last executing test programs:

2m43.117710367s ago: executing program 1 (id=487):
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="140000"], 0x50)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, 0x0, 0x0)
bind$bt_l2cap(0xffffffffffffffff, &(0x7f00000002c0)={0x1f, 0x0, @any, 0x81}, 0xe)
connect$bt_l2cap(0xffffffffffffffff, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
socket(0x2, 0x80805, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
syz_open_dev$sndpcmc(&(0x7f0000000000), 0x0, 0x20101)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x8002, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x61, 0x100001}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0xc)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000000), 0x100000040, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x20, 0x3, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000013207c4429494b46f78fcc4946c27d260769e58cebe28b3a3f9113f3775a32109a881c37d52489826fcd6b259251c1b4a814239a3e9307759ed3df24b4411f44603af6156372c90725d4920d040032fa0f75066b7bf00946c162f30507f2448d5c1d424d53fc5e1c68de0f6cc9a1d4d2a2ff73ca27471b06dd05ff0b4e8e94bac28a8e414343042687d121c4e6d241707f7bf572faa0bde8694fe5e56fac64c8fe29c3dfef17fffe09724551bd95af0d56e38a468c584ca14de5029a7aa6515ef7d43014c7efb8b5c4cf92e0580093f87ea5605113ba035d73a07c4a3fc20f00000000000000b01cfa3234b7ae80708bbf1326b6d67f894f935ce1a06e310a7eaba63d8afe312c275de946ed263a0243595f265af0f942ed41e500e7f6d89c45c026aa9aefa9d8bbe6f9545f05fdb62e968e"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ee}, 0x94)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='new default user:syz 0000096'], 0x2a, 0xfffffffffffffff9)
add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe)

2m42.079456902s ago: executing program 1 (id=489):
pipe2(&(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x2f00020b, 0xd, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b9", 0x0, 0x7515, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="220000000400000010000000"], 0x48)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000000c0)={r1, &(0x7f0000000040)="94e9c9a4", &(0x7f0000000080)=@udp, 0x2}, 0x20)
write$FUSE_INIT(r0, &(0x7f0000000340)={0x50, 0x2f, 0x0, {0x7, 0x29, 0x0, 0x800006, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100}}, 0x50)
r2 = fanotify_init(0x200, 0x0)
fanotify_mark(r2, 0x1, 0x40000032, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$iommufd(0xffffffffffffff9c, 0x0, 0x14880, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x1, 0xb, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x6}, 0x94)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000000)="0f080fae04a200400f01c426660f3a15e6160fc76bdbf08666350f2170260fed9c000066b9230b00000f32", 0x2b}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

2m39.46939601s ago: executing program 1 (id=499):
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x240, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket$unix(0x1, 0x5, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000180)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0xc)
setfsuid(r1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x1000088}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x8081)
r3 = syz_open_dev$vim2m(&(0x7f0000000200), 0x7ff, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FRAMESIZES(r3, 0xc02c564a, &(0x7f0000000040)={0x0, 0x3136564e, 0x1, @discrete={0xff, 0x1}})
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000280)=<r4=>0x0)
r5 = socket$xdp(0x2c, 0x3, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000600)=<r6=>0x0)
sendto(r5, &(0x7f0000000500)="a254e7423fa9821e129b61d9e5b165cce607728a8b2b97f7dcaca9a46e162d43d618431ff658145af605bf5aa46683a7db423639d1c1891a3a496cc23f275d05d1ca3136f0bd79e4d3f3638d13cb89b1c31f80face833f9be4c98acd", 0x5c, 0x8000, &(0x7f0000000640)=@nfc_llcp={0x27, r6, 0x0, 0x1, 0x6, 0xf3, "cc62a3c0f01e8f986482669496ad11b93fd6e01ccf4e45a66f89949153fd604b4f4ac600516459db90d8b834d402d307790aa073e8db66da79a438a96f9758", 0x2d}, 0x80)
sendmsg$NFC_CMD_DEV_UP(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000400)={&(0x7f0000000340)={0x24, 0x0, 0x200, 0x70bd2d, 0x25dfdbfe, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r4}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r6}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000004}, 0x20000000)
r7 = socket$kcm(0x10, 0x2, 0x0)
r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TIOCGPGRP(r8, 0x540f, &(0x7f0000000140))
fcntl$setflags(r3, 0x2, 0xda1bbcf2caa2938d)
ioctl$TIOCSETD(r8, 0x5423, &(0x7f0000000100)=0x1)
ioctl$TCSETS(r8, 0x89f2, &(0x7f00000011c0)={0x6, 0xffff, 0x0, 0xd, 0x0, "5dee000000594000"})
r9 = socket$inet6_sctp(0xa, 0x1, 0x84)
prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r2)
sendmmsg$inet6(r9, &(0x7f00000003c0)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback, 0x280020}, 0x1c, &(0x7f0000001640)=[{&(0x7f00000000c0)="d2", 0x1}], 0x1}}], 0x1, 0x8080)
write$cgroup_subtree(r7, &(0x7f0000000a80)=ANY=[@ANYBLOB="563f00001800599c6d0e00009bd029ef8020ab0700f2000523a6"], 0xfe33)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x462040, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xffffffffffffffff, 0x0, 0xfffffffffffffffd, 0x1000000ffe, 0x46}, 0x0, &(0x7f0000000000)={0x3ff, 0x7, 0x0, 0x9, 0x1, 0xd, 0x80000002}, 0x0, 0x0)

2m37.701093409s ago: executing program 1 (id=505):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, 0x0, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x2, 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_QUERY(0xffffffffffffffff, 0xc01864cb, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
gettid()
r2 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, 0x0, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r2, 0xc0502100, &(0x7f0000000100))
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10)
socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240))
dup(0xffffffffffffffff)
io_setup(0x42000001, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB, @ANYRESDEC], 0x34}, 0x1, 0x0, 0x0, 0x20048037}, 0x90)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x18, 0xf, &(0x7f0000000200)=ANY=[@ANYRESDEC, @ANYRES32, @ANYBLOB="0000004e0b422300000000feffffffffff0000a6510ee2e5b93618ac094524176726"], 0x0, 0x80000007, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.idle_time\x00', 0x275a, 0x0)
write$binfmt_misc(r4, &(0x7f0000000640)="d25c8bc170b2a045b1eff7fba5eb87bfb6cd003471fcafee983a105f2ac29ced923b6f8addb30b9b6d8c58eb1ae2b29a649bd5ad0b962a5d23e22dce89703b47558a17b871edd22bc543a9c1b3f323e18e1365b9541918feeaa136de71790f47f2a691070074b42215c36824624a3c55f2c96144fb1e7ab70e9a1d1e0db424466f567eb4f1b9ed78de0e7bba7f8d21e51e0befd243700a50ecbdf0c7ba69fd66aaa9255e5641453a92f435e7c3938bfcaccbc1317f6a16423ef7ccbd620fe0b1f9", 0xc1)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000010400)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast6-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
socket$xdp(0x2c, 0x3, 0x0)

2m37.109826438s ago: executing program 1 (id=507):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r3, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000700)=ANY=[@ANYBLOB="b4050000200080006110600000000000c60000000000000095000000000000009f33ef60916e6e893f1eeb0be20000d072f5b89c3043c47c896ce0bc8731fa595b6b4d45ef26dcca5582054d54d53cd2b685b431c70ea948259c4c869b4fc8db714e4b94bdae214fa68a051d4dca7d2647bec1fc89398d2b9000f224891060017c4700de60beac671e8e8f00cb03588aa6007e71f871ab5c2ff88afc6002084e5b52710aeee835cf0d78e45f70983826fb8579c1fb47d2c59005cff414ed55b0d18a9d446935fb332bb593ee341ab59016f81860324b800c00000000000092d9c5fe34ccb80a61ffcb3363073fd8962823ee45f5d7394e9510f4ac6c702cfabe8a9c55c8dafcdb110036e14c1035cafdfef6a358cbfadb3579a285580a3c080d4e0a48d7bdc38a0437c8c1b3aa408a0000000000002248950b000000"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="12000000040000000400000012"], 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000ac0)=ANY=[@ANYRES32=r4, @ANYBLOB='&'], 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000048c0)={r5, &(0x7f00000047c0), &(0x7f0000004880)=@udp=r3}, 0x20)
recvmmsg(r3, &(0x7f0000000b80)=[{{0x0, 0xffffffffffffff6c, 0x0, 0x0, 0x0, 0x52}, 0xa}], 0x360, 0x120, 0x0)

2m35.693566247s ago: executing program 1 (id=515):
r0 = socket$netlink(0x10, 0x3, 0x0)
sync()
sync()
r1 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$XFS_IOC_START_COMMIT(r1, 0x80585882, &(0x7f0000000100)={<r2=>0xffffffffffffffff})
ioctl$SNAPSHOT_PLATFORM_SUPPORT(r2, 0x330f, 0x0)
connect$bt_l2cap(0xffffffffffffffff, &(0x7f0000000080)={0x1f, 0x0, @any, 0x7ff}, 0xffffffffffffff34)
ioctl$sock_bt_hidp_HIDPCONNADD(r1, 0x400448c8, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x0, 0x0, 0x48, 0x1, 0x5, 0x8, 0x8, 0x925ea333854d988e, 0x2, 'syz0\x00'})
ioctl$sock_bt_hidp_HIDPGETCONNLIST(r1, 0x800448d2, &(0x7f0000000000)={0x1, &(0x7f0000001880)=[{@fixed}]})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[], 0x44}}, 0x0)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000180), r0)
sendmsg$TIPC_NL_BEARER_ENABLE(r2, &(0x7f0000000680)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000640)={&(0x7f0000000340)={0x2fc, r3, 0x200, 0x70bd26, 0x25dfdbfc, {}, [@TIPC_NLA_NODE={0x6c, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ID={0x59, 0x3, "4640374e489f71b4aca7e52d071bf589b6132d9988e7f4e0ec4a2c751d18c28e0c2351583c39613c5e8db8f7956bd5b5d8f6895749498ac31a1a7c7631f06258dff1a3b9af4118f5c7f1435f9d06804c881572059a"}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x200}, @TIPC_NLA_NODE_KEY_MASTER={0x4}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0xc}, @TIPC_NLA_NODE_KEY={0x4b, 0x4, {'gcm(aes)\x00', 0x23, "4de25514c43b64122bd6b7b67c8a449af9e05a9e769e7040369238847fed13bb3a2079"}}, @TIPC_NLA_NODE_KEY={0x42, 0x4, {'gcm(aes)\x00', 0x1a, "64084af4cba2638a6a2c91de6ee747471272a4977926ade5c60a"}}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x8001}]}, @TIPC_NLA_MON={0xc, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x44f5}]}, @TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x54}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x9}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x9}]}, @TIPC_NLA_MEDIA={0x8c, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xef4d}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x19}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xd0}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffffffb}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xe}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xae0}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffffff8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1f}]}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}]}, @TIPC_NLA_PUBL={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xa10c}]}, @TIPC_NLA_MEDIA={0x88, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x20}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7e4}]}, @TIPC_NLA_MEDIA_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4c6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffff0970}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xf95}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}]}]}, @TIPC_NLA_NET={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x4941b3d5}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x8000000000000000}]}, @TIPC_NLA_MEDIA={0x74, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1b}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfad}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x400}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xb76}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xd1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffffffd}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}]}]}]}, 0x2fc}, 0x1, 0x0, 0x0, 0x4080}, 0x24000000)

2m20.639725828s ago: executing program 32 (id=515):
r0 = socket$netlink(0x10, 0x3, 0x0)
sync()
sync()
r1 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$XFS_IOC_START_COMMIT(r1, 0x80585882, &(0x7f0000000100)={<r2=>0xffffffffffffffff})
ioctl$SNAPSHOT_PLATFORM_SUPPORT(r2, 0x330f, 0x0)
connect$bt_l2cap(0xffffffffffffffff, &(0x7f0000000080)={0x1f, 0x0, @any, 0x7ff}, 0xffffffffffffff34)
ioctl$sock_bt_hidp_HIDPCONNADD(r1, 0x400448c8, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x0, 0x0, 0x48, 0x1, 0x5, 0x8, 0x8, 0x925ea333854d988e, 0x2, 'syz0\x00'})
ioctl$sock_bt_hidp_HIDPGETCONNLIST(r1, 0x800448d2, &(0x7f0000000000)={0x1, &(0x7f0000001880)=[{@fixed}]})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[], 0x44}}, 0x0)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000180), r0)
sendmsg$TIPC_NL_BEARER_ENABLE(r2, &(0x7f0000000680)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000640)={&(0x7f0000000340)={0x2fc, r3, 0x200, 0x70bd26, 0x25dfdbfc, {}, [@TIPC_NLA_NODE={0x6c, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ID={0x59, 0x3, "4640374e489f71b4aca7e52d071bf589b6132d9988e7f4e0ec4a2c751d18c28e0c2351583c39613c5e8db8f7956bd5b5d8f6895749498ac31a1a7c7631f06258dff1a3b9af4118f5c7f1435f9d06804c881572059a"}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x200}, @TIPC_NLA_NODE_KEY_MASTER={0x4}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0xc}, @TIPC_NLA_NODE_KEY={0x4b, 0x4, {'gcm(aes)\x00', 0x23, "4de25514c43b64122bd6b7b67c8a449af9e05a9e769e7040369238847fed13bb3a2079"}}, @TIPC_NLA_NODE_KEY={0x42, 0x4, {'gcm(aes)\x00', 0x1a, "64084af4cba2638a6a2c91de6ee747471272a4977926ade5c60a"}}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x8001}]}, @TIPC_NLA_MON={0xc, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x44f5}]}, @TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x54}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x9}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x9}]}, @TIPC_NLA_MEDIA={0x8c, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xef4d}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x19}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xd0}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffffffb}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xe}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xae0}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffffff8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1f}]}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}]}, @TIPC_NLA_PUBL={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xa10c}]}, @TIPC_NLA_MEDIA={0x88, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x20}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7e4}]}, @TIPC_NLA_MEDIA_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4c6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffff0970}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xf95}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}]}]}, @TIPC_NLA_NET={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x4941b3d5}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x8000000000000000}]}, @TIPC_NLA_MEDIA={0x74, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1b}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfad}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x400}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xb76}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xd1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffffffd}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}]}]}]}, 0x2fc}, 0x1, 0x0, 0x0, 0x4080}, 0x24000000)

12.007646414s ago: executing program 5 (id=976):
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0)
close(r0)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', &(0x7f0000000140)={0x474082, 0x5c, 0x8}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x21, &(0x7f0000000000), &(0x7f0000000080)='GPL\x00', 0x5, 0xd3, &(0x7f0000000740)=""/211, 0x0, 0x10, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x6}, 0x94)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000600)={&(0x7f00000022c0)=@newtfilter={0x34, 0x2c, 0x8, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0x6, 0xffff}, {0xffff, 0x4}, {0x6, 0x3}}, [@TCA_CHAIN={0x8, 0xb, 0x7fff}, @TCA_CHAIN={0x8, 0xb, 0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x400dc}, 0x4000080)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6)
r1 = syz_open_dev$MSR(&(0x7f0000000140), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
sendmmsg$inet(r2, &(0x7f0000000c40)=[{{&(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x23, 0x0}}], 0x1e1730a30afb6559, 0x8014)
connect$llc(r2, &(0x7f00000000c0)={0x1a, 0x321, 0x40, 0x6, 0x81, 0x3, @random="3050e9ae9a3c"}, 0x10)
accept4$llc(r2, 0x0, 0x0, 0x80000)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r3, &(0x7f0000000100)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r3, 0x0)
ioctl$PPPIOCGDEBUG(r3, 0x80047441, &(0x7f00000000c0))
clock_gettime(0x0, &(0x7f0000000080))
r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080)={<r5=>0xffffffffffffffff}, 0x2, 0x6}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r4, &(0x7f0000000580)={0xe, 0x18, 0xfa00, @id_resuseaddr={0x0, r5}}, 0x20)
write$RDMA_USER_CM_CMD_LISTEN(r4, 0x0, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB=' \x00\x00', @ANYRES16=r7], 0x20}, 0x1, 0x0, 0x0, 0x4000040}, 0x4)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), r6)

9.616215325s ago: executing program 3 (id=985):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="5800000002060102000034e40000000004000008050005000a000000050001000600000005000400000000000900020073797a310000000011000300686173"], 0x58}, 0x1, 0x0, 0x0, 0x81}, 0x0)
r1 = syz_open_dev$tty20(0xc, 0x4, 0x0)
pipe2(&(0x7f0000000340)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
r3 = epoll_create1(0x0)
sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0}, 0x4004015)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_tracing={0x1a, 0x38, 0x0, 0x0, 0x2, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, 0x1c, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xf475, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x40000000}, 0x94)
socket$unix(0x1, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x400000000008d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = fsopen(&(0x7f0000000000)='tracefs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r7, 0x1, &(0x7f0000000580)='gid', &(0x7f0000000440)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xeaEb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80Y\xc2\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\xf8\xc9@h\x01\xf5\xcb\x88\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9a\x84\'\xa3\xf1\xd9<\xb9k\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000140))
fcntl$setpipe(r2, 0x407, 0x0)
write$FUSE_ENTRY(r2, &(0x7f00000024c0)={0x90, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0xffff, 0x0, 0x0, 0x20000000000007f, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x2}}}, 0x90)
ioctl$TCFLSH(r1, 0x5608, 0x3f)

7.909872783s ago: executing program 3 (id=990):
syz_open_dev$video(&(0x7f0000000000), 0x9, 0x1e3a00)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ff4000/0xa000)=nil, &(0x7f000068c000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f000068a000/0xa000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f000068c000/0xc000)=nil, &(0x7f0000817000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r0 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1})
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0x3, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x80000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="16"], 0x50)
io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0)
r1 = socket(0x5, 0x4, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(r2, 0x8916, &(0x7f0000000000)={@private2})
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet6_mreq(r4, 0x29, 0x1b, &(0x7f0000000040)={@private2}, 0x14)
r5 = socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r5, 0x0, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001300)=@newtfilter={0x7c, 0x2c, 0xd27, 0x170bd25, 0x25dfdbf9, {0x0, 0x0, 0x0, r6, {0xfff1, 0xa}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_bpf={{0x8}, {0x50, 0x2, [@TCA_BPF_OPS={{0x6}, {0x4}}, @TCA_BPF_POLICE={0x40, 0x2, [@TCA_POLICE_TBF={0x3c, 0x1, {0x80000001, 0x20000000, 0x2, 0x40000005, 0x5, {0xfd, 0x1, 0xfffc, 0xd, 0x2}, {0x4, 0x1, 0xdef8, 0xee4a, 0x3c, 0x8}, 0x8, 0x3, 0x3}}]}]}}]}, 0x7c}, 0x1, 0x0, 0x0, 0x8848}, 0x20004000)
setsockopt$inet_tcp_int(r1, 0x11d, 0x8, 0x0, 0x0)
connect$inet(r1, 0x0, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r7, 0x0, 0x0)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, 0x0, 0x240000d0)
openat$tun(0xffffffffffffff9c, 0x0, 0x20400, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)

7.637255711s ago: executing program 2 (id=991):
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000180)={0x2, &(0x7f00000000c0)=[{0x7, 0x6, 0x7, 0x10001}, {0x0, 0x1, 0xf3, 0x101}]})
socket$inet6(0xa, 0x80001, 0x0)
socket$netlink(0x10, 0x3, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
socket$rds(0x15, 0x5, 0x0)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, 0x0, &(0x7f0000000140))
unshare(0x64000600)
syz_usb_connect$lan78xx(0x0, 0x3f, &(0x7f0000000440)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0x424, 0x7850, 0x0, 0x1, 0x2, 0x3, 0x35, [{{0x9, 0x2, 0x2d}}]}}, 0x0)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r0, 0x84, 0x7a, &(0x7f0000000340)={0x0, @in={{0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xb}}}}, &(0x7f0000000040)=0x84)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='map_files\x00')
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7ffc0000}]})
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0)
unshare(0x6020480)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000080)=0xf7)
fsopen(&(0x7f0000000300)='hpfs\x00', 0x1)
getdents(r2, &(0x7f0000000500)=""/198, 0xc6)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)

7.480384586s ago: executing program 5 (id=992):
r0 = socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
mount(&(0x7f0000000000)=@loop={'/dev/loop', 0x0}, &(0x7f0000000080)='./cgroup\x00', &(0x7f00000000c0)='btrfs\x00', 0x418, &(0x7f0000000100)='barrier')
syz_emit_ethernet(0x4e, &(0x7f0000000000)=ANY=[@ANYBLOB="0180c20000000180c200000086dd6020080000183afffe8000000000000000100000000000bbff000000000000000000000000000001860090780000600000000000000000000201fe906d17efe3"], 0x0)
pipe(&(0x7f0000000300)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r4, &(0x7f00000001c0)={0xa, 0x8000002, 0x2004}, 0x1c)
sendto$inet6(r4, 0x0, 0x0, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c)
sendto$inet6(r4, &(0x7f0000000080)="44f9", 0x2, 0x1, 0x0, 0x0)
splice(r4, 0x0, r3, 0x0, 0x446f410, 0x0)
r5 = epoll_create(0x2)
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000040)={0x2002})
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r6, 0x29, 0x1b, &(0x7f00000000c0)={@remote={0xfe, 0x80, '\x00', 0xffffffffffffffff}}, 0x20)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
setrlimit(0x4, &(0x7f0000000280)={0x4, 0x7fffffffffffffff})
getsockopt$sock_int(r7, 0x1, 0x1e, 0x0, &(0x7f0000000680))
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000080)=<r8=>0x0)
prlimit64(r8, 0xf, &(0x7f0000000200)={0x3, 0x7}, &(0x7f0000000240))
setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14)
r9 = openat(r2, &(0x7f0000000380)='\x00', 0x101400, 0xee)
fchown(r9, 0x0, 0xee01)

7.375767014s ago: executing program 3 (id=993):
r0 = socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
mount(&(0x7f0000000000)=@loop={'/dev/loop', 0x0}, &(0x7f0000000080)='./cgroup\x00', &(0x7f00000000c0)='btrfs\x00', 0x418, &(0x7f0000000100)='barrier')
syz_emit_ethernet(0x4e, &(0x7f0000000000)=ANY=[@ANYBLOB="0180c20000000180c200000086dd6020080000183afffe8000000000000000100000000000bbff000000000000000000000000000001860090780000600000000000000000000201fe906d17efe3"], 0x0)
pipe(&(0x7f0000000300)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r4, &(0x7f00000001c0)={0xa, 0x8000002, 0x2004}, 0x1c)
sendto$inet6(r4, 0x0, 0x0, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c)
sendto$inet6(r4, &(0x7f0000000080)="44f9", 0x2, 0x1, 0x0, 0x0)
splice(r4, 0x0, r3, 0x0, 0x446f410, 0x0)
r5 = epoll_create(0x2)
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000040)={0x2002})
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r6, 0x29, 0x1b, &(0x7f00000000c0)={@remote={0xfe, 0x80, '\x00', 0xffffffffffffffff}}, 0x20)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
setrlimit(0x4, &(0x7f0000000280)={0x4, 0x7fffffffffffffff})
getsockopt$sock_int(r7, 0x1, 0x1e, 0x0, &(0x7f0000000680))
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000080)=<r8=>0x0)
prlimit64(r8, 0xf, &(0x7f0000000200)={0x3, 0x7}, &(0x7f0000000240))
socket$inet6_tcp(0xa, 0x1, 0x0)
r9 = openat(r2, &(0x7f0000000380)='\x00', 0x101400, 0xee)
fchown(r9, 0x0, 0xee01)

6.965547165s ago: executing program 5 (id=995):
socket(0x10, 0x2, 0x0)
close(0x3)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
write$FUSE_NOTIFY_DELETE(0xffffffffffffffff, &(0x7f0000000080)={0x2c, 0x6, 0x0, {0x2, 0x1, 0x3, 0x0, 'tls'}}, 0x2c)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x7, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
r1 = syz_usb_connect$uac2(0x5, 0x83, &(0x7f0000000140)=ANY=[@ANYBLOB="120100020000000882052500400001020301090271000301f81005080b020001052008090400000001012000092401fdff0a11004708240a0000057f000904010000010220000904010101010220000905010940000204d80825010230cc00000904020000010220000904020101010220000905820900040d0700082501010f041000e48a1b7372bed4ee26325555d640e03f6c89834eb8a3d9b5a2fd2330ac778e6d0516ad55f0d824500fcd92370d54f93fbdeef2eec2d011b8c9f7545864289360b0a9b54327469d49b3894c6b835297800f453f1625d8ef8da3d5892f54c77f86ded7566e9b62a9fc639fb499c2d8f1bad06c09"], 0x0)
syz_usb_control_io$uac2(r1, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="0003040000000403"]}, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
userfaultfd(0x80801)
syz_emit_ethernet(0xfdef, &(0x7f0000001180)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb86dd606410a60f510000fc020000000000000000000000000001fe8000000000000000000000000000aa8400000000000000223427d5c9a46b9fa14172170a013589317d2af31ba55431762f462a5abc3f46494ee91bfca594d52f8c3785143e92da5d2d81edc09f68f122fbf741257bf1319408347a17c89212dfe27a0fc65362487e5afe673f0954f60d9d08b61276ce0b3aa520b5f30a9f52c4aa53fc003f8570383ca63530d93b78a7875338b3d7645ef2c24ab05db63cfdcde7b3cac2248c9d1c73d0d4382b3f520ad6e9be698eaa9bf5b939ce09919c9485c4725690ee2483315829a196f85a5ae552ebe19a2d6768ce2a6bf60fbb53104c7919b7cf28fa555fc9460df11e72eddebb2fc4eb6f83b16e0d65307e4210dfc209f0c68df65b57f420fd215546b798af6b6ab7bfb2fe6bd6142f877852717370b1ca39d199c149c3ead97c4e16229ce4c08a111a0fc64651c21e9174dd72442a9ae2a42d9433c7b54c8dd4b59203f9a2e227e9b043eb430e606cf98f3428ac8511948dd553bc0728c0626fbda71bd2a1d734d605e27bdb0be93b7b91284689e31fccb70c15f2c39da9011c84d36fe4b4b36ff26e45a34685fc638dbdaa068a3d3d4f5d44b74afc0fc7956e5fcc3fe405ac6d292d1d90f257f18fe14a3192d28ed369956aa2f91f9fee773cf7fb5d90705347eeadc1af86de78a498fa1a20e5b3f481a0595769654d969299506d8ffbc172a7fb9453a8a3787e80b167936863f2cc16c1d03481bd40e1abcf87a292559771572136932bf30e48174012a1d4d5f138f93140af2ceb9c821c7966ea7592d762975b5b33ef141b6b91eb388c91b924945c3231d0f299adb5a36e0c95a17872e7ebf0bc0e33baf5c46f9e2087b77bad0794d519ce7bc8674a70f3545d020454ded22f164185df3b4f952b132947b75333993fd73a6bac5836dd5720e559bcb82a4926734c5c3b1287c5fec219a99f71eb398430001f007306e9232c269c2886357f75d935e8de054341ac36f1df1fc77fbc357d90660f4d5658cfeb9e289f70968a7c0b38ae34c4bfa46b47964e223ac34f472e3231e8c285add5713592c76c062c3477beb55b279846f04f8d6a5ce2743c6a2020f0c5164953b8dca7e57239dc8a7f507bcf77767ab0b4602437171a09c8e80f5a165c4c37eaae386cfcb927dd1a935fa717fa1608792b34bafbc20cf11a678455894ede62788309ab7a7075535847a2b48260a613e521b01d75648263ad78e6176528dbf3e6c4e4d72066e617be5387183a51dd97d2e846c5d173b51e17a4c8d78a49c914cbe44236c52c78de45b44f9d80bc6f77c75135922a84579bce77baa71311889f5b7b90c5124b8298d5e9c81c442d60df00795854d3213a1ac254c8963c109f68b3ff5451c381f6fb56c116f86b71f988d1e9f732280cbf3d4e9791fefc4bdec5dc293fb77b02d5aab6bd8cd179b7e425126b7f78c0d004bc6470ecc2bbc422bd06a6bd8f717009509e6a88b01347b7a62b9dea6f7a7446a371f422499a6e66eeb6a7b0beb4a86a61f875a9bfe0f5d5f0d0e4c85852afaea97d74ebc80d6491a8a1c998c4b5bc34b3edaeba2df902cd5e14e016720e6c3c8b15287b2471c34251e26dc442720cd5d984e30b110b7370f233f865b9ac129fdf49ff02b303d7d4f91039d3bb58a9d64d7a72d8b8eba6b45a000370d4f0e9c0d411768441372e7112e5d4e7d70a9d6b428b8b85ee6209d6f73e7b024740c052166deeb843e4ab78d1d354d75a5827ff0d49d8964e75785f3594c7299c0917b48f3b2efb81a4c3a7d6e0f1cf50efe0360963c2e3ee390ed2a4c39f42e856eced0f2ee7beacd2ecbece493e911ca0460584323ea6d4a0c00864693c979cae38f0c5841bfaeebf609d1075163c120fea0bd0207d2dd07e5e2e0a5afe3efee0ee6bb9a926a8dba7a27a82c5421a5b20bfb5dbdef532a12435fcd899f15603209831711e0dcfaaf2104b2016f087fce44848c70b65a34b9be83df2064391fc5a8d169dc1943d226e57ab5ba06c656273d4efba73a8a61aae19df4d2445f3ce7e649af1b4ffc86106c9092ddd0aafeb45653d181cb32b06a1dd41573495f15c3b8c0019ba72a2eb163dfcbdbb235322ae27d7116af506f295c2424ab9191aa8ce0e4617b212af21983f8d2b19d7fdeec881f6fa448acc7c3e133b6f281583fad4467c05801e69f6ffc1ae2e1f54655534d884c2f8f60303da33ccbe47a293643edb61c7d9fad4e3e54028bc64be8e5b1da53446869b136660b8e96ff96c48641ece275967b27b291c5c240b3399b5b901b699227735f821938bc88ded45bada2b257b1a4bcab7ed6647f2027e5680c87329e9cfdba6bde2f2a9b676be016001702bebbabb2eae3eba01d6f49ab70245a4c5ef0e136b531e1843487b3f69c5b811217d6d2f5e71b47f40c28117bd09a88bb21887a06e2cc164d4281d0df47cbd5781f1524098d89ccae32f24c5f9d86469106685fdc683ad5e873030b621dc00354e0621106da90aca69bb53848dd57251a45bc1898aca9bc84c9a8d2f8aabeed888560771c8cb03aab02620430fec8e9740880790060ccbffd5b8edaa219ca61587eff1b1b03ae8af53059f121efdec8b3ee8aba06f494a5b4575bc848d5a9773d2346f75811cb82a078fc960c9bd374555d78b1b4ba0b438ef00e8aa75810ca5efc5c70936e2cb0e515912cb7f625a2130a9ad58f29e58ae6eac5c3f15f22f0163ee6dead6947c4390b92c8dfb146fec7bfc0b37e8ff2c9de90c30f2d8b5e334107f9835bc47fbc193c60ebd5ac4e677c7fd5b6261ff96e97c185c726ec02941bc2336946f181fd2aff43f0e95f06105a049fcb8e4e3738407d6356856f533f17fae281a3be9f2050ae3d19d1b8350d424087ac9b7875824a9b7e098775b53d6ec960fc052ecd165d17a7897de75f15316a072bb9ccf6ce1ec085bb5356c271b985a437a32f12308fc927410fd444bcded9859e7b8a3cfaaf29ebfb92cc7cbfad2559bbe4f90e189e8708e93827b221869cc78fa41fd5bcb6577b7dfe4c3927dc25a58aa84419f76e71d1f3c10cbb5e52ab2bebe0d39bdffda0fa1b55fe3a03683f882a82dd58498d62b101acd710fd436aa7409fe3cf5352dffb399d560323e14d564bdb3121b89c1f43fc9a892b799cd32f7ce2ededb868920b4547735ef0bf3e148251a4f65dddb7f96b2f33734522a8cffdc51520ac98926b3406e96618cf15a042a67239e755afc70ec6a9c99f8e08ec2946e5901364d85223a63d49572519137d93b6b0798e72acf9da120e706ee73367dec1450a68def886c149bcd734469e10b933899501011cd548e99d638821d5709fde050ab382d4896ecfd7999d40ea9c690c26d396545224c8f9e19705593df2688eb592e2476a0193f7054ab6f703d41c545a80bf285bbc7cc735bd306c9ea5eb64f40752fd4c741d9b6e03cd41b636ef8f5e810047a21c0b24c6fde1f"], 0x0)
r2 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_RES_GET(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x10, 0x1409, 0x4, 0x70bd25, 0x25dfdbff}, 0x10}, 0x1, 0x0, 0x0, 0x40040}, 0x2040884)
setresuid(0xee01, 0xee01, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = getpgid(0x0)
fcntl$setownex(r4, 0xf, &(0x7f0000000140)={0x2, r5})
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
sendmmsg$unix(r3, &(0x7f0000001b80)=[{{0x0, 0x0, &(0x7f0000000200)=[{0x0}], 0x1}}], 0x1, 0x20040015)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000080), 0x4)
r6 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f00000000c0))
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x20, &(0x7f0000000300)=0x4, 0x40)
ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1})
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19)
socket$xdp(0x2c, 0x3, 0x0)
timer_settime(0x0, 0x1, &(0x7f0000000040), 0x0)
ioctl$UFFDIO_COPY(r6, 0xc028aa05, &(0x7f0000000100)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000013000/0x4000)=nil, 0x3000, 0x3})
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000000)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x6}}, './file0\x00'})

6.490587671s ago: executing program 0 (id=996):
ptrace(0x10, 0x0)
sched_setparam(0xffffffffffffffff, &(0x7f0000001200)=0xffffff81)
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x14, 0x0, &(0x7f0000000040)=[@dead_binder_done, @enter_looper, @register_looper], 0x0, 0x0, 0x0})
sendmsg$nl_generic(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000840)={0x28, 0x1e, 0x21, 0x0, 0x0, {0x7}, [@typed={0x5, 0x18, 0x0, 0x0, @str='\x00'}, @typed={0xa, 0x2, 0x0, 0x0, @str='w\xa9\xe2\x00\x00\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x20040000}, 0x0)
syz_usb_connect(0x1, 0x2d, &(0x7f0000000340)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904010001faf40d00090582239f"], 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
epoll_create(0x80)
r2 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47d, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r2, 0xc008561c, &(0x7f0000000040)={0xf0f040, 0x2})
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0xe, &(0x7f0000001b80)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000f0ffffff7a0af0ff0200000079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7050000010000006a0af2fe000000008500000042000000b700000000000010950000000000000000e154cd8445974b26c933f7ffffffffe4fbffffff55bb2007ee51050512b5b42128aa090a79507df79f298129daa7a6b2f91af50342115e17392ac627c87881c000006146001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b85b941092314fd085f028f2ed1a4535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024b7041b1df65b3e1b9bf115646d14ce53d13d0ccacda1ef0900094fa737c28b99938512c816fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271d6d7f4ea6bf97f2f33e2ea2e534300bcb3fdc4b4861004eefbda7f54f82a804da4f85db47a4a69bf9bc5fa96ee293fbd165a5a68488e40b030166565a097b1b44b451de736bb6d43db8db03d4b7745fef1d04ec633dee254a6d491b849a5a787e814c4fd21a18986252a70f8f92eb6f0e8c7db4bf23242a1f2c28159f09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad791fa99dac06b57479321a0574fb30ff0000001989328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85821d0c48fb657c29b309c73f0977e7cde65a82b94c461d7962b0d2277a84af326f37f3e2c25a61ec45c3af97a8f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f47cc180f82c5f573c6d294d3665016ac59dda0fde4745db06753a7ac74a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4aff2066bb5d4045c958559b7dcb98a6273b8c651e24d9f679e4fbe948dfb4cc4a389469608241730459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed6eea7f9c670012be05e7de0940313c5870786554df26236ebced9390cb6941b8375d936a7d2120eca291963eb2d537d8ee4de5c183c960119451c31539b22809e1d7f0cda06a9fa87d64cb77872a2cd8a104e16bb1a2bacf13464ca03aff14a9aa4bd9539f5096412b92012e095b84c20243ff98df3347f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b9d3fa02208d304d455c36300000000022320178b00cc6ed7966130b547dbf8b497af002000000cd1d00000020000000ef19349ee7f31abc11c800000000000000000000000928ee53595a779d243a48cea769470424d28804c04b2c4324ab7f4a5c81921f0128dfd70b438af60b060000000000000056642b49b745f3bf2c4af38ffb7d748308eea09fc361b4735efbf3411718d6ee7aebf9ef679dbfae9fb4a79f8a836801ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd13da202274f20675eb781925441578e93046aaddea8ec4ca37f71c2710a7ea8ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec7ffff35e62f4eeee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e93311ab5009c68c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada201bcbb5c252b28a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6151d79c1cee1cd102e3c8e63e9fba05e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2b485185cc92fe7f791e8f6429309d6adab4b7e508e5bf024ed8f8a005f2bbf96c89739f5cf1e750d50517a59a3ad09e8802e8f4f535447cc0fc9d5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f95d4a31838eeb20c20bb82aa31771cd379ec83554cea5e6539db7384e1f58d81f2f2653c4d9818708e27c89b552d7fcd116bce9c764c714c9402c21d181aac59efb28d4f91652f6750b6ec962802c0320f8059195729d60c534ee8e8ff0755b67fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf000000c42a570f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284db80e4636c25b96174327d82761c26e329555f9290af4100000000000000749efd3763655500344bae34137f5ab0d534b8d63e4ca3b671f2de1cdf519192c6b59a601fd419adc16e2055b85058f793484305d7a1759782e4c571ee855a47bc00edf5e9020c09ab004321610b857e8717764b633b21cb32f0eb3280e09758bd445ab91d20baca005452b79d7b574a247f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92332af00f191b66b6a6f732a91f0e2e9120be61e58c79d497247d278888901d442ad7f8536605a644e9e3d769db497c3960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d09a0a23c2a86abbdf357849a651733e57f31019876026888c8ccb85c86b4f8ffffff7f000000002c331fca0e541b7ca211c28ed61c525708a13d115b43f8b1894c8fa8a14dc4810f61ae96bf704526a8919bc700002100000000000000000001000027c9a46157a3609b6fd9843ee19ec647249a9375de5858818f3c4a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b5143ed3b3dc8c17a23692759ccf5a205311b7ab22532697b861dfb54609fd88e6043bd52ae84c1bb0c8a6c769f952283a1f4e3842edb3d42c68a27ef6a1296dfff4a979369b0e8ebc62887aa46e820a74f91381ccc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e80063bde261fd00000000007271e28ef6806bc8e139c49b91c76bea3858f78fbd8d31330d89069f9648a2ff93060ff073b3a113e47edf76f7d116d2b0976cf2ec447c030931651dd315003b7a6a5433a2bb3c035fc6846abe389b25c988f0bbb889560ae99ec4b227eda2e63a1c31a2c2bd48a822cbe92b6524e0cd8020ecaa34e19e7141d5e221509342bfe7d294d1eb3de6a504a0301f89c2ee627e949c68b3a4a426a9b7d503a26e9a714ee5f72d8805dd1bfbd081f6a5d1f1289dfe14cb9194e26a44fac273461fc5c0e0a33db7f2d43ea8086cf059f40fa2640b6bfb74dd35f5a31059c01517cf4b6641fce9a24b96767b837ca037a1199735c375c705c798e0e208e4a5259d0bfa526b462af45a6eab34000000000000000000000000c4426344ec1a3366515dee221e747f55d7dd02534bc503b9b28277c253e410986bef2111a99cc448d652929f8a67a6a1d3f00dcad91aff428aade3f85714a1d3ef29acd4d49b62339c10c2ec0dac4728288e78980c1184d8223edbccbf9258b7374e79a1f8bf3fb73cfd1e76982f3d899f71e4a9f0ba8c6dbb7bbdfc399847a11921f97eba0ea14c4fed9a71eedb97c02461792e3a49dac16c60c3fcaab222025d78963c3ac899fa8b63f58a30212c9b2d7fe751e2046b78f86e22861b6504c667350244dd6d9189a8b9c45f8aaff9db694811ca86ed978f23eed7459c0382074170cf1e25b0e9ba3d1cc309353eea4cd8ab96bafda393276bdd8d32ead8db9e1b54d2d3d50e2815268fc1a6ec566981bc8ca2a4583f3d40e817433d0f4f25cfe6cc1897449ba5f26a9d66ac73e6f5c401376f23a314e0b9ff997d22f3e34b7524642c248aa813edaa626f000000"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffffaf, 0x10, &(0x7f0000000040)}, 0x3c)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000c40)={r3, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0xfb35, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r4 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
lgetxattr(&(0x7f0000001240)='./file0\x00', &(0x7f0000001280)=@random={'osx.', ':\x00'}, &(0x7f00000012c0)=""/246, 0xf6)
writev(r4, &(0x7f00000001c0)=[{&(0x7f0000000180)="02", 0x1}, {&(0x7f0000000200)="a54dd484770eeede9afe519749e005e5d05742141d98edf5934769e6ff4abd1a1b2edba1121ba1a0e4a7b008c2a1014a6e725360d9150fe3af578f02eed755ee6f9cff057dd84474cf963fe93ce54a4fb678aef1fdfcb6dcda6c564de21cd3350fe1cc19a835348ca6faf1c5a9a90107150f599ea6c76964c2c0ac51976b396e4f18f0d435a0411cba83984353391ad70855ecae75ca217c13890b6e96fdbe63720f7c0d4c2d1fbd70be2da5e13d649b447d3ceaaabc586bfc04d742827da47efc70ff2dfd3710534cbd94d855dd62b0bb68bd71b086031a1fd4f620307e1a2a00864eaf43900180c4b0b14d436dc5291ffc133fbb31e17db7f3f5c7081f74f0951d1db89b3b99dd43274089657c98612567490e06f23c8980510871938d5db5f1cf1c94e0009a9111d0c40d683d7d0e5398587af6d8b5cbfb188aa6e9b63d413d4b7870733f47824591e32328868b65f2af3f67bcfd088de82de92334c59c71557fb457a1860c22149519b4d074f1c26b87bae5e29f07cdb0cb05528bbb0a8732cb73951048f656f4c5de5fc41656dfbd6b302cf7255670b269317bcbeb80a3d4edc42ee4323a43ec16bb606548569b4f7e4778b1cd7284cbd6d6fe62cb7f94ab811be301a66bcf0d31e972a423f4c0b8d6624c5d12570396b231008160e6318cfc00e24e0fb7935b855aa282c5a4993e31c686ace06caddfcd2fe29ad42e98cb92831e9f11aee093ea59aa97c9e65362fda9128d1fe7e70a7cbfce56c53110a004ce583565abed617635fee9bb0e5406e995945bd1cc72c9e6c8fa6f14a420d57e09988ddc04ba1721bdfc8efbbd66ee758646a024af9d82d4a5b92a907e5e691cff699256b6aedbbdb1613123a33670a717fd38b026d64957a9364dbd6a840ad46db92f9fba23fc8b6d186d2c5cee2ee3d33537119365c94826b875d3fa06374c6e1f044c13c60db26faf531060503913d600142f82f0bc9a08b95c387d657c1b97f0ade65a187fbd9c80a864d295a30420c2aa6b0a2d90ba8380dddd9243d8a8ab98ec9f2f11872ff6843a9b35ef8778aa75ad708bcb1d67f4f19f412817a9ba3f12b4cc9edc6c0c731120fe6f7316087d2ddbf87caae56b2cdc283b47e2c4622aa64a9e7333a49f5415abb975ec785d757fdf397fcac25897657d03e60fda5599d8245d5290227a330c67353ec41de8bec4ca6f5abbae0de9c61b03ec53840c2e22823902f2c4c25e0a35c2f2a4c6b32a065ccfe036ffe32e45ee8ed895058c3bf7fdd24238a60d641174cbcbbd1c624f6391e56ab53c863256ceab6d9a39a65346757e93d9f7ad6b4e3e0139ecb577b32a1c0cdafbf4f7d5a375ef82b5cfed6b778721519786d54fd92e4efbe8ed36017990b5b30ae4850f273bb2eb0460169a300ba0c2fef36f1a479734bd4fae09d5a3bd4310e27bb9aac26fba3e0bdc4ba78fa8e7b477e2d9c75939f5dc7896f132f0df26516ab3430bd6dd9f921af432eb7fd347c78adbceddd1001cfc00b926ae88b9a1a109e6d5a0d67592ea01e87940c38e96ccdb501cfa1a2a219d2441a0dc45b9900b315e525dcee096ce0a56a0075ed5784feda507b7808f01574f502e1ebb4269200d6f8491b5cf66d293a8940c606b07bc42ad34e21800fde3df7f9a2096c9ca440b1e6e07d42619eba03c26fbdd4096a081d6f982c0528c125c0fbfedf36b241b16ad9c6695dfbd5fa309b5e04581d3bab5b8a55807c61926f25ce6eaa328aef79aee2f0c9c9698d305bd5af031184bd9b096519d7d5497a01ae7344cd1419e068b461927901a923af49b1d28d9efd0091d94eb69fed2d00a771fb24bbcbe2ad87112eb922492b65b59932de1e0d73a3fd0274fc3b33aaf35361f14f595eadd7558455f4ebaaf9260d4a864bf9a27e9b32938dc5ada71ac81717a92efed341962ea43450d995c533946df80b39012576c773ed1647dcd500ae512d4cde35652233558d2e4e0bcd6e41bb17ad56859b59dc4acc3993d6e44524bf01e13eb99ebd27f9a45995f1ce70cbd35187344f41c5a6786527b6f0964dd0889faebc64c9a514e8ebfbf9ec33edf97683ee26f2c6e16e0d80ca79b58d161255634bb3c15610aba99e7ea47969eae2b7e97dee8766ae69da8524181676255ef680cbe821783001537c8a76b28c131d9c13b7bc250d578fd38b1676591537ff06b4f4845e6caccfd15698edeee5485da658a2ad3dd0fc25f4661c4c1728e9f488f94a772968a4423553777ff6526b4954dba450036acdc69c75fa6e6ef6ce10fde7e077cdd38cb2fe2e39fca95b0b85dbc222297d5e89144c30a9f478f38cbcf38127193b763c21fba4aa7411d606aff17fd53a12a1edcff0336a3e4fdb8d69d425f038e0afbbe849a4c990ecf58463ac531e2a18266c6239b9560c481b90b4d5e115e2cd5ff4eb9bae3205b06d76e34a89059c13e9c88f75646404e9f1a8d2fc587f924d84d7b85656ac176022b640aba63942644d2a4b7ef7bffeb44797d2ec69e2ea7b2bb76040caf26679a5303921663e9fe18b705d70fba89faf83b1e4199ae2ee6e66ceb269a9f474623f1f688a54c94c918a18084a36d7155f71447e1c14f2e5281d5aab08e53fe5a5945935da280c6c0bd6f3bdb74f2b4cb9706419cca9a8c869f3c382282eeefc17829617d2c0657f74de756601a4be1719aa028d71008dee0c2ae59a32f562f31fdea915ffd1af248cdf633e96f7dfee2f052968a130d933e7ea076215e52f152775d8c7f0101fa2b78bd24f761f4260bbb51cac0cdb41f16bbe5500a68a92fbc18bb00eace11a2708442768c8a1e60eeab10bd80087673af1362d1e1ca3a26fc2583363faa9aef53d976122749fea72fbb55775528cd4f2e1117303efd89db1bd25137b24639e322c40d23fc56871f30cc785b8c8c0129369969069397ce584c38d7d2867f7b1d5b54fd4dc432413aa01884174dbc6088aa2b225b196b8eb507f3a63fc5799f38a4bd67725203d0d565bdaf35fc6a6102dd43be8572a31c5edd8cc8df02d7455cdc5c173a70d4ea548114f819cccc744c3dc119e46bcaa929cfc61f7a8d623adcbcf0840da005f417a1bf9d3321f4a48c89d311198920e67c6408a5e8e444590dc9eb5a093e810438e0bf596c6afd097ed76344ed06da00bebcbb74af86e3f04bf5ff4c2a131507f0bef5e48a39fc40a459d3466230d7325f7e4e160fd47e5c179ecef061d5186d1f23b4fc21789ead29fa4f98faac74e30d778802903c870b6ed195d83aedd45d4e5cd5de9e95c4a466b92212c6dde077e325083aac041de6c268d322615ddad71df767c607980e799ff6a9d083b22ef3b83dcc7d8fd1b15186cd7ccfda4a956b7afa8071d40664a847eb60336c7f0229376fb8c1414b5f545f1a944895942c2c165618ab0a79b1062c4248473dd4101b3177720b80be18613e64df429e88d93bfe21e30d013cdd918d5d919b349cf4034f70e753fad6a1ba654af80fec8e7cd5b1136a4941b27ed0dfad06237d8c2d71c5b10920d699715500cbbfb9a50752bc71595ce34cbf8fc1d10da359ef596a4439eea986438853ef89714f072fd1aed51550d0e5a023e2119a963e4411c02709c09681417c227998d9a2b7738f5ba19befc9c952c35ef0a62129b6e6e2a396031a6617d6c96da76615eafb989e51fb41658f35c5bbb57a9095d6caa5032b9700d3437b9d05b233fecc786dbbf7ccb1f6f7749243d2b89e008098e4cd0ed7d370874c4bb7241a3f48cb0bf88330c207215a03e7144dce4d898af8849bdc2c6384794f2eeb328af4cf618140950c70164abb4afc8a593d1fa10b69873a5b09168e42f1c723d27bdb15364bc404ed376cc9690c1f1c4f6437a397a8087e8190aadbb23edc4a4c19f8daac3bc54094517782f2daa923eca20ebd93c2e4a4246fb07b8b3778d671aff96c7ec292b1faf54e81e5f98cdda8382ddf785d83699050b82a391df5b8c9e57cf0db86f1488392c55fe97fefeeab7a2cf7703ce6a47a6a5b6057aa3d78d9a64e3c9b2176e0faf7ab87c20f4aa20fc6ad4cbfe8305dc876835bbfb4a5449a3a11922e63c62c7a1c99b72487409c16a45f5cf81b1067686cb0bf4eab76228059c30dd115701fbae23521cc5c2bea4de8bfa501ed1dbe60103aea46623e94186ab410f15e1be6f8b604817ce1163683400393c60a51c3473b63ce8887c78c5b0a8ea66e87396185f1759088c3639b2937232301967e3084ef61a43921cd6168afb896be2cf19d12aebcc131cbe9e7c3fd1f251df5830215a46da8fa65e62ae205034c227204822cfdabae9d6f457a134e4087c90f5dc74eeef89df2cd4c86b349f29229716c70f70d25693ea367376b47b55c9de1a96ed4b0048a11f39fc6871dcf2cc32ff58baccc26cdb9b38e89376867204a3f7a663a643be4766b968e2a62b637bd0ff0602f764b98ab8f9946687c4cac296da8d7e8a1255a4ea5c8bcbf8f3d38ffb08fa0c209079f8817fd398170ffe53788fc52c351e65088e433f557f54ed490fc85bc0f5c52a07a7c28fa4993fb4ae6bc031f1190b7d8c4f77f1ce8b63ed00c33c64990f91186421bcb9945fa0a0f3e535548395961fcddd37b87b6697fef2ff919aff38b11bba821361b2fb638438f42c8ceca7632361160b61b72b7cd80a65d8b8f722bef29f3f6ef406701a70fb6aaac608c438ceea0649318f5ee6476d28e144afebab861a911ea9cebebed8a3a32f0ed00a2e8d7a81bedb4506322629862223ec04b32f665ba178c6896db62efa7d31afb5d48b204328aff3831d4e5e2dcf0745b88e521dd02493ec757422f94417881b0e7a184b6a148632be46c27321ab52b6ab1010fd93d947436eb87ad75e5550a0a1e6a5e4ac68fd6dfcfad9b06ad69f64a6ed9a85fd38642bb05410ebdc05a4e3293b711541fc1c2345b262aaeace97e3bab47dc60049495c0481336ec1d9a2eb540b86032b83e4bf30808dc25ae73102a6f7b2e5909bec970760f80dc4db879c02e76581ee7b54f86e4c629a1ab28c084cff7af1727963a5b764b938bf820d3cad6f978b1ba834b4af6a71697f00b325101d314b10400bc4f1912650d50bf983a605ff1837773534ba482acb72ccf029bbd641aa39203b0b16f883f581b6538e32df42c5c4ce4f9926ce3fed4f42aff18a60ce6214aac9d4d79b89ef53fa33e635325d8ee2a89fc88b9ea6ca000b16f8ed651e0271ed9b3aae1400909dc8989dc6e3c120279031b9205184adc6b7101d630eb2312d950c73f47eff7db8113a35a86534f14f662b1a5723cfe1dad2089c57d2c63a1ed66293e80074f975684d51f6005958228c05425fd8112e67bbd5d38bde040772ff1bfbcf3ee3f642101366210bf03138cfe16bebf4a9f7d6209c8d612cef0d446e1ffe3822eace6a5ca3a503ca7bba797447ef09a4658c65142b1ccdc5d3c937c54c8465505e669ed38458bb3feb1e82d8cb625ce09415e2600b3244c1c0812ba93a30983e712ee7ffa9a79cef4757a59ad75687ff02f9ce3abd863d257e7234c8c4cfb397b99a88154b742a494ac4ab562a18cb2f08a2c0a8aa2f91bb5cfead9c675e87544249e90eeb21276aefafc15d22917cd44d86c2c1b4ad50e65a2cc1a066cb26d6808f2b0856d5e1fe2f0559cd889f8142dd2d4cbf66f2c40a731525d342909e8a1d040952ed1716702e305e950920daba83a6a4d82ef87206fdfd3169df740acabf6f83b85c77ba21c2b070706d18e698ef5edcd174ca43bb91fd799cfba1bffce085fd7b13c5b8d2422109608165a09", 0x1000}], 0x2)
r5 = syz_open_dev$I2C(&(0x7f00000001c0), 0x0, 0x40080)
ioctl$I2C_RDWR(r5, 0x707, &(0x7f0000000200)={&(0x7f00000016c0)=[{0x2, 0xb401, 0x4, &(0x7f00000000c0)="0cb474bb"}], 0x1})
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
socket(0x2b, 0x80801, 0x1)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000400), 0x8080, 0x0)
openat$6lowpan_control(0xffffff9c, &(0x7f0000000040), 0x2, 0x0)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0)
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
close_range(r6, 0xffffffffffffffff, 0x0)

6.476111582s ago: executing program 4 (id=997):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @multicast1}, 0x10)
setsockopt$inet_tcp_int(r0, 0x6, 0x2, 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_QUERY(0xffffffffffffffff, 0xc01864cb, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
gettid()
r2 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, 0x0, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r2, 0xc0502100, &(0x7f0000000100))
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10)
socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240))
dup(0xffffffffffffffff)
io_setup(0x42000001, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000340)={0x0, 0x34}, 0x1, 0x0, 0x0, 0x20048037}, 0x90)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x18, 0xf, &(0x7f0000000200)=ANY=[@ANYRESDEC, @ANYRES32, @ANYBLOB="0000004e0b422300000000feffffffffff0000a6510ee2e5b93618ac094524176726"], 0x0, 0x80000007, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.idle_time\x00', 0x275a, 0x0)
write$binfmt_misc(r4, &(0x7f0000000640)="d25c8bc170b2a045b1eff7fba5eb87bfb6cd003471fcafee983a105f2ac29ced923b6f8addb30b9b6d8c58eb1ae2b29a649bd5ad0b962a5d23e22dce89703b47558a17b871edd22bc543a9c1b3f323e18e1365b9541918feeaa136de71790f47f2a691070074b42215c36824624a3c55f2c96144fb1e7ab70e9a1d1e0db424466f567eb4f1b9ed78de0e7bba7f8d21e51e0befd243700a50ecbdf0c7ba69fd66aaa9255e5641453a92f435e7c3938bfcaccbc1317f6a16423ef7ccbd620fe0b1f9", 0xc1)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000010400)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast6-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
socket$xdp(0x2c, 0x3, 0x0)

6.038906401s ago: executing program 4 (id=998):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000001300)=@newtfilter={0x34, 0x2c, 0xd27, 0x70bd28, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0x7}, {}, {0xa, 0x1}}, [@filter_kind_options=@f_route={{0xa}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x40010)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r1, 0x8983, &(0x7f00000000c0)={0x6, 'veth1_to_bond\x00', {0x10000}, 0xd})
syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100009690342058200510f6b50102030109021b00020000000009043d0000518e3f000904"], 0x0)

4.724798109s ago: executing program 2 (id=999):
r0 = socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
mount(&(0x7f0000000000)=@loop={'/dev/loop', 0x0}, &(0x7f0000000080)='./cgroup\x00', &(0x7f00000000c0)='btrfs\x00', 0x418, &(0x7f0000000100)='barrier')
syz_emit_ethernet(0x4e, &(0x7f0000000000)=ANY=[@ANYBLOB="0180c20000000180c200000086dd6020080000183afffe8000000000000000100000000000bbff000000000000000000000000000001860090780000600000000000000000000201fe906d17efe3"], 0x0)
pipe(&(0x7f0000000300)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r4, &(0x7f00000001c0)={0xa, 0x8000002, 0x2004}, 0x1c)
sendto$inet6(r4, 0x0, 0x0, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c)
sendto$inet6(r4, &(0x7f0000000080)="44f9", 0x2, 0x1, 0x0, 0x0)
splice(r4, 0x0, r3, 0x0, 0x446f410, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r4, &(0x7f0000000040)={0x2002})
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r5, 0x29, 0x1b, &(0x7f00000000c0)={@remote={0xfe, 0x80, '\x00', 0xffffffffffffffff}}, 0x20)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setrlimit(0x4, &(0x7f0000000280)={0x4, 0x7fffffffffffffff})
getsockopt$sock_int(r6, 0x1, 0x1e, 0x0, &(0x7f0000000680))
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000080)=<r7=>0x0)
prlimit64(r7, 0xf, &(0x7f0000000200)={0x3, 0x7}, &(0x7f0000000240))
socket$inet6_tcp(0xa, 0x1, 0x0)
r8 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$inet6_mreq(r8, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14)
r9 = openat(r2, &(0x7f0000000380)='\x00', 0x101400, 0xee)
fchown(r9, 0x0, 0xee01)
fchmodat(0xffffffffffffff9c, &(0x7f0000000300)='.\x00', 0xffffffd3)

4.645090683s ago: executing program 5 (id=1000):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="5800000002060102000034e40000000004000008050005000a000000050001000600000005000400000000000900020073797a310000000011000300686173"], 0x58}, 0x1, 0x0, 0x0, 0x81}, 0x0)
r1 = syz_open_dev$tty20(0xc, 0x4, 0x0)
pipe2(&(0x7f0000000340)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
r3 = epoll_create1(0x0)
sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0}, 0x4004015)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_tracing={0x1a, 0x38, 0x0, 0x0, 0x2, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, 0x1c, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xf475, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x40000000}, 0x94)
socket$unix(0x1, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x400000000008d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = fsopen(&(0x7f0000000000)='tracefs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r7, 0x1, &(0x7f0000000580)='gid', &(0x7f0000000440)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xeaEb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80Y\xc2\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\xf8\xc9@h\x01\xf5\xcb\x88\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9a\x84\'\xa3\xf1\xd9<\xb9k\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000140))
fcntl$setpipe(r2, 0x407, 0x0)
write$FUSE_ENTRY(r2, &(0x7f00000024c0)={0x90, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0xffff, 0x0, 0x0, 0x20000000000007f, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x2}}}, 0x90)
ioctl$TCFLSH(r1, 0x5608, 0x3f)

3.637715938s ago: executing program 2 (id=1001):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x40080d0)
openat$tun(0xffffffffffffff9c, 0x0, 0x20400, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
socket$packet(0x11, 0x3, 0x300)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x40)
mount$overlay(0x0, &(0x7f0000000000)='./bus\x00', &(0x7f0000000280), 0x0, &(0x7f0000000380))
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
ioctl$KVM_SET_XCRS(r5, 0x4188aea7, &(0x7f0000000ac0)={0x3, 0x6, [{0x6, 0x0, 0xc2}, {0x7, 0x0, 0xfffffffffffff7fa}, {0x7fdf, 0x0, 0x80000401}, {0x5, 0x0, 0x10001}, {0x8}, {0xffffffff, 0x0, 0x6}, {0x7ffffffe, 0x0, 0x6}, {0x1800, 0x0, 0xb}, {0x400, 0x0, 0x401}, {0x9, 0x0, 0x9}, {0x80000000, 0x0, 0x4}, {0x6, 0x0, 0x2}, {0x2, 0x0, 0x1}, {0x3, 0x0, 0x1}, {0x3ff, 0x0, 0xf5}, {0x401, 0x0, 0x85f7}]})

3.582312976s ago: executing program 3 (id=1002):
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0)
close(r0)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', &(0x7f0000000140)={0x474082, 0x5c, 0x8}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x21, &(0x7f0000000000), &(0x7f0000000080)='GPL\x00', 0x5, 0xd3, &(0x7f0000000740)=""/211, 0x0, 0x10, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x6}, 0x94)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000600)={&(0x7f00000022c0)=@newtfilter={0x34, 0x2c, 0x8, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0x6, 0xffff}, {0xffff, 0x4}, {0x6, 0x3}}, [@TCA_CHAIN={0x8, 0xb, 0x7fff}, @TCA_CHAIN={0x8, 0xb, 0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x400dc}, 0x4000080)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6)
r1 = syz_open_dev$MSR(&(0x7f0000000140), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
sendmmsg$inet(r2, &(0x7f0000000c40)=[{{&(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x23, 0x0}}], 0x1e1730a30afb6559, 0x8014)
connect$llc(r2, &(0x7f00000000c0)={0x1a, 0x321, 0x40, 0x6, 0x81, 0x3, @random="3050e9ae9a3c"}, 0x10)
accept4$llc(r2, 0x0, 0x0, 0x80000)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r3, &(0x7f0000000100)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r3, 0x0)
ioctl$PPPIOCGDEBUG(r3, 0x80047441, &(0x7f00000000c0))
clock_gettime(0x0, &(0x7f0000000080))
r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080)={<r5=>0xffffffffffffffff}, 0x2, 0x6}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r4, &(0x7f0000000580)={0xe, 0x18, 0xfa00, @id_resuseaddr={0x0, r5}}, 0x20)
write$RDMA_USER_CM_CMD_LISTEN(r4, 0x0, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB=' \x00\x00', @ANYRES16=r7], 0x20}, 0x1, 0x0, 0x0, 0x4000040}, 0x4)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), r6)

3.071665408s ago: executing program 4 (id=1003):
r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) (async)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
fchdir(r1)
r2 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80)
recvmsg(r2, &(0x7f00000006c0)={&(0x7f0000000480)=@tipc, 0x80, &(0x7f0000000680)=[{&(0x7f0000000500)=""/224, 0xe0}, {&(0x7f0000000600)=""/76, 0x4c}], 0x2}, 0x22) (async)
recvmsg(r2, &(0x7f00000006c0)={&(0x7f0000000480)=@tipc, 0x80, &(0x7f0000000680)=[{&(0x7f0000000500)=""/224, 0xe0}, {&(0x7f0000000600)=""/76, 0x4c}], 0x2}, 0x22)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x1c1040, 0x0)
setsockopt$pppl2tp_PPPOL2TP_SO_REORDERTO(r1, 0x111, 0x5, 0x897, 0x4)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000e80)='./bus\x00', 0x1c1002, 0x40)
write(r4, &(0x7f0000004200)='t', 0x1)
sendfile(r4, r3, 0x0, 0x7fffffff) (async)
sendfile(r4, r3, 0x0, 0x7fffffff)
ftruncate(r2, 0x2007ffb) (async)
ftruncate(r2, 0x2007ffb)
sendfile(r2, r2, 0x0, 0x1000000201005)

3.033281481s ago: executing program 5 (id=1004):
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="140000"], 0x50)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, 0x0, 0x0)
bind$bt_l2cap(0xffffffffffffffff, &(0x7f00000002c0)={0x1f, 0x0, @any, 0x81}, 0xe)
connect$bt_l2cap(0xffffffffffffffff, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
socket(0x2, 0x80805, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
syz_open_dev$sndpcmc(&(0x7f0000000000), 0x0, 0x20101)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x8002, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0xc)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000000), 0x100000040, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x20, 0x3, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000013207c4429494b46f78fcc4946c27d260769e58cebe28b3a3f9113f3775a32109a881c37d52489826fcd6b259251c1b4a814239a3e9307759ed3df24b4411f44603af6156372c90725d4920d040032fa0f75066b7bf00946c162f30507f2448d5c1d424d53fc5e1c68de0f6cc9a1d4d2a2ff73ca27471b06dd05ff0b4e8e94bac28a8e414343042687d121c4e6d241707f7bf572faa0bde8694fe5e56fac64c8fe29c3dfef17fffe09724551bd95af0d56e38a468c584ca14de5029a7aa6515ef7d43014c7efb8b5c4cf92e0580093f87ea5605113ba035d73a07c4a3fc20f000000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ee}, 0x94)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='new default user:syz 0000096'], 0x2a, 0xfffffffffffffff9)
add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe)

2.973438484s ago: executing program 0 (id=1005):
r0 = socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
mount(&(0x7f0000000000)=@loop={'/dev/loop', 0x0}, &(0x7f0000000080)='./cgroup\x00', &(0x7f00000000c0)='btrfs\x00', 0x418, &(0x7f0000000100)='barrier')
syz_emit_ethernet(0x4e, &(0x7f0000000000)=ANY=[@ANYBLOB="0180c20000000180c200000086dd6020080000183afffe8000000000000000100000000000bbff000000000000000000000000000001860090780000600000000000000000000201fe906d17efe3"], 0x0)
pipe(&(0x7f0000000300)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r4, &(0x7f00000001c0)={0xa, 0x8000002, 0x2004}, 0x1c)
sendto$inet6(r4, 0x0, 0x0, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c)
sendto$inet6(r4, &(0x7f0000000080)="44f9", 0x2, 0x1, 0x0, 0x0)
splice(r4, 0x0, r3, 0x0, 0x446f410, 0x0)
r5 = epoll_create(0x2)
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000040)={0x2002})
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r6, 0x29, 0x1b, &(0x7f00000000c0)={@remote={0xfe, 0x80, '\x00', 0xffffffffffffffff}}, 0x20)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
setrlimit(0x4, &(0x7f0000000280)={0x4, 0x7fffffffffffffff})
getsockopt$sock_int(r7, 0x1, 0x1e, 0x0, &(0x7f0000000680))
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000080)=<r8=>0x0)
prlimit64(r8, 0xf, &(0x7f0000000200)={0x3, 0x7}, &(0x7f0000000240))
setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14)
r9 = openat(r2, &(0x7f0000000380)='\x00', 0x101400, 0xee)
fchown(r9, 0x0, 0xee01)

2.908555156s ago: executing program 3 (id=1006):
open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x2)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={<r0=>0xffffffffffffffff})
pipe2$9p(&(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000004500), 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_9p2000}]}})
write$P9_RVERSION(r2, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x15)

2.357209314s ago: executing program 2 (id=1007):
r0 = socket$key(0xf, 0x3, 0x2)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x6c41, 0x1d8)
flock(r1, 0x2)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1)
r3 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x10a)
flock(r3, 0x2)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r4=>0x0)
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
flock(r2, 0x1)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r4, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
flock(r3, 0x1)
close(0x3)
sendmsg$key(r0, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="020d0000020000002cbd700000000200"], 0x10}}, 0x40)
socket$nl_xfrm(0x10, 0x3, 0x6)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040e0b080510"], 0xe)
close(r2)

2.332579115s ago: executing program 0 (id=1008):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @multicast1}, 0x10)
setsockopt$inet_tcp_int(r0, 0x6, 0x2, 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_QUERY(0xffffffffffffffff, 0xc01864cb, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
gettid()
r2 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, 0x0, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r2, 0xc0502100, &(0x7f0000000100))
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10)
socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240))
dup(0xffffffffffffffff)
io_setup(0x42000001, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000340)={0x0, 0x34}, 0x1, 0x0, 0x0, 0x20048037}, 0x90)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x18, 0xf, &(0x7f0000000200)=ANY=[@ANYRESDEC, @ANYRES32, @ANYBLOB="0000004e0b422300000000feffffffffff0000a6510ee2e5b93618ac094524176726"], 0x0, 0x80000007, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.idle_time\x00', 0x275a, 0x0)
write$binfmt_misc(r4, &(0x7f0000000640)="d25c8bc170b2a045b1eff7fba5eb87bfb6cd003471fcafee983a105f2ac29ced923b6f8addb30b9b6d8c58eb1ae2b29a649bd5ad0b962a5d23e22dce89703b47558a17b871edd22bc543a9c1b3f323e18e1365b9541918feeaa136de71790f47f2a691070074b42215c36824624a3c55f2c96144fb1e7ab70e9a1d1e0db424466f567eb4f1b9ed78de0e7bba7f8d21e51e0befd243700a50ecbdf0c7ba69fd66aaa9255e5641453a92f435e7c3938bfcaccbc1317f6a16423ef7ccbd620fe0b1f9", 0xc1)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000010400)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast6-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
socket$xdp(0x2c, 0x3, 0x0)

2.273461445s ago: executing program 4 (id=1009):
r0 = socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
mount(&(0x7f0000000000)=@loop={'/dev/loop', 0x0}, &(0x7f0000000080)='./cgroup\x00', &(0x7f00000000c0)='btrfs\x00', 0x418, &(0x7f0000000100)='barrier')
syz_emit_ethernet(0x4e, &(0x7f0000000000)=ANY=[@ANYBLOB="0180c20000000180c200000086dd6020080000183afffe8000000000000000100000000000bbff000000000000000000000000000001860090780000600000000000000000000201fe906d17efe3"], 0x0)
pipe(&(0x7f0000000300)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r4, &(0x7f00000001c0)={0xa, 0x8000002, 0x2004}, 0x1c)
sendto$inet6(r4, 0x0, 0x0, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c)
sendto$inet6(r4, &(0x7f0000000080)="44f9", 0x2, 0x1, 0x0, 0x0)
splice(r4, 0x0, r3, 0x0, 0x446f410, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r4, &(0x7f0000000040)={0x2002})
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r5, 0x29, 0x1b, &(0x7f00000000c0)={@remote={0xfe, 0x80, '\x00', 0xffffffffffffffff}}, 0x20)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setrlimit(0x4, &(0x7f0000000280)={0x4, 0x7fffffffffffffff})
getsockopt$sock_int(r6, 0x1, 0x1e, 0x0, &(0x7f0000000680))
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000080)=<r7=>0x0)
prlimit64(r7, 0xf, &(0x7f0000000200)={0x3, 0x7}, &(0x7f0000000240))
socket$inet6_tcp(0xa, 0x1, 0x0)
r8 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$inet6_mreq(r8, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14)
r9 = openat(r2, &(0x7f0000000380)='\x00', 0x101400, 0xee)
fchown(r9, 0x0, 0xee01)
fchmodat(0xffffffffffffff9c, &(0x7f0000000300)='.\x00', 0xffffffd3)

1.640485303s ago: executing program 3 (id=1010):
syz_usb_connect(0x1, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000009a65d0860040800dee20102030109021b05000000000009040000f678eaf500090584af"], &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000300)={<r0=>0xffffffffffffffff})
ioctl$UFFDIO_CONTINUE(0xffffffffffffffff, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000de6000/0x1000)=nil, 0x1000}})
pipe2$9p(&(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000004500), 0x1, &(0x7f0000000200)=ANY=[@ANYRESHEX=r1, @ANYBLOB=',wfd', @ANYRESHEX=r0])
write$P9_RVERSION(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="150000"], 0x15)
socket$rds(0x15, 0x5, 0x0)
syz_open_dev$ndb(0x0, 0x0, 0x82000)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000004080)=@base={0x4, 0x4, 0x4, 0xbf22, 0x800, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4}, 0x48)
syz_open_dev$evdev(&(0x7f0000000000), 0x4cc6, 0x84803)

1.556347804s ago: executing program 0 (id=1011):
mknod(&(0x7f0000000000)='./file0\x00', 0x6000, 0x77b)
mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='nilfs2\x00', 0x0, 0x0)
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000480), r1)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r3=>0x0)
sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1cd0689fdb769ca86375c715a8b2d96b2c04", @ANYRESDEC=r2, @ANYBLOB="010026bd7000fcdbdf250200000008000100", @ANYRES32=r3], 0x1c}, 0x1, 0x0, 0x0, 0x20008099}, 0x840)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0, <r4=>0x0}, &(0x7f0000000280)=0xc)
statx(0xffffffffffffff9c, &(0x7f00000002c0)='./file0/file0\x00', 0x6000, 0x100, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0})
getgroups(0x4, &(0x7f0000000400)=[0xffffffffffffffff, 0xee01, 0xffffffffffffffff, <r6=>0x0])
statx(0xffffffffffffff9c, &(0x7f0000000440)='.\x00', 0x4000, 0x100, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, <r7=>0x0})
fstat(r0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, <r8=>0x0})
lstat(&(0x7f0000000640)='./file0\x00', &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x0, <r9=>0x0})
getgroups(0x5, &(0x7f0000000700)=[0xee00, 0xffffffffffffffff, 0x0, <r10=>0xee01, 0x0])
stat(&(0x7f0000000740)='./file0\x00', &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, <r11=>0x0})
setgroups(0x8, &(0x7f0000000800)=[r4, r5, r6, r7, r8, r9, r10, r11])
r12 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
truncate(&(0x7f0000000980)='./file0/file0\x00', 0x6)
r13 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000880), r1)
sendmsg$NL802154_CMD_SET_TX_POWER(r12, &(0x7f0000000940)={&(0x7f0000000840)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000900)={&(0x7f00000008c0)={0x40, r13, 0x1, 0x70bd2b, 0x25dfdbfc, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}, @NL802154_ATTR_TX_POWER={0x8, 0xb, 0x1}, @NL802154_ATTR_TX_POWER={0x8, 0xb, 0x3}, @NL802154_ATTR_TX_POWER={0x8}]}, 0x40}}, 0x4040050)
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040e045f2d20"], 0x7)
unshare(0x2c020400)
write$nci(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="000501"], 0x4)

1.435745702s ago: executing program 4 (id=1012):
openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x200000, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prlimit64(0x0, 0x9, &(0x7f0000000240)={0x8, 0x248}, 0x0)
io_setup(0x4000, &(0x7f0000000140)) (fail_nth: 6)
syz_open_dev$dri(0x0, 0x0, 0x0)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_CALIPSO_C_LIST(r3, 0x0, 0x4004000)

1.200914108s ago: executing program 2 (id=1013):
syz_open_dev$video(&(0x7f0000000000), 0x9, 0x1e3a00)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ff4000/0xa000)=nil, &(0x7f000068c000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f000068a000/0xa000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f000068c000/0xc000)=nil, &(0x7f0000817000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r0 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1})
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0x3, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x80000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="16"], 0x50)
io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0)
r1 = socket(0x5, 0x4, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(r3, 0x8916, &(0x7f0000000000)={@private2})
setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000040)={@private2}, 0x14)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000001c0)={'netdevsim0\x00', 0x7101})
r5 = socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r5, 0x0, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001300)=@newtfilter={0x7c, 0x2c, 0xd27, 0x170bd25, 0x25dfdbf9, {0x0, 0x0, 0x0, r6, {0xfff1, 0xa}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_bpf={{0x8}, {0x50, 0x2, [@TCA_BPF_OPS={{0x6}, {0x4}}, @TCA_BPF_POLICE={0x40, 0x2, [@TCA_POLICE_TBF={0x3c, 0x1, {0x80000001, 0x20000000, 0x2, 0x40000005, 0x5, {0xfd, 0x1, 0xfffc, 0xd, 0x2}, {0x4, 0x1, 0xdef8, 0xee4a, 0x3c, 0x8}, 0x8, 0x3, 0x3}}]}]}}]}, 0x7c}, 0x1, 0x0, 0x0, 0x8848}, 0x20004000)
setsockopt$inet_tcp_int(r1, 0x11d, 0x8, 0x0, 0x0)
connect$inet(r1, 0x0, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r7, 0x0, 0x0)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, 0x0, 0x240000d0)
openat$tun(0xffffffffffffff9c, 0x0, 0x20400, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)

925.173386ms ago: executing program 0 (id=1014):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="5800000002060102000034e40000000004000008050005000a000000050001000600000005000400000000000900020073797a310000000011000300686173683a69702c706f727400"], 0x58}, 0x1, 0x0, 0x0, 0x81}, 0x0)
r1 = syz_open_dev$tty20(0xc, 0x4, 0x0)
pipe2(&(0x7f0000000340)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
r3 = epoll_create1(0x0)
sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0}, 0x4004015)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_tracing={0x1a, 0x38, 0x0, 0x0, 0x2, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, 0x1c, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xf475, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x40000000}, 0x94)
socket$unix(0x1, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x400000000008d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = fsopen(&(0x7f0000000000)='tracefs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r7, 0x1, &(0x7f0000000580)='gid', &(0x7f0000000440)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xeaEb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80Y\xc2\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\xf8\xc9@h\x01\xf5\xcb\x88\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9a\x84\'\xa3\xf1\xd9<\xb9k\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000140))
fcntl$setpipe(r2, 0x407, 0x0)
write$FUSE_ENTRY(r2, &(0x7f00000024c0)={0x90, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0xffff, 0x0, 0x0, 0x20000000000007f, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x2}}}, 0x90)
ioctl$TCFLSH(r1, 0x5608, 0x3f)

894.357417ms ago: executing program 5 (id=1015):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x14, 0x3a, 0x703, 0x270bd24, 0x25dfdbf8, {0xd}}, 0x14}}, 0x4008800)
syz_genetlink_get_family_id$nl80211(0x0, r0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
socket$inet_sctp(0x2, 0x1, 0x84)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nbd(&(0x7f0000000380), 0xffffffffffffffff)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={<r5=>0xffffffffffffffff})
sendmsg$NBD_CMD_CONNECT(r3, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f00000000c0)={0x30, r4, 0x1, 0xffffffff, 0x0, {}, [@NBD_ATTR_SOCKETS={0x10, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r5}}]}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7fff}]}, 0x30}}, 0x20000000)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x24040090}, 0xc0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x90}, 0x40000)
sendmsg$NL80211_CMD_PEER_MEASUREMENT_START(r0, &(0x7f0000004280)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000004240)={&(0x7f00000042c0)={0x78c, 0x0, 0x400, 0x70bd29, 0x25dfdbfc, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_PEER_MEASUREMENTS={0x480, 0x111, 0x0, 0x1, {0x47c, 0x5, 0x0, 0x1, [{0x3d0, 0x0, 0x0, 0x1, [@NL80211_PMSR_PEER_ATTR_REQ={0x8, 0x3, 0x0, 0x1, [@NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}]}, @NL80211_PMSR_PEER_ATTR_ADDR={0xa, 0x1, @device_b}, @NL80211_PMSR_PEER_ATTR_REQ={0x9c, 0x3, 0x0, 0x1, [@NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}, @NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}, @NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}, @NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}, @NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}, @NL80211_PMSR_REQ_ATTR_DATA={0x2c, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x28, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5, 0x5, 0xd}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x1b}]}]}, @NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}, @NL80211_PMSR_REQ_ATTR_DATA={0x54, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x50, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5, 0x5, 0x2}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8, 0x2, 0x3}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6, 0x4, 0xe}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8, 0x2, 0x4}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8, 0x2, 0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5, 0x7, 0x9}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5, 0x7, 0x81}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5, 0x5, 0x3}]}]}]}, @NL80211_PMSR_PEER_ATTR_REQ={0x244, 0x3, 0x0, 0x1, [@NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}, @NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}, @NL80211_PMSR_REQ_ATTR_DATA={0xb4, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x14, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6, 0x4, 0x5}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5, 0x7, 0x1}]}, @NL80211_PMSR_TYPE_FTM={0x24, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5, 0x3, 0xa}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6, 0x4, 0x1}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x2c, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x1a}, @NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0xf}]}, @NL80211_PMSR_TYPE_FTM={0x34, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x12}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x2}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8, 0x2, 0x2}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5, 0x3, 0xa}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5, 0x5, 0x5}]}, @NL80211_PMSR_TYPE_FTM={0x18, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5, 0x5, 0x8}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x15}]}]}, @NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}, @NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}, @NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}, @NL80211_PMSR_REQ_ATTR_DATA={0xd4, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x24, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x1d}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5, 0x7, 0x9}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x14, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8, 0x2, 0x1}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x13}]}, @NL80211_PMSR_TYPE_FTM={0x3c, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5, 0x5, 0x2}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5, 0x3, 0x3}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x18}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5, 0x7, 0x2}]}, @NL80211_PMSR_TYPE_FTM={0x1c, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x1b}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0xe}]}, @NL80211_PMSR_TYPE_FTM={0x2c, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5, 0x5, 0x6}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8, 0x2, 0x2}, @NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5, 0x5, 0x5}]}, @NL80211_PMSR_TYPE_FTM={0x14, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x8}]}]}, @NL80211_PMSR_REQ_ATTR_DATA={0x60, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x10, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6, 0x4, 0x9}]}, @NL80211_PMSR_TYPE_FTM={0x10, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6, 0x4, 0x9}]}, @NL80211_PMSR_TYPE_FTM={0x28, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5, 0x7, 0x8}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5, 0x5, 0x3}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x10, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8, 0x2, 0x3}]}, @NL80211_PMSR_TYPE_FTM={0x4}]}, @NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}, @NL80211_PMSR_REQ_ATTR_DATA={0x40, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x4}, @NL80211_PMSR_TYPE_FTM={0x14, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5, 0x5, 0xd}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x5}]}, @NL80211_PMSR_TYPE_FTM={0x24, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5, 0x7, 0x7}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5, 0x3, 0xd}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6, 0x4, 0x9}]}]}]}, @NL80211_PMSR_PEER_ATTR_ADDR={0xa}, @NL80211_PMSR_PEER_ATTR_ADDR={0xa, 0x1, @device_b}, @NL80211_PMSR_PEER_ATTR_REQ={0xc0, 0x3, 0x0, 0x1, [@NL80211_PMSR_REQ_ATTR_DATA={0x30, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x4}, @NL80211_PMSR_TYPE_FTM={0x28, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5, 0x7, 0x7}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK={0x4}]}]}, @NL80211_PMSR_REQ_ATTR_DATA={0x8c, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x1c, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5, 0x5, 0xb}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5, 0x3, 0xb}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x20, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5, 0x3, 0x7}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5, 0x5, 0x8}, @NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x2c, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5, 0x3, 0x1}, @NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x19}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x20, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6, 0x4, 0x8}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}]}]}]}]}, {0xa8, 0x0, 0x0, 0x1, [@NL80211_PMSR_PEER_ATTR_ADDR={0xa, 0x1, @device_b}, @NL80211_PMSR_PEER_ATTR_REQ={0x4}, @NL80211_PMSR_PEER_ATTR_REQ={0x4}, @NL80211_PMSR_PEER_ATTR_ADDR={0xa, 0x1, @device_b}, @NL80211_PMSR_PEER_ATTR_REQ={0x60, 0x3, 0x0, 0x1, [@NL80211_PMSR_REQ_ATTR_DATA={0x5c, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x14, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5, 0x7, 0x30}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}]}, @NL80211_PMSR_TYPE_FTM={0xc, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x2}]}, @NL80211_PMSR_TYPE_FTM={0x1c, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8, 0x2, 0x4}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x18, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8, 0x2, 0x2}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x4}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x4}]}]}, @NL80211_PMSR_PEER_ATTR_ADDR={0xa, 0x1, @broadcast}, @NL80211_PMSR_PEER_ATTR_ADDR={0xa, 0x1, @broadcast}, @NL80211_PMSR_PEER_ATTR_ADDR={0xa}]}]}}, @NL80211_ATTR_PEER_MEASUREMENTS={0x50, 0x111, 0x0, 0x1, {0x4c, 0x5, 0x0, 0x1, [{0x4}, {0x8, 0x0, 0x0, 0x1, [@NL80211_PMSR_PEER_ATTR_CHAN={0x4}]}, {0x8, 0x0, 0x0, 0x1, [@NL80211_PMSR_PEER_ATTR_REQ={0x4}]}, {0x24, 0x0, 0x0, 0x1, [@NL80211_PMSR_PEER_ATTR_ADDR={0xa}, @NL80211_PMSR_PEER_ATTR_REQ={0x4}, @NL80211_PMSR_PEER_ATTR_ADDR={0xa, 0x1, @broadcast}, @NL80211_PMSR_PEER_ATTR_REQ={0x4}]}, {0x10, 0x0, 0x0, 0x1, [@NL80211_PMSR_PEER_ATTR_ADDR={0xa, 0x1, @broadcast}]}]}}, @NL80211_ATTR_PEER_MEASUREMENTS={0xb0, 0x111, 0x0, 0x1, {0xac, 0x5, 0x0, 0x1, [{0x38, 0x0, 0x0, 0x1, [@NL80211_PMSR_PEER_ATTR_ADDR={0xa}, @NL80211_PMSR_PEER_ATTR_ADDR={0xa, 0x1, @broadcast}, @NL80211_PMSR_PEER_ATTR_REQ={0x4}, @NL80211_PMSR_PEER_ATTR_ADDR={0xa, 0x1, @device_b}, @NL80211_PMSR_PEER_ATTR_CHAN={0xc, 0x2, 0x0, 0x1, [@NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x39}]}]}, {0x20, 0x0, 0x0, 0x1, [@NL80211_PMSR_PEER_ATTR_ADDR={0xa}, @NL80211_PMSR_PEER_ATTR_REQ={0x4}, @NL80211_PMSR_PEER_ATTR_CHAN={0xc, 0x2, 0x0, 0x1, [@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x2}]}]}, {0x4}, {0x1c, 0x0, 0x0, 0x1, [@NL80211_PMSR_PEER_ATTR_ADDR={0xa}, @NL80211_PMSR_PEER_ATTR_ADDR={0xa}]}, {0x30, 0x0, 0x0, 0x1, [@NL80211_PMSR_PEER_ATTR_CHAN={0xc, 0x2, 0x0, 0x1, [@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x33a}]}, @NL80211_PMSR_PEER_ATTR_ADDR={0xa}, @NL80211_PMSR_PEER_ATTR_CHAN={0xc, 0x2, 0x0, 0x1, [@NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x1000}]}, @NL80211_PMSR_PEER_ATTR_REQ={0x8, 0x3, 0x0, 0x1, [@NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}]}]}]}}, @NL80211_ATTR_PEER_MEASUREMENTS={0x118, 0x111, 0x0, 0x1, {0x114, 0x5, 0x0, 0x1, [{0x110, 0x0, 0x0, 0x1, [@NL80211_PMSR_PEER_ATTR_ADDR={0xa, 0x1, @device_b}, @NL80211_PMSR_PEER_ATTR_ADDR={0xa}, @NL80211_PMSR_PEER_ATTR_REQ={0xf4, 0x3, 0x0, 0x1, [@NL80211_PMSR_REQ_ATTR_DATA={0xa4, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0xc, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5, 0x7, 0x9}]}, @NL80211_PMSR_TYPE_FTM={0x8, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}]}, @NL80211_PMSR_TYPE_FTM={0xc, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0xb}]}, @NL80211_PMSR_TYPE_FTM={0x24, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5, 0x7, 0x9}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5, 0x7, 0x2}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6, 0x4, 0x24}]}, @NL80211_PMSR_TYPE_FTM={0x20, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5, 0x5, 0xa}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5, 0x3, 0x8}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5, 0x7, 0x7}]}, @NL80211_PMSR_TYPE_FTM={0x18, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5, 0x7, 0x4}]}, @NL80211_PMSR_TYPE_FTM={0x14, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x1f}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}]}, @NL80211_PMSR_TYPE_FTM={0xc, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x8}]}, @NL80211_PMSR_TYPE_FTM={0x4}]}, @NL80211_PMSR_REQ_ATTR_DATA={0x4c, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x1c, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5, 0x7, 0x9}, @NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x28, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5, 0x7, 0x4}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x5}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5, 0x7, 0x7}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x4}]}]}]}]}}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_PEER_MEASUREMENTS={0xa8, 0x111, 0x0, 0x1, {0xa4, 0x5, 0x0, 0x1, [{0x48, 0x0, 0x0, 0x1, [@NL80211_PMSR_PEER_ATTR_CHAN={0xc, 0x2, 0x0, 0x1, [@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}]}, @NL80211_PMSR_PEER_ATTR_ADDR={0xa, 0x1, @broadcast}, @NL80211_PMSR_PEER_ATTR_REQ={0x10, 0x3, 0x0, 0x1, [@NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}, @NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}, @NL80211_PMSR_REQ_ATTR_DATA={0x4}]}, @NL80211_PMSR_PEER_ATTR_ADDR={0xa, 0x1, @broadcast}, @NL80211_PMSR_PEER_ATTR_CHAN={0x4}, @NL80211_PMSR_PEER_ATTR_ADDR={0xa, 0x1, @device_b}]}, {0x58, 0x0, 0x0, 0x1, [@NL80211_PMSR_PEER_ATTR_CHAN={0xc, 0x2, 0x0, 0x1, [@NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x15}]}, @NL80211_PMSR_PEER_ATTR_CHAN={0x2c, 0x2, 0x0, 0x1, [@NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x7}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x6}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x5}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x322}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x80}]}, @NL80211_PMSR_PEER_ATTR_CHAN={0x1c, 0x2, 0x0, 0x1, [@NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x16}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x12}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xd}]}]}]}}, @NL80211_ATTR_TIMEOUT={0x8, 0x110, 0x5}, @NL80211_ATTR_TIMEOUT={0x8, 0x110, 0x8001}, @NL80211_ATTR_TIMEOUT={0x8, 0x110, 0x1}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x78c}, 0x1, 0x0, 0x0, 0x40002}, 0x800)
mlockall(0x2)
r6 = shmget$private(0x0, 0x400000, 0x8, &(0x7f000000e000/0x400000)=nil)
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000100)=0x3)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x83, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffd71, 0xffffffffffffffff}, 0x78)
r8 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a01, 0x0)
ioctl$PPPIOCSFLAGS1(r8, 0x40047459, 0x0)
shmat(r6, &(0x7f0000ffd000/0x1000)=nil, 0x7000)
socket$nl_generic(0x10, 0x3, 0x10)

570.209281ms ago: executing program 2 (id=1016):
syz_usb_connect(0x5, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000eafa7240936901b02926f400100109021b000124a800800904000001030000000905", @ANYRES32], 0x0)
timer_create(0x1, &(0x7f00000000c0)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r0=>0x0)
fcntl$lock(0xffffffffffffffff, 0x22, &(0x7f0000000040)={0x0, 0x0, 0x8000, 0x2})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, &(0x7f0000000040)={{0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000002340)={0xffffffffffffffff, &(0x7f0000002380)="7a1fbe9e57d90e6cd6a2e96c295a29c22b0e69e04c65eb8bf93f2f64ee0cdab276e4154c7a684e896e92045629d98680f6d7d0d571a1080049037caf195b9ed2e971568bd01465f3c33961c91549f25f1387e587fbf6d68b2da726ad313fedacb0ffad785068f81446ac78e9784c8553494afcaf71ce27e8a56e67a2eee9b728cbf90c191d03b8f316bad32e83291881321332b90b0f9900aed37b2879b0faae7e0a28e1e01f45a8b9e59f8783be1c56971cba0985af16bc71cd944367d43d60d6b854297575bcff01d3baa5b6e770efeadbb6", 0x0}, 0x77)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
socket$nl_netfilter(0x10, 0x3, 0xc)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)

401.465891ms ago: executing program 4 (id=1017):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x40080d0)
openat$tun(0xffffffffffffff9c, 0x0, 0x20400, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
socket$packet(0x11, 0x3, 0x300)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x40)
mount$overlay(0x0, &(0x7f0000000000)='./bus\x00', &(0x7f0000000280), 0x0, &(0x7f0000000380))
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
ioctl$KVM_SET_XCRS(r5, 0x4188aea7, &(0x7f0000000ac0)={0x3, 0x6, [{0x6, 0x0, 0xc2}, {0x7, 0x0, 0xfffffffffffff7fa}, {0x7fdf, 0x0, 0x80000401}, {0x5, 0x0, 0x10001}, {0x8}, {0xffffffff, 0x0, 0x6}, {0x7ffffffe, 0x0, 0x6}, {0x1800, 0x0, 0xb}, {0x400, 0x0, 0x401}, {0x9, 0x0, 0x9}, {0x80000000, 0x0, 0x4}, {0x6, 0x0, 0x2}, {0x2, 0x0, 0x1}, {0x3, 0x0, 0x1}, {0x3ff, 0x0, 0xf5}, {0x401, 0x0, 0x85f7}]})

0s ago: executing program 0 (id=1018):
r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0)
ioctl$VIDIOC_REQBUFS(r0, 0xc0585609, 0x0)

kernel console output (not intermixed with test programs):

idge0: port 1(bridge_slave_0) entered blocking state
[  244.005466][ T8088] bridge0: port 1(bridge_slave_0) entered disabled state
[  244.013868][ T5712] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  244.028097][ T8088] bridge_slave_0: entered allmulticast mode
[  244.034925][ T8088] bridge_slave_0: entered promiscuous mode
[  244.040743][ T5712] usb 4-1: Product: syz
[  244.044966][ T5712] usb 4-1: Manufacturer: syz
[  244.050926][ T8088] bridge0: port 2(bridge_slave_1) entered blocking state
[  244.059725][ T5712] usb 4-1: SerialNumber: syz
[  244.065429][ T8088] bridge0: port 2(bridge_slave_1) entered disabled state
[  244.082433][ T8088] bridge_slave_1: entered allmulticast mode
[  244.193840][ T8088] bridge_slave_1: entered promiscuous mode
[  244.311677][ T5849] block nbd4: Possible stuck request ffff888028767000: control (read@0,1024B). Runtime 150 seconds
[  244.323291][ T5849] block nbd4: Possible stuck request ffff8880287671c0: control (read@1024,1024B). Runtime 150 seconds
[  244.338218][ T5849] block nbd4: Possible stuck request ffff888028767380: control (read@2048,1024B). Runtime 150 seconds
[  244.349355][ T5849] block nbd4: Possible stuck request ffff888028767540: control (read@3072,1024B). Runtime 150 seconds
[  244.455512][ T8165] overlayfs: missing 'lowerdir'
[  244.828329][ T8088] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  244.863428][ T8088] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  244.963205][ T8088] team0: Port device team_slave_0 added
[  244.997310][ T8088] team0: Port device team_slave_1 added
[  245.008490][ T5712] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 23 if 0 alt 0 proto 1 vid 0x04B8 pid 0x0202
[  245.077760][ T8088] batman_adv: batadv0: Adding interface: batadv_slave_0
[  245.084921][ T8088] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  245.114900][ T8088] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  245.128660][ T8088] batman_adv: batadv0: Adding interface: batadv_slave_1
[  245.135904][ T8088] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  245.168318][ T8088] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  245.501363][ T5617] Bluetooth: hci5: command tx timeout
[  245.560733][ T8088] hsr_slave_0: entered promiscuous mode
[  245.578145][ T8088] hsr_slave_1: entered promiscuous mode
[  245.600468][ T8088] debugfs: 'hsr0' already exists in 'hsr'
[  245.606600][ T4995] block nbd8: Possible stuck request ffff8880288ce000: control (read@0,1024B). Runtime 120 seconds
[  245.619105][ T4995] block nbd8: Possible stuck request ffff8880288ce1c0: control (read@1024,1024B). Runtime 120 seconds
[  245.633795][ T4995] block nbd8: Possible stuck request ffff8880288ce380: control (read@2048,1024B). Runtime 120 seconds
[  245.644897][ T4995] block nbd8: Possible stuck request ffff8880288ce540: control (read@3072,1024B). Runtime 120 seconds
[  245.656254][ T8088] Cannot create hsr debugfs directory
[  246.091478][ T5796] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  246.147025][   T30] audit: type=1400 audit(1778812919.736:472): avc:  denied  { write } for  pid=8179 comm="syz.2.581" name="binder0" dev="binder" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  246.155599][ T8186] binder: 8179:8186 ioctl c0306201 0 returned -14
[  246.292989][ T5796] usb 5-1: config 0 has no interfaces?
[  246.305423][ T5796] usb 5-1: New USB device found, idVendor=06cd, idProduct=010f, bcdDevice=d5.1b
[  246.328890][ T5796] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  246.342949][ T5796] usb 5-1: config 0 descriptor??
[  246.446465][ T8088] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  246.456365][ T8088] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  246.464574][ T8088] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  246.473334][ T8088] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  246.480953][ T8088] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  246.491720][ T8088] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  246.499399][ T8088] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  246.508372][ T8088] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  246.564849][ T5712] usb 5-1: USB disconnect, device number 24
[  246.579132][ T8088] 8021q: adding VLAN 0 to HW filter on device bond0
[  246.591753][ T1227] usb 1-1: new high-speed USB device number 30 using dummy_hcd
[  246.607136][ T8088] 8021q: adding VLAN 0 to HW filter on device team0
[  246.618308][ T7326] bridge0: port 1(bridge_slave_0) entered blocking state
[  246.625437][ T7326] bridge0: port 1(bridge_slave_0) entered forwarding state
[  246.639046][ T1162] bridge0: port 2(bridge_slave_1) entered blocking state
[  246.646201][ T1162] bridge0: port 2(bridge_slave_1) entered forwarding state
[  246.654304][ T5796] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  246.741287][ T1227] usb 1-1: Using ep0 maxpacket: 16
[  246.748059][ T1227] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  246.759105][ T1227] usb 1-1: config 0 has no interfaces?
[  246.767272][ T1227] usb 1-1: New USB device found, idVendor=0c45, idProduct=5112, bcdDevice= 0.00
[  246.776666][ T1227] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  246.787533][ T1227] usb 1-1: config 0 descriptor??
[  246.821362][ T5796] usb 3-1: Using ep0 maxpacket: 8
[  246.831926][ T1227] usb 4-1: USB disconnect, device number 23
[  246.841688][ T5796] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  246.856220][ T1227] usblp0: removed
[  246.865559][ T5796] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  246.896573][ T5796] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  246.906718][ T5796] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  246.920025][ T5796] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  246.931103][ T5796] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  247.015278][ T5827] usb 1-1: USB disconnect, device number 30
[  247.055430][ T8088] 8021q: adding VLAN 0 to HW filter on device batadv0
[  247.325509][ T5796] usb 3-1: GET_CAPABILITIES returned 0
[  247.357740][ T5796] usbtmc 3-1:16.0: can't read capabilities
[  247.511475][ T2842] block nbd5: Possible stuck request ffff8880287d5080: control (read@0,1024B). Runtime 150 seconds
[  247.523574][ T2842] block nbd5: Possible stuck request ffff8880287d5240: control (read@1024,1024B). Runtime 150 seconds
[  247.556589][ T2842] block nbd5: Possible stuck request ffff8880287d5400: control (read@2048,1024B). Runtime 150 seconds
[  247.595195][ T2842] block nbd5: Possible stuck request ffff8880287d55c0: control (read@3072,1024B). Runtime 150 seconds
[  247.605433][ T5617] Bluetooth: hci5: command tx timeout
[  247.726281][ T5983] block nbd11: Possible stuck request ffff888028a00000: control (read@0,1024B). Runtime 90 seconds
[  247.737475][ T5983] block nbd11: Possible stuck request ffff888028a001c0: control (read@1024,1024B). Runtime 90 seconds
[  247.755259][ T5983] block nbd11: Possible stuck request ffff888028a00380: control (read@2048,1024B). Runtime 90 seconds
[  247.768332][ T5983] block nbd11: Possible stuck request ffff888028a00540: control (read@3072,1024B). Runtime 90 seconds
[  247.780816][ T4995] block nbd6: Possible stuck request ffff888028830000: control (read@0,1024B). Runtime 150 seconds
[  247.804703][ T4995] block nbd6: Possible stuck request ffff8880288301c0: control (read@1024,1024B). Runtime 150 seconds
[  247.817327][ T4995] block nbd6: Possible stuck request ffff888028830380: control (read@2048,1024B). Runtime 150 seconds
[  247.840578][ T4995] block nbd6: Possible stuck request ffff888028830540: control (read@3072,1024B). Runtime 150 seconds
[  248.021080][ T5712] usb 5-1: new full-speed USB device number 25 using dummy_hcd
[  249.055532][ T5712] usb 5-1: config 0 has an invalid interface number: 2 but max is 0
[  249.097163][ T5712] usb 5-1: config 0 has no interface number 0
[  249.113158][ T5712] usb 5-1: config 0 interface 2 altsetting 11 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  249.127879][ T5712] usb 5-1: config 0 interface 2 altsetting 11 endpoint 0x81 has invalid wMaxPacketSize 0
[  249.142301][ T5712] usb 5-1: config 0 interface 2 altsetting 11 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  249.161336][ T5712] usb 5-1: config 0 interface 2 has no altsetting 0
[  249.168017][ T5712] usb 5-1: New USB device found, idVendor=5543, idProduct=0522, bcdDevice= 0.00
[  249.191410][ T5712] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  249.216005][ T5796] usb 3-1: USB disconnect, device number 25
[  249.241775][ T5712] usb 5-1: config 0 descriptor??
[  249.249956][ T8088] veth0_vlan: entered promiscuous mode
[  249.300881][ T8088] veth1_vlan: entered promiscuous mode
[  249.354881][ T8088] veth0_macvtap: entered promiscuous mode
[  249.365682][ T8088] veth1_macvtap: entered promiscuous mode
[  249.804403][ T4995] block nbd7: Possible stuck request ffff888028860000: control (read@0,1024B). Runtime 150 seconds
[  249.816167][ T4995] block nbd7: Possible stuck request ffff8880288601c0: control (read@1024,1024B). Runtime 150 seconds
[  249.828361][ T4995] block nbd7: Possible stuck request ffff888028860380: control (read@2048,1024B). Runtime 150 seconds
[  249.842880][ T4995] block nbd7: Possible stuck request ffff888028860540: control (read@3072,1024B). Runtime 150 seconds
[  249.864631][ T8088] batman_adv: batadv0: Interface activated: batadv_slave_0
[  249.896632][ T8088] batman_adv: batadv0: Interface activated: batadv_slave_1
[  249.935573][ T1166] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  249.956863][ T1166] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  249.974119][ T1166] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  249.984074][ T1166] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  250.072526][ T1312] ieee802154 phy0 wpan0: encryption failed: -22
[  250.078841][ T1312] ieee802154 phy1 wpan1: encryption failed: -22
[  250.110343][ T1162] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  250.118840][ T1162] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  250.370182][ T8239] netlink: 44 bytes leftover after parsing attributes in process `syz.2.590'.
[  250.537743][ T5712] usbhid 5-1:0.2: can't add hid device: -71
[  250.663898][ T8244] overlayfs: missing 'lowerdir'
[  251.102461][ T5712] usbhid 5-1:0.2: probe with driver usbhid failed with error -71
[  251.292672][ T5712] usb 5-1: USB disconnect, device number 25
[  251.327217][ T1166] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  251.337056][ T1166] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  251.412849][   T30] audit: type=1400 audit(1778812925.006:473): avc:  denied  { mounton } for  pid=8088 comm="syz-executor" path="/root/syzkaller.SuDcMo/syz-tmp" dev="sda1" ino=2050 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[  251.453236][   T30] audit: type=1400 audit(1778812925.046:474): avc:  denied  { mounton } for  pid=8088 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=2784 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  251.672553][ T8242] netlink: 'syz.2.590': attribute type 11 has an invalid length.
[  251.856870][ T8242] netlink: 199828 bytes leftover after parsing attributes in process `syz.2.590'.
[  252.432474][ T8267] faux_driver vkms: [drm] Unknown color mode 6; guessing buffer size.
[  252.641583][    T9] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  252.821527][    T9] usb 3-1: Using ep0 maxpacket: 8
[  252.888417][    T9] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  253.120065][    T9] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  253.136333][    T9] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 255
[  253.146514][    T9] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  253.161810][    T9] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  253.171727][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  253.180785][   T30] audit: type=1400 audit(1778812926.766:475): avc:  denied  { read append } for  pid=8273 comm="syz.0.599" name="cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1
[  253.215822][   T30] audit: type=1400 audit(1778812926.766:476): avc:  denied  { open } for  pid=8273 comm="syz.0.599" path="/dev/cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1
[  253.241191][   T30] audit: type=1400 audit(1778812926.766:477): avc:  denied  { ioctl } for  pid=8273 comm="syz.0.599" path="/dev/cachefiles" dev="devtmpfs" ino=4 ioctlcmd=0x5519 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1
[  253.416264][    T9] usb 3-1: GET_CAPABILITIES returned 0
[  253.426106][    T9] usbtmc 3-1:16.0: can't read capabilities
[  253.596274][ T8281] netlink: 36 bytes leftover after parsing attributes in process `syz.5.600'.
[  253.627460][    T9] usb 3-1: USB disconnect, device number 26
[  253.658495][ T8285] 9p: Bad value for 'wfdno'
[  253.946743][ T8282] nbd20: detected capacity change from 0 to 63
[  253.979926][ T8288] openvswitch: netlink: Flow get message rejected, Key attribute missing.
[  254.812916][ T5617] block nbd20: Receive control failed (result -32)
[  255.063878][   T30] audit: type=1800 audit(1778812928.646:478): pid=8305 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.0.608" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0
[  255.452176][ T8305] kvm: user requested TSC rate below hardware speed
[  256.949490][ T8327] fuse: Bad value for 'user_id'
[  256.955362][ T8327] fuse: Bad value for 'user_id'
[  257.122283][ T5849] block nbd0: Possible stuck request ffff8880285c7000: control (read@0,1024B). Runtime 180 seconds
[  257.134169][ T5849] block nbd0: Possible stuck request ffff8880285c71c0: control (read@1024,1024B). Runtime 180 seconds
[  257.146060][ T5849] block nbd0: Possible stuck request ffff8880285c7380: control (read@2048,1024B). Runtime 180 seconds
[  257.157120][ T5849] block nbd0: Possible stuck request ffff8880285c7540: control (read@3072,1024B). Runtime 180 seconds
[  257.288831][ T8332] xt_ecn: cannot match TCP bits for non-tcp packets
[  257.327779][   T30] audit: type=1401 audit(1778812930.916:479): op=fscreate invalid_context="?"
[  257.561708][ T5712] usb 1-1: new high-speed USB device number 31 using dummy_hcd
[  257.721605][ T5712] usb 1-1: Using ep0 maxpacket: 8
[  257.763197][ T5712] usb 1-1: unable to get BOS descriptor or descriptor too short
[  257.802565][ T5712] usb 1-1: config 243 has an invalid interface number: 8 but max is 0
[  257.812729][ T5712] usb 1-1: config 243 has no interface number 0
[  257.821509][ T5712] usb 1-1: config 243 interface 8 has no altsetting 0
[  257.831040][ T5712] usb 1-1: New USB device found, idVendor=0d9f, idProduct=0002, bcdDevice=fe.96
[  257.841326][ T5712] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  257.854538][ T5712] usb 1-1: Product: syz
[  257.884950][ T5712] usb 1-1: Manufacturer: syz
[  257.949796][ T5712] usb 1-1: SerialNumber: syz
[  258.468546][ T5712] cypress_m8 1-1:243.8: HID->COM RS232 Adapter converter detected
[  258.482672][ T5712] cyphidcom ttyUSB0: required endpoint is missing
[  258.519687][ T5712] usb 1-1: USB disconnect, device number 31
[  258.555224][ T5712] cypress_m8 1-1:243.8: device disconnected
[  258.577450][   T30] audit: type=1400 audit(1778812932.166:480): avc:  denied  { setattr } for  pid=8339 comm="syz.3.619" name="NETLINK" dev="sockfs" ino=20968 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  258.807277][ T8355] overlayfs: missing 'lowerdir'
[  259.158966][ T4995] block nbd12: Possible stuck request ffff888028a75080: control (read@0,1024B). Runtime 90 seconds
[  259.171953][ T4995] block nbd12: Possible stuck request ffff888028a75240: control (read@1024,1024B). Runtime 90 seconds
[  259.183028][ T4995] block nbd12: Possible stuck request ffff888028a75400: control (read@2048,1024B). Runtime 90 seconds
[  259.194039][ T4995] block nbd12: Possible stuck request ffff888028a755c0: control (read@3072,1024B). Runtime 90 seconds
[  259.711152][ T8367] overlayfs: missing 'lowerdir'
[  260.076168][ T5849] block nbd1: Possible stuck request ffff888028620000: control (read@0,1024B). Runtime 180 seconds
[  260.086938][ T5849] block nbd1: Possible stuck request ffff8880286201c0: control (read@1024,1024B). Runtime 180 seconds
[  260.097999][ T5849] block nbd1: Possible stuck request ffff888028620380: control (read@2048,1024B). Runtime 180 seconds
[  260.109138][ T5849] block nbd1: Possible stuck request ffff888028620540: control (read@3072,1024B). Runtime 180 seconds
[  261.958929][ T8386] fuse: Bad value for 'fd'
[  262.574848][ T8398] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=71 sclass=netlink_route_socket pid=8398 comm=syz.0.634
[  262.651409][ T5796] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  262.872844][ T8406] overlayfs: missing 'lowerdir'
[  263.220244][ T5849] block nbd9: Possible stuck request ffff888028945080: control (read@0,1024B). Runtime 120 seconds
[  263.231008][ T5849] block nbd9: Possible stuck request ffff888028945240: control (read@1024,1024B). Runtime 120 seconds
[  263.241967][ T5849] block nbd9: Possible stuck request ffff888028945400: control (read@2048,1024B). Runtime 120 seconds
[  263.245496][ T5796] usb 5-1: Using ep0 maxpacket: 8
[  263.252970][ T5849] block nbd9: Possible stuck request ffff8880289455c0: control (read@3072,1024B). Runtime 120 seconds
[  263.443721][ T5796] usb 5-1: config 0 has an invalid interface number: 55 but max is 0
[  263.452210][ T5796] usb 5-1: config 0 has no interface number 0
[  263.458470][ T5796] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  263.615735][ T8413] netlink: 220 bytes leftover after parsing attributes in process `syz.0.638'.
[  263.625757][ T8413] netlink: 8 bytes leftover after parsing attributes in process `syz.0.638'.
[  263.668410][ T5617] Bluetooth: hci2: unexpected event for opcode 0x0c7b
[  264.538887][ T5796] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  264.551648][ T5796] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  264.800203][ T5796] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  264.875584][ T5796] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  265.041967][ T5796] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  265.120629][ T5796] usb 5-1: config 0 descriptor??
[  265.175310][ T8418] netlink: 'syz.5.640': attribute type 3 has an invalid length.
[  265.187038][ T5827] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  265.195221][ T5796] ldusb 5-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  265.525332][ T5827] usb 4-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  265.536209][ T5827] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  265.554207][  T804] usb 5-1: USB disconnect, device number 26
[  265.574981][  T804] ldusb 5-1:0.55: LD USB Device #0 now disconnected
[  265.584339][ T5827] usb 4-1: Product: syz
[  265.591642][ T5827] usb 4-1: Manufacturer: syz
[  265.700449][ T5827] usb 4-1: SerialNumber: syz
[  265.733091][ T5827] usb 4-1: config 0 descriptor??
[  266.057256][ T8418] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  266.065513][ T8418] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 1th superblock
[  266.074572][ T8418] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  266.083951][ T8418] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 2th superblock
[  266.142938][ T8438] fuse: Bad value for 'fd'
[  266.204934][ T8418] netlink: 16 bytes leftover after parsing attributes in process `syz.5.640'.
[  267.101468][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  267.272561][ T5827] usb 4-1: Firmware version (0.0) predates our first public release.
[  267.331324][ T5827] usb 4-1: Please update to version 0.2 or newer
[  267.559905][ T8460] netlink: 56 bytes leftover after parsing attributes in process `syz.4.653'.
[  267.568939][ T8460] netlink: 12 bytes leftover after parsing attributes in process `syz.4.653'.
[  267.578449][ T8460] netlink: 8 bytes leftover after parsing attributes in process `syz.4.653'.
[  267.589106][   T30] audit: type=1400 audit(1778812941.176:481): avc:  denied  { bind } for  pid=8456 comm="syz.4.653" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  267.642767][ T8461] wg1: entered promiscuous mode
[  267.647714][ T8461] wg1: entered allmulticast mode
[  267.705237][ T5617] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  267.716852][ T5617] Bluetooth: hci2: Injecting HCI hardware error event
[  267.726329][ T5613] Bluetooth: hci2: hardware error 0x00
[  267.737119][ T5827] usb 4-1: USB disconnect, device number 24
[  268.004043][ T8467] overlayfs: missing 'lowerdir'
[  269.661852][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  269.962818][ T5613] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  269.971567][ T4995] block nbd3: Possible stuck request ffff8880286f0000: control (read@0,1024B). Runtime 180 seconds
[  269.982421][ T4995] block nbd3: Possible stuck request ffff8880286f01c0: control (read@1024,1024B). Runtime 180 seconds
[  269.993652][ T4995] block nbd3: Possible stuck request ffff8880286f0380: control (read@2048,1024B). Runtime 180 seconds
[  270.004661][ T4995] block nbd3: Possible stuck request ffff8880286f0540: control (read@3072,1024B). Runtime 180 seconds
[  270.071299][    T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!!
[  272.097975][ T5732] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  272.277473][   T30] audit: type=1400 audit(1778812945.866:482): avc:  denied  { setopt } for  pid=8470 comm="syz.4.655" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  272.322085][ T5732] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  272.340031][ T5732] usb 3-1: config 0 has no interface number 0
[  272.364961][ T5732] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  272.396311][ T5732] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  272.419066][ T5732] usb 3-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.00
[  272.448772][ T5732] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  272.471480][ T5849] block nbd10: Possible stuck request ffff8880289a5080: control (read@0,1024B). Runtime 120 seconds
[  272.482585][ T5849] block nbd10: Possible stuck request ffff8880289a5240: control (read@1024,1024B). Runtime 120 seconds
[  272.485734][ T5732] usb 3-1: config 0 descriptor??
[  272.495008][ T5849] block nbd10: Possible stuck request ffff8880289a5400: control (read@2048,1024B). Runtime 120 seconds
[  272.509968][ T5849] block nbd10: Possible stuck request ffff8880289a55c0: control (read@3072,1024B). Runtime 120 seconds
[  272.533083][   T30] audit: type=1400 audit(1778812946.116:483): avc:  denied  { append } for  pid=8492 comm="syz.5.662" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  272.627972][   T30] audit: type=1400 audit(1778812946.216:484): avc:  denied  { map } for  pid=8492 comm="syz.5.662" path="socket:[21625]" dev="sockfs" ino=21625 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1
[  273.042849][ T8487] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  273.086720][ T8487] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  273.127793][ T5732] prodikeys 0003:041E:2801.0009: hidraw0: USB HID v0.00 Device [HID 041e:2801] on usb-dummy_hcd.2-1/input1
[  273.221492][ T5732] hid_prodikeys: hid-prodikeys: failed to find output report
[  273.221492][ T5732] 
[  273.329478][ T1227] usb 3-1: USB disconnect, device number 27
[  273.451308][    T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!!
[  273.584760][ T8515] overlayfs: missing 'lowerdir'
[  274.394095][ T5849] block nbd4: Possible stuck request ffff888028767000: control (read@0,1024B). Runtime 180 seconds
[  274.404921][ T5849] block nbd4: Possible stuck request ffff8880287671c0: control (read@1024,1024B). Runtime 180 seconds
[  274.415887][ T5849] block nbd4: Possible stuck request ffff888028767380: control (read@2048,1024B). Runtime 180 seconds
[  274.426848][ T5849] block nbd4: Possible stuck request ffff888028767540: control (read@3072,1024B). Runtime 180 seconds
[  275.191486][    T0] NOHZ tick-stop error: local softirq work is pending, handler #2c2!!!
[  275.764933][ T4995] block nbd8: Possible stuck request ffff8880288ce000: control (read@0,1024B). Runtime 150 seconds
[  275.775896][ T4995] block nbd8: Possible stuck request ffff8880288ce1c0: control (read@1024,1024B). Runtime 150 seconds
[  275.793304][ T4995] block nbd8: Possible stuck request ffff8880288ce380: control (read@2048,1024B). Runtime 150 seconds
[  275.816453][ T4995] block nbd8: Possible stuck request ffff8880288ce540: control (read@3072,1024B). Runtime 150 seconds
[  276.076495][   T30] audit: type=1400 audit(1778812949.586:485): avc:  denied  { write } for  pid=8537 comm="syz.3.672" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  276.437381][   T30] audit: type=1400 audit(1778812950.026:486): avc:  denied  { ioctl } for  pid=8541 comm="syz.2.673" path="socket:[21269]" dev="sockfs" ino=21269 ioctlcmd=0x89e7 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  277.629754][ T5849] block nbd5: Possible stuck request ffff8880287d5080: control (read@0,1024B). Runtime 180 seconds
[  277.640873][ T5849] block nbd5: Possible stuck request ffff8880287d5240: control (read@1024,1024B). Runtime 180 seconds
[  277.653092][ T5849] block nbd5: Possible stuck request ffff8880287d5400: control (read@2048,1024B). Runtime 180 seconds
[  277.664143][ T5849] block nbd5: Possible stuck request ffff8880287d55c0: control (read@3072,1024B). Runtime 180 seconds
[  277.799238][ T8553] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  278.085727][ T8560] netlink: 44 bytes leftover after parsing attributes in process `syz.0.678'.
[  278.095674][ T8560] netlink: 'syz.0.678': attribute type 2 has an invalid length.
[  278.103731][ T8560] netlink: 'syz.0.678': attribute type 1 has an invalid length.
[  278.112525][ T8560] netlink: 'syz.0.678': attribute type 1 has an invalid length.
[  278.120188][ T8560] netlink: 'syz.0.678': attribute type 1 has an invalid length.
[  278.268189][ T8563] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=41760 sclass=netlink_route_socket pid=8563 comm=syz.0.678
[  278.298622][ T5732] libceph: connect (1)[c::]:6789 error -101
[  278.306718][ T5732] libceph: mon0 (1)[c::]:6789 connect error
[  278.320257][ T5983] block nbd6: Possible stuck request ffff888028830000: control (read@0,1024B). Runtime 180 seconds
[  278.331317][ T5983] block nbd6: Possible stuck request ffff8880288301c0: control (read@1024,1024B). Runtime 180 seconds
[  278.351055][ T5983] block nbd6: Possible stuck request ffff888028830380: control (read@2048,1024B). Runtime 180 seconds
[  278.362287][ T4995] block nbd11: Possible stuck request ffff888028a00000: control (read@0,1024B). Runtime 120 seconds
[  278.373934][ T5983] block nbd6: Possible stuck request ffff888028830540: control (read@3072,1024B). Runtime 180 seconds
[  278.409260][ T4995] block nbd11: Possible stuck request ffff888028a001c0: control (read@1024,1024B). Runtime 120 seconds
[  278.420465][ T4995] block nbd11: Possible stuck request ffff888028a00380: control (read@2048,1024B). Runtime 120 seconds
[  278.431726][ T4995] block nbd11: Possible stuck request ffff888028a00540: control (read@3072,1024B). Runtime 120 seconds
[  278.603000][ T5796] libceph: connect (1)[c::]:6789 error -101
[  278.624101][ T5796] libceph: mon0 (1)[c::]:6789 connect error
[  278.702654][ T8560] ceph: No mds server is up or the cluster is laggy
[  278.811800][ T8569] netlink: 156 bytes leftover after parsing attributes in process `syz.4.681'.
[  278.830981][ T8569] openvswitch: netlink: Missing key (keys=40, expected=10000000)
[  279.415927][ T8578] overlayfs: statfs failed on './file0'
[  279.436205][ T8570] nbd21: detected capacity change from 0 to 63
[  279.702191][ T5613] block nbd21: Receive control failed (result -32)
[  279.787999][ T8585] binder: 8584:8585 ioctl c0306201 2000000001c0 returned -14
[  279.796282][ T8585] binder_alloc: 8584: binder_alloc_buf, no vma
[  280.152992][ T4995] block nbd7: Possible stuck request ffff888028860000: control (read@0,1024B). Runtime 180 seconds
[  280.163905][ T4995] block nbd7: Possible stuck request ffff8880288601c0: control (read@1024,1024B). Runtime 180 seconds
[  280.181313][ T4995] block nbd7: Possible stuck request ffff888028860380: control (read@2048,1024B). Runtime 180 seconds
[  280.185054][   T30] audit: type=1326 audit(1778812953.736:487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8598 comm="syz.0.686" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fec0059ce59 code=0x0
[  280.192325][ T4995] block nbd7: Possible stuck request ffff888028860540: control (read@3072,1024B). Runtime 180 seconds
[  281.427777][ T8616] binder: 8615:8616 ioctl c0306201 2000000001c0 returned -14
[  281.438806][ T8616] binder: 8615:8616 unknown command 0
[  281.445269][ T8616] binder: 8615:8616 ioctl c0306201 2000000002c0 returned -22
[  281.495193][ T8618] netlink: 'syz.0.692': attribute type 3 has an invalid length.
[  281.951312][ T5796] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  281.970660][ T8622] nbd22: detected capacity change from 0 to 63
[  282.111739][ T5796] usb 5-1: Using ep0 maxpacket: 32
[  282.128697][ T5796] usb 5-1: config 88 has an invalid interface number: 35 but max is 3
[  282.141620][ T5796] usb 5-1: config 88 has an invalid interface number: 155 but max is 3
[  282.150280][ T5796] usb 5-1: config 88 has an invalid interface number: 96 but max is 3
[  282.168100][ T5796] usb 5-1: config 88 has an invalid interface number: 80 but max is 3
[  282.181044][ T5796] usb 5-1: config 88 has no interface number 0
[  282.188274][ T5796] usb 5-1: config 88 has no interface number 1
[  282.195271][ T5796] usb 5-1: config 88 has no interface number 2
[  282.201983][ T5796] usb 5-1: config 88 has no interface number 3
[  282.208973][ T5796] usb 5-1: config 88 interface 35 altsetting 248 endpoint 0xA has invalid maxpacket 1023, setting to 64
[  282.222526][ T5796] usb 5-1: config 88 interface 155 altsetting 255 has an invalid descriptor for endpoint zero, skipping
[  282.235069][ T5796] usb 5-1: config 88 interface 155 altsetting 255 endpoint 0x7 has invalid maxpacket 1023, setting to 64
[  282.255788][ T5796] usb 5-1: config 88 interface 155 altsetting 255 has an invalid descriptor for endpoint zero, skipping
[  282.268385][ T5796] usb 5-1: config 88 interface 155 altsetting 255 has an invalid descriptor for endpoint zero, skipping
[  282.280239][ T5796] usb 5-1: config 88 interface 80 altsetting 128 endpoint 0x5 has invalid maxpacket 1024, setting to 64
[  282.280626][   T30] audit: type=1400 audit(1778812955.866:488): avc:  denied  { listen } for  pid=8630 comm="syz.2.696" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  282.291803][ T5796] usb 5-1: config 88 interface 80 altsetting 128 endpoint 0xD has invalid maxpacket 2015, setting to 64
[  282.330849][ T5796] usb 5-1: config 88 interface 35 has no altsetting 0
[  282.338297][ T5796] usb 5-1: config 88 interface 155 has no altsetting 0
[  282.345267][ T5796] usb 5-1: config 88 interface 96 has no altsetting 0
[  282.352151][ T5796] usb 5-1: config 88 interface 80 has no altsetting 0
[  282.363101][ T5796] usb 5-1: New USB device found, idVendor=0471, idProduct=060c, bcdDevice=bc.41
[  282.372312][ T5796] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  282.380361][ T5796] usb 5-1: Product: syz
[  282.384552][ T5796] usb 5-1: Manufacturer: 㭳㢪䮉ꩯ�ꪆ����瓼槥�࿉呑脗栲뎊뒫鬄쓚σ傊픞�㰈變窳᫳ᇕ�抲츙뎥㛾᮷�ꛉ洆혯뤒렔W魜닊培ပ澷㞞싎掑蒺冮ﬧ秶ￔꭹ�䦺ꯊ켚
[  282.410300][ T5613] block nbd22: Receive control failed (result -32)
[  282.421647][ T5796] usb 5-1: SerialNumber: syz
[  282.462625][ T5732] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  282.619810][   T30] audit: type=1400 audit(1778812956.206:489): avc:  denied  { create } for  pid=8641 comm="syz.5.699" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  282.631421][ T5732] usb 4-1: Using ep0 maxpacket: 32
[  282.651784][ T8625] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  282.660536][ T5732] usb 4-1: config 0 has an invalid interface number: 61 but max is 1
[  282.664656][ T8625] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  282.675443][ T5732] usb 4-1: config 0 has no interface number 1
[  282.678752][   T30] audit: type=1400 audit(1778812956.226:490): avc:  denied  { mounton } for  pid=8641 comm="syz.5.699" path="/21/file0" dev="tmpfs" ino=133 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  282.692316][ T5732] usb 4-1: New USB device found, idVendor=2058, idProduct=1005, bcdDevice=b5.f6
[  282.740918][ T5732] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  282.749362][ T5732] usb 4-1: Product: syz
[  282.807886][ T5732] usb 4-1: Manufacturer: syz
[  282.824334][ T5732] usb 4-1: SerialNumber: syz
[  282.846737][ T5796] usb 5-1: USB disconnect, device number 27
[  282.860191][ T5732] usb 4-1: config 0 descriptor??
[  282.917447][ T8647] capability: warning: `syz.4.700' uses 32-bit capabilities (legacy support in use)
[  282.982272][ T5732] viperboard 4-1:0.61: version 0.00 found at bus 004 address 025
[  283.002115][ T5732] viperboard-i2c viperboard-i2c.2.auto: error -EIO: failure setting i2c_bus_freq to 100
[  283.017507][ T5732] viperboard-i2c viperboard-i2c.2.auto: probe with driver viperboard-i2c failed with error -5
[  283.256809][    C1] raw-gadget.1 gadget.3: ignoring, device is not running
[  283.277163][    C1] raw-gadget.1 gadget.3: ignoring, device is not running
[  283.293243][ T5732] viperboard 4-1:0.0: version 0.00 found at bus 004 address 025
[  283.392620][ T5732] viperboard-i2c viperboard-i2c.5.auto: error -EIO: failure setting i2c_bus_freq to 100
[  283.419122][ T5732] viperboard-i2c viperboard-i2c.5.auto: probe with driver viperboard-i2c failed with error -5
[  283.503338][ T5732] usb 4-1: USB disconnect, device number 25
[  283.548539][ T8658] binder: 8657:8658 ioctl c0306201 200000000240 returned -11
[  283.591804][ T8658] binder: 8657:8658 unknown command 0
[  283.628547][ T8658] binder: 8657:8658 ioctl c0306201 2000000002c0 returned -22
[  285.393121][ T8690] netlink: 216 bytes leftover after parsing attributes in process `syz.4.714'.
[  285.418013][ T8690] netlink: 'syz.4.714': attribute type 2 has an invalid length.
[  286.359396][ T8704] omfs: Invalid superblock (0)
[  287.463644][ T5849] block nbd0: Possible stuck request ffff8880285c7000: control (read@0,1024B). Runtime 210 seconds
[  287.474384][ T5849] block nbd0: Possible stuck request ffff8880285c71c0: control (read@1024,1024B). Runtime 210 seconds
[  287.486203][ T5849] block nbd0: Possible stuck request ffff8880285c7380: control (read@2048,1024B). Runtime 210 seconds
[  287.497236][ T5849] block nbd0: Possible stuck request ffff8880285c7540: control (read@3072,1024B). Runtime 210 seconds
[  287.964029][ T8718] FAULT_INJECTION: forcing a failure.
[  287.964029][ T8718] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  288.002556][   T30] audit: type=1400 audit(1778812961.586:491): avc:  denied  { bind } for  pid=8714 comm="syz.3.722" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  288.021715][ T8718] CPU: 0 UID: 0 PID: 8718 Comm: syz.5.721 Not tainted syzkaller #0 PREEMPT(full) 
[  288.021731][ T8718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  288.021737][ T8718] Call Trace:
[  288.021741][ T8718]  <TASK>
[  288.021745][ T8718]  dump_stack_lvl+0x100/0x190
[  288.021764][ T8718]  should_fail_ex.cold+0x5/0xa
[  288.021779][ T8718]  _copy_from_user+0x2e/0xd0
[  288.021797][ T8718]  kstrtouint_from_user+0xd6/0x1d0
[  288.021810][ T8718]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  288.021821][ T8718]  ? __lock_acquire+0x4a5/0x2630
[  288.021837][ T8718]  ? lock_acquire+0x1b1/0x370
[  288.021853][ T8718]  proc_fail_nth_write+0x83/0x220
[  288.021865][ T8718]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  288.021880][ T8718]  vfs_write+0x2aa/0x1070
[  288.021893][ T8718]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  288.021906][ T8718]  ? __pfx_vfs_write+0x10/0x10
[  288.021917][ T8718]  ? __fget_files+0x215/0x3d0
[  288.021933][ T8718]  ? __fget_files+0x21f/0x3d0
[  288.021950][ T8718]  ksys_write+0x12a/0x250
[  288.021962][ T8718]  ? __pfx_ksys_write+0x10/0x10
[  288.021975][ T8718]  ? rcu_is_watching+0x12/0xc0
[  288.021993][ T8718]  do_syscall_64+0x10b/0xf80
[  288.022009][ T8718]  ? clear_bhb_loop+0x40/0x90
[  288.022023][ T8718]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  288.022033][ T8718] RIP: 0033:0x7f17c315d68e
[  288.022043][ T8718] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  288.022053][ T8718] RSP: 002b:00007f17c3f99fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  288.022063][ T8718] RAX: ffffffffffffffda RBX: 00007f17c3f9a6c0 RCX: 00007f17c315d68e
[  288.022070][ T8718] RDX: 0000000000000001 RSI: 00007f17c3f9a0a0 RDI: 0000000000000004
[  288.022076][ T8718] RBP: 00007f17c3f9a090 R08: 0000000000000000 R09: 0000000000000000
[  288.022081][ T8718] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  288.022087][ T8718] R13: 00007f17c3416128 R14: 00007f17c3416090 R15: 00007fffb95caa88
[  288.022100][ T8718]  </TASK>
[  288.480679][ T5614] Bluetooth: hci4: command 0x0c1a tx timeout
[  289.826640][ T4995] block nbd12: Possible stuck request ffff888028a75080: control (read@0,1024B). Runtime 120 seconds
[  289.838706][ T4995] block nbd12: Possible stuck request ffff888028a75240: control (read@1024,1024B). Runtime 120 seconds
[  289.850206][ T4995] block nbd12: Possible stuck request ffff888028a75400: control (read@2048,1024B). Runtime 120 seconds
[  289.861405][ T4995] block nbd12: Possible stuck request ffff888028a755c0: control (read@3072,1024B). Runtime 120 seconds
[  290.051332][    T9] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[  290.395159][ T2842] block nbd1: Possible stuck request ffff888028620000: control (read@0,1024B). Runtime 210 seconds
[  290.406658][ T2842] block nbd1: Possible stuck request ffff8880286201c0: control (read@1024,1024B). Runtime 210 seconds
[  290.417968][ T2842] block nbd1: Possible stuck request ffff888028620380: control (read@2048,1024B). Runtime 210 seconds
[  290.450527][ T2842] block nbd1: Possible stuck request ffff888028620540: control (read@3072,1024B). Runtime 210 seconds
[  290.461302][ T1719] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  290.637470][ T1719] usb 6-1: unable to get BOS descriptor or descriptor too short
[  290.649345][ T1719] usb 6-1: config 0 has no interfaces?
[  290.668202][ T1719] usb 6-1: New USB device found, idVendor=1235, idProduct=0010, bcdDevice= 0.40
[  290.679559][ T1719] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  290.688963][ T1719] usb 6-1: Product: syz
[  290.693684][ T1719] usb 6-1: Manufacturer: syz
[  290.717574][ T1719] usb 6-1: SerialNumber: syz
[  290.779913][ T1719] usb 6-1: config 0 descriptor??
[  290.913214][    T9] usb 5-1: Using ep0 maxpacket: 32
[  290.923074][    T9] usb 5-1: config 0 has an invalid interface number: 61 but max is 1
[  290.931522][    T9] usb 5-1: config 0 has no interface number 1
[  290.944348][    T9] usb 5-1: New USB device found, idVendor=2058, idProduct=1005, bcdDevice=b5.f6
[  290.954742][ T8761] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  290.964439][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  290.972630][    T9] usb 5-1: Product: syz
[  290.976994][    T9] usb 5-1: Manufacturer: syz
[  290.981710][    T9] usb 5-1: SerialNumber: syz
[  290.989976][    T9] usb 5-1: config 0 descriptor??
[  291.019322][ T5712] usb 6-1: USB disconnect, device number 2
[  291.171317][ T1719] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  291.176051][    T9] viperboard 5-1:0.61: version 0.00 found at bus 005 address 028
[  291.202032][    T9] viperboard-i2c viperboard-i2c.2.auto: error -EIO: failure setting i2c_bus_freq to 100
[  291.225293][    T9] viperboard-i2c viperboard-i2c.2.auto: probe with driver viperboard-i2c failed with error -5
[  291.247210][    T9] viperboard 5-1:0.0: version 0.00 found at bus 005 address 028
[  291.396788][   T30] audit: type=1400 audit(1778812964.916:492): avc:  denied  { mount } for  pid=8765 comm="syz.0.737" name="/" dev="autofs" ino=22374 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1
[  291.429275][ T1719] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  291.440430][ T1719] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  291.450617][ T1719] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  291.458862][    T9] viperboard-i2c viperboard-i2c.5.auto: error -EIO: failure setting i2c_bus_freq to 100
[  291.484242][ T1719] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  291.493761][ T1719] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  291.504866][ T1719] usb 3-1: config 0 descriptor??
[  291.552781][    T9] viperboard-i2c viperboard-i2c.5.auto: probe with driver viperboard-i2c failed with error -5
[  291.578470][    T9] usb 5-1: USB disconnect, device number 28
[  292.103355][   T30] audit: type=1400 audit(1778812965.696:493): avc:  denied  { unmount } for  pid=5618 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1
[  292.767978][ T1719] hid_parser_main: 1 callbacks suppressed
[  292.768060][ T1719] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0
[  292.803319][   T30] audit: type=1400 audit(1778812966.356:494): avc:  denied  { read } for  pid=8786 comm="syz.5.742" name="msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  293.018059][   T30] audit: type=1400 audit(1778812966.356:495): avc:  denied  { open } for  pid=8786 comm="syz.5.742" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  293.042522][   T30] audit: type=1400 audit(1778812966.366:496): avc:  denied  { read write } for  pid=7360 comm="syz-executor" name="loop4" dev="devtmpfs" ino=651 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  293.071884][   T30] audit: type=1400 audit(1778812966.366:497): avc:  denied  { open } for  pid=7360 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=651 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  293.079439][ T1719] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0
[  293.100161][   T30] audit: type=1400 audit(1778812966.366:498): avc:  denied  { ioctl } for  pid=7360 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=651 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  293.631109][ T5849] block nbd9: Possible stuck request ffff888028945080: control (read@0,1024B). Runtime 150 seconds
[  293.643350][ T5849] block nbd9: Possible stuck request ffff888028945240: control (read@1024,1024B). Runtime 150 seconds
[  293.655982][ T5849] block nbd9: Possible stuck request ffff888028945400: control (read@2048,1024B). Runtime 150 seconds
[  293.670096][ T5849] block nbd9: Possible stuck request ffff8880289455c0: control (read@3072,1024B). Runtime 150 seconds
[  293.682290][   T30] audit: type=1400 audit(1778812966.426:499): avc:  denied  { create } for  pid=8786 comm="syz.5.742" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  293.706606][   T30] audit: type=1400 audit(1778812966.456:500): avc:  denied  { prog_load } for  pid=8786 comm="syz.5.742" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  293.731399][   T30] audit: type=1400 audit(1778812966.466:501): avc:  denied  { bpf } for  pid=8786 comm="syz.5.742" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  293.751997][   T30] audit: type=1400 audit(1778812966.466:502): avc:  denied  { perfmon } for  pid=8786 comm="syz.5.742" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  293.773021][   T30] audit: type=1400 audit(1778812966.476:503): avc:  denied  { create } for  pid=8786 comm="syz.5.742" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  293.798302][   T30] audit: type=1400 audit(1778812966.486:504): avc:  denied  { bind } for  pid=8786 comm="syz.5.742" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  293.850768][ T1719] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0
[  293.869928][ T8804] pim6reg: entered allmulticast mode
[  293.889443][ T1719] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0
[  293.977953][ T1719] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0
[  294.076426][ T1719] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0
[  294.192713][ T1719] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0
[  294.296950][ T1719] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0
[  294.417873][ T1719] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0
[  294.856941][ T8816] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[  294.866918][ T1719] plantronics 0003:047F:FFFF.000A: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  294.963952][ T1719] usb 3-1: USB disconnect, device number 28
[  294.995392][ T8812] syzkaller0: entered promiscuous mode
[  295.006668][ T8812] syzkaller0: entered allmulticast mode
[  297.636051][ T8843] nbd23: detected capacity change from 0 to 63
[  298.095882][   T30] kauditd_printk_skb: 48 callbacks suppressed
[  298.095897][   T30] audit: type=1400 audit(1778812971.686:553): avc:  denied  { read } for  pid=8862 comm="syz.5.758" name="card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  298.129500][   T30] audit: type=1400 audit(1778812971.716:554): avc:  denied  { open } for  pid=8862 comm="syz.5.758" path="/dev/dri/card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  298.161516][   T30] audit: type=1400 audit(1778812971.716:555): avc:  denied  { ioctl } for  pid=8862 comm="syz.5.758" path="/dev/dri/card1" dev="devtmpfs" ino=628 ioctlcmd=0x64a0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  298.409086][ T5613] block nbd23: Receive control failed (result -32)
[  298.912069][   T30] audit: type=1400 audit(1778812972.496:556): avc:  denied  { read } for  pid=8872 comm="syz.4.761" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  298.963793][   T30] audit: type=1400 audit(1778812972.496:557): avc:  denied  { open } for  pid=8872 comm="syz.4.761" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  299.007383][   T30] audit: type=1400 audit(1778812972.506:558): avc:  denied  { ioctl } for  pid=8872 comm="syz.4.761" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  299.671317][ T1227] usb 5-1: new full-speed USB device number 29 using dummy_hcd
[  300.122014][   T30] audit: type=1400 audit(1778812973.316:559): avc:  denied  { setopt } for  pid=8884 comm="syz.0.764" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  300.303061][ T4995] block nbd3: Possible stuck request ffff8880286f0000: control (read@0,1024B). Runtime 210 seconds
[  300.315672][ T4995] block nbd3: Possible stuck request ffff8880286f01c0: control (read@1024,1024B). Runtime 210 seconds
[  300.326952][ T4995] block nbd3: Possible stuck request ffff8880286f0380: control (read@2048,1024B). Runtime 210 seconds
[  300.342687][   T30] audit: type=1400 audit(1778812973.316:560): avc:  denied  { bind } for  pid=8884 comm="syz.0.764" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  300.362089][   T30] audit: type=1400 audit(1778812973.316:561): avc:  denied  { name_bind } for  pid=8884 comm="syz.0.764" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1
[  300.434728][ T4995] block nbd3: Possible stuck request ffff8880286f0540: control (read@3072,1024B). Runtime 210 seconds
[  300.446012][   T30] audit: type=1400 audit(1778812973.326:562): avc:  denied  { node_bind } for  pid=8884 comm="syz.0.764" saddr=::1 src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=sctp_socket permissive=1
[  300.471040][ T1227] usb 5-1: New USB device found, idVendor=04b8, idProduct=0202, bcdDevice= 0.40
[  300.502382][ T1227] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  300.577440][ T1227] usb 5-1: Product: syz
[  300.583239][ T1227] usb 5-1: Manufacturer: syz
[  300.589617][ T1227] usb 5-1: SerialNumber: syz
[  301.497673][ T1227] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 29 if 0 alt 0 proto 1 vid 0x04B8 pid 0x0202
[  302.311513][ T1227] usb 1-1: new high-speed USB device number 32 using dummy_hcd
[  302.567051][ T5849] block nbd10: Possible stuck request ffff8880289a5080: control (read@0,1024B). Runtime 150 seconds
[  302.578117][ T5849] block nbd10: Possible stuck request ffff8880289a5240: control (read@1024,1024B). Runtime 150 seconds
[  302.589292][ T5849] block nbd10: Possible stuck request ffff8880289a5400: control (read@2048,1024B). Runtime 150 seconds
[  302.600444][ T5849] block nbd10: Possible stuck request ffff8880289a55c0: control (read@3072,1024B). Runtime 150 seconds
[  302.635989][ T1227] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  302.656043][ T1227] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  302.679462][ T1227] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  302.691336][ T1227] usb 1-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  302.699748][ T1227] usb 1-1: Product: syz
[  302.705411][ T1227] usb 1-1: Manufacturer: syz
[  302.710094][ T1227] usb 1-1: SerialNumber: syz
[  302.723207][ T1227] usb 1-1: config 0 descriptor??
[  302.959008][ T1227] usb 1-1: USB disconnect, device number 32
[  303.031022][ T5725] usb 5-1: USB disconnect, device number 29
[  303.076285][ T5725] usblp0: removed
[  303.255940][   T30] kauditd_printk_skb: 23 callbacks suppressed
[  303.255956][   T30] audit: type=1400 audit(1778812976.846:586): avc:  denied  { watch watch_reads } for  pid=8931 comm="syz.5.776" path="/43" dev="tmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  303.361495][ T5613] Bluetooth: hci1: command 0x0406 tx timeout
[  303.593622][ T8932] ufs: You didn't specify the type of your ufs filesystem
[  303.593622][ T8932] 
[  303.593622][ T8932] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ...
[  303.593622][ T8932] 
[  303.593622][ T8932] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old
[  303.645062][ T8932] ufs: ufstype=old is supported read-only
[  303.703508][ T8932] ufs: ufs_fill_super(): bad magic number
[  304.009202][   T30] audit: type=1400 audit(1778812977.596:587): avc:  denied  { getopt } for  pid=8939 comm="syz.2.779" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  304.042103][   T30] audit: type=1400 audit(1778812977.616:588): avc:  denied  { unmount } for  pid=5618 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[  304.063064][   T30] audit: type=1400 audit(1778812977.656:589): avc:  denied  { allowed } for  pid=8939 comm="syz.2.779" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  304.113487][   T30] audit: type=1400 audit(1778812977.706:590): avc:  denied  { create } for  pid=8939 comm="syz.2.779" anonclass=[io_uring] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  304.172824][ T8941] netlink: 96 bytes leftover after parsing attributes in process `syz.2.779'.
[  304.189604][   T30] audit: type=1400 audit(1778812977.706:591): avc:  denied  { read } for  pid=8939 comm="syz.2.779" path="socket:[23304]" dev="sockfs" ino=23304 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  304.228003][   T30] audit: type=1400 audit(1778812977.756:592): avc:  denied  { name_bind } for  pid=8939 comm="syz.2.779" src=19997 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1
[  304.343936][   T30] audit: type=1400 audit(1778812977.916:593): avc:  denied  { name_connect } for  pid=8946 comm="syz.4.782" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=sctp_socket permissive=1
[  304.424438][ T8948] overlayfs: missing 'lowerdir'
[  304.777713][ T5849] block nbd4: Possible stuck request ffff888028767000: control (read@0,1024B). Runtime 210 seconds
[  304.789698][ T5849] block nbd4: Possible stuck request ffff8880287671c0: control (read@1024,1024B). Runtime 210 seconds
[  304.800810][ T5849] block nbd4: Possible stuck request ffff888028767380: control (read@2048,1024B). Runtime 210 seconds
[  304.811799][ T5849] block nbd4: Possible stuck request ffff888028767540: control (read@3072,1024B). Runtime 210 seconds
[  304.824035][   T30] audit: type=1400 audit(1778812977.916:594): avc:  denied  { listen } for  pid=8946 comm="syz.4.782" lport=54461 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  304.847711][   T30] audit: type=1400 audit(1778812977.916:595): avc:  denied  { accept } for  pid=8946 comm="syz.4.782" lport=54461 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  305.234265][  T804] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[  305.824107][  T804] usb 5-1: config 1 has an invalid interface number: 7 but max is 0
[  306.181812][  T804] usb 5-1: config 1 has no interface number 0
[  306.192167][  T804] usb 5-1: config 1 interface 7 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B
[  306.205241][  T804] usb 5-1: config 1 interface 7 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64
[  306.210689][ T8960] xt_hashlimit: size too large, truncated to 1048576
[  306.224930][  T804] usb 5-1: config 1 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  306.241549][  T804] usb 5-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00
[  306.251540][  T804] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  306.261305][  T804] usb 5-1: Product: syz
[  306.265543][  T804] usb 5-1: Manufacturer: syz
[  306.270240][  T804] usb 5-1: SerialNumber: syz
[  306.282596][ T8953] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  306.398301][ T4995] block nbd8: Possible stuck request ffff8880288ce000: control (read@0,1024B). Runtime 180 seconds
[  306.409269][ T4995] block nbd8: Possible stuck request ffff8880288ce1c0: control (read@1024,1024B). Runtime 180 seconds
[  306.420283][ T4995] block nbd8: Possible stuck request ffff8880288ce380: control (read@2048,1024B). Runtime 180 seconds
[  306.431891][ T4995] block nbd8: Possible stuck request ffff8880288ce540: control (read@3072,1024B). Runtime 180 seconds
[  306.633355][ T8953] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  307.018666][  T804] sierra_net 5-1:1.7 wwan0: register 'sierra_net' at usb-dummy_hcd.4-1, Sierra Wireless USB-to-WWAN Modem, 00:00:00:00:01:07
[  307.094248][ T8984] binder: 8983:8984 unknown command 0
[  307.114224][ T8984] binder: 8983:8984 ioctl c0306201 2000000002c0 returned -22
[  307.180025][ T8953] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  307.501462][ T8953] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  307.671721][ T5849] block nbd5: Possible stuck request ffff8880287d5080: control (read@0,1024B). Runtime 210 seconds
[  307.682595][ T5849] block nbd5: Possible stuck request ffff8880287d5240: control (read@1024,1024B). Runtime 210 seconds
[  307.693956][ T5849] block nbd5: Possible stuck request ffff8880287d5400: control (read@2048,1024B). Runtime 210 seconds
[  307.704986][ T5849] block nbd5: Possible stuck request ffff8880287d55c0: control (read@3072,1024B). Runtime 210 seconds
[  307.803437][  T804] sierra_net 5-1:1.7 wwan0: Submit SYNC failed -71
[  307.814371][  T804] sierra_net 5-1:1.7 wwan0: Send SYNC failed, status -71
[  307.882923][ T8997] overlayfs: missing 'lowerdir'
[  308.397608][  T804] sierra_net 5-1:1.7 wwan0: Submit SYNC failed -71
[  308.414063][  T804] sierra_net 5-1:1.7 wwan0: Send SYNC failed, status -71
[  308.431114][  T804] usb 5-1: USB disconnect, device number 30
[  308.440197][  T804] sierra_net 5-1:1.7 wwan0: unregister 'sierra_net' usb-dummy_hcd.4-1, Sierra Wireless USB-to-WWAN Modem
[  308.536116][   T30] kauditd_printk_skb: 13 callbacks suppressed
[  308.536130][   T30] audit: type=1400 audit(1778812982.116:609): avc:  denied  { unlink } for  pid=8991 comm="syz.5.792" name="#10" dev="tmpfs" ino=296 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  308.565774][ T9000] FAULT_INJECTION: forcing a failure.
[  308.565774][ T9000] name failslab, interval 1, probability 0, space 0, times 0
[  308.589203][ T9000] CPU: 0 UID: 0 PID: 9000 Comm: syz.4.794 Not tainted syzkaller #0 PREEMPT(full) 
[  308.589228][ T9000] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  308.589238][ T9000] Call Trace:
[  308.589244][ T9000]  <TASK>
[  308.589251][ T9000]  dump_stack_lvl+0x100/0x190
[  308.589277][ T9000]  should_fail_ex.cold+0x5/0xa
[  308.589302][ T9000]  should_failslab+0xc2/0x120
[  308.589321][ T9000]  __kmalloc_cache_noprof+0x7a/0x6f0
[  308.589347][ T9000]  ? ah6_init_state+0xbd/0x7c0
[  308.589377][ T9000]  ah6_init_state+0xbd/0x7c0
[  308.589404][ T9000]  __xfrm_init_state+0x842/0x1cf0
[  308.589433][ T9000]  xfrm_add_sa+0x274f/0x5e80
[  308.589462][ T9000]  ? __pfx_xfrm_add_sa+0x10/0x10
[  308.589486][ T9000]  ? __nla_parse+0x40/0x60
[  308.589510][ T9000]  ? __pfx_xfrm_add_sa+0x10/0x10
[  308.589538][ T9000]  xfrm_user_rcv_msg+0x483/0xbd0
[  308.589564][ T9000]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  308.589586][ T9000]  ? kfree_skbmem+0x19f/0x210
[  308.589607][ T9000]  ? consume_skb+0xd6/0x110
[  308.589651][ T9000]  ? rcu_is_watching+0x12/0xc0
[  308.589678][ T9000]  ? trace_contention_end+0x122/0x170
[  308.589703][ T9000]  ? __mutex_lock+0x26d/0x1b10
[  308.589731][ T9000]  netlink_rcv_skb+0x159/0x420
[  308.589752][ T9000]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  308.589775][ T9000]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  308.589813][ T9000]  xfrm_netlink_rcv+0x71/0x90
[  308.589834][ T9000]  netlink_unicast+0x585/0x850
[  308.589861][ T9000]  ? __pfx_netlink_unicast+0x10/0x10
[  308.589890][ T9000]  netlink_sendmsg+0x8b0/0xda0
[  308.589918][ T9000]  ? __pfx_netlink_sendmsg+0x10/0x10
[  308.589938][ T9000]  ? __might_fault+0x30/0x140
[  308.589971][ T9000]  ____sys_sendmsg+0x9e1/0xb70
[  308.589992][ T9000]  ? __pfx_netlink_sendmsg+0x10/0x10
[  308.590017][ T9000]  ? __pfx_____sys_sendmsg+0x10/0x10
[  308.590049][ T9000]  ___sys_sendmsg+0x190/0x1e0
[  308.590073][ T9000]  ? __pfx____sys_sendmsg+0x10/0x10
[  308.590121][ T9000]  __sys_sendmsg+0x170/0x220
[  308.590138][ T9000]  ? __pfx___sys_sendmsg+0x10/0x10
[  308.590164][ T9000]  ? rcu_is_watching+0x12/0xc0
[  308.590194][ T9000]  do_syscall_64+0x10b/0xf80
[  308.590216][ T9000]  ? clear_bhb_loop+0x40/0x90
[  308.590236][ T9000]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  308.590251][ T9000] RIP: 0033:0x7f757c79ce59
[  308.590265][ T9000] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  308.590280][ T9000] RSP: 002b:00007f757d61a028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  308.590297][ T9000] RAX: ffffffffffffffda RBX: 00007f757ca15fa0 RCX: 00007f757c79ce59
[  308.590307][ T9000] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003
[  308.590317][ T9000] RBP: 00007f757d61a090 R08: 0000000000000000 R09: 0000000000000000
[  308.590327][ T9000] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  308.590336][ T9000] R13: 00007f757ca16038 R14: 00007f757ca15fa0 R15: 00007fff16dd47d8
[  308.590359][ T9000]  </TASK>
[  308.882634][  T804] sierra_net 5-1:1.7 wwan0 (unregistered): usb_control_msg failed, status -19
[  309.021519][ T5983] block nbd6: Possible stuck request ffff888028830000: control (read@0,1024B). Runtime 210 seconds
[  309.032429][ T5983] block nbd6: Possible stuck request ffff8880288301c0: control (read@1024,1024B). Runtime 210 seconds
[  309.045295][ T4995] block nbd11: Possible stuck request ffff888028a00000: control (read@0,1024B). Runtime 150 seconds
[  309.045326][   T30] audit: type=1400 audit(1778812982.606:610): avc:  denied  { read write } for  pid=9001 comm="syz.2.795" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  309.056106][ T5983] block nbd6: Possible stuck request ffff888028830380: control (read@2048,1024B). Runtime 210 seconds
[  309.056128][ T5983] block nbd6: Possible stuck request ffff888028830540: control (read@3072,1024B). Runtime 210 seconds
[  309.101892][   T30] audit: type=1400 audit(1778812982.606:611): avc:  denied  { open } for  pid=9001 comm="syz.2.795" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  309.187374][ T9008] overlayfs: missing 'lowerdir'
[  309.564027][ T4995] block nbd11: Possible stuck request ffff888028a001c0: control (read@1024,1024B). Runtime 150 seconds
[  309.575275][ T4995] block nbd11: Possible stuck request ffff888028a00380: control (read@2048,1024B). Runtime 150 seconds
[  309.587049][ T4995] block nbd11: Possible stuck request ffff888028a00540: control (read@3072,1024B). Runtime 150 seconds
[  309.608445][   T30] audit: type=1400 audit(1778812983.196:612): avc:  denied  { map } for  pid=9001 comm="syz.2.795" path="/dev/video5" dev="devtmpfs" ino=937 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[  309.638272][ T9002] loop4: detected capacity change from 0 to 2640
[  309.647907][ T9002] buffer_io_error: 138 callbacks suppressed
[  309.647917][ T9002] Buffer I/O error on dev loop4, logical block 0, async page read
[  309.677405][   T30] audit: type=1400 audit(1778812983.196:613): avc:  denied  { execute } for  pid=9001 comm="syz.2.795" path="/dev/video5" dev="devtmpfs" ino=937 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[  309.713936][ T9002] Buffer I/O error on dev loop4, logical block 0, async page read
[  309.735147][ T9002] Buffer I/O error on dev loop4, logical block 0, async page read
[  309.752552][   T30] audit: type=1400 audit(1778812983.266:614): avc:  denied  { unmount } for  pid=5619 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  309.753044][ T9002] Buffer I/O error on dev loop4, logical block 0, async page read
[  309.787454][ T9002] Buffer I/O error on dev loop4, logical block 0, async page read
[  309.795554][ T9002] Buffer I/O error on dev loop4, logical block 0, async page read
[  309.834131][   T30] audit: type=1400 audit(1778812983.296:615): avc:  denied  { unmount } for  pid=5619 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  309.921613][ T9002] Buffer I/O error on dev loop4, logical block 0, async page read
[  309.940511][ T9002] Buffer I/O error on dev loop4, logical block 0, async page read
[  309.966524][ T9002] ldm_validate_partition_table(): Disk read failed.
[  309.985041][ T9002] Buffer I/O error on dev loop4, logical block 0, async page read
[  309.994529][ T9002] Buffer I/O error on dev loop4, logical block 0, async page read
[  310.004736][ T9002] Dev loop4: unable to read RDB block 0
[  310.021525][ T9002]  loop4: unable to read partition table
[  310.029492][ T9002] loop_reread_partitions: partition scan of loop4 (3Ÿ¾‚³˜) failed (rc=-5)
[  310.082725][ T4980] ldm_validate_partition_table(): Disk read failed.
[  310.105944][ T4980] Dev loop4: unable to read RDB block 0
[  310.114347][ T4980]  loop4: unable to read partition table
[  310.247683][ T4995] block nbd7: Possible stuck request ffff888028860000: control (read@0,1024B). Runtime 210 seconds
[  310.258698][ T4995] block nbd7: Possible stuck request ffff8880288601c0: control (read@1024,1024B). Runtime 210 seconds
[  310.270074][ T4995] block nbd7: Possible stuck request ffff888028860380: control (read@2048,1024B). Runtime 210 seconds
[  310.286802][ T4995] block nbd7: Possible stuck request ffff888028860540: control (read@3072,1024B). Runtime 210 seconds
[  310.511732][   T30] audit: type=1400 audit(1778812984.096:616): avc:  denied  { write } for  pid=9018 comm="syz.4.801" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  310.585124][   T30] audit: type=1400 audit(1778812984.096:617): avc:  denied  { read } for  pid=9018 comm="syz.4.801" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  310.777365][   T30] audit: type=1400 audit(1778812984.366:618): avc:  denied  { create } for  pid=9026 comm="syz.2.803" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[  311.348638][ T9036] overlayfs: missing 'lowerdir'
[  311.709253][ T1312] ieee802154 phy0 wpan0: encryption failed: -22
[  311.717714][ T1312] ieee802154 phy1 wpan1: encryption failed: -22
[  311.771189][ T9041] binder: 9038:9041 ioctl c0306201 2000000001c0 returned -14
[  311.797342][ T9041] binder: 9038:9041 unknown command 0
[  311.836633][ T9041] binder: 9038:9041 ioctl c0306201 2000000002c0 returned -22
[  312.661159][ T9058] overlayfs: missing 'lowerdir'
[  313.523099][ T9067] fuse: Bad value for 'fd'
[  314.947959][   T30] kauditd_printk_skb: 3 callbacks suppressed
[  314.947979][   T30] audit: type=1400 audit(1778812988.536:622): avc:  denied  { ioctl } for  pid=9083 comm="syz.0.818" path="socket:[23548]" dev="sockfs" ino=23548 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  315.038381][ T9086] FAULT_INJECTION: forcing a failure.
[  315.038381][ T9086] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  315.051596][  T804] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[  315.089610][ T9086] CPU: 0 UID: 0 PID: 9086 Comm: syz.0.818 Not tainted syzkaller #0 PREEMPT(full) 
[  315.089635][ T9086] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  315.089644][ T9086] Call Trace:
[  315.089650][ T9086]  <TASK>
[  315.089657][ T9086]  dump_stack_lvl+0x100/0x190
[  315.089680][ T9086]  should_fail_ex.cold+0x5/0xa
[  315.089696][ T9086]  _copy_from_user+0x2e/0xd0
[  315.089713][ T9086]  copy_msghdr_from_user+0x9f/0x4f0
[  315.089728][ T9086]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  315.089748][ T9086]  ___sys_sendmsg+0x106/0x1e0
[  315.089764][ T9086]  ? __pfx____sys_sendmsg+0x10/0x10
[  315.089795][ T9086]  __sys_sendmsg+0x170/0x220
[  315.089805][ T9086]  ? __pfx___sys_sendmsg+0x10/0x10
[  315.089821][ T9086]  ? rcu_is_watching+0x12/0xc0
[  315.089839][ T9086]  do_syscall_64+0x10b/0xf80
[  315.089855][ T9086]  ? clear_bhb_loop+0x40/0x90
[  315.089868][ T9086]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  315.089879][ T9086] RIP: 0033:0x7fec0059ce59
[  315.089888][ T9086] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  315.089899][ T9086] RSP: 002b:00007fec013bf028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  315.089910][ T9086] RAX: ffffffffffffffda RBX: 00007fec00816090 RCX: 00007fec0059ce59
[  315.089917][ T9086] RDX: 0000000004000010 RSI: 0000200000000280 RDI: 0000000000000007
[  315.089923][ T9086] RBP: 00007fec013bf090 R08: 0000000000000000 R09: 0000000000000000
[  315.089929][ T9086] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  315.089935][ T9086] R13: 00007fec00816128 R14: 00007fec00816090 R15: 00007ffd9b6ff7b8
[  315.089948][ T9086]  </TASK>
[  315.334852][  T804] usb 5-1: unable to get BOS descriptor or descriptor too short
[  315.344184][  T804] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 64, changing to 7
[  315.369173][  T804] usb 5-1: New USB device found, idVendor=0582, idProduct=004c, bcdDevice= 0.40
[  315.381895][  T804] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  315.392190][  T804] usb 5-1: Product: syz
[  315.398381][  T804] usb 5-1: Manufacturer: syz
[  315.403460][  T804] usb 5-1: SerialNumber: syz
[  315.768041][  T804] usb 5-1: 1:1 : UAC_AS_GENERAL descriptor not found
[  315.957064][  T804] usb 5-1: 2:1 : unknown format tag 0x4 is detected.  processed as MPEG.
[  315.983403][  T804] usb 5-1: found format II with max.bitrate = 4, frame size=7372
[  316.304716][   T30] audit: type=1400 audit(1778812989.896:623): avc:  denied  { bind } for  pid=9108 comm="syz.0.825" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  316.778040][  T804] usb 5-1: invalid uac2 rates
[  316.784962][  T804] usb 5-1: invalid uac2 rates
[  316.795645][  T804] usb 5-1: 2:1 : unknown format tag 0x4 is detected.  processed as MPEG.
[  316.805045][  T804] usb 5-1: found format II with max.bitrate = 4, frame size=7372
[  316.813804][ T9112] netlink: 4 bytes leftover after parsing attributes in process `syz.0.825'.
[  316.823432][  T804] usb 5-1: parse_audio_format_rates_v2v3(): unable to retrieve number of sample rates (clock 0)
[  317.566818][   T30] audit: type=1400 audit(1778812990.756:624): avc:  denied  { create } for  pid=9114 comm="syz.5.826" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  317.685123][   T30] audit: type=1400 audit(1778812990.766:625): avc:  denied  { getopt } for  pid=9114 comm="syz.5.826" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  317.694620][  T804] usb 5-1: USB disconnect, device number 31
[  317.912639][ T5849] block nbd0: Possible stuck request ffff8880285c7000: control (read@0,1024B). Runtime 240 seconds
[  317.923616][ T5849] block nbd0: Possible stuck request ffff8880285c71c0: control (read@1024,1024B). Runtime 240 seconds
[  317.953952][ T5849] block nbd0: Possible stuck request ffff8880285c7380: control (read@2048,1024B). Runtime 240 seconds
[  317.969817][ T5849] block nbd0: Possible stuck request ffff8880285c7540: control (read@3072,1024B). Runtime 240 seconds
[  318.591350][ T5725] usb 1-1: new full-speed USB device number 33 using dummy_hcd
[  319.361301][ T5725] usb 1-1: device descriptor read/64, error -71
[  319.747115][   T30] audit: type=1400 audit(1778812993.326:626): avc:  denied  { write } for  pid=9137 comm="syz.2.835" name="file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[  319.747147][   T30] audit: type=1400 audit(1778812993.326:627): avc:  denied  { open } for  pid=9137 comm="syz.2.835" path="/171/file0/file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[  319.807506][ T5725] usb 1-1: new full-speed USB device number 34 using dummy_hcd
[  319.951408][ T5725] usb 1-1: device descriptor read/64, error -71
[  320.050140][ T9154] netlink: 'syz.3.839': attribute type 1 has an invalid length.
[  320.061958][ T5725] usb usb1-port1: attempt power cycle
[  320.069433][   T30] audit: type=1400 audit(1778812993.656:628): avc:  denied  { lock } for  pid=9153 comm="syz.3.839" path="socket:[24714]" dev="sockfs" ino=24714 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  320.272585][   T30] audit: type=1400 audit(1778812993.656:629): avc:  denied  { write } for  pid=9153 comm="syz.3.839" path="socket:[24718]" dev="sockfs" ino=24718 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  320.330294][   T30] audit: type=1400 audit(1778812993.916:630): avc:  denied  { wake_alarm } for  pid=9153 comm="syz.3.839" capability=35  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  320.353625][   T12] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  320.423928][    T9] usb 4-1: new full-speed USB device number 26 using dummy_hcd
[  320.529126][ T5849] block nbd1: Possible stuck request ffff888028620000: control (read@0,1024B). Runtime 240 seconds
[  320.529225][ T4995] block nbd12: Possible stuck request ffff888028a75080: control (read@0,1024B). Runtime 150 seconds
[  320.542574][ T5849] block nbd1: Possible stuck request ffff8880286201c0: control (read@1024,1024B). Runtime 240 seconds
[  320.563041][ T5725] usb 1-1: new full-speed USB device number 35 using dummy_hcd
[  320.573933][ T5849] block nbd1: Possible stuck request ffff888028620380: control (read@2048,1024B). Runtime 240 seconds
[  320.575526][ T4995] block nbd12: Possible stuck request ffff888028a75240: control (read@1024,1024B). Runtime 150 seconds
[  320.596384][ T5849] block nbd1: Possible stuck request ffff888028620540: control (read@3072,1024B). Runtime 240 seconds
[  320.638053][ T5725] usb 1-1: device descriptor read/8, error -71
[  320.647405][ T4995] block nbd12: Possible stuck request ffff888028a75400: control (read@2048,1024B). Runtime 150 seconds
[  320.667485][ T4995] block nbd12: Possible stuck request ffff888028a755c0: control (read@3072,1024B). Runtime 150 seconds
[  321.032079][ T5725] usb 1-1: new full-speed USB device number 36 using dummy_hcd
[  321.077851][ T5725] usb 1-1: device descriptor read/8, error -71
[  321.290537][ T5725] usb usb1-port1: unable to enumerate USB device
[  323.345572][   T30] audit: type=1400 audit(1778812996.936:631): avc:  denied  { mounton } for  pid=9159 comm="syz.3.840" path="/152/file0" dev="tmpfs" ino=839 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=fifo_file permissive=1
[  323.674203][ T5849] block nbd9: Possible stuck request ffff888028945080: control (read@0,1024B). Runtime 180 seconds
[  323.831703][ T5849] block nbd9: Possible stuck request ffff888028945240: control (read@1024,1024B). Runtime 180 seconds
[  323.886401][ T5849] block nbd9: Possible stuck request ffff888028945400: control (read@2048,1024B). Runtime 180 seconds
[  323.902150][ T5849] block nbd9: Possible stuck request ffff8880289455c0: control (read@3072,1024B). Runtime 180 seconds
[  323.993334][   T30] audit: type=1400 audit(1778812997.586:632): avc:  denied  { read } for  pid=9159 comm="syz.3.840" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  324.281345][ T5796] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  324.873357][ T5796] usb 6-1: config index 0 descriptor too short (expected 29287, got 96)
[  324.883207][ T5796] usb 6-1: config 117 has too many interfaces: 111, using maximum allowed: 32
[  324.938354][ T5796] usb 6-1: config 117 has an invalid descriptor of length 100, skipping remainder of the config
[  324.997659][ T5796] usb 6-1: config 117 has 0 interfaces, different from the descriptor's value: 111
[  325.030399][ T5796] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  325.057777][ T5796] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  325.097458][ T5796] usb 6-1: Product: syz
[  325.126991][ T5796] usb 6-1: Manufacturer: syz
[  325.476116][ T9202] netlink: 'syz.2.851': attribute type 10 has an invalid length.
[  325.486459][ T9202] team0: Device batadv0 is up. Set it down before adding it as a team port
[  325.503283][ T9202] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check.
[  326.966162][ T5796] usb 6-1: USB disconnect, device number 3
[  327.203413][ T9230] netlink: 209852 bytes leftover after parsing attributes in process `syz.5.858'.
[  327.258395][   T30] audit: type=1400 audit(1778813000.836:633): avc:  denied  { ioctl } for  pid=9229 comm="syz.5.858" path="socket:[24979]" dev="sockfs" ino=24979 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  327.266940][ T9233] netlink: 4 bytes leftover after parsing attributes in process `syz.4.859'.
[  327.306760][   T30] audit: type=1400 audit(1778813000.846:634): avc:  denied  { read write } for  pid=9229 comm="syz.5.858" name="vhost-net" dev="devtmpfs" ino=1273 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[  327.331651][   T30] audit: type=1400 audit(1778813000.846:635): avc:  denied  { open } for  pid=9229 comm="syz.5.858" path="/dev/vhost-net" dev="devtmpfs" ino=1273 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[  327.395092][   T30] audit: type=1400 audit(1778813000.846:636): avc:  denied  { ioctl } for  pid=9229 comm="syz.5.858" path="/dev/vhost-net" dev="devtmpfs" ino=1273 ioctlcmd=0xaf01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[  327.447514][   T30] audit: type=1400 audit(1778813000.876:637): avc:  denied  { connect } for  pid=9229 comm="syz.5.858" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  328.359507][   T30] audit: type=1400 audit(1778813001.846:638): avc:  denied  { read } for  pid=9227 comm="syz.0.857" name="rdma_cm" dev="devtmpfs" ino=1270 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1
[  328.515120][   T30] audit: type=1400 audit(1778813001.846:639): avc:  denied  { open } for  pid=9227 comm="syz.0.857" path="/dev/infiniband/rdma_cm" dev="devtmpfs" ino=1270 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1
[  329.014217][   T30] audit: type=1400 audit(1778813001.916:640): avc:  denied  { read write } for  pid=9232 comm="syz.4.859" name="ptp0" dev="devtmpfs" ino=1265 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  329.296703][   T30] audit: type=1400 audit(1778813001.916:641): avc:  denied  { open } for  pid=9232 comm="syz.4.859" path="/dev/ptp0" dev="devtmpfs" ino=1265 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  329.488421][   T30] audit: type=1400 audit(1778813001.976:642): avc:  denied  { ioctl } for  pid=9232 comm="syz.4.859" path="/dev/ptp0" dev="devtmpfs" ino=1265 ioctlcmd=0x3d11 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  329.918297][ T5614] Bluetooth: hci5: link tx timeout
[  329.925828][ T5614] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  330.112580][ T9259] lo speed is unknown, defaulting to 1000
[  330.120563][ T9259] lo speed is unknown, defaulting to 1000
[  330.135117][ T9259] lo speed is unknown, defaulting to 1000
[  330.164699][ T9259] smbdirect: ib_dev[syz2]: added: RNIC max_fast_reg_page_list_len=256 device_cap_flags=0x200000 kernel_cap_flags=0x10 page_size_cap=0x1000
[  330.276298][ T9259] smbdirect: ib_dev[syz2]: num_ports=1 max_qp_rd_atom=128 max_qp_init_rd_atom=128 max_sgl_rd=0 max_sge_rd=1 max_cqe=3276800 max_qp_wr=32768 max_send_sge=6 max_recv_sge=6
[  330.297841][ T9270] netlink: 28 bytes leftover after parsing attributes in process `syz.2.868'.
[  330.330909][ T9259] smbdirect: ib_dev[syz2]PORT[1]: iwarp=1 ib=0 roce=0 v1=0 v2=0 core_cap_flags=0x400008
[  330.387256][ T9259] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  330.465558][ T9259] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  330.532336][ T9273] nbd24: detected capacity change from 0 to 63
[  331.113960][ T4995] block nbd3: Possible stuck request ffff8880286f0000: control (read@0,1024B). Runtime 240 seconds
[  331.129727][ T4995] block nbd3: Possible stuck request ffff8880286f01c0: control (read@1024,1024B). Runtime 240 seconds
[  331.140855][ T4995] block nbd3: Possible stuck request ffff8880286f0380: control (read@2048,1024B). Runtime 240 seconds
[  331.151916][ T4995] block nbd3: Possible stuck request ffff8880286f0540: control (read@3072,1024B). Runtime 240 seconds
[  331.315825][ T5613] block nbd24: Receive control failed (result -32)
[  331.995873][ T5613] Bluetooth: hci5: command 0x0406 tx timeout
[  332.087977][ T9259] lo speed is unknown, defaulting to 1000
[  332.104596][ T9259] lo speed is unknown, defaulting to 1000
[  332.569351][ T9259] lo speed is unknown, defaulting to 1000
[  332.588006][ T9259] lo speed is unknown, defaulting to 1000
[  332.617632][ T9259] lo speed is unknown, defaulting to 1000
[  332.645046][ T5849] block nbd10: Possible stuck request ffff8880289a5080: control (read@0,1024B). Runtime 180 seconds
[  332.657161][ T5849] block nbd10: Possible stuck request ffff8880289a5240: control (read@1024,1024B). Runtime 180 seconds
[  332.668353][ T5849] block nbd10: Possible stuck request ffff8880289a5400: control (read@2048,1024B). Runtime 180 seconds
[  332.679560][ T5849] block nbd10: Possible stuck request ffff8880289a55c0: control (read@3072,1024B). Runtime 180 seconds
[  332.970313][ T9259] lo speed is unknown, defaulting to 1000
[  332.992187][ T9259] lo speed is unknown, defaulting to 1000
[  332.999599][   T30] kauditd_printk_skb: 8 callbacks suppressed
[  332.999611][   T30] audit: type=1400 audit(1778813006.586:651): avc:  denied  { create } for  pid=9303 comm="syz.4.878" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  333.170632][ T9308] comedi comedi2: ni_at_a2150: I/O base address or length out of range
[  333.179559][   T30] audit: type=1400 audit(1778813006.756:652): avc:  denied  { append } for  pid=9303 comm="syz.4.878" name="comedi2" dev="devtmpfs" ino=1277 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  333.321673][ T1227] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  333.482444][ T1227] usb 3-1: Using ep0 maxpacket: 16
[  333.494222][ T1227] usb 3-1: config 0 has an invalid interface number: 132 but max is 0
[  333.500242][ T9310] syzkaller0: entered promiscuous mode
[  333.503717][ T1227] usb 3-1: config 0 has no interface number 0
[  333.509015][ T9310] syzkaller0: entered allmulticast mode
[  333.516218][ T1227] usb 3-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25
[  333.555050][ T1227] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  333.568928][ T1227] usb 3-1: Product: syz
[  333.573403][ T1227] usb 3-1: Manufacturer: syz
[  333.578346][ T1227] usb 3-1: SerialNumber: syz
[  333.653687][   T30] audit: type=1400 audit(1778813007.176:653): avc:  denied  { mount } for  pid=9315 comm="syz.5.880" name="/" dev="autofs" ino=25118 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1
[  333.715933][ T1227] usb 3-1: config 0 descriptor??
[  333.728475][ T1227] hub 3-1:0.132: bad descriptor, ignoring hub
[  333.738770][ T1227] hub 3-1:0.132: probe with driver hub failed with error -5
[  333.762984][ T1227] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.132/input/input12
[  333.786514][   T30] audit: type=1400 audit(1778813007.376:654): avc:  denied  { read } for  pid=4965 comm="acpid" name="mouse1" dev="devtmpfs" ino=3076 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  333.826795][   T30] audit: type=1400 audit(1778813007.376:655): avc:  denied  { open } for  pid=4965 comm="acpid" path="/dev/input/mouse1" dev="devtmpfs" ino=3076 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  334.040433][   T30] audit: type=1400 audit(1778813007.626:656): avc:  denied  { read } for  pid=9299 comm="syz.2.876" name="mice" dev="devtmpfs" ino=916 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  334.065547][   T30] audit: type=1400 audit(1778813007.626:657): avc:  denied  { open } for  pid=9299 comm="syz.2.876" path="/dev/input/mice" dev="devtmpfs" ino=916 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  334.110364][ T9322] sock: sock_timestamping_bind_phc: sock not bind to device
[  334.143926][ T9322] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  334.157948][ T9322] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  334.271347][   T30] audit: type=1400 audit(1778813007.856:658): avc:  denied  { unmount } for  pid=8088 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1
[  334.528915][   T30] audit: type=1400 audit(1778813008.106:659): avc:  denied  { map } for  pid=9323 comm="syz.4.881" path="/dev/dri/card0" dev="devtmpfs" ino=627 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  334.563608][   T30] audit: type=1400 audit(1778813008.106:660): avc:  denied  { execute } for  pid=9323 comm="syz.4.881" path="/dev/dri/card0" dev="devtmpfs" ino=627 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  335.209565][ T5849] block nbd4: Possible stuck request ffff888028767000: control (read@0,1024B). Runtime 240 seconds
[  335.230434][ T5849] block nbd4: Possible stuck request ffff8880287671c0: control (read@1024,1024B). Runtime 240 seconds
[  335.242278][ T5849] block nbd4: Possible stuck request ffff888028767380: control (read@2048,1024B). Runtime 240 seconds
[  335.253364][ T5849] block nbd4: Possible stuck request ffff888028767540: control (read@3072,1024B). Runtime 240 seconds
[  336.500766][ T4995] block nbd8: Possible stuck request ffff8880288ce000: control (read@0,1024B). Runtime 210 seconds
[  336.518039][ T4995] block nbd8: Possible stuck request ffff8880288ce1c0: control (read@1024,1024B). Runtime 210 seconds
[  336.531321][ T4995] block nbd8: Possible stuck request ffff8880288ce380: control (read@2048,1024B). Runtime 210 seconds
[  336.542709][ T4995] block nbd8: Possible stuck request ffff8880288ce540: control (read@3072,1024B). Runtime 210 seconds
[  337.498705][ T9369] binder: 9368:9369 ioctl c0306201 2000000001c0 returned -14
[  337.817816][ T5849] block nbd5: Possible stuck request ffff8880287d5080: control (read@0,1024B). Runtime 240 seconds
[  337.829110][ T5849] block nbd5: Possible stuck request ffff8880287d5240: control (read@1024,1024B). Runtime 240 seconds
[  337.840265][ T5849] block nbd5: Possible stuck request ffff8880287d5400: control (read@2048,1024B). Runtime 240 seconds
[  337.851297][ T5849] block nbd5: Possible stuck request ffff8880287d55c0: control (read@3072,1024B). Runtime 240 seconds
[  338.924405][ T1719] usb 3-1: USB disconnect, device number 29
[  339.714457][ T4995] block nbd11: Possible stuck request ffff888028a00000: control (read@0,1024B). Runtime 180 seconds
[  339.725413][ T4995] block nbd11: Possible stuck request ffff888028a001c0: control (read@1024,1024B). Runtime 180 seconds
[  339.736672][ T4995] block nbd11: Possible stuck request ffff888028a00380: control (read@2048,1024B). Runtime 180 seconds
[  339.748163][ T4995] block nbd11: Possible stuck request ffff888028a00540: control (read@3072,1024B). Runtime 180 seconds
[  339.759455][ T5983] block nbd6: Possible stuck request ffff888028830000: control (read@0,1024B). Runtime 240 seconds
[  339.770263][ T5983] block nbd6: Possible stuck request ffff8880288301c0: control (read@1024,1024B). Runtime 240 seconds
[  339.781634][ T5983] block nbd6: Possible stuck request ffff888028830380: control (read@2048,1024B). Runtime 240 seconds
[  339.792851][ T5983] block nbd6: Possible stuck request ffff888028830540: control (read@3072,1024B). Runtime 240 seconds
[  339.911378][ T5732] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[  340.096106][ T5732] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  340.106642][ T5732] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  340.118076][ T5732] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  340.127549][ T5732] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  340.135771][ T5732] usb 3-1: SerialNumber: syz
[  340.313438][ T5983] block nbd7: Possible stuck request ffff888028860000: control (read@0,1024B). Runtime 240 seconds
[  340.324680][ T5983] block nbd7: Possible stuck request ffff8880288601c0: control (read@1024,1024B). Runtime 240 seconds
[  340.335732][ T5983] block nbd7: Possible stuck request ffff888028860380: control (read@2048,1024B). Runtime 240 seconds
[  340.346734][ T5983] block nbd7: Possible stuck request ffff888028860540: control (read@3072,1024B). Runtime 240 seconds
[  340.995505][ T9408] syz.4.905 (9408): drop_caches: 4
[  342.709547][ T5732] usb 3-1: invalid UAC_HEADER (v1)
[  342.788277][   T30] kauditd_printk_skb: 6 callbacks suppressed
[  342.788292][   T30] audit: type=1400 audit(1778813016.376:667): avc:  denied  { bind } for  pid=9433 comm="syz.5.910" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  344.610001][   T30] audit: type=1400 audit(1778813016.406:668): avc:  denied  { node_bind } for  pid=9433 comm="syz.5.910" saddr=224.0.0.1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1
[  344.634691][   T30] audit: type=1400 audit(1778813017.756:669): avc:  denied  { getopt } for  pid=9436 comm="syz.4.911" lport=255 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  344.674321][   T30] audit: type=1400 audit(1778813017.966:670): avc:  denied  { ioctl } for  pid=9448 comm="syz.2.914" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=25342 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  344.709077][ T5732] snd-usb-audio 3-1:1.0: probe with driver snd-usb-audio failed with error -22
[  344.720180][ T5732] usb 3-1: USB disconnect, device number 30
[  344.796811][ T9456] netlink: 16 bytes leftover after parsing attributes in process `syz.0.917'.
[  345.137991][   T30] audit: type=1400 audit(1778813018.726:671): avc:  denied  { shutdown } for  pid=9448 comm="syz.2.914" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  345.317737][   T30] audit: type=1400 audit(1778813018.746:672): avc:  denied  { read } for  pid=9448 comm="syz.2.914" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  345.398291][   T30] audit: type=1400 audit(1778813018.886:673): avc:  denied  { read write } for  pid=9469 comm="syz.5.918" name="event2" dev="devtmpfs" ino=922 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  345.461679][   T30] audit: type=1400 audit(1778813018.886:674): avc:  denied  { open } for  pid=9469 comm="syz.5.918" path="/dev/input/event2" dev="devtmpfs" ino=922 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  345.603989][ T9477] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  345.642606][ T5732] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  345.811374][ T5732] usb 4-1: Using ep0 maxpacket: 16
[  346.499577][ T5732] usb 4-1: config 0 has an invalid interface number: 132 but max is 0
[  346.531780][ T5732] usb 4-1: config 0 has no interface number 0
[  346.777586][ T5732] usb 4-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25
[  346.798994][ T5732] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  346.821307][ T5732] usb 4-1: Product: syz
[  346.826245][ T5732] usb 4-1: Manufacturer: syz
[  346.835492][ T5732] usb 4-1: SerialNumber: syz
[  346.856120][ T5732] usb 4-1: config 0 descriptor??
[  346.863986][ T5732] hub 4-1:0.132: bad descriptor, ignoring hub
[  346.865710][   T30] audit: type=1400 audit(1778813020.456:675): avc:  denied  { ioctl } for  pid=9481 comm="syz.0.922" path="/208/file0/file0" dev="fuse" ino=64 ioctlcmd=0x4d0b scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[  346.883901][ T5732] hub 4-1:0.132: probe with driver hub failed with error -5
[  346.903461][ T9482] ip6t_srh: unknown srh match flags  4000
[  346.942945][ T5732] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.132/input/input13
[  347.862634][ T5612] usb 4-1: USB disconnect, device number 27
[  347.992665][ T5849] block nbd0: Possible stuck request ffff8880285c7000: control (read@0,1024B). Runtime 270 seconds
[  348.004350][ T5849] block nbd0: Possible stuck request ffff8880285c71c0: control (read@1024,1024B). Runtime 270 seconds
[  348.015382][ T5849] block nbd0: Possible stuck request ffff8880285c7380: control (read@2048,1024B). Runtime 270 seconds
[  348.026370][ T5849] block nbd0: Possible stuck request ffff8880285c7540: control (read@3072,1024B). Runtime 270 seconds
[  348.067655][   T30] audit: type=1400 audit(1778813021.656:676): avc:  denied  { create } for  pid=9490 comm="syz.0.925" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  348.140682][   T30] audit: type=1400 audit(1778813021.726:677): avc:  denied  { read write } for  pid=9490 comm="syz.0.925" name="uhid" dev="devtmpfs" ino=1272 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  348.236299][   T30] audit: type=1400 audit(1778813021.726:678): avc:  denied  { open } for  pid=9490 comm="syz.0.925" path="/dev/uhid" dev="devtmpfs" ino=1272 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  348.879921][ T9500] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2
[  348.923617][   T30] audit: type=1400 audit(1778813022.426:679): avc:  denied  { create } for  pid=9496 comm="syz.0.927" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  348.968540][   T30] audit: type=1400 audit(1778813022.426:680): avc:  denied  { write } for  pid=9496 comm="syz.0.927" path="socket:[25980]" dev="sockfs" ino=25980 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  349.231349][  T804] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  350.551602][ T5849] block nbd1: Possible stuck request ffff888028620000: control (read@0,1024B). Runtime 270 seconds
[  350.612939][ T5849] block nbd1: Possible stuck request ffff8880286201c0: control (read@1024,1024B). Runtime 270 seconds
[  350.624291][ T5849] block nbd1: Possible stuck request ffff888028620380: control (read@2048,1024B). Runtime 270 seconds
[  350.641469][ T5849] block nbd1: Possible stuck request ffff888028620540: control (read@3072,1024B). Runtime 270 seconds
[  350.765585][  T804] usb 4-1: Using ep0 maxpacket: 8
[  350.926200][  T804] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  350.954113][  T804] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  350.961392][ T5732] usb 3-1: new low-speed USB device number 31 using dummy_hcd
[  350.971656][  T804] usb 4-1: New USB device found, idVendor=046a, idProduct=0027, bcdDevice= 0.00
[  350.981374][  T804] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  351.007959][  T804] usb 4-1: config 0 descriptor??
[  351.112364][ T5732] usb 3-1: device descriptor read/64, error -71
[  351.120378][ T9515] netlink: 44 bytes leftover after parsing attributes in process `syz.5.932'.
[  351.238857][ T5983] block nbd12: Possible stuck request ffff888028a75080: control (read@0,1024B). Runtime 180 seconds
[  351.249784][ T5983] block nbd12: Possible stuck request ffff888028a75240: control (read@1024,1024B). Runtime 180 seconds
[  351.261147][ T5983] block nbd12: Possible stuck request ffff888028a75400: control (read@2048,1024B). Runtime 180 seconds
[  351.276965][ T5983] block nbd12: Possible stuck request ffff888028a755c0: control (read@3072,1024B). Runtime 180 seconds
[  351.361311][ T5732] usb 3-1: new low-speed USB device number 32 using dummy_hcd
[  351.738927][ T9502] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  351.751959][ T9502] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  351.759784][   T30] audit: type=1400 audit(1778813025.346:681): avc:  denied  { transfer } for  pid=9512 comm="syz.4.931" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  351.789029][  T804] cherry 0003:046A:0027.000B: unknown main item tag 0x2
[  351.801371][ T5732] usb 3-1: device descriptor read/64, error -71
[  351.821945][  T804] cherry 0003:046A:0027.000B: unknown main item tag 0x0
[  351.826108][ T9514] binder: 9512:9514 ioctl c018937b 200000002300 returned -22
[  351.828957][  T804] cherry 0003:046A:0027.000B: unknown main item tag 0x0
[  351.853550][ T9514] binder_alloc: 9512: binder_alloc_buf, no vma
[  351.872071][  T804] cherry 0003:046A:0027.000B: unknown main item tag 0x0
[  351.879057][  T804] cherry 0003:046A:0027.000B: unknown main item tag 0x0
[  351.889756][  T804] cherry 0003:046A:0027.000B: unknown main item tag 0x0
[  351.903734][  T804] cherry 0003:046A:0027.000B: unknown main item tag 0x0
[  351.911643][ T5732] usb usb3-port1: attempt power cycle
[  351.927722][  T804] cherry 0003:046A:0027.000B: unknown main item tag 0x0
[  351.940598][  T804] cherry 0003:046A:0027.000B: unknown main item tag 0x0
[  351.949139][  T804] cherry 0003:046A:0027.000B: unknown main item tag 0x0
[  351.961703][  T804] cherry 0003:046A:0027.000B: hidraw0: USB HID v0.00 Device [HID 046a:0027] on usb-dummy_hcd.3-1/input0
[  352.061071][    C0] Unknown status report in ack skb
[  352.090960][ T5712] usb 4-1: USB disconnect, device number 28
[  352.203023][ T9526] netlink: 208 bytes leftover after parsing attributes in process `syz.0.935'.
[  352.283782][   T30] audit: type=1400 audit(1778813025.876:682): avc:  denied  { write } for  pid=9525 comm="syz.0.935" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  352.288711][  T804] kernel read not supported for file /vcs (pid: 804 comm: kworker/0:2)
[  352.321646][ T5732] usb 3-1: new low-speed USB device number 33 using dummy_hcd
[  352.510304][ T5732] usb 3-1: device descriptor read/8, error -71
[  352.637040][ T9527] nbd25: detected capacity change from 0 to 63
[  352.667779][   T30] audit: type=1400 audit(1778813026.246:683): avc:  denied  { setopt } for  pid=9535 comm="syz.0.937" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  352.690850][ T9536] fuse: fd is not a fuse device
[  352.781854][ T5732] usb 3-1: new low-speed USB device number 34 using dummy_hcd
[  353.062156][ T5732] usb 3-1: device descriptor read/8, error -71
[  353.229077][ T5732] usb usb3-port1: unable to enumerate USB device
[  353.239489][ T5614] block nbd25: Receive control failed (result -32)
[  354.020999][ T9553] siw: device registration error -23
[  354.288134][ T9553] smbdirect: ib_dev[syz2] removed
[  354.306105][  T804] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  354.420408][ T5849] block nbd9: Possible stuck request ffff888028945080: control (read@0,1024B). Runtime 210 seconds
[  354.472591][  T804] usb 6-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  354.710286][ T5849] block nbd9: Possible stuck request ffff888028945240: control (read@1024,1024B). Runtime 210 seconds
[  354.751861][ T5849] block nbd9: Possible stuck request ffff888028945400: control (read@2048,1024B). Runtime 210 seconds
[  354.798335][ T5849] block nbd9: Possible stuck request ffff8880289455c0: control (read@3072,1024B). Runtime 210 seconds
[  354.984995][  T804] usb 6-1: config 0 interface 0 has no altsetting 0
[  354.995213][  T804] usb 6-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  355.004589][  T804] usb 6-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  355.013192][  T804] usb 6-1: Product: syz
[  355.017382][  T804] usb 6-1: Manufacturer: syz
[  355.429528][   T30] audit: type=1400 audit(1778813028.736:684): avc:  denied  { kexec_image_load } for  pid=9555 comm="syz.0.943" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1
[  355.449383][  T804] usb 6-1: SerialNumber: syz
[  355.455847][  T804] usb 6-1: config 0 descriptor??
[  355.471991][  T804] usb 6-1: selecting invalid altsetting 0
[  355.694961][  T804] usb 6-1: USB disconnect, device number 4
[  355.802594][ T5725] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[  355.872956][ T9565] netlink: 44 bytes leftover after parsing attributes in process `syz.3.946'.
[  356.077910][ T5725] usb 3-1: New USB device found, idVendor=2c42, idProduct=1602, bcdDevice=da.64
[  356.888850][ T5725] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  356.905414][ T5725] usb 3-1: Product: syz
[  356.921702][ T5725] usb 3-1: Manufacturer: syz
[  356.928127][ T5725] usb 3-1: SerialNumber: syz
[  356.943287][ T5725] usb 3-1: config 0 descriptor??
[  356.965013][ T5725] hub 3-1:0.0: bad descriptor, ignoring hub
[  356.983277][ T5725] hub 3-1:0.0: probe with driver hub failed with error -5
[  357.001657][ T5725] f81232 3-1:0.0: f81534a converter detected
[  357.278005][ T5725] f81534a ttyUSB0: f81232_set_register failed status: -71
[  357.339779][ T5725] f81534a ttyUSB0: probe with driver f81534a failed with error -5
[  357.552045][ T5725] usb 3-1: reset high-speed USB device number 35 using dummy_hcd
[  358.206684][ T9587] netlink: 36 bytes leftover after parsing attributes in process `syz.0.948'.
[  358.952210][ T5725] usb 3-1: device descriptor read/all, error -71
[  358.964427][ T5613] Bluetooth: hci6: command 0xfc11 tx timeout
[  358.971629][ T5614] Bluetooth: hci6: Entering manufacturer mode failed (-110)
[  360.586342][ T5725] usb 3-1: USB disconnect, device number 35
[  360.594938][ T9615] netlink: 44 bytes leftover after parsing attributes in process `syz.5.957'.
[  360.608751][ T5725] f81232 3-1:0.0: device disconnected
[  361.608657][ T5983] block nbd3: Possible stuck request ffff8880286f0000: control (read@0,1024B). Runtime 270 seconds
[  361.619703][ T5983] block nbd3: Possible stuck request ffff8880286f01c0: control (read@1024,1024B). Runtime 270 seconds
[  361.630967][ T5983] block nbd3: Possible stuck request ffff8880286f0380: control (read@2048,1024B). Runtime 270 seconds
[  361.641997][ T5983] block nbd3: Possible stuck request ffff8880286f0540: control (read@3072,1024B). Runtime 270 seconds
[  362.715073][ T2842] block nbd10: Possible stuck request ffff8880289a5080: control (read@0,1024B). Runtime 210 seconds
[  362.726314][ T2842] block nbd10: Possible stuck request ffff8880289a5240: control (read@1024,1024B). Runtime 210 seconds
[  362.911069][ T2842] block nbd10: Possible stuck request ffff8880289a5400: control (read@2048,1024B). Runtime 210 seconds
[  362.922558][ T2842] block nbd10: Possible stuck request ffff8880289a55c0: control (read@3072,1024B). Runtime 210 seconds
[  364.623379][   T30] audit: type=1400 audit(1778813038.206:685): avc:  denied  { append } for  pid=9652 comm="syz.5.967" name="rtc0" dev="devtmpfs" ino=921 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  364.663651][ T5725] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[  365.051305][ T5725] usb 5-1: Using ep0 maxpacket: 32
[  365.066195][ T5725] usb 5-1: config 0 has an invalid interface number: 61 but max is 1
[  365.089058][ T5725] usb 5-1: config 0 has no interface number 1
[  365.125713][ T5725] usb 5-1: New USB device found, idVendor=2058, idProduct=1005, bcdDevice=b5.f6
[  365.179615][ T5725] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  365.204172][ T5725] usb 5-1: Product: syz
[  365.208920][ T5725] usb 5-1: Manufacturer: syz
[  365.235503][ T5725] usb 5-1: SerialNumber: syz
[  365.259202][ T5725] usb 5-1: config 0 descriptor??
[  365.264564][   T30] audit: type=1400 audit(1778813038.856:686): avc:  denied  { setopt } for  pid=9663 comm="syz.0.969" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  365.276857][ T9666] netlink: 12 bytes leftover after parsing attributes in process `syz.3.970'.
[  365.285197][ T2842] block nbd4: Possible stuck request ffff888028767000: control (read@0,1024B). Runtime 270 seconds
[  365.306154][ T2842] block nbd4: Possible stuck request ffff8880287671c0: control (read@1024,1024B). Runtime 270 seconds
[  365.318202][ T9667] ieee802154 phy0 wpan0: encryption failed: -126
[  365.319030][ T2842] block nbd4: Possible stuck request ffff888028767380: control (read@2048,1024B). Runtime 270 seconds
[  365.335576][ T2842] block nbd4: Possible stuck request ffff888028767540: control (read@3072,1024B). Runtime 270 seconds
[  365.346964][   T30] audit: type=1400 audit(1778813038.856:687): avc:  denied  { read } for  pid=9663 comm="syz.0.969" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  365.367016][   T30] audit: type=1400 audit(1778813038.906:688): avc:  denied  { write } for  pid=9663 comm="syz.0.969" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  365.501891][ T5725] viperboard 5-1:0.61: version 0.00 found at bus 005 address 032
[  365.518724][ T5725] viperboard-i2c viperboard-i2c.2.auto: error -EIO: failure setting i2c_bus_freq to 100
[  365.528761][ T5725] viperboard-i2c viperboard-i2c.2.auto: probe with driver viperboard-i2c failed with error -5
[  365.593410][ T5725] viperboard 5-1:0.0: version 0.00 found at bus 005 address 032
[  365.611313][ T5732] usb 3-1: new full-speed USB device number 36 using dummy_hcd
[  365.614159][ T5725] viperboard-i2c viperboard-i2c.5.auto: error -EIO: failure setting i2c_bus_freq to 100
[  365.630848][ T5725] viperboard-i2c viperboard-i2c.5.auto: probe with driver viperboard-i2c failed with error -5
[  365.803299][ T5732] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  365.834594][ T5732] usb 3-1: config 0 has no interfaces?
[  365.845593][ T5732] usb 3-1: New USB device found, idVendor=5543, idProduct=0522, bcdDevice= 0.00
[  365.863610][ T5732] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  365.884729][ T5732] usb 3-1: config 0 descriptor??
[  365.909942][ T5725] usb 5-1: USB disconnect, device number 32
[  365.941464][   T30] audit: type=1400 audit(1778813039.526:689): avc:  denied  { write } for  pid=9673 comm="syz.5.971" name="001" dev="devtmpfs" ino=742 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  366.015774][   T30] audit: type=1400 audit(1778813039.606:690): avc:  denied  { ioctl } for  pid=9673 comm="syz.5.971" path="socket:[26499]" dev="sockfs" ino=26499 ioctlcmd=0x42c8 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  366.186697][   T30] audit: type=1400 audit(1778813039.776:691): avc:  denied  { getopt } for  pid=9677 comm="syz.0.972" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  366.573485][ T5983] block nbd8: Possible stuck request ffff8880288ce000: control (read@0,1024B). Runtime 240 seconds
[  366.585941][ T5983] block nbd8: Possible stuck request ffff8880288ce1c0: control (read@1024,1024B). Runtime 240 seconds
[  366.597014][ T5983] block nbd8: Possible stuck request ffff8880288ce380: control (read@2048,1024B). Runtime 240 seconds
[  366.974972][ T5983] block nbd8: Possible stuck request ffff8880288ce540: control (read@3072,1024B). Runtime 240 seconds
[  367.472058][ T5827] usb 3-1: USB disconnect, device number 36
[  367.855550][ T2842] block nbd5: Possible stuck request ffff8880287d5080: control (read@0,1024B). Runtime 270 seconds
[  367.856346][   T30] audit: type=1400 audit(1778813041.346:692): avc:  denied  { setopt } for  pid=9694 comm="syz.0.977" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  367.867332][ T2842] block nbd5: Possible stuck request ffff8880287d5240: control (read@1024,1024B). Runtime 270 seconds
[  368.071351][ T2842] block nbd5: Possible stuck request ffff8880287d5400: control (read@2048,1024B). Runtime 270 seconds
[  368.084016][ T2842] block nbd5: Possible stuck request ffff8880287d55c0: control (read@3072,1024B). Runtime 270 seconds
[  368.195075][ T9703] fuse: Bad value for 'fd'
[  368.731169][ T9716] FAULT_INJECTION: forcing a failure.
[  368.731169][ T9716] name failslab, interval 1, probability 0, space 0, times 0
[  368.764946][ T9716] CPU: 0 UID: 0 PID: 9716 Comm: syz.4.983 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  368.764966][ T9716] Tainted: [L]=SOFTLOCKUP
[  368.764970][ T9716] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  368.764976][ T9716] Call Trace:
[  368.764980][ T9716]  <TASK>
[  368.764985][ T9716]  dump_stack_lvl+0x100/0x190
[  368.765002][ T9716]  should_fail_ex.cold+0x5/0xa
[  368.765018][ T9716]  ? tomoyo_encode2+0xfb/0x3c0
[  368.765032][ T9716]  should_failslab+0xc2/0x120
[  368.765044][ T9716]  __kmalloc_noprof+0xe0/0x850
[  368.765063][ T9716]  tomoyo_encode2+0xfb/0x3c0
[  368.765080][ T9716]  tomoyo_encode+0x29/0x50
[  368.765093][ T9716]  tomoyo_realpath_from_path+0x18c/0x690
[  368.765112][ T9716]  tomoyo_path_number_perm+0x23c/0x580
[  368.765124][ T9716]  ? tomoyo_path_number_perm+0x22e/0x580
[  368.765138][ T9716]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  368.765164][ T9716]  ? find_held_lock+0x2b/0x80
[  368.765174][ T9716]  ? __fget_files+0x215/0x3d0
[  368.765187][ T9716]  ? hook_file_ioctl_common+0x149/0x410
[  368.765202][ T9716]  ? __fget_files+0x215/0x3d0
[  368.765223][ T9716]  ? __fget_files+0x21f/0x3d0
[  368.765239][ T9716]  security_file_ioctl+0xd3/0x230
[  368.765253][ T9716]  __x64_sys_ioctl+0xb7/0x210
[  368.765266][ T9716]  do_syscall_64+0x10b/0xf80
[  368.765280][ T9716]  ? clear_bhb_loop+0x40/0x90
[  368.765293][ T9716]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  368.765304][ T9716] RIP: 0033:0x7f757c79ce59
[  368.765314][ T9716] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  368.765324][ T9716] RSP: 002b:00007f757d61a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  368.765335][ T9716] RAX: ffffffffffffffda RBX: 00007f757ca15fa0 RCX: 00007f757c79ce59
[  368.765342][ T9716] RDX: 0000200000000080 RSI: 000000000000890b RDI: 0000000000000003
[  368.765348][ T9716] RBP: 00007f757d61a090 R08: 0000000000000000 R09: 0000000000000000
[  368.765354][ T9716] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  368.765360][ T9716] R13: 00007f757ca16038 R14: 00007f757ca15fa0 R15: 00007fff16dd47d8
[  368.765373][ T9716]  </TASK>
[  368.765384][ T9716] ERROR: Out of memory at tomoyo_realpath_from_path.
[  369.372781][ T9723] netlink: 12 bytes leftover after parsing attributes in process `syz.3.985'.
[  370.019485][ T4995] block nbd11: Possible stuck request ffff888028a00000: control (read@0,1024B). Runtime 210 seconds
[  370.030650][ T4995] block nbd11: Possible stuck request ffff888028a001c0: control (read@1024,1024B). Runtime 210 seconds
[  370.045742][ T4995] block nbd11: Possible stuck request ffff888028a00380: control (read@2048,1024B). Runtime 210 seconds
[  370.057893][ T4995] block nbd11: Possible stuck request ffff888028a00540: control (read@3072,1024B). Runtime 210 seconds
[  370.263856][ T9723] Can't find ip_set type has
[  370.391827][ T5983] block nbd6: Possible stuck request ffff888028830000: control (read@0,1024B). Runtime 270 seconds
[  370.402599][ T4995] block nbd7: Possible stuck request ffff888028860000: control (read@0,1024B). Runtime 270 seconds
[  370.413377][ T5983] block nbd6: Possible stuck request ffff8880288301c0: control (read@1024,1024B). Runtime 270 seconds
[  370.425141][ T4995] block nbd7: Possible stuck request ffff8880288601c0: control (read@1024,1024B). Runtime 270 seconds
[  370.438393][ T5983] block nbd6: Possible stuck request ffff888028830380: control (read@2048,1024B). Runtime 270 seconds
[  370.450241][ T4995] block nbd7: Possible stuck request ffff888028860380: control (read@2048,1024B). Runtime 270 seconds
[  370.461347][ T5983] block nbd6: Possible stuck request ffff888028830540: control (read@3072,1024B). Runtime 270 seconds
[  370.472345][ T4995] block nbd7: Possible stuck request ffff888028860540: control (read@3072,1024B). Runtime 270 seconds
[  370.654648][ T9736] overlayfs: missing 'lowerdir'
[  371.566560][ T5796] usb 3-1: new high-speed USB device number 37 using dummy_hcd
[  371.837337][ T5796] usb 3-1: too many configurations: 53, using maximum allowed: 8
[  372.130464][ T5796] usb 3-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  372.162773][ T5796] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  372.180411][ T5796] usb 3-1: Product: syz
[  372.185180][ T5796] usb 3-1: Manufacturer: syz
[  372.190508][ T5796] usb 3-1: SerialNumber: syz
[  372.353548][ T5827] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  372.532831][ T5827] usb 6-1: Using ep0 maxpacket: 8
[  372.569995][ T5953] usb 1-1: new low-speed USB device number 37 using dummy_hcd
[  372.626343][ T5827] usb 6-1: New USB device found, idVendor=0582, idProduct=0025, bcdDevice= 0.40
[  372.651246][ T5827] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  372.670022][ T5827] usb 6-1: Product: syz
[  372.681352][ T5827] usb 6-1: Manufacturer: syz
[  372.687672][ T5827] usb 6-1: SerialNumber: syz
[  372.804844][ T5953] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  372.807389][   T30] audit: type=1326 audit(1778813046.386:693): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9748 comm="syz.2.991" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2a7e99ce59 code=0x7ffc0000
[  372.816700][ T5953] usb 1-1: config 0 has no interface number 0
[  372.883588][ T5953] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  372.883732][ T5953] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8
[  372.883987][ T5953] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  372.884053][ T5953] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  372.954625][ T1312] ieee802154 phy0 wpan0: encryption failed: -22
[  372.961770][ T1312] ieee802154 phy1 wpan1: encryption failed: -22
[  372.992869][ T5953] usb 1-1: config 0 descriptor??
[  372.993162][   T30] audit: type=1326 audit(1778813046.426:694): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9748 comm="syz.2.991" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2a7e99ce59 code=0x7ffc0000
[  373.071526][ T9770] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[  373.226515][ T5953] iowarrior 1-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  373.261547][   T30] audit: type=1326 audit(1778813046.426:695): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9748 comm="syz.2.991" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f2a7e99ce59 code=0x7ffc0000
[  373.292764][   T30] audit: type=1326 audit(1778813046.426:696): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9748 comm="syz.2.991" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2a7e99ce59 code=0x7ffc0000
[  373.359367][   T30] audit: type=1326 audit(1778813046.426:697): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9748 comm="syz.2.991" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2a7e99ce59 code=0x7ffc0000
[  373.428551][   T30] audit: type=1326 audit(1778813046.436:698): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9748 comm="syz.2.991" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f2a7e99ce59 code=0x7ffc0000
[  373.460911][   T30] audit: type=1326 audit(1778813046.436:699): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9748 comm="syz.2.991" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2a7e99ce59 code=0x7ffc0000
[  373.487747][ T5725] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[  373.498033][   T30] audit: type=1326 audit(1778813046.436:700): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9748 comm="syz.2.991" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2a7e99ce59 code=0x7ffc0000
[  373.526600][   T30] audit: type=1326 audit(1778813046.436:701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9748 comm="syz.2.991" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f2a7e99ce59 code=0x7ffc0000
[  373.553820][   T30] audit: type=1326 audit(1778813046.436:702): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9748 comm="syz.2.991" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2a7e99ce59 code=0x7ffc0000
[  373.561152][ T5953] usb 1-1: USB disconnect, device number 37
[  373.603748][ T5827] usb 6-1: uac_clock_source_is_valid(): cannot get clock validity for id 0
[  373.612699][ T5827] usb 6-1: clock source 0 is not valid, cannot use
[  373.619976][ T5827] usb 6-1: 1:1: cannot get freq (v2/v3): err -71
[  373.627318][ T5827] usb 6-1: uac_clock_source_is_valid(): cannot get clock validity for id 0
[  373.640090][ T5827] usb 6-1: uac_clock_source_is_valid(): cannot get clock validity for id 0
[  373.649650][ T5827] usb 6-1: clock source 0 is not valid, cannot use
[  373.657095][ T5827] usb 6-1: 2:1: cannot get freq (v2/v3): err -71
[  373.664838][ T5827] usb 6-1: uac_clock_source_is_valid(): cannot get clock validity for id 0
[  373.673551][ T5725] usb 5-1: Using ep0 maxpacket: 32
[  373.683020][ T5725] usb 5-1: config 0 has an invalid interface number: 61 but max is 1
[  373.706429][ T5725] usb 5-1: config 0 has no interface number 1
[  373.720557][ T5725] usb 5-1: New USB device found, idVendor=2058, idProduct=1005, bcdDevice=b5.f6
[  373.735504][ T5725] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  373.754497][ T5725] usb 5-1: Product: syz
[  373.763983][ T5725] usb 5-1: Manufacturer: syz
[  373.771996][ T5827] usb 6-1: USB disconnect, device number 5
[  373.777927][ T5725] usb 5-1: SerialNumber: syz
[  373.788488][ T5725] usb 5-1: config 0 descriptor??
[  373.911977][ T5725] viperboard 5-1:0.61: version 0.00 found at bus 005 address 033
[  373.931090][ T5796] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPROTO
[  373.951501][ T5725] viperboard-i2c viperboard-i2c.2.auto: error -EIO: failure setting i2c_bus_freq to 100
[  373.965086][ T5725] viperboard-i2c viperboard-i2c.2.auto: probe with driver viperboard-i2c failed with error -5
[  373.972086][ T5796] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): lan78xx_setup_irq_domain() failed : -71
[  374.022537][ T5796] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  374.024107][ T5725] viperboard 5-1:0.0: version 0.00 found at bus 005 address 033
[  374.065531][ T5796] lan78xx 3-1:1.0: probe with driver lan78xx failed with error -71
[  374.080651][ T5725] viperboard-i2c viperboard-i2c.5.auto: error -EIO: failure setting i2c_bus_freq to 100
[  374.352955][ T5725] viperboard-i2c viperboard-i2c.5.auto: probe with driver viperboard-i2c failed with error -5
[  374.370224][ T5796] usb 3-1: USB disconnect, device number 37
[  374.371338][ T5725] usb 5-1: USB disconnect, device number 33
[  374.387472][ T9785] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1000'.
[  377.206536][ T9825] ./file0: Can't open blockdev
[  377.430625][ T5725] usb 4-1: new low-speed USB device number 29 using dummy_hcd
[  377.549054][ T9834] FAULT_INJECTION: forcing a failure.
[  377.549054][ T9834] name failslab, interval 1, probability 0, space 0, times 0
[  377.562752][ T9834] CPU: 0 UID: 0 PID: 9834 Comm: syz.4.1012 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  377.562780][ T9834] Tainted: [L]=SOFTLOCKUP
[  377.562787][ T9834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  377.562797][ T9834] Call Trace:
[  377.562804][ T9834]  <TASK>
[  377.562811][ T9834]  dump_stack_lvl+0x100/0x190
[  377.562839][ T9834]  should_fail_ex.cold+0x5/0xa
[  377.562864][ T9834]  should_failslab+0xc2/0x120
[  377.562884][ T9834]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  377.562910][ T9834]  ? security_inode_alloc+0x3b/0x2c0
[  377.562931][ T9834]  ? lockdep_init_map_type+0x5c/0x250
[  377.562958][ T9834]  security_inode_alloc+0x3b/0x2c0
[  377.562980][ T9834]  inode_init_always_gfp+0xcc0/0x1000
[  377.563008][ T9834]  alloc_inode+0x8e/0x250
[  377.563027][ T9834]  alloc_anon_inode+0x2a/0x3e0
[  377.563053][ T9834]  ioctx_alloc+0x4dc/0x21a0
[  377.563089][ T9834]  ? find_held_lock+0x2b/0x80
[  377.563107][ T9834]  ? __pfx_ioctx_alloc+0x10/0x10
[  377.563140][ T9834]  __x64_sys_io_setup+0xc9/0x220
[  377.563159][ T9834]  do_syscall_64+0x10b/0xf80
[  377.563183][ T9834]  ? clear_bhb_loop+0x40/0x90
[  377.563204][ T9834]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  377.563221][ T9834] RIP: 0033:0x7f757c79ce59
[  377.563236][ T9834] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  377.563253][ T9834] RSP: 002b:00007f757d5d8028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ce
[  377.563276][ T9834] RAX: ffffffffffffffda RBX: 00007f757ca16180 RCX: 00007f757c79ce59
[  377.563287][ T9834] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000004000
[  377.563297][ T9834] RBP: 00007f757d5d8090 R08: 0000000000000000 R09: 0000000000000000
[  377.563307][ T9834] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  377.563316][ T9834] R13: 00007f757ca16218 R14: 00007f757ca16180 R15: 00007fff16dd47d8
[  377.563354][ T9834]  </TASK>
[  377.823316][ T9838] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1014'.
[  377.838295][ T5725] usb 4-1: config index 0 descriptor too short (expected 1307, got 27)
[  377.846660][ T5725] usb 4-1: config 0 has an invalid interface number: 0 but max is -1
[  377.854783][ T5725] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 0
[  377.863736][ T5725] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 246, using maximum allowed: 30
[  377.874660][ T5725] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10
[  377.885688][ T5725] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  377.885719][ T5725] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 246
[  377.889770][ T5725] usb 4-1: string descriptor 0 read error: -22
[  377.889879][ T5725] usb 4-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de
[  377.889912][ T5725] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  377.892012][ T5725] usb 4-1: config 0 descriptor??
[  377.952163][ T5725] hub 4-1:0.0: bad descriptor, ignoring hub
[  377.958095][ T5725] hub 4-1:0.0: probe with driver hub failed with error -5
[  377.968174][ T5725] input: USB Acecad 302 Tablet 0460:0008 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input14
[  378.078515][ T2842] block nbd0: Possible stuck request ffff8880285c7000: control (read@0,1024B). Runtime 300 seconds
[  378.091121][ T2842] block nbd0: Possible stuck request ffff8880285c71c0: control (read@1024,1024B). Runtime 300 seconds
[  378.104774][ T2842] block nbd0: Possible stuck request ffff8880285c7380: control (read@2048,1024B). Runtime 300 seconds
[  378.119238][ T2842] block nbd0: Possible stuck request ffff8880285c7540: control (read@3072,1024B). Runtime 300 seconds
[  378.345886][ T5725] usb 4-1: USB disconnect, device number 29
[  378.581304][ T5796] usb 3-1: new high-speed USB device number 38 using dummy_hcd
[  378.669778][ T9845] nbd26: detected capacity change from 0 to 63
[  378.711561][   T31] INFO: task syz.1.515:7916 blocked for more than 143 seconds.
[  378.721986][   T31]       Tainted: G             L      syzkaller #0
[  378.732841][ T5796] usb 3-1: config 36 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  378.749391][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  378.758418][ T5796] usb 3-1: config 36 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  378.769734][   T31] task:syz.1.515       state:D stack:27848 pid:7916  tgid:7915  ppid:5610   task_flags:0x400040 flags:0x00080002
[  378.782003][ T5796] usb 3-1: config 36 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  378.791410][   T31] Call Trace:
[  378.795217][ T5796] usb 3-1: New USB device found, idVendor=6993, idProduct=b001, bcdDevice=26.29
[  378.805949][ T5796] usb 3-1: New USB device strings: Mfr=244, Product=0, SerialNumber=16
[  378.820665][ T5796] usb 3-1: Manufacturer: syz
[  378.827267][   T31]  <TASK>
[  378.831357][ T5796] usb 3-1: SerialNumber: syz
[  378.840694][   T31]  __schedule+0x1295/0x67a0
[  378.844587][ T9849] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  378.856644][ T5614] block nbd26: Receive control failed (result -32)
[  378.883390][   T31]  ? __pfx___schedule+0x10/0x10
[  378.897855][   T31]  ? find_held_lock+0x2b/0x80
[  378.927499][   T31]  ? schedule+0x2bf/0x390
[  378.939514][   T31]  schedule+0xdd/0x390
[  378.951259][   T31]  schedule_preempt_disabled+0x13/0x30
[  378.961282][   T31]  __mutex_lock+0xced/0x1b10
[  378.971223][   T31]  ? sync_bdevs+0x153/0x480
[  378.977240][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  378.991221][   T31]  ? __mutex_unlock_slowpath+0x15d/0x8a0
[  378.998256][   T31]  ? iput.part.0+0x1a0/0xf50
[  379.002970][   T31]  ? sync_bdevs+0x153/0x480
[  379.007488][   T31]  sync_bdevs+0x153/0x480
[  379.011978][   T31]  ksys_sync+0xb0/0xf0
[  379.016060][   T31]  ? __pfx_ksys_sync+0x10/0x10
[  379.020814][   T31]  ? rcu_is_watching+0x12/0xc0
[  379.026734][   T31]  ? do_syscall_64+0x90/0xf80
[  379.033935][   T31]  __do_sys_sync+0xe/0x20
[  379.038284][   T31]  do_syscall_64+0x10b/0xf80
[  379.042939][   T31]  ? clear_bhb_loop+0x40/0x90
[  379.047632][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  379.053546][   T31] RIP: 0033:0x7f65a2f9ce59
[  379.057954][   T31] RSP: 002b:00007f65a3da8028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[  379.066454][   T31] RAX: ffffffffffffffda RBX: 00007f65a3215fa0 RCX: 00007f65a2f9ce59
[  379.074449][   T31] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  379.082508][   T31] RBP: 00007f65a3215fa0 R08: 0000000000000000 R09: 0000000000000000
[  379.090501][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  379.099377][   T31] R13: 00007f65a3216038 R14: 00007f65a3215fa0 R15: 00007ffccc6f14e8
[  379.107473][   T31]  </TASK>
[  379.110584][   T31] INFO: task syz.1.515:7917 blocked for more than 143 seconds.
[  379.121478][ T5796] yealink 3-1:36.0: invalid payload size 1024, expected 16
[  379.130279][   T31]       Tainted: G             L      syzkaller #0
[  379.142937][ T5796] input: Yealink usb-p1k as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:36.0/input/input15
[  379.151240][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  379.166820][   T31] task:syz.1.515       state:D stack:27800 pid:7917  tgid:7915  ppid:5610   task_flags:0x400040 flags:0x00080002
[  379.169860][    C1] yealink 3-1:36.0: urb_ctl_callback - urb status -71
[  379.178852][   T31] Call Trace:
[  379.186148][    C1] yealink 3-1:36.0: urb_ctl_callback - urb status -71
[  379.188799][   T31]  <TASK>
[  379.196000][    C1] yealink 3-1:36.0: urb_ctl_callback - urb status -71
[  379.198639][   T31]  __schedule+0x1295/0x67a0
[  379.205849][    C1] yealink 3-1:36.0: urb_ctl_callback - urb status -71
[  379.221077][    C1] yealink 3-1:36.0: urb_ctl_callback - urb status -71
[  379.228091][    C1] yealink 3-1:36.0: urb_ctl_callback - urb status -71
[  379.235454][    C1] yealink 3-1:36.0: urb_ctl_callback - urb status -71
[  379.236069][   T31]  ? __pfx___schedule+0x10/0x10
[  379.242625][    C1] yealink 3-1:36.0: urb_ctl_callback - urb status -71
[  379.254493][    C1] yealink 3-1:36.0: urb_irq_callback - urb status -71
[  379.261262][    C1] yealink 3-1:36.0: unexpected response 0
[  379.267119][   T31]  ? find_held_lock+0x2b/0x80
[  379.267180][    C1] yealink 3-1:36.0: urb_ctl_callback - urb status -71
[  379.278807][   T31]  ? schedule+0x2bf/0x390
[  379.279154][    C1] yealink 3-1:36.0: urb_irq_callback - urb status -71
[  379.289908][    C1] yealink 3-1:36.0: unexpected response 0
[  379.295712][   T31]  schedule+0xdd/0x390
[  379.295797][    C1] yealink 3-1:36.0: urb_ctl_callback - urb status -71
[  379.299866][   T31]  schedule_preempt_disabled+0x13/0x30
[  379.307249][    C1] yealink 3-1:36.0: urb_irq_callback - urb status -71
[  379.312939][   T31]  __mutex_lock+0xced/0x1b10
[  379.319376][    C1] yealink 3-1:36.0: unexpected response 0
[  379.319649][    C1] yealink 3-1:36.0: urb_ctl_callback - urb status -71
[  379.324057][   T31]  ? sync_bdevs+0x153/0x480
[  379.329849][    C1] yealink 3-1:36.0: urb_irq_callback - urb status -71
[  379.338529][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  379.340902][    C1] yealink 3-1:36.0: unexpected response 0
[  379.341677][    C1] yealink 3-1:36.0: urb_ctl_callback - urb status -71
[  379.347915][   T31]  ? __mutex_unlock_slowpath+0x15d/0x8a0
[  379.353205][    C1] yealink 3-1:36.0: urb_irq_callback - urb status -71
[  379.358905][   T31]  ? iput.part.0+0x1a0/0xf50
[  379.365163][    C1] yealink 3-1:36.0: unexpected response 0
[  379.365485][    C1] yealink 3-1:36.0: urb_ctl_callback - urb status -71
[  379.372282][   T31]  ? sync_bdevs+0x153/0x480
[  379.378007][    C1] yealink 3-1:36.0: urb_irq_callback - urb status -71
[  379.382655][   T31]  sync_bdevs+0x153/0x480
[  379.388093][    C1] yealink 3-1:36.0: unexpected response 0
[  379.388305][    C1] yealink 3-1:36.0: urb_ctl_callback - urb status -71
[  379.398294][   T31]  ksys_sync+0xb0/0xf0
[  379.399568][    C1] yealink 3-1:36.0: urb_irq_callback - urb status -71
[  379.406260][   T31]  ? __pfx_ksys_sync+0x10/0x10
[  379.410437][    C1] yealink 3-1:36.0: unexpected response 0
[  379.410657][    C1] yealink 3-1:36.0: urb_ctl_callback - urb status -71
[  379.416371][   T31]  ? kcov_ioctl+0x16a/0x720
[  379.423109][    C1] yealink 3-1:36.0: urb_irq_callback - urb status -71
[  379.427091][   T31]  ? rcu_is_watching+0x12/0xc0
[  379.433722][    C1] yealink 3-1:36.0: unexpected response 0
[  379.439189][    C1] yealink 3-1:36.0: urb_ctl_callback - urb status -71
[  379.439472][    C1] yealink 3-1:36.0: urb_irq_callback - urb status -71
[  379.486746][    C1] yealink 3-1:36.0: unexpected response 0
[  379.492682][    C1] yealink 3-1:36.0: urb_ctl_callback - urb status -71
[  379.497153][   T31]  ? do_syscall_64+0x90/0xf80
[  379.499652][    C1] yealink 3-1:36.0: urb_irq_callback - urb status -71
[  379.510882][    C1] yealink 3-1:36.0: unexpected response 0
[  379.516711][   T31]  __do_sys_sync+0xe/0x20
[  379.517288][    C1] yealink 3-1:36.0: urb_ctl_callback - urb status -71
[  379.521129][   T31]  do_syscall_64+0x10b/0xf80
[  379.528108][    C1] yealink 3-1:36.0: urb_irq_callback - urb status -71
[  379.539215][    C1] yealink 3-1:36.0: unexpected response 0
[  379.545543][   T31]  ? clear_bhb_loop+0x40/0x90
[  379.546462][    C1] yealink 3-1:36.0: urb_ctl_callback - urb status -71
[  379.557180][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  379.557377][    C1] yealink 3-1:36.0: urb_irq_callback - urb status -71
[  379.569836][    C1] yealink 3-1:36.0: unexpected response 0
[  379.575659][   T31] RIP: 0033:0x7f65a2f9ce59
[  379.575730][    C1] yealink 3-1:36.0: urb_ctl_callback - urb status -71
[  379.580149][   T31] RSP: 002b:00007f65a3d87028 EFLAGS: 00000246
[  379.587021][    C1] yealink 3-1:36.0: urb_irq_callback - urb status -71
[  379.599831][    C1] yealink 3-1:36.0: unexpected response 0
[  379.605655][   T31]  ORIG_RAX: 00000000000000a2
[  379.605723][    C1] yealink 3-1:36.0: urb_ctl_callback - urb status -71
[  379.610428][   T31] RAX: ffffffffffffffda RBX: 00007f65a3216090 RCX: 00007f65a2f9ce59
[  379.617317][    C1] yealink 3-1:36.0: urb_irq_callback - urb status -71
[  379.617338][    C1] yealink 3-1:36.0: unexpected response 0
[  379.617516][    C1] yealink 3-1:36.0: urb_ctl_callback - urb status -71
[  379.634305][   T30] kauditd_printk_skb: 23 callbacks suppressed
[  379.634318][   T30] audit: type=1400 audit(1778813053.206:726): avc:  denied  { ioctl } for  pid=4965 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=3116 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  379.638001][    C1] yealink 3-1:36.0: urb_irq_callback - urb status -71
[  379.646355][   T31] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  379.650630][    C1] yealink 3-1:36.0: unexpected response 0
[  379.651543][    C1] yealink 3-1:36.0: urb_ctl_callback - urb status -71
[  379.675962][   T31] RBP: 00007f65a3216090 R08: 0000000000000000 R09: 0000000000000000
[  379.682656][    C1] yealink 3-1:36.0: urb_irq_callback - urb status -71
[  379.690882][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  379.695907][    C1] yealink 3-1:36.0: unexpected response 0
[  379.696099][    C1] yealink 3-1:36.0: urb_ctl_callback - urb status -71
[  379.703243][   T31] R13: 00007f65a3216128 R14: 00007f65a3216090 R15: 00007ffccc6f14e8
[  379.710876][    C1] yealink 3-1:36.0: urb_irq_callback - urb status -71
[  379.718068][   T31]  </TASK>
[  379.725432][    C1] yealink 3-1:36.0: unexpected response 0
[  379.725649][    C1] yealink 3-1:36.0: urb_ctl_callback - urb status -71
[  379.735248][   T31] 
[  379.735248][   T31] Showing all locks held in the system:
[  379.738110][    C1] yealink 3-1:36.0: urb_irq_callback - urb status -71
[  379.747643][   T31] 1 lock held by khungtaskd/31:
[  379.752650][    C1] yealink 3-1:36.0: unexpected response 0
[  379.755230][    C1] yealink 3-1:36.0: urb_ctl_callback - urb status -71
[  379.755980][   T31]  #0: 
[  379.761883][    C1] yealink 3-1:36.0: urb_irq_callback - urb status -71
[  379.809510][    C1] yealink 3-1:36.0: unexpected response 0
[  379.815527][    C1] yealink 3-1:36.0: urb_ctl_callback - urb status -71
[  379.816031][   T31] ffffffff8e7e5760
[  379.822533][    C1] yealink 3-1:36.0: urb_irq_callback - urb status -71
[  379.822769][   T31]  (
[  379.826257][    C1] yealink 3-1:36.0: unexpected response 0
[  379.826454][    C1] yealink 3-1:36.0: urb_ctl_callback - urb status -71
[  379.848601][   T31] rcu_read_lock){....}-{1:3}
[  379.848637][    C1] yealink 3-1:36.0: urb_irq_callback - urb status -71
[  379.848627][   T31] , at: debug_show_all_locks+0x3d/0x184
[  379.848672][   T31] 5 locks held by kworker/u8:8/1166:
[  379.853228][    C1] yealink 3-1:36.0: unexpected response 0
[  379.853737][    C1] yealink 3-1:36.0: urb_ctl_callback - urb status -71
[  379.883678][   T31] 2 locks held by kworker/1:2/1719:
[  379.884592][    C1] yealink 3-1:36.0: urb_irq_callback - urb status -71
[  379.889013][   T31] 2 locks held by getty/5368:
[  379.895658][    C1] yealink 3-1:36.0: unexpected response 0
[  379.896001][    C1] yealink 3-1:36.0: urb_ctl_callback - urb status -71
[  379.913241][   T31]  #0: ffff8880394370a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80
[  379.913445][    C1] yealink 3-1:36.0: urb_irq_callback - urb status -71
[  379.924080][   T31]  #1: 
[  379.929778][    C1] yealink 3-1:36.0: unexpected response 0
[  379.930093][    C1] yealink 3-1:36.0: urb_ctl_callback - urb status -71
[  379.932937][   T31] ffffc900032332e8
[  379.938539][    C1] yealink 3-1:36.0: urb_irq_callback - urb status -71
[  379.945430][   T31]  (
[  379.948719][    C1] yealink 3-1:36.0: unexpected response 0
[  379.949369][    C1] yealink 3-1:36.0: urb_ctl_callback - urb status -71
[  379.957486][   T31] &ldata->atomic_read_lock
[  379.959030][    C1] yealink 3-1:36.0: urb_irq_callback - urb status -71
[  379.965638][   T31] ){+.+.}-{4:4}
[  379.971085][    C1] yealink 3-1:36.0: unexpected response 0
[  379.971473][    C1] yealink 3-1:36.0: urb_ctl_callback - urb status -71
[  379.979780][   T31] , at: n_tty_read+0x419/0x14f0
[  379.982554][    C1] yealink 3-1:36.0: urb_irq_callback - urb status -71
[  379.986060][   T31] 1 lock held by udevd/5601:
[  379.991474][    C1] yealink 3-1:36.0: unexpected response 0
[  379.991757][    C1] yealink 3-1:36.0: urb_ctl_callback - urb status -71
[  379.998651][   T31]  #0: 
[  380.003562][    C1] yealink 3-1:36.0: urb_irq_callback - urb status -71
[  380.010297][   T31] ffff8880286ce350
[  380.014505][    C1] yealink 3-1:36.0: unexpected response 0
[  380.014796][    C1] yealink 3-1:36.0: urb_ctl_callback - urb status -71
[  380.020640][   T31]  (
[  380.027208][    C1] yealink 3-1:36.0: urb_irq_callback - urb status -71
[  380.061857][    C1] yealink 3-1:36.0: unexpected response 0
[  380.068104][    C1] yealink 3-1:36.0: urb_ctl_callback - urb status -71
[  380.068570][   T31] &disk->open_mutex
[  380.075236][    C1] yealink 3-1:36.0: urb_irq_callback - urb status -71
[  380.085782][    C1] yealink 3-1:36.0: unexpected response 0
[  380.091685][    C1] yealink 3-1:36.0: urb_ctl_callback - urb status -71
[  380.091842][   T31] ){+.+.}-{4:4}, at: bdev_open+0x41a/0xe40
[  380.098701][    C1] yealink 3-1:36.0: urb_irq_callback - urb status -71
[  380.111150][    C1] yealink 3-1:36.0: unexpected response 0
[  380.118860][    C1] yealink 3-1:36.0: urb_ctl_callback - urb status -71
[  380.119142][   T31] 1 lock held by udevd/5602:
[  380.125820][    C1] yealink 3-1:36.0: urb_irq_callback - urb status -71
[  380.137079][    C1] yealink 3-1:36.0: unexpected response 0
[  380.142976][    C1] yealink 3-1:36.0: urb_ctl_callback - urb status -71
[  380.143135][   T31]  #0: 
[  380.149954][    C1] yealink 3-1:36.0: urb_irq_callback - urb status -71
[  380.159450][    C1] yealink 3-1:36.0: unexpected response 0
[  380.166069][    C1] yealink 3-1:36.0: urb_ctl_callback - urb status -71
[  380.169954][   T31] ffff88802878e350 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0x41a/0xe40
[  380.173193][    C1] yealink 3-1:36.0: urb_irq_callback - urb status -71
[  380.182529][   T31] 1 lock held by udevd/5603:
[  380.188580][    C1] yealink 3-1:36.0: unexpected response 0
[  380.190324][    C1] yealink 3-1:36.0: urb_ctl_callback - urb status -71
[  380.193833][   T31]  #0: 
[  380.199059][    C1] yealink 3-1:36.0: urb_irq_callback - urb status -71
[  380.206052][   T31] ffff8880286ca350
[  380.208394][    C1] yealink 3-1:36.0: unexpected response 0
[  380.208616][    C1] yealink 3-1:36.0: urb_ctl_callback - urb status -71
[  380.219394][   T31]  (
[  380.224747][    C1] yealink 3-1:36.0: urb_irq_callback - urb status -71
[  380.231756][   T31] &disk->open_mutex
[  380.233829][    C1] yealink 3-1:36.0: unexpected response 0
[  380.234068][    C1] yealink 3-1:36.0: urb_ctl_callback - urb status -71
[  380.247137][   T31] ){+.+.}-{4:4}
[  380.250335][    C1] yealink 3-1:36.0: urb_irq_callback - urb status -71
[  380.258576][   T31] , at: bdev_open+0x41a/0xe40
[  380.260322][    C1] yealink 3-1:36.0: unexpected response 0
[  380.261662][    C1] yealink 3-1:36.0: urb_ctl_callback - urb status -71
[  380.267563][   T31] 1 lock held by udevd/5604:
[  380.272248][    C1] yealink 3-1:36.0: urb_irq_callback - urb status -71
[  380.282945][   T31]  #0: 
[  380.284246][    C1] yealink 3-1:36.0: unexpected response 0
[  380.284538][    C1] yealink 3-1:36.0: urb_ctl_callback - urb status -71
[  380.289162][   T31] ffff888028508350
[  380.295788][    C1] yealink 3-1:36.0: urb_ctl_callback - urb status -71
[  380.321557][    C1] yealink 3-1:36.0: urb_ctl_callback - urb status -71
[  380.328512][    C1] yealink 3-1:36.0: urb_ctl_callback - urb status -71
[  380.335438][    C1] yealink 3-1:36.0: urb_irq_callback - urb status -71
[  380.342221][    C1] yealink 3-1:36.0: unexpected response 0
[  380.348135][    C1] yealink 3-1:36.0: urb_ctl_callback - urb status -71
[  380.348254][   T31]  (
[  380.355080][    C1] yealink 3-1:36.0: urb_irq_callback - urb status -71
[  380.364324][    C1] yealink 3-1:36.0: unexpected response 0
[  380.370959][   T31] &disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0x41a/0xe40
[  380.371286][    C1] yealink 3-1:36.0: urb_ctl_callback - urb status -71
[  380.378735][   T31] 2 locks held by kworker/u9:5/5624:
[  380.385545][    C1] yealink 3-1:36.0: urb_irq_callback - urb status -71
[  380.396030][   T31]  #0: 
[  380.397132][    C1] yealink 3-1:36.0: unexpected response 0
[  380.397371][    C1] yealink 3-1:36.0: urb_ctl_callback - urb status -71
[  380.400218][   T31] ffff88805374e940
[  380.405779][    C1] yealink 3-1:36.0: urb_irq_callback - urb status -71
[  380.405800][    C1] yealink 3-1:36.0: unexpected response 0
[  380.405984][    C1] yealink 3-1:36.0: urb_ctl_callback - urb status -71
[  380.414143][   T31]  (
[  380.416580][    C1] yealink 3-1:36.0: urb_irq_callback - urb status -71
[  380.423521][   T31] (wq_completion)nbd16-recv
[  380.428840][    C1] yealink 3-1:36.0: unexpected response 0
[  380.429043][    C1] yealink 3-1:36.0: urb_ctl_callback - urb status -71
[  380.436054][   T31] ){+.+.}-{0:0}
[  380.438286][    C1] yealink 3-1:36.0: urb_irq_callback - urb status -71
[  380.445193][   T31] , at: process_one_work+0x12d6/0x1980
[  380.449354][    C1] yealink 3-1:36.0: unexpected response 0
[  380.449567][    C1] yealink 3-1:36.0: urb_ctl_callback - urb status -71
[  380.460642][   T31]  #1: 
[  380.462534][    C1] yealink 3-1:36.0: urb_irq_callback - urb status -71
[  380.465606][   T31] ffffc9000404fd08
[  380.472068][    C1] yealink 3-1:36.0: unexpected response 0
[  380.472429][    C1] yealink 3-1:36.0: urb_ctl_callback - urb status -71
[  380.478436][   T31]  (
[  380.483519][    C1] yealink 3-1:36.0: urb_irq_callback - urb status -71
[  380.490464][   T31] (work_completion)(&args->work)
[  380.492877][    C1] yealink 3-1:36.0: unexpected response 0
[  380.493102][    C1] yealink 3-1:36.0: urb_ctl_callback - urb status -71
[  380.542535][    C1] yealink 3-1:36.0: urb_irq_callback - urb status -71
[  380.542837][   T31] ){+.+.}-{0:0}
[  380.549290][    C1] yealink 3-1:36.0: unexpected response 0
[  380.549307][    C1] yealink 3-1:36.0: urb_irq_callback - usb_submit_urb failed -19
[  380.566786][ T5796] usb 3-1: USB disconnect, device number 38
[  380.567027][   T31] , at: process_one_work+0x973/0x1980
[  380.580865][   T31] 2 locks held by kworker/u9:6/5627:
[  380.586231][   T31]  #0: ffff88805374e940 ((wq_completion)nbd16-recv){+.+.}-{0:0}, at: process_one_work+0x12d6/0x1980
[  380.597167][   T31]  #1: ffffc9000406fd08 ((work_completion)(&args->work)){+.+.}-{0:0}, at: process_one_work+0x973/0x1980
[  380.608350][   T31] 2 locks held by kworker/u9:9/5630:
[  380.613710][   T31]  #0: ffff88805374e940 ((wq_completion)nbd16-recv){+.+.}-{0:0}, at: process_one_work+0x12d6/0x1980
[  380.624547][   T31]  #1: ffffc900043ffd08 ((work_completion)(&args->work)){+.+.}-{0:0}, at: process_one_work+0x973/0x1980
[  380.636441][ T2842] block nbd1: Possible stuck request ffff888028620000: control (read@0,1024B). Runtime 300 seconds
[  380.642344][   T31] 7 locks held by kworker/1:6/5796:
[  380.647177][ T2842] block nbd1: Possible stuck request ffff8880286201c0: control (read@1024,1024B). Runtime 300 seconds
[  380.652690][   T31]  #0: 
[  380.664500][ T2842] block nbd1: Possible stuck request ffff888028620380: control (read@2048,1024B). Runtime 300 seconds
[  380.664750][   T31] ffff888022a94940 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x12d6/0x1980
[  380.688809][   T31]  #1: ffffc9000503fd08 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x973/0x1980
[  380.701890][   T31]  #2: ffff88802b6711d8 (&dev->mutex){....}-{4:4}, at: hub_event+0x1bd/0x4af0
[  380.702032][ T2842] block nbd1: Possible stuck request ffff888028620540: control (read@3072,1024B). Runtime 300 seconds
[  380.710853][   T31]  #3: ffff88807ac641d8 (&dev->mutex){....}-{4:4}, at: usb_disconnect+0x10a/0x9a0
[  380.731146][   T31]  #4: ffff888057e851a0 (&dev->mutex){....}-{4:4}, at: device_release_driver_internal+0xb2/0x620
[  380.741775][   T31]  #5: ffffffff8fe2ee00 (input_mutex){+.+.}-{4:4}, at: __input_unregister_device+0x156/0x470
[  380.751983][   T31]  #6: ffffffff8e7f12a8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x27f/0x3c0
[  380.762113][   T31] 1 lock held by udevd/5814:
[  380.767193][   T31]  #0: ffff88802878a350 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0x41a/0xe40
[  380.776533][   T31] 1 lock held by udevd/6008:
[  380.781255][   T31]  #0: ffff888028916350 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0x41a/0xe40
[  380.790585][   T31] 1 lock held by udevd/6010:
[  380.797193][   T31]  #0: ffff88802850c350 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0x41a/0xe40
[  380.807033][   T31] 1 lock held by udevd/6016:
[  380.812457][   T31]  #0: ffff888028606350 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0x41a/0xe40
[  380.821847][   T31] 1 lock held by udevd/6018:
[  380.826569][   T31]  #0: ffff888028822350 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0x41a/0xe40
[  380.835952][   T31] 1 lock held by udevd/6093:
[  380.840597][   T31]  #0: ffff888028912350 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0x41a/0xe40
[  380.849969][   T31] 1 lock held by udevd/6263:
[  380.854634][   T31]  #0: ffff888028826350 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0x41a/0xe40
[  380.863984][   T31] 1 lock held by udevd/6269:
[  380.869171][   T31]  #0: ffff8880289ca350 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0x41a/0xe40
[  380.878637][   T31] 1 lock held by syz.1.515/7916:
[  380.883711][   T31]  #0: ffff8880289ca350 (&disk->open_mutex){+.+.}-{4:4}, at: sync_bdevs+0x153/0x480
[  380.893111][   T31] 1 lock held by syz.1.515/7917:
[  380.898120][   T31]  #0: ffff8880289ca350 (&disk->open_mutex){+.+.}-{4:4}, at: sync_bdevs+0x153/0x480
[  380.907674][   T31] 1 lock held by syz.4.1017/9850:
[  380.912755][   T31]  #0: ffffffff8e7f1178 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x48/0x6d0
[  380.923245][   T31] 
[  380.928273][   T31] =============================================
[  380.928273][   T31] 
[  380.948724][   T31] NMI backtrace for cpu 1
[  380.948744][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  380.948768][   T31] Tainted: [L]=SOFTLOCKUP
[  380.948775][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  380.948785][   T31] Call Trace:
[  380.948792][   T31]  <TASK>
[  380.948799][   T31]  dump_stack_lvl+0x100/0x190
[  380.948826][   T31]  nmi_cpu_backtrace.cold+0x12d/0x151
[  380.948850][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  380.948873][   T31]  nmi_trigger_cpumask_backtrace+0x1d7/0x230
[  380.948895][   T31]  sys_info+0x141/0x190
[  380.948922][   T31]  watchdog+0xcb1/0x1030
[  380.948948][   T31]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  380.948971][   T31]  ? __pfx_watchdog+0x10/0x10
[  380.948992][   T31]  ? __kthread_parkme+0x18c/0x230
[  380.949014][   T31]  ? kthread+0x13a/0x450
[  380.949033][   T31]  ? __pfx_watchdog+0x10/0x10
[  380.949051][   T31]  kthread+0x370/0x450
[  380.949071][   T31]  ? __pfx_kthread+0x10/0x10
[  380.949094][   T31]  ret_from_fork+0x72b/0xd50
[  380.949118][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  380.949141][   T31]  ? __switch_to+0x800/0x1100
[  380.949169][   T31]  ? __pfx_kthread+0x10/0x10
[  380.949190][   T31]  ret_from_fork_asm+0x1a/0x30
[  380.949227][   T31]  </TASK>
[  380.949233][   T31] Sending NMI from CPU 1 to CPUs 0:
[  381.082569][    C0] NMI backtrace for cpu 0
[  381.082585][    C0] CPU: 0 UID: 0 PID: 7360 Comm: syz-executor Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  381.082605][    C0] Tainted: [L]=SOFTLOCKUP
[  381.082610][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  381.082618][    C0] RIP: 0010:write_comp_data+0x40/0x90
[  381.082637][    C0] Code: 02 12 a9 00 01 ff 00 74 1b f6 c4 01 74 07 a9 00 00 ff 00 74 05 c3 cc cc cc cc 8b 87 d4 16 00 00 85 c0 74 f1 8b 87 b0 16 00 00 <83> f8 03 75 e6 48 8b 87 b8 16 00 00 8b bf b4 16 00 00 48 8b 30 48
[  381.082649][    C0] RSP: 0018:ffffc90007f5fa20 EFLAGS: 00000246
[  381.082661][    C0] RAX: 0000000000000000 RBX: ffffffffffffffff RCX: ffffffff8b81ddd0
[  381.082670][    C0] RDX: ffffffffffffffff RSI: ffffffffffffffff RDI: ffff888076c72500
[  381.082679][    C0] RBP: 0000000000000006 R08: 0000000000000006 R09: ffffffffffffffff
[  381.082687][    C0] R10: ffffffffffffffff R11: 0000000000000000 R12: 0000000000000006
[  381.082695][    C0] R13: ffffc90007f5fc48 R14: ffffc90007f5fb50 R15: ffffffffffffffff
[  381.082704][    C0] FS:  000055558c93b500(0000) GS:ffff888124370000(0000) knlGS:0000000000000000
[  381.082719][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  381.082728][    C0] CR2: 000055558c95ea88 CR3: 0000000054594000 CR4: 00000000003526f0
[  381.082737][    C0] Call Trace:
[  381.082741][    C0]  <TASK>
[  381.082746][    C0]  mas_wr_store_type+0xad0/0x1670
[  381.082770][    C0]  mas_erase+0x501/0x1970
[  381.082786][    C0]  ? __pfx_mas_erase+0x10/0x10
[  381.082801][    C0]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  381.082823][    C0]  mtree_erase+0xc5/0x110
[  381.082836][    C0]  ? __pfx_mtree_erase+0x10/0x10
[  381.082851][    C0]  ? find_held_lock+0x2b/0x80
[  381.082863][    C0]  ? simple_empty+0xe3/0x160
[  381.082877][    C0]  ? simple_empty+0xe3/0x160
[  381.082890][    C0]  simple_offset_remove+0x4f/0xa0
[  381.082909][    C0]  shmem_unlink+0xd4/0x2c0
[  381.082927][    C0]  shmem_rmdir+0x68/0x90
[  381.082944][    C0]  vfs_rmdir+0x328/0x8a0
[  381.082959][    C0]  filename_rmdir+0x31a/0x5c0
[  381.082977][    C0]  ? __pfx_filename_rmdir+0x10/0x10
[  381.082998][    C0]  ? do_getname+0x191/0x390
[  381.083018][    C0]  __x64_sys_unlinkat+0xf5/0x130
[  381.083036][    C0]  do_syscall_64+0x10b/0xf80
[  381.083052][    C0]  ? clear_bhb_loop+0x40/0x90
[  381.083068][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  381.083081][    C0] RIP: 0033:0x7f757c79bf77
[  381.083091][    C0] Code: 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 b8 07 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  381.083103][    C0] RSP: 002b:00007fff16dd2958 EFLAGS: 00000207 ORIG_RAX: 0000000000000107
[  381.083116][    C0] RAX: ffffffffffffffda RBX: 0000000000000065 RCX: 00007f757c79bf77
[  381.083124][    C0] RDX: 0000000000000200 RSI: 00007fff16dd3b00 RDI: 00000000ffffff9c
[  381.083133][    C0] RBP: 00007f757c8321ca R08: 0000000000010580 R09: 0000000000000001
[  381.083144][    C0] R10: 0000000000000000 R11: 0000000000000207 R12: 00007fff16dd3b00
[  381.083152][    C0] R13: 00007f757c8321ca R14: 000000000005c94d R15: 00007fff16dd4bd0
[  381.083166][    C0]  </TASK>
[  381.393203][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  381.400077][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  381.410776][   T31] Tainted: [L]=SOFTLOCKUP
[  381.415095][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  381.425138][   T31] Call Trace:
[  381.428403][   T31]  <TASK>
[  381.431313][   T31]  dump_stack_lvl+0x100/0x190
[  381.435991][   T31]  vpanic+0x552/0x970
[  381.439946][   T31]  ? __pfx_vpanic+0x10/0x10
[  381.444420][   T31]  ? nmi_trigger_cpumask_backtrace+0x182/0x230
[  381.450546][   T31]  ? nmi_trigger_cpumask_backtrace+0x182/0x230
[  381.456721][   T31]  panic+0xd1/0xe0
[  381.460418][   T31]  ? __pfx_panic+0x10/0x10
[  381.464814][   T31]  ? nmi_trigger_cpumask_backtrace+0x1b5/0x230
[  381.470948][   T31]  ? nmi_trigger_cpumask_backtrace+0x1f6/0x230
[  381.477077][   T31]  ? nmi_trigger_cpumask_backtrace+0x200/0x230
[  381.483220][   T31]  ? watchdog.cold+0x1ec/0x234
[  381.487965][   T31]  ? watchdog+0xcc1/0x1030
[  381.492368][   T31]  watchdog.cold+0x1fd/0x234
[  381.496934][   T31]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  381.502717][   T31]  ? __pfx_watchdog+0x10/0x10
[  381.507381][   T31]  ? __kthread_parkme+0x18c/0x230
[  381.512379][   T31]  ? kthread+0x13a/0x450
[  381.516605][   T31]  ? __pfx_watchdog+0x10/0x10
[  381.521266][   T31]  kthread+0x370/0x450
[  381.525325][   T31]  ? __pfx_kthread+0x10/0x10
[  381.529888][   T31]  ret_from_fork+0x72b/0xd50
[  381.534468][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  381.539581][   T31]  ? __switch_to+0x800/0x1100
[  381.544253][   T31]  ? __pfx_kthread+0x10/0x10
[  381.548839][   T31]  ret_from_fork_asm+0x1a/0x30
[  381.553595][   T31]  </TASK>
[  381.556874][   T31] Kernel Offset: disabled
[  381.561175][   T31] Rebooting in 86400 seconds..