last executing test programs:

9m50.698421241s ago: executing program 1 (id=1807):
r0 = socket$kcm(0x23, 0x5, 0x0)
setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000240)=0x6, 0x4)
listen(r0, 0x800)
setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000300)={@in={{0x2, 0x4e22, @initdev={0xac, 0x1e, 0x1, 0x0}}}, 0x0, 0x0, 0x3c, 0x0, "bb02a3c364ca41d6357e544508474004000b42a201ecffffffffffffff8a0e2f964e0000c534a632ab6193fcf19b2df3ee0500faa4ff1f56c54dc46d8b6d2ccd00a0cf0a007bbe00"}, 0xd8)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
sendmmsg(0xffffffffffffffff, &(0x7f0000000000), 0x4000000000001f2, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(0xffffffffffffffff, &(0x7f0000000380)=ANY=[@ANYBLOB="1c0000f500000000000000862dfdff000000"], 0x78)
ppoll(&(0x7f0000000140)=[{r0, 0x31}], 0x1, 0x0, 0x0, 0x0)
socket$nl_sock_diag(0x10, 0x3, 0x4)

9m48.418821032s ago: executing program 1 (id=1810):
r0 = syz_open_procfs(0x0, &(0x7f0000000180)='net/nfsfs\x00')
lseek(r0, 0x7fffffffffffffff, 0x1)
r1 = fsmount(r0, 0x0, 0xed)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0)
r3 = eventfd(0x0)
ioctl$VHOST_SET_VRING_BASE(r2, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f})
ioctl$VHOST_SET_LOG_FD(r2, 0x4004af07, &(0x7f0000000300)=r3)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000780)={'\x00', 0x3, 0x0, 0x7, 0x1, 0x200, <r4=>0xffffffffffffffff})
syz_open_procfs(r4, &(0x7f0000000880)='net\x00')
ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f0000000040)={0x1, r3})
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f00000001c0)=""/53, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000800)=""/90})
ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000001cc0)={0x1, 0x0, [{0x0, 0xffb, &(0x7f0000001d80)=""/4091}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000340)=0x1)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(r2, 0xc400941d, &(0x7f0000000380)={0x0, 0x3ff, 0x5})
r5 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000200)='/dev/comedi2\x00', 0xaa42, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x11, &(0x7f00000002c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0xff}, {}, {}, [@btf_id={0x18, 0x0, 0x3, 0x0, 0x5}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10}, 0x94)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f00000008c0), r1)
sendmsg$NL80211_CMD_SET_BEACON(r0, &(0x7f00000014c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000001480)={&(0x7f0000000900)={0xb44, r8, 0x400, 0x70bd25, 0x25dfdbff, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_BEACON_HEAD={0x44b, 0xe, {{{0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1}, {0x2}, @device_b, @device_a, @initial, {0x6, 0xff8}, @value=@ver_80211n={0x0, 0x2, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1}}, 0x341, @random=0xa8e, 0xe408, @void, @void, @val={0x3, 0x1, 0xad}, @void, @void, @val={0x5, 0x93, {0x6, 0xc0, 0x5, "f77f964a0edf2935280877d4cae7a9853f705275d49ebbd784725ddf050441da4c683e69e09b63797e9d499ab2d80d18b0f954d218eb0f5e5dd1aadadc6310a43c21e5f0745d9e8062172bce6c4b3260e6133c01955dbbaeb884e64fc5e2d584ac4a69df03d5a561a1b7c6de4c5ec5794d8e38ca9b7033ad37836984e5d559b4a41f6635304bc568d81dfb080414f610"}}, @void, @val={0x2a, 0x1, {0x1, 0x1, 0x1}}, @void, @void, @val={0x72, 0x6}, @val={0x71, 0x7, {0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x5}}, @void, [{0xdd, 0xde, "e85808cc3b8efbd42cd7d5116f8ed23561662b968d44b74670a0c6aa079f84fe66dd33b04dc8373cecbca80f281f9db800150dcb332924a236a23276cdd16152b69cce7c5140a476d87c203a7519bf62acdaf4242478bcc46ff4cf13073b47339708a92d04ff365bdc55fcf639d1fe4865372afd361d9442c3e7be8876485a0f1f6abfd1c9ce3ec58b35d9f8cc4d76a582544f411411b76db92110549dac53e4825c9be05100621c09f0ad3cc50f793f979d46bfcacb6687d86a945bb5f3deafe3c505dcf84281bcd0665d82eecae248c78c88f588f69bee993b298ddadf"}, {0xdd, 0xae, "34e9a3dadfdbff10c47410688d4396ef8cb2c5e11bedbd2d4c290cb3b463f20349c896c4a4bad93edc03dad290dd905f1feee12e3dd172e3f813cae1db70f363fb404ecfde9cebf120f08632dabcb93876af7ba49b4621693f1a60c265a2cc025c143dd2ded2c96fe9bcd589160fc5597b57de71d715d8677b5fa1e5e55f806272f033788e4ae521fea9249bbf10199cfdfb8c6bfdf7b6f22664db206ef907c03a0211a6bb5c059438bc5c434ecd"}, {0xdd, 0xf0, "70c412a31aa603f516745c46cb13ee1d07274e2dc2b1c28b3afc63fc0a248f5d39fef1f53d8402f9640bdb4572906a660991f12bb17ac3d9fff21764ab6396338ae8b17ceecb26b0693327506b9a0fa6d8e7ba0144292763d799c08816109e5919bffc8e83fb6646f4bfd5d0656092f891c6bcf28ccdd26cdb495e3a735b0ce933596d4c3e15d7c7400ac6872e1d51213528636c6c1464b3d804343a9c6eb264883cff04dc14b9d014cc7600e31c576a9c228f256f675fb32d8f78a44b91b5bd4d8982bc6f44fb01c65c80e629f71d6148926d6cac42af3d8dce2fb81bc1e68e097d7830d4bb85e7a8b1c420bd77f7cf"}, {0xdd, 0xef, "a339e3729a368dfbbe27fa1ccd05353acb5e93a7c6ae8a2ea4a183693b7bc105b719f223242f8b8d1ca878eee2412b9f0bf132a5929f4237ab2fa22d398a3dfe275119d9feef9edcd98ed8c8946340ae866d75628261763b7174cbcd560454b6f0427a01ffa836809ef5eeee5ee7edf8726ffd4b37b77546136d996c3a3a6bbf5faa8deb1382b9cf4e0ffdfdd8b75c922379643866c8913d3de9562112c52b9bef090f7c35492fd4a9cff6a9d917be1efe5b06508d40b3e4c16f71a39c07621bda04ecd82ee07c59ba96d3a90a307e3e7ce39cb488c0e143db964eda7d54122d3d95ad21ffdc99ed5d7688170c4276"}]}}, @NL80211_ATTR_IE_PROBE_RESP={0x12, 0x7f, [@chsw_timing={0x68, 0x4, {0x1, 0x9}}, @supported_rates={0x1, 0x6, [{0x18, 0x1}, {0xc, 0x1}, {0x2, 0x1}, {0x9}, {0x3}, {0x3, 0x1}]}]}, @NL80211_ATTR_BEACON_HEAD={0x23b, 0xe, {{{0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, {0x7}, @broadcast, @broadcast, @from_mac=@device_b, {0x8, 0x8}, @value=@ver_80211n={0x0, 0xd, 0x1, 0x3, 0x0, 0x2, 0x0, 0x0, 0x1}}, 0xfffffffffffffffe, @random=0xf, 0x10, @val={0x0, 0x19, @random="85361bbb23328985331b715137fcf6a6382b61fce3ad86501e"}, @void, @val={0x3, 0x1, 0xf1}, @val={0x4, 0x6, {0x4, 0x9, 0x5, 0x1}}, @void, @void, @val={0x25, 0x3, {0x0, 0xb8, 0x2}}, @void, @val={0x3c, 0x4, {0x1, 0x7, 0x34, 0x2}}, @void, @val={0x72, 0x6}, @val={0x71, 0x7, {0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x0, 0xffffffffffffffff, 0x9, 0x20}}, @void, [{0xdd, 0xcf, "2456511b739e3d2f40e7a5b98d94835291cf43c01c1fca35875b47528759465d3fbefb51f5cd8caf8399f45c8eea8fa575fbd8007b5bbfbfbc9c4d701b9974d950de76cbd6cd33d0fc1c1900e1d55a9e34c85da80d4a658ba71c440020ce10c4ba6a9ea3012125c4a0c74c2125410cedc9c428c86bc7a1f3643681e33653b216bcab75effb378e1aa70fc647192ff4ba00bfa0af945069b46ed68f00b167eb05bc30681ce810752e323d8370b944306173ba219d6e14a9933f4804281b649c2cc27eb586bd055bbc180183976310ea"}, {0xdd, 0xfa, "d1200f5b050e58b5fe3a72b1697acfa2be91df4cf01224a1c10b53a53d42a4d184c6acfe19b7b2faeba77fb7e2250203776b9a9f7143473b900907565befb7ad16325f4f358c0abd3bb8e7ca29307490abdcae7a95534c949ebd22c638d69703c66afb96780b6ba977cdb9a3055581eb69b38cfc35b5ae62e79f54b65e17fcdcd970bd73585d272d28f114ef6a281b9865964a4bb4608a6836319a3b5e92323c30b315efbe30af7fdd06dc0f31201d187b63c9b38c6d938cfb771e2c31f657fa8585fbd117dd2d71b6d04324bbf6681f9e45749c8e4a7dacf1a6f782fe3074d4a46d9935c2593a28c2b98b746762eaf9ee3d0ebf4ba68ae58130"}]}}, @NL80211_ATTR_BEACON_TAIL={0x18, 0xf, [@link_id={0x65, 0x12, {@random="e4d61f1f6c2d", @broadcast}}]}, @NL80211_ATTR_PROBE_RESP={0x403, 0x91, "fb859804af75e2fd6c9939b50a30111f8fcfaea76293cbb7cec0acccf88403a6d027816f56ef981e8d4d58cff12db759b99a0f820c7d7ad2a011f8467f354d1686d8c41895fd17521d96a5d69b4ffdcaf55dfd99c9449f5e1a7b19abcb021441a5d7eeb00c53aaf2ccdaeb702c4f8efc9a6616392bc116a7b9826e4df74d0efaa39844cce7b5859841fbf85f5981b514803bbbd2bbbe8ae0989e502d8e2580a29e41caa4dc6cf06bb5a71bf619f6bf8973490ae0fd1610930582d4cdc55b532fa114fa467297a69ec2efbfc6c8ab90da283666c2ac11740846b89b1277a68fbef96320864ae8fa9862302613c15905b0b3b0dc0bc9b8843b2e04f42801994b14198ce5e667855d1361aee60e6b0a007fac695c270461ddcd0228caa2d1f341864ec10c31171cd7fb18427acd696798ac3a0f7086977153344b50cc0e56ae321315d19c93196f8d6401242ec9668e905324de8dc25307af81cdec3864687a9beedc1affbfa51ceadda1be4c9d7277002df858d2d9588b0b8d17cfdd62dbc6eeff40e1a2a7423217729670308480579c4386ad567f84ce80afc9b68ca43c07fc4a67cdcf598fdd85c3b730a1169889bcf9ad0aea41719510f6c1369285aaa6f2f43f21abf17f51cd6eaa025eae3e83cfab8cc8422238868710c6de88245c12f7443ab39e9df4464cd39a79f5cbc68c954deea9e2fe8d26f82cb88049a1778b0d911e473dd883e8e4b63285ff7aaefd6a63f147fe9bb7abaa1909cacd8554dfa78fc92a154dcefce3dcfe77fc6e0f6a2803df88e9cfeba3913f5e033c680b7827e453c5f4f1b6208a9b7dff626922dcae16ea35f108c138173b8b70dfa4797c868cd9bde33d3836051b1b07a14395799a2abd8ac1615370d4b89d4d8a4522751ed1547ac728c9f0aa99da709ecf8f931fa89a5064ae24bd05b8848eb6afbacd6d231b4bc6eb7d9c219e466e8c27f33ad1f2a86567999e2f3c9f3ed1db6d19acca61d09cbbf7951c87dcd1aca7bed438a38c5b555bd7b296f886f1185056fb4c7e7343d19529d8bd1fc90cbf3ee1a61126777ff585595c7f27e472eaa783f1462e348eb94dbe6b7e92add4d4766397371580da28273aef947be9380653c5d6012d0b77eb8d70335d496d08c8909530e4b9d0c630ecc25e42042a949a8974159f292266000f34b8e53bf3708417fdc11028da942fd1bda93a5cb99f722764026df0c8a3cf1c588e1e4b78ea727e4baf7afb33f535e4e79e15040844e5a97337d6ffe8eccabcd97e2b6cedfb181af3acbb2158e0c4005f9a1d25f6e9a67ff57ec2a7357936e37e1eb22106dcb2571d3e4a219101a90d19f22c1def8a7fd3f4a28e28ae0ca7250cb5880cdd5e8b6f4de41ad9c3b9a2761383a0a99facaf0f8285c238e36efefc9e0aca088ef7219dd0ad9790052199501af8586de87f98647ae8a25c"}, @NL80211_ATTR_IE_ASSOC_RESP={0x6f, 0x80, [@prep={0x83, 0x1f, {{}, 0x81, 0xb, @device_b, 0x7, @void, 0xe532, 0x100, @device_a, 0x2}}, @random_vendor={0xdd, 0x45, "ba6e104b91eceda82828f48464cde109ab169ea48a655000abed18cc49ff9c5ab012f473ba268f89cea24722d20854a58df08e3e9eecd6626dd0e20fa16bd30438375543b7"}, @erp={0x2a, 0x1}]}]}, 0xb44}, 0x1, 0x0, 0x0, 0x200080c4}, 0x8001)
ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60)
r9 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r9, 0x4400ae8f, &(0x7f0000000140)=@x86={0x7, 0x2, 0xc5, 0x0, 0x1ff, 0x9, 0x4, 0x6, 0x1, 0xf8, 0x0, 0x3, 0x0, 0x7, 0x6, 0x6, 0x45, 0x4, 0xfe, '\x00', 0x4, 0x4})
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x5d031, 0xffffffffffffffff, 0x0)
ioctl$KVM_IRQ_LINE_STATUS(r7, 0xc008ae67, &(0x7f0000002080)={0x8, 0xffc00000})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r5, 0x0)

9m47.366734124s ago: executing program 1 (id=1817):
r0 = socket$inet6_icmp(0xa, 0x2, 0x3a)
bind$inet6(r0, &(0x7f0000000240)={0xa, 0x2, 0x1000, @empty}, 0x1c)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x8})
syz_emit_ethernet(0x3e, &(0x7f0000000000)=ANY=[@ANYBLOB="d9ea693249ca0180c200000086dd61fbddf000083aff00000000000000000000ffffac1e0001ff020000000000000000000000000001810090fc00020004"], 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_freeze_timeout', 0x82802, 0xf)
ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f00000003c0)={r1, 0x1000, {0x0, 0x0, 0x0, 0x2, 0x4000000000000ffe, 0x0, 0x0, 0x1c, 0xc, "faf98317e5a1149989fc8dbe53ea6abad0099cebdc25f5ab60c9e6d680f985881a8a0f3500000000000000000e0000000000000000000000000000000000ffff", "32d8cc26f7061a74df2cfc06c89f3d9a234b30c50997d3bef409ff2176ff7bfe55cd4a5d83cd4a524bd3ffe70c7f3f800b2f7b6aa54cc50a1fcaed1e831fa79a", "e4162e43ac610000fdff00", [0xfffffffffffffce6, 0xa]}})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x1, &(0x7f0000006680))
stat(&(0x7f0000000040)='.\x00', &(0x7f0000000080))
connect$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x1000000000002)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
setrlimit(0x5, 0x0)
r3 = socket(0x10, 0x3, 0x0)
memfd_create(&(0x7f0000000000)='/dev/nullb0\x00', 0x4)
sendmsg$nl_route_sched(r3, 0x0, 0x0)
fchdir(0xffffffffffffffff)
mkdirat(0xffffffffffffffff, &(0x7f0000000340)='./file1\x00', 0x120)
dup(0xffffffffffffffff)

9m46.91597792s ago: executing program 1 (id=1820):
r0 = openat$sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
pwritev(r0, &(0x7f0000000700)=[{&(0x7f0000000200)='_', 0x1}], 0x1, 0x7, 0x3)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x191f041, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
statx(r1, 0x0, 0x1000, 0x1, &(0x7f0000000100))
mount$bind(&(0x7f0000000080)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
io_setup(0x222, &(0x7f0000001040)=<r3=>0x0)
io_submit(r3, 0x3, &(0x7f0000000780)=[&(0x7f0000000540)={0x0, 0x0, 0x0, 0x1, 0x5, r2, &(0x7f0000000a00)="1c73de19da4e24a4be5c3011d88efffbb251589a5bef61f451a747474f315938cc426a841b78d07b04cc6f2d276323ea48a6fd1c0ba66f5055239df5a21b234315694fd58fe32aeaa543e5fe08ccdf3e689caa8cedec8010f8bb8c59eaa1ecbf0f6f66afde88c010b3138095b6a0daccf9c9011f03cc24e087286f2553198568c0aea639920383723c52ce2839b5dcb5ecf2eb92eeb24271354e1719e92347b792d0402fb04bbbf78fbebbf4b4832385561e1010dd612da55e8f734ade527cafb3fc6576c16cd2e71f68286e28d5d8a17e463ce4535f9c1700a5bf7b0f2104806450737ae63d3d377ddbcf7d4dd2f3f8f08de60c87b1e07487cae176e2f76ea307000093d84328c7f751d6d997555964813b103ea44b6e2e8bcc09609c25e5d1e0f174c44dfed19aa2fc6e6a60c589909709ff6b1a8e3c7462427d11469f81fa4d9a69ee39b8f3824889f3ee0c5a38a22832193d9f42bfcf06f2990746da71c109c82f51aaffbc9b33b03fe4993f4bfb59461c5a2e13514072283677447793cfe1e7bf5b48416b80a7e18e22cb13e0370f7bb9bf952c4c5355dba6df0d912f88d743c536db4b306075c2dcd59d602e75bb159f71e4f11192631fc338203c136c9efc5f05bf94d2fee1a6ad20f2c7e834e5be49ebedde2d9735f46eb08c6537d24f3f06589a4597f2d9378f00"/512, 0x200, 0x200}, 0x0, 0x0])
fchdir(r2)
mount$bind(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x18d883, 0x0)
mount$bind(&(0x7f0000000240)='.\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x1005848, 0x0)
io_destroy(r3)

9m44.792769179s ago: executing program 1 (id=1826):
r0 = syz_io_uring_setup(0x2f55, 0x0, &(0x7f0000001380), &(0x7f00000013c0), &(0x7f0000001400))
io_uring_register$IORING_UNREGISTER_RING_FDS(r0, 0x15, &(0x7f0000004900)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000004740)}, {0x0, 0x1, 0x0, 0x0, 0x0}], 0x2)

9m43.442339725s ago: executing program 1 (id=1832):
r0 = syz_usb_connect(0x0, 0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000371055900090582eb1000000001"], 0x0)
r1 = socket(0x10, 0x80003, 0x0)
write(r1, &(0x7f0000000000)="240000001a005f0214f9f4e6ff0804000a000000fe0000000000aa0008000f00fd000000", 0x24)
close_range(r1, 0xffffffffffffffff, 0x0)
syz_usb_connect(0x2, 0x5a, &(0x7f00000002c0)=ANY=[@ANYBLOB="120100032c5b9f40d112a6ece0ec010203010902480001020750100904a20805ff05638109210400020122ba0809050c00400007030809050f0420000203f609e7b100400007fba609050b01080080060709050100ff0303ff31"], 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000001280)={0x14, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0003040000000403"], 0x0, 0x0}, 0x0)
r2 = socket$inet6(0xa, 0x3, 0x0)
setsockopt$inet6_group_source_req(r2, 0x29, 0x2c, 0x0, 0x0)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xc38, &(0x7f0000000080)=ANY=[])

9m42.8869483s ago: executing program 32 (id=1832):
r0 = syz_usb_connect(0x0, 0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000371055900090582eb1000000001"], 0x0)
r1 = socket(0x10, 0x80003, 0x0)
write(r1, &(0x7f0000000000)="240000001a005f0214f9f4e6ff0804000a000000fe0000000000aa0008000f00fd000000", 0x24)
close_range(r1, 0xffffffffffffffff, 0x0)
syz_usb_connect(0x2, 0x5a, &(0x7f00000002c0)=ANY=[@ANYBLOB="120100032c5b9f40d112a6ece0ec010203010902480001020750100904a20805ff05638109210400020122ba0809050c00400007030809050f0420000203f609e7b100400007fba609050b01080080060709050100ff0303ff31"], 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000001280)={0x14, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0003040000000403"], 0x0, 0x0}, 0x0)
r2 = socket$inet6(0xa, 0x3, 0x0)
setsockopt$inet6_group_source_req(r2, 0x29, 0x2c, 0x0, 0x0)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xc38, &(0x7f0000000080)=ANY=[])

1m16.740420476s ago: executing program 0 (id=3054):
io_uring_setup(0x519, &(0x7f0000000340)={0x0, 0x3cb4, 0x2, 0xd01fa, 0x8100014e})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000480)={'wlan1\x00'})
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$ptp0(0xffffffffffffff9c, &(0x7f00000000c0), 0xc0542, 0x0)
creat(0x0, 0x0)
r0 = socket(0x40000000015, 0x4, 0x20000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_clone(0x4088080, 0x0, 0x0, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000032680)=""/102400, 0x19000)
write(r0, 0x0, 0x0)
socketpair(0x1d, 0x800, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
getpriority(0x2, 0x0)
sendmsg$NL80211_CMD_RELOAD_REGDB(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r3, 0x421, 0x70bd2a, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0xc35d4f6d52288271}, 0x200048c4)
ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, 0x0)

1m4.576287557s ago: executing program 3 (id=3354):
getsockopt$ax25_int(0xffffffffffffffff, 0x101, 0x8, &(0x7f00000001c0), &(0x7f00000003c0)=0x4)

1m4.49731308s ago: executing program 3 (id=3355):
openat$fb0(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
openat$fb0(0xffffff9c, &(0x7f0000000040), 0x8600, 0x0)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x1, 0x0, 0x7fff0000}]})
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000029008188e6b62aa73772cc9f1ba1f848430000005e140602000000000e00280010000700028000001294", 0x2e}], 0x1}, 0x40080)

1m4.260505708s ago: executing program 3 (id=3356):
r0 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/net/ipv4/tcp_timestamps\x00', 0x1, 0x0)
ioctl$FITHAW(r0, 0xc0045878)
r1 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
preadv(r1, &(0x7f00000000c0)=[{&(0x7f0000000040)=""/98, 0x5b}], 0x1, 0x0, 0x0)
syz_genetlink_get_family_id$wireguard(0x0, 0xffffffffffffffff)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000200)={0xc, 0x0, <r4=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r3, 0x3ba0, &(0x7f0000000180)={0x48, 0x2, r4, 0x0, 0x0, <r5=>0x0, 0x0, 0x1})
ioctl$IOMMU_HWPT_INVALIDATE$TEST(r3, 0x3b8d, &(0x7f0000001400)={0x20, r5, 0x0})
sendmmsg$inet(r2, &(0x7f0000000800)=[{{&(0x7f0000000080)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x29}}, 0x10, 0x0}}, {{&(0x7f00000000c0)={0x2, 0x4e21, @empty}, 0x10, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000007000000830704ac1414aa00f2dea9447f700744225d21fc398b5c932b4b054abe29d024132d44db2e0046ac9459d97b68bd157679c0f171bba098f114a0f867d471aa252e319cc80da254e2576ffe24ce2a74358d630a14f74d7009e0e56a0fb05b2d58fc47ed7171573c1febb4a0e0c6eff743b2ab8a6c0dbdcd12f1b4afcc3069d0e09d95ddfa991daf2e310039642eb0ddbfc5c37306aa0fd9b21d12cd2d6a59451f63058d80149696ab16c8c34081a53838fe366d13f38441beaf9803c61d38488f3d33f3bf54729fd1daef01f958f98fca812ce39fea2d45be3c6221eb6c4877d491"], 0x18}}], 0x2, 0x0)
brk(0x3b9c019e)
r6 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_MFC_PROXY(r6, 0x0, 0xd2, &(0x7f0000000000)={@broadcast, @multicast1, 0x0, "12ceaac82ab7d944e84b6fbd6178697e3b10c9b81bede26c85ee73daab4158e8", 0x2, 0x6, 0xfffff801, 0x4}, 0x3c)
setsockopt$MRT_FLUSH(r6, 0x0, 0xd4, &(0x7f0000000100)=0xe, 0x4)
r7 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f00000002c0)='.\x00', &(0x7f0000000040), 0x8000, &(0x7f00000003c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r7, @ANYRESHEX=r7])
close(r1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r8, &(0x7f0000000080)=ANY=[], 0x10448)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r8, 0x0)
getsockopt$nfc_llcp(r7, 0x118, 0x2, &(0x7f0000000540)=""/255, 0xff)
r9 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r9, 0x84, 0x82, &(0x7f00000001c0)=@sack_info={0x0, 0xffff, 0x8}, &(0x7f0000000440)=0xffffffffffffff15)
r10 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r10, &(0x7f0000000040)={0x18, 0x0, {0x1, @broadcast, 'ip6gre0\x00'}}, 0x1e)
ioctl$PPPOEIOCSFWD(r10, 0x4008b100, &(0x7f00000000c0)={0x18, 0x0, {0x1, @multicast, 'gre0\x00'}})
bpf$ENABLE_STATS(0x20, 0x0, 0x16)
bpf$MAP_CREATE(0x0, 0x0, 0x50)

1m3.801092507s ago: executing program 3 (id=3359):
r0 = io_uring_setup(0x2ef3, &(0x7f0000000000)={0x0, 0x5716, 0x80, 0x0, 0x1})
r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x12)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r3 = openat$cgroup_pressure(r2, &(0x7f0000000040)='memory.pressure\x00', 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0xe)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101081, 0x0)
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)={0x101841, 0x3, 0x8}, 0x18)
write$cgroup_pressure(r3, &(0x7f0000000080)={'some', 0x20, 0x2000000008, 0x20, 0x10000000fffff}, 0x2f)
r4 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
connect$802154_dgram(r4, &(0x7f0000000200)={0x2, @long}, 0x8)
write$cgroup_pressure(r3, &(0x7f0000000180)={'full', 0x20, 0x2, 0x20, 0x1000000}, 0x2f)
readv(r1, &(0x7f0000000540)=[{&(0x7f00000002c0)=""/15, 0xf}], 0x1)
close_range(r0, 0xffffffffffffffff, 0x0)
r5 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
getsockopt$MRT6(r5, 0x29, 0xcf, &(0x7f0000000040), &(0x7f00000000c0)=0x4)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_buf(r6, 0x6, 0x21, &(0x7f0000000280)="dc8daf8d760c0b8caa98fa19c6a35a18883775d272c579ff33a6effc0c49320f", 0x20)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x10b1c0, 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x1})
ioctl$TUNSETLINK(r7, 0x400454cd, 0x100)
r8 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000240)='net/dev_mcast\x00')
pread64(r8, &(0x7f0000003b00)=""/195, 0xc3, 0x591f)

1m2.151617171s ago: executing program 3 (id=3361):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x101100, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
r3 = socket$netlink(0x10, 0x3, 0xf)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000800)={0x0, @initdev, @initdev}, &(0x7f0000000840)=0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f00000b7000/0x2000)=nil, 0x2000, 0xb635773f06ebbeef, 0x40010, r2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r4, 0xff5d, &(0x7f0000000240)=0x7834bcc6)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000003c0)=0x11)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$BTRFS_IOC_SCRUB(r7, 0xc400941b, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)=ANY=[@ANYRES8=r3], 0x154}, 0x1, 0x0, 0x0, 0x2400c000}, 0x44)
ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000040)={'veth1_to_hsr\x00', &(0x7f0000003f40)=@ethtool_gstrings={0x1b, 0x5}})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000016000/0x18000)=nil, &(0x7f0000000300)=[@text32={0x20, 0x0}], 0x1, 0x4e, 0x0, 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="7400000010000104000002000004000000000000", @ANYRES32=0x0, @ANYBLOB="0380000010e3040008000500", @ANYRES32=0x0, @ANYBLOB="4c0012800c0001006d6163766c616c003c000280100005800a000400ffffffffffff0000280005800a00040000000000000000000a000400d282b01be45000000a000400aaaaaa7ed4db5aaaaabb0000"], 0x74}, 0x1, 0x0, 0x0, 0x240008c4}, 0x4054)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x80000000, &(0x7f0000006680))
futimesat(0xffffffffffffffff, 0x0, 0x0)

1m1.678646351s ago: executing program 3 (id=3366):
r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x100000000, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f00000000c0)={0x1, @pix={0x0, 0xcf6, 0x34424752, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1}})

1m1.206433712s ago: executing program 33 (id=3366):
r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x100000000, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f00000000c0)={0x1, @pix={0x0, 0xcf6, 0x34424752, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1}})

57.741838915s ago: executing program 0 (id=3054):
io_uring_setup(0x519, &(0x7f0000000340)={0x0, 0x3cb4, 0x2, 0xd01fa, 0x8100014e})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000480)={'wlan1\x00'})
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$ptp0(0xffffffffffffff9c, &(0x7f00000000c0), 0xc0542, 0x0)
creat(0x0, 0x0)
r0 = socket(0x40000000015, 0x4, 0x20000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_clone(0x4088080, 0x0, 0x0, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000032680)=""/102400, 0x19000)
write(r0, 0x0, 0x0)
socketpair(0x1d, 0x800, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
getpriority(0x2, 0x0)
sendmsg$NL80211_CMD_RELOAD_REGDB(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r3, 0x421, 0x70bd2a, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0xc35d4f6d52288271}, 0x200048c4)
ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, 0x0)

53.571859954s ago: executing program 0 (id=3054):
io_uring_setup(0x519, &(0x7f0000000340)={0x0, 0x3cb4, 0x2, 0xd01fa, 0x8100014e})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000480)={'wlan1\x00'})
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$ptp0(0xffffffffffffff9c, &(0x7f00000000c0), 0xc0542, 0x0)
creat(0x0, 0x0)
r0 = socket(0x40000000015, 0x4, 0x20000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_clone(0x4088080, 0x0, 0x0, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000032680)=""/102400, 0x19000)
write(r0, 0x0, 0x0)
socketpair(0x1d, 0x800, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
getpriority(0x2, 0x0)
sendmsg$NL80211_CMD_RELOAD_REGDB(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r3, 0x421, 0x70bd2a, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0xc35d4f6d52288271}, 0x200048c4)
ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, 0x0)

43.734175727s ago: executing program 6 (id=3367):
r0 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) (async)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb0100000a000000ff0000a3c9f4b1d0c2b7afeae60900"/38], &(0x7f0000000080)=""/125, 0x26, 0x7d, 0x1, 0x8}, 0x28) (async)
connect$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xb320a000) (async)
r3 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
mprotect(&(0x7f0000830000/0x3000)=nil, 0x3000, 0x1) (async)
fcntl$lock(r3, 0x410, &(0x7f00000000c0)={0x1, 0x1, 0x1, 0xfffe})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0xc369d000) (async)
lsetxattr$security_ima(&(0x7f0000000200)='.\x00', &(0x7f00000059c0), &(0x7f0000005a00)=@v2={0x3, 0x1, 0x5, 0x80000000}, 0x9, 0x1) (async)
close_range(r2, 0xffffffffffffffff, 0x0) (async)
ioctl$sock_bt_hidp_HIDPCONNADD(r0, 0x400448c8, &(0x7f0000000340)={r1, r1, 0xd, 0x0, 0x0, 0x9, 0x40, 0x16c0, 0x5505, 0x8b, 0x1, 0x9, 'syz0\x00'}) (async)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610408000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x3, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffe6b}, 0x48)

38.374515617s ago: executing program 0 (id=3054):
io_uring_setup(0x519, &(0x7f0000000340)={0x0, 0x3cb4, 0x2, 0xd01fa, 0x8100014e})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000480)={'wlan1\x00'})
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$ptp0(0xffffffffffffff9c, &(0x7f00000000c0), 0xc0542, 0x0)
creat(0x0, 0x0)
r0 = socket(0x40000000015, 0x4, 0x20000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_clone(0x4088080, 0x0, 0x0, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000032680)=""/102400, 0x19000)
write(r0, 0x0, 0x0)
socketpair(0x1d, 0x800, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
getpriority(0x2, 0x0)
sendmsg$NL80211_CMD_RELOAD_REGDB(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r3, 0x421, 0x70bd2a, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0xc35d4f6d52288271}, 0x200048c4)
ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, 0x0)

32.350237871s ago: executing program 6 (id=3367):
r0 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) (async)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb0100000a000000ff0000a3c9f4b1d0c2b7afeae60900"/38], &(0x7f0000000080)=""/125, 0x26, 0x7d, 0x1, 0x8}, 0x28) (async)
connect$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xb320a000) (async)
r3 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
mprotect(&(0x7f0000830000/0x3000)=nil, 0x3000, 0x1) (async)
fcntl$lock(r3, 0x410, &(0x7f00000000c0)={0x1, 0x1, 0x1, 0xfffe})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0xc369d000) (async)
lsetxattr$security_ima(&(0x7f0000000200)='.\x00', &(0x7f00000059c0), &(0x7f0000005a00)=@v2={0x3, 0x1, 0x5, 0x80000000}, 0x9, 0x1) (async)
close_range(r2, 0xffffffffffffffff, 0x0) (async)
ioctl$sock_bt_hidp_HIDPCONNADD(r0, 0x400448c8, &(0x7f0000000340)={r1, r1, 0xd, 0x0, 0x0, 0x9, 0x40, 0x16c0, 0x5505, 0x8b, 0x1, 0x9, 'syz0\x00'}) (async)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610408000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x3, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffe6b}, 0x48)

30.166890499s ago: executing program 6 (id=3367):
r0 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) (async)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb0100000a000000ff0000a3c9f4b1d0c2b7afeae60900"/38], &(0x7f0000000080)=""/125, 0x26, 0x7d, 0x1, 0x8}, 0x28) (async)
connect$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xb320a000) (async)
r3 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
mprotect(&(0x7f0000830000/0x3000)=nil, 0x3000, 0x1) (async)
fcntl$lock(r3, 0x410, &(0x7f00000000c0)={0x1, 0x1, 0x1, 0xfffe})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0xc369d000) (async)
lsetxattr$security_ima(&(0x7f0000000200)='.\x00', &(0x7f00000059c0), &(0x7f0000005a00)=@v2={0x3, 0x1, 0x5, 0x80000000}, 0x9, 0x1) (async)
close_range(r2, 0xffffffffffffffff, 0x0) (async)
ioctl$sock_bt_hidp_HIDPCONNADD(r0, 0x400448c8, &(0x7f0000000340)={r1, r1, 0xd, 0x0, 0x0, 0x9, 0x40, 0x16c0, 0x5505, 0x8b, 0x1, 0x9, 'syz0\x00'}) (async)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610408000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x3, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffe6b}, 0x48)

25.419726194s ago: executing program 0 (id=3054):
io_uring_setup(0x519, &(0x7f0000000340)={0x0, 0x3cb4, 0x2, 0xd01fa, 0x8100014e})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000480)={'wlan1\x00'})
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$ptp0(0xffffffffffffff9c, &(0x7f00000000c0), 0xc0542, 0x0)
creat(0x0, 0x0)
r0 = socket(0x40000000015, 0x4, 0x20000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_clone(0x4088080, 0x0, 0x0, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000032680)=""/102400, 0x19000)
write(r0, 0x0, 0x0)
socketpair(0x1d, 0x800, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
getpriority(0x2, 0x0)
sendmsg$NL80211_CMD_RELOAD_REGDB(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r3, 0x421, 0x70bd2a, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0xc35d4f6d52288271}, 0x200048c4)
ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, 0x0)

15.909900727s ago: executing program 6 (id=3367):
r0 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) (async)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb0100000a000000ff0000a3c9f4b1d0c2b7afeae60900"/38], &(0x7f0000000080)=""/125, 0x26, 0x7d, 0x1, 0x8}, 0x28) (async)
connect$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xb320a000) (async)
r3 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
mprotect(&(0x7f0000830000/0x3000)=nil, 0x3000, 0x1) (async)
fcntl$lock(r3, 0x410, &(0x7f00000000c0)={0x1, 0x1, 0x1, 0xfffe})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0xc369d000) (async)
lsetxattr$security_ima(&(0x7f0000000200)='.\x00', &(0x7f00000059c0), &(0x7f0000005a00)=@v2={0x3, 0x1, 0x5, 0x80000000}, 0x9, 0x1) (async)
close_range(r2, 0xffffffffffffffff, 0x0) (async)
ioctl$sock_bt_hidp_HIDPCONNADD(r0, 0x400448c8, &(0x7f0000000340)={r1, r1, 0xd, 0x0, 0x0, 0x9, 0x40, 0x16c0, 0x5505, 0x8b, 0x1, 0x9, 'syz0\x00'}) (async)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610408000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x3, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffe6b}, 0x48)

13.106918133s ago: executing program 6 (id=3367):
r0 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) (async)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb0100000a000000ff0000a3c9f4b1d0c2b7afeae60900"/38], &(0x7f0000000080)=""/125, 0x26, 0x7d, 0x1, 0x8}, 0x28) (async)
connect$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xb320a000) (async)
r3 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
mprotect(&(0x7f0000830000/0x3000)=nil, 0x3000, 0x1) (async)
fcntl$lock(r3, 0x410, &(0x7f00000000c0)={0x1, 0x1, 0x1, 0xfffe})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0xc369d000) (async)
lsetxattr$security_ima(&(0x7f0000000200)='.\x00', &(0x7f00000059c0), &(0x7f0000005a00)=@v2={0x3, 0x1, 0x5, 0x80000000}, 0x9, 0x1) (async)
close_range(r2, 0xffffffffffffffff, 0x0) (async)
ioctl$sock_bt_hidp_HIDPCONNADD(r0, 0x400448c8, &(0x7f0000000340)={r1, r1, 0xd, 0x0, 0x0, 0x9, 0x40, 0x16c0, 0x5505, 0x8b, 0x1, 0x9, 'syz0\x00'}) (async)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610408000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x3, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffe6b}, 0x48)

11.720083654s ago: executing program 2 (id=3453):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
ioctl$BTRFS_IOC_DEV_REPLACE(r0, 0xca289435, &(0x7f00000004c0)={0x2, 0x81, @status={[0x2, 0x1, 0x9, 0x3, 0x8d9, 0x401]}, [0x8c6a, 0x6, 0x8d, 0xa6a6, 0x5, 0x4, 0x0, 0xc, 0x6, 0x3396, 0x400, 0x4, 0x80000000, 0x0, 0x5, 0x73, 0x7, 0x1, 0x1, 0x2, 0x1, 0x9, 0xf19d, 0xa, 0x7, 0x1cb, 0x3, 0x6, 0xd4, 0x6, 0x100000000, 0x10001, 0x5, 0x67, 0x5, 0x6, 0x3, 0x2, 0x9, 0xff, 0x1, 0x2, 0x3, 0x1, 0x8001, 0x1, 0x5, 0x38000000000000, 0x5, 0x9, 0x6, 0x8, 0x6, 0x3, 0xfffffffffffffffb, 0x5, 0x200, 0x7, 0x63e2, 0x4, 0x40, 0x3, 0x1, 0x7]})
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
r2 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_MFC(r2, 0x0, 0xcc, &(0x7f0000000140)={@multicast2, @multicast1, 0x0, "aaa517d60f2811d48c8a2cc60c4380bc23b510d442ff13482864280a9c0f4eb5", 0x0, 0x0, 0x0, 0x3}, 0x3c)
setsockopt$MRT_ADD_MFC_PROXY(r2, 0x0, 0xd2, &(0x7f0000000040)={@multicast2, @multicast1, 0x2, "4f6fb4d1af0f724e6118ecd4ac1100843af297baebb0efcdf5a284da144a011a", 0x4}, 0x3c)
setsockopt$MRT_DEL_MFC_PROXY(r2, 0x0, 0xd3, &(0x7f0000000100)={@multicast2, @multicast1, 0x2, "c6c0e6ec8755b5dc4e305886d95f086707764f8d0e5a0358ea21274f844a69e9", 0x9, 0x203, 0x489c, 0x1}, 0x3c)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
getsockopt(0xffffffffffffffff, 0x200000000114, 0x2710, 0x0, &(0x7f0000000000))
mount$cgroup(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x2010042, 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000100)={{0x1, 0x0, 0x0, 0x3}})
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f0000000440)={0x6, 0x20000006, 0x0, 0x0, 0xd})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)

10.783380574s ago: executing program 2 (id=3454):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x0, 0x0)
fcntl$getown(r0, 0x9)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xfffffffb}, 0x0)
syz_open_dev$usbfs(&(0x7f0000000140), 0x400076, 0x484100)
fsopen(0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0/file1\x00', 0x42, 0x5)
io_setup(0x5, &(0x7f00000002c0)=<r4=>0x0)
io_submit(r4, 0x1, &(0x7f0000000180)=[&(0x7f0000000400)={0x0, 0x0, 0x0, 0x1, 0x2, r3, 0x0, 0xfcfd, 0xaf, 0x0, 0x5400655aa3227f64, r3}])
ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r3, 0xc0305710, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x1})
r5 = syz_open_dev$dvb_demux(&(0x7f0000001e00), 0x0, 0x0)
ioctl$DVB_DEMUX_DMX_SET_FILTER(0xffffffffffffffff, 0x403c6f2b, &(0x7f0000000040)={0x1, {"40a568bf607c2094e9c6a0c0f550f7f8", "241e6a0b37e28869f574458eb6417d55", "a34d3bcc4817356e5c266b26fe399bde"}, 0x7, 0x4})
ioctl$DVB_DEMUX_DMX_SET_FILTER(r5, 0x403c6f2b, &(0x7f0000001e40)={0x6, {"4772ffacff04856ec9e8776f8ee906be", "2dfad343e15ead11f40c897700", "0000b3f88813da82b4cf00"}, 0x3eaf, 0x4})

9.218561712s ago: executing program 0 (id=3054):
io_uring_setup(0x519, &(0x7f0000000340)={0x0, 0x3cb4, 0x2, 0xd01fa, 0x8100014e})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000480)={'wlan1\x00'})
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$ptp0(0xffffffffffffff9c, &(0x7f00000000c0), 0xc0542, 0x0)
creat(0x0, 0x0)
r0 = socket(0x40000000015, 0x4, 0x20000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_clone(0x4088080, 0x0, 0x0, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000032680)=""/102400, 0x19000)
write(r0, 0x0, 0x0)
socketpair(0x1d, 0x800, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
getpriority(0x2, 0x0)
sendmsg$NL80211_CMD_RELOAD_REGDB(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r3, 0x421, 0x70bd2a, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0xc35d4f6d52288271}, 0x200048c4)
ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, 0x0)

7.493687076s ago: executing program 2 (id=3456):
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f00000000c0)={{0x1, 0x1, 0x18, <r0=>0xffffffffffffffff}, './file0\x00'})
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000140)={0x0, 0x10, &(0x7f0000000100)=[@in={0x2, 0x4e24, @private=0xa010101}]}, &(0x7f0000000180)=0x10)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x100, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CAP_MAX_VCPU_ID(r0, 0x4068aea3, &(0x7f00000002c0)={0x80, 0x0, 0x51f5})
r4 = dup(r3)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r4, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='\"'], 0x48)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000240)="c4c17d2b9dbbf40000420f2287b9800000c00f3235000400000f3048b832000000000000000f23d00f21f8353000000f0f23f8470f01df440f01f866baa100b800400000ef66b82c000f00d80f01df6467f2360f07", 0x55}], 0x1, 0x20, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f0000000200)={0x1, [<r6=>0x0]}, &(0x7f0000000080)=0x8)
getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000000040)={r6, 0x45}, &(0x7f00000001c0)=0x8)
getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000100)={r6, 0x4}, &(0x7f0000000180)=0x8)
r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bind$bt_l2cap(r7, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r7, 0x90004)
accept4(r7, &(0x7f0000000040)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @private1}}, 0x0, 0x800)

6.972001153s ago: executing program 5 (id=3459):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000000)={'netdevsim0\x00', &(0x7f0000000040)=@ethtool_coalesce={0xf, 0x80, 0x10000, 0x6, 0xc6, 0x8001, 0xb28e, 0x46, 0x6, 0x81, 0x6, 0x3, 0x8, 0x8008, 0x8000, 0xae, 0x101, 0x2, 0xfff, 0x4d, 0x1000000, 0x1000001, 0x15b}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000100), 0x3)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_rdma(0x10, 0x3, 0x14)
ioprio_set$uid(0x3, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x100)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r4, 0x6, 0x14, 0x0, &(0x7f0000000000))
r5 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r5, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r6 = open(&(0x7f0000000040)='./file0\x00', 0x84242, 0x1df2a23c5997fad6)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000f00f88)={{0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x1}, 0x0, 0x0, 0x5, 0xffffffffe95bf9a6, 0xffffffffff, 0x3, 0xfffffffffffffffc, 0x2, 0x9, 0x100})
write$FUSE_CREATE_OPEN(r6, &(0x7f0000000180)={0xa0, 0x0, 0x0, {{0x4, 0x0, 0x5, 0x7, 0x3, 0xfffffffd, {0x400000080001, 0xfd, 0x20ff, 0x8, 0xe, 0xd615, 0x9, 0x3, 0xfffffffc, 0x6000, 0x0, 0x0, 0x0, 0x5, 0x7}}, {0x0, 0x13}}}, 0xa0)
sendfile(r6, r6, &(0x7f0000000080), 0x7f03)
prlimit64(0x0, 0xe, 0x0, 0x0)

6.069870041s ago: executing program 2 (id=3460):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x3, 0x5, &(0x7f0000000200)=ANY=[@ANYBLOB="1802000006006a015b38000002000000850000002000000085000000a00000009500000000000000"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20}, 0x94)
socket$nl_generic(0x10, 0x3, 0x10)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0xb, 0x0, 0x0, 0x0, 0x3d, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x10, 0x2}, 0x94)
sched_setattr(0x0, &(0x7f0000000000)={0x38, 0x0, 0x1, 0x8001, 0x0, 0xb49, 0x200000000002, 0x9, 0x8, 0x5}, 0x0)
pselect6(0x40, &(0x7f0000000200)={0x5933, 0x1ff, 0x4, 0xfffffffffffffff7, 0x90000000000000, 0x64, 0x100, 0xfc}, &(0x7f0000000340)={0x1, 0x6, 0x8, 0xffffffffffff72aa, 0xab, 0x2, 0x5, 0x5}, &(0x7f00000003c0)={0x9, 0xfffffffffffffff1, 0x9, 0x6, 0xd3, 0x8, 0x7fffffffffffffff, 0xff}, &(0x7f0000000400), &(0x7f0000000580)={&(0x7f0000000540)={[0xfffffffffffffffd]}, 0x8})
r0 = socket$netlink(0x10, 0x3, 0x15)
writev(r0, &(0x7f0000000100)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
recvmmsg(r0, &(0x7f0000000680)=[{{0x0, 0x0, 0x0}, 0x5}], 0x1, 0x40010000, 0x0)
poll(&(0x7f0000000000), 0x20000000000000b5, 0x9)
setsockopt$inet_tcp_TCP_FASTOPEN_KEY(0xffffffffffffffff, 0x6, 0x21, &(0x7f0000000040)="5766b1b827f600333b09d3748ee7d700", 0x10)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x10, 0x803, 0x0)
r1 = syz_open_dev$video(&(0x7f0000000440), 0x8, 0x0)
ioctl$VIDIOC_S_SELECTION(r1, 0xc040565f, &(0x7f0000000940)={0x2, 0x0, 0x4, {0xc, 0x1000, 0x9, 0x240}})
syz_open_dev$usbfs(&(0x7f0000000100), 0x75, 0x1a1281)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r2, 0xc058534f, &(0x7f0000000080)={{0xf, 0x1}, 0x1, 0x2, 0x2, {0x0, 0xb}, 0x6, 0x6})

6.046223978s ago: executing program 5 (id=3461):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x3a98c2, 0x0)
r1 = syz_open_dev$vim2m(&(0x7f0000002c80), 0x3, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0)
r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
socket(0x2, 0x80805, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
setsockopt$bt_BT_CHANNEL_POLICY(r4, 0x112, 0xa, &(0x7f0000000000)=0x8, 0x4)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @vbi={0x6, 0x2, 0xc7a, 0x38414762, [0x3, 0x7], [0x2, 0x6], 0x2}})
r5 = socket(0x10, 0x3, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000380)={0x0, 0xbc}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb010018000000000000fbff0000000c0000f7bc8ad400020000738a00"], 0x0, 0x28}, 0x28)
socket(0x2, 0x80805, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmmsg(r5, &(0x7f0000000000), 0x4000000000001f2, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), r2)
ioctl$vim2m_VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f0000000140)={0x3, 0x1, 0x2})
ioctl$vim2m_VIDIOC_PREPARE_BUF(r1, 0xc058565d, &(0x7f0000002dc0)=@userptr={0x2, 0x1, 0x4, 0x0, 0x10001, {}, {0x1, 0xc, 0x9, 0xc, 0x3, 0x8, "c12400"}, 0x3, 0x2, {&(0x7f00000002c0)}, 0x96000})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000003, 0x4008032, 0xffffffffffffffff, 0x0)
mount(&(0x7f00000000c0)=@nullb, &(0x7f0000000080)='./cgroup\x00', &(0x7f0000000040)='hfsplus\x00', 0x2000010, &(0x7f0000000100)='barrier')
close_range(r0, 0xffffffffffffffff, 0x0)

4.256226273s ago: executing program 5 (id=3462):
bpf$MAP_CREATE(0x4000000000000, &(0x7f00000007c0)=ANY=[@ANYBLOB="0600000004000000be7000005c"], 0x50)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff})
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0)
chroot(&(0x7f0000000100)='./file0\x00')
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x215eb000)
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x35, &(0x7f0000000000)=0x8000, 0x4)
r1 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
getsockopt$IP_VS_SO_GET_DAEMON(r1, 0x0, 0x487, 0x0, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r3=>0x0})
bpf$MAP_CREATE(0x0, &(0x7f0000000540)=@base={0x5, 0x7, 0x6, 0x3, 0x0, 0xffffffffffffffff, 0x20000000}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1e, 0x3, &(0x7f0000000440)=@framed, 0x0, 0xfffffffd, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000340)={r4, r3, 0x25, 0x0, @void}, 0x10)
syz_emit_ethernet(0xde, &(0x7f0000000680)={@random="000105e2ff00", @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @val={@val={0x88a8, 0x6, 0x1}, {0x8100, 0x1, 0x1, 0x1}}, {@mpls_uc={0x8847, {[], @ipv6=@generic={0x3, 0x6, "5a829d", 0xa0, 0x4, 0x1, @ipv4={'\x00', '\xff\xff', @loopback}, @dev={0xfe, 0x80, '\x00', 0x10}, {[@fragment={0x11, 0x0, 0xa, 0x1, 0x0, 0x1f, 0x64}, @srh={0x4, 0x2, 0x4, 0x1, 0x2, 0x20, 0x7, [@private1={0xfc, 0x1, '\x00', 0x1}]}, @hopopts={0x2f, 0x7, '\x00', [@jumbo={0xc2, 0x4, 0x4}, @generic={0x3, 0x33, "57a2de678f2285794d14308f9fc5e67f88b7079afe622b0d627aa48109381468ed1fea941221230cd98ca5e6b74a5387b7f5ad"}]}, @srh={0x2b, 0x4, 0x4, 0x2, 0x2, 0x18, 0x3ff, [@ipv4={'\x00', '\xff\xff', @private=0xa010101}, @mcast1]}, @fragment={0x33, 0x0, 0x2, 0x0, 0x0, 0x10, 0x64}], "cb0ed46e87ef95ee"}}}}}}, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x9}], {0x14}}, 0x3c}}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x6, 0x3, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000580)={'vlan0\x00', <r9=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000004c0)={r7, r9, 0x25, 0x0, @void}, 0x10)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r7, 0x0, 0x0, 0x29, 0x0, &(0x7f0000000200)=""/41, 0x2, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000280)="5929528b", 0x2, 0x0, 0x1}, 0x50)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'batadv_slave_0\x00'})
sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="2000000011000100256a86cf12893d83a6000000", @ANYRES32=r9], 0x20}}, 0x0)
setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000140)=ANY=[], 0x8)
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000080)={0x0, @loopback, 0x4e25, 0x3, 'sh\x00', 0x3e, 0x6, 0x5b}, 0x2c)
recvmmsg(r0, &(0x7f0000000040), 0x400000000000284, 0x2, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000240)=@bpf_lsm={0x18, 0x7, &(0x7f0000000180)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0x4}, @exit, @initr0, @exit, @exit, @exit], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)

4.186388196s ago: executing program 4 (id=3463):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x4, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000000000000000000000000088500000076000000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000005c0)=@newtaction={0x94, 0x30, 0xffffffffffffffff, 0x0, 0x40002, {}, [{0x80, 0x1, [@m_bpf={0x4c, 0x1, 0x0, 0x0, {{0x8}, {0x24, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_PARMS={0x18, 0x2, {0x64, 0x7, 0x8, 0x1}}, @TCA_ACT_BPF_FD={0x8, 0x5, r1}]}, {0x4}, {0xc}, {0xc}}}, @m_police={0x30, 0x2, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x3, 0x3}}}}]}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)

4.11056421s ago: executing program 4 (id=3464):
inotify_init()
socket$nl_generic(0x10, 0x3, 0x10)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0xb, 0x0, 0x0, 0x0, 0x3d, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x10, 0x2}, 0x94)
sched_setattr(0x0, &(0x7f0000000000)={0x38, 0x0, 0x1, 0x8001, 0x0, 0xb49, 0x200000000002, 0x9, 0x8, 0x5}, 0x0)
pselect6(0x40, &(0x7f0000000200)={0x5933, 0x1ff, 0x4, 0xfffffffffffffff7, 0x90000000000000, 0x64, 0x100, 0xfc}, &(0x7f0000000340)={0x1, 0x6, 0x8, 0xffffffffffff72aa, 0xab, 0x2, 0x5, 0x5}, &(0x7f00000003c0)={0x9, 0xfffffffffffffff1, 0x9, 0x6, 0xd3, 0x8, 0x7fffffffffffffff, 0xff}, &(0x7f0000000400), &(0x7f0000000580)={&(0x7f0000000540)={[0xfffffffffffffffd]}, 0x8})
r0 = socket$netlink(0x10, 0x3, 0x15)
writev(r0, &(0x7f0000000100)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
recvmmsg(r0, &(0x7f0000000680)=[{{0x0, 0x0, 0x0}, 0x5}], 0x1, 0x40010000, 0x0)
poll(&(0x7f0000000000), 0x20000000000000b5, 0x9)
setsockopt$inet_tcp_TCP_FASTOPEN_KEY(0xffffffffffffffff, 0x6, 0x21, &(0x7f0000000040)="5766b1b827f600333b09d3748ee7d700", 0x10)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x10, 0x803, 0x0)
r1 = syz_open_dev$video(&(0x7f0000000440), 0x8, 0x0)
ioctl$VIDIOC_S_SELECTION(r1, 0xc040565f, &(0x7f0000000940)={0x2, 0x0, 0x4, {0xc, 0x1000, 0x9, 0x240}})
syz_open_dev$usbfs(&(0x7f0000000100), 0x75, 0x1a1281)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r2, 0xc058534f, &(0x7f0000000080)={{0xf, 0x1}, 0x1, 0x2, 0x2, {0x0, 0xb}, 0x6, 0x6})

3.946477021s ago: executing program 4 (id=3465):
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r0=>0x0)
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10000, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000700)=@raw={'raw\x00', 0x4001, 0x3, 0x3d8, 0x230, 0x700001b, 0x148, 0x0, 0x148, 0x340, 0x206, 0x240, 0x340, 0x240, 0x7fffffe, 0x0, {[{{@ip={@local, @rand_addr, 0x0, 0x0, 'tunl0\x00', 'bond_slave_1\x00', {0xff}}, 0x1ea, 0x1e8, 0x230, 0x0, {0x390, 0x8f00}, [@common=@inet=@hashlimit2={{0x150}, {'pim6reg1\x00', {0x5, 0x1ff, 0x1, 0x1, 0x1, 0x100, 0x1, 0x8, 0x20}, {0x8}}}, @common=@inet=@socket2={{0x28}, 0x4}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x8, 0x9, 'snmp\x00', {0xc000}}}}, {{@uncond, 0x0, 0xb0, 0x110, 0x0, {}, [@common=@set={{0x40}, {{0x0, [0x0, 0x6275dd3c01ecbf44, 0x2, 0x4, 0x4], 0x4, 0x2}}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x4, [0x3, 0x6, 0x2, 0xa, 0x6], 0x2, 0x2}, {0xffffffffffffffff, [0x0, 0x0, 0x0, 0x0, 0x1], 0x5, 0x1}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x438)
timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
r2 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r2, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
sendmsg$inet(r2, &(0x7f0000000480)={&(0x7f0000000000)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, &(0x7f0000000380)=[{&(0x7f00000001c0)="91cfdfefdb", 0x1a000}], 0x1}, 0x0)
sendmsg$rds(r2, &(0x7f0000000140)={&(0x7f00000000c0)={0x2, 0x4e21, @local}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x0)
r3 = syz_open_dev$dvb_demux(&(0x7f0000000080), 0x0, 0x41)
ioctl$DVB_DEMUX_DMX_SET_FILTER(0xffffffffffffffff, 0x403c6f2b, &(0x7f0000001e40)={0x6, {"4772ffacff04856ec9e8776f8ee906be", "2dfad343e15ead11f40c897700", "0000b3f88813da82b4cf00"}, 0x3eaf, 0x4})
ioctl$DVB_DEMUX_DMX_SET_FILTER(r3, 0x403c6f2b, &(0x7f0000000240)={0x3, {"771c2e09a6afc168243d3e8ca34e208f", "45d5c22cb6cd3148b85d5dbf5f9e3413", "a9929074e915d4b883a44cd492a341be"}, 0x1, 0x4})

3.307988082s ago: executing program 5 (id=3466):
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r0=>0x0)
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10000, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000700)=@raw={'raw\x00', 0x4001, 0x3, 0x3d8, 0x230, 0x700001b, 0x148, 0x0, 0x148, 0x340, 0x206, 0x240, 0x340, 0x240, 0x7fffffe, 0x0, {[{{@ip={@local, @rand_addr, 0x0, 0x0, 'tunl0\x00', 'bond_slave_1\x00', {0xff}}, 0x1ea, 0x1e8, 0x230, 0x0, {0x390, 0x8f00}, [@common=@inet=@hashlimit2={{0x150}, {'pim6reg1\x00', {0x5, 0x1ff, 0x1, 0x1, 0x1, 0x100, 0x1, 0x8, 0x20}, {0x8}}}, @common=@inet=@socket2={{0x28}, 0x4}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x8, 0x9, 'snmp\x00', {0xc000}}}}, {{@uncond, 0x0, 0xb0, 0x110, 0x0, {}, [@common=@set={{0x40}, {{0x0, [0x0, 0x6275dd3c01ecbf44, 0x2, 0x4, 0x4], 0x4, 0x2}}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x4, [0x3, 0x6, 0x2, 0xa, 0x6], 0x2, 0x2}, {0xffffffffffffffff, [0x0, 0x0, 0x0, 0x0, 0x1], 0x5, 0x1}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x438)
timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
r2 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r2, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
sendmsg$inet(r2, &(0x7f0000000480)={&(0x7f0000000000)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, &(0x7f0000000380)=[{&(0x7f00000001c0)="91cfdfefdb", 0x1a000}], 0x1}, 0x0)
sendmsg$rds(r2, &(0x7f0000000140)={&(0x7f00000000c0)={0x2, 0x4e21, @local}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x0)
r3 = syz_open_dev$dvb_demux(&(0x7f0000000080), 0x0, 0x41)
ioctl$DVB_DEMUX_DMX_SET_FILTER(0xffffffffffffffff, 0x403c6f2b, &(0x7f0000001e40)={0x6, {"4772ffacff04856ec9e8776f8ee906be", "2dfad343e15ead11f40c897700", "0000b3f88813da82b4cf00"}, 0x3eaf, 0x4})
ioctl$DVB_DEMUX_DMX_SET_FILTER(r3, 0x403c6f2b, &(0x7f0000000240)={0x3, {"771c2e09a6afc168243d3e8ca34e208f", "45d5c22cb6cd3148b85d5dbf5f9e3413", "a9929074e915d4b883a44cd492a341be"}, 0x1, 0x4})

3.179993582s ago: executing program 5 (id=3467):
r0 = socket$netlink(0x10, 0x3, 0x0)
syz_usb_connect$uac3(0x0, 0xa0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201100500000040012130c60904000000010138000a2401042a00ff000000132403057b2eaf61bb4b00c7000800100002000d2409028144be44c5f54737d65cbdae6309c318deeaf7e9bda8faf344fc9399ce71f8c235c99837201f0000000d000000", @ANYRES8=r0], &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0})

3.02860439s ago: executing program 4 (id=3468):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x341, &(0x7f0000006680))
socket(0x40000000015, 0x4, 0x20000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
socket$inet_mptcp(0x2, 0x1, 0x106)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = syz_clone(0x4088080, 0x0, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000032680)=""/102400, 0x19000)
socketpair(0x1d, 0x800, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1.835871598s ago: executing program 4 (id=3469):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=@delchain={0x24, 0x65, 0x400, 0x70bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x509d884560ba1ba6, 0x3}, {}, {0x8, 0x10}}}, 0x24}}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) (fail_nth: 6)

1.639682133s ago: executing program 2 (id=3470):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000480)={'wlan1\x00'})
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$ptp0(0xffffffffffffff9c, 0x0, 0xc0542, 0x0)
creat(0x0, 0x0)
r1 = socket(0x40000000015, 0x4, 0x20000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_clone(0x4088080, 0x0, 0x0, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000032680)=""/102400, 0x19000)
write(r1, 0x0, 0x0)
socketpair(0x1d, 0x800, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
getpriority(0x2, 0x0)
sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc35d4f6d52288271}, 0x200048c4)
ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, 0x0)

1.414687984s ago: executing program 6 (id=3367):
r0 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) (async)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb0100000a000000ff0000a3c9f4b1d0c2b7afeae60900"/38], &(0x7f0000000080)=""/125, 0x26, 0x7d, 0x1, 0x8}, 0x28) (async)
connect$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xb320a000) (async)
r3 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
mprotect(&(0x7f0000830000/0x3000)=nil, 0x3000, 0x1) (async)
fcntl$lock(r3, 0x410, &(0x7f00000000c0)={0x1, 0x1, 0x1, 0xfffe})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0xc369d000) (async)
lsetxattr$security_ima(&(0x7f0000000200)='.\x00', &(0x7f00000059c0), &(0x7f0000005a00)=@v2={0x3, 0x1, 0x5, 0x80000000}, 0x9, 0x1) (async)
close_range(r2, 0xffffffffffffffff, 0x0) (async)
ioctl$sock_bt_hidp_HIDPCONNADD(r0, 0x400448c8, &(0x7f0000000340)={r1, r1, 0xd, 0x0, 0x0, 0x9, 0x40, 0x16c0, 0x5505, 0x8b, 0x1, 0x9, 'syz0\x00'}) (async)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610408000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x3, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffe6b}, 0x48)

52.633094ms ago: executing program 2 (id=3471):
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f00000000c0)={{0x1, 0x1, 0x18, <r0=>0xffffffffffffffff}, './file0\x00'})
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000140)={0x0, 0x10, &(0x7f0000000100)=[@in={0x2, 0x4e24, @private=0xa010101}]}, &(0x7f0000000180)=0x10)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x100, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CAP_MAX_VCPU_ID(r0, 0x4068aea3, &(0x7f00000002c0)={0x80, 0x0, 0x51f5})
r4 = dup(r3)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r4, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='\"'], 0x48)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000240)="c4c17d2b9dbbf40000420f2287b9800000c00f3235000400000f3048b832000000000000000f23d00f21f8353000000f0f23f8470f01df440f01f866baa100b800400000ef66b82c000f00d80f01df6467f2360f07", 0x55}], 0x1, 0x20, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f0000000200)={0x1, [<r6=>0x0]}, &(0x7f0000000080)=0x8)
getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000000040)={r6, 0x45}, &(0x7f00000001c0)=0x8)
getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000100)={r6, 0x4}, &(0x7f0000000180)=0x8)
r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bind$bt_l2cap(r7, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r7, 0x90004)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="043e130100c90001"], 0x16)

52.242857ms ago: executing program 4 (id=3472):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000280), r0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000740)={0x8, 0x0, [{0xc2, 0x0, 0xd9}, {0x9ac, 0x0, 0xf}, {0x88d, 0x0, 0xb7c}, {0x98d, 0x0, 0x8}, {0x2b3, 0x0, 0x5}, {0x633, 0x0, 0x8000000000000000}, {0x891, 0x0, 0x7}, {0x370, 0x0, 0x6c51}]})
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0x3, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000580)={'veth1_to_bond\x00', <r3=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000001c0)={r1, r3, 0x25, 0x4, @void}, 0x10)
syz_open_dev$usbfs(&(0x7f0000000240), 0x75, 0x109301)
memfd_create(0x0, 0x1)
openat$comedi(0xffffff9c, &(0x7f0000000100)='/dev/comedi0\x00', 0x101001, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r4 = syz_open_dev$MSR(&(0x7f0000000240), 0x2000080001000e, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = socket$packet(0x11, 0x3, 0x300)
bind$packet(r5, &(0x7f0000000040)={0x11, 0x1, 0x0, 0x1, 0x9, 0x6, @multicast}, 0x14)

0s ago: executing program 5 (id=3473):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x3a98c2, 0x0)
r1 = syz_open_dev$vim2m(&(0x7f0000002c80), 0x3, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0)
r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
socket(0x2, 0x80805, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
setsockopt$bt_BT_CHANNEL_POLICY(r4, 0x112, 0xa, &(0x7f0000000000)=0x8, 0x4)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @vbi={0x6, 0x2, 0xc7a, 0x38414762, [0x3, 0x7], [0x2, 0x6], 0x2}})
r5 = socket(0x10, 0x3, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000004c0)=ANY=[], 0xbc}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb010018000000000000fbff0000000c0000f7bc8ad400020000738a00"], 0x0, 0x28}, 0x28)
socket(0x2, 0x80805, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmmsg(r5, &(0x7f0000000000), 0x4000000000001f2, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), r2)
ioctl$vim2m_VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f0000000140)={0x3, 0x1, 0x2})
ioctl$vim2m_VIDIOC_PREPARE_BUF(r1, 0xc058565d, &(0x7f0000002dc0)=@userptr={0x2, 0x1, 0x4, 0x0, 0x10001, {}, {0x1, 0xc, 0x9, 0xc, 0x3, 0x8, "c12400"}, 0x3, 0x2, {&(0x7f00000002c0)}, 0x96000})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000003, 0x4008032, 0xffffffffffffffff, 0x0)
mount(&(0x7f00000000c0)=@nullb, &(0x7f0000000080)='./cgroup\x00', &(0x7f0000000040)='hfsplus\x00', 0x2000010, &(0x7f0000000100)='barrier')
close_range(r0, 0xffffffffffffffff, 0x0)

kernel console output (not intermixed with test programs):

lowpath+0x15d/0x8a0
[ 1112.152208][T17618]  __do_sys_clone+0xd9/0x120
[ 1112.152235][T17618]  ? __pfx___do_sys_clone+0x10/0x10
[ 1112.152271][T17618]  ? ksys_write+0x1ac/0x250
[ 1112.152293][T17618]  ? __pfx_ksys_write+0x10/0x10
[ 1112.152316][T17618]  ? rcu_is_watching+0x12/0xc0
[ 1112.152343][T17618]  do_syscall_64+0x10b/0xf80
[ 1112.152360][T17618]  ? clear_bhb_loop+0x40/0x90
[ 1112.152383][T17618]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1112.152401][T17618] RIP: 0033:0x7fa2ca79c819
[ 1112.152419][T17618] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1112.152436][T17618] RSP: 002b:00007fa2c89f5fd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1112.152456][T17618] RAX: ffffffffffffffda RBX: 00007fa2caa16180 RCX: 00007fa2ca79c819
[ 1112.152468][T17618] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1112.152479][T17618] RBP: 00007fa2c89f6090 R08: 0000000000000000 R09: 0000000000000000
[ 1112.152491][T17618] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1112.152502][T17618] R13: 00007fa2caa16218 R14: 00007fa2caa16180 R15: 00007ffe7be6d028
[ 1112.152526][T17618]  </TASK>
[ 1112.152578][T17618] Mem-Info:
[ 1112.232861][T17621] hpfs: Bad magic ... probably not HPFS
[ 1112.440877][T17618] active_anon:27742 inactive_anon:0 isolated_anon:0
[ 1112.440877][T17618]  active_file:27634 inactive_file:41101 isolated_file:0
[ 1112.440877][T17618]  unevictable:768 dirty:270 writeback:0
[ 1112.440877][T17618]  slab_reclaimable:8753 slab_unreclaimable:107175
[ 1112.440877][T17618]  mapped:38191 shmem:15500 pagetables:3735
[ 1112.440877][T17618]  sec_pagetables:0 bounce:0
[ 1112.440877][T17618]  kernel_misc_reclaimable:0
[ 1112.440877][T17618]  free:1260514 free_pcp:15767 free_cma:0
[ 1112.557993][T17447] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[ 1112.737448][T17447] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[ 1112.792520][T17447] wireguard: wg0: Could not create IPv4 socket
[ 1112.820220][T17447] wireguard: wg1: Could not create IPv4 socket
[ 1112.855386][T17447] wireguard: wg2: Could not create IPv4 socket
[ 1112.949664][T17618] Node 0 active_anon:66268kB inactive_anon:0kB active_file:110500kB inactive_file:164192kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:152928kB dirty:1080kB writeback:0kB shmem:16064kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12348kB pagetables:15088kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1113.058518][T17618] Node 1 active_anon:0kB inactive_anon:0kB active_file:36kB inactive_file:212kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:36kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:32kB pagetables:152kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1113.257204][T17618] Node 0 DMA free:15296kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:64kB local_pcp:32kB free_cma:0kB
[ 1113.296153][T17618] lowmem_reserve[]: 0 2477 2478 2478 2478
[ 1113.311451][T17618] Node 0 DMA32 free:1085656kB boost:0kB min:34052kB low:42564kB high:51076kB reserved_highatomic:0KB free_highatomic:0KB active_anon:77468kB inactive_anon:0kB active_file:110500kB inactive_file:164192kB unevictable:1536kB writepending:1080kB zspages:0kB present:3129332kB managed:2536960kB mlocked:0kB bounce:0kB free_pcp:97768kB local_pcp:60084kB free_cma:0kB
[ 1113.531956][   T29] audit: type=1400 audit(1776247224.246:74020): avc:  denied  { connect } for  pid=17632 comm="syz.5.3212" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[ 1113.737791][T17618] lowmem_reserve[]: 0 0 1 1 1
[ 1113.767608][T17618] Node 0 Normal free:12kB boost:0kB min:12kB low:12kB high:12kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1032kB mlocked:0kB bounce:0kB free_pcp:20kB local_pcp:8kB free_cma:0kB
[ 1113.798858][T17618] lowmem_reserve[]: 0 0 0 0 0
[ 1113.803661][T17618] Node 1 Normal free:3940436kB boost:0kB min:55832kB low:69788kB high:83744kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:36kB inactive_file:212kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1113.838166][   T29] audit: type=1400 audit(1776247224.246:74021): avc:  denied  { write } for  pid=17632 comm="syz.5.3212" path="socket:[65125]" dev="sockfs" ino=65125 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[ 1113.885320][T17618] lowmem_reserve[]: 0 0 0 0 0
[ 1113.896547][T17618] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 0*1024kB 1*2048kB (M) 3*4096kB (M) = 15296kB
[ 1113.957441][T17618] Node 0 DMA32: 4310*4kB (UME) 5378*8kB (UME) 3011*16kB (UM) 1054*32kB (UME) 1274*64kB (UME) 834*128kB (UME) 492*256kB (UME) 261*512kB (UME) 124*1024kB (UME) 12*2048kB (UM) 84*4096kB (UM) = 1085656kB
[ 1113.977430][T17618] Node 0 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB
[ 1113.990623][T17618] Node 1 Normal: 1*4kB (U) 6*8kB (UM) 10*16kB (UM) 6*32kB (U) 7*64kB (UM) 6*128kB (UM) 4*256kB (UM) 3*512kB (UM) 2*1024kB (UM) 3*2048kB (UM) 959*4096kB (M) = 3940436kB
[ 1114.029482][T17618] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1114.080124][T17618] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB
[ 1114.110994][T17618] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1114.165671][T17618] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1114.193075][T17618] 73141 total pagecache pages
[ 1114.203163][T17618] 0 pages in swap cache
[ 1114.216423][T17618] Free swap  = 124996kB
[ 1114.232563][T17618] Total swap = 124996kB
[ 1114.248547][T17618] 2097051 pages RAM
[ 1114.261170][T17618] 0 pages HighMem/MovableOnly
[ 1114.283909][T17618] 430938 pages reserved
[ 1114.299290][T17618] 0 pages cma reserved
[ 1115.173480][T17670] /dev/nullb0: Can't open blockdev
[ 1115.874694][T17685] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3219'.
[ 1116.093590][ T5817] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1116.108948][ T5817] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1116.125101][ T5817] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1116.138288][ T5817] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1116.155410][ T5817] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1116.190948][T17686] Failed to initialize the IGMP autojoin socket (err -2)
[ 1116.539210][  T792] usb 4-1: new low-speed USB device number 111 using dummy_hcd
[ 1116.710144][  T792] usb 4-1: config index 0 descriptor too short (expected 6427, got 27)
[ 1116.788033][  T792] usb 4-1: config 0 has an invalid interface number: 21 but max is 0
[ 1116.827502][  T792] usb 4-1: config 0 has no interface number 0
[ 1116.850812][  T792] usb 4-1: config 0 interface 21 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[ 1117.005945][  T792] usb 4-1: config 0 interface 21 altsetting 0 endpoint 0x82 has invalid maxpacket 255, setting to 8
[ 1117.048670][  T792] usb 4-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4
[ 1117.089177][  T792] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1117.130644][  T792] usb 4-1: config 0 descriptor??
[ 1117.159354][T17695] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 1117.613466][  T792] usb 4-1: USB disconnect, device number 111
[ 1117.691954][T17725] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3224'.
[ 1117.814595][   T29] audit: type=1804 audit(1776247228.536:74022): pid=17725 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.2.3224" name="/newroot/615/file1" dev="fuse" ino=1 res=1 errno=0
[ 1117.892670][T17731] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3225'.
[ 1118.244839][ T5820] Bluetooth: hci3: command tx timeout
[ 1118.402244][   T29] audit: type=1800 audit(1776247229.056:74023): pid=17725 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.2.3224" name="/" dev="fuse" ino=1 res=0 errno=0
[ 1118.545283][T17747] hpfs: Bad magic ... probably not HPFS
[ 1119.166151][T17755] netlink: 181284 bytes leftover after parsing attributes in process `syz.5.3230'.
[ 1119.534042][T14428] usb 6-1: new high-speed USB device number 38 using dummy_hcd
[ 1119.735029][T14428] usb 6-1: Using ep0 maxpacket: 32
[ 1119.749735][T14428] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[ 1119.760720][T17686] netdevsim netdevsim0 netdevsim0: renamed from eth5
[ 1119.773546][T14428] usb 6-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[ 1119.789532][T17686] netdevsim netdevsim0 netdevsim1: renamed from eth6
[ 1119.797379][T14428] usb 6-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[ 1119.809061][T14428] usb 6-1: Product: syz
[ 1119.820202][T17686] netdevsim netdevsim0 netdevsim2: renamed from eth7
[ 1119.827090][T14428] usb 6-1: Manufacturer: syz
[ 1119.835869][T14428] usb 6-1: SerialNumber: syz
[ 1119.845704][T14428] usb 6-1: config 0 descriptor??
[ 1119.851620][T17686] netdevsim netdevsim0 netdevsim3: renamed from eth8
[ 1119.866897][T17763] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 1119.877750][T14428] hub 6-1:0.0: bad descriptor, ignoring hub
[ 1119.883914][T14428] hub 6-1:0.0: probe with driver hub failed with error -5
[ 1120.096238][T17763] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1120.134477][T17763] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1120.414005][ T5820] Bluetooth: hci3: command tx timeout
[ 1120.420373][T14428] usb 6-1: USB disconnect, device number 38
[ 1121.529084][T17788] Failed to initialize the IGMP autojoin socket (err -2)
[ 1121.764947][ T5916] usb 6-1: new high-speed USB device number 39 using dummy_hcd
[ 1121.772625][  T792] usb 4-1: new high-speed USB device number 112 using dummy_hcd
[ 1121.898541][T17686] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[ 1121.930056][ T5916] usb 6-1: device descriptor read/64, error -71
[ 1121.955180][  T792] usb 4-1: Using ep0 maxpacket: 16
[ 1121.974232][  T792] usb 4-1: config 0 interface 0 altsetting 7 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1122.010489][T17686] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[ 1122.029230][  T792] usb 4-1: config 0 interface 0 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 25
[ 1122.065437][T14428] usb 3-1: new high-speed USB device number 99 using dummy_hcd
[ 1122.103805][  T792] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1122.114369][T17686] wireguard: wg0: Could not create IPv4 socket
[ 1122.135586][  T792] usb 4-1: New USB device found, idVendor=0c45, idProduct=5112, bcdDevice= 0.00
[ 1122.148044][T17686] wireguard: wg1: Could not create IPv4 socket
[ 1122.175992][  T792] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1122.184984][T17686] wireguard: wg2: Could not create IPv4 socket
[ 1122.214600][ T5916] usb 6-1: new high-speed USB device number 40 using dummy_hcd
[ 1122.235208][  T792] usb 4-1: config 0 descriptor??
[ 1122.239892][T14428] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1122.289172][T14428] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 1122.337894][T14428] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1122.354990][ T5916] usb 6-1: device descriptor read/64, error -71
[ 1122.378745][T14428] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1122.462161][T17798] raw-gadget.3 gadget.2: fail, usb_ep_enable returned -22
[ 1122.511163][ T5916] usb usb6-port1: attempt power cycle
[ 1122.615299][T14428] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[ 1122.647147][ T5817] Bluetooth: hci5: command 0x0405 tx timeout
[ 1125.335246][T17816] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3238'.
[ 1125.442616][T14428] usb 3-1: USB disconnect, device number 99
[ 1125.459838][   T29] audit: type=1804 audit(1776247236.186:74024): pid=17815 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.5.3238" name="/newroot/279/file1" dev="fuse" ino=1 res=1 errno=0
[ 1125.596675][  T792] usbhid 4-1:0.0: can't add hid device: -71
[ 1125.621415][  T792] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[ 1125.679534][  T792] usb 4-1: USB disconnect, device number 112
[ 1125.798428][T17829] netlink: 181284 bytes leftover after parsing attributes in process `syz.4.3242'.
[ 1126.031232][   T29] audit: type=1800 audit(1776247236.696:74025): pid=17815 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.5.3238" name="/" dev="fuse" ino=1 res=0 errno=0
[ 1127.418194][T17855] hpfs: Bad magic ... probably not HPFS
[ 1127.526342][  T792] usb 4-1: new high-speed USB device number 113 using dummy_hcd
[ 1127.686459][  T792] usb 4-1: config 0 has an invalid interface number: 69 but max is 0
[ 1127.704821][  T792] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1127.727344][  T792] usb 4-1: config 0 has no interface number 0
[ 1127.748297][  T792] usb 4-1: config 0 interface 69 altsetting 0 endpoint 0x8 has invalid wMaxPacketSize 0
[ 1127.759538][  T792] usb 4-1: config 0 interface 69 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 0
[ 1127.779277][  T792] usb 4-1: config 0 interface 69 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1127.819770][  T792] usb 4-1: New USB device found, idVendor=0c4b, idProduct=0100, bcdDevice=d7.ca
[ 1127.830563][  T792] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1127.845410][  T792] usb 4-1: Product: syz
[ 1127.849712][  T792] usb 4-1: Manufacturer: syz
[ 1127.856153][  T792] usb 4-1: SerialNumber: syz
[ 1127.866196][  T792] usb 4-1: config 0 descriptor??
[ 1127.877863][  T792] cyberjack 4-1:0.69: Reiner SCT Cyberjack USB card reader converter detected
[ 1127.890365][  T792] cyberjack ttyUSB0: usb_submit_urb(read int) failed
[ 1127.898937][  T792] usb 4-1: Reiner SCT Cyberjack USB card reader converter now attached to ttyUSB0
[ 1128.187375][T17865] md: could not open device unknown-block(0,0).
[ 1128.197554][T17865] md: md_import_device returned -6
[ 1128.450939][T17874] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3246'.
[ 1128.460120][T17874] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3246'.
[ 1129.778455][  T792] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[ 1129.812913][ T5817] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1129.827314][ T5817] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1129.840320][ T5817] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1129.852157][ T5817] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1129.860073][ T5817] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1129.927892][ T5916] usb 4-1: USB disconnect, device number 113
[ 1129.980128][ T5916] cyberjack ttyUSB0: Reiner SCT Cyberjack USB card reader converter now disconnected from ttyUSB0
[ 1130.007854][T17921] Failed to initialize the IGMP autojoin socket (err -2)
[ 1130.036665][T17931] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3254'.
[ 1130.048690][T17931] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3254'.
[ 1130.057377][ T5916] cyberjack 4-1:0.69: device disconnected
[ 1130.069998][T17934] mmap: syz.5.3256 (17934): VmData 37470208 exceed data ulimit 6. Update limits or use boot option ignore_rlimit_data.
[ 1130.104610][  T792] usb 5-1: Using ep0 maxpacket: 16
[ 1130.129713][  T792] usb 5-1: config 0 interface 0 altsetting 7 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1130.168506][  T792] usb 5-1: config 0 interface 0 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 25
[ 1130.224303][  T792] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1130.238101][  T792] usb 5-1: New USB device found, idVendor=0c45, idProduct=5112, bcdDevice= 0.00
[ 1130.250299][  T792] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1130.274272][  T792] usb 5-1: config 0 descriptor??
[ 1130.284838][T11437] usb 3-1: new high-speed USB device number 100 using dummy_hcd
[ 1130.455999][T11437] usb 3-1: Using ep0 maxpacket: 16
[ 1130.463226][T11437] usb 3-1: config 8 has an invalid interface number: 206 but max is 0
[ 1130.490576][T11437] usb 3-1: config 8 has no interface number 0
[ 1130.497321][T11437] usb 3-1: config 8 interface 206 altsetting 1 has an endpoint descriptor with address 0xF7, changing to 0x87
[ 1130.512947][T11437] usb 3-1: config 8 interface 206 altsetting 1 endpoint 0x87 has invalid maxpacket 33058, setting to 1024
[ 1130.596661][T12177] usb 6-1: new full-speed USB device number 42 using dummy_hcd
[ 1130.789131][T12177] usb 6-1: config 0 interface 0 altsetting 247 endpoint 0x81 has invalid maxpacket 512, setting to 64
[ 1130.826059][T12177] usb 6-1: config 0 interface 0 altsetting 247 has 2 endpoint descriptors, different from the interface descriptor's value: 9
[ 1130.877969][T12177] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1130.917037][T12177] usb 6-1: New USB device found, idVendor=06a3, idProduct=0ccd, bcdDevice= 0.00
[ 1130.943210][T12177] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1131.006773][T12177] usb 6-1: config 0 descriptor??
[ 1131.027745][T17943] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22
[ 1131.364233][   T29] audit: type=1400 audit(1776247242.086:74026): avc:  denied  { map } for  pid=17942 comm="syz.5.3257" path="/dev/comedi3" dev="devtmpfs" ino=1279 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 1131.391596][T17957] No control pipe specified
[ 1131.502807][T17957] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3257'.
[ 1131.528135][   T29] audit: type=1400 audit(1776247242.176:74027): avc:  denied  { read } for  pid=17942 comm="syz.5.3257" name="autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[ 1131.676493][   T29] audit: type=1400 audit(1776247242.176:74028): avc:  denied  { open } for  pid=17942 comm="syz.5.3257" path="/dev/autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[ 1131.790073][   T29] audit: type=1400 audit(1776247242.296:74029): avc:  denied  { ioctl } for  pid=17942 comm="syz.5.3257" path="/dev/autofs" dev="devtmpfs" ino=98 ioctlcmd=0x9374 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[ 1131.942897][ T5817] Bluetooth: hci3: command tx timeout
[ 1132.462970][T11437] usb 3-1: config 8 interface 206 altsetting 1 has 2 endpoint descriptors, different from the interface descriptor's value: 9
[ 1132.522621][T17957] hsr_slave_0: left promiscuous mode
[ 1132.538745][T17957] hsr_slave_1: left promiscuous mode
[ 1132.541989][T11437] usb 3-1: config 8 interface 206 has no altsetting 0
[ 1132.560093][T11437] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=35.bb
[ 1132.577085][T11437] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1132.593067][T11437] usb 3-1: Product: syz
[ 1132.597374][T11437] usb 3-1: Manufacturer: syz
[ 1132.602027][T11437] usb 3-1: SerialNumber: syz
[ 1132.678852][  T792] usbhid 5-1:0.0: can't add hid device: -71
[ 1132.694631][  T792] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[ 1132.723715][  T792] usb 5-1: USB disconnect, device number 32
[ 1132.961363][T12177] usbhid 6-1:0.0: can't add hid device: -71
[ 1132.972313][T11437] garmin_gps 3-1:8.206: Garmin GPS usb/tty converter detected
[ 1132.976555][T12177] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[ 1133.313143][T11437] usb 3-1: Garmin GPS usb/tty converter now attached to ttyUSB0
[ 1133.326822][T11437] usb 3-1: USB disconnect, device number 100
[ 1133.355018][T11437] garmin_gps ttyUSB0: Garmin GPS usb/tty converter now disconnected from ttyUSB0
[ 1133.365799][T11437] garmin_gps 3-1:8.206: device disconnected
[ 1133.420462][T17975] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3260'.
[ 1133.441559][T12177] usb 6-1: USB disconnect, device number 42
[ 1134.014818][ T5817] Bluetooth: hci3: command tx timeout
[ 1134.504627][T11437] usb 6-1: new low-speed USB device number 43 using dummy_hcd
[ 1134.684249][T11437] usb 6-1: config index 0 descriptor too short (expected 6427, got 27)
[ 1134.720212][T11437] usb 6-1: config 0 has an invalid interface number: 21 but max is 0
[ 1135.007478][T11437] usb 6-1: config 0 has no interface number 0
[ 1135.027860][T11437] usb 6-1: config 0 interface 21 altsetting 0 endpoint 0x82 has invalid maxpacket 29183, setting to 8
[ 1135.059222][T11437] usb 6-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4
[ 1135.082492][T11437] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1135.119979][T11437] usb 6-1: config 0 descriptor??
[ 1135.142814][T18010] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 1135.876665][T11437] usb 6-1: USB disconnect, device number 43
[ 1135.905389][   T29] audit: type=1400 audit(1776247246.646:74030): avc:  denied  { append } for  pid=18039 comm="syz.4.3266" name="001" dev="devtmpfs" ino=739 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[ 1136.031118][T17921] netdevsim netdevsim0 netdevsim0: renamed from eth5
[ 1136.060634][T17921] netdevsim netdevsim0 netdevsim1: renamed from eth6
[ 1136.095480][ T5817] Bluetooth: hci3: command tx timeout
[ 1136.119757][T17921] netdevsim netdevsim0 netdevsim2: renamed from eth7
[ 1136.176006][T17921] netdevsim netdevsim0 netdevsim3: renamed from eth8
[ 1136.352715][T18049] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[ 1136.389644][T18049] block device autoloading is deprecated and will be removed.
[ 1137.191407][T17921] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[ 1137.240971][T18064] md: could not open device unknown-block(0,0).
[ 1137.255557][T17921] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[ 1137.306329][T18064] md: md_import_device returned -6
[ 1137.308458][T17921] wireguard: wg0: Could not create IPv4 socket
[ 1137.360697][T17921] wireguard: wg1: Could not create IPv4 socket
[ 1137.415610][T17921] wireguard: wg2: Could not create IPv4 socket
[ 1137.934602][T14428] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[ 1138.114668][T14428] usb 5-1: Using ep0 maxpacket: 16
[ 1138.129504][T14428] usb 5-1: config 8 has an invalid interface number: 206 but max is 0
[ 1138.159786][T14428] usb 5-1: config 8 has no interface number 0
[ 1138.166212][ T5817] Bluetooth: hci3: command tx timeout
[ 1138.174302][T14428] usb 5-1: config 8 interface 206 altsetting 1 has an endpoint descriptor with address 0xF7, changing to 0x87
[ 1138.211575][T14428] usb 5-1: config 8 interface 206 altsetting 1 endpoint 0x87 has invalid maxpacket 33058, setting to 1024
[ 1138.260467][T14428] usb 5-1: config 8 interface 206 altsetting 1 has 2 endpoint descriptors, different from the interface descriptor's value: 9
[ 1138.315941][T14428] usb 5-1: config 8 interface 206 has no altsetting 0
[ 1138.354066][T14428] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=35.bb
[ 1138.391083][T14428] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1138.412726][T14428] usb 5-1: Product: syz
[ 1138.424236][T14428] usb 5-1: Manufacturer: syz
[ 1138.441513][T14428] usb 5-1: SerialNumber: syz
[ 1138.733170][T18087] netlink: 181284 bytes leftover after parsing attributes in process `syz.5.3273'.
[ 1138.829444][T14428] garmin_gps 5-1:8.206: Garmin GPS usb/tty converter detected
[ 1138.872548][T14428] usb 5-1: Garmin GPS usb/tty converter now attached to ttyUSB0
[ 1138.897975][T14428] usb 5-1: USB disconnect, device number 33
[ 1139.025468][T14428] garmin_gps ttyUSB0: Garmin GPS usb/tty converter now disconnected from ttyUSB0
[ 1139.050793][T14428] garmin_gps 5-1:8.206: device disconnected
[ 1139.369101][T18099] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1139.893621][   T29] audit: type=1400 audit(1776247250.626:74031): avc:  denied  { connect } for  pid=18106 comm="syz.5.3277" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[ 1140.536876][T18120] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[ 1140.564416][T18120] block device autoloading is deprecated and will be removed.
[ 1140.787061][   T29] audit: type=1400 audit(1776247251.526:74032): avc:  denied  { watch } for  pid=18133 comm="syz.4.3283" path="/182" dev="tmpfs" ino=980 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[ 1140.825363][T18134] [U] 
[ 1141.928467][   T29] audit: type=1400 audit(1776247252.666:74033): avc:  denied  { create } for  pid=18168 comm="syz.3.3285" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[ 1141.990391][   T29] audit: type=1400 audit(1776247252.696:74034): avc:  denied  { getopt } for  pid=18168 comm="syz.3.3285" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[ 1142.100772][ T5820] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1142.119664][ T5820] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1142.129590][ T5820] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1142.137662][ T5820] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1142.146265][ T5820] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1142.200472][T18176] Failed to initialize the IGMP autojoin socket (err -2)
[ 1142.222752][   T29] audit: type=1400 audit(1776247252.956:74035): avc:  denied  { write } for  pid=18180 comm="syz.2.3288" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[ 1142.268221][   T29] audit: type=1400 audit(1776247252.986:74036): avc:  denied  { read } for  pid=18180 comm="syz.2.3288" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[ 1142.513848][T18196] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3285'.
[ 1143.248552][T18220] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3290'.
[ 1143.288450][T18220] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3290'.
[ 1143.452438][T18215] md: could not open device unknown-block(0,0).
[ 1143.472103][T18215] md: md_import_device returned -6
[ 1143.653507][T18228] md: could not open device unknown-block(0,0).
[ 1143.668058][T18228] md: md_import_device returned -6
[ 1144.102717][T18176] netdevsim netdevsim0 netdevsim0: renamed from eth5
[ 1144.131200][T18176] netdevsim netdevsim0 netdevsim1: renamed from eth6
[ 1144.162036][T18176] netdevsim netdevsim0 netdevsim2: renamed from eth7
[ 1144.180682][T18176] netdevsim netdevsim0 netdevsim3: renamed from eth8
[ 1144.244688][ T5817] Bluetooth: hci3: command tx timeout
[ 1144.524572][T11437] usb 3-1: new high-speed USB device number 101 using dummy_hcd
[ 1144.597995][T18176] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[ 1144.628847][T18176] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[ 1144.653100][T18176] wireguard: wg0: Could not create IPv4 socket
[ 1144.662600][T18176] wireguard: wg1: Could not create IPv4 socket
[ 1144.680670][T18176] wireguard: wg2: Could not create IPv4 socket
[ 1144.685813][T11437] usb 3-1: config 220 has an invalid interface number: 76 but max is 2
[ 1144.706584][T11437] usb 3-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[ 1144.723641][T11437] usb 3-1: config 220 has an invalid descriptor of length 255, skipping remainder of the config
[ 1144.754616][T11437] usb 3-1: config 220 has no interface number 2
[ 1144.774774][T11437] usb 3-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[ 1144.798988][T11437] usb 3-1: config 220 interface 0 has no altsetting 0
[ 1144.827787][T11437] usb 3-1: config 220 interface 76 has no altsetting 0
[ 1144.846784][T11437] usb 3-1: config 220 interface 1 has no altsetting 0
[ 1144.861165][T11437] usb 3-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[ 1144.872817][T11437] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1144.893109][T11437] usb 3-1: Product: syz
[ 1144.916090][T11437] usb 3-1: Manufacturer: syz
[ 1144.935140][T11437] usb 3-1: SerialNumber: syz
[ 1145.614048][T11437] uvcvideo 3-1:220.0: Found UVC 7.01 device syz (8086:0b07)
[ 1145.624023][T11437] uvcvideo 3-1:220.0: No valid video chain found.
[ 1145.634936][T11437] usb 3-1: selecting invalid altsetting 0
[ 1145.664148][T11437] usb 3-1: selecting invalid altsetting 0
[ 1145.679296][T11437] usbtest 3-1:220.1: probe with driver usbtest failed with error -22
[ 1145.712530][T11437] usb 3-1: USB disconnect, device number 101
[ 1146.042370][T18311] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.3303'.
[ 1146.064382][T18308] netlink: 17780 bytes leftover after parsing attributes in process `syz.3.3302'.
[ 1147.263418][T18330] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[ 1147.279488][T18330] block device autoloading is deprecated and will be removed.
[ 1147.492973][T18322] md: could not open device unknown-block(2,32).
[ 1147.506943][T18322] md: md_import_device returned -6
[ 1147.597564][T18326] md: could not open device unknown-block(2,32).
[ 1147.604059][T18326] md: md_import_device returned -6
[ 1148.155718][   T29] audit: type=1404 audit(1776247258.886:74037): enforcing=1 old_enforcing=0 auid=4294967295 ses=4294967295 enabled=1 old-enabled=1 lsm=selinux res=1
[ 1148.214146][   T29] audit: type=1400 audit(1776247258.926:74038): avc:  denied  { read write } for  pid=18380 comm="syz.4.3309" name="raw-gadget" dev="devtmpfs" ino=820 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=0
[ 1148.327229][   T29] audit: type=1400 audit(1776247258.936:74039): avc:  denied  { read } for  pid=18383 comm="syz.2.3308" name="binder0" dev="binder" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=0
[ 1148.499973][   T29] audit: type=1400 audit(1776247258.936:74040): avc:  denied  { search } for  pid=18384 comm="dhcpcd-run-hook" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=0
[ 1148.698812][T18390] netlink: 232 bytes leftover after parsing attributes in process `syz.5.3311'.
[ 1148.753052][   T29] audit: type=1400 audit(1776247258.936:74041): avc:  denied  { read } for  pid=18383 comm="syz.2.3308" name="binder0" dev="binder" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=0
[ 1148.800008][   T29] audit: type=1400 audit(1776247258.936:74042): avc:  denied  { read } for  pid=18383 comm="syz.2.3308" name="binder0" dev="binder" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=0
[ 1148.870092][   T29] audit: type=1400 audit(1776247258.946:74043): avc:  denied  { read write } for  pid=12358 comm="syz-executor" name="loop5" dev="devtmpfs" ino=652 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0
[ 1148.899384][   T29] audit: type=1400 audit(1776247258.986:74044): avc:  denied  { search } for  pid=18372 comm="dhcpcd-run-hook" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=0
[ 1148.949807][   T29] audit: type=1400 audit(1776247258.986:74045): avc:  denied  { search } for  pid=18372 comm="dhcpcd-run-hook" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=0
[ 1149.090024][   T29] audit: type=1404 audit(1776247259.026:74046): enforcing=0 old_enforcing=1 auid=4294967295 ses=4294967295 enabled=1 old-enabled=1 lsm=selinux res=1
[ 1149.504702][T11437] usb 4-1: new low-speed USB device number 114 using dummy_hcd
[ 1149.736153][T11437] usb 4-1: config index 0 descriptor too short (expected 6427, got 27)
[ 1149.762180][T11437] usb 4-1: config 0 has an invalid interface number: 21 but max is 0
[ 1149.791509][T11437] usb 4-1: config 0 has no interface number 0
[ 1149.841858][T11437] usb 4-1: config 0 interface 21 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1149.883667][T11437] usb 4-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4
[ 1149.901234][T11437] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1150.134542][T11437] usb 4-1: config 0 descriptor??
[ 1150.191469][T18430] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3317'.
[ 1152.168047][ T5851] usb 4-1: USB disconnect, device number 114
[ 1152.638039][T18516] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[ 1152.667317][T18516] block device autoloading is deprecated and will be removed.
[ 1152.738296][ T5820] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1152.749403][ T5820] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1152.760378][ T5820] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1152.784277][ T5820] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1152.795653][ T5820] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1152.852368][T18523] Failed to initialize the IGMP autojoin socket (err -2)
[ 1153.189661][   T29] kauditd_printk_skb: 77 callbacks suppressed
[ 1153.189682][   T29] audit: type=1400 audit(1776247263.926:74124): avc:  denied  { read } for  pid=5472 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1
[ 1153.283687][   T29] audit: type=1400 audit(1776247263.976:74125): avc:  denied  { append } for  pid=18542 comm="syz.2.3330" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1153.315180][ T5851] usb 6-1: new low-speed USB device number 44 using dummy_hcd
[ 1153.457001][   T29] audit: type=1400 audit(1776247264.096:74126): avc:  denied  { read write } for  pid=18542 comm="syz.2.3330" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[ 1153.598565][   T29] audit: type=1400 audit(1776247264.096:74127): avc:  denied  { open } for  pid=18542 comm="syz.2.3330" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[ 1153.636613][   T29] audit: type=1400 audit(1776247264.096:74128): avc:  denied  { map } for  pid=18542 comm="syz.2.3330" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[ 1153.980113][ T5851] usb 6-1: config index 0 descriptor too short (expected 6427, got 27)
[ 1154.886727][ T5817] Bluetooth: hci3: command tx timeout
[ 1155.127519][ T5851] usb 6-1: config 0 has an invalid interface number: 21 but max is 0
[ 1155.135691][ T5851] usb 6-1: config 0 has no interface number 0
[ 1155.142465][ T5851] usb 6-1: config 0 interface 21 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[ 1155.154308][ T5851] usb 6-1: config 0 interface 21 altsetting 0 endpoint 0x82 has invalid maxpacket 255, setting to 8
[ 1155.165413][ T5851] usb 6-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4
[ 1155.174432][ T5851] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1155.184298][ T5851] usb 6-1: config 0 descriptor??
[ 1155.189998][T18540] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 1155.807527][ T5851] usb 6-1: USB disconnect, device number 44
[ 1156.797010][   T29] audit: type=1400 audit(1776247267.526:74129): avc:  denied  { create } for  pid=18611 comm="syz.2.3333" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[ 1156.974921][ T5817] Bluetooth: hci3: command tx timeout
[ 1158.720957][   T29] audit: type=1400 audit(1776247269.456:74130): avc:  denied  { append } for  pid=18636 comm="syz.5.3335" name="loop9" dev="devtmpfs" ino=656 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 1159.054632][ T5817] Bluetooth: hci3: command tx timeout
[ 1159.146914][   T29] audit: type=1400 audit(1776247269.886:74131): avc:  denied  { create } for  pid=18639 comm="syz.5.3336" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[ 1159.217419][   T29] audit: type=1400 audit(1776247269.916:74132): avc:  denied  { connect } for  pid=18639 comm="syz.5.3336" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[ 1159.266256][   T29] audit: type=1400 audit(1776247269.916:74133): avc:  denied  { write } for  pid=18639 comm="syz.5.3336" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[ 1159.284144][T18646] binder: BINDER_SET_CONTEXT_MGR already set
[ 1159.294950][T18646] binder: 18645:18646 ioctl 4018620d 2000000002c0 returned -16
[ 1159.334253][   T29] audit: type=1400 audit(1776247269.946:74134): avc:  denied  { ioctl } for  pid=18639 comm="syz.5.3336" path="socket:[70498]" dev="sockfs" ino=70498 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 1159.398622][   T29] audit: type=1400 audit(1776247269.946:74135): avc:  denied  { bind } for  pid=18639 comm="syz.5.3336" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[ 1159.438024][   T29] audit: type=1400 audit(1776247270.006:74136): avc:  denied  { ioctl } for  pid=18645 comm="syz.2.3338" path="/dev/binderfs/binder0" dev="binder" ino=7 ioctlcmd=0x620d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[ 1159.464414][T11437] usb 6-1: new high-speed USB device number 45 using dummy_hcd
[ 1159.492390][   T29] audit: type=1400 audit(1776247270.006:74137): avc:  denied  { set_context_mgr } for  pid=18645 comm="syz.2.3338" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[ 1159.529229][   T29] audit: type=1400 audit(1776247270.006:74138): avc:  denied  { map } for  pid=18645 comm="syz.2.3338" path="/dev/binderfs/binder0" dev="binder" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[ 1159.644179][T11437] usb 6-1: Using ep0 maxpacket: 8
[ 1159.666512][   T29] audit: type=1400 audit(1776247270.396:74139): avc:  denied  { create } for  pid=18652 comm="syz.3.3339" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[ 1159.728966][T11437] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 7
[ 1159.757680][T11437] usb 6-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b
[ 1159.770610][T11437] usb 6-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3
[ 1159.949409][T11437] usb 6-1: Product: syz
[ 1159.956889][T11437] usb 6-1: Manufacturer: syz
[ 1159.962415][T11437] usb 6-1: SerialNumber: syz
[ 1160.194671][T11437] usb 6-1: Handspring Visor / Palm OS: No valid connect info available
[ 1160.300058][T11437] usb 6-1: Handspring Visor / Palm OS: port 0, is for Generic use
[ 1160.373304][T11437] usb 6-1: Handspring Visor / Palm OS: port 0, is for Generic use
[ 1160.850198][T11437] usb 6-1: Handspring Visor / Palm OS: Number of ports: 2
[ 1160.886297][T11437] visor 6-1:1.0: Handspring Visor / Palm OS converter detected
[ 1160.938514][T11437] usb 6-1: Handspring Visor / Palm OS converter now attached to ttyUSB0
[ 1161.025037][T11437] usb 6-1: Handspring Visor / Palm OS converter now attached to ttyUSB1
[ 1161.102352][T11437] usb 6-1: USB disconnect, device number 45
[ 1161.132381][ T5817] Bluetooth: hci3: command tx timeout
[ 1161.162286][T11437] visor ttyUSB0: Handspring Visor / Palm OS converter now disconnected from ttyUSB0
[ 1161.226189][T11437] visor ttyUSB1: Handspring Visor / Palm OS converter now disconnected from ttyUSB1
[ 1161.247383][T11437] visor 6-1:1.0: device disconnected
[ 1161.728983][T18523] netdevsim netdevsim0 netdevsim0: renamed from eth5
[ 1161.776348][T18523] netdevsim netdevsim0 netdevsim1: renamed from eth6
[ 1161.822902][T18523] netdevsim netdevsim0 netdevsim2: renamed from eth7
[ 1161.885038][T18693] FAULT_INJECTION: forcing a failure.
[ 1161.885038][T18693] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1161.922693][T18693] CPU: 0 UID: 0 PID: 18693 Comm: syz.2.3347 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1161.922721][T18693] Tainted: [L]=SOFTLOCKUP
[ 1161.922727][T18693] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1161.922736][T18693] Call Trace:
[ 1161.922742][T18693]  <TASK>
[ 1161.922749][T18693]  dump_stack_lvl+0x100/0x190
[ 1161.922772][T18693]  should_fail_ex.cold+0x5/0xa
[ 1161.922797][T18693]  _copy_from_user+0x2e/0xd0
[ 1161.922826][T18693]  copy_msghdr_from_user+0x9f/0x4f0
[ 1161.922848][T18693]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 1161.922878][T18693]  ___sys_sendmsg+0x106/0x1e0
[ 1161.922899][T18693]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1161.922945][T18693]  __sys_sendmsg+0x170/0x220
[ 1161.922969][T18693]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1161.923002][T18693]  ? rcu_is_watching+0x12/0xc0
[ 1161.923027][T18693]  do_syscall_64+0x10b/0xf80
[ 1161.923044][T18693]  ? clear_bhb_loop+0x40/0x90
[ 1161.923065][T18693]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1161.923083][T18693] RIP: 0033:0x7fa2ca79c819
[ 1161.923099][T18693] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1161.923115][T18693] RSP: 002b:00007fa2cb59d028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1161.923132][T18693] RAX: ffffffffffffffda RBX: 00007fa2caa15fa0 RCX: 00007fa2ca79c819
[ 1161.923143][T18693] RDX: 000000002400c040 RSI: 00002000000006c0 RDI: 0000000000000004
[ 1161.923154][T18693] RBP: 00007fa2cb59d090 R08: 0000000000000000 R09: 0000000000000000
[ 1161.923164][T18693] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1161.923180][T18693] R13: 00007fa2caa16038 R14: 00007fa2caa15fa0 R15: 00007ffe7be6d028
[ 1161.923204][T18693]  </TASK>
[ 1162.104381][T18523] netdevsim netdevsim0 netdevsim3: renamed from eth8
[ 1163.471554][T18728] netlink: 10 bytes leftover after parsing attributes in process `syz.3.3355'.
[ 1163.559780][T18523] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[ 1163.606995][T18523] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[ 1163.656171][T18523] wireguard: wg0: Could not create IPv4 socket
[ 1163.681433][T18523] wireguard: wg1: Could not create IPv4 socket
[ 1163.709926][T18523] wireguard: wg2: Could not create IPv4 socket
[ 1163.727699][T18737] 9p: Bad value for 'rfdno'
[ 1163.776362][T18734] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1163.812467][   T29] kauditd_printk_skb: 18 callbacks suppressed
[ 1163.812485][   T29] audit: type=1400 audit(1776247274.546:74158): avc:  denied  { setopt } for  pid=18716 comm="syz.5.3352" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[ 1163.863082][   T29] audit: type=1400 audit(1776247274.546:74159): avc:  denied  { ioctl } for  pid=18716 comm="syz.5.3352" path="socket:[70920]" dev="sockfs" ino=70920 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[ 1163.892171][   T29] audit: type=1400 audit(1776247274.576:74160): avc:  denied  { create } for  pid=18733 comm="syz.3.3356" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[ 1163.916370][   T29] audit: type=1400 audit(1776247274.576:74161): avc:  denied  { connect } for  pid=18733 comm="syz.3.3356" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[ 1163.939858][   T29] audit: type=1400 audit(1776247274.576:74162): avc:  denied  { ioctl } for  pid=18733 comm="syz.3.3356" path="socket:[71721]" dev="sockfs" ino=71721 ioctlcmd=0xb100 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[ 1165.356148][   T29] audit: type=1400 audit(1776247276.036:74163): avc:  denied  { connect } for  pid=18749 comm="syz.3.3359" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[ 1165.655620][   T29] audit: type=1400 audit(1776247276.396:74164): avc:  denied  { unmount } for  pid=5803 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[ 1166.105644][T18759] Failed to initialize the IGMP autojoin socket (err -2)
[ 1166.204833][T11437] usb 6-1: new high-speed USB device number 46 using dummy_hcd
[ 1166.334767][T11437] usb 6-1: device descriptor read/64, error -71
[ 1166.390434][T14558] netdevsim netdevsim3 netdevsim3 (unregistering): left allmulticast mode
[ 1166.585162][T11437] usb 6-1: new high-speed USB device number 47 using dummy_hcd
[ 1166.757839][T11437] usb 6-1: device descriptor read/64, error -71
[ 1166.799275][   T29] audit: type=1400 audit(1776247277.516:74165): avc:  denied  { setopt } for  pid=18787 comm="syz.2.3368" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 1166.987694][T11437] usb usb6-port1: attempt power cycle
[ 1167.445422][T18793] hfsplus: unable to find HFS+ superblock
[ 1167.508568][T11437] usb 6-1: new high-speed USB device number 48 using dummy_hcd
[ 1167.569268][   T29] audit: type=1400 audit(1776247278.176:74166): avc:  denied  { mounton } for  pid=18787 comm="syz.2.3368" path="/syzcgroup/unified/syz2" dev="cgroup2" ino=68 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1
[ 1167.602055][T11437] usb 6-1: device descriptor read/8, error -71
[ 1167.643540][ T5820] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1167.687839][ T5820] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1167.707965][ T5820] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1167.718622][ T5820] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1167.748356][ T5820] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1167.869494][T18792] Failed to initialize the IGMP autojoin socket (err -2)
[ 1167.900609][T11437] usb 6-1: new high-speed USB device number 49 using dummy_hcd
[ 1167.903439][T18800] FAULT_INJECTION: forcing a failure.
[ 1167.903439][T18800] name failslab, interval 1, probability 0, space 0, times 0
[ 1167.921605][T18800] CPU: 1 UID: 0 PID: 18800 Comm: syz.2.3370 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1167.921635][T18800] Tainted: [L]=SOFTLOCKUP
[ 1167.921641][T18800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1167.921651][T18800] Call Trace:
[ 1167.921658][T18800]  <TASK>
[ 1167.921665][T18800]  dump_stack_lvl+0x100/0x190
[ 1167.921689][T18800]  should_fail_ex.cold+0x5/0xa
[ 1167.921713][T18800]  should_failslab+0xc2/0x120
[ 1167.921733][T18800]  kmem_cache_alloc_noprof+0x7b/0x6e0
[ 1167.921749][T18800]  ? alloc_pid+0x1bd/0x1890
[ 1167.921767][T18800]  ? copy_process+0x278f/0x7e30
[ 1167.921792][T18800]  ? kvm_mmu_post_init_vm+0x1b3/0x370
[ 1167.921819][T18800]  alloc_pid+0x1bd/0x1890
[ 1167.921851][T18800]  ? __pfx_alloc_pid+0x10/0x10
[ 1167.921880][T18800]  ? __lock_acquire+0x4a5/0x2630
[ 1167.921901][T18800]  ? avc_has_perm_noaudit+0x145/0x3b0
[ 1167.921939][T18800]  ? fpu_clone+0x226/0x7a0
[ 1167.921965][T18800]  ? copy_thread+0x729/0xbe0
[ 1167.921987][T18800]  copy_process+0x4cdd/0x7e30
[ 1167.922028][T18800]  ? __pfx_copy_process+0x10/0x10
[ 1167.922057][T18800]  ? lockdep_init_map_type+0x5c/0x250
[ 1167.922078][T18800]  ? lockdep_init_map_type+0x5c/0x250
[ 1167.922097][T18800]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[ 1167.922127][T18800]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[ 1167.922153][T18800]  vhost_task_create+0x1db/0x370
[ 1167.922175][T18800]  ? __pfx_vhost_task_create+0x10/0x10
[ 1167.922195][T18800]  ? register_lock_class+0x40/0x560
[ 1167.922221][T18800]  ? __pfx_vhost_task_fn+0x10/0x10
[ 1167.922246][T18800]  ? __pfx___mutex_lock+0x10/0x10
[ 1167.922264][T18800]  ? kasan_quarantine_put+0x104/0x240
[ 1167.922280][T18800]  ? lockdep_hardirqs_on+0x78/0x100
[ 1167.922313][T18800]  kvm_mmu_post_init_vm+0x1b3/0x370
[ 1167.922334][T18800]  kvm_arch_vcpu_ioctl_run+0x66/0x1830
[ 1167.922356][T18800]  ? kvm_vcpu_ioctl+0x1546/0x1720
[ 1167.922389][T18800]  kvm_vcpu_ioctl+0x730/0x1720
[ 1167.922418][T18800]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1167.922443][T18800]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1167.922472][T18800]  ? do_vfs_ioctl+0x226/0x13e0
[ 1167.922492][T18800]  ? __pfx_do_vfs_ioctl+0x10/0x10
[ 1167.922510][T18800]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[ 1167.922542][T18800]  ? __fget_files+0x215/0x3d0
[ 1167.922562][T18800]  ? hook_file_ioctl_common+0x149/0x410
[ 1167.922593][T18800]  ? selinux_file_ioctl+0x13b/0x290
[ 1167.922614][T18800]  ? selinux_file_ioctl+0xb6/0x290
[ 1167.922641][T18800]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1167.922669][T18800]  __x64_sys_ioctl+0x18e/0x210
[ 1167.922690][T18800]  do_syscall_64+0x10b/0xf80
[ 1167.922706][T18800]  ? clear_bhb_loop+0x40/0x90
[ 1167.922728][T18800]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1167.922746][T18800] RIP: 0033:0x7fa2ca79c819
[ 1167.922763][T18800] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1167.922779][T18800] RSP: 002b:00007fa2cb59d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1167.922795][T18800] RAX: ffffffffffffffda RBX: 00007fa2caa15fa0 RCX: 00007fa2ca79c819
[ 1167.922806][T18800] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[ 1167.922817][T18800] RBP: 00007fa2cb59d090 R08: 0000000000000000 R09: 0000000000000000
[ 1167.922826][T18800] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1167.922842][T18800] R13: 00007fa2caa16038 R14: 00007fa2caa15fa0 R15: 00007ffe7be6d028
[ 1167.922865][T18800]  </TASK>
[ 1168.257077][T11437] usb 6-1: device descriptor read/8, error -71
[ 1168.365572][T11437] usb usb6-port1: unable to enumerate USB device
[ 1168.398118][T18807] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3371'.
[ 1168.441718][   T29] audit: type=1400 audit(1776247279.136:74167): avc:  denied  { create } for  pid=18802 comm="syz.4.3371" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[ 1169.694795][   T29] audit: type=1400 audit(1776247279.136:74168): avc:  denied  { setopt } for  pid=18802 comm="syz.4.3371" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[ 1169.858800][ T5820] Bluetooth: hci0: command tx timeout
[ 1169.875234][T18814] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1170.038006][T18814] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1171.517567][T14558] bridge_slave_1: left allmulticast mode
[ 1171.523458][T14558] bridge_slave_1: left promiscuous mode
[ 1171.531136][T14558] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1171.539714][T14558] bridge_slave_0: left allmulticast mode
[ 1171.545949][T14558] bridge_slave_0: left promiscuous mode
[ 1171.555113][T14558] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1171.608832][   T12] smc: removing ib device syz2
[ 1171.775964][ T1295] ieee802154 phy0 wpan0: encryption failed: -22
[ 1171.926096][ T5820] Bluetooth: hci0: command tx timeout
[ 1171.947698][T14558] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1171.968405][T14558] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1171.980398][T14558] bond0 (unregistering): Released all slaves
[ 1172.631628][ T5817] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1172.646602][T14428] usb 3-1: new high-speed USB device number 102 using dummy_hcd
[ 1172.657089][ T5817] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1172.788337][ T5817] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1172.828043][ T5817] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1172.836506][ T5817] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1173.024772][   T29] audit: type=1400 audit(1776247283.686:74169): avc:  denied  { mounton } for  pid=18832 comm="syz.4.3378" path="/proc/687/task/688/net/stat" dev="proc" ino=4026532987 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=dir permissive=1
[ 1173.094611][T14428] usb 3-1: Using ep0 maxpacket: 16
[ 1173.179722][T14428] usb 3-1: config 0 interface 0 altsetting 7 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1173.290702][   T29] audit: type=1400 audit(1776247283.686:74170): avc:  denied  { mount } for  pid=18832 comm="syz.4.3378" name="/" dev="hugetlbfs" ino=72308 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1
[ 1173.315726][T18834] Failed to initialize the IGMP autojoin socket (err -2)
[ 1173.325232][T14428] usb 3-1: config 0 interface 0 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 25
[ 1173.343591][T14428] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1173.355798][T14428] usb 3-1: New USB device found, idVendor=0c45, idProduct=5112, bcdDevice= 0.00
[ 1173.535780][T14428] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1173.582630][   T29] audit: type=1400 audit(1776247284.316:74171): avc:  denied  { relabelfrom } for  pid=18834 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[ 1174.126853][   T29] audit: type=1400 audit(1776247284.316:74172): avc:  denied  { relabelto } for  pid=18834 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[ 1174.129603][ T5817] Bluetooth: hci0: command tx timeout
[ 1174.174089][T14428] usb 3-1: config 0 descriptor??
[ 1174.247931][   T29] audit: type=1400 audit(1776247284.896:74173): avc:  denied  { firmware_load } for  pid=18835 comm="syz.5.3379" path="/lib/firmware/regulatory.db" dev="sda1" ino=448 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:lib_t tclass=system permissive=1
[ 1174.465646][   T29] audit: type=1400 audit(1776247285.206:74174): avc:  denied  { create } for  pid=18825 comm="syz.2.3375" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[ 1174.540810][   T29] audit: type=1400 audit(1776247285.276:74175): avc:  denied  { read } for  pid=18825 comm="syz.2.3375" name="sg0" dev="devtmpfs" ino=803 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[ 1174.698076][   T29] audit: type=1400 audit(1776247285.276:74176): avc:  denied  { open } for  pid=18825 comm="syz.2.3375" path="/dev/sg0" dev="devtmpfs" ino=803 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[ 1175.803285][T14428] usbhid 3-1:0.0: can't add hid device: -71
[ 1175.825325][T14428] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[ 1175.867184][T14428] usb 3-1: USB disconnect, device number 102
[ 1176.176046][ T5817] Bluetooth: hci0: command tx timeout
[ 1176.408625][T14558] hsr_slave_0: left promiscuous mode
[ 1176.429651][T14558] hsr_slave_1: left promiscuous mode
[ 1176.437165][T14558] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1176.453939][T14558] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1176.583835][T14558] team0 (unregistering): Port device team_slave_1 removed
[ 1176.597053][T14558] team0 (unregistering): Port device team_slave_0 removed
[ 1176.700170][   T29] audit: type=1400 audit(1776247287.436:74177): avc:  denied  { read write } for  pid=18859 comm="syz.5.3381" name="rdma_cm" dev="devtmpfs" ino=1271 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1
[ 1176.764775][   T29] audit: type=1400 audit(1776247287.436:74178): avc:  denied  { open } for  pid=18859 comm="syz.5.3381" path="/dev/infiniband/rdma_cm" dev="devtmpfs" ino=1271 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1
[ 1176.875439][   T29] audit: type=1400 audit(1776247287.606:74179): avc:  denied  { write } for  pid=18862 comm="syz.4.3383" name="route" dev="proc" ino=4026533007 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1
[ 1177.188524][   T29] audit: type=1400 audit(1776247287.926:74180): avc:  denied  { write } for  pid=18862 comm="syz.4.3383" path="socket:[72449]" dev="sockfs" ino=72449 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[ 1177.502930][   T29] audit: type=1400 audit(1776247288.236:74181): avc:  denied  { map } for  pid=18862 comm="syz.4.3383" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=71382 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[ 1177.789939][   T29] audit: type=1400 audit(1776247288.236:74182): avc:  denied  { read write } for  pid=18862 comm="syz.4.3383" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=71382 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[ 1177.832982][   T29] audit: type=1400 audit(1776247288.516:74183): avc:  denied  { map } for  pid=18862 comm="syz.4.3383" path="/proc/695/net/route" dev="proc" ino=4026533007 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1
[ 1178.228369][T18792] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[ 1178.308862][T18792] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[ 1178.334010][T18792] wireguard: wg0: Could not create IPv4 socket
[ 1178.383780][ T5820] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1178.420607][ T5820] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1178.421125][T18792] wireguard: wg1: Could not create IPv4 socket
[ 1178.445748][ T5820] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1178.527901][T18792] wireguard: wg2: Could not create IPv4 socket
[ 1178.613993][ T5820] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1178.621529][ T5820] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1179.140311][T18868] Failed to initialize the IGMP autojoin socket (err -2)
[ 1179.565585][  T792] usb 5-1: new low-speed USB device number 34 using dummy_hcd
[ 1179.633678][T14558] IPVS: stop unused estimator thread 0...
[ 1179.637032][   T29] audit: type=1400 audit(1776247290.366:74184): avc:  denied  { read } for  pid=18884 comm="syz.2.3386" name="snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[ 1179.704585][   T29] audit: type=1400 audit(1776247290.366:74185): avc:  denied  { open } for  pid=18884 comm="syz.2.3386" path="/dev/snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[ 1179.726368][  T792] usb 5-1: unable to get BOS descriptor or descriptor too short
[ 1179.786650][  T792] usb 5-1: config 3 has an invalid interface number: 51 but max is 0
[ 1179.840526][  T792] usb 5-1: config 3 has no interface number 0
[ 1179.863921][  T792] usb 5-1: config 3 interface 51 has no altsetting 0
[ 1179.900659][  T792] usb 5-1: string descriptor 0 read error: -22
[ 1179.915781][  T792] usb 5-1: New USB device found, idVendor=0b95, idProduct=178a, bcdDevice=86.24
[ 1179.934624][  T792] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1179.965619][  T792] ax88179_178a 5-1:3.51: probe with driver ax88179_178a failed with error -22
[ 1180.175213][  T792] usb 5-1: USB disconnect, device number 34
[ 1180.335501][T18885] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1180.341803][T18885] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1180.348907][T18885] Bluetooth: hci1: Opcode 0x0406 failed: -4
[ 1180.367552][T18885] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1180.373676][T18885] Bluetooth: hci5: Opcode 0x0406 failed: -4
[ 1180.390007][T18885] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1180.396149][T18885] Bluetooth: hci3: Opcode 0x0406 failed: -4
[ 1180.420308][T18885] Bluetooth: hci3: Opcode 0x0406 failed: -4
[ 1180.464688][ T5820] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1180.491529][ T5820] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1180.510625][ T5820] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1180.518475][ T5820] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1180.526397][ T5820] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1180.776996][T18896] binder: BINDER_SET_CONTEXT_MGR already set
[ 1180.791639][T18889] Failed to initialize the IGMP autojoin socket (err -2)
[ 1180.805844][T18896] binder: 18895:18896 ioctl 4018620d 2000000002c0 returned -16
[ 1181.134553][T17937] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[ 1181.295335][T17937] usb 5-1: Using ep0 maxpacket: 16
[ 1181.308752][T17937] usb 5-1: config 0 interface 0 altsetting 7 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1181.332245][T17937] usb 5-1: config 0 interface 0 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 25
[ 1181.345857][ T5851] usb 6-1: new high-speed USB device number 50 using dummy_hcd
[ 1181.348112][T17937] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1181.361509][T17937] usb 5-1: New USB device found, idVendor=0c45, idProduct=5112, bcdDevice= 0.00
[ 1181.372129][T17937] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1181.380713][ T5820] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1181.403035][ T5820] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1181.412011][ T5820] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1181.422606][ T5820] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1181.432089][ T5820] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1181.436174][T17937] usb 5-1: config 0 descriptor??
[ 1181.488641][T18868] netdevsim netdevsim0 netdevsim0: renamed from eth13
[ 1181.507537][T18905] Failed to initialize the IGMP autojoin socket (err -2)
[ 1181.510974][T18868] netdevsim netdevsim0 netdevsim1: renamed from eth14
[ 1181.525500][ T5851] usb 6-1: Using ep0 maxpacket: 16
[ 1181.537670][ T5851] usb 6-1: config 0 interface 0 altsetting 7 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1181.538395][T18868] netdevsim netdevsim0 netdevsim2: renamed from eth15
[ 1181.555728][ T5851] usb 6-1: config 0 interface 0 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 25
[ 1181.569955][ T5851] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1181.577218][ T5851] usb 6-1: New USB device found, idVendor=0c45, idProduct=5112, bcdDevice= 0.00
[ 1181.583260][T18868] netdevsim netdevsim0 netdevsim3: renamed from eth16
[ 1181.586421][ T5851] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1181.609295][ T5851] usb 6-1: config 0 descriptor??
[ 1181.764796][ T5820] Bluetooth: hci2: command 0x0406 tx timeout
[ 1182.444908][ T5817] Bluetooth: hci5: command 0x0405 tx timeout
[ 1182.444931][ T5820] Bluetooth: hci3: command 0x041b tx timeout
[ 1182.445932][ T5820] Bluetooth: hci1: command 0x0406 tx timeout
[ 1184.484555][ T5820] Bluetooth: hci5: command 0x0405 tx timeout
[ 1184.484814][T14259] Bluetooth: hci3: command 0x041b tx timeout
[ 1184.534993][T17937] usbhid 5-1:0.0: can't add hid device: -71
[ 1184.644941][T14259] Bluetooth: hci1: command 0x0406 tx timeout
[ 1185.023215][T17937] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[ 1185.034076][T17937] usb 5-1: USB disconnect, device number 35
[ 1185.318323][ T5851] usbhid 6-1:0.0: can't add hid device: -71
[ 1185.334890][ T5851] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[ 1185.359111][ T5851] usb 6-1: USB disconnect, device number 50
[ 1185.838551][T18868] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[ 1185.905723][T18868] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[ 1185.956158][T18868] wireguard: wg0: Could not create IPv4 socket
[ 1186.008809][T18868] wireguard: wg1: Could not create IPv4 socket
[ 1186.057948][T18868] wireguard: wg2: Could not create IPv4 socket
[ 1186.077440][T18926] FAULT_INJECTION: forcing a failure.
[ 1186.077440][T18926] name failslab, interval 1, probability 0, space 0, times 0
[ 1186.109620][T18926] CPU: 1 UID: 0 PID: 18926 Comm: syz.5.3395 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1186.109653][T18926] Tainted: [L]=SOFTLOCKUP
[ 1186.109659][T18926] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1186.109670][T18926] Call Trace:
[ 1186.109677][T18926]  <TASK>
[ 1186.109684][T18926]  dump_stack_lvl+0x100/0x190
[ 1186.109709][T18926]  should_fail_ex.cold+0x5/0xa
[ 1186.109736][T18926]  should_failslab+0xc2/0x120
[ 1186.109759][T18926]  kmem_cache_alloc_noprof+0x7b/0x6e0
[ 1186.109777][T18926]  ? alloc_pid+0x1bd/0x1890
[ 1186.109804][T18926]  ? copy_process+0x278f/0x7e30
[ 1186.109829][T18926]  ? kvm_mmu_post_init_vm+0x1b3/0x370
[ 1186.109856][T18926]  alloc_pid+0x1bd/0x1890
[ 1186.109880][T18926]  ? __pfx_alloc_pid+0x10/0x10
[ 1186.109908][T18926]  ? __lock_acquire+0x4a5/0x2630
[ 1186.109929][T18926]  ? avc_has_perm_noaudit+0x145/0x3b0
[ 1186.109967][T18926]  ? fpu_clone+0x226/0x7a0
[ 1186.109994][T18926]  ? copy_thread+0x729/0xbe0
[ 1186.110018][T18926]  copy_process+0x4cdd/0x7e30
[ 1186.110056][T18926]  ? __pfx_copy_process+0x10/0x10
[ 1186.110086][T18926]  ? lockdep_init_map_type+0x5c/0x250
[ 1186.110106][T18926]  ? lockdep_init_map_type+0x5c/0x250
[ 1186.110127][T18926]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[ 1186.110157][T18926]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[ 1186.110184][T18926]  vhost_task_create+0x1db/0x370
[ 1186.110207][T18926]  ? __pfx_vhost_task_create+0x10/0x10
[ 1186.110227][T18926]  ? register_lock_class+0x40/0x560
[ 1186.110253][T18926]  ? __pfx_vhost_task_fn+0x10/0x10
[ 1186.110277][T18926]  ? __pfx___mutex_lock+0x10/0x10
[ 1186.110294][T18926]  ? kasan_quarantine_put+0x104/0x240
[ 1186.110312][T18926]  ? lockdep_hardirqs_on+0x78/0x100
[ 1186.110346][T18926]  kvm_mmu_post_init_vm+0x1b3/0x370
[ 1186.110370][T18926]  kvm_arch_vcpu_ioctl_run+0x66/0x1830
[ 1186.110392][T18926]  ? kvm_vcpu_ioctl+0x1546/0x1720
[ 1186.110425][T18926]  kvm_vcpu_ioctl+0x730/0x1720
[ 1186.110456][T18926]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1186.110484][T18926]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1186.110513][T18926]  ? do_vfs_ioctl+0x226/0x13e0
[ 1186.110533][T18926]  ? __pfx_do_vfs_ioctl+0x10/0x10
[ 1186.110552][T18926]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[ 1186.110583][T18926]  ? __fget_files+0x215/0x3d0
[ 1186.110602][T18926]  ? hook_file_ioctl_common+0x149/0x410
[ 1186.110632][T18926]  ? selinux_file_ioctl+0x13b/0x290
[ 1186.110651][T18926]  ? selinux_file_ioctl+0xb6/0x290
[ 1186.110671][T18926]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1186.110698][T18926]  __x64_sys_ioctl+0x18e/0x210
[ 1186.110718][T18926]  do_syscall_64+0x10b/0xf80
[ 1186.110733][T18926]  ? clear_bhb_loop+0x40/0x90
[ 1186.110754][T18926]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1186.110770][T18926] RIP: 0033:0x7fd5ad19c819
[ 1186.110784][T18926] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1186.110806][T18926] RSP: 002b:00007fd5ae0de028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1186.110824][T18926] RAX: ffffffffffffffda RBX: 00007fd5ad415fa0 RCX: 00007fd5ad19c819
[ 1186.110835][T18926] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[ 1186.110845][T18926] RBP: 00007fd5ae0de090 R08: 0000000000000000 R09: 0000000000000000
[ 1186.110854][T18926] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1186.110864][T18926] R13: 00007fd5ad416038 R14: 00007fd5ad415fa0 R15: 00007ffdddc662b8
[ 1186.110887][T18926]  </TASK>
[ 1186.587185][ T5820] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1186.603437][ T5820] Bluetooth: hci3: command 0x041b tx timeout
[ 1186.616950][ T5820] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1186.635886][ T5820] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1186.649434][ T5820] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1186.657614][ T5820] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1186.877187][T18929] Failed to initialize the IGMP autojoin socket (err -2)
[ 1187.064580][T12617] usb 3-1: new low-speed USB device number 103 using dummy_hcd
[ 1187.239764][T12617] usb 3-1: config index 0 descriptor too short (expected 6427, got 27)
[ 1187.248416][T12617] usb 3-1: config 0 has an invalid interface number: 21 but max is 0
[ 1187.289155][T12617] usb 3-1: config 0 has no interface number 0
[ 1187.301853][T12617] usb 3-1: config 0 interface 21 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1187.329686][T12617] usb 3-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4
[ 1187.353276][T12617] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1187.380487][T12617] usb 3-1: config 0 descriptor??
[ 1187.519343][T18953] FAULT_INJECTION: forcing a failure.
[ 1187.519343][T18953] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1187.536596][T18953] CPU: 1 UID: 0 PID: 18953 Comm: syz.5.3399 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1187.536628][T18953] Tainted: [L]=SOFTLOCKUP
[ 1187.536634][T18953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1187.536643][T18953] Call Trace:
[ 1187.536650][T18953]  <TASK>
[ 1187.536657][T18953]  dump_stack_lvl+0x100/0x190
[ 1187.536684][T18953]  should_fail_ex.cold+0x5/0xa
[ 1187.536706][T18953]  ? prepare_alloc_pages+0x16d/0x5f0
[ 1187.536732][T18953]  should_fail_alloc_page+0xeb/0x140
[ 1187.536757][T18953]  prepare_alloc_pages+0x1f0/0x5f0
[ 1187.536792][T18953]  __alloc_frozen_pages_noprof+0x19a/0x2bd0
[ 1187.536822][T18953]  ? find_held_lock+0x2b/0x80
[ 1187.536846][T18953]  ? is_bpf_text_address+0x8a/0x1a0
[ 1187.536864][T18953]  ? is_bpf_text_address+0x8a/0x1a0
[ 1187.536882][T18953]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 1187.536902][T18953]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 1187.536930][T18953]  ? is_bpf_text_address+0x94/0x1a0
[ 1187.536947][T18953]  ? kernel_text_address+0x8d/0x100
[ 1187.536969][T18953]  ? __kernel_text_address+0xd/0x30
[ 1187.536988][T18953]  ? unwind_get_return_address+0x59/0xa0
[ 1187.537021][T18953]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1187.537048][T18953]  ? policy_nodemask+0xed/0x4f0
[ 1187.537070][T18953]  alloc_pages_mpol+0x1fb/0x550
[ 1187.537091][T18953]  ? __pfx_alloc_pages_mpol+0x10/0x10
[ 1187.537111][T18953]  ? kasan_save_stack+0x30/0x50
[ 1187.537127][T18953]  ? kasan_save_track+0x14/0x30
[ 1187.537143][T18953]  ? __kasan_kmalloc+0xaa/0xb0
[ 1187.537159][T18953]  ? __get_vm_area_node+0x101/0x330
[ 1187.537182][T18953]  ? __vmalloc_node_range_noprof+0x213/0x1530
[ 1187.537209][T18953]  alloc_pages_noprof+0x136/0x390
[ 1187.537231][T18953]  get_free_pages_noprof+0x10/0xb0
[ 1187.537251][T18953]  __kasan_populate_vmalloc+0xa0/0x210
[ 1187.537275][T18953]  alloc_vmap_area+0x95d/0x2b70
[ 1187.537306][T18953]  ? __pfx_alloc_vmap_area+0x10/0x10
[ 1187.537333][T18953]  __get_vm_area_node+0x1ca/0x330
[ 1187.537360][T18953]  __vmalloc_node_range_noprof+0x213/0x1530
[ 1187.537385][T18953]  ? vhost_task_create+0x1db/0x370
[ 1187.537404][T18953]  ? find_held_lock+0x2b/0x80
[ 1187.537425][T18953]  ? local_lock_release+0x99/0x130
[ 1187.537446][T18953]  ? local_lock_release+0x99/0x130
[ 1187.537471][T18953]  ? vhost_task_create+0x1db/0x370
[ 1187.537499][T18953]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1187.537525][T18953]  ? __memcg_slab_post_alloc_hook+0x51b/0x990
[ 1187.537551][T18953]  ? rcu_is_watching+0x12/0xc0
[ 1187.537574][T18953]  ? trace_kmem_cache_alloc+0xd5/0x100
[ 1187.537598][T18953]  ? vhost_task_create+0x1db/0x370
[ 1187.537618][T18953]  __vmalloc_node_noprof+0xad/0xf0
[ 1187.537641][T18953]  ? vhost_task_create+0x1db/0x370
[ 1187.537664][T18953]  copy_process+0x7fb/0x7e30
[ 1187.537703][T18953]  ? __pfx_copy_process+0x10/0x10
[ 1187.537731][T18953]  ? lockdep_init_map_type+0x5c/0x250
[ 1187.537752][T18953]  ? lockdep_init_map_type+0x5c/0x250
[ 1187.537772][T18953]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[ 1187.537809][T18953]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[ 1187.537835][T18953]  vhost_task_create+0x1db/0x370
[ 1187.537857][T18953]  ? __pfx_vhost_task_create+0x10/0x10
[ 1187.537876][T18953]  ? register_lock_class+0x40/0x560
[ 1187.537901][T18953]  ? __pfx_vhost_task_fn+0x10/0x10
[ 1187.537922][T18953]  ? __pfx___mutex_lock+0x10/0x10
[ 1187.537938][T18953]  ? kasan_quarantine_put+0x104/0x240
[ 1187.537955][T18953]  ? lockdep_hardirqs_on+0x78/0x100
[ 1187.537988][T18953]  kvm_mmu_post_init_vm+0x1b3/0x370
[ 1187.538012][T18953]  kvm_arch_vcpu_ioctl_run+0x66/0x1830
[ 1187.538034][T18953]  ? kvm_vcpu_ioctl+0x1546/0x1720
[ 1187.538066][T18953]  kvm_vcpu_ioctl+0x730/0x1720
[ 1187.538092][T18953]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1187.538118][T18953]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1187.538146][T18953]  ? do_vfs_ioctl+0x226/0x13e0
[ 1187.538163][T18953]  ? __pfx_do_vfs_ioctl+0x10/0x10
[ 1187.538181][T18953]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[ 1187.538211][T18953]  ? __fget_files+0x215/0x3d0
[ 1187.538231][T18953]  ? hook_file_ioctl_common+0x149/0x410
[ 1187.538263][T18953]  ? selinux_file_ioctl+0x13b/0x290
[ 1187.538282][T18953]  ? selinux_file_ioctl+0xb6/0x290
[ 1187.538305][T18953]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1187.538331][T18953]  __x64_sys_ioctl+0x18e/0x210
[ 1187.538348][T18953]  do_syscall_64+0x10b/0xf80
[ 1187.538364][T18953]  ? clear_bhb_loop+0x40/0x90
[ 1187.538383][T18953]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1187.538400][T18953] RIP: 0033:0x7fd5ad19c819
[ 1187.538417][T18953] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1187.538432][T18953] RSP: 002b:00007fd5ae0de028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1187.538450][T18953] RAX: ffffffffffffffda RBX: 00007fd5ad415fa0 RCX: 00007fd5ad19c819
[ 1187.538461][T18953] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[ 1187.538471][T18953] RBP: 00007fd5ae0de090 R08: 0000000000000000 R09: 0000000000000000
[ 1187.538481][T18953] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1187.538490][T18953] R13: 00007fd5ad416038 R14: 00007fd5ad415fa0 R15: 00007ffdddc662b8
[ 1187.538515][T18953]  </TASK>
[ 1188.043093][T18953] syz.5.3399: vmalloc error: size 32768, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[ 1188.069519][T18953] CPU: 0 UID: 0 PID: 18953 Comm: syz.5.3399 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1188.069551][T18953] Tainted: [L]=SOFTLOCKUP
[ 1188.069557][T18953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1188.069568][T18953] Call Trace:
[ 1188.069574][T18953]  <TASK>
[ 1188.069581][T18953]  dump_stack_lvl+0x100/0x190
[ 1188.069607][T18953]  warn_alloc.cold+0x95/0x1c1
[ 1188.069628][T18953]  ? __pfx_warn_alloc+0x10/0x10
[ 1188.069645][T18953]  ? lockdep_hardirqs_on+0x78/0x100
[ 1188.069676][T18953]  ? __get_vm_area_node+0x2c5/0x330
[ 1188.069705][T18953]  ? __get_vm_area_node+0x208/0x330
[ 1188.069733][T18953]  __vmalloc_node_range_noprof+0xbf4/0x1530
[ 1188.069758][T18953]  ? find_held_lock+0x2b/0x80
[ 1188.069782][T18953]  ? local_lock_release+0x99/0x130
[ 1188.069805][T18953]  ? local_lock_release+0x99/0x130
[ 1188.069832][T18953]  ? vhost_task_create+0x1db/0x370
[ 1188.069864][T18953]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1188.069893][T18953]  ? __memcg_slab_post_alloc_hook+0x51b/0x990
[ 1188.069924][T18953]  ? rcu_is_watching+0x12/0xc0
[ 1188.069949][T18953]  ? trace_kmem_cache_alloc+0xd5/0x100
[ 1188.069982][T18953]  ? vhost_task_create+0x1db/0x370
[ 1188.070004][T18953]  __vmalloc_node_noprof+0xad/0xf0
[ 1188.070035][T18953]  ? vhost_task_create+0x1db/0x370
[ 1188.070061][T18953]  copy_process+0x7fb/0x7e30
[ 1188.070104][T18953]  ? __pfx_copy_process+0x10/0x10
[ 1188.070135][T18953]  ? lockdep_init_map_type+0x5c/0x250
[ 1188.070158][T18953]  ? lockdep_init_map_type+0x5c/0x250
[ 1188.070180][T18953]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[ 1188.070213][T18953]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[ 1188.070242][T18953]  vhost_task_create+0x1db/0x370
[ 1188.070265][T18953]  ? __pfx_vhost_task_create+0x10/0x10
[ 1188.070287][T18953]  ? register_lock_class+0x40/0x560
[ 1188.070314][T18953]  ? __pfx_vhost_task_fn+0x10/0x10
[ 1188.070341][T18953]  ? __pfx___mutex_lock+0x10/0x10
[ 1188.070362][T18953]  ? kasan_quarantine_put+0x104/0x240
[ 1188.070381][T18953]  ? lockdep_hardirqs_on+0x78/0x100
[ 1188.070417][T18953]  kvm_mmu_post_init_vm+0x1b3/0x370
[ 1188.070444][T18953]  kvm_arch_vcpu_ioctl_run+0x66/0x1830
[ 1188.070469][T18953]  ? kvm_vcpu_ioctl+0x1546/0x1720
[ 1188.070506][T18953]  kvm_vcpu_ioctl+0x730/0x1720
[ 1188.070538][T18953]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1188.070569][T18953]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1188.070601][T18953]  ? do_vfs_ioctl+0x226/0x13e0
[ 1188.070622][T18953]  ? __pfx_do_vfs_ioctl+0x10/0x10
[ 1188.070643][T18953]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[ 1188.070679][T18953]  ? __fget_files+0x215/0x3d0
[ 1188.070701][T18953]  ? hook_file_ioctl_common+0x149/0x410
[ 1188.070738][T18953]  ? selinux_file_ioctl+0x13b/0x290
[ 1188.070761][T18953]  ? selinux_file_ioctl+0xb6/0x290
[ 1188.070787][T18953]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1188.070818][T18953]  __x64_sys_ioctl+0x18e/0x210
[ 1188.070841][T18953]  do_syscall_64+0x10b/0xf80
[ 1188.070859][T18953]  ? clear_bhb_loop+0x40/0x90
[ 1188.070883][T18953]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1188.070903][T18953] RIP: 0033:0x7fd5ad19c819
[ 1188.070921][T18953] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1188.070940][T18953] RSP: 002b:00007fd5ae0de028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1188.070959][T18953] RAX: ffffffffffffffda RBX: 00007fd5ad415fa0 RCX: 00007fd5ad19c819
[ 1188.070972][T18953] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[ 1188.070989][T18953] RBP: 00007fd5ae0de090 R08: 0000000000000000 R09: 0000000000000000
[ 1188.071001][T18953] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1188.071012][T18953] R13: 00007fd5ad416038 R14: 00007fd5ad415fa0 R15: 00007ffdddc662b8
[ 1188.071039][T18953]  </TASK>
[ 1188.071107][T18953] Mem-Info:
[ 1188.453979][T18953] active_anon:14235 inactive_anon:0 isolated_anon:0
[ 1188.453979][T18953]  active_file:27634 inactive_file:41141 isolated_file:0
[ 1188.453979][T18953]  unevictable:768 dirty:264 writeback:0
[ 1188.453979][T18953]  slab_reclaimable:9135 slab_unreclaimable:103997
[ 1188.453979][T18953]  mapped:33276 shmem:1538 pagetables:3756
[ 1188.453979][T18953]  sec_pagetables:0 bounce:0
[ 1188.453979][T18953]  kernel_misc_reclaimable:0
[ 1188.453979][T18953]  free:1281732 free_pcp:10608 free_cma:0
[ 1188.507601][T18953] Node 0 active_anon:56900kB inactive_anon:0kB active_file:110500kB inactive_file:164352kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:133068kB dirty:1064kB writeback:0kB shmem:4616kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:11808kB pagetables:14832kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1188.540867][T18953] Node 1 active_anon:0kB inactive_anon:0kB active_file:36kB inactive_file:212kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:36kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:32kB pagetables:152kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1188.571365][T18953] Node 0 DMA free:15296kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:64kB local_pcp:32kB free_cma:0kB
[ 1188.601890][T18953] lowmem_reserve[]: 0 2477 2478 2478 2478
[ 1188.607791][T18953] Node 0 DMA32 free:1174296kB boost:0kB min:34052kB low:42564kB high:51076kB reserved_highatomic:0KB free_highatomic:0KB active_anon:57000kB inactive_anon:0kB active_file:110500kB inactive_file:164352kB unevictable:1536kB writepending:1064kB zspages:0kB present:3129332kB managed:2536960kB mlocked:0kB bounce:0kB free_pcp:39264kB local_pcp:14416kB free_cma:0kB
[ 1188.644221][T18953] lowmem_reserve[]: 0 0 1 1 1
[ 1188.659915][T18953] Node 0 Normal free:12kB boost:0kB min:12kB low:12kB high:12kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1032kB mlocked:0kB bounce:0kB free_pcp:20kB local_pcp:8kB free_cma:0kB
[ 1188.692098][T18953] lowmem_reserve[]: 0 0 0 0 0
[ 1188.698123][T18953] Node 1 Normal free:3940432kB boost:0kB min:55832kB low:69788kB high:83744kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:36kB inactive_file:212kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1188.751696][T18953] lowmem_reserve[]: 0 0 0 0 0
[ 1188.774240][T18953] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 0*1024kB 1*2048kB (M) 3*4096kB (M) = 15296kB
[ 1188.793289][   T29] audit: type=1400 audit(1776247299.526:74186): avc:  denied  { accept } for  pid=18955 comm="syz.4.3400" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1
[ 1188.804723][T14259] Bluetooth: hci0: command tx timeout
[ 1188.850717][T18953] Node 0 DMA32: 7562*4kB (UME) 5668*8kB (UME) 3803*16kB (UME) 2327*32kB (UME) 1479*64kB (UME) 1004*128kB (UME) 652*256kB (UME) 372*512kB (UME) 171*1024kB (UME) 47*2048kB (UM) 27*4096kB (UM) = 1173400kB
[ 1188.882570][T18953] Node 0 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB
[ 1188.915578][T18953] Node 1 Normal: 0*4kB 6*8kB (UM) 10*16kB (UM) 6*32kB (U) 7*64kB (UM) 6*128kB (UM) 4*256kB (UM) 3*512kB (UM) 2*1024kB (UM) 3*2048kB (UM) 959*4096kB (M) = 3940432kB
[ 1188.933959][T18953] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1188.945162][T18953] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB
[ 1188.955660][T18953] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1188.966536][T18953] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1188.977050][T18953] 70309 total pagecache pages
[ 1189.000552][T18953] 0 pages in swap cache
[ 1189.006033][T18953] Free swap  = 124996kB
[ 1189.010761][T18953] Total swap = 124996kB
[ 1189.015540][T18953] 2097051 pages RAM
[ 1189.019636][T18953] 0 pages HighMem/MovableOnly
[ 1189.046752][T18953] 430938 pages reserved
[ 1189.051071][T18953] 0 pages cma reserved
[ 1189.241593][   T29] audit: type=1400 audit(1776247299.976:74187): avc:  denied  { listen } for  pid=18969 comm="syz.5.3401" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 1189.280957][   T29] audit: type=1400 audit(1776247300.006:74188): avc:  denied  { accept } for  pid=18969 comm="syz.5.3401" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 1189.399908][T18974] binder: BINDER_SET_CONTEXT_MGR already set
[ 1189.407022][T18974] binder: 18973:18974 ioctl 4018620d 2000000002c0 returned -16
[ 1189.866036][T12617] usb 3-1: USB disconnect, device number 103
[ 1190.127533][T18929] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[ 1190.147541][T18929] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[ 1190.167277][T18929] wireguard: wg0: Could not create IPv4 socket
[ 1190.178471][T18929] wireguard: wg1: Could not create IPv4 socket
[ 1190.189955][T18929] wireguard: wg2: Could not create IPv4 socket
[ 1190.922550][ T5820] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1190.939423][ T5820] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1190.950887][ T5820] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1190.984163][ T5820] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1191.009146][ T5820] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1191.053053][T14428] usb 5-1: new high-speed USB device number 36 using dummy_hcd
[ 1191.149120][T19026] Failed to initialize the IGMP autojoin socket (err -2)
[ 1191.304625][T14428] usb 5-1: Using ep0 maxpacket: 16
[ 1191.321661][T14428] usb 5-1: config 0 interface 0 altsetting 7 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1191.363940][T14428] usb 5-1: config 0 interface 0 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 25
[ 1191.384114][T14428] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1191.391239][T14428] usb 5-1: New USB device found, idVendor=0c45, idProduct=5112, bcdDevice= 0.00
[ 1191.401866][T14428] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1191.414835][T14428] usb 5-1: config 0 descriptor??
[ 1193.204653][T14259] Bluetooth: hci0: command tx timeout
[ 1193.888978][T14428] usbhid 5-1:0.0: can't add hid device: -71
[ 1193.901283][T14428] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[ 1193.912901][T14428] usb 5-1: USB disconnect, device number 36
[ 1194.015017][T19056] mkiss: ax0: crc mode is auto.
[ 1194.422107][T19074] binder: BINDER_SET_CONTEXT_MGR already set
[ 1194.428464][T19074] binder: 19073:19074 ioctl 4018620d 2000000002c0 returned -16
[ 1194.544797][T12617] usb 3-1: new high-speed USB device number 104 using dummy_hcd
[ 1194.644762][  T792] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[ 1194.704840][T12617] usb 3-1: Using ep0 maxpacket: 8
[ 1194.721547][T12617] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[ 1194.741790][T12617] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1194.759420][T12617] pvrusb2: Hardware description: Terratec Grabster AV400
[ 1194.779257][T12617] pvrusb2: **********
[ 1194.783300][T12617] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[ 1194.793841][T12617] pvrusb2: Important functionality might not be entirely working.
[ 1194.801788][  T792] usb 5-1: Using ep0 maxpacket: 16
[ 1194.807163][T12617] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[ 1194.823700][T12617] pvrusb2: **********
[ 1194.834515][  T792] usb 5-1: New USB device found, idVendor=0d8c, idProduct=0102, bcdDevice= 0.40
[ 1194.843816][  T792] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1194.851979][  T792] usb 5-1: Product: syz
[ 1194.856301][  T792] usb 5-1: Manufacturer: syz
[ 1194.861002][  T792] usb 5-1: SerialNumber: syz
[ 1194.988054][ T2341] pvrusb2: Invalid write control endpoint
[ 1195.117919][ T2341] pvrusb2: Invalid write control endpoint
[ 1195.123883][ T2341] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[ 1195.141952][ T2341] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[ 1195.149811][ T2341] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[ 1195.186500][ T2341] pvrusb2: Device being rendered inoperable
[ 1195.211427][T19068] pvrusb2: Killing an I2C write to 0 that is too large (desired=62 limit=61)
[ 1195.227549][ T2341] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[ 1195.236885][T12177] usb 3-1: USB disconnect, device number 104
[ 1195.243843][ T2341] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[ 1195.285467][T14259] Bluetooth: hci0: command tx timeout
[ 1195.295275][ T2341] pvrusb2: Attached sub-driver cx25840
[ 1195.301126][ T2341] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[ 1195.333748][ T2341] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[ 1195.377367][T19107] macsec1: entered promiscuous mode
[ 1195.400030][T19107] macsec1: entered allmulticast mode
[ 1195.447044][T14259] Bluetooth: hci1: command 0x0406 tx timeout
[ 1195.458904][   T29] audit: type=1400 audit(1776247306.196:74189): avc:  denied  { create } for  pid=19106 comm="syz.5.3414" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[ 1195.512701][   T29] audit: type=1400 audit(1776247306.196:74190): avc:  denied  { write } for  pid=19106 comm="syz.5.3414" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[ 1196.316114][   T29] audit: type=1400 audit(1776247307.056:74191): avc:  denied  { ioctl } for  pid=19124 comm="syz.2.3416" path="/dev/vhost-vsock" dev="devtmpfs" ino=1275 ioctlcmd=0xaf21 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[ 1196.343568][T19026] netdevsim netdevsim0 netdevsim0: renamed from eth13
[ 1196.398941][T19026] netdevsim netdevsim0 netdevsim1: renamed from eth14
[ 1196.447613][   T29] audit: type=1400 audit(1776247307.156:74192): avc:  denied  { bind } for  pid=19124 comm="syz.2.3416" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[ 1196.478232][T19026] netdevsim netdevsim0 netdevsim2: renamed from eth15
[ 1196.555795][T19026] netdevsim netdevsim0 netdevsim3: renamed from eth16
[ 1196.617537][T14259] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1196.637440][T14259] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1196.652249][T14259] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1196.660915][T14259] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1196.671092][T14259] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1196.771501][T19134] Failed to initialize the IGMP autojoin socket (err -2)
[ 1196.964832][  T792] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[ 1197.364649][ T5820] Bluetooth: hci0: command tx timeout
[ 1197.523813][  T792] usb 5-1: MIDIStreaming interface descriptor not found
[ 1197.772393][T19141] hpfs: Bad magic ... probably not HPFS
[ 1197.780913][  T792] usb 5-1: USB disconnect, device number 37
[ 1198.123090][ T8850] udevd[8850]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1198.417716][T19026] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[ 1198.461943][T19026] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[ 1198.481809][T19026] wireguard: wg0: Could not create IPv4 socket
[ 1198.497290][T19026] wireguard: wg1: Could not create IPv4 socket
[ 1198.510177][T19026] wireguard: wg2: Could not create IPv4 socket
[ 1198.947818][   T29] audit: type=1400 audit(1776247309.686:74193): avc:  denied  { mount } for  pid=19168 comm="syz.2.3420" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[ 1199.025796][   T29] audit: type=1400 audit(1776247309.716:74194): avc:  denied  { mounton } for  pid=19168 comm="syz.2.3420" path="/673/file0" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=dir permissive=1
[ 1199.134029][  T792] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[ 1199.147442][   T29] audit: type=1400 audit(1776247309.796:74195): avc:  denied  { append } for  pid=19168 comm="syz.2.3420" name="comedi3" dev="devtmpfs" ino=1279 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 1199.170130][T19173] comedi: valid board names for 8255 driver are:
[ 1199.177571][T19173]  8255
[ 1199.180585][T19173] comedi: valid board names for vmk80xx driver are:
[ 1199.187380][T19173]  vmk80xx
[ 1199.190573][T19173] comedi: valid board names for usbduxsigma driver are:
[ 1199.198768][T19173]  usbduxsigma
[ 1199.202236][T19173] comedi: valid board names for usbduxfast driver are:
[ 1199.211062][T19173]  usbduxfast
[ 1199.216032][T19173] comedi: valid board names for usbdux driver are:
[ 1199.225528][T19173]  usbdux
[ 1199.228780][T19173] comedi: valid board names for ni6501 driver are:
[ 1199.235462][T19173]  ni6501
[ 1199.238461][T19173] comedi: valid board names for dt9812 driver are:
[ 1199.245111][T19173]  dt9812
[ 1199.248154][T19173] comedi: valid board names for ni_labpc_cs driver are:
[ 1199.255246][T19173]  ni_labpc_cs
[ 1199.258673][T19173] comedi: valid board names for ni_daq_700 driver are:
[ 1199.265691][T19173]  ni_daq_700
[ 1199.269098][T19173] comedi: valid board names for labpc_pci driver are:
[ 1199.284749][T19173]  labpc_pci
[ 1199.288060][T19173] comedi: valid board names for adl_pci9118 driver are:
[ 1199.295202][T19173]  pci9118dg
[ 1199.298668][T19173]  pci9118hg
[ 1199.309968][T19173]  pci9118hr
[ 1199.325453][T19173] comedi: valid board names for 8255_pci driver are:
[ 1199.325587][T14259] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1199.342555][T19173]  8255_pci
[ 1199.348360][T19173] comedi: valid board names for s526 driver are:
[ 1199.350867][T14259] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1199.361027][T19173]  s526
[ 1199.366697][T19173] comedi: valid board names for multiq3 driver are:
[ 1199.374786][T14259] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1199.381975][T19173]  multiq3
[ 1199.388092][T19173] comedi: valid board names for pcmuio driver are:
[ 1199.391272][T14259] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1199.394807][  T792] usb 5-1: Using ep0 maxpacket: 16
[ 1199.406931][T19173]  pcmuio48
[ 1199.407767][T14259] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1199.417278][T19173]  pcmuio96
[ 1199.420750][T19173] comedi: valid board names for pcmmio driver are:
[ 1199.431326][T19173]  pcmmio
[ 1199.437637][T19173] comedi: valid board names for pcmda12 driver are:
[ 1199.448546][T19173]  pcmda12
[ 1199.460340][T19173] comedi: valid board names for pcmad driver are:
[ 1199.479815][T19173]  pcmad12
[ 1199.487781][T19173]  pcmad16
[ 1199.492037][T19173] comedi: valid board names for ni_labpc driver are:
[ 1199.500912][T19173]  lab-pc-1200
[ 1199.504726][T19173]  lab-pc-1200ai
[ 1199.508271][   T29] audit: type=1400 audit(1776247310.106:74196): avc:  denied  { ioctl } for  pid=19168 comm="syz.2.3420" path="socket:[74487]" dev="sockfs" ino=74487 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[ 1199.508641][T19173]  lab-pc+
[ 1199.536549][T19173] comedi: valid board names for atmio16 driver are:
[ 1199.543285][T19173]  atmio16
[ 1199.546433][T19173]  atmio16d
[ 1199.549615][T19173] comedi: valid board names for ni_at_ao driver are:
[ 1199.556372][T19173]  at-ao-6
[ 1199.559465][T19173]  at-ao-10
[ 1199.562630][T19173] comedi: valid board names for ni_at_a2150 driver are:
[ 1199.569691][T19173]  ni_at_a2150
[ 1199.573148][T19173] comedi: valid board names for adq12b driver are:
[ 1199.579724][T19173]  adq12b
[ 1199.582715][T19173] comedi: valid board names for mpc624 driver are:
[ 1199.595818][T19173]  mpc624
[ 1199.599107][T19173] comedi: valid board names for c6xdigio driver are:
[ 1199.606293][T19173]  c6xdigio
[ 1199.609749][T19173] comedi: valid board names for aio_iiro_16 driver are:
[ 1199.617025][T19173]  aio_iiro_16
[ 1199.621571][T19173] comedi: valid board names for aio_aio12_8 driver are:
[ 1199.630732][T19173]  aio_aio12_8
[ 1199.635830][T19173]  aio_ai12_8
[ 1199.641929][T19173]  aio_ao12_4
[ 1199.646905][T19173] comedi: valid board names for fl512 driver are:
[ 1199.654493][T19173]  fl512
[ 1199.658525][T19173] comedi: valid board names for dmm32at driver are:
[ 1199.665917][T19173]  dmm32at
[ 1199.670292][T19173] comedi: valid board names for dt282x driver are:
[ 1199.678911][T19173]  dt2821
[ 1199.682968][T19173]  dt2821-f
[ 1199.687711][T19173]  dt2821-g
[ 1199.693128][T19173]  dt2823
[ 1199.697377][T19173]  dt2824-pgh
[ 1199.702842][T19173]  dt2824-pgl
[ 1199.708376][T19173]  dt2825
[ 1199.712914][T19173]  dt2827
[ 1199.845371][  T792] usb 5-1: config 0 interface 0 altsetting 7 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1199.848352][T19177] Failed to initialize the IGMP autojoin socket (err -2)
[ 1199.856433][  T792] usb 5-1: config 0 interface 0 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 25
[ 1199.856464][  T792] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1199.856496][  T792] usb 5-1: New USB device found, idVendor=0c45, idProduct=5112, bcdDevice= 0.00
[ 1199.856517][  T792] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1199.920070][  T792] usb 5-1: config 0 descriptor??
[ 1200.094344][T19173]  dt2828
[ 1200.100626][T19173]  dt2829
[ 1200.103652][T19173]  dt21-ez
[ 1200.106926][T19173]  dt23-ez
[ 1200.109999][T19173]  dt24-ez
[ 1200.113962][T19173]  dt24-ez-pgl
[ 1200.118022][T19173] comedi: valid board names for dt2817 driver are:
[ 1200.127360][T19173]  dt2817
[ 1200.130655][T19173] comedi: valid board names for dt2815 driver are:
[ 1200.138794][T19173]  dt2815
[ 1200.150539][T19173] comedi: valid board names for dt2814 driver are:
[ 1200.168079][T19173]  dt2814
[ 1200.173834][T19173] comedi: valid board names for dt2811 driver are:
[ 1200.198147][T19173]  dt2811-pgh
[ 1200.314973][T19173]  dt2811-pgl
[ 1200.359790][T19173] comedi: valid board names for dt2801 driver are:
[ 1200.426047][T19173]  dt2801
[ 1200.449154][T19173] comedi: valid board names for das6402 driver are:
[ 1200.561647][T19173]  das6402-12
[ 1200.605270][T19173]  das6402-16
[ 1200.652977][T19173] comedi: valid board names for das1800 driver are:
[ 1200.710411][T19173]  das-1701st
[ 1200.746972][T19173]  das-1701st-da
[ 1200.779520][T19173]  das-1702st
[ 1200.809900][T19173]  das-1702st-da
[ 1200.838525][T19173]  das-1702hr
[ 1200.875936][T19173]  das-1702hr-da
[ 1200.944141][T19173]  das-1701ao
[ 1200.984796][T19173]  das-1702ao
[ 1201.028216][T19173]  das-1801st
[ 1201.071442][T19173]  das-1801st-da
[ 1201.104250][T19173]  das-1802st
[ 1201.160112][T19173]  das-1802st-da
[ 1201.198364][T19173]  das-1802hr
[ 1201.281186][T19173]  das-1802hr-da
[ 1201.369451][T19173]  das-1801hc
[ 1201.452519][T19173]  das-1802hc
[ 1201.510533][T19173]  das-1801ao
[ 1201.524643][ T5820] Bluetooth: hci0: command tx timeout
[ 1201.579388][T19173]  das-1802ao
[ 1201.627916][T19173] comedi: valid board names for das800 driver are:
[ 1201.716583][T19173]  das-800
[ 1201.756906][T19173]  cio-das800
[ 1201.806576][T19173]  das-801
[ 1201.860630][T19173]  cio-das801
[ 1201.879907][T19173]  das-802
[ 1201.897389][T19173]  cio-das802
[ 1201.913732][T19173]  cio-das802/16
[ 1201.933761][T19173] comedi: valid board names for isa-das08 driver are:
[ 1201.961113][  T792] usbhid 5-1:0.0: can't add hid device: -71
[ 1201.972140][T19173]  isa-das08
[ 1201.986237][  T792] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[ 1201.998018][T19173]  das08-pgm
[ 1202.017556][T19173]  das08-pgh
[ 1202.033786][T19173]  das08-pgl
[ 1202.048127][T19173]  das08-aoh
[ 1202.065255][T19173]  das08-aol
[ 1202.082390][T19173]  das08-aom
[ 1202.093215][  T792] usb 5-1: USB disconnect, device number 38
[ 1202.104761][T19173]  das08/jr-ao
[ 1202.116021][T19173]  das08jr-16-ao
[ 1202.127681][T19173]  pc104-das08
[ 1202.139574][T19173]  das08jr/16
[ 1202.147918][T19173] comedi: valid board names for das16m1 driver are:
[ 1202.170009][T19173]  das16m1
[ 1202.178507][T19173] comedi: valid board names for dac02 driver are:
[ 1202.198936][T19173]  dac02
[ 1202.212992][T19173] comedi: valid board names for rti802 driver are:
[ 1202.243157][T19173]  rti802
[ 1202.249243][T19173] comedi: valid board names for rti800 driver are:
[ 1202.285196][T19173]  rti800
[ 1202.297882][T19173]  rti815
[ 1202.317779][T19173] comedi: valid board names for pcm3724 driver are:
[ 1202.359259][T19173]  pcm3724
[ 1202.367180][T19173] comedi: valid board names for pcl818 driver are:
[ 1202.381005][T19173]  pcl818l
[ 1202.389505][T19173]  pcl818h
[ 1202.412389][T19173]  pcl818hd
[ 1202.419740][T19173]  pcl818hg
[ 1202.427810][T19173]  pcl818
[ 1202.436142][T19173]  pcl718
[ 1202.440855][T19173]  pcm3718
[ 1202.458174][T19173] comedi: valid board names for pcl816 driver are:
[ 1202.476520][T19173]  pcl816
[ 1202.482920][T19173]  pcl814b
[ 1202.537979][T19173] comedi: valid board names for pcl812 driver are:
[ 1202.568056][T19173]  pcl812
[ 1202.573893][T19173]  pcl812pg
[ 1202.584370][T19173]  acl8112pg
[ 1202.593937][T19173]  acl8112dg
[ 1202.608678][T19173]  acl8112hg
[ 1202.618627][T19173]  a821pgl
[ 1202.625895][T19173]  a821pglnda
[ 1202.634426][T19173]  a821pgh
[ 1202.643219][T19173]  a822pgl
[ 1202.662733][T19173]  a822pgh
[ 1202.673167][T19173]  a823pgl
[ 1202.686734][T19173]  a823pgh
[ 1202.696581][T19173]  pcl813
[ 1202.707309][T19173]  pcl813b
[ 1202.715431][T19173]  acl8113
[ 1202.722801][T19173]  iso813
[ 1202.731570][T19173]  acl8216
[ 1202.740152][T19173]  a826pg
[ 1202.748744][T19173] comedi: valid board names for pcl730 driver are:
[ 1202.777768][T19173]  pcl730
[ 1202.789315][T19173]  iso730
[ 1202.800108][T19173]  acl7130
[ 1202.810406][T19173]  pcm3730
[ 1202.824836][T19173]  pcl725
[ 1202.833552][T19173]  p8r8dio
[ 1202.849926][T19173]  acl7225b
[ 1202.860738][T19173]  p16r16dio
[ 1202.873679][T19173]  pcl733
[ 1202.893831][T19173]  pcl734
[ 1202.907963][T19173]  opmm-1616-xt
[ 1202.923740][T19173]  pearl-mm-p
[ 1202.944179][T19173]  ir104-pbf
[ 1202.972109][T19173] comedi: valid board names for pcl726 driver are:
[ 1202.993468][T19173]  pcl726
[ 1203.016054][T19173]  pcl727
[ 1203.041248][T19173]  pcl728
[ 1203.051585][T19173]  acl6126
[ 1203.071306][T19173]  acl6128
[ 1203.086382][T19173] comedi: valid board names for pcl724 driver are:
[ 1203.107122][T19173]  pcl724
[ 1203.114438][T19173]  pcl722
[ 1203.122226][T19173]  pcl731
[ 1203.132506][T19173]  acl7122
[ 1203.141345][T19173]  acl7124
[ 1203.146426][T19173]  pet48dio
[ 1203.153112][T19173]  pcmio48
[ 1203.163937][T19173]  onyx-mm-dio
[ 1203.170301][T19173] comedi: valid board names for pcl711 driver are:
[ 1203.187070][T19173]  pcl711
[ 1203.198905][T19173]  pcl711b
[ 1203.210901][T19173]  acl8112hg
[ 1203.222351][T19173]  acl8112dg
[ 1203.230374][T19173] comedi: valid board names for amplc_pc263 driver are:
[ 1203.255058][T19173]  pc263
[ 1203.266220][T19173] comedi: valid board names for amplc_pc236 driver are:
[ 1203.283893][T19173]  pc36at
[ 1203.288710][T19173] comedi: valid board names for amplc_dio200 driver are:
[ 1203.307054][T19173]  pc212e
[ 1203.314302][T19173]  pc214e
[ 1203.322148][T19173]  pc215e
[ 1203.333660][T19173]  pc218e
[ 1203.339713][T19173]  pc272e
[ 1203.346281][T19173] comedi: valid board names for comedi_parport driver are:
[ 1203.370092][T19173]  comedi_parport
[ 1203.381129][T19173] comedi: valid board names for comedi_test driver are:
[ 1203.395947][T19173]  comedi_test
[ 1203.409145][T19173] comedi: valid board names for comedi_bond driver are:
[ 1203.425852][T19173]  comedi_bond
[ 1203.464161][   T29] audit: type=1400 audit(1776247314.196:74197): avc:  denied  { unmount } for  pid=5807 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[ 1203.604842][ T5820] Bluetooth: hci0: command tx timeout
[ 1203.964247][T19177] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[ 1203.988950][T19177] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[ 1204.008958][T19177] wireguard: wg0: Could not create IPv4 socket
[ 1204.017841][T19177] wireguard: wg1: Could not create IPv4 socket
[ 1204.026801][T19177] wireguard: wg2: Could not create IPv4 socket
[ 1204.396149][   T29] audit: type=1400 audit(1776247315.136:74198): avc:  denied  { create } for  pid=19268 comm="syz.2.3430" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[ 1204.585413][T19272] input: syz0 as /devices/virtual/input/input34
[ 1205.417265][   T29] audit: type=1400 audit(1776247315.276:74199): avc:  denied  { create } for  pid=19260 comm="syz.5.3427" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[ 1205.439136][   T29] audit: type=1400 audit(1776247315.286:74200): avc:  denied  { setopt } for  pid=19260 comm="syz.5.3427" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[ 1206.605824][   T29] audit: type=1400 audit(1776247316.146:74201): avc:  denied  { read } for  pid=5162 comm="acpid" name="event4" dev="devtmpfs" ino=5015 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 1206.669147][T14259] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1206.692971][T14259] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1206.712992][T14259] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1206.730707][T19269] wg1 speed is unknown, defaulting to 1000
[ 1206.736635][T19269] wg1 speed is unknown, defaulting to 1000
[ 1206.742802][T19269] wg1 speed is unknown, defaulting to 1000
[ 1206.751834][T19269] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -2
[ 1206.765285][T19269] wg1 speed is unknown, defaulting to 1000
[ 1206.771906][T19269] wg1 speed is unknown, defaulting to 1000
[ 1206.778836][T19269] wg1 speed is unknown, defaulting to 1000
[ 1206.785576][   T29] audit: type=1400 audit(1776247316.146:74202): avc:  denied  { open } for  pid=5162 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=5015 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 1206.826773][T18936] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1206.859783][T18936] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1206.889629][   T29] audit: type=1400 audit(1776247317.466:74203): avc:  denied  { write } for  pid=19268 comm="syz.2.3430" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[ 1206.911001][T19281] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3432'.
[ 1206.927604][   T29] audit: type=1400 audit(1776247317.526:74204): avc:  denied  { setopt } for  pid=19268 comm="syz.2.3430" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[ 1207.006824][T19277] Failed to initialize the IGMP autojoin socket (err -2)
[ 1207.800904][T19298] Failed to initialize the IGMP autojoin socket (err -2)
[ 1208.160315][T19302] Mount JFS Failure: -22
[ 1208.164886][T19302] jfs_mount failed w/return code = -22
[ 1208.964596][T18936] Bluetooth: hci0: command tx timeout
[ 1209.520374][   T29] audit: type=1400 audit(1776247320.256:74205): avc:  denied  { read write } for  pid=19314 comm="syz.5.3436" name="uhid" dev="devtmpfs" ino=1273 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[ 1209.545082][   T29] audit: type=1400 audit(1776247320.256:74206): avc:  denied  { open } for  pid=19314 comm="syz.5.3436" path="/dev/uhid" dev="devtmpfs" ino=1273 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[ 1209.814565][  T792] usb 6-1: new high-speed USB device number 51 using dummy_hcd
[ 1209.986552][  T792] usb 6-1: config 0 has no interfaces?
[ 1209.993632][  T792] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1210.003855][  T792] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1210.012318][  T792] usb 6-1: SerialNumber: syz
[ 1210.021092][  T792] usb 6-1: config 0 descriptor??
[ 1210.045460][T14428] usb 3-1: new high-speed USB device number 105 using dummy_hcd
[ 1210.214929][T14428] usb 3-1: Using ep0 maxpacket: 16
[ 1210.222187][T14428] usb 3-1: unable to get BOS descriptor or descriptor too short
[ 1210.232239][T14428] usb 3-1: config 2 has an invalid interface number: 143 but max is 0
[ 1210.255010][T14428] usb 3-1: config 2 has no interface number 0
[ 1210.261523][T14428] usb 3-1: config 2 interface 143 has no altsetting 0
[ 1210.271391][T14428] usb 3-1: New USB device found, idVendor=05e1, idProduct=0893, bcdDevice=70.2c
[ 1210.280829][T14428] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1210.289379][T14428] usb 3-1: Product: ࠉ
[ 1210.293650][T14428] usb 3-1: Manufacturer: 怸훑饚⺐꤯䔊컝슂⣛⫽鐀鐉㰮닉ਘ絃◒됱邡삶䂄ꐠㅕ⃟㚲ƙ핢㥴괄쁈択奈㠆憠襔깟Ṩ㫕ﳓ兑ඌ
[ 1210.455753][   T29] audit: type=1400 audit(1776247321.186:74207): avc:  denied  { block_suspend } for  pid=19314 comm="syz.5.3436" capability=36  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 1210.587730][T14428] gspca_main: stk014-2.14.0 probing 05e1:0893
[ 1210.597548][T14428] usb 3-1: selecting invalid altsetting 1
[ 1210.603668][T14428] gspca_stk014: reg_r err -71
[ 1210.612274][T14428] stk014 3-1:2.143: probe with driver stk014 failed with error -71
[ 1210.627152][T14428] usb 3-1: USB disconnect, device number 105
[ 1210.859389][   T29] audit: type=1400 audit(1776247321.596:74208): avc:  denied  { create } for  pid=19362 comm="syz.4.3438" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[ 1210.904826][   T29] audit: type=1400 audit(1776247321.626:74209): avc:  denied  { write } for  pid=19362 comm="syz.4.3438" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[ 1210.961717][T19366] syzkaller0: entered promiscuous mode
[ 1210.975459][T19366] syzkaller0: entered allmulticast mode
[ 1211.044559][T18936] Bluetooth: hci0: command tx timeout
[ 1211.644594][   T29] audit: type=1400 audit(1776247322.336:74210): avc:  denied  { create } for  pid=19385 comm="syz.2.3442" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[ 1211.689080][   T29] audit: type=1400 audit(1776247322.336:74211): avc:  denied  { write } for  pid=19385 comm="syz.2.3442" path="socket:[77014]" dev="sockfs" ino=77014 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 1212.852599][T19277] netdevsim netdevsim0 netdevsim0: renamed from eth13
[ 1212.946682][T19277] netdevsim netdevsim0 netdevsim1: renamed from eth14
[ 1213.007754][T19277] netdevsim netdevsim0 netdevsim2: renamed from eth15
[ 1213.129433][T18936] Bluetooth: hci0: command tx timeout
[ 1213.199366][T19277] netdevsim netdevsim0 netdevsim3: renamed from eth16
[ 1213.249530][ T5820] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1213.268420][ T5820] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1213.278047][ T5820] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1213.286979][ T5820] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1213.296503][ T5820] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1214.071204][T19434] Failed to initialize the IGMP autojoin socket (err -2)
[ 1214.180897][T16979] usb 6-1: USB disconnect, device number 51
[ 1214.191094][T19437] hfsplus: unable to find HFS+ superblock
[ 1214.402860][T19447] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3446'.
[ 1214.611843][T19449] tipc: Started in network mode
[ 1214.625833][T19449] tipc: Node identity e2e0edf5588f, cluster identity 4711
[ 1214.669298][T19449] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1214.686892][T19452] syzkaller0: entered promiscuous mode
[ 1214.704625][T19452] syzkaller0: entered allmulticast mode
[ 1214.802640][T19449] tipc: Resetting bearer <eth:syzkaller0>
[ 1214.853948][T19448] tipc: Resetting bearer <eth:syzkaller0>
[ 1214.937177][T19448] tipc: Disabling bearer <eth:syzkaller0>
[ 1215.205438][T18936] Bluetooth: hci0: command tx timeout
[ 1215.339762][T19277] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[ 1215.374391][T19277] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[ 1215.393323][T19277] wireguard: wg0: Could not create IPv4 socket
[ 1215.423910][T19277] wireguard: wg1: Could not create IPv4 socket
[ 1215.432296][T19277] wireguard: wg2: Could not create IPv4 socket
[ 1216.312190][ T5820] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1216.323087][ T5820] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1216.334387][ T5820] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1216.863690][T16979] usb 6-1: new high-speed USB device number 52 using dummy_hcd
[ 1216.889786][ T5820] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1216.903580][ T5820] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1217.019634][T19497] Failed to initialize the IGMP autojoin socket (err -2)
[ 1217.038903][T16979] usb 6-1: Using ep0 maxpacket: 16
[ 1217.052254][T16979] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1217.074557][T16979] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1217.110755][T16979] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[ 1217.142970][T16979] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[ 1217.209068][T16979] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1217.270241][T16979] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1217.300962][T16979] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1217.347892][T16979] usb 6-1: Manufacturer: syz
[ 1217.371505][T16979] usb 6-1: config 0 descriptor??
[ 1217.754850][T16979] rc_core: IR keymap rc-hauppauge not found
[ 1217.795363][T16979] Registered IR keymap rc-empty
[ 1217.842851][T16979] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1217.925131][T16979] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1218.002281][T16979] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0
[ 1218.068818][T16979] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0/input35
[ 1218.162871][   T29] audit: type=1400 audit(1776247328.896:74212): avc:  denied  { ioctl } for  pid=5162 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=5023 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 1218.236485][T16979] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1218.297740][T16979] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1218.355574][T16979] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1218.424973][T16979] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1218.587577][T16979] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1218.627172][T16979] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1218.675537][T16979] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1218.777425][T16979] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1218.815108][T16979] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1218.874755][T16979] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1218.932963][T16979] mceusb 6-1:0.0: Registered 424242424242 with mce emulator interface version 1
[ 1218.964558][ T5820] Bluetooth: hci0: command tx timeout
[ 1218.987703][T16979] mceusb 6-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[ 1219.023738][T16979] usb 6-1: USB disconnect, device number 52
[ 1220.062313][T19497] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[ 1220.108010][T19497] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[ 1220.143724][T19497] wireguard: wg0: Could not create IPv4 socket
[ 1220.167945][T19497] wireguard: wg1: Could not create IPv4 socket
[ 1220.179626][T19497] wireguard: wg2: Could not create IPv4 socket
[ 1220.440832][T19563] FAULT_INJECTION: forcing a failure.
[ 1220.440832][T19563] name failslab, interval 1, probability 0, space 0, times 0
[ 1220.490495][T19563] CPU: 0 UID: 0 PID: 19563 Comm: syz.5.3455 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1220.490526][T19563] Tainted: [L]=SOFTLOCKUP
[ 1220.490533][T19563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1220.490543][T19563] Call Trace:
[ 1220.490549][T19563]  <TASK>
[ 1220.490556][T19563]  dump_stack_lvl+0x100/0x190
[ 1220.490585][T19563]  should_fail_ex.cold+0x5/0xa
[ 1220.490611][T19563]  should_failslab+0xc2/0x120
[ 1220.490633][T19563]  kmem_cache_alloc_node_noprof+0x81/0x6f0
[ 1220.490651][T19563]  ? __alloc_skb+0x140/0x710
[ 1220.490674][T19563]  ? __alloc_skb+0x5b7/0x710
[ 1220.490700][T19563]  __alloc_skb+0x140/0x710
[ 1220.490722][T19563]  ? __alloc_skb+0x5b7/0x710
[ 1220.490744][T19563]  ? __pfx___alloc_skb+0x10/0x10
[ 1220.490775][T19563]  netlink_ack+0x117/0xb80
[ 1220.490791][T19563]  ? avc_has_perm_noaudit+0x145/0x3b0
[ 1220.490825][T19563]  netlink_rcv_skb+0x333/0x420
[ 1220.490841][T19563]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[ 1220.490866][T19563]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1220.490892][T19563]  ? ns_capable+0xd2/0xf0
[ 1220.490916][T19563]  nfnetlink_rcv+0x1b3/0x440
[ 1220.490938][T19563]  ? __pfx_nfnetlink_rcv+0x10/0x10
[ 1220.490958][T19563]  ? netlink_deliver_tap+0x1ae/0xcc0
[ 1220.490987][T19563]  netlink_unicast+0x5aa/0x870
[ 1220.491008][T19563]  ? __pfx_netlink_unicast+0x10/0x10
[ 1220.491034][T19563]  netlink_sendmsg+0x8b0/0xda0
[ 1220.491055][T19563]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1220.491071][T19563]  ? __might_fault+0x80/0x140
[ 1220.491105][T19563]  ____sys_sendmsg+0x9e1/0xb70
[ 1220.491122][T19563]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1220.491141][T19563]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1220.491171][T19563]  ___sys_sendmsg+0x190/0x1e0
[ 1220.491193][T19563]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1220.491242][T19563]  __sys_sendmsg+0x170/0x220
[ 1220.491268][T19563]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1220.491303][T19563]  ? rcu_is_watching+0x12/0xc0
[ 1220.491329][T19563]  do_syscall_64+0x10b/0xf80
[ 1220.491346][T19563]  ? clear_bhb_loop+0x40/0x90
[ 1220.491367][T19563]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1220.491385][T19563] RIP: 0033:0x7fd5ad19c819
[ 1220.491401][T19563] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1220.491417][T19563] RSP: 002b:00007fd5ae0de028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1220.491434][T19563] RAX: ffffffffffffffda RBX: 00007fd5ad415fa0 RCX: 00007fd5ad19c819
[ 1220.491446][T19563] RDX: 0000000004000084 RSI: 0000200000000000 RDI: 0000000000000003
[ 1220.491456][T19563] RBP: 00007fd5ae0de090 R08: 0000000000000000 R09: 0000000000000000
[ 1220.491467][T19563] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1220.491477][T19563] R13: 00007fd5ad416038 R14: 00007fd5ad415fa0 R15: 00007ffdddc662b8
[ 1220.491501][T19563]  </TASK>
[ 1220.823947][   T29] audit: type=1400 audit(1776247331.556:74213): avc:  denied  { accept } for  pid=19558 comm="syz.2.3456" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 1220.916813][T18936] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1220.930158][T18936] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1220.939106][T18936] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1220.947258][T18936] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1220.955086][T18936] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1221.072556][T19566] Failed to initialize the IGMP autojoin socket (err -2)
[ 1221.544540][   T29] audit: type=1400 audit(1776247331.956:74214): avc:  denied  { unlink } for  pid=19569 comm="syz.5.3459" name="#26" dev="tmpfs" ino=1767 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[ 1221.618436][   T29] audit: type=1400 audit(1776247331.966:74215): avc:  denied  { mount } for  pid=19569 comm="syz.5.3459" name="/" dev="overlay" ino=1761 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[ 1221.658636][   T29] audit: type=1800 audit(1776247332.026:74216): pid=19574 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.5.3459" name="file0" dev="overlay" ino=1769 res=0 errno=0
[ 1221.798336][   T29] audit: type=1400 audit(1776247332.526:74217): avc:  denied  { unmount } for  pid=12358 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[ 1221.835798][T19571] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3458'.
[ 1221.866083][   T29] audit: type=1400 audit(1776247332.596:74218): avc:  denied  { write } for  pid=19577 comm="syz.2.3460" path="socket:[77598]" dev="sockfs" ino=77598 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[ 1223.124950][ T5820] Bluetooth: hci0: command tx timeout
[ 1223.358725][T19595] hfsplus: unable to find HFS+ superblock
[ 1223.792157][   T29] audit: type=1400 audit(1776247334.526:74219): avc:  denied  { getopt } for  pid=19597 comm="syz.5.3462" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[ 1225.983136][ T5820] Bluetooth: hci0: command tx timeout
[ 1226.045067][ T5884] usb 6-1: new high-speed USB device number 53 using dummy_hcd
[ 1226.226535][ T5884] usb 6-1: unable to get BOS descriptor or descriptor too short
[ 1226.246412][ T5884] usb 6-1: unable to read config index 0 descriptor/start: -61
[ 1226.257556][ T5884] usb 6-1: can't read configurations, error -61
[ 1226.434827][ T5884] usb 6-1: new high-speed USB device number 54 using dummy_hcd
[ 1226.886566][ T5884] usb 6-1: unable to get BOS descriptor or descriptor too short
[ 1226.923913][ T5884] usb 6-1: unable to read config index 0 descriptor/start: -61
[ 1226.986779][ T5884] usb 6-1: can't read configurations, error -61
[ 1227.012223][ T5884] usb usb6-port1: attempt power cycle
[ 1227.286516][T19658] FAULT_INJECTION: forcing a failure.
[ 1227.286516][T19658] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1227.311795][T19658] CPU: 1 UID: 0 PID: 19658 Comm: syz.4.3469 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1227.311825][T19658] Tainted: [L]=SOFTLOCKUP
[ 1227.311831][T19658] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1227.311840][T19658] Call Trace:
[ 1227.311846][T19658]  <TASK>
[ 1227.311853][T19658]  dump_stack_lvl+0x100/0x190
[ 1227.311878][T19658]  should_fail_ex.cold+0x5/0xa
[ 1227.311903][T19658]  _copy_from_user+0x2e/0xd0
[ 1227.311930][T19658]  copy_msghdr_from_user+0x9f/0x4f0
[ 1227.311952][T19658]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 1227.311974][T19658]  ? rcu_is_watching+0x12/0xc0
[ 1227.311997][T19658]  ? ___sys_sendmsg+0x19d/0x1e0
[ 1227.312013][T19658]  ? kfree+0x2ce/0x690
[ 1227.312040][T19658]  ___sys_sendmsg+0x106/0x1e0
[ 1227.312060][T19658]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1227.312100][T19658]  ? __pfx___might_resched+0x10/0x10
[ 1227.312126][T19658]  __sys_sendmmsg+0x205/0x430
[ 1227.312151][T19658]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1227.312179][T19658]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1227.312207][T19658]  ? fput+0x79/0x100
[ 1227.312230][T19658]  ? ksys_write+0x1ac/0x250
[ 1227.312249][T19658]  ? __pfx_ksys_write+0x10/0x10
[ 1227.312269][T19658]  __x64_sys_sendmmsg+0x9c/0x100
[ 1227.312291][T19658]  ? lockdep_hardirqs_on+0x78/0x100
[ 1227.312315][T19658]  do_syscall_64+0x10b/0xf80
[ 1227.312331][T19658]  ? clear_bhb_loop+0x40/0x90
[ 1227.312352][T19658]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1227.312370][T19658] RIP: 0033:0x7fd1ad19c819
[ 1227.312385][T19658] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1227.312401][T19658] RSP: 002b:00007fd1adfd9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1227.312418][T19658] RAX: ffffffffffffffda RBX: 00007fd1ad415fa0 RCX: 00007fd1ad19c819
[ 1227.312428][T19658] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000003
[ 1227.312439][T19658] RBP: 00007fd1adfd9090 R08: 0000000000000000 R09: 0000000000000000
[ 1227.312449][T19658] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1227.312458][T19658] R13: 00007fd1ad416038 R14: 00007fd1ad415fa0 R15: 00007fffa01cd7e8
[ 1227.312481][T19658]  </TASK>
[ 1227.802637][ T5884] usb 6-1: new high-speed USB device number 55 using dummy_hcd
[ 1228.014886][ T5820] Bluetooth: hci0: command 0x040f tx timeout
[ 1228.099238][ T5884] usb 6-1: device not accepting address 55, error -71
[ 1228.864432][T18936] Oops: general protection fault, probably for non-canonical address 0xdffffc000000004c: 0000 [#1] SMP KASAN NOPTI
[ 1228.876557][T18936] KASAN: null-ptr-deref in range [0x0000000000000260-0x0000000000000267]
[ 1228.884986][T18936] CPU: 0 UID: 0 PID: 18936 Comm: kworker/u9:0 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1228.896098][T18936] Tainted: [L]=SOFTLOCKUP
[ 1228.900416][T18936] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1228.910583][T18936] Workqueue: hci2 hci_rx_work
[ 1228.915289][T18936] RIP: 0010:kasan_byte_accessible+0x15/0x30
[ 1228.921218][T18936] Code: 00 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 40 d6 48 b8 00 00 00 00 00 fc ff df 48 c1 ef 03 48 01 c7 <0f> b6 07 3c 07 0f 96 c0 e9 ce ad 1e 09 66 66 2e 0f 1f 84 00 00 00
[ 1228.940829][T18936] RSP: 0018:ffffc900035b7740 EFLAGS: 00010282
[ 1228.946907][T18936] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 1228.954884][T18936] RDX: 0000000000000000 RSI: ffffffff89589871 RDI: dffffc000000004c
[ 1228.962865][T18936] RBP: 0000000000000260 R08: 0000000000000001 R09: 0000000000000000
[ 1228.970839][T18936] R10: ffffc900035b7830 R11: 0000000000000000 R12: ffffffff89589871
[ 1228.978824][T18936] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000000
[ 1228.986805][T18936] FS:  0000000000000000(0000) GS:ffff888124327000(0000) knlGS:0000000000000000
[ 1228.995742][T18936] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1229.002325][T18936] CR2: 00007fa2ca7e9f00 CR3: 00000000b3fcf000 CR4: 00000000003526f0
[ 1229.010302][T18936] Call Trace:
[ 1229.013581][T18936]  <TASK>
[ 1229.016506][T18936]  __kasan_check_byte+0x13/0x50
[ 1229.021361][T18936]  lock_acquire+0x12a/0x370
[ 1229.025862][T18936]  ? do_raw_read_unlock+0x3f/0x70
[ 1229.030889][T18936]  lock_sock_nested+0x41/0xf0
[ 1229.035568][T18936]  ? l2cap_sock_new_connection_cb+0x4c/0x260
[ 1229.041553][T18936]  l2cap_sock_new_connection_cb+0x4c/0x260
[ 1229.047384][T18936]  l2cap_connect_cfm+0x4e2/0xf80
[ 1229.052345][T18936]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[ 1229.057806][T18936]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[ 1229.063271][T18936]  le_conn_complete_evt+0x197c/0x1f60
[ 1229.068659][T18936]  ? __pfx_le_conn_complete_evt+0x10/0x10
[ 1229.074406][T18936]  hci_le_conn_complete_evt+0x23c/0x3a0
[ 1229.079964][T18936]  ? skb_pull_data+0x15f/0x1e0
[ 1229.084746][T18936]  hci_le_meta_evt+0x34a/0x5f0
[ 1229.089525][T18936]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[ 1229.095600][T18936]  hci_event_packet+0x51c/0xcd0
[ 1229.100452][T18936]  ? __pfx_hci_le_meta_evt+0x10/0x10
[ 1229.105751][T18936]  ? __pfx_hci_event_packet+0x10/0x10
[ 1229.111125][T18936]  ? kcov_remote_start+0x374/0x660
[ 1229.116244][T18936]  ? lockdep_hardirqs_on+0x78/0x100
[ 1229.121462][T18936]  hci_rx_work+0x451/0xfc0
[ 1229.125892][T18936]  process_one_work+0xa0e/0x1980
[ 1229.130840][T18936]  ? __pfx_process_one_work+0x10/0x10
[ 1229.136237][T18936]  ? __pfx_hci_rx_work+0x10/0x10
[ 1229.141201][T18936]  worker_thread+0x5ef/0xe50
[ 1229.145795][T18936]  ? __pfx_worker_thread+0x10/0x10
[ 1229.150906][T18936]  ? kthread+0x13a/0x450
[ 1229.155144][T18936]  ? __pfx_worker_thread+0x10/0x10
[ 1229.160263][T18936]  kthread+0x370/0x450
[ 1229.164350][T18936]  ? __pfx_kthread+0x10/0x10
[ 1229.168968][T18936]  ret_from_fork+0x72b/0xd50
[ 1229.173565][T18936]  ? __pfx_ret_from_fork+0x10/0x10
[ 1229.178673][T18936]  ? __switch_to+0x800/0x1100
[ 1229.183359][T18936]  ? __pfx_kthread+0x10/0x10
[ 1229.187947][T18936]  ret_from_fork_asm+0x1a/0x30
[ 1229.192730][T18936]  </TASK>
[ 1229.195754][T18936] Modules linked in:
[ 1229.200303][T18936] ---[ end trace 0000000000000000 ]---
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1229.304833][T18936] RIP: 0010:kasan_byte_accessible+0x15/0x30
[ 1229.312468][T18936] Code: 00 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 40 d6 48 b8 00 00 00 00 00 fc ff df 48 c1 ef 03 48 01 c7 <0f> b6 07 3c 07 0f 96 c0 e9 ce ad 1e 09 66 66 2e 0f 1f 84 00 00 00
[ 1229.333485][T18936] RSP: 0018:ffffc900035b7740 EFLAGS: 00010282
[ 1229.340429][T18936] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 1229.348793][T18936] RDX: 0000000000000000 RSI: ffffffff89589871 RDI: dffffc000000004c
[ 1229.357473][T18936] RBP: 0000000000000260 R08: 0000000000000001 R09: 0000000000000000
[ 1229.368263][T18936] R10: ffffc900035b7830 R11: 0000000000000000 R12: ffffffff89589871
[ 1229.376738][T18936] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000000
[ 1229.386679][T18936] FS:  0000000000000000(0000) GS:ffff888124327000(0000) knlGS:0000000000000000
[ 1229.395667][T18936] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1229.402995][T19674] hfsplus: unable to find HFS+ superblock
[ 1229.409178][T18936] CR2: 00007fd5ae07aff8 CR3: 000000005cae8000 CR4: 00000000003526f0
[ 1229.419444][T18936] Kernel panic - not syncing: Fatal exception
[ 1229.425815][T18936] Kernel Offset: disabled
[ 1229.430127][T18936] Rebooting in 86400 seconds..