m40.644181085s ago: executing program 4 (id=1081):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000b00)={{0x14}, [@NFT_MSG_NEWRULE={0x84, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x58, 0x4, 0x0, 0x1, [{0x54, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x44, 0x2, 0x0, 0x1, [@NFTA_MATCH_REV={0x8}, @NFTA_MATCH_INFO={0x2b, 0x3, "ebae551382395afa4d23edfcbe6d55b57cb15e63c15c46395916e2b388abc3d6ce2316334e8278"}, @NFTA_MATCH_NAME={0xa, 0x1, 'limit\x00'}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0xac}, 0x1, 0x0, 0x0, 0x8010}, 0x4000800)
close_range(r0, 0xffffffffffffffff, 0x0)

5m40.512482148s ago: executing program 4 (id=1082):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = syz_io_uring_setup(0x239, &(0x7f00000000c0)={0x0, 0x4533, 0x10100, 0xffffdffe, 0x0, 0x0, r1}, &(0x7f0000000180)=<r3=>0x0, &(0x7f0000000340)=<r4=>0x0)
syz_open_dev$rtc(0x0, 0x9, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r2, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
readv(r5, &(0x7f0000000480)=[{&(0x7f00000003c0)=""/139, 0x8b}], 0x1)
ioctl$TCSETS(r5, 0x40045431, 0x0)
syz_open_pts(r5, 0x42)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="180100000100a7d9000000000020b200850000007b00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
r9 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
r10 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r10, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
syz_emit_ethernet(0x5e, &(0x7f0000000000)={@link_local, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x28, 0x3a, 0xff, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, '\x00', @dev, @dev}}}}}}, 0x0)
ioctl$FS_IOC_SETFLAGS(r9, 0x40086602, &(0x7f00000002c0)=0x20)
openat(r9, &(0x7f0000000a00)='./bus\x00', 0x42, 0x1d5)
renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./bus\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2)
r11 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000180)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r8, r11, 0x5, 0x0, 0x0, @void, @value}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r8}, &(0x7f00000006c0), &(0x7f0000000700)=r7}, 0x20)
sendmsg$inet(r6, &(0x7f0000000980)={0x0, 0x0, 0x0}, 0x0)

5m39.561799451s ago: executing program 4 (id=1086):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(0xffffffffffffffff, 0x0, 0x4000)
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000280)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10)
setsockopt$SO_BINDTODEVICE_wg(r0, 0x1, 0x19, &(0x7f0000000080)='wg1\x00', 0x4)
sendto$inet(r0, &(0x7f0000000040)="e5", 0xffffffe4, 0x0, 0x0, 0x0)
connect(r0, &(0x7f0000000080)=@un=@abs, 0x80)
io_uring_setup(0x3c92, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x3})
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x5, 0x1000087}, 0x0)
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_VFIO_SET_IOMMU(r4, 0x3b66, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x43, &(0x7f0000000040)=0x2)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = getpgrp(0x0)
r6 = syz_pidfd_open(r5, 0x0)
pidfd_send_signal(r6, 0x0, 0x0, 0x4)
sched_getattr(r5, &(0x7f0000000100)={0x38}, 0x38, 0x0)

5m24.065926224s ago: executing program 32 (id=1086):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(0xffffffffffffffff, 0x0, 0x4000)
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000280)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10)
setsockopt$SO_BINDTODEVICE_wg(r0, 0x1, 0x19, &(0x7f0000000080)='wg1\x00', 0x4)
sendto$inet(r0, &(0x7f0000000040)="e5", 0xffffffe4, 0x0, 0x0, 0x0)
connect(r0, &(0x7f0000000080)=@un=@abs, 0x80)
io_uring_setup(0x3c92, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x3})
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x5, 0x1000087}, 0x0)
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_VFIO_SET_IOMMU(r4, 0x3b66, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x43, &(0x7f0000000040)=0x2)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = getpgrp(0x0)
r6 = syz_pidfd_open(r5, 0x0)
pidfd_send_signal(r6, 0x0, 0x0, 0x4)
sched_getattr(r5, &(0x7f0000000100)={0x38}, 0x38, 0x0)

10.285623824s ago: executing program 3 (id=2056):
syz_open_dev$vim2m(&(0x7f0000000100), 0xd, 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x11, 0x5, &(0x7f0000000040)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x6d}, @call={0x85, 0x0, 0x0, 0x7d}]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0xad, &(0x7f00000003c0)=""/173, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='kfree\x00', r1}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xb)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100"/13], &(0x7f0000000100)='GPL\x00', 0x200, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffff7, @void, @value}, 0x94)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000032680)=""/102400, 0x19000)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x410000002)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
add_key$user(&(0x7f0000002100), &(0x7f0000002180)={'syz', 0x1}, &(0x7f00000021c0)='b', 0x1, 0xfffffffffffffffe)
add_key$user(&(0x7f0000000280), &(0x7f0000002340)={'syz', 0x3}, &(0x7f0000000100)="370c099069effa43de3e1404db09b4ce1ef77bde4b371532dd16447c1b13403656c86711f6e750026f23029a50d44299c7bf5c78dc5efae2d041016160e8bef7b30c05e298aa9572540dd950307987eef211591b7e4b13490dbbd4fc5a45e0738b959acafd2c12863045265bcbc2c9426ac3f614746b436fe86a72dc642dd67d970604a69b4f22cd0076beedc18056ab4bea4c825b69a7a77adcd5488684872b1bb9eb84586549e11b080468668e8fd0e52ce0705a", 0xb5, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r4, 0x6, 0xe, 0x0, 0x0)
sendto$inet6(r4, 0x0, 0xfffffffffffffd5c, 0x20000045, &(0x7f0000b63fe4)={0xa, 0x4e21, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0xfffffffe}, 0x1c)
connect$inet(0xffffffffffffffff, &(0x7f0000000540)={0x2, 0x0, @dev}, 0x10)
syz_open_dev$dri(&(0x7f0000000300), 0x6, 0x389884)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005240)=[{{0x0, 0x0, 0x0}, 0xfffffdef}], 0x300, 0x401eb94)
syslog(0x9, &(0x7f0000000340)=""/98, 0xffffffffffffffc4)
syslog(0x3, &(0x7f0000000500)=""/218, 0xda)

10.201458406s ago: executing program 5 (id=2057):
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f00000000c0)={{0x1, 0x1, 0x18, <r0=>0xffffffffffffffff, {0xffff7942}}, './file0\x00'})
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r0, 0xc0a85320, &(0x7f00000003c0)={{0x80}, 'port0\x00', 0xe3, 0x1f0466, 0x4000000})
r1 = syz_open_dev$tty20(0xc, 0x4, 0x1)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r2, &(0x7f0000000200)={0x2, 0x4e20, @multicast1}, 0x10)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_GET_NESTED_STATE(r5, 0xc080aebe, 0xfffffffffffffffc)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000c80)={'lo\x00', <r8=>0x0})
r9 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c0000004a008d2a00000031000008000a000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00'], 0x1c}, 0x1, 0x0, 0x0, 0x40080}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000001200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=@newqdisc={0x50, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x1, {0x0, 0x0, 0x0, r8, {0x0, 0x6}, {0xffff, 0xffff}, {0x0, 0x3}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x24, 0x2, [@TCA_HTB_DIRECT_QLEN={0x8}, @TCA_HTB_INIT={0x18, 0x2, {0x3, 0x7f, 0x9}}]}}]}, 0x50}}, 0x0)
r10 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r10}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r11 = socket$inet_sctp(0x2, 0x1, 0x84)
r12 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r12, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r13=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r12, 0x84, 0x18, &(0x7f00000001c0)={r13, 0x54}, 0x8)
setsockopt$inet_sctp_SCTP_RTOINFO(r11, 0x84, 0x0, &(0x7f0000000040)={r13, 0x7, 0x400, 0xb0b}, 0x10)
sendmsg$inet(r2, &(0x7f00000015c0)={0x0, 0x14, &(0x7f0000001600)=[{&(0x7f0000000240)=' ', 0xffffff1f}], 0x1}, 0x0)
r14 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
write$binfmt_aout(r14, &(0x7f0000000200)=ANY=[], 0xc8)
ioctl$GIO_SCRNMAP(r1, 0x4b40, &(0x7f0000000a40)=""/4096)

8.655308535s ago: executing program 2 (id=2061):
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)
socket$nl_route(0x10, 0x3, 0x0)
syz_open_dev$video4linux(&(0x7f0000000040), 0x6, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f00004c5000/0x3000)=nil, 0x3000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000001000), 0x0, 0x0)
recvmmsg(r2, &(0x7f0000002080)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000240)=""/52, 0x34}], 0x1, &(0x7f0000000340)=""/187, 0xbb}, 0x4}, {{&(0x7f0000000400)=@tipc, 0x80, &(0x7f0000001780)=[{&(0x7f0000000480)=""/4096, 0x1000}, {&(0x7f0000001480)=""/108, 0x6c}, {&(0x7f0000001ac0)=""/141, 0x8d}, {&(0x7f00000015c0)=""/175, 0xaf}, {&(0x7f0000001680)=""/232, 0xe8}], 0x5, &(0x7f0000001880)=""/80, 0x50}, 0x32d2}, {{&(0x7f0000001900)=@phonet, 0x80, &(0x7f0000001a00)=[{&(0x7f0000001980)=""/87, 0x57}, {&(0x7f0000001800)=""/62, 0x3e}, {&(0x7f0000003240)=""/252, 0xfc}, {&(0x7f0000003500)=""/216, 0xd8}, {&(0x7f0000001c00)=""/52, 0x34}, {&(0x7f0000001c40)=""/188, 0xbc}, {&(0x7f0000001d00)=""/204, 0xcc}, {&(0x7f0000003340)=""/205, 0xcd}, {&(0x7f0000001500)=""/14, 0xe}], 0x9, &(0x7f0000001e80)=""/4, 0x4}, 0xfffffebc}, {{&(0x7f0000001ec0)=@l2tp={0x2, 0x0, @remote}, 0x80, &(0x7f0000002040)=[{&(0x7f0000001f40)=""/167, 0xa7}, {&(0x7f0000002000)=""/25, 0x19}], 0x2, &(0x7f0000002240)=""/4096, 0x1000}, 0x5}], 0x4, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
r3 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_RX_RING(r3, 0x11b, 0x2, &(0x7f0000000040)=0x20, 0x4)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'ipvlan1\x00', <r5=>0x0})
bind$xdp(r3, &(0x7f0000000100)={0x2c, 0xf, r5, 0x1000000}, 0x10)
ioctl$PPPIOCSPASS(0xffffffffffffffff, 0x40107447, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
r7 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/stat\x00', 0x0, 0x0)
ioctl$TCXONC(r6, 0x540a, 0x0)
sendfile(r6, r7, 0x0, 0x20000023896)

8.634143227s ago: executing program 3 (id=2062):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0), 0x80201, 0x0)
write$rfkill(r2, &(0x7f0000000000)={0x0, 0x8, 0x2, 0x1}, 0x8)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
r3 = openat$cgroup(0xffffffffffffffff, &(0x7f0000001040)='syz0\x00', 0x200002, 0x0)
openat$cgroup_pressure(r3, &(0x7f0000001080)='io.pressure\x00', 0x2, 0x0)
r4 = socket(0x2, 0x80805, 0x0)
getsockopt$bt_hci(r4, 0x84, 0x80, &(0x7f0000000000)=""/4102, 0x0)
r5 = socket(0x25, 0x1, 0x2)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r5)
listen(0xffffffffffffffff, 0x0)
r6 = socket(0x28, 0x5, 0x0)
connect$vsock_stream(r6, &(0x7f0000000080), 0x10)
setsockopt$sock_linger(r6, 0x1, 0x3c, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0x541b, &(0x7f0000000040))
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(r9, 0x4138ae84, &(0x7f0000000100)={{0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x10}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, {0x2000, 0x5000, 0xc, 0x0, 0x7, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfc}, {0x3000, 0xd000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, {0x10000, 0x1, 0x9, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3c}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0xd, 0xfe}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0xa, 0xfe}, {0x80a0000}, {0xdddd1000}, 0xddf8ffdb, 0x0, 0x0, 0x140030, 0x0, 0xf801, 0x0, [0x0, 0x0, 0x1]})
ioctl$KVM_RUN(r9, 0xae80, 0x0)

8.319897704s ago: executing program 5 (id=2063):
syz_open_dev$dri(&(0x7f0000000040), 0x0, 0x0)
syz_open_dev$dri(&(0x7f0000000040), 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='mountstats\x00')
preadv2(r0, &(0x7f00000001c0)=[{&(0x7f0000002240)=""/148, 0x94}], 0x1, 0xd0d, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sched_getscheduler(r1)
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6_sctp(0xa, 0x801, 0x84)
keyctl$dh_compute(0x17, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$video(&(0x7f0000000000), 0x7, 0x40)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
pselect6(0x40, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, &(0x7f0000000680)={0x7ff}, 0x0, 0x0)
pselect6(0x7b, &(0x7f0000000600)={0x8001, 0x0, 0x1, 0x0, 0x0, 0x4000000000000000, 0x5}, 0x0, &(0x7f0000000680)={0x7ff, 0x0, 0xa2, 0x0, 0x6, 0x0, 0x400, 0xffffffffffffffff}, 0x0, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000680)={'wlan0\x00', <r8=>0x0})
setsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, &(0x7f0000000100)=0x8, 0x4)
sendmsg$NL80211_CMD_NEW_INTERFACE(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)={0x4c, r7, 0x1, 0x70bd28, 0x25dfdbfd, {{}, {@void, @val={0x8, 0x3, r8}, @val={0xc, 0x99, {0x7ff, 0x70}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'syzkaller0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x4}, @NL80211_ATTR_4ADDR={0x5, 0x53, 0x1}]}, 0x4c}, 0x1, 0x3f00, 0x0, 0x81}, 0x24044884)

7.711624695s ago: executing program 2 (id=2065):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x28, 0x3d, 0x107, 0x0, 0x0, {0x4, 0x7c}, [@nested={0x4, 0x8}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}, @nested={0x4, 0x2}]}, 0x28}}, 0xc000)
syz_usb_connect(0x2, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xcb, 0x6f, 0xcf, 0x20, 0x13d8, 0x20, 0xf731, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x24, 0xe4, 0xd5}}]}}]}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}]}, @NFT_MSG_NEWSETELEM={0x60, 0xc, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_SET_ELEM_LIST_SET_ID={0x8}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x38, 0x3, 0x0, 0x1, [{0x34, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x4}, @NFTA_SET_ELEM_EXPRESSIONS={0x4, 0x6, 0x0, 0x1, [{0x14, 0x7, 0x0, 0x1, @counter={{0xc}, @val={0x4}}}, {0x14, 0x1, 0x0, 0x1, @counter={{0x6}, @val={0x480}}}]}]}]}]}], {0x14, 0x10}}, 0xe4}}, 0x0)
syz_usb_connect$cdc_ecm(0x1, 0x5f, &(0x7f0000000040)={{0x12, 0x1, 0x200, 0x2, 0x0, 0x0, 0x50, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x4d, 0x1, 0x1, 0xe2, 0x0, 0x7, [{{0x9, 0x4, 0x0, 0x0, 0x3, 0x2, 0x6, 0x0, 0x0, {{0xa, 0x24, 0x6, 0x0, 0x0, "2cf311c3d4"}, {0x5, 0x24, 0x0, 0x8001}, {0xd, 0x24, 0xf, 0x1, 0x8, 0x9, 0x3, 0x3}, [@obex={0x5, 0x24, 0x15, 0x6}, @mbim_extended={0x8, 0x24, 0x1c, 0x1, 0x7, 0xb1fc}]}, {[], {{0x9, 0x5, 0x82, 0x2, 0x20, 0x2, 0x7d, 0x9}}, {{0x9, 0x5, 0x3, 0x2, 0x200, 0xc, 0x0, 0x3}}}}}]}}]}}, &(0x7f0000000240)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x110, 0x8, 0x7, 0x2, 0x10, 0x81}, 0xb2, &(0x7f0000000100)={0x5, 0xf, 0xb2, 0x5, [@ext_cap={0x7, 0x10, 0x2, 0x14, 0xa, 0xc, 0x6}, @ext_cap={0x7, 0x10, 0x2, 0x5, 0x9, 0x3, 0x1}, @generic={0x5d, 0x10, 0xb, "74520c0c6a9ba8b642305b0d697f88db1ab6ed4e50e4a49b7c51e1433cab485e8f5e8afb175a35998bc15c4704e045f8a052cd9fd1ab2881b90ff5593a8e894dea61d0f6cd07d502955ef9ed19a4723e9c10b1c24504b66d780c"}, @wireless={0xb, 0x10, 0x1, 0x2, 0x1, 0x7, 0x4, 0x8, 0x5}, @generic={0x37, 0x10, 0x2, "1c6d744d91df24ec10a3375128f0ccaadd4587c8c6d7c403f9d1ef300a847cb691b311e4f491eda6f1ea546fd841d9b9a5ff9782"}]}, 0x2, [{0x4, &(0x7f00000001c0)=@lang_id={0x4, 0x3, 0x400a}}, {0xfffffffffffffd40, &(0x7f0000000200)=@lang_id={0x4, 0x3, 0x200a}}]})
syz_usb_connect$uac1(0x3, 0xf4, &(0x7f0000000280)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x10, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xe2, 0x3, 0x1, 0x2, 0x20, 0x1, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x6}, [@processing_unit={0xa, 0x24, 0x7, 0x2, 0x1, 0x9, "cb369a"}, @processing_unit={0x8, 0x24, 0x7, 0x3, 0x6, 0x9, "d0"}, @input_terminal={0xc, 0x24, 0x2, 0x5, 0x100, 0x3, 0x10, 0xa00, 0x0, 0x9}, @selector_unit={0xa, 0x24, 0x5, 0x1, 0x3, "709a048043"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@as_header={0x7, 0x24, 0x1, 0x0, 0xb2, 0x1001}, @as_header={0x7, 0x24, 0x1, 0xe8, 0x9, 0xb790e9b857b7edd}, @as_header={0x7, 0x24, 0x1, 0x6, 0x6, 0x1001}, @format_type_i_discrete={0xf, 0x24, 0x2, 0x1, 0x3, 0x1, 0x7e, 0x80, "6f168c287f14c4"}, @format_type_ii_discrete={0x11, 0x24, 0x2, 0x2, 0x1, 0x9, 0x6, "b9736284622f801f"}]}, {{0x9, 0x5, 0x1, 0x9, 0x20, 0x81, 0xe0, 0x7, {0x7, 0x25, 0x1, 0x1, 0x2, 0x100}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0x8, 0x24, 0x2, 0x1, 0xd, 0x3, 0x5, 0x5}, @format_type_ii_discrete={0xb, 0x24, 0x2, 0x2, 0x5, 0xffff, 0x2, "47ac"}, @as_header={0x7, 0x24, 0x1, 0xe9, 0x1, 0x4}, @format_type_i_continuous={0xc, 0x24, 0x2, 0x1, 0x7f, 0x3, 0xa, 0x4, "bf", "7c7fd9"}]}, {{0x9, 0x5, 0x82, 0x9, 0x0, 0xab, 0xb6, 0xb5, {0x7, 0x25, 0x1, 0x80, 0x5}}}}}}}]}}, &(0x7f0000000580)={0xa, &(0x7f0000000380)={0xa, 0x6, 0x250, 0x4, 0x1, 0x7f, 0x10, 0xfe}, 0x19, &(0x7f00000003c0)={0x5, 0xf, 0x19, 0x1, [@ss_container_id={0x14, 0x10, 0x4, 0x5, "99730f00fd2272cfd74460dbf29e3eba"}]}, 0x3, [{0xe8, &(0x7f0000000400)=@string={0xe8, 0x3, "b9ec27b7bcf0e0f588ffddc178975cc5a926d65c625be61c3ef8ba96d515c56b8da5d5af26091d240fe4ff8031a269d925e91c71bf67de1d40111e1f7c9d83d7e15cfdcae0119279d2071f66cc79c2b8148baed5a91a3ab915942952eb3afa15b5887a04f47c0a06c21ca224fbe2468ec35610ae253ffecd6728e114cd838d9278d86770302fb8e49a8ffaa95fa6d6b2d408ea6f802fccc1e9d6de3dfc93b3fd2aca15c1d23831314a46a447d93347dd13dab17def4f5a13fec70175c441fcf0d3c2c680611f6ae209a35150461321cce9c8f6f23dc032fa0bf30ada98729801d414b5eff6be"}}, {0x4, &(0x7f0000000500)=@lang_id={0x4, 0x3, 0x180c}}, {0x4, &(0x7f0000000540)=@lang_id={0x4, 0x3, 0x444}}]})

7.323990775s ago: executing program 5 (id=2066):
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/syz0\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
syz_clone3(0x0, 0x0)

7.213320399s ago: executing program 0 (id=2067):
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB, @ANYRESDEC=r0, @ANYRES16=r0, @ANYRES32=r0, @ANYRES64=r0, @ANYBLOB="00000000000000babce59f00"/28], 0x48)
r1 = gettid()
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
read(r2, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r2, 0x4040534e, 0x0)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), r3)
sendmsg$NLBL_CIPSOV4_C_ADD(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000006040)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01000000040000000000010000000400048008006c390100000008000100000000008078d9564dd30400088010000c800c000b800800"], 0x3c}}, 0x0)
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r2, 0xc0a85352, &(0x7f0000000140)={{0x0, 0x7f}, 'port0\x00', 0x0, 0x0, 0x0, 0x1000, 0xf, 0x3, 0x0, 0x0, 0x1})
tkill(r1, 0x7)
capset(&(0x7f0000000080)={0x20080522}, &(0x7f0000000040)={0x200000, 0x200000})
r5 = syz_open_dev$tty1(0xc, 0x4, 0x4)
ioctl$KIOCSOUND(r5, 0x4b2f, 0x7)
writev(0xffffffffffffffff, &(0x7f00000025c0)=[{&(0x7f0000000240)}, {0x0}], 0x2)
socket$kcm(0x21, 0x2, 0x2)
r6 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r6, &(0x7f0000001440)={0x18, 0x0, {0xfffc, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3d}, 'erspan0\x00'}}, 0x1e)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000001380)='net_prio.prioidx\x00', 0x275a, 0x0)
write$binfmt_script(r7, &(0x7f00000000c0)={'#! ', './file0'}, 0xb)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000004, 0x12, r7, 0x0)
ioctl$PPPOEIOCSFWD(r6, 0x40047452, &(0x7f0000000080)={0x18, 0x0, {0x2, @multicast, 'veth0_to_bridge\x00'}})
socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x2004c041)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$fou(&(0x7f0000000080), 0xffffffffffffffff)
r8 = socket(0x2b, 0x803, 0x80000001)
syz_genetlink_get_family_id$smc(&(0x7f00000000c0), r8)
getsockname$packet(r7, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)

7.079792578s ago: executing program 5 (id=2068):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000300)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r6 = openat$cgroup_type(r5, &(0x7f00000001c0), 0x2, 0x0)
write$cgroup_type(r6, &(0x7f0000000280), 0x9)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000140)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r8 = openat$cgroup_subtree(r7, &(0x7f0000000080), 0x2, 0x0)
write$cgroup_subtree(r8, &(0x7f0000000040)=ANY=[@ANYBLOB='+pids'], 0x6)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f00000006c0)={0x0, 0x0, 0x2c, 0x0, 0x104, 0x2})

6.85902414s ago: executing program 1 (id=2069):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x0)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=0xffffffffffffffff, 0x4)
r1 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r1, &(0x7f0000000200)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=@newqdisc={0x44, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x9, 0x1}}}}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=@newtfilter={0x3c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x3, 0x9}, {}, {0x1c, 0xfff1}}, [@filter_kind_options=@f_flow={{0x9}, {0xc, 0x2, [@TCA_FLOW_KEYS={0x8, 0x1, 0x8c30}]}}]}, 0x3c}}, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x12, 0x4, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x0, '\x00', r2, 0xffffffffffffffff, 0xfffffffd, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000a80)={r3, &(0x7f0000000940), &(0x7f0000000a40)=@tcp6=r0}, 0x20)
recvmmsg(r0, &(0x7f00000073c0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000003d80)=[{&(0x7f0000002ac0)=""/4101, 0x1005}], 0x1}}], 0x2, 0xf2, 0x0)

6.771969963s ago: executing program 0 (id=2070):
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000040)={<r0=>0xffffffffffffffff})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
socket$packet(0x11, 0x3, 0x300)
ftruncate(0xffffffffffffffff, 0x8800000)
iopl(0x3)
syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0x0)
dup(0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), r2)
sendmsg$DEVLINK_CMD_RATE_NEW(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x6c, r3, 0x1, 0x70bd26, 0x25dfdbfe, {}, [@DEVLINK_ATTR_RATE_NODE_NAME={0x37, 0xa8, @random="d1fa2e17c25af07819a90b3207ce5d487ceec3aed64b6c5e3518f65d3ec10627317661f292e65593b2e4967dba4271edb6bb00"}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x4}, 0x0)
sendmsg$DEVLINK_CMD_RATE_NEW(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x30, r3, 0x8, 0x70bd28, 0x25dfdbfd, {}, [@DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0x5}]}, 0x30}, 0x1, 0x0, 0x0, 0x80}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0)

6.716745941s ago: executing program 1 (id=2071):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
prlimit64(r0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x6a)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x200000, 0x0)
r4 = socket$phonet_pipe(0x23, 0x5, 0x2)
setsockopt$PNPIPE_ENCAP(r4, 0x113, 0x1, &(0x7f00000000c0)=0x1, 0x4)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001900)=@newtaction={0x14, 0x30, 0xb}, 0x14}}, 0x0)
ioperm(0x0, 0x6, 0x8000000000004)
io_destroy(0x0)
r5 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
r6 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r6, 0xc04064a0, &(0x7f0000000700)={0x0, &(0x7f0000000640)=[<r7=>0x0], 0x0, 0x0, 0x0, 0x1})
r8 = syz_open_dev$dri(0x0, 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r8, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r9=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r6, 0xc06864a1, &(0x7f0000000440)={0x0, 0x0, r7, <r10=>0x0})
ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r5, 0xc01864b0, &(0x7f0000000080)={r7, r10})
ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r5, 0xc01864b0, &(0x7f0000000180)={r9, r10, 0x1})
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone(0x800c000, 0x0, 0x0, 0x0, 0x0, 0x0)

5.495815416s ago: executing program 1 (id=2072):
syz_open_dev$sndctrl(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
read$FUSE(0xffffffffffffffff, &(0x7f0000000680)={0x2020}, 0xfdb8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_HMAC_IDENT(r0, 0x84, 0x16, 0x0, 0x0)

5.199884317s ago: executing program 1 (id=2073):
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, &(0x7f00000000c0), 0x4)
ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000040)={0x191, 0x258, 0x1e0, 0x0, 0x32, 0x1, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x200})
openat$procfs(0xffffffffffffff9c, &(0x7f0000001300)='/proc/bus/input/devices\x00', 0x0, 0x0)
ioctl$BTRFS_IOC_INO_LOOKUP_USER(r0, 0xd000943e, &(0x7f0000000100)={0x0, 0x0, "4f1d975c8d793a3867c95cd762de35f4f61b7aac8fbd23f0e7dccc43eb9154100786a35c55410c92f5cad8ca042fce8d602b442e4910644cfab1b284f1da8865d4235cb093a73f6dbc896be6b07c10b357dd66ca1e2ac58fe404b55733f5b313bae442b0860e09e9cc2d3e1ac0a2073b5861c7cdc4350bc71919a80f0750fe0585def9d9eaa8754987e1d9dbf54bdcc5731bed44e3ac33adb40f8c4301672ea8a7954c4030d7ff8ae51989ea037019c4dcce4144effec4d4dd361b8eb9359cd0e381ecaa2a690419f921cb024662dbac355279097ae3ea1843f984ea1ebd0b7391b10886c570a86dae15def8befa108790487c8f60ac7861a177e4535b417500", "9d11466e732e503901472c570b09b656ba77eae75c57cd2613db1a4b4a945b7559a15f1afbb8ce5613f16d69e5dac17ef5d813888475eb7c60c26ecf17e43a0561ad4a919881cc0f443869156124a5ada122ec1d67aedbe9509b445e5302597fb0dde92290fab41da384222203d54fcaa122f0e58466a482de1ddeb5502074c088fbc737471c886c8890c45d67e86242b5f01dc8d3b27b9e3c2c330fe0993ebbbb3cd37ca970e2a716b716762f1ad457394265a77382dd646e12a39ca398dfee0f3cb1df92a7f627aa9a323f320fcf1a4c38e2d1480369901bd286da648c478e4ea99607405ea1b2f6d22a36af4727fd3b067d9406ab62d6083f8417d9d46b4c370a5a7152b06143d8503540fd89da8ca200d54c909c89a0e54f6a24e38d27e1656beb86b9c58367eeebeb53c1d3465fcdc5958eadd8545d32b4996d550b7d680fb6e2f1f9035294e0a437e243928d0b65f9e3eaf3272a89605f7a89657ebc013b1b5d2585310bb24b2fd038546e7c060e6e01d9096cc6f80934d932298979ac1fe32f83db4f3f6e860dec6c157c65a30a995f1331f9ce0c5d63182a318b4512d65d308b855d1d624fb83de666bdff09dae5016260ad263ada0c6a2930135c85dd474c4f73a1c1f824111adef40560adb2454878f9ab4f062efb9937c41008a904f5ae2c582adc458567ae4c4d807a8b71fadc44bc50ebe5b45e01d3de4493682e1306087a1f344dd9785949f4a715af3c35ce2e4e89cbf0fd0eec05247e7585b70b04ef46b1678ce7472b16593607305c485604c9b34a6d86abf65fe573dbcd243d6e023dc2b64c1c2cc521fe9e880cc8bc2f439270e7a5f0221a37d7fdde2b1cac67571943602bd08db686921bd577792502b97c52571e8d667a1bcdb0e4d6a76d89fc92d8c3dae9769dbf0deb086f85336bb3f8c6cb9f31f5dd03505081c751542af794fe081345c778794fd739e735c37a983a60466efe931690e8c03cb0e6c408925c15cbc9bffd2e6dff80defea7ce2dd0b518239f1603c66bff69c5e8a8797c90948218d896f35801202753bd9a22be81ded4c81971b8768fe58b3b35c7447685b59ff8029ccad431eeb39bccaa94ba7a8a5783a3607c14fce2d49525ebed1561d645b0768a2f4d1f15f499c2bd9add4df3af42835e6e2190a3a1c455d9f25097636b654140b0e2a6a60c7116d4a2d174aea098bf8ca0449ef569ebbf16222d82f4f4b4c0f6256317c0b18a802bf2f8f7f3a2e4457b3bb19a13bafd3ae265acbc7fffba460a79ba3cee130fb19c3cfb36d5e635f68e82e4f3ca8a531826672465b64b5aac4468d72095de5be7c0343e1d1fbf876972bf50ddf80bd9740292e800c94513929dcecc6bff65c64b1ee89e12ff220dd4fd993058f7792cfee1d7510820f487aaad0270dce7640ccf81088dae89638e763baf1d8a8c663a291acaad43dffc3718d1ae9fdd4ce595161bc9a7d733dcdad20e07f405454a387914f7e32e1b4c50a8b57a5a09024281486a34650f0d264bdf712367122f1d9d9db76bc63677cff4c8ea0dba6f101d2c3650b6370de84e501a9f4284c0ea39749f2adbab4b93e3ed7137e5ea39450b1827f5e5517b0bbfe4b1cee32b87963637418c30e23fa95b2fcb8da6520bd01aeb5983386a756fc96d40f201d99fb0c9e133ef0a3f39f88c32522254a4e29152961cd455abb7d59df04acf5e9fae1d73097894278c57617fea58f62945e3f9ce825299054c64522164a1f918e9991be33c6db8a7e430eac2fdf64b9b583d43ffe8b2324d8a49cfeb94b89f8a06c02c682b5d24ac0021ac9277d33db3296c61c54d6fec9562e7a3266b35ace83e879d89957bda235c03ecfea599d03d75f4852349e04841c899473feb66ac7be55972c72a29c1e6c4fa9126fee2d2ca24883a83db37c075eda50b40e96581609ca0fb4b52f47ac73bedace050ece47473727386061f33e55535a317864ded4ce2cc0ddb3004140b4728c1bc366fe11c02407b2ff8f4db697dd5eeecdf8d39af37f5ac9470c44cd3cfcde0d50aaef1d4a77fac21e0b5d6c07eeed9904bbff367f29a4b7c12ad3f02d89fac8a5ee67032765f60a7f4356a8d1f7ffa45c56693a8c3599ef70864b846c2cc640c676e1ab354d8ad2a94d8aab4ddb91620b98c792f8e23c896170e1957b240942998d82077aa9b9f8850eb9262ca1fe134fbea938e9122783a3a4f02d4952b2db7b8080478533eed63d4b36378355b26fad2a33200956c6db2222bb7994ae88dcee998691c58ccbd7e97ac324f954d5e1f9c3a92ef55b1ee74acf6026db8cda14258ba14203ee98590626dbe219e6ec986b35ff4d979b8bdac001a1716137081f3c03bc74755e40f8e239a387a1a554e0c9ba892482f325e19cdaf60a29ff5a4e2b4c99af41e4712d9cac07b84e0b71c31efaaf0759492b921c00a90810c12d1c60182a4dda038a564a30792907de35f913b2dc99cba0c9697e980654cccc9db2911530de6b3937389508b9d22bb3296d24d5970f35304a18e5e83e2eaedd5464972dbe01d1220765fb3ec64c40f88de85746736c025c80fa800e4131eba2c9fcc8df213d8728af0fa8dd4554f39e84c9158b121ed126f2129d18d5b48a8201e23f01d3f8b3ed96c5664557942e319d4228789226fdd8435e8dcbb59327142dfd5f3d9eebb5cb6763be4998b64555cf30c7804a352a8db721b0c3c911a258a6d6f20839d69cdfedb068c485cdfaf5baf6d5a6cb7aca0c8ac39b8e581fc75ab7b4def6e72b7d16ab539518e254e47ab358e48362a3694199365cd4587b6718d976d1dd41e63e80818bf41f4efe6b7b0295814efcf86aaae14d669b813dab83ea095001d49cbdc353c8e8cc5eae321bab5bab74b0244db6028e34e9d5f6df09c07a1803e2d1773ff258244344461d8c66691086543d3b75e9c880cf2ee3c64bb123d6ce499ac1f857004de6a71329eb5716432219ad6311081f95f461a171b9ef5b400736576c5bf99b6027c413802be40d7af694dcdae067084657dac2c8278436cfaa800cd0b7c0d86d46f1e24515276dbc086687fddd4f1b08be76e21908213ac157c7df791953f47cf70b4c7764b843f13528433d63bb0fe3243e2a7c83d2a9906c4880f795e4644e6eb34164ad3ca1787815ec768bfde612f53fcde1be8ed8d485c5668201aaaf5d38c6725253a144acd11ae971ba5b419da580a035638a4e994db36246bb93c3771a1322d2f074b3c3d926679fe3b4f0a3eec678ad8c69c6a84513f208bee39f3a3c92140240dcdf74b70b4c2a92d21e68cd5b65173aa8d6814ac42e30c5dc240909f826c20c34d4e6a368054b9b61d598444b73dfc7adf83b73f074e6aa599d284fd69d549b170420d7066b87b674ef73ae5662f0e4807b2b3908760ee24652370ca42bbb461fdb7d3316826951b250d6ae78ed950f01e03cdd35fda09cecf7f84e136a80adc146b5e366a8f66b2bf10d42ab85de7956f755d52ddc20c42921453ab86c5c09c5fb12329336594ae4723ff401da55829a9bef1753dba7edffbc3fbbbb8513a0ef56692ecaffe439235b63164a68cb092aa34ce6a7b7c96f7ac40613638ba5e06a6fe564c88d7ec17f3f51df29ea7d8aa543babaf4a37e3b375a098633aaf350e54e5a1ae88d43a1f5307382b7f93cebc7aebcc69d39ccac2ed62da7cbb6d029d03a157e333ed9120332bf9a3793babc1584d6bb3025d89f644a91f6e27d9f8b13496ceb983e3ae9388e86fe46a5a725152f0813b88dab8a0e9922c7f463ff575da1018f6633fbe8bad72155f06a677c79e6a9b6dde88ab061f0378dc1a2c8fc155502468aa91eb8bc72ec59ef85146ff9014dec3ad304e0069c18c1663bb1b286d1fdfab208cc97cc7f892ffd7083d04085a5a24f63fe2a1341b921e646ff7cf0469445af41b8f6f9087aa69dd48d44ebb0be310e4409483da0426e62b1dd835d2bd87529d51b846f5de8443dd00f888a0acc3df5b0136335bd9e05209e97ba3c2dcbc0977b2f6c215a4f494425698239c9d41f717a9eee4142693a050a5cee20748fd7a01ee427fdbc7bbe57f12a6a686977d8d089ea6ce58a4cd2bd0a843f6fd95e0d12d0098d901839686f800a0951cb8e80dda0ed1e8862cb191258f6740499e6136fd3107d9877668e2d1b9ea83ddeebc5bda709c81cb3d1198cb276ac41508a01cc1983ec960a347301a16a66e440d8f2cb61536845d4c2b2f744203b7429e85457c28989df8a3a7f345720423da20af660b0eb02e9f38c2d5bb8c6a3bbbdc8bc24a8c5a07af9f0320f8b45f15d3d23da334fee95eef1468e011e825e9ba19414e9f4af35494ae2fdf4313b347aa2f0f6515a9944a5b498a0a099e9c583ac3d5f644f0b07d575b1afef762132461b451fac3f591f2851060ace67c658d892e8af0f65a3b249b468b3a2c01377816d6b278f697e6eebf3cfef3a0de184ca5dde40565f5b699c475976cd3a9539732a8452a0911b30d7a9ae6d1352e0ef57abd6771e2152d25efbf583125f34ce22b150834d3c8f3f43c61f2234fd357ed2534d2f0486c90d0acc5e18ad476e8c21281bca27a4b8e82727f126f0912c8db0513c7130f65a8bf6ccd309689e79456a8c4d90d2034c9822f2422ed323be7de33f31713a6c9995ea0b497c87c335309a55749694af692790b277c1e4d8776b566f73ae7341f89b08db4b3613258e7b6fd98ddef7fee4b5c1621c4929b5f3b20668adb2ff1de265b43ee49611346a2a5b294e7cb352792e499ea7a7e6def32188ea60e46155365217930793ef5bbcb20986d3e6e318bde1629c22cb757053609359d2850c9aededccd4480dbf39866b8f868bc3f079b291273a5c7a1554e4c1573efb2bdddffd3c8b26e2f2927cd51aa93bbb57e1ad0fa424c825fa8d6f3d5532a289009231547cebcf7477135f679dd85a2c2da8fee3be9757af0b233176de658f253eaa21324900509050b70aaa8e594ed21a122e14d2eec1e5f5625f027ddf409fad73e270d50f89807f3a71dbec4ccf04ef283434a659cb24d62f0e6f8691246730a0188bff21d52579635f4f5bbc2f623f1fc6ba4e7fcb9e328a3360f2a5483de5917178b43ffbd1409059f82164115f1e63da20cc59305c305ee7e825e813e573158902e41849d0b7233cd0505eacb4a4344feb15436e1118b261aa48539dabbdeb924e072c458a26fcb0a4ce13945033dfa5df93a25574f897a90f1a17cce5e0130b718806d8da3bf046873aec9c5e976b36ef259d8131b15a68c5bdad91dacacd956f59588d8bc8caa0d6bec29dda186a10904070bbaebe74f4e421ebb69a827d04587ff5e0ce6c45b86af9f8f9e1c5cfb55209e2aecda3b397ea022a3fc5e03b750073cee444f844971d352f2fd3dcda0321c4ab2eabb57"})
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000080)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xee01, <r2=>0x0}}, './file0\x00'})
setresgid(r2, 0xee01, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=@newtaction={0x6c, 0x30, 0xcac229faa96ee7df, 0x0, 0x400, {}, [{0x58, 0x1, [@m_ife={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{}, 0x1}}, @TCA_IFE_METALST={0xc, 0x6, [@IFE_META_TCINDEX={0x6, 0x5, @val=0x8}]}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x3}}}}]}]}, 0x6c}}, 0x8004)
r4 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x40f02, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r4, 0xc004500a, &(0x7f0000000080))
ioctl$SNDCTL_DSP_SPEED(r4, 0xc0045002, &(0x7f0000000040))
ioctl$SNDCTL_DSP_CHANNELS(r4, 0xc0045006, &(0x7f00000000c0)=0x40)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r6, 0xf, 0x0, 0x0, 0x0, 0x0, 0xc00d, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
close(0x3)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000001100))

5.102288553s ago: executing program 5 (id=2074):
syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000a4d2ff40f3054002241b0102030109021b00010000000009040000014eaf32000905d693"], 0x0) (async, rerun: 32)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (rerun: 32)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async, rerun: 64)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) (async, rerun: 64)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) (async, rerun: 32)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) (async, rerun: 32)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000002700)=""/102392, 0x18ff8) (async)
shmdt(0x0) (async)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0x1) (async, rerun: 64)
sendmsg$IEEE802154_START_REQ(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) (async, rerun: 64)
syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r3 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r3, 0xc0045005, &(0x7f0000000380)=0x20) (async, rerun: 64)
r4 = eventfd(0x0) (rerun: 64)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000380)={r4, 0xfffffffd, 0x2}) (async)
syz_usb_connect$cdc_ncm(0x3, 0x7c, &(0x7f0000000040)={{0x12, 0x1, 0x250, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x6a, 0x2, 0x1, 0x2, 0x40, 0x9, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x7, 0x24, 0x6, 0x0, 0x1, '\tt'}, {0x5, 0x24, 0x0, 0xe}, {0xd, 0x24, 0xf, 0x1, 0x3, 0x2, 0x8, 0x2}, {0x6, 0x24, 0x1a, 0x5, 0x3c}, [@mbim={0xc, 0x24, 0x1b, 0x40b, 0xd0, 0x40, 0x7, 0x7, 0xa1}]}, {{0x9, 0x5, 0x81, 0x3, 0x8, 0xfb, 0x40, 0x7}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x20, 0x5, 0x4, 0x2}}, {{0x9, 0x5, 0x3, 0x2, 0x200, 0x35, 0x8, 0x3}}}}}}}]}}, &(0x7f0000000280)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x200, 0x89, 0x8, 0x63, 0x10, 0xb2}, 0x5e, &(0x7f0000000100)={0x5, 0xf, 0x5e, 0x5, [@ssp_cap={0x24, 0x10, 0xa, 0xf6, 0x6, 0x5, 0xff07, 0x0, [0x30, 0xff3fcf, 0xc00f, 0x0, 0x30, 0xc0]}, @ptm_cap={0x3}, @wireless={0xb, 0x10, 0x1, 0xc, 0x11, 0x9, 0x8, 0x5, 0xa}, @ssp_cap={0x20, 0x10, 0xa, 0x1, 0x5, 0xb8d, 0xf00, 0x5, [0x0, 0xf, 0x0, 0xc000, 0x3f3f]}, @ext_cap={0x7, 0x10, 0x2, 0x8, 0x0, 0x5, 0x4}]}, 0x3, [{0x57, &(0x7f0000000180)=@string={0x57, 0x3, "047a427d50d566033031fda292e6502fa4b4f70bf9a5f1c2450a658b3c20852ca7b9f1fc52ddca27e748cfb2b7caecaa2676d71bd94e968865f7ec1db627739c84b95c48cff3eaa369940b13fec9eec6896284fc7b"}}, {0x4, &(0x7f0000000200)=@lang_id={0x4, 0x3, 0x413}}, {0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x419}}]})

4.487798386s ago: executing program 1 (id=2075):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r1, <r2=>0xffffffffffffffff}, &(0x7f00000006c0), &(0x7f0000000700)=r0}, 0x20)
r3 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, 0x0, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x1000007, 0x40010, r2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
setsockopt$RDS_FREE_MR(0xffffffffffffffff, 0x114, 0x3, &(0x7f00000001c0)={{0x5, 0x188}, 0x9}, 0x10)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r4 = getpid()
sched_setscheduler(r4, 0x1, &(0x7f0000000100)=0x5)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005f80)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8040)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000003c0)=ANY=[@ANYBLOB="140100001f00010000000000008000000101008014000302fc01000000000000000000000000000014000100fe80000000000000000000000000000050bb2d6f67d29d6fabadb107d0def4eaecd5b29c88ea04abde1d5e8d3fb22a1b504681000000000000009ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5a3955b1086cda40e00aec58754734be1c91ae884abc5c2092c711425731d750351dc076eb43d9621dd08c029d1608a487f26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d97673ddd576b389d5d2df9e99f079767734f69ce475f39db64337803f5eb4e"], 0x114}], 0x1}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="a100a96f9355378143d51debb62b884d638c8089fd804016ffffb965e8000efda0a6d76e32d8f2019ac309eefb1b7d2032b95c9d9168bbd60553b3ab22b817d657c938dc94a352e406c359a13f66ddc9f55bb7780f9acc01885ff92b577d74d8b7e8ddb722859660f35034348d29fd1bd09cd0dcca5d2d515e4db3f4827d5f02f37997f2cfb504f4d41bc2799a31633a5d17cdda03949f9a4dc8ad4bda5e2a", @ANYRES64=r4, @ANYRES32], 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='ishtp_dump\x00', r8}, 0x18)
r9 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet_sctp(r9, &(0x7f0000000300)=[{&(0x7f0000000000)=@in={0x2, 0x4e21, @local}, 0x10, &(0x7f0000000380)=[{&(0x7f0000000b00)="92", 0x1}], 0x1, &(0x7f00000005c0)=[@dstaddrv6={0x20, 0x84, 0x8, @remote}], 0x20, 0x20000015}], 0x1, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair(0x18, 0x0, 0x6, &(0x7f0000000000))
msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4)
r10 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
waitid(0x0, r10, 0x0, 0xc1000004, &(0x7f00000000c0))
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)

4.487246751s ago: executing program 2 (id=2076):
r0 = socket(0x10, 0x3, 0x4)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000380)={<r1=>0x0, @broadcast, @broadcast}, &(0x7f0000019680)=0xc)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, 0x0, 0x0, 0x8, 0x0, 0x0, 0x41000, 0x43, '\x00', r1, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000240)={0x3, 0x4, 0x3, 0x6}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
r2 = socket(0x15, 0x5, 0x0)
getsockopt(r2, 0x200000000114, 0x8, 0x0, 0x0)
kcmp(0x0, 0x0, 0x2, 0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
capget(0x0, 0x0)
symlink(&(0x7f0000000000)='.\x00', 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
r6 = socket$pptp(0x18, 0x1, 0x2)
bind$pptp(r6, &(0x7f0000000000)={0x18, 0x2, {0x0, @dev={0xac, 0x14, 0x14, 0x10}}}, 0x1e)
connect$pptp(r6, &(0x7f0000000700)={0x18, 0x2, {0x0, @private=0xa010102}}, 0x1e)
socket(0x10, 0x3, 0x0)
open(0x0, 0x94200, 0x2)
ioctl$vim2m_VIDIOC_EXPBUF(0xffffffffffffffff, 0xc0405668, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={0x0}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)

4.419790273s ago: executing program 5 (id=2077):
r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000040)) (async)
r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040301, 0x0)
r2 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x0, 0x0}}, 0xfdbc) (async)
r3 = socket$kcm(0x10, 0x400000002, 0x0)
write$cgroup_subtree(r3, &(0x7f0000000100)=ANY=[@ANYBLOB="0007000042009103"], 0xfe33)
recvmsg(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000001600)=""/4098, 0x1002}, {&(0x7f0000003700)=""/4081, 0xff1}, {&(0x7f0000002640)=""/4102, 0x1006}, {&(0x7f0000001240)=""/107, 0x6b}, {&(0x7f0000000140)=""/165, 0xa5}, {&(0x7f0000000000)=""/79, 0x4f}, {&(0x7f0000000340)=""/74, 0x4a}], 0x7}, 0x60012002)
ioctl$SNDRV_PCM_IOCTL_HW_PARAMS_OLD(r2, 0xc1004111, &(0x7f00000011c0)={0xff, [0x4, 0x3, 0x80000000], [{0x0, 0x3, 0x0, 0x1, 0x1}, {0xe58f, 0x8, 0x1, 0x1}, {0x2, 0x1, 0x1, 0x1}, {0xc0d, 0x5, 0x1, 0x0, 0x0, 0x1}, {0xfffffffa, 0x2, 0x1, 0x0, 0x1, 0x1}, {0x400, 0x4, 0x1}, {0xa, 0x7, 0x1, 0x0, 0x1}, {0x8, 0x14, 0x1}, {0x0, 0x9, 0x0, 0x1}, {0x1000, 0xf9, 0x1, 0x1, 0x0, 0x1}, {0xb, 0x2, 0x0, 0x0, 0x0, 0x1}, {0x0, 0x4, 0x1, 0x0, 0x1}], 0x201}) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = socket$nl_route(0x10, 0x3, 0x0) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r4, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00', <r6=>0x0})
sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@ipv4_newaddr={0x48, 0x14, 0x509, 0x0, 0x25dfdbfd, {0x2, 0x1f, 0x0, 0xcb, r6}, [@IFA_ADDRESS={0x8, 0x1, @dev={0xac, 0x14, 0x14, 0x41}}, @IFA_LOCAL={0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}, @IFA_RT_PRIORITY={0x8, 0x9, 0x6}, @IFA_ADDRESS={0x8, 0x1, @multicast1}, @IFA_RT_PRIORITY={0x8, 0x9, 0xfffff435}, @IFA_RT_PRIORITY={0x8, 0x9, 0x103}]}, 0x48}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00'}) (async)
r7 = socket$kcm(0x2, 0x5, 0x84)
sendmsg$inet(r7, &(0x7f00000004c0)={&(0x7f00000000c0)={0x2, 0x4e21, @private=0xa010102}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)='=', 0x1}], 0x1}, 0x20000001) (async)
sendmsg$inet(r7, &(0x7f0000000680)={&(0x7f0000000140)={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000200)=[{&(0x7f0000000180)='W', 0x1}], 0x1}, 0x0)
r8 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)="5c00000014006b03000000d86e6c1d0002847ea622fb564500004e23e3f58e76110165f450e71b0075e3002500028d459e37000f0000000000bf9367b47e51f60a64c9f4d4938037e786a6d0bdd700"/92, 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
recvmsg$kcm(r8, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x40)
sendmsg$nl_route(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[], 0x70}}, 0x0)

3.598798967s ago: executing program 3 (id=2078):
syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382)
prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000ffc000/0x1000)=nil)
socket(0x3, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xfffffffffffffff7}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x4e7)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sched_setscheduler(0x0, 0x3, &(0x7f0000000080)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2)
syz_open_procfs(0x0, &(0x7f0000000280)='ns\x00')
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[], 0x2a, 0xfffffffffffffffc)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
syz_usb_connect$cdc_ncm(0x3, 0x0, 0x0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x0, &(0x7f0000000180)=0x1000005)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x9)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @local, 0x2}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
openat$dsp(0xffffffffffffff9c, 0x0, 0x480040, 0x0)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000040)=@gcm_128={{0x303}, "0400090000003a72", "1c0c1ed53c72da5e61712b711dbcf8f1", "02eaeb93", "0600"}, 0x28)
sendto$inet6(r1, &(0x7f0000000300)="25e9cc6d1205593c1db0fb4c0d4ffb0190f1202b0253bcd57b86f4306d612a3f2777e69900cdbc4da0850f80ed298a847b292907c46b8e6aa95362", 0xfffffffffffffede, 0x8081, 0x0, 0xfffffffffffffdc0)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000100)={0x1, 0x4, 0x8000000, 0x2000, &(0x7f0000001000/0x2000)=nil})

3.535152138s ago: executing program 2 (id=2079):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$kcm(0x10, 0x400000002, 0x0)
sendmsg$inet(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000140)="1c0000005e007f029e3b470d649b72ab25399cd956c07dead6a93690", 0x1c}], 0x1}, 0x0)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r4 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f00000001c0)='\x00', &(0x7f0000000240)='{}k%@\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
r5 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000000340)={<r6=>0x0, 0x562}, &(0x7f0000000380)=0x8)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f00000003c0)={r6, @in={{0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0xb}}}, 0x81, 0x4, 0x6, 0x0, 0xa3, 0x0, 0x9}, 0x9c)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
readv(r4, &(0x7f0000000200)=[{&(0x7f0000000080)=""/3, 0x3}], 0x1)

2.993938624s ago: executing program 0 (id=2080):
syz_open_dev$MSR(0x0, 0x54a, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x80800)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x2701, 0x0)
r1 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x2, 0xffffffffffffffff, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000640)=@newtaction={0xe4, 0x30, 0x1, 0x1000, 0x0, {}, [{0xd0, 0x1, [@m_vlan={0x90, 0x18, 0x0, 0x0, {{0x9}, {0x4}, {0x61, 0x6, "5e7ab91bfbb9a88b874390e1f6edeeaa5d2057c9c0352d80ae1d985b5915a3ca8dec05b7fc8ad87dbdc84f021a92b0ae6db1718a17b983b579133f318912c3e2843af7eeac8f1f35ffe003fa6e791e510cb2772e55d8690fdc30a4d75c"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2}}}}, @m_ife={0x3c, 0x1, 0x0, 0x0, {{0x8}, {0xc, 0x2, 0x0, 0x1, [@TCA_IFE_TYPE={0x6, 0x5, 0x2}]}, {0x9, 0x6, '\x00\x00\x00\x00\x00'}, {0xc}, {0xc, 0x8, {0x3, 0x1}}}}]}]}, 0xe4}, 0x1, 0x0, 0x0, 0x804}, 0x20000980)
tkill(0x0, 0x12)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, &(0x7f0000000300)={0x0, 0x7}, &(0x7f0000000340)=0x8)
ioctl$sock_netrom_SIOCADDRT(r5, 0x541b, &(0x7f0000000000)={0x0, @default, @bpq0, 0x0, 'syz0\x00', @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x0, 0x0, [@default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]})
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x7, &(0x7f000022c000/0x3000)=nil)
r6 = io_uring_setup(0xc, &(0x7f0000000080)={0x0, 0x8470, 0x0, 0x3})
io_uring_register$IORING_REGISTER_BUFFERS(r6, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)

1.868033045s ago: executing program 0 (id=2081):
socket(0x10, 0x80002, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, 0x0, 0x2000c800)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
socket$netlink(0x10, 0x3, 0x12)
r3 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$VIDIOC_S_SELECTION(r3, 0xc040565f, &(0x7f0000000280)={0x1, 0x102, 0x8, {0x7, 0x8, 0x2, 0x90000}})
r4 = socket$l2tp6(0xa, 0x2, 0x73)
sendmmsg$inet6(r4, 0x0, 0x0, 0xff00)
r5 = inotify_init1(0x0)
r6 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$RFKILL_IOCTL_NOINPUT(r6, 0x5201)
r7 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r7, 0x0, 0x0)
ioctl$RFKILL_IOCTL_NOINPUT(0xffffffffffffffff, 0x5201)
close_range(r5, 0xffffffffffffffff, 0x0)
r8 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000940)=@newtaction={0x18, 0x30, 0x48b, 0x0, 0x0, {}, [{0x4}]}, 0x18}}, 0x0)

1.862325306s ago: executing program 3 (id=2082):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="b4050000200080006110600000000000c60000000000000095000000000000009f33ef60916e6e893f1eeb0be20000d072f5b89c3043c47c896ce0bc8731fa595b6b4d45ef26dcca5582054d54d53cd2b6db714e4b94bdae214fa68a0557eb3c5ca683a4b6fc89398f2b9000f224891060017c4700de60beac671e8e8fdecb03588aa6007e71f871ab5c2ff88afc6002084e5b52710aeee835cf0d78e45f70983826fb8579c1fb47d2c5553d2ccb5fc5b51fe6b174ebd9907dcff414ed55b0d18a93ee341ab59016f81860324b800300000000000092d9c5fe34ccb80a61ffcb3363073fd8962823ee45f5d7394e9510f4a801efdf008499d7aca1afac6c702cfabe8a9c55c8dafcdb110036e14c1035cafdfef6a358cbfadb3579a285580a3c080d4e0a48d7bdc38a0437c8c1b3aa408aad81dbcc38dd442dc590e6b92b2af9e2fe7dc27ffa3e72e83d86bb8cfbf0b4134a42c99445bf09b18844d2e929d3df5091005b95749a0cb5319955c941b9c53026ba180594d0d67be68926275cd247ed1d73319b483d"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xbb, &(0x7f000000cf3d)=""/187, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x12, 0x4, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000500)=ANY=[@ANYRES32=r2, @ANYRES32=r1, @ANYBLOB='&'], 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000a80)={r2, &(0x7f0000000940), &(0x7f0000000a40)=@tcp6=r0}, 0x20)
recvmmsg(r0, &(0x7f00000073c0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000003d80)=[{&(0x7f0000002ac0)=""/4101, 0x1005}], 0x1}}], 0x2, 0xf2, 0x0)

1.818554081s ago: executing program 2 (id=2083):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="8fedcb7907a56675f37538ec86dd6317ce22667f1100db5b686158bbcfe8875aac1a6e04ce65969ff57b03e50700000000000000000000ac1414aaa8063daaed17741428bcc087eb53e83a54e032f952bf1b176b004a0b578b48f943ba70dbba7a2cd17ecd13111988ecb00a0b00391514470df6aafec0d30cc8cad904ffd8bea0056b71847b08c0ec9a0d79e07f7100ad09057b6df2e155673e9a697f6119b7d273d6db0ced8885dfe3f4f7ff7fd5061e5539958b2e17cd9169f74ef289"], 0xfdef)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x0, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="1866002c99bbb30000000000000000000000040004"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3, @void, @value}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fed007907001175f37538e486dd63"], 0xcfa4)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
r2 = fcntl$getown(r0, 0x9)
r3 = syz_open_procfs(r2, &(0x7f0000000080)='net/stat\x00')
preadv(r3, &(0x7f0000000840)=[{&(0x7f0000000880)=""/183, 0xb7}], 0x1, 0x180, 0x0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r6, 0x4020aeb2, &(0x7f0000000300)={0x0, 0x12c, @ioapic={0x4, 0x5, 0x4, 0x5, 0x0, [{0x0, 0x0, 0x4, '\x00', 0x6}, {0x9b, 0x1, 0xe, '\x00', 0x20}, {0x4, 0x4, 0x4, '\x00', 0x3}, {0xf4, 0x5, 0x3, '\x00', 0xd8}, {0x6, 0xa3, 0xfa, '\x00', 0x3}, {0x4, 0x7, 0x3, '\x00', 0x7}, {0x5, 0x53, 0xe, '\x00', 0x9}, {0x0, 0x6, 0x5a, '\x00', 0x40}, {0x9, 0x7f, 0x4}, {0x72, 0x2, 0x2, '\x00', 0x6}, {0x24, 0x7e, 0x7, '\x00', 0x4}, {0x19, 0x80, 0x9, '\x00', 0x1}, {0x9, 0x6, 0xd, '\x00', 0x8}, {0x7, 0xb, 0x0, '\x00', 0xa}, {0x2, 0x6f, 0x8}, {0x8, 0x3, 0x1, '\x00', 0xfe}, {0x1, 0xf, 0x7, '\x00', 0x4}, {0x81, 0x3, 0x0, '\x00', 0xba}, {0x5, 0x3, 0x7, '\x00', 0x7}, {0x8, 0x8, 0x3, '\x00', 0x9}, {0x2, 0x3, 0xc, '\x00', 0x49}, {0x9, 0x9, 0x5, '\x00', 0x5}, {0xe, 0x2, 0x1}, {0x92, 0x7c, 0x7f, '\x00', 0xe}]}})
close_range(r4, 0xffffffffffffffff, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x4, &(0x7f0000006680))
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000000000e9a4bcb53", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48)
iopl(0x3)
semctl$IPC_RMID(0xffffffffffffffff, 0x0, 0x0)
semop(0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r7, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x80}, 0x8)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x87}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x3f00)

1.315872203s ago: executing program 3 (id=2084):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000300)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r6 = openat$cgroup_type(r5, &(0x7f00000001c0), 0x2, 0x0)
write$cgroup_type(r6, &(0x7f0000000280), 0x9)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000140)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r8 = openat$cgroup_subtree(r7, &(0x7f0000000080), 0x2, 0x0)
write$cgroup_subtree(r8, &(0x7f0000000040)=ANY=[@ANYBLOB='+pids'], 0x6)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f00000006c0)={0x0, 0x0, 0x2c, 0x0, 0x104, 0x2})

1.315425903s ago: executing program 1 (id=2085):
openat$nvram(0xffffffffffffff9c, 0x0, 0x40000, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x280001)
socket$packet(0x11, 0x2, 0x300)
prlimit64(0x0, 0xe, &(0x7f0000000300)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000580)={0x60, 0x0, &(0x7f00000004c0)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000740)={@flat=@handle={0x73682a85, 0x100a, 0x3}, @ptr={0x70742a85, 0x0, &(0x7f0000000380)=""/231, 0xe7, 0x0, 0x8}, @fda={0x66646185, 0x2, 0x2, 0x36}}, &(0x7f0000000040)={0x0, 0x18, 0x40}}, 0x40}, @acquire_done], 0xb5, 0x0, &(0x7f0000000640)="0000aa5953d06b781f0946501e48fd8be5e16e4e8f7d37425ec1fcb7ddd3c18473947cfdca51a4108ceb318b49915f1ff1f2665708664e3fd401eca62b6359873971561822eac5adc45cf2a4ed5a6fa0b0c4001a862445b3f1d7ab40e34db18b60ffe0098a17a02c1510c61688f9d91797d6ebc21efacc9a749438655a4914ff068dc20817f7579ce3d0409ebedce1d0792994591d7e64c3ff57b2344678eb24491140a901742b6201a12c88dcf3c198a4687c3722"})
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_io_uring_setup(0x12d, &(0x7f0000000140)={0x0, 0x5885, 0x1}, &(0x7f0000000480), &(0x7f0000000280))
r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r2 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/asound/card2/oss_mixer\x00', 0x30000, 0x0)
r3 = fcntl$dupfd(r2, 0x2, 0xffffffffffffffff)
splice(r1, 0x0, r3, 0x0, 0x2000, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_FLUSH(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="5c000000040605000000000000000000030004000900020073797a3200000000090002000100000000000000050001000700000005000100070000000900020073797a310000000005000100070000000900020073797a30"], 0x5c}}, 0x0)
syz_open_dev$video4linux(&(0x7f00000001c0), 0x17, 0x2000)
io_setup(0x3, &(0x7f0000000180)=<r5=>0x0)
r6 = syz_open_procfs(0x0, &(0x7f0000000200)='fd/3\x00')
io_submit(r5, 0x1, &(0x7f00000000c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x0, r6, 0x0}])
r7 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40)
r8 = socket$can_raw(0x1d, 0x3, 0x1)
getsockopt$CAN_RAW_FD_FRAMES(r8, 0x65, 0x5, &(0x7f0000000080), &(0x7f00000000c0)=0x4)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000040)=<r9=>0x0)
ioctl$BLKTRACESETUP(r7, 0xc0481273, &(0x7f00000006c0)={'\x00', 0x27ff, 0x8b24, 0x2, 0xb, 0x59c, r9})

468.777434ms ago: executing program 0 (id=2086):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x10, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000004340)={0x6, 0x5, &(0x7f00000007c0)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x23}, @alu={0x7, 0x1, 0x0, 0xa, 0x3, 0x0, 0xfffffffffffffff7}]}, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x52, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r0}, 0xc)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000740)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, 0x0, 0x0)
ioctl$vim2m_VIDIOC_G_FMT(0xffffffffffffffff, 0xc0285629, &(0x7f0000000080)={0x3, @win={{0x2}, 0x7, 0x0, &(0x7f0000000040), 0x81, 0x0}})
shmget$private(0x0, 0x2000, 0x400, &(0x7f0000ffc000/0x2000)=nil)
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f00000001c0)={{0x1, 0x1, 0x18, <r2=>0xffffffffffffffff, {0x7, 0x6}}, './file0\x00'})
ioctl$SNDCTL_DSP_SETTRIGGER(r2, 0x40045010, &(0x7f0000000200)=0x4)
r3 = socket$rxrpc(0x21, 0x2, 0x2)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), r2)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000002c0)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_ABORT_SCAN(r4, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x1c, r5, 0x200, 0x70bd27, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r6}, @void}}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4004}, 0x40001)
bind$rxrpc(r3, &(0x7f0000000180)=@in4={0x21, 0x44, 0x2, 0x10, {0x2, 0x4e22, @remote}}, 0x24)

353.643211ms ago: executing program 3 (id=2087):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
prlimit64(r0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x6a)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x200000, 0x0)
r4 = socket$phonet_pipe(0x23, 0x5, 0x2)
setsockopt$PNPIPE_ENCAP(r4, 0x113, 0x1, &(0x7f00000000c0)=0x1, 0x4)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001900)=@newtaction={0x14, 0x30, 0xb}, 0x14}}, 0x0)
ioperm(0x0, 0x6, 0x8000000000004)
io_destroy(0x0)
r5 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
r6 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r6, 0xc04064a0, &(0x7f0000000700)={0x0, &(0x7f0000000640)=[<r7=>0x0], 0x0, 0x0, 0x0, 0x1})
r8 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r8, 0xc04064a0, 0x0)
ioctl$DRM_IOCTL_MODE_GETCRTC(r6, 0xc06864a1, &(0x7f0000000440)={0x0, 0x0, r7, <r9=>0x0})
ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r5, 0xc01864b0, &(0x7f0000000080)={r7, r9})
ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r5, 0xc01864b0, &(0x7f0000000180)={0x0, r9, 0x1})
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone(0x800c000, 0x0, 0x0, 0x0, 0x0, 0x0)

171.602561ms ago: executing program 2 (id=2088):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0), 0x80201, 0x0)
write$rfkill(r2, &(0x7f0000000000)={0x0, 0x8, 0x2, 0x1}, 0x8)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
r3 = openat$cgroup(0xffffffffffffffff, &(0x7f0000001040)='syz0\x00', 0x200002, 0x0)
openat$cgroup_pressure(r3, &(0x7f0000001080)='io.pressure\x00', 0x2, 0x0)
r4 = socket(0x2, 0x80805, 0x0)
getsockopt$bt_hci(r4, 0x84, 0x80, &(0x7f0000000000)=""/4102, 0x0)
r5 = socket(0x25, 0x1, 0x2)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r5)
listen(0xffffffffffffffff, 0x0)
r6 = socket(0x28, 0x5, 0x0)
connect$vsock_stream(r6, &(0x7f0000000080), 0x10)
setsockopt$sock_linger(r6, 0x1, 0x3c, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0x541b, &(0x7f0000000040))
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(r9, 0x4138ae84, &(0x7f0000000100)={{0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x10}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, {0x2000, 0x5000, 0xc, 0x0, 0x7, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfc}, {0x3000, 0xd000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, {0x10000, 0x1, 0x9, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3c}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0xd, 0xfe}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0xa, 0xfe}, {0x80a0000}, {0xdddd1000}, 0xddf8ffdb, 0x0, 0x0, 0x140030, 0x0, 0xf801, 0x0, [0x0, 0x0, 0x1]})
ioctl$KVM_RUN(r9, 0xae80, 0x0)

0s ago: executing program 0 (id=2089):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007dd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f0000000040)=0x1ffffffd, 0x4)

kernel console output (not intermixed with test programs):

.965825][T11733]  ? __pfx_seq_read+0x10/0x10
[  538.970521][T11733]  ? import_ubuf+0x1b6/0x220
[  538.975128][T11733]  ? avc_policy_seqno+0x9/0x20
[  538.979909][T11733]  ? __pfx_seq_read+0x10/0x10
[  538.984577][T11733]  proc_reg_read+0x23d/0x330
[  538.989151][T11733]  ? __pfx_proc_reg_read+0x10/0x10
[  538.994246][T11733]  vfs_readv+0x6bf/0x890
[  538.998499][T11733]  ? __pfx___lock_acquire+0x10/0x10
[  539.003703][T11733]  ? find_held_lock+0x2d/0x110
[  539.008486][T11733]  ? __pfx_vfs_readv+0x10/0x10
[  539.013262][T11733]  ? __fget_files+0x1fc/0x3a0
[  539.017957][T11733]  ? __pfx_lock_release+0x10/0x10
[  539.022989][T11733]  ? __fget_files+0x206/0x3a0
[  539.027669][T11733]  ? do_preadv+0x1b1/0x270
[  539.032062][T11733]  do_preadv+0x1b1/0x270
[  539.036382][T11733]  ? __pfx_do_preadv+0x10/0x10
[  539.041140][T11733]  do_syscall_64+0xcd/0x250
[  539.045651][T11733]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  539.051527][T11733] RIP: 0033:0x7f5ff4385d29
[  539.055919][T11733] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  539.075530][T11733] RSP: 002b:00007f5ff51aa038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[  539.078048][T11737] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1506'.
[  539.083942][T11733] RAX: ffffffffffffffda RBX: 00007f5ff4576080 RCX: 00007f5ff4385d29
[  539.083983][T11733] RDX: 0000000000000001 RSI: 0000000020000280 RDI: 0000000000000004
[  539.083994][T11733] RBP: 00007f5ff51aa090 R08: 0000000000000000 R09: 0000000000000000
[  539.084004][T11733] R10: 000000000000014a R11: 0000000000000246 R12: 0000000000000001
[  539.084015][T11733] R13: 0000000000000000 R14: 00007f5ff4576080 R15: 00007ffea3ade158
[  539.084038][T11733]  </TASK>
[  539.324240][   T29] audit: type=1400 audit(1737437366.908:875): avc:  denied  { lock } for  pid=11739 comm="syz.3.1510" path="socket:[30442]" dev="sockfs" ino=30442 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1
[  539.680606][T11137] usb 2-1: USB disconnect, device number 31
[  539.707743][T11727] netlink: 'syz.5.1506': attribute type 10 has an invalid length.
[  539.716418][T11746] qrtr: Invalid version 0
[  539.725604][T11727] syz_tun: entered promiscuous mode
[  539.749946][T11727] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  541.666180][T11760] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1513'.
[  541.843874][T11760] netlink: 'syz.2.1513': attribute type 6 has an invalid length.
[  541.873115][T11760] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1513'.
[  542.161119][ T5863] usb 2-1: new full-speed USB device number 32 using dummy_hcd
[  542.362434][ T5863] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  542.374261][ T5863] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 520, setting to 64
[  542.411017][ T5863] usb 2-1: New USB device found, idVendor=172f, idProduct=0502, bcdDevice= 0.00
[  542.420128][ T5863] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  543.085505][ T5863] usb 2-1: config 0 descriptor??
[  543.121276][T11778] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  543.558486][ T5866] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  543.571568][   T29] audit: type=1400 audit(1737437371.148:876): avc:  denied  { ioctl } for  pid=11777 comm="syz.1.1518" path="socket:[31352]" dev="sockfs" ino=31352 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  543.573754][ T5863] waltop 0003:172F:0502.0019: unknown main item tag 0x0
[  543.604846][ T5863] waltop 0003:172F:0502.0019: unknown main item tag 0x0
[  543.611953][ T5863] waltop 0003:172F:0502.0019: unknown main item tag 0x0
[  543.611978][ T5863] waltop 0003:172F:0502.0019: unknown main item tag 0x0
[  543.611999][ T5863] waltop 0003:172F:0502.0019: unknown main item tag 0x0
[  543.613498][ T5863] waltop 0003:172F:0502.0019: hidraw0: USB HID v0.00 Device [HID 172f:0502] on usb-dummy_hcd.1-1/input0
[  543.656412][   T29] audit: type=1400 audit(1737437371.148:877): avc:  denied  { setopt } for  pid=11777 comm="syz.1.1518" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  543.713038][T11800] netlink: 'syz.3.1523': attribute type 1 has an invalid length.
[  543.801387][ T5866] usb 3-1: Using ep0 maxpacket: 16
[  543.825631][ T5866] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 238, changing to 11
[  543.940387][ T5863] usb 2-1: USB disconnect, device number 32
[  544.153769][   T29] audit: type=1400 audit(1737437371.148:878): avc:  denied  { connect } for  pid=11777 comm="syz.1.1518" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  544.177268][ T5866] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  544.203224][ T5866] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00
[  544.214051][ T5866] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  544.226632][ T5866] usb 3-1: config 0 descriptor??
[  544.462370][T11791] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  544.479011][T11791] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  544.595910][   T29] audit: type=1400 audit(1737437372.068:879): avc:  denied  { map } for  pid=11795 comm="syz.5.1524" path="socket:[30513]" dev="sockfs" ino=30513 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  544.623352][   T29] audit: type=1400 audit(1737437372.068:880): avc:  denied  { read accept } for  pid=11795 comm="syz.5.1524" path="socket:[30513]" dev="sockfs" ino=30513 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  544.669869][T11820] qrtr: Invalid version 0
[  544.702620][T11825] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  544.711326][T11825] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  544.931692][ T5866] kovaplus 0003:1E7D:2D50.001A: item fetching failed at offset 0/3
[  545.019014][ T5866] kovaplus 0003:1E7D:2D50.001A: parse failed
[  545.095758][ T5866] kovaplus 0003:1E7D:2D50.001A: probe with driver kovaplus failed with error -22
[  545.730571][T11872] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  546.363778][ T5866] usb 3-1: USB disconnect, device number 26
[  547.560882][T11889] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  548.062826][   T29] audit: type=1400 audit(1737437375.648:881): avc:  denied  { setattr } for  pid=11891 comm="syz.2.1533" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  550.987188][   T29] audit: type=1400 audit(1737437378.568:882): avc:  denied  { watch watch_reads } for  pid=11928 comm="syz.3.1542" path="/321/file0" dev="tmpfs" ino=1764 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=sock_file permissive=1
[  551.087677][   T29] audit: type=1400 audit(1737437378.658:883): avc:  denied  { bind } for  pid=11930 comm="syz.5.1543" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  551.108045][T11137] usb 1-1: new high-speed USB device number 33 using dummy_hcd
[  551.421005][T11137] usb 1-1: Using ep0 maxpacket: 16
[  551.434714][T11137] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 238, changing to 11
[  551.639636][ T5820] Bluetooth: hci2: command 0x0406 tx timeout
[  551.668112][T11137] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  551.850852][T11137] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00
[  551.946752][T11137] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  551.955092][T11945] fuse: Bad value for 'fd'
[  551.968038][T11137] usb 1-1: config 0 descriptor??
[  552.074024][T11941] orangefs_mount: mount request failed with -4
[  552.181364][T11926] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  552.239652][T11926] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  552.266028][   T29] audit: type=1400 audit(1737437379.848:884): avc:  denied  { mount } for  pid=11928 comm="syz.3.1542" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[  552.289263][T11946] overlay: ./file0 is not a directory
[  552.416254][T11956] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  552.424956][T11956] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  552.635830][T11137] kovaplus 0003:1E7D:2D50.001B: item fetching failed at offset 0/3
[  552.668553][T11137] kovaplus 0003:1E7D:2D50.001B: parse failed
[  552.685188][T11137] kovaplus 0003:1E7D:2D50.001B: probe with driver kovaplus failed with error -22
[  552.921090][ T5820] Bluetooth: hci1: command 0x0405 tx timeout
[  553.301443][ T3070] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  553.381085][T11229] usb 4-1: new full-speed USB device number 26 using dummy_hcd
[  553.601105][ T3070] usb 6-1: Using ep0 maxpacket: 8
[  553.608217][ T3070] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  553.623336][ T3070] usb 6-1: New USB device found, idVendor=0421, idProduct=0099, bcdDevice=23.74
[  553.633198][ T3070] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  553.641503][ T3070] usb 6-1: Product: syz
[  553.645780][ T3070] usb 6-1: Manufacturer: syz
[  553.650385][ T3070] usb 6-1: SerialNumber: syz
[  553.661884][ T3070] usb 6-1: config 0 descriptor??
[  553.670741][ T3070] usb 6-1: bad CDC descriptors
[  553.685690][T11229] usb 4-1: unable to get BOS descriptor or descriptor too short
[  553.696398][ T3070] cdc_acm 6-1:0.0: Control and data interfaces are not separated!
[  553.718097][T11229] usb 4-1: not running at top speed; connect to a high speed hub
[  553.783437][ T3070] cdc_acm 6-1:0.0: This needs exactly 3 endpoints
[  554.275796][T11229] usb 4-1: config 17 has an invalid interface number: 8 but max is 1
[  554.286281][ T3070] cdc_acm 6-1:0.0: probe with driver cdc_acm failed with error -22
[  554.286596][T11959] fuse: Bad value for 'rootmode'
[  554.294283][T11229] usb 4-1: config 17 has 1 interface, different from the descriptor's value: 2
[  554.294310][T11229] usb 4-1: config 17 has no interface number 0
[  554.294343][T11229] usb 4-1: config 17 interface 8 altsetting 6 has an endpoint descriptor with address 0x6D, changing to 0xD
[  554.336321][T11229] usb 4-1: config 17 interface 8 altsetting 6 endpoint 0xD has an invalid bInterval 116, changing to 4
[  554.346741][ T5863] usb 1-1: USB disconnect, device number 33
[  554.347478][T11229] usb 4-1: config 17 interface 8 altsetting 6 endpoint 0xD has invalid maxpacket 30307, setting to 1023
[  554.368699][T11229] usb 4-1: config 17 interface 8 has no altsetting 0
[  554.377450][T11229] usb 4-1: New USB device found, idVendor=0763, idProduct=2001, bcdDevice=2c.ff
[  554.382680][T11959] Bluetooth: MGMT ver 1.23
[  554.397037][T11229] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  554.412554][T11229] usb 4-1: Product: syz
[  554.416755][T11229] usb 4-1: Manufacturer: syz
[  554.514936][T11229] usb 4-1: SerialNumber: syz
[  555.323147][T11229] usb 4-1: selecting invalid altsetting 0
[  555.328929][T11229] usb 4-1: 8:6 : no UAC_FORMAT_TYPE desc
[  555.336808][T11229] usb 4-1: selecting invalid altsetting 0
[  555.694927][T11229] usb 4-1: USB disconnect, device number 26
[  555.786558][ T5866] usb 6-1: USB disconnect, device number 8
[  555.964417][ T6265] udevd[6265]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:17.8/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  557.465276][T12014] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  559.014793][T12016] binder: 12012:12016 ioctl 4018620d 0 returned -22
[  559.847503][T12038] netlink: 2 bytes leftover after parsing attributes in process `syz.5.1567'.
[  560.717070][T12052] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1572'.
[  560.971564][T12056] IPVS: stopping master sync thread 12057 ...
[  560.979458][T12057] IPVS: sync thread started: state = MASTER, mcast_ifn = wg1, syncid = 262145, id = 0
[  561.448186][   T29] audit: type=1400 audit(1737437389.028:885): avc:  denied  { append } for  pid=12065 comm="syz.0.1575" name="video8" dev="devtmpfs" ino=951 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[  562.576532][   T29] audit: type=1400 audit(1737437390.148:886): avc:  denied  { remount } for  pid=12071 comm="syz.1.1577" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[  562.592041][T12075] netlink: 1256 bytes leftover after parsing attributes in process `syz.5.1576'.
[  562.792731][ T1290] ieee802154 phy0 wpan0: encryption failed: -22
[  562.799309][ T1290] ieee802154 phy1 wpan1: encryption failed: -22
[  562.840985][ T5901] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  563.149806][T12087] fuse: Bad value for 'fd'
[  563.211206][T12088] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1582'.
[  564.456801][ T5901] usb 2-1: device descriptor read/64, error -71
[  564.750510][ T5901] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  565.473954][T12100] fuse: Unknown parameter '000000000000000000000x0000000000000006'
[  565.508852][   T29] audit: type=1400 audit(1737437393.058:887): avc:  denied  { mounton } for  pid=12076 comm="syz.0.1578" path="/302/file0/file0" dev="ramfs" ino=32975 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=dir permissive=1
[  565.769240][T12099] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  565.845666][   T29] audit: type=1400 audit(1737437393.368:888): avc:  denied  { unmount } for  pid=5818 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[  567.016105][   T29] audit: type=1400 audit(1737437394.598:889): avc:  denied  { unmount } for  pid=5827 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[  567.173354][T12093] block nbd5: shutting down sockets
[  567.291090][T12122] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1591'.
[  567.326418][   T29] audit: type=1400 audit(1737437394.898:890): avc:  denied  { setopt } for  pid=12121 comm="syz.0.1591" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  567.354253][ T5920] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  567.641374][T12123] hfs: unable to load iocharset "io#harseton#"
[  567.671202][ T5920] usb 2-1: Using ep0 maxpacket: 32
[  567.678489][ T5920] usb 2-1: config 0 has an invalid interface number: 184 but max is 0
[  567.703627][ T5920] usb 2-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config
[  567.741486][ T5920] usb 2-1: config 0 has no interface number 0
[  567.757878][ T5920] usb 2-1: config 0 interface 184 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  567.791032][ T5920] usb 2-1: config 0 interface 184 has no altsetting 0
[  567.807997][ T5920] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  567.820986][ T5920] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  567.834830][ T5920] usb 2-1: Product: syz
[  567.842539][ T5920] usb 2-1: Manufacturer: syz
[  567.847214][ T5920] usb 2-1: SerialNumber: syz
[  567.862581][ T5920] usb 2-1: config 0 descriptor??
[  568.463974][   T29] audit: type=1400 audit(1737437396.038:891): avc:  denied  { name_connect } for  pid=12139 comm="syz.5.1592" dest=20004 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1
[  568.680781][ T5920] smsc75xx v1.0.0
[  568.684786][ T5920] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  568.710764][ T5920] smsc75xx 2-1:0.184: probe with driver smsc75xx failed with error -22
[  568.771591][ T5920] usb 2-1: USB disconnect, device number 35
[  568.861115][T12148] fuse: Bad value for 'fd'
[  570.437086][T12159] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1602'.
[  570.468361][T12159] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1602'.
[  570.626646][T12159] batadv_slave_1: entered promiscuous mode
[  571.460616][ T5822] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  571.811003][ T5822] usb 6-1: config index 0 descriptor too short (expected 64754, got 72)
[  571.830138][ T5822] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  571.842715][ T5822] usb 6-1: config 1 interface 0 altsetting 0 has an invalid endpoint descriptor of length 3, skipping
[  571.854086][ T5822] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 6
[  572.045586][ T5822] usb 6-1: config index 1 descriptor too short (expected 64754, got 72)
[  572.055471][ T5822] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  572.137603][ T5822] usb 6-1: config 1 interface 0 altsetting 0 has an invalid endpoint descriptor of length 3, skipping
[  572.259980][   T29] audit: type=1400 audit(1737437399.838:892): avc:  denied  { ioctl } for  pid=12186 comm="syz.1.1608" path="socket:[33193]" dev="sockfs" ino=33193 ioctlcmd=0x8903 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  572.298064][ T5822] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 6
[  573.439020][   T29] audit: type=1400 audit(1737437401.018:893): avc:  denied  { cmd } for  pid=12177 comm="syz.3.1606" path="socket:[32192]" dev="sockfs" ino=32192 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  573.601105][T12194] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  573.863275][ T5826] Bluetooth: hci4: Malformed Event: 0x02
[  574.328120][ T5822] usb 6-1: string descriptor 0 read error: -71
[  574.335158][ T5822] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  574.346866][T12158] batadv_slave_1: left promiscuous mode
[  574.496564][ T5822] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  574.547981][ T5822] usb 6-1: can't set config #1, error -71
[  574.560093][ T5822] usb 6-1: USB disconnect, device number 9
[  575.428659][   T29] audit: type=1400 audit(1737437402.398:894): avc:  denied  { map } for  pid=12204 comm="syz.2.1612" path="/dev/dri/card0" dev="devtmpfs" ino=627 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  575.717729][   T29] audit: type=1400 audit(1737437402.398:895): avc:  denied  { execute } for  pid=12204 comm="syz.2.1612" path="/dev/dri/card0" dev="devtmpfs" ino=627 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  575.790839][T12215] delete_channel: no stack
[  575.811902][T12215] delete_channel: no stack
[  575.993715][   T29] audit: type=1400 audit(1737437403.538:896): avc:  denied  { relabelfrom } for  pid=12216 comm="syz.3.1616" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  576.029110][T12224] netlink: 5 bytes leftover after parsing attributes in process `syz.2.1617'.
[  576.031088][   T29] audit: type=1400 audit(1737437403.538:897): avc:  denied  { relabelto } for  pid=12216 comm="syz.3.1616" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  576.040078][T12222] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1618'.
[  576.368806][T12230] input: syz1 as /devices/virtual/input/input19
[  576.638709][   T29] audit: type=1400 audit(1737437404.218:898): avc:  denied  { ioctl } for  pid=12218 comm="syz.2.1617" path="socket:[33358]" dev="sockfs" ino=33358 ioctlcmd=0x5411 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  576.663524][    C1] vkms_vblank_simulate: vblank timer overrun
[  576.673995][T12224] A link change request failed with some changes committed already. Interface ip_vti0 may have been left with an inconsistent configuration, please check.
[  577.032898][ T5826] Bluetooth: hci2: ACL packet for unknown connection handle 201
[  577.061007][   T29] audit: type=1400 audit(1737437404.558:899): avc:  denied  { setopt } for  pid=12234 comm="syz.1.1619" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  577.117369][   T29] audit: type=1400 audit(1737437404.558:900): avc:  denied  { read } for  pid=12234 comm="syz.1.1619" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  578.078555][T12245] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1621'.
[  578.341179][ T5920] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[  578.505588][ T5920] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  578.571382][ T5920] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  578.602161][ T5920] usb 2-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00
[  578.759480][ T5920] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  578.771698][ T5920] usb 2-1: config 0 descriptor??
[  578.887818][ T5864] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  579.724927][ T5864] usb 3-1: Using ep0 maxpacket: 32
[  579.745019][ T5864] usb 3-1: unable to get BOS descriptor or descriptor too short
[  580.680561][ T5864] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 1024, setting to 64
[  580.697137][ T5864] usb 3-1: New USB device found, idVendor=0123, idProduct=0001, bcdDevice=4a.fe
[  580.707123][ T5864] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  580.715921][ T5864] usb 3-1: Product: syz
[  580.720324][ T5864] usb 3-1: Manufacturer: syz
[  580.741000][ T5864] usb 3-1: SerialNumber: syz
[  580.759828][ T5864] usb 3-1: config 0 descriptor??
[  580.906336][ T5920] usbhid 2-1:0.0: can't add hid device: -71
[  580.915364][ T5920] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  580.921391][ T5822] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  580.925202][ T5920] usb 2-1: USB disconnect, device number 36
[  581.084834][T12251] netlink: 'syz.2.1624': attribute type 8 has an invalid length.
[  581.305453][ T5822] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  581.323173][ T5864] input: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input20
[  581.339379][ T5822] usb 4-1: config 1 has an invalid descriptor of length 51, skipping remainder of the config
[  581.358265][ T5822] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[  581.396353][ T5822] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 227, changing to 7
[  581.427967][ T5822] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 58664, setting to 1024
[  581.677078][ T5864] usb 3-1: USB disconnect, device number 27
[  581.698130][ T5822] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  581.714978][ T5822] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  581.734148][ T5822] usb 4-1: Product: syz
[  581.738353][ T5822] usb 4-1: Manufacturer: syz
[  581.766517][ T5822] cdc_wdm 4-1:1.0: skipping garbage
[  581.771932][ T5822] cdc_wdm 4-1:1.0: skipping garbage
[  581.807380][ T5822] cdc_wdm 4-1:1.0: probe with driver cdc_wdm failed with error -22
[  582.010082][ T5920] usb 4-1: USB disconnect, device number 27
[  582.451058][ T5920] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  582.624050][ T5920] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  582.641291][ T5920] usb 4-1: config 1 has an invalid descriptor of length 51, skipping remainder of the config
[  582.672623][ T5920] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[  583.039003][ T5920] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 227, changing to 7
[  583.061027][ T5920] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 58664, setting to 1024
[  583.092792][ T5920] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  583.121065][ T5920] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  583.129426][ T5920] usb 4-1: Product: syz
[  583.190965][ T5920] usb 4-1: Manufacturer: syz
[  583.204250][ T5920] cdc_wdm 4-1:1.0: skipping garbage
[  583.209545][ T5920] cdc_wdm 4-1:1.0: skipping garbage
[  583.258306][ T5920] cdc_wdm 4-1:1.0: probe with driver cdc_wdm failed with error -22
[  583.293997][ T5920] usb 4-1: USB disconnect, device number 28
[  586.199731][T12308] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  587.030419][   T29] audit: type=1400 audit(1737437414.608:901): avc:  denied  { module_load } for  pid=12320 comm="syz.0.1643" path="/sys/power/wakeup_count" dev="sysfs" ino=1388 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=system permissive=1
[  587.757414][   T29] audit: type=1400 audit(1737437415.318:902): avc:  denied  { call } for  pid=12320 comm="syz.0.1643" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  587.960022][T12322] syz.0.1643 (12322): drop_caches: 2
[  588.345591][T12341] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(7)
[  588.352165][T12341] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  589.152980][T12341] vhci_hcd vhci_hcd.0: Device attached
[  589.421351][ T5864] usb 43-1: new low-speed USB device number 2 using vhci_hcd
[  589.575254][T12342] vhci_hcd: connection reset by peer
[  589.588406][ T4148] vhci_hcd: stop threads
[  589.614521][ T4148] vhci_hcd: release socket
[  589.621207][ T5863] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  589.623203][ T4148] vhci_hcd: disconnect device
[  589.864458][ T5863] usb 4-1: device descriptor read/64, error -71
[  590.491063][ T5863] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  591.432605][ T5863] usb 4-1: device descriptor read/64, error -71
[  592.301892][ T5863] usb usb4-port1: attempt power cycle
[  593.038676][   T29] audit: type=1400 audit(1737437420.508:903): avc:  denied  { nlmsg_read } for  pid=12387 comm="syz.0.1659" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  593.059299][    C1] vkms_vblank_simulate: vblank timer overrun
[  594.631123][ T5864] vhci_hcd: vhci_device speed not set
[  594.890559][ T5920] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[  595.061281][ T5920] usb 4-1: Using ep0 maxpacket: 32
[  595.061895][T12401] overlayfs: conflicting options: userxattr,redirect_dir=on
[  595.087275][ T5920] usb 4-1: config 1 has an invalid interface number: 32 but max is 0
[  595.106376][ T5920] usb 4-1: config 1 has no interface number 0
[  595.124601][ T5920] usb 4-1: config 1 interface 32 altsetting 2 bulk endpoint 0x5 has invalid maxpacket 1024
[  595.182498][ T5920] usb 4-1: config 1 interface 32 has no altsetting 0
[  595.196830][ T5920] usb 4-1: New USB device found, idVendor=2013, idProduct=025c, bcdDevice=51.ba
[  595.207414][ T5920] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  595.224716][ T5920] usb 4-1: Product: syz
[  595.249417][ T5920] usb 4-1: Manufacturer: syz
[  595.290012][ T5920] usb 4-1: SerialNumber: syz
[  595.346501][T12410] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  595.917541][ T5920] dvb-usb: found a 'PCTV 2002e' in cold state, will try to load a firmware
[  596.042198][ T5863] usb 1-1: new high-speed USB device number 34 using dummy_hcd
[  596.217928][ T5920] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  596.231864][ T5920] dib0700: firmware download failed at 7 with -22
[  596.331442][ T5920] usb 4-1: USB disconnect, device number 32
[  596.359086][ T5863] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  596.504138][ T5863] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  596.545091][ T5863] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  596.581090][ T5863] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  596.693962][ T5863] usb 1-1: config 0 descriptor??
[  596.757286][T12440] FAULT_INJECTION: forcing a failure.
[  596.757286][T12440] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  596.770482][T12440] CPU: 0 UID: 0 PID: 12440 Comm: syz.2.1675 Not tainted 6.13.0-syzkaller #0
[  596.779155][T12440] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  596.789204][T12440] Call Trace:
[  596.792478][T12440]  <TASK>
[  596.795418][T12440]  dump_stack_lvl+0x16c/0x1f0
[  596.800118][T12440]  should_fail_ex+0x497/0x5b0
[  596.804799][T12440]  _copy_from_user+0x2e/0xd0
[  596.809378][T12440]  move_addr_to_kernel+0x68/0x160
[  596.814397][T12440]  __sys_connect+0xb0/0x170
[  596.818892][T12440]  ? __pfx___sys_connect+0x10/0x10
[  596.824003][T12440]  ? __pfx_ksys_write+0x10/0x10
[  596.828852][T12440]  __x64_sys_connect+0x72/0xb0
[  596.833607][T12440]  ? lockdep_hardirqs_on+0x7c/0x110
[  596.838807][T12440]  do_syscall_64+0xcd/0x250
[  596.843307][T12440]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  596.849193][T12440] RIP: 0033:0x7f4a14785d29
[  596.853596][T12440] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  596.873194][T12440] RSP: 002b:00007f4a155d7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  596.881624][T12440] RAX: ffffffffffffffda RBX: 00007f4a14976080 RCX: 00007f4a14785d29
[  596.889594][T12440] RDX: 000000000000001e RSI: 0000000020000400 RDI: 0000000000000006
[  596.897586][T12440] RBP: 00007f4a155d7090 R08: 0000000000000000 R09: 0000000000000000
[  596.905554][T12440] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  596.913514][T12440] R13: 0000000000000000 R14: 00007f4a14976080 R15: 00007ffc028a6688
[  596.921486][T12440]  </TASK>
[  596.968788][T12440] overlayfs: workdir and upperdir must be separate subtrees
[  597.347744][   T29] audit: type=1400 audit(1737437424.918:904): avc:  denied  { getopt } for  pid=12442 comm="syz.1.1677" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  597.527342][T12451] binder: 12442:12451 ioctl c0306201 200003c0 returned -14
[  597.640053][T12451] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1677'.
[  597.649607][T12451] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1677'.
[  597.759319][T12451] vxcan3: entered promiscuous mode
[  597.888105][T12443] binder: 12442:12443 ioctl c0306201 0 returned -14
[  597.896958][   T29] audit: type=1400 audit(1737437425.458:905): avc:  denied  { getopt } for  pid=12454 comm="syz.2.1681" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  598.049530][T12459] FAULT_INJECTION: forcing a failure.
[  598.049530][T12459] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  598.062938][T12459] CPU: 1 UID: 0 PID: 12459 Comm: syz.1.1682 Not tainted 6.13.0-syzkaller #0
[  598.071629][T12459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  598.081675][T12459] Call Trace:
[  598.084945][T12459]  <TASK>
[  598.087868][T12459]  dump_stack_lvl+0x16c/0x1f0
[  598.092533][T12459]  should_fail_ex+0x497/0x5b0
[  598.097216][T12459]  _copy_from_user+0x2e/0xd0
[  598.101809][T12459]  copy_msghdr_from_user+0x99/0x160
[  598.107008][T12459]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  598.112829][T12459]  ___sys_sendmsg+0xff/0x1e0
[  598.117433][T12459]  ? __pfx____sys_sendmsg+0x10/0x10
[  598.122647][T12459]  ? __pfx_lock_release+0x10/0x10
[  598.127666][T12459]  ? trace_lock_acquire+0x14e/0x1f0
[  598.132863][T12459]  ? __fget_files+0x206/0x3a0
[  598.137528][T12459]  __sys_sendmsg+0x16e/0x220
[  598.142220][T12459]  ? __pfx___sys_sendmsg+0x10/0x10
[  598.147428][T12459]  do_syscall_64+0xcd/0x250
[  598.151922][T12459]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  598.157808][T12459] RIP: 0033:0x7f0bfb385d29
[  598.162228][T12459] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  598.181835][T12459] RSP: 002b:00007f0bfc278038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  598.190255][T12459] RAX: ffffffffffffffda RBX: 00007f0bfb575fa0 RCX: 00007f0bfb385d29
[  598.198216][T12459] RDX: 0000000000000000 RSI: 0000000020001240 RDI: 0000000000000003
[  598.206174][T12459] RBP: 00007f0bfc278090 R08: 0000000000000000 R09: 0000000000000000
[  598.214463][T12459] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  598.222421][T12459] R13: 0000000000000000 R14: 00007f0bfb575fa0 R15: 00007ffde34f3268
[  598.230402][T12459]  </TASK>
[  598.401612][ T5822] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  598.468194][ T5863] uclogic 0003:256C:006D.001C: v1 frame probing failed: -71
[  598.476222][ T5863] uclogic 0003:256C:006D.001C: failed probing parameters: -71
[  598.484845][ T5863] uclogic 0003:256C:006D.001C: probe with driver uclogic failed with error -71
[  598.502175][ T5863] usb 1-1: USB disconnect, device number 34
[  598.572298][ T5822] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  598.588433][ T5822] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a0, bcdDevice=cf.b2
[  598.616316][ T5822] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  598.690097][ T5822] usb 3-1: Product: syz
[  598.699646][ T5822] usb 3-1: Manufacturer: syz
[  598.801932][ T5822] usb 3-1: SerialNumber: syz
[  598.821859][ T5822] usb 3-1: config 0 descriptor??
[  598.829172][ T5822] usbtest 3-1:0.0: couldn't get endpoints, -22
[  598.896050][T12466] fuse: Bad value for 'fd'
[  599.784619][ T5822] usbtest 3-1:0.0: probe with driver usbtest failed with error -22
[  600.151672][   T29] audit: type=1400 audit(1737437427.698:906): avc:  denied  { name_bind } for  pid=12464 comm="syz.3.1684" src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1
[  600.268455][ T5826] Bluetooth: hci4: unexpected event for opcode 0x0c1b
[  600.306738][T12474] tls_set_device_offload_rx: netdev not found
[  600.402078][ T5864] usb 3-1: USB disconnect, device number 28
[  601.387123][T12492] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1688'.
[  601.454810][T12492] sg_write: process 1249 (syz.3.1688) changed security contexts after opening file descriptor, this is not allowed.
[  601.632911][T12507] fuse: Invalid rootmode
[  601.651170][T12509] netlink: 264 bytes leftover after parsing attributes in process `syz.1.1689'.
[  601.710336][   T29] audit: type=1400 audit(1737437429.288:907): avc:  denied  { create } for  pid=12503 comm="syz.0.1692" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  601.762854][   T29] audit: type=1400 audit(1737437429.288:908): avc:  denied  { read } for  pid=12503 comm="syz.0.1692" dev="nsfs" ino=4026533361 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  601.785647][   T29] audit: type=1400 audit(1737437429.288:909): avc:  denied  { open } for  pid=12503 comm="syz.0.1692" path="net:[4026533361]" dev="nsfs" ino=4026533361 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  601.808875][    C1] vkms_vblank_simulate: vblank timer overrun
[  601.869570][   T29] audit: type=1400 audit(1737437429.288:910): avc:  denied  { create } for  pid=12503 comm="syz.0.1692" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  601.889059][    C1] vkms_vblank_simulate: vblank timer overrun
[  601.966581][T12518] xt_CT: You must specify a L4 protocol and not use inversions on it
[  602.151280][   T29] audit: type=1400 audit(1737437429.348:911): avc:  denied  { read } for  pid=12503 comm="syz.0.1692" name="iommu" dev="devtmpfs" ino=624 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  602.173822][    C1] vkms_vblank_simulate: vblank timer overrun
[  602.189273][   T29] audit: type=1400 audit(1737437429.348:912): avc:  denied  { open } for  pid=12503 comm="syz.0.1692" path="/dev/iommu" dev="devtmpfs" ino=624 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  602.219512][T12527] evm: overlay not supported
[  602.236613][T12517] kvm: Disabled LAPIC found during irq injection
[  602.272316][   T29] audit: type=1400 audit(1737437429.348:913): avc:  denied  { ioctl } for  pid=12503 comm="syz.0.1692" path="/dev/iommu" dev="devtmpfs" ino=624 ioctlcmd=0x3b81 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  602.272558][   T29] audit: type=1400 audit(1737437429.368:914): avc:  denied  { execmem } for  pid=12503 comm="syz.0.1692" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  602.272807][   T29] audit: type=1400 audit(1737437429.368:915): avc:  denied  { append } for  pid=5172 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=9 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  603.671037][ T5822] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  603.812732][ T5920] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[  604.691006][ T5822] usb 3-1: Using ep0 maxpacket: 32
[  604.702202][ T5822] usb 3-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92
[  604.840985][ T5920] usb 4-1: Using ep0 maxpacket: 16
[  604.848284][ T5920] usb 4-1: config 1 interface 0 altsetting 5 bulk endpoint 0x82 has invalid maxpacket 32
[  604.881184][ T5920] usb 4-1: config 1 interface 0 has no altsetting 0
[  605.274078][   T29] kauditd_printk_skb: 67 callbacks suppressed
[  605.274111][   T29] audit: type=1400 audit(1737437432.578:983): avc:  denied  { create } for  pid=12553 comm="syz.1.1707" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  605.305764][ T5822] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  605.355911][T12558] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  605.355986][T12557] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  605.365282][ T5920] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  605.385137][   T29] audit: type=1400 audit(1737437432.698:984): avc:  denied  { write } for  pid=12553 comm="syz.1.1707" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  605.409789][ T5822] usb 3-1: config 0 descriptor??
[  605.411699][ T5920] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  605.423269][ T5920] usb 4-1: Product: syz
[  605.426862][   T29] audit: type=1400 audit(1737437432.848:985): avc:  denied  { create } for  pid=12553 comm="syz.1.1707" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  605.427498][ T5920] usb 4-1: Manufacturer: syz
[  605.452640][ T5920] usb 4-1: SerialNumber: syz
[  605.453314][ T5822] gspca_main: nw80x-2.14.0 probing 055f:d001
[  605.459839][T12547] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  605.486573][   T29] audit: type=1400 audit(1737437432.858:986): avc:  denied  { connect } for  pid=12553 comm="syz.1.1707" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  605.506232][    C1] vkms_vblank_simulate: vblank timer overrun
[  605.514356][   T29] audit: type=1400 audit(1737437432.898:987): avc:  denied  { setopt } for  pid=12555 comm="syz.0.1708" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  605.749153][   T29] audit: type=1400 audit(1737437433.328:988): avc:  denied  { create } for  pid=12563 comm="syz.5.1709" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  605.770490][   T29] audit: type=1400 audit(1737437433.328:989): avc:  denied  { write } for  pid=12563 comm="syz.5.1709" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  605.790197][    C1] vkms_vblank_simulate: vblank timer overrun
[  605.816990][   T29] audit: type=1400 audit(1737437433.358:990): avc:  denied  { listen } for  pid=12567 comm="syz.0.1710" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  605.990591][   T29] audit: type=1400 audit(1737437433.358:991): avc:  denied  { accept } for  pid=12567 comm="syz.0.1710" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  606.010793][   T29] audit: type=1400 audit(1737437433.358:992): avc:  denied  { map } for  pid=12567 comm="syz.0.1710" path="socket:[35327]" dev="sockfs" ino=35327 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  606.035446][T12575] 9pnet_fd: Insufficient options for proto=fd
[  606.043855][ T5920] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -71
[  606.064147][ T5920] usb 4-1: USB disconnect, device number 33
[  606.832808][ T5822] gspca_nw80x: reg_w err -110
[  606.837596][ T5822] nw80x 3-1:0.0: probe with driver nw80x failed with error -110
[  606.991124][T11137] usb 1-1: new high-speed USB device number 35 using dummy_hcd
[  607.234799][T12544] xs_local_setup_socket: unhandled error (13) connecting to /var/run/rpcbind.sock
[  607.401041][T11137] usb 1-1: Using ep0 maxpacket: 32
[  607.416065][T11137] usb 1-1: config 0 has an invalid interface number: 207 but max is 0
[  607.442682][T11137] usb 1-1: config 0 has no interface number 0
[  607.487021][T11137] usb 1-1: New USB device found, idVendor=0f3d, idProduct=68a3, bcdDevice=c3.e8
[  607.512574][T11137] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  607.545652][T11137] usb 1-1: Product: syz
[  607.559055][T11137] usb 1-1: Manufacturer: syz
[  607.564170][ T5920] usb 3-1: USB disconnect, device number 29
[  607.649540][T11137] usb 1-1: SerialNumber: syz
[  607.974676][T11137] usb 1-1: config 0 descriptor??
[  608.044480][T11137] sierra 1-1:0.207: Sierra USB modem converter detected
[  608.387280][T11137] usb 1-1: Sierra USB modem converter now attached to ttyUSB0
[  608.704533][T12607] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  609.164703][T11137] usb 1-1: USB disconnect, device number 35
[  609.172025][T11137] sierra ttyUSB0: Sierra USB modem converter now disconnected from ttyUSB0
[  609.180813][T11137] sierra 1-1:0.207: device disconnected
[  609.273804][T12610] tc_dump_action: action bad kind
[  609.321241][ T5866] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  609.751526][T12621] netlink: 39 bytes leftover after parsing attributes in process `syz.3.1724'.
[  609.869118][ T5866] usb 2-1: Using ep0 maxpacket: 16
[  609.964851][ T5866] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 238, changing to 11
[  610.182473][ T5863] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  610.266986][ T5866] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  610.283965][ T5866] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00
[  610.293311][ T5866] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  610.315966][ T5866] usb 2-1: config 0 descriptor??
[  610.578298][T12606] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  610.597881][ T5863] usb 4-1: unable to get BOS descriptor or descriptor too short
[  610.627752][ T5863] usb 4-1: unable to read config index 0 descriptor/start: -71
[  610.631260][T12606] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  610.642605][ T5863] usb 4-1: can't read configurations, error -71
[  611.295631][   T29] kauditd_printk_skb: 33 callbacks suppressed
[  611.295649][   T29] audit: type=1400 audit(1737437438.878:1026): avc:  denied  { execute } for  pid=12631 comm="syz.2.1729" path="/358/cpu.stat" dev="tmpfs" ino=1947 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  611.325220][    C1] vkms_vblank_simulate: vblank timer overrun
[  611.346277][   T29] audit: type=1400 audit(1737437438.928:1027): avc:  denied  { create } for  pid=12631 comm="syz.2.1729" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  611.368354][   T29] audit: type=1400 audit(1737437438.928:1028): avc:  denied  { connect } for  pid=12631 comm="syz.2.1729" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  611.391003][T12637] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  611.399480][   T29] audit: type=1400 audit(1737437438.928:1029): avc:  denied  { bind } for  pid=12631 comm="syz.2.1729" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  611.399614][T12637] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  611.422831][   T29] audit: type=1400 audit(1737437438.928:1030): avc:  denied  { write } for  pid=12631 comm="syz.2.1729" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  611.466861][T12634] qrtr: Invalid version 0
[  611.473732][   T29] audit: type=1400 audit(1737437438.928:1031): avc:  denied  { read } for  pid=12631 comm="syz.2.1729" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  611.672228][ T5866] kovaplus 0003:1E7D:2D50.001D: item fetching failed at offset 0/3
[  611.695585][ T5866] kovaplus 0003:1E7D:2D50.001D: parse failed
[  611.710009][ T5866] kovaplus 0003:1E7D:2D50.001D: probe with driver kovaplus failed with error -22
[  612.846320][   T29] audit: type=1400 audit(1737437440.428:1032): avc:  denied  { wake_alarm } for  pid=12646 comm="syz.3.1733" capability=35  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  612.991436][   T29] audit: type=1400 audit(1737437440.568:1033): avc:  denied  { ioctl } for  pid=12651 comm="syz.5.1732" path="socket:[35625]" dev="sockfs" ino=35625 ioctlcmd=0xf509 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  613.163428][T12654] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  613.373719][   T29] audit: type=1400 audit(1737437440.788:1034): avc:  denied  { append } for  pid=12651 comm="syz.5.1732" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  613.572787][ T3070] usb 2-1: USB disconnect, device number 38
[  613.653093][   T29] audit: type=1400 audit(1737437441.178:1035): avc:  denied  { append } for  pid=12653 comm="syz.3.1735" name="dlm-control" dev="devtmpfs" ino=94 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  615.562186][T12675] fuse: Bad value for 'fd'
[  616.517021][T12687] fuse: Bad value for 'fd'
[  618.329549][   T29] kauditd_printk_skb: 16 callbacks suppressed
[  618.329565][   T29] audit: type=1400 audit(1737437445.904:1052): avc:  denied  { unmount } for  pid=5818 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  618.362490][T12691] Trying to write to read-only block-device nullb0
[  618.442422][   T29] audit: type=1400 audit(1737437445.944:1053): avc:  denied  { read write } for  pid=12690 comm="syz.5.1743" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  618.533264][   T29] audit: type=1400 audit(1737437445.944:1054): avc:  denied  { open } for  pid=12690 comm="syz.5.1743" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  618.650779][   T29] audit: type=1400 audit(1737437445.944:1055): avc:  denied  { map } for  pid=12690 comm="syz.5.1743" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  618.675322][T12700] qrtr: Invalid version 0
[  618.745006][   T29] audit: type=1400 audit(1737437445.944:1056): avc:  denied  { execute } for  pid=12690 comm="syz.5.1743" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  618.807653][   T29] audit: type=1400 audit(1737437445.944:1057): avc:  denied  { ioctl } for  pid=12690 comm="syz.5.1743" path="/dev/nullb0" dev="devtmpfs" ino=696 ioctlcmd=0x125d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  618.923355][   T29] audit: type=1400 audit(1737437446.194:1058): avc:  denied  { sys_module } for  pid=12690 comm="syz.5.1743" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  618.981512][   T29] audit: type=1400 audit(1737437446.224:1059): avc:  denied  { create } for  pid=12693 comm="syz.2.1745" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  619.019402][   T29] audit: type=1400 audit(1737437446.224:1060): avc:  denied  { write } for  pid=12693 comm="syz.2.1745" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  619.085182][   T29] audit: type=1400 audit(1737437446.224:1061): avc:  denied  { read } for  pid=12693 comm="syz.2.1745" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  619.847519][T12713] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  620.034857][T12703] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  621.276670][T12722] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  622.657031][T12739] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1753'.
[  623.200076][T12745] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1755'.
[  623.209117][T12745] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1755'.
[  623.218154][T12745] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1755'.
[  624.159134][T12754] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1757'.
[  624.215522][T12754] bridge2: entered promiscuous mode
[  624.301560][ T1290] ieee802154 phy0 wpan0: encryption failed: -22
[  624.307909][ T1290] ieee802154 phy1 wpan1: encryption failed: -22
[  625.148979][   T29] kauditd_printk_skb: 14 callbacks suppressed
[  625.149009][   T29] audit: type=1400 audit(1737437452.694:1076): avc:  denied  { create } for  pid=12758 comm="syz.1.1759" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_scsitransport_socket permissive=1
[  625.507505][   T29] audit: type=1400 audit(1737437453.084:1077): avc:  denied  { ioctl } for  pid=12765 comm="syz.1.1760" path="socket:[35925]" dev="sockfs" ino=35925 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  626.598769][   T29] audit: type=1400 audit(1737437454.174:1078): avc:  denied  { read } for  pid=12780 comm="syz.3.1764" name="rtc0" dev="devtmpfs" ino=921 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  627.439474][T12788] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  627.636515][   T29] audit: type=1400 audit(1737437454.174:1079): avc:  denied  { open } for  pid=12780 comm="syz.3.1764" path="/dev/rtc0" dev="devtmpfs" ino=921 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  627.660101][    C0] vkms_vblank_simulate: vblank timer overrun
[  627.867481][   T29] audit: type=1400 audit(1737437455.374:1080): avc:  denied  { ioctl } for  pid=12780 comm="syz.3.1764" path="/dev/rtc0" dev="devtmpfs" ino=921 ioctlcmd=0x7007 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  627.892534][    C0] vkms_vblank_simulate: vblank timer overrun
[  629.949930][ T5864] libceph: connect (1)[c::]:6789 error -101
[  630.079215][ T5864] libceph: mon0 (1)[c::]:6789 connect error
[  630.117473][   T29] audit: type=1400 audit(1737437457.694:1081): avc:  denied  { execute } for  pid=12822 comm="syz.3.1774" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=36104 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[  630.143797][    C0] vkms_vblank_simulate: vblank timer overrun
[  630.378288][ T5864] libceph: connect (1)[c::]:6789 error -101
[  630.389163][ T5864] libceph: mon0 (1)[c::]:6789 connect error
[  630.518898][T12819] ceph: No mds server is up or the cluster is laggy
[  630.796614][   T29] audit: type=1400 audit(1737437458.044:1082): avc:  denied  { create } for  pid=12826 comm="syz.0.1773" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  632.019595][   T29] audit: type=1400 audit(1737437458.044:1083): avc:  denied  { setopt } for  pid=12826 comm="syz.0.1773" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  632.039209][    C0] vkms_vblank_simulate: vblank timer overrun
[  632.129026][   T29] audit: type=1400 audit(1737437458.044:1084): avc:  denied  { bind } for  pid=12826 comm="syz.0.1773" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  632.205298][   T29] audit: type=1400 audit(1737437458.054:1085): avc:  denied  { create } for  pid=12826 comm="syz.0.1773" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  632.228564][T12850] netlink: 52 bytes leftover after parsing attributes in process `syz.3.1779'.
[  632.237766][T12850] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1779'.
[  632.271738][   T29] audit: type=1400 audit(1737437458.054:1086): avc:  denied  { bind } for  pid=12826 comm="syz.0.1773" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  632.292220][   T29] audit: type=1400 audit(1737437458.114:1087): avc:  denied  { setopt } for  pid=12826 comm="syz.0.1773" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  632.691112][T12855] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  634.227042][   T29] audit: type=1400 audit(1737437461.804:1088): avc:  denied  { ioctl } for  pid=12873 comm="syz.2.1783" path="socket:[36249]" dev="sockfs" ino=36249 ioctlcmd=0x48d2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  634.315006][   T29] audit: type=1400 audit(1737437461.804:1089): avc:  denied  { read } for  pid=12873 comm="syz.2.1783" name="ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  634.388651][   T29] audit: type=1400 audit(1737437461.804:1090): avc:  denied  { open } for  pid=12873 comm="syz.2.1783" path="/dev/ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  634.451081][   T29] audit: type=1400 audit(1737437461.804:1091): avc:  denied  { connect } for  pid=12872 comm="syz.5.1784" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  635.441031][ T5863] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[  635.591443][ T5863] usb 2-1: Using ep0 maxpacket: 8
[  635.597799][ T5863] usb 2-1: config 7 has an invalid interface number: 243 but max is 0
[  635.612402][ T5863] usb 2-1: config 7 has no interface number 0
[  635.618916][ T5863] usb 2-1: config 7 interface 243 has no altsetting 0
[  635.632158][ T5863] usb 2-1: New USB device found, idVendor=0733, idProduct=0430, bcdDevice=bf.68
[  635.642116][ T5863] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  635.650169][ T5863] usb 2-1: Product: syz
[  635.655161][ T5863] usb 2-1: Manufacturer: syz
[  635.659932][ T5863] usb 2-1: SerialNumber: syz
[  636.216928][T12900] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1789'.
[  636.470997][ T5820] Bluetooth: hci1: command 0x0405 tx timeout
[  636.497638][T12907] netlink: 168 bytes leftover after parsing attributes in process `syz.3.1789'.
[  636.579534][T12906] netlink: 'syz.0.1791': attribute type 5 has an invalid length.
[  637.204630][ T5863] gspca_main: spca505-2.14.0 probing 0733:0430
[  637.554428][ T5863] gspca_spca505: reg write: error -71
[  637.589777][ T5863] spca505 2-1:7.243: probe with driver spca505 failed with error -5
[  637.677064][ T5863] usb 2-1: USB disconnect, device number 39
[  637.965570][T12926] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1794'.
[  637.974651][T12926] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1794'.
[  639.088462][ T3070] libceph: connect (1)[c::]:6789 error -101
[  639.095263][ T3070] libceph: mon0 (1)[c::]:6789 connect error
[  639.383707][ T3070] libceph: connect (1)[c::]:6789 error -101
[  639.497755][ T3070] libceph: mon0 (1)[c::]:6789 connect error
[  639.521067][ T5864] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[  639.563016][T12940] ceph: No mds server is up or the cluster is laggy
[  639.938431][T12952] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1802'.
[  640.080926][ T5864] usb 3-1: Using ep0 maxpacket: 32
[  640.316295][ T5864] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 9574, setting to 1024
[  640.328719][ T5864] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  640.340715][ T5864] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  641.280735][ T5864] usb 3-1: config 0 descriptor??
[  641.296290][T12936] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  641.306009][ T5864] hub 3-1:0.0: USB hub found
[  641.868450][ T5864] hub 3-1:0.0: config failed, can't read hub descriptor (err -22)
[  641.886729][ T5864] usbhid 3-1:0.0: can't add hid device: -71
[  641.911210][ T5864] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  642.037534][T12982] vcan0: entered allmulticast mode
[  642.043980][ T5864] usb 3-1: USB disconnect, device number 30
[  642.206850][T12984] netlink: 'syz.5.1809': attribute type 1 has an invalid length.
[  642.684406][T12982] vcan0 (unregistering): left allmulticast mode
[  642.691034][ T1199] usb 4-1: new high-speed USB device number 36 using dummy_hcd
[  642.949046][   T29] kauditd_printk_skb: 5 callbacks suppressed
[  642.949064][   T29] audit: type=1400 audit(1737437470.524:1097): avc:  denied  { read } for  pid=12990 comm="syz.2.1812" name="usbmon0" dev="devtmpfs" ino=716 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  642.954420][ T1199] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  642.961032][   T29] audit: type=1400 audit(1737437470.534:1098): avc:  denied  { open } for  pid=12990 comm="syz.2.1812" path="/dev/usbmon0" dev="devtmpfs" ino=716 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  642.978594][ T1199] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  643.082180][T12994] FAULT_INJECTION: forcing a failure.
[  643.082180][T12994] name failslab, interval 1, probability 0, space 0, times 0
[  643.146909][   T29] audit: type=1400 audit(1737437470.574:1099): avc:  denied  { write } for  pid=12990 comm="syz.2.1812" name="usbmon0" dev="devtmpfs" ino=716 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  643.291897][ T1199] usb 4-1: Product: syz
[  643.296207][ T1199] usb 4-1: Manufacturer: syz
[  643.300947][ T1199] usb 4-1: SerialNumber: syz
[  643.306441][T12994] CPU: 0 UID: 0 PID: 12994 Comm: syz.5.1813 Not tainted 6.13.0-syzkaller #0
[  643.315139][T12994] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  643.325212][T12994] Call Trace:
[  643.328489][T12994]  <TASK>
[  643.331429][T12994]  dump_stack_lvl+0x16c/0x1f0
[  643.336135][T12994]  should_fail_ex+0x497/0x5b0
[  643.340811][T12994]  ? fs_reclaim_acquire+0xae/0x150
[  643.345915][T12994]  should_failslab+0xc2/0x120
[  643.350587][T12994]  __kmalloc_noprof+0xcb/0x510
[  643.355343][T12994]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  643.360970][T12994]  tomoyo_realpath_from_path+0xb9/0x720
[  643.366505][T12994]  ? tomoyo_path_number_perm+0x235/0x590
[  643.372124][T12994]  ? tomoyo_path_number_perm+0x235/0x590
[  643.377748][T12994]  tomoyo_path_number_perm+0x248/0x590
[  643.383194][T12994]  ? tomoyo_path_number_perm+0x235/0x590
[  643.388814][T12994]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  643.394801][T12994]  ? __pfx_lock_release+0x10/0x10
[  643.399810][T12994]  ? trace_lock_acquire+0x14e/0x1f0
[  643.405004][T12994]  ? lock_acquire+0x2f/0xb0
[  643.409493][T12994]  ? __fget_files+0x40/0x3a0
[  643.414073][T12994]  ? __fget_files+0x206/0x3a0
[  643.418738][T12994]  security_file_ioctl+0x9b/0x240
[  643.423760][T12994]  __x64_sys_ioctl+0xb7/0x200
[  643.428432][T12994]  do_syscall_64+0xcd/0x250
[  643.432932][T12994]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  643.438817][T12994] RIP: 0033:0x7f1be4b85d29
[  643.443219][T12994] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  643.462815][T12994] RSP: 002b:00007f1be5a8e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  643.471237][T12994] RAX: ffffffffffffffda RBX: 00007f1be4d75fa0 RCX: 00007f1be4b85d29
[  643.479200][T12994] RDX: 0000000020000180 RSI: 00000000400442c8 RDI: 0000000000000006
[  643.487166][T12994] RBP: 00007f1be5a8e090 R08: 0000000000000000 R09: 0000000000000000
[  643.495123][T12994] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  643.503079][T12994] R13: 0000000000000000 R14: 00007f1be4d75fa0 R15: 00007ffed3736098
[  643.511049][T12994]  </TASK>
[  643.514144][    C0] vkms_vblank_simulate: vblank timer overrun
[  643.529689][T12994] ERROR: Out of memory at tomoyo_realpath_from_path.
[  643.550112][ T1199] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  643.659717][T13000] fuse: Bad value for 'fd'
[  644.487380][   T29] audit: type=1400 audit(1737437472.064:1100): avc:  denied  { name_bind } for  pid=13001 comm="syz.5.1815" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1
[  644.545722][ T1199] usb 4-1: USB disconnect, device number 36
[  644.558353][ T5866] usb 4-1: ath9k_htc: Firmware - ath9k_htc/htc_9271-1.4.0.fw download failed
[  645.197482][ T1199] usb 4-1: ath9k_htc: USB layer deinitialized
[  647.383104][   T29] audit: type=1400 audit(1737437474.964:1101): avc:  denied  { map } for  pid=13018 comm="syz.5.1820" path="/dev/fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  647.406677][    C0] vkms_vblank_simulate: vblank timer overrun
[  647.423441][   T29] audit: type=1400 audit(1737437474.964:1102): avc:  denied  { write execute } for  pid=13018 comm="syz.5.1820" path="/dev/fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  648.293797][T13036] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1823'.
[  648.526696][T13019] netlink: 36 bytes leftover after parsing attributes in process `syz.5.1820'.
[  648.538027][T13019] openvswitch: netlink: Flow key attr not present in new flow.
[  648.657601][   T29] audit: type=1400 audit(1737437476.234:1103): avc:  denied  { bind } for  pid=13037 comm="syz.3.1824" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  648.853782][   T29] audit: type=1400 audit(1737437476.234:1104): avc:  denied  { setopt } for  pid=13037 comm="syz.3.1824" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  649.260570][ T5920] usb 1-1: new high-speed USB device number 36 using dummy_hcd
[  649.294802][   T29] audit: type=1400 audit(1737437476.864:1105): avc:  denied  { open } for  pid=13053 comm="syz.5.1827" path="/dev/binderfs/binder0" dev="binder" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  650.064163][   T29] audit: type=1400 audit(1737437476.864:1106): avc:  denied  { ioctl } for  pid=13053 comm="syz.5.1827" path="/dev/binderfs/binder0" dev="binder" ino=13 ioctlcmd=0x620d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  650.276506][ T5920] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  650.292392][   T29] audit: type=1400 audit(1737437476.874:1107): avc:  denied  { set_context_mgr } for  pid=13053 comm="syz.5.1827" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  650.316483][ T5920] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  650.335016][ T5920] usb 1-1: Product: syz
[  650.339247][ T5920] usb 1-1: Manufacturer: syz
[  650.352210][ T5920] usb 1-1: SerialNumber: syz
[  650.362258][ T5920] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  650.388602][   T29] audit: type=1400 audit(1737437477.964:1108): avc:  denied  { getopt } for  pid=13053 comm="syz.5.1827" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  650.486362][T13058] binder: 13053:13058 ioctl c0306201 200003c0 returned -14
[  650.792763][ T3070] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  651.312577][T13076] qrtr: Invalid version 0
[  651.866544][   T29] audit: type=1400 audit(1737437478.864:1109): avc:  denied  { read } for  pid=13065 comm="syz.1.1831" name="uinput" dev="devtmpfs" ino=920 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  651.889808][    C0] vkms_vblank_simulate: vblank timer overrun
[  651.909278][   T29] audit: type=1400 audit(1737437478.864:1110): avc:  denied  { open } for  pid=13065 comm="syz.1.1831" path="/dev/uinput" dev="devtmpfs" ino=920 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  651.941535][ T3070] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[  651.952058][ T3070] ath9k_htc: Failed to initialize the device
[  652.006690][ T3070] usb 1-1: ath9k_htc: USB layer deinitialized
[  652.054810][   T29] audit: type=1400 audit(1737437479.634:1111): avc:  denied  { setopt } for  pid=13080 comm="syz.5.1834" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  652.105666][   T29] audit: type=1400 audit(1737437479.684:1112): avc:  denied  { read } for  pid=13080 comm="syz.5.1834" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  652.108320][ T1199] usb 1-1: USB disconnect, device number 36
[  652.141001][ T5920] usb 2-1: new high-speed USB device number 40 using dummy_hcd
[  652.312478][ T5920] usb 2-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=98.5a
[  652.332708][ T5920] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  652.348694][ T5920] usb 2-1: Product: syz
[  652.357251][ T5920] usb 2-1: Manufacturer: syz
[  652.362081][ T5920] usb 2-1: SerialNumber: syz
[  652.390284][T13089] ip6tnl0: entered promiscuous mode
[  652.400634][T13089] vlan2: entered promiscuous mode
[  652.418514][T13089] ip6tnl0: left promiscuous mode
[  652.611032][ T1199] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  653.133705][T13100] fuse: Bad value for 'fd'
[  653.360110][ T1199] usb 6-1: Using ep0 maxpacket: 32
[  653.375032][ T1199] usb 6-1: unable to get BOS descriptor or descriptor too short
[  653.406380][ T1199] usb 6-1: config 7 has an invalid interface number: 187 but max is 0
[  653.448869][ T1199] usb 6-1: config 7 has no interface number 0
[  653.477122][ T1199] usb 6-1: config 7 interface 187 has no altsetting 0
[  653.547820][ T1199] usb 6-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice=5a.bb
[  653.601580][ T1199] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  653.858560][ T1199] usb 6-1: Product: syz
[  654.225283][ T5920] usb 2-1: Firmware version (0.0) predates our first public release.
[  654.630930][ T1199] usb 6-1: Manufacturer: syz
[  654.635571][ T1199] usb 6-1: SerialNumber: syz
[  654.654569][ T5820] Bluetooth: hci1: command 0x0405 tx timeout
[  655.034294][ T5920] usb 2-1: Please update to version 0.2 or newer
[  655.565482][T13117] netlink: 39 bytes leftover after parsing attributes in process `syz.0.1846'.
[  655.582645][ T5920] usb 2-1: USB disconnect, device number 40
[  655.681888][ T1199] usb 6-1: Cannot retrieve CPort count: -71
[  655.691902][ T1199] usb 6-1: Cannot retrieve CPort count: -71
[  655.697880][ T1199] es2_ap_driver 6-1:7.187: probe with driver es2_ap_driver failed with error -71
[  655.749799][ T1199] usb 6-1: USB disconnect, device number 10
[  655.781629][T13123] qrtr: Invalid version 0
[  655.841399][   T29] audit: type=1400 audit(1737437483.414:1113): avc:  denied  { read append } for  pid=13125 comm="syz.0.1850" name="sg0" dev="devtmpfs" ino=725 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  655.867774][T13129] bridge0: port 2(bridge_slave_1) entered disabled state
[  655.875262][T13129] bridge0: port 1(bridge_slave_0) entered disabled state
[  655.875769][   T29] audit: type=1400 audit(1737437483.414:1114): avc:  denied  { open } for  pid=13125 comm="syz.0.1850" path="/dev/sg0" dev="devtmpfs" ino=725 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  656.091125][ T5864] usb 4-1: new high-speed USB device number 37 using dummy_hcd
[  656.138980][   T29] audit: type=1400 audit(1737437483.694:1115): avc:  denied  { create } for  pid=13134 comm="syz.0.1855" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  656.139218][ T5863] usb 3-1: new low-speed USB device number 31 using dummy_hcd
[  656.201634][   T29] audit: type=1400 audit(1737437483.694:1116): avc:  denied  { sqpoll } for  pid=13134 comm="syz.0.1855" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  656.215950][T13138] netlink: 'syz.5.1854': attribute type 32 has an invalid length.
[  656.252691][ T5864] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  656.270184][ T5864] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  656.291633][ T5864] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  656.301046][ T5863] usb 3-1: device descriptor read/64, error -71
[  656.318174][ T5864] usb 4-1: config 0 descriptor??
[  656.325270][ T5864] pwc: Askey VC010 type 2 USB webcam detected.
[  656.545269][ T5864] pwc: send_video_command error -71
[  656.547203][   T29] audit: type=1400 audit(1737437484.124:1117): avc:  denied  { getopt } for  pid=13142 comm="syz.5.1856" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  656.550554][ T5864] pwc: Failed to set video mode CIF@30 fps; return code = -71
[  656.570231][    C0] vkms_vblank_simulate: vblank timer overrun
[  656.598565][ T5863] usb 3-1: new low-speed USB device number 32 using dummy_hcd
[  656.628003][ T5864] Philips webcam 4-1:0.0: probe with driver Philips webcam failed with error -71
[  656.687833][ T5864] usb 4-1: USB disconnect, device number 37
[  656.751465][ T5863] usb 3-1: device descriptor read/64, error -71
[  656.863405][ T5863] usb usb3-port1: attempt power cycle
[  657.351128][ T5863] usb 3-1: new low-speed USB device number 33 using dummy_hcd
[  657.401607][ T5863] usb 3-1: device descriptor read/8, error -71
[  657.651058][ T5863] usb 3-1: new low-speed USB device number 34 using dummy_hcd
[  657.723296][ T5863] usb 3-1: device descriptor read/8, error -71
[  657.888681][ T5863] usb usb3-port1: unable to enumerate USB device
[  657.974760][   T29] audit: type=1400 audit(1737437485.554:1118): avc:  denied  { write } for  pid=13167 comm="syz.1.1866" path="/dev/vhci" dev="devtmpfs" ino=1268 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[  657.978817][ T5826] Bluetooth: hci2: ACL packet for unknown connection handle 201
[  658.029647][T13169] openvswitch: netlink: ufid size 20 bytes exceeds the range (1, 16)
[  658.061052][   T29] audit: type=1400 audit(1737437485.604:1119): avc:  denied  { setopt } for  pid=13160 comm="syz.3.1864" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  658.096941][T13169] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  658.451074][   T29] audit: type=1400 audit(1737437485.604:1120): avc:  denied  { accept } for  pid=13160 comm="syz.3.1864" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1
[  658.471690][    C0] vkms_vblank_simulate: vblank timer overrun
[  658.669767][   T29] audit: type=1400 audit(1737437486.074:1121): avc:  denied  { watch } for  pid=13160 comm="syz.3.1864" path="/381" dev="tmpfs" ino=2093 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  658.693423][T13177] qrtr: Invalid version 0
[  658.741055][   T29] audit: type=1400 audit(1737437486.074:1122): avc:  denied  { watch_sb } for  pid=13160 comm="syz.3.1864" path="/381" dev="tmpfs" ino=2093 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  659.560420][T13198] FAULT_INJECTION: forcing a failure.
[  659.560420][T13198] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  659.573821][T13198] CPU: 1 UID: 0 PID: 13198 Comm: syz.5.1875 Not tainted 6.13.0-syzkaller #0
[  659.582525][T13198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  659.592616][T13198] Call Trace:
[  659.595893][T13198]  <TASK>
[  659.598803][T13198]  dump_stack_lvl+0x16c/0x1f0
[  659.603497][T13198]  should_fail_ex+0x497/0x5b0
[  659.608294][T13198]  _copy_from_iter+0x2a1/0x1560
[  659.613144][T13198]  ? __pfx__copy_from_iter+0x10/0x10
[  659.618416][T13198]  ? __pfx_alloc_pages_mpol_noprof+0x10/0x10
[  659.624381][T13198]  ? tun_build_skb.constprop.0+0x1b8/0x1120
[  659.630259][T13198]  ? __pfx_lock_release+0x10/0x10
[  659.635265][T13198]  ? trace_lock_acquire+0x14e/0x1f0
[  659.640496][T13198]  copy_page_from_iter+0xa5/0x120
[  659.645521][T13198]  tun_build_skb.constprop.0+0x294/0x1120
[  659.651401][T13198]  ? __pfx_tun_build_skb.constprop.0+0x10/0x10
[  659.657559][T13198]  ? avc_has_perm_noaudit+0x119/0x3a0
[  659.662930][T13198]  ? __pfx_lock_release+0x10/0x10
[  659.667948][T13198]  ? trace_lock_acquire+0x14e/0x1f0
[  659.673138][T13198]  ? __pfx___lock_acquire+0x10/0x10
[  659.678318][T13198]  ? register_lock_class+0xb1/0x1240
[  659.683587][T13198]  ? __lock_acquire+0xcc5/0x3c40
[  659.688504][T13198]  tun_get_user+0x870/0x3e50
[  659.693085][T13198]  ? __pfx_tun_get_user+0x10/0x10
[  659.698091][T13198]  ? find_held_lock+0x2d/0x110
[  659.702853][T13198]  ? __pfx_lock_release+0x10/0x10
[  659.707894][T13198]  tun_chr_write_iter+0xdc/0x210
[  659.712826][T13198]  vfs_write+0x5ae/0x1150
[  659.717137][T13198]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  659.722666][T13198]  ? __pfx_vfs_write+0x10/0x10
[  659.727407][T13198]  ? __fget_files+0x40/0x3a0
[  659.731983][T13198]  ksys_write+0x12b/0x250
[  659.736302][T13198]  ? __pfx_ksys_write+0x10/0x10
[  659.741150][T13198]  do_syscall_64+0xcd/0x250
[  659.745637][T13198]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  659.751511][T13198] RIP: 0033:0x7f1be4b847df
[  659.755925][T13198] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  659.776074][T13198] RSP: 002b:00007f1be5a8e000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  659.784470][T13198] RAX: ffffffffffffffda RBX: 00007f1be4d75fa0 RCX: 00007f1be4b847df
[  659.792420][T13198] RDX: 000000000000003e RSI: 0000000020000600 RDI: 00000000000000c8
[  659.800375][T13198] RBP: 00007f1be5a8e090 R08: 0000000000000000 R09: 0000000000000000
[  659.808330][T13198] R10: 000000000000003e R11: 0000000000000293 R12: 0000000000000001
[  659.816280][T13198] R13: 0000000000000000 R14: 00007f1be4d75fa0 R15: 00007ffed3736098
[  659.824239][T13198]  </TASK>
[  659.951566][ T5864] usb 2-1: new high-speed USB device number 41 using dummy_hcd
[  660.151457][T13217] FAULT_INJECTION: forcing a failure.
[  660.151457][T13217] name failslab, interval 1, probability 0, space 0, times 0
[  660.241862][T13217] CPU: 0 UID: 0 PID: 13217 Comm: syz.3.1881 Not tainted 6.13.0-syzkaller #0
[  660.250602][T13217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  660.260645][T13217] Call Trace:
[  660.263921][T13217]  <TASK>
[  660.266850][T13217]  dump_stack_lvl+0x16c/0x1f0
[  660.271513][T13217]  should_fail_ex+0x497/0x5b0
[  660.276176][T13217]  ? fs_reclaim_acquire+0xae/0x150
[  660.281274][T13217]  should_failslab+0xc2/0x120
[  660.285932][T13217]  __kmalloc_noprof+0xcb/0x510
[  660.290677][T13217]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  660.296292][T13217]  tomoyo_realpath_from_path+0xb9/0x720
[  660.301840][T13217]  ? tomoyo_path_number_perm+0x235/0x590
[  660.301857][T13213] bridge0: entered allmulticast mode
[  660.307476][T13217]  ? tomoyo_path_number_perm+0x235/0x590
[  660.307507][T13217]  tomoyo_path_number_perm+0x248/0x590
[  660.323864][T13217]  ? tomoyo_path_number_perm+0x235/0x590
[  660.329493][T13217]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  660.335484][T13217]  ? __pfx_lock_release+0x10/0x10
[  660.340499][T13217]  ? trace_lock_acquire+0x14e/0x1f0
[  660.345698][T13217]  ? lock_acquire+0x2f/0xb0
[  660.350190][T13217]  ? __fget_files+0x40/0x3a0
[  660.354771][T13217]  ? __fget_files+0x206/0x3a0
[  660.359440][T13217]  security_file_ioctl+0x9b/0x240
[  660.364456][T13217]  __x64_sys_ioctl+0xb7/0x200
[  660.369129][T13217]  do_syscall_64+0xcd/0x250
[  660.373632][T13217]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  660.379520][T13217] RIP: 0033:0x7fae52985d29
[  660.383941][T13217] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  660.403537][T13217] RSP: 002b:00007fae507f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  660.411938][T13217] RAX: ffffffffffffffda RBX: 00007fae52b75fa0 RCX: 00007fae52985d29
[  660.419895][T13217] RDX: 0000000020000200 RSI: 00000000c100565c RDI: 0000000000000003
[  660.427853][T13217] RBP: 00007fae507f6090 R08: 0000000000000000 R09: 0000000000000000
[  660.435829][T13217] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  660.443785][T13217] R13: 0000000000000000 R14: 00007fae52b75fa0 R15: 00007fff7b0d20d8
[  660.451755][T13217]  </TASK>
[  660.454864][    C0] vkms_vblank_simulate: vblank timer overrun
[  660.515190][T13217] ERROR: Out of memory at tomoyo_realpath_from_path.
[  660.591845][T13220] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1878'.
[  660.601024][T13220] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1878'.
[  660.680041][T13220] vxcan3: entered promiscuous mode
[  660.808321][ T5864] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  660.839555][ T5864] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  660.850639][ T5864] usb 2-1: Product: syz
[  660.898107][T13213] bridge_slave_1: left allmulticast mode
[  660.904277][ T5864] usb 2-1: Manufacturer: syz
[  660.908915][ T5864] usb 2-1: SerialNumber: syz
[  660.916811][ T5864] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  660.937795][ T5863] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  660.979463][T13213] bridge_slave_1: left promiscuous mode
[  661.028963][T13213] bridge0: port 2(bridge_slave_1) entered disabled state
[  661.068679][T13213] bridge_slave_0: left allmulticast mode
[  661.082280][T13213] bridge_slave_0: left promiscuous mode
[  661.089301][T13213] bridge0: port 1(bridge_slave_0) entered disabled state
[  661.665275][ T1199] usb 2-1: USB disconnect, device number 41
[  661.677593][   T29] kauditd_printk_skb: 1 callbacks suppressed
[  661.677622][   T29] audit: type=1400 audit(1737437489.254:1124): avc:  denied  { read write } for  pid=13237 comm="syz.5.1886" name="mice" dev="devtmpfs" ino=916 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  661.707358][    C0] vkms_vblank_simulate: vblank timer overrun
[  661.708864][T13240] qrtr: Invalid version 0
[  661.801187][T11137] usb 3-1: new full-speed USB device number 35 using dummy_hcd
[  661.886253][   T29] audit: type=1400 audit(1737437489.254:1125): avc:  denied  { open } for  pid=13237 comm="syz.5.1886" path="/dev/input/mice" dev="devtmpfs" ino=916 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  661.894908][T13241] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1886'.
[  661.917851][   T29] audit: type=1400 audit(1737437489.254:1126): avc:  denied  { ioctl } for  pid=13237 comm="syz.5.1886" path="/dev/input/mice" dev="devtmpfs" ino=916 ioctlcmd=0x561d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  662.019565][ T5863] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive
[  662.038085][T11137] usb 3-1: config 0 has an invalid interface number: 69 but max is 0
[  662.063284][ T5863] ath9k_htc: Failed to initialize the device
[  662.073672][T11137] usb 3-1: config 0 has no interface number 0
[  662.158300][T11137] usb 3-1: config 0 interface 69 altsetting 0 endpoint 0x8 has an invalid bInterval 0, changing to 4
[  662.158851][ T1199] usb 2-1: ath9k_htc: USB layer deinitialized
[  662.175171][T11137] usb 3-1: New USB device found, idVendor=0c4b, idProduct=0100, bcdDevice=d7.ca
[  662.311233][T11137] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  662.561050][T11137] usb 3-1: Product: syz
[  662.581287][T11137] usb 3-1: Manufacturer: syz
[  662.585936][T11137] usb 3-1: SerialNumber: syz
[  662.610390][T11137] usb 3-1: config 0 descriptor??
[  662.620262][T11137] cyberjack 3-1:0.69: required endpoints missing
[  662.653634][T13249] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1890'.
[  662.664354][   T29] audit: type=1400 audit(1737437490.234:1127): avc:  denied  { write } for  pid=13248 comm="syz.3.1892" name="binder1" dev="binder" ino=17 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  662.676515][T13250] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  663.004700][T13260] SELinux:  policydb magic number 0xe002eaff does not match expected magic number 0xf97cff8c
[  663.015691][T13260] SELinux: failed to load policy
[  663.507440][T13262] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  663.895103][T13262] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  663.913698][   T29] audit: type=1400 audit(1737437490.584:1128): avc:  denied  { load_policy } for  pid=13252 comm="syz.5.1891" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[  664.005910][ T5863] usb 4-1: new high-speed USB device number 38 using dummy_hcd
[  664.039798][T13265] IPVS: sync thread started: state = MASTER, mcast_ifn = lo, syncid = 4194304, id = 0
[  664.053915][   T29] audit: type=1400 audit(1737437491.054:1129): avc:  denied  { bind } for  pid=13257 comm="syz.1.1893" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  664.785647][ T5863] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD2, changing to 0x82
[  664.820739][ T5863] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  664.836316][ T5863] usb 4-1: New USB device found, idVendor=2040, idProduct=1605, bcdDevice= a.94
[  664.853274][   T29] audit: type=1400 audit(1737437492.434:1130): avc:  denied  { write } for  pid=5172 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  664.879475][ T5863] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  664.910692][ T5863] usb 4-1: config 0 descriptor??
[  664.921531][T11137] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  664.936558][   T29] audit: type=1400 audit(1737437492.434:1131): avc:  denied  { remove_name } for  pid=5172 comm="syslogd" name="messages" dev="tmpfs" ino=9 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  664.965194][ T5863] em28xx 4-1:0.0: New device   @ 480 Mbps (2040:1605, interface 0, class 0)
[  664.991084][   T29] audit: type=1400 audit(1737437492.434:1132): avc:  denied  { rename } for  pid=5172 comm="syslogd" name="messages" dev="tmpfs" ino=9 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  665.016278][ T5863] em28xx 4-1:0.0: Video interface 0 found:
[  665.019728][   T29] audit: type=1400 audit(1737437492.434:1133): avc:  denied  { add_name } for  pid=5172 comm="syslogd" name="messages.0" dev="tmpfs" ino=8 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  665.101899][T11137] usb 6-1: device descriptor read/64, error -71
[  665.127252][ T5864] usb 3-1: USB disconnect, device number 35
[  665.221281][ T5863] em28xx 4-1:0.0: unknown em28xx chip ID (0)
[  665.317134][ T5863] em28xx 4-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  665.335344][ T5863] em28xx 4-1:0.0: board has no eeprom
[  665.410954][ T5863] em28xx 4-1:0.0: Identified as Hauppauge WinTV HVR 930C (card=81)
[  665.428265][ T5863] em28xx 4-1:0.0: Currently, V4L2 is not supported on this model
[  665.445008][T11137] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  665.446473][ T5864] em28xx 4-1:0.0: Binding DVB extension
[  665.474714][ T5864] em28xx 4-1:0.0: no endpoint for DVB mode and transfer type 0
[  665.486563][ T5863] usb 4-1: USB disconnect, device number 38
[  665.509829][ T5863] em28xx 4-1:0.0: Disconnecting em28xx
[  665.519577][ T5864] em28xx 4-1:0.0: failed to pre-allocate USB transfer buffers for DVB.
[  665.555274][ T5864] em28xx 4-1:0.0: Registering input extension
[  665.569158][ T5863] em28xx 4-1:0.0: Closing input extension
[  665.591143][T11137] usb 6-1: device descriptor read/64, error -71
[  665.622605][ T5863] em28xx 4-1:0.0: Freeing device
[  665.701317][T11137] usb usb6-port1: attempt power cycle
[  665.723802][T13283] syz.0.1899 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  666.637884][T13282] delete_channel: no stack
[  666.811348][   T29] kauditd_printk_skb: 4 callbacks suppressed
[  666.811366][   T29] audit: type=1400 audit(1737437493.754:1138): avc:  denied  { ioctl } for  pid=13284 comm="syz.1.1900" path="/dev/usbmon0" dev="devtmpfs" ino=716 ioctlcmd=0x9207 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  667.548603][T11137] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  667.596404][T11137] usb 6-1: device descriptor read/8, error -71
[  667.604269][   T29] audit: type=1400 audit(1737437493.754:1139): avc:  denied  { read } for  pid=13284 comm="syz.1.1900" lport=17 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  667.837534][   T29] audit: type=1400 audit(1737437495.414:1140): avc:  denied  { write } for  pid=13296 comm="syz.0.1902" name="event2" dev="devtmpfs" ino=923 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  667.850791][T13300] tmpfs: Bad value for 'size'
[  667.891141][ T3070] usb 4-1: new high-speed USB device number 39 using dummy_hcd
[  667.899096][T11137] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[  667.962097][T11137] usb 6-1: device descriptor read/8, error -71
[  668.049772][   T29] audit: type=1400 audit(1737437495.624:1141): avc:  denied  { ioctl } for  pid=13296 comm="syz.0.1902" path="/dev/input/event2" dev="devtmpfs" ino=923 ioctlcmd=0x4504 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  668.092101][T11137] usb usb6-port1: unable to enumerate USB device
[  668.128410][ T3070] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  668.139697][ T3070] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  668.149097][ T3070] usb 4-1: Product: syz
[  668.172881][ T3070] usb 4-1: Manufacturer: syz
[  668.178045][ T3070] usb 4-1: SerialNumber: syz
[  668.187551][ T3070] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  668.203278][T11137] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  668.560996][T13309] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  668.954184][   T29] audit: type=1400 audit(1737437496.504:1142): avc:  denied  { setopt } for  pid=13304 comm="syz.1.1906" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  669.212735][ T5866] usb 4-1: USB disconnect, device number 39
[  669.281661][T11137] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive
[  669.326684][T11137] ath9k_htc: Failed to initialize the device
[  669.448600][ T5866] usb 4-1: ath9k_htc: USB layer deinitialized
[  669.837830][   T29] audit: type=1400 audit(1737437497.414:1143): avc:  denied  { write } for  pid=13317 comm="syz.1.1909" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  669.837852][T13323] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1909'.
[  670.446769][   T29] audit: type=1400 audit(1737437498.014:1144): avc:  denied  { read } for  pid=13320 comm="syz.3.1910" name="vhost-net" dev="devtmpfs" ino=1274 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[  670.501548][   T29] audit: type=1400 audit(1737437498.014:1145): avc:  denied  { open } for  pid=13320 comm="syz.3.1910" path="/dev/vhost-net" dev="devtmpfs" ino=1274 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[  671.991984][ T5866] usb 1-1: new full-speed USB device number 37 using dummy_hcd
[  672.008358][   T29] audit: type=1400 audit(1737437499.584:1146): avc:  denied  { name_bind } for  pid=13335 comm="syz.5.1913" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1
[  672.479594][ T5866] usb 1-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43
[  672.519329][ T5866] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  672.549559][ T5866] usb 1-1: config 0 descriptor??
[  672.565002][ T5866] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state.
[  672.578855][   T29] audit: type=1400 audit(1737437500.154:1147): avc:  denied  { write } for  pid=13351 comm="syz.5.1919" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  672.674528][   T29] audit: type=1400 audit(1737437500.154:1148): avc:  denied  { open } for  pid=13351 comm="syz.5.1919" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  673.831444][T11137] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[  674.169181][ T5866] gp8psk: usb in 128 operation failed.
[  674.178270][ T5866] gp8psk: usb in 137 operation failed.
[  674.206687][   T29] audit: type=1400 audit(1737437500.154:1149): avc:  denied  { write } for  pid=13351 comm="syz.5.1919" name="sg0" dev="devtmpfs" ino=725 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  674.235749][ T5866] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  674.244889][T11137] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  674.308158][T11137] usb 3-1: config 0 has no interfaces?
[  674.316233][ T5866] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19)
[  674.328585][T11137] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  674.337418][ T5866] usb 1-1: USB disconnect, device number 37
[  674.345785][T11137] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  674.381583][T11137] usb 3-1: config 0 descriptor??
[  674.468463][   T29] audit: type=1400 audit(1737437502.044:1150): avc:  denied  { ioctl } for  pid=13370 comm="syz.5.1923" path="/dev/sg0" dev="devtmpfs" ino=725 ioctlcmd=0x2275 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  674.755216][T13374] fuse: Bad value for 'fd'
[  674.906830][ T5820] Bluetooth: hci1: command 0x0405 tx timeout
[  675.392052][T11137] usb 2-1: new high-speed USB device number 42 using dummy_hcd
[  675.525772][ T5863] usb 3-1: USB disconnect, device number 36
[  675.552127][T11137] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  675.886471][T11137] usb 2-1: config 0 has no interfaces?
[  675.900050][T11137] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  675.914952][T11137] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  675.977556][T11137] usb 2-1: config 0 descriptor??
[  676.342966][T13364] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  676.361785][T13364] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  676.443797][ T5863] usb 2-1: USB disconnect, device number 42
[  676.789614][T13391] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1926'.
[  677.135598][   T29] audit: type=1400 audit(1737437504.694:1151): avc:  denied  { listen } for  pid=13397 comm="syz.0.1930" lport=20000 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  677.185532][   T29] audit: type=1400 audit(1737437504.744:1152): avc:  denied  { create } for  pid=13393 comm="syz.3.1928" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_nflog_socket permissive=1
[  677.218774][   T29] audit: type=1400 audit(1737437504.754:1153): avc:  denied  { accept } for  pid=13397 comm="syz.0.1930" lport=20000 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  677.354941][   T29] audit: type=1400 audit(1737441599.939:1154): avc:  denied  { ioctl } for  pid=13395 comm="syz.2.1929" path="/dev/vhost-net" dev="devtmpfs" ino=1274 ioctlcmd=0xaf00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[  677.804971][T13404] syzkaller0: entered promiscuous mode
[  677.845460][T13404] syzkaller0: entered allmulticast mode
[  677.878228][   T29] audit: type=1400 audit(1737441600.459:1155): avc:  denied  { remount } for  pid=13393 comm="syz.3.1928" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  678.654263][ T5820] Bluetooth: hci1: command 0x0405 tx timeout
[  678.758521][T13427] fuse: Bad value for 'fd'
[  681.184731][T13437] netlink: 39 bytes leftover after parsing attributes in process `syz.5.1937'.
[  685.439503][T13476] binder: 13470:13476 ioctl c0306201 200003c0 returned -14
[  685.673908][ T1290] ieee802154 phy0 wpan0: encryption failed: -22
[  685.680326][ T1290] ieee802154 phy1 wpan1: encryption failed: -22
[  686.147222][T13481] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  686.247705][   T29] audit: type=1400 audit(1737441608.699:1156): avc:  denied  { mount } for  pid=13477 comm="syz.5.1947" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  686.663810][T13473] ipvlan2: entered promiscuous mode
[  686.716150][   T29] audit: type=1400 audit(1737441609.299:1157): avc:  denied  { ioctl } for  pid=13482 comm="syz.1.1948" path="socket:[38479]" dev="sockfs" ino=38479 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  686.844742][   T29] audit: type=1400 audit(1737441609.349:1158): avc:  denied  { unmount } for  pid=10018 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  686.969707][   T29] audit: type=1400 audit(1737441609.549:1159): avc:  denied  { block_suspend } for  pid=13482 comm="syz.1.1948" capability=36  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  687.068639][T13498] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1951'.
[  687.079057][T13498] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1951'.
[  687.218480][T13500] binder: 13492:13500 ioctl c0306201 200003c0 returned -14
[  687.307346][T13500] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1952'.
[  687.316398][T13500] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1952'.
[  687.399858][T13500] vxcan5: entered promiscuous mode
[  687.417754][ T5866] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[  687.712686][ T5866] usb 6-1: config 0 has no interfaces?
[  687.718405][ T5866] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.de
[  687.767629][ T5866] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  687.834642][ T5866] usb 6-1: config 0 descriptor??
[  688.213393][   T29] audit: type=1400 audit(1737441610.789:1160): avc:  denied  { setopt } for  pid=13508 comm="syz.3.1955" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  688.297977][   T29] audit: type=1400 audit(1737441610.829:1161): avc:  denied  { ioctl } for  pid=13508 comm="syz.3.1955" path="socket:[39384]" dev="sockfs" ino=39384 ioctlcmd=0x6611 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  689.327630][   T29] audit: type=1400 audit(1737441611.409:1162): avc:  denied  { create } for  pid=13518 comm="syz.2.1957" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1
[  689.752205][   T29] audit: type=1400 audit(1737441611.419:1163): avc:  denied  { sys_admin } for  pid=13518 comm="syz.2.1957" capability=21  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1
[  689.847449][ T5864] usb 6-1: USB disconnect, device number 15
[  690.700929][ T5901] usb 3-1: new high-speed USB device number 37 using dummy_hcd
[  690.901562][ T5901] usb 3-1: Using ep0 maxpacket: 32
[  690.913004][ T5901] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  690.951164][ T5901] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  690.951701][ T5866] usb 1-1: new high-speed USB device number 38 using dummy_hcd
[  690.960333][ T5901] usb 3-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[  690.960381][ T5901] usb 3-1: Product: syz
[  690.960443][ T5901] usb 3-1: Manufacturer: syz
[  691.000613][ T5901] hub 3-1:4.0: USB hub found
[  691.221142][ T5866] usb 1-1: Using ep0 maxpacket: 16
[  692.057058][ T5866] usb 1-1: New USB device found, idVendor=1235, idProduct=0010, bcdDevice=29.82
[  692.080975][ T5866] usb 1-1: New USB device strings: Mfr=83, Product=5, SerialNumber=10
[  692.111908][ T5866] usb 1-1: Product: syz
[  692.125267][ T5866] usb 1-1: Manufacturer: syz
[  692.140033][ T5866] usb 1-1: SerialNumber: syz
[  692.158964][ T5866] usb 1-1: config 0 descriptor??
[  692.168439][ T5866] usb 1-1: selecting invalid altsetting 1
[  692.224476][ T5866] snd-usb-audio 1-1:0.0: probe with driver snd-usb-audio failed with error -22
[  692.342053][ T5923] udevd[5923]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  692.407630][   T29] audit: type=1400 audit(1737445709.985:1164): avc:  denied  { getopt } for  pid=13538 comm="syz.0.1962" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  692.412889][ T5866] usb 1-1: USB disconnect, device number 38
[  692.427123][    C1] vkms_vblank_simulate: vblank timer overrun
[  692.835469][   T29] audit: type=1400 audit(1737445709.985:1165): avc:  denied  { name_bind } for  pid=13538 comm="syz.0.1962" src=512 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=icmp_socket permissive=1
[  692.909462][   T29] audit: type=1400 audit(1737445709.985:1166): avc:  denied  { node_bind } for  pid=13538 comm="syz.0.1962" src=512 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=icmp_socket permissive=1
[  693.401567][T13569] fuse: Bad value for 'fd'
[  696.023473][T13581] netlink: 39 bytes leftover after parsing attributes in process `syz.0.1971'.
[  696.148043][ T5901] hub 3-1:4.0: config failed, can't read hub descriptor (err -22)
[  696.592821][ T5901] usb 3-1: USB disconnect, device number 37
[  697.752422][ T5820] Bluetooth: hci1: command 0x0405 tx timeout
[  697.911020][ T3070] usb 4-1: new high-speed USB device number 40 using dummy_hcd
[  697.927708][   T29] audit: type=1400 audit(1737445715.475:1167): avc:  denied  { write } for  pid=13602 comm="syz.5.1980" laddr=172.20.20.170 lport=58092 faddr=172.20.20.170 fport=20000 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  698.141654][ T3070] usb 4-1: Using ep0 maxpacket: 8
[  698.168636][ T3070] usb 4-1: unable to get BOS descriptor or descriptor too short
[  698.205079][ T3070] usb 4-1: config 7 has an invalid interface number: 67 but max is 0
[  698.216877][ T3070] usb 4-1: config 7 has no interface number 0
[  698.251643][ T5901] usb 1-1: new high-speed USB device number 39 using dummy_hcd
[  698.543485][ T3070] usb 4-1: New USB device found, idVendor=16c0, idProduct=05df, bcdDevice=6b.16
[  698.560973][ T3070] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  698.589539][ T3070] usb 4-1: Product: syz
[  698.593929][ T3070] usb 4-1: Manufacturer: syz
[  698.598556][ T3070] usb 4-1: SerialNumber: syz
[  698.693577][   T29] audit: type=1400 audit(1737445716.275:1168): avc:  denied  { read } for  pid=13611 comm="syz.2.1982" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  698.694453][ T5901] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  698.717703][    C0] vkms_vblank_simulate: vblank timer overrun
[  699.356346][ T1199] usb 3-1: new high-speed USB device number 38 using dummy_hcd
[  699.464429][ T5901] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  699.474737][ T5901] usb 1-1: Product: syz
[  699.479286][ T5901] usb 1-1: Manufacturer: syz
[  699.484066][ T5901] usb 1-1: SerialNumber: syz
[  699.512590][ T3070] usb 4-1: USB disconnect, device number 40
[  699.521674][ T5901] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  699.543347][T11137] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  699.691093][ T1199] usb 3-1: too many configurations: 151, using maximum allowed: 8
[  699.726113][ T1199] usb 3-1: New USB device found, idVendor=04d8, idProduct=0082, bcdDevice=ce.b7
[  699.740920][ T1199] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=130
[  699.749152][ T1199] usb 3-1: Product: syz
[  699.781053][ T1199] usb 3-1: Manufacturer: syz
[  699.790988][ T1199] usb 3-1: SerialNumber: syz
[  699.810719][ T1199] usb 3-1: config 0 descriptor??
[  699.850391][ T1199] ims_pcu 3-1:0.0: Zero length descriptor
[  699.861126][ T1199] ims_pcu 3-1:0.0: probe with driver ims_pcu failed with error -22
[  700.134326][ T1199] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[  700.357720][ T5864] usb 1-1: USB disconnect, device number 39
[  700.376921][ T1199] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  700.397222][ T1199] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  700.411408][ T1199] usb 6-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  700.420830][ T1199] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  700.438218][ T1199] usb 6-1: config 0 descriptor??
[  700.500822][T13637] netlink: 1296 bytes leftover after parsing attributes in process `syz.3.1990'.
[  700.515924][T13637] openvswitch: netlink: Flow key attr not present in new flow.
[  700.631091][T11137] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[  700.638756][T11137] ath9k_htc: Failed to initialize the device
[  701.296348][ T5864] usb 1-1: ath9k_htc: USB layer deinitialized
[  701.451065][ T5822] usb 4-1: new high-speed USB device number 41 using dummy_hcd
[  701.589486][ T1199] usb 6-1: string descriptor 0 read error: -22
[  701.612758][ T5822] usb 4-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad
[  701.622274][ T5822] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  701.643026][ T5822] usb 4-1: config 0 descriptor??
[  701.652429][ T5864] usb 3-1: USB disconnect, device number 38
[  701.675160][ T5822] gspca_main: spca508-2.14.0 probing 8086:0110
[  701.759834][T13648] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1993'.
[  701.779451][T13651] Cannot find del_set index 3 as target
[  701.800511][ T1199] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:256C:006D.001E/input/input25
[  701.817126][   T29] audit: type=1400 audit(1737445719.395:1169): avc:  denied  { read } for  pid=5175 comm="acpid" name="mouse1" dev="devtmpfs" ino=3209 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  701.827925][T13656] netlink: 'syz.2.1994': attribute type 4 has an invalid length.
[  701.844876][   T29] audit: type=1400 audit(1737445719.395:1170): avc:  denied  { open } for  pid=5175 comm="acpid" path="/dev/input/mouse1" dev="devtmpfs" ino=3209 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  701.878177][ T1199] uclogic 0003:256C:006D.001E: input,hidraw0: USB HID v0.00 Device [HID 256c:006d] on usb-dummy_hcd.5-1/input0
[  701.894810][   T29] audit: type=1400 audit(1737445719.395:1171): avc:  denied  { create } for  pid=13655 comm="syz.2.1994" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  701.920542][   T29] audit: type=1400 audit(1737445719.455:1172): avc:  denied  { ioctl } for  pid=5175 comm="acpid" path="/dev/input/mouse1" dev="devtmpfs" ino=3209 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  701.945625][    C0] vkms_vblank_simulate: vblank timer overrun
[  701.966369][   T29] audit: type=1400 audit(1737445719.455:1173): avc:  denied  { bind } for  pid=13655 comm="syz.2.1994" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  702.004592][T11137] usb 6-1: USB disconnect, device number 16
[  702.191019][ T3070] usb 3-1: new high-speed USB device number 39 using dummy_hcd
[  702.264302][   T29] audit: type=1400 audit(1737445719.845:1174): avc:  denied  { setopt } for  pid=13657 comm="syz.0.1995" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  702.293593][ T5822] gspca_spca508: reg_read err -71
[  702.299842][ T5822] gspca_spca508: reg_read err -71
[  702.307141][ T5822] gspca_spca508: reg_read err -71
[  702.326972][ T5822] gspca_spca508: reg write: error -71
[  702.338422][ T5822] spca508 4-1:0.0: probe with driver spca508 failed with error -71
[  702.365690][ T5822] usb 4-1: USB disconnect, device number 41
[  702.381176][ T3070] usb 3-1: Using ep0 maxpacket: 8
[  702.401105][ T3070] usb 3-1: config 0 has an invalid interface number: 31 but max is 0
[  702.416983][ T3070] usb 3-1: config 0 has no interface number 0
[  702.428452][ T3070] usb 3-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[  702.464361][ T3070] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  702.503753][ T3070] usb 3-1: Product: syz
[  702.525969][ T3070] usb 3-1: Manufacturer: syz
[  702.548887][ T3070] usb 3-1: SerialNumber: syz
[  702.628502][ T3070] usb 3-1: config 0 descriptor??
[  702.813526][ T1199] usb 1-1: new high-speed USB device number 40 using dummy_hcd
[  703.364492][ T1199] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  703.399526][ T1199] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  703.627018][ T1199] usb 1-1: Product: syz
[  703.670073][ T1199] usb 1-1: Manufacturer: syz
[  703.683437][ T5820] Bluetooth: hci1: command 0x0405 tx timeout
[  703.719664][ T1199] usb 1-1: SerialNumber: syz
[  703.942587][ T1199] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  703.971554][ T5822] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  703.973486][ T3070] usb 3-1: Found UVC 0.04 device syz (046d:08c3)
[  703.995390][ T5901] libceph: connect (1)[c::]:6789 error -101
[  704.040015][ T5901] libceph: mon0 (1)[c::]:6789 connect error
[  704.049195][ T3070] usb 3-1: No streaming interface found for terminal 6.
[  704.065412][ T3070] usb 3-1: USB disconnect, device number 39
[  704.311359][ T5901] libceph: connect (1)[c::]:6789 error -101
[  704.317426][ T5901] libceph: mon0 (1)[c::]:6789 connect error
[  704.337430][T13688] ceph: No mds server is up or the cluster is laggy
[  705.171145][ T5822] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[  705.181928][ T5822] ath9k_htc: Failed to initialize the device
[  705.184206][ T3070] libceph: connect (1)[c::]:6789 error -101
[  705.221479][ T3070] libceph: mon0 (1)[c::]:6789 connect error
[  705.228220][ T5901] usb 1-1: USB disconnect, device number 40
[  705.239617][ T5901] usb 1-1: ath9k_htc: USB layer deinitialized
[  705.350442][T13698] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2004'.
[  705.424581][T13700] bridge0: port 1(bridge_slave_1) entered blocking state
[  705.440713][T13700] bridge0: port 1(bridge_slave_1) entered disabled state
[  705.460977][T13700] bridge_slave_1: entered allmulticast mode
[  705.468234][T13700] bridge_slave_1: entered promiscuous mode
[  706.650040][   T29] audit: type=1400 audit(1737445724.215:1175): avc:  denied  { connect } for  pid=13712 comm="syz.2.2009" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  708.132489][   T29] audit: type=1400 audit(1737445724.975:1176): avc:  denied  { read } for  pid=13718 comm="syz.3.2011" name="nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  708.455551][T13721] binder: 13714:13721 ioctl c0306201 200003c0 returned -14
[  708.464875][T13716] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2010'.
[  708.481358][   T29] audit: type=1400 audit(1737445724.985:1177): avc:  denied  { open } for  pid=13718 comm="syz.3.2011" path="/dev/nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  708.514871][T13716] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2010'.
[  708.926162][T13716] vxcan3: entered promiscuous mode
[  708.935020][ T1199] libceph: connect (1)[c::]:6789 error -101
[  709.051199][T13733] ceph: No mds server is up or the cluster is laggy
[  709.063530][ T1199] libceph: mon0 (1)[c::]:6789 connect error
[  709.581105][ T1199] libceph: connect (1)[c::]:6789 error -101
[  709.587451][ T1199] libceph: mon0 (1)[c::]:6789 connect error
[  709.638532][   T29] audit: type=1400 audit(1737445727.215:1178): avc:  denied  { getopt } for  pid=13744 comm="syz.5.2017" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  709.693684][   T29] audit: type=1400 audit(1737445727.235:1179): avc:  denied  { write } for  pid=13744 comm="syz.5.2017" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  709.720704][T13746] syzkaller1: entered promiscuous mode
[  709.726481][T13746] syzkaller1: entered allmulticast mode
[  709.745281][T13754] netlink: 188 bytes leftover after parsing attributes in process `syz.2.2019'.
[  709.807557][T13746] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2017'.
[  709.831233][T13754] netlink: 'syz.2.2019': attribute type 1 has an invalid length.
[  709.939588][T13761] netlink: 'syz.5.2017': attribute type 2 has an invalid length.
[  710.851296][T13767] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR
[  712.665380][ T5826] Bluetooth: hci4: ACL packet for unknown connection handle 4080
[  713.804994][T13797] jfs: Unknown parameter '/)'
[  713.850956][   T29] audit: type=1400 audit(1737445731.385:1180): avc:  denied  { mounton } for  pid=13793 comm="syz.0.2031" path="/387/file0" dev="tmpfs" ino=2104 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  714.439372][T11137] libceph: connect (1)[c::]:6789 error -101
[  714.453621][T11137] libceph: mon0 (1)[c::]:6789 connect error
[  714.606704][   T29] audit: type=1400 audit(1737445732.185:1181): avc:  denied  { write } for  pid=13814 comm="syz.2.2036" name="001" dev="devtmpfs" ino=750 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  714.629591][    C0] vkms_vblank_simulate: vblank timer overrun
[  714.651625][T13823] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3560516746 (28484133968 ns) > initial count (26428273480 ns). Using initial count to start timer.
[  714.689589][T13825] hub 9-0:1.0: USB hub found
[  714.698215][T13828] netlink: 'syz.3.2039': attribute type 1 has an invalid length.
[  714.714863][T13825] hub 9-0:1.0: 1 port detected
[  714.726546][T11137] libceph: connect (1)[c::]:6789 error -101
[  714.731108][T13823] netlink: 'syz.1.2038': attribute type 1 has an invalid length.
[  714.775971][   T29] audit: type=1400 audit(1737445732.225:1182): avc:  denied  { setopt } for  pid=13814 comm="syz.2.2036" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  714.792683][T13815] ceph: No mds server is up or the cluster is laggy
[  714.795472][    C0] vkms_vblank_simulate: vblank timer overrun
[  714.811448][T11137] libceph: mon0 (1)[c::]:6789 connect error
[  714.960830][T13833] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2040'.
[  714.970679][T13834] FAULT_INJECTION: forcing a failure.
[  714.970679][T13834] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  714.976590][T13833] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2040'.
[  715.010627][T13833] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2040'.
[  715.010980][T13834] CPU: 1 UID: 0 PID: 13834 Comm: syz.3.2041 Not tainted 6.13.0-syzkaller #0
[  715.028283][T13834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  715.038354][T13834] Call Trace:
[  715.041625][T13834]  <TASK>
[  715.044545][T13834]  dump_stack_lvl+0x16c/0x1f0
[  715.049216][T13834]  should_fail_ex+0x497/0x5b0
[  715.053890][T13834]  _copy_from_user+0x2e/0xd0
[  715.058465][T13834]  copy_msghdr_from_user+0x99/0x160
[  715.063652][T13834]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  715.069457][T13834]  ___sys_sendmsg+0xff/0x1e0
[  715.074034][T13834]  ? __pfx____sys_sendmsg+0x10/0x10
[  715.079229][T13834]  ? __pfx_lock_release+0x10/0x10
[  715.084247][T13834]  ? trace_lock_acquire+0x14e/0x1f0
[  715.089448][T13834]  ? __fget_files+0x206/0x3a0
[  715.094118][T13834]  __sys_sendmsg+0x16e/0x220
[  715.098696][T13834]  ? __pfx___sys_sendmsg+0x10/0x10
[  715.103838][T13834]  do_syscall_64+0xcd/0x250
[  715.108339][T13834]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  715.114225][T13834] RIP: 0033:0x7fae52985d29
[  715.118629][T13834] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  715.138244][T13834] RSP: 002b:00007fae507f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  715.146646][T13834] RAX: ffffffffffffffda RBX: 00007fae52b75fa0 RCX: 00007fae52985d29
[  715.154605][T13834] RDX: 0000000000000000 RSI: 0000000020001380 RDI: 0000000000000004
[  715.162562][T13834] RBP: 00007fae507f6090 R08: 0000000000000000 R09: 0000000000000000
[  715.170520][T13834] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  715.178495][T13834] R13: 0000000000000000 R14: 00007fae52b75fa0 R15: 00007fff7b0d20d8
[  715.186493][T13834]  </TASK>
[  715.275343][T13833] nbd: socks must be embedded in a SOCK_ITEM attr
[  715.330942][T11137] usb 2-1: new full-speed USB device number 43 using dummy_hcd
[  715.348713][   T29] audit: type=1400 audit(1737445732.925:1183): avc:  denied  { ioctl } for  pid=13840 comm="syz.2.2044" path="socket:[40417]" dev="sockfs" ino=40417 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  715.381661][T13842] vlan0: entered promiscuous mode
[  715.387011][T13842] vlan0: entered allmulticast mode
[  715.492980][T11137] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  715.504783][T11137] usb 2-1: config 0 has no interfaces?
[  715.510424][T13843] netlink: 'syz.3.2045': attribute type 2 has an invalid length.
[  715.523169][T11137] usb 2-1: New USB device found, idVendor=13d3, idProduct=3224, bcdDevice=cb.0d
[  715.553016][T11137] usb 2-1: New USB device strings: Mfr=1, Product=12, SerialNumber=3
[  715.575796][T11137] usb 2-1: Product: syz
[  715.585259][T11137] usb 2-1: Manufacturer: syz
[  715.590059][T11137] usb 2-1: SerialNumber: syz
[  715.663608][T11137] usb 2-1: config 0 descriptor??
[  716.467779][   T29] audit: type=1400 audit(1737445734.045:1184): avc:  denied  { search } for  pid=13853 comm="dhcpcd-run-hook" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  716.828641][   T29] audit: type=1400 audit(1737445734.405:1185): avc:  denied  { read } for  pid=13859 comm="dhcpcd-run-hook" name="resolv.conf" dev="tmpfs" ino=1706 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  716.966954][   T29] audit: type=1400 audit(1737445734.405:1186): avc:  denied  { open } for  pid=13859 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1706 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  716.985141][ T5901] usb 2-1: USB disconnect, device number 43
[  717.080987][   T29] audit: type=1400 audit(1737445734.405:1187): avc:  denied  { getattr } for  pid=13859 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1706 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  717.170295][   T29] audit: type=1400 audit(1737445734.415:1188): avc:  denied  { getattr } for  pid=13859 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf/eth0.dhcp" dev="tmpfs" ino=1746 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  717.294955][   T29] audit: type=1400 audit(1737445734.545:1189): avc:  denied  { read } for  pid=13865 comm="sed" name="eth0.dhcp" dev="tmpfs" ino=1746 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  718.061681][T11137] usb 1-1: new high-speed USB device number 41 using dummy_hcd
[  718.223728][T11137] usb 1-1: Using ep0 maxpacket: 16
[  718.381416][T11137] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  718.528392][T11137] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  718.589021][T11137] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  718.619203][T13896] binder: BINDER_SET_CONTEXT_MGR already set
[  718.627417][T13896] binder: 13895:13896 ioctl 4018620d 20000100 returned -16
[  718.736859][T11137] usb 1-1: Product: syz
[  718.745847][T13896] binder: 13895:13896 ioctl c0306201 200003c0 returned -14
[  718.753149][T11137] usb 1-1: Manufacturer: syz
[  718.758507][T13896] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2059'.
[  718.767505][T13896] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2059'.
[  718.779268][T13896] vxcan5: entered promiscuous mode
[  718.791309][T11137] usb 1-1: SerialNumber: syz
[  718.910772][T11137] usb 1-1: config 0 descriptor??
[  718.974045][T13901] input: syz1 as /devices/virtual/input/input27
[  719.452122][   T29] kauditd_printk_skb: 9 callbacks suppressed
[  719.452140][   T29] audit: type=1400 audit(1737445736.795:1199): avc:  denied  { read write } for  pid=13893 comm="syz.2.2058" name="uhid" dev="devtmpfs" ino=1273 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  719.520505][T11137] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  719.548945][   T29] audit: type=1400 audit(1737445736.795:1200): avc:  denied  { open } for  pid=13893 comm="syz.2.2058" path="/dev/uhid" dev="devtmpfs" ino=1273 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  719.583621][T11137] em28xx 1-1:0.0: DVB interface 0 found: bulk
[  719.757386][T13907] qrtr: Invalid version 128
[  719.835308][   T29] audit: type=1400 audit(1737445737.405:1201): avc:  denied  { bind } for  pid=13914 comm="syz.2.2061" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  720.281650][T11137] em28xx 1-1:0.0: unknown em28xx chip ID (0)
[  720.484089][T11137] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  720.705001][T11137] em28xx 1-1:0.0: board has no eeprom
[  720.967455][T11137] em28xx 1-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  720.995739][T11137] em28xx 1-1:0.0: dvb set to bulk mode.
[  721.043349][ T5822] libceph: connect (1)[c::]:6789 error -101
[  721.061193][ T5822] libceph: mon0 (1)[c::]:6789 connect error
[  721.115063][ T5901] em28xx 1-1:0.0: Binding DVB extension
[  721.209269][T11137] usb 1-1: USB disconnect, device number 41
[  721.238719][T11137] em28xx 1-1:0.0: Disconnecting em28xx
[  721.243320][T13954] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2067'.
[  721.265364][ T5901] em28xx 1-1:0.0: Registering input extension
[  721.273085][T13943] ceph: No mds server is up or the cluster is laggy
[  721.291858][ T3070] usb 3-1: new full-speed USB device number 40 using dummy_hcd
[  721.310258][T11137] em28xx 1-1:0.0: Closing input extension
[  721.321396][ T5822] libceph: connect (1)[c::]:6789 error -101
[  721.327426][   T29] audit: type=1400 audit(1737445738.895:1202): avc:  denied  { connect } for  pid=13953 comm="syz.0.2067" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  721.347360][ T5822] libceph: mon0 (1)[c::]:6789 connect error
[  721.356228][   T29] audit: type=1400 audit(1737445738.895:1203): avc:  denied  { ioctl } for  pid=13953 comm="syz.0.2067" path="socket:[41390]" dev="sockfs" ino=41390 ioctlcmd=0x7452 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  721.412416][T11137] em28xx 1-1:0.0: Freeing device
[  721.535061][ T3070] usb 3-1: New USB device found, idVendor=13d8, idProduct=0020, bcdDevice=f7.31
[  721.885410][ T3070] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  722.035005][ T3070] usb 3-1: config 0 descriptor??
[  722.736534][T13942] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2065'.
[  722.860693][ T3070] usb 3-1: selecting invalid altsetting 3
[  722.864173][T13942] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  722.875124][ T3070] comedi comedi0: could not set alternate setting 3 in high speed
[  722.875242][ T3070] usbduxsigma 3-1:0.0: driver 'usbduxsigma' failed to auto-configure device.
[  722.912032][T13942] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  722.943436][T13942] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  722.961909][ T3070] usbduxsigma 3-1:0.0: probe with driver usbduxsigma failed with error -22
[  722.980118][T13942] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  723.102701][ T5822] usb 3-1: USB disconnect, device number 40
[  723.229143][   T29] audit: type=1400 audit(1737445740.805:1204): avc:  denied  { ioctl } for  pid=13988 comm="syz.1.2073" path="/dev/fb0" dev="devtmpfs" ino=629 ioctlcmd=0x4601 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  723.551170][ T3070] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[  724.586842][T14016] netlink: 'syz.1.2075': attribute type 1 has an invalid length.
[  724.640629][T14016] netlink: 216 bytes leftover after parsing attributes in process `syz.1.2075'.
[  726.229853][   T29] audit: type=1400 audit(1737445743.655:1205): avc:  denied  { create } for  pid=14036 comm="syz.0.2080" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  726.304221][T11137] libceph: connect (1)[c::]:6789 error -101
[  726.312890][T11137] libceph: mon0 (1)[c::]:6789 connect error
[  726.457949][T14045] ceph: No mds server is up or the cluster is laggy
[  728.300998][   T29] audit: type=1400 audit(1737445745.845:1206): avc:  denied  { ioctl } for  pid=14074 comm="syz.0.2086" path="socket:[41611]" dev="sockfs" ino=41611 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  728.325921][    C0] vkms_vblank_simulate: vblank timer overrun
[  729.082296][T14066] 
[  729.084643][T14066] ======================================================
[  729.091636][T14066] WARNING: possible circular locking dependency detected
[  729.098645][T14066] 6.13.0-syzkaller #0 Not tainted
[  729.101124][   T29] audit: type=1400 audit(1737445746.655:1207): avc:  denied  { getopt } for  pid=14064 comm="syz.1.2085" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  729.103681][T14066] ------------------------------------------------------
[  729.103689][T14066] syz.1.2085/14066 is trying to acquire lock:
[  729.103699][T14066] ffff88807d7bf6e0 (&mm->mmap_lock){++++}-{4:4}, at: __might_fault+0xe3/0x190
[  729.103754][T14066] 
[  729.103754][T14066] but task is already holding lock:
[  729.103760][T14066] ffff888026d01ca8 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x33/0x70
[  729.103802][T14066] 
[  729.103802][T14066] which lock already depends on the new lock.
[  729.103802][T14066] 
[  729.103807][T14066] 
[  729.103807][T14066] the existing dependency chain (in reverse order) is:
[  729.103813][T14066] 
[  729.103813][T14066] -> #5 (&q->debugfs_mutex){+.+.}-{4:4}:
[  729.103837][T14066]        __mutex_lock+0x19b/0xa60
[  729.103860][T14066]        blk_mq_init_sched+0x42b/0x640
[  729.103884][T14066]        elevator_init_mq+0x2cd/0x420
[  729.103901][T14066]        add_disk_fwnode+0x113/0x1300
[  729.209952][T14066]        sd_probe+0xa86/0x1000
[  729.214700][T14066]        really_probe+0x23e/0xa90
[  729.219724][T14066]        __driver_probe_device+0x1de/0x440
[  729.225506][T14066]        driver_probe_device+0x4c/0x1b0
[  729.231027][T14066]        __device_attach_driver+0x1df/0x310
[  729.236896][T14066]        bus_for_each_drv+0x157/0x1e0
[  729.242241][T14066]        __device_attach_async_helper+0x1d3/0x290
[  729.248644][T14066]        async_run_entry_fn+0x9c/0x530
[  729.254082][T14066]        process_one_work+0x9c5/0x1ba0
[  729.259527][T14066]        worker_thread+0x6c8/0xf00
[  729.264625][T14066]        kthread+0x2c1/0x3a0
[  729.269191][T14066]        ret_from_fork+0x45/0x80
[  729.274192][T14066]        ret_from_fork_asm+0x1a/0x30
[  729.279457][T14066] 
[  729.279457][T14066] -> #4 (&q->q_usage_counter(queue)#50){++++}-{0:0}:
[  729.288308][T14066]        blk_queue_enter+0x50f/0x640
[  729.293600][T14066]        blk_mq_alloc_request+0x59b/0x950
[  729.299302][T14066]        scsi_execute_cmd+0x1da/0xf40
[  729.304666][T14066]        read_capacity_16+0x213/0xe10
[  729.310016][T14066]        sd_revalidate_disk.isra.0+0x1a06/0xa8d0
[  729.316319][T14066]        sd_probe+0x904/0x1000
[  729.321091][T14066]        really_probe+0x23e/0xa90
[  729.326090][T14066]        __driver_probe_device+0x1de/0x440
[  729.331871][T14066]        driver_probe_device+0x4c/0x1b0
[  729.337390][T14066]        __device_attach_driver+0x1df/0x310
[  729.343263][T14066]        bus_for_each_drv+0x157/0x1e0
[  729.348608][T14066]        __device_attach_async_helper+0x1d3/0x290
[  729.355006][T14066]        async_run_entry_fn+0x9c/0x530
[  729.360458][T14066]        process_one_work+0x9c5/0x1ba0
[  729.365892][T14066]        worker_thread+0x6c8/0xf00
[  729.370980][T14066]        kthread+0x2c1/0x3a0
[  729.375546][T14066]        ret_from_fork+0x45/0x80
[  729.380466][T14066]        ret_from_fork_asm+0x1a/0x30
[  729.385730][T14066] 
[  729.385730][T14066] -> #3 (&q->limits_lock){+.+.}-{4:4}:
[  729.393343][T14066]        __mutex_lock+0x19b/0xa60
[  729.398347][T14066]        __nbd_set_size+0x2c0/0x730
[  729.403523][T14066]        nbd_start_device+0x8fd/0xd70
[  729.408871][T14066]        nbd_ioctl+0x21a/0xfd0
[  729.413632][T14066]        blkdev_ioctl+0x276/0x6d0
[  729.418652][T14066]        __x64_sys_ioctl+0x190/0x200
[  729.423943][T14066]        do_syscall_64+0xcd/0x250
[  729.428968][T14066]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  729.435363][T14066] 
[  729.435363][T14066] -> #2 (&q->q_usage_counter(io)#53){++++}-{0:0}:
[  729.443938][T14066]        blk_mq_submit_bio+0x1fb6/0x24c0
[  729.449548][T14066]        __submit_bio+0x384/0x540
[  729.454549][T14066]        submit_bio_noacct_nocheck+0x698/0xd70
[  729.460680][T14066]        submit_bio_noacct+0x93a/0x1e20
[  729.466208][T14066]        block_read_full_folio+0x812/0xa50
[  729.472011][T14066]        filemap_read_folio+0xc6/0x2a0
[  729.477444][T14066]        filemap_get_pages+0x155f/0x1be0
[  729.483049][T14066]        filemap_read+0x3ca/0xd70
[  729.488059][T14066]        blkdev_read_iter+0x187/0x480
[  729.493408][T14066]        vfs_read+0x87f/0xbe0
[  729.498071][T14066]        ksys_read+0x12b/0x250
[  729.502807][T14066]        do_syscall_64+0xcd/0x250
[  729.507809][T14066]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  729.514201][T14066] 
[  729.514201][T14066] -> #1 (mapping.invalidate_lock#2){++++}-{4:4}:
[  729.522687][T14066]        down_read+0x9a/0x330
[  729.527341][T14066]        filemap_fault+0x2e0/0x2820
[  729.532513][T14066]        __do_fault+0x10a/0x490
[  729.537339][T14066]        do_pte_missing+0xebd/0x3e00
[  729.542596][T14066]        __handle_mm_fault+0x103c/0x2a40
[  729.548203][T14066]        handle_mm_fault+0x3fa/0xaa0
[  729.553464][T14066]        do_user_addr_fault+0x7a3/0x13f0
[  729.559072][T14066]        exc_page_fault+0x5c/0xc0
[  729.564179][T14066]        asm_exc_page_fault+0x26/0x30
[  729.569543][T14066]        strncpy_from_user+0x14a/0x2d0
[  729.574979][T14066]        getname_flags.part.0+0x8f/0x550
[  729.580601][T14066]        getname+0x8d/0xe0
[  729.584990][T14066]        do_sys_openat2+0x104/0x1e0
[  729.590164][T14066]        __x64_sys_creat+0xcd/0x120
[  729.595338][T14066]        do_syscall_64+0xcd/0x250
[  729.600338][T14066]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  729.606750][T14066] 
[  729.606750][T14066] -> #0 (&mm->mmap_lock){++++}-{4:4}:
[  729.614293][T14066]        __lock_acquire+0x249e/0x3c40
[  729.619653][T14066]        lock_acquire.part.0+0x11b/0x380
[  729.625261][T14066]        __might_fault+0x11b/0x190
[  729.630349][T14066]        _copy_from_user+0x29/0xd0
[  729.635431][T14066]        __blk_trace_setup+0xa8/0x180
[  729.640781][T14066]        blk_trace_setup+0x47/0x70
[  729.645879][T14066]        sg_ioctl+0x65e/0x2750
[  729.650620][T14066]        __x64_sys_ioctl+0x190/0x200
[  729.655882][T14066]        do_syscall_64+0xcd/0x250
[  729.660889][T14066]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  729.667290][T14066] 
[  729.667290][T14066] other info that might help us debug this:
[  729.667290][T14066] 
[  729.677507][T14066] Chain exists of:
[  729.677507][T14066]   &mm->mmap_lock --> &q->q_usage_counter(queue)#50 --> &q->debugfs_mutex
[  729.677507][T14066] 
[  729.691827][T14066]  Possible unsafe locking scenario:
[  729.691827][T14066] 
[  729.699250][T14066]        CPU0                    CPU1
[  729.704601][T14066]        ----                    ----
[  729.709936][T14066]   lock(&q->debugfs_mutex);
[  729.714508][T14066]                                lock(&q->q_usage_counter(queue)#50);
[  729.722641][T14066]                                lock(&q->debugfs_mutex);
[  729.729722][T14066]   rlock(&mm->mmap_lock);
[  729.734112][T14066] 
[  729.734112][T14066]  *** DEADLOCK ***
[  729.734112][T14066] 
[  729.742226][T14066] 1 lock held by syz.1.2085/14066:
[  729.747308][T14066]  #0: ffff888026d01ca8 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x33/0x70
[  729.756946][T14066] 
[  729.756946][T14066] stack backtrace:
[  729.762809][T14066] CPU: 1 UID: 0 PID: 14066 Comm: syz.1.2085 Not tainted 6.13.0-syzkaller #0
[  729.771462][T14066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  729.781492][T14066] Call Trace:
[  729.784749][T14066]  <TASK>
[  729.787656][T14066]  dump_stack_lvl+0x116/0x1f0
[  729.792315][T14066]  print_circular_bug+0x419/0x5d0
[  729.797316][T14066]  check_noncircular+0x31a/0x400
[  729.802231][T14066]  ? __pfx_check_noncircular+0x10/0x10
[  729.807665][T14066]  ? lockdep_lock+0xc6/0x200
[  729.812255][T14066]  ? __pfx_lockdep_lock+0x10/0x10
[  729.817259][T14066]  __lock_acquire+0x249e/0x3c40
[  729.822086][T14066]  ? __pfx___lock_acquire+0x10/0x10
[  729.827259][T14066]  ? trace_lock_acquire+0x14e/0x1f0
[  729.832436][T14066]  ? __pfx_mark_lock+0x10/0x10
[  729.837187][T14066]  lock_acquire.part.0+0x11b/0x380
[  729.842273][T14066]  ? __might_fault+0xe3/0x190
[  729.846930][T14066]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  729.852541][T14066]  ? rcu_is_watching+0x12/0xc0
[  729.857282][T14066]  ? trace_lock_acquire+0x14e/0x1f0
[  729.862461][T14066]  ? __might_fault+0xe3/0x190
[  729.867130][T14066]  ? lock_acquire+0x2f/0xb0
[  729.871618][T14066]  ? __might_fault+0xe3/0x190
[  729.876279][T14066]  ? __might_fault+0xe3/0x190
[  729.880934][T14066]  __might_fault+0x11b/0x190
[  729.885503][T14066]  ? __might_fault+0xe3/0x190
[  729.890160][T14066]  _copy_from_user+0x29/0xd0
[  729.894739][T14066]  __blk_trace_setup+0xa8/0x180
[  729.899569][T14066]  ? __pfx___blk_trace_setup+0x10/0x10
[  729.905026][T14066]  ? do_vfs_ioctl+0x513/0x1990
[  729.909769][T14066]  blk_trace_setup+0x47/0x70
[  729.914344][T14066]  sg_ioctl+0x65e/0x2750
[  729.918577][T14066]  ? ioctl_has_perm.constprop.0.isra.0+0x2fc/0x450
[  729.925076][T14066]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  729.931905][T14066]  ? __pfx_sg_ioctl+0x10/0x10
[  729.936558][T14066]  ? __pfx_lock_release+0x10/0x10
[  729.941574][T14066]  ? selinux_file_ioctl+0x180/0x270
[  729.946763][T14066]  ? selinux_file_ioctl+0xb4/0x270
[  729.951853][T14066]  ? __pfx_sg_ioctl+0x10/0x10
[  729.956534][T14066]  __x64_sys_ioctl+0x190/0x200
[  729.961291][T14066]  do_syscall_64+0xcd/0x250
[  729.965784][T14066]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  729.971664][T14066] RIP: 0033:0x7f0bfb385d29
[  729.976061][T14066] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  729.995650][T14066] RSP: 002b:00007f0bfc278038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  730.004042][T14066] RAX: ffffffffffffffda RBX: 00007f0bfb575fa0 RCX: 00007f0bfb385d29
[  730.011991][T14066] RDX: 00000000200006c0 RSI: 00000000c0481273 RDI: 000000000000000b
[  730.019942][T14066] RBP: 00007f0bfb401b08 R08: 0000000000000000 R09: 0000000000000000
[  730.027904][T14066] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  730.035850][T14066] R13: 0000000000000000 R14: 00007f0bfb575fa0 R15: 00007ffde34f3268
[  730.043801][T14066]  </TASK>
[  730.174078][T14090] rfkill: input handler disabled
[  730.184737][T14090] rfkill: input handler enabled
[  730.551328][T14075] caif:caif_disconnect_client(): nothing to disconnect