last executing test programs:

21m53.667130458s ago: executing program 4 (id=271):
r0 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendto$inet6(r0, &(0x7f00000009c0)="c7cfcaaa22e10542fca5c0195350f15147657e0bfc59d383a47190db88690e6fedc3040ab5809ae02a54cd429cc3338c5afa0c9dce3f91950d1f567f358ac21154159130e88cbb6c43197813b2f23f3e442f80877490b393408142ebcfea6821f543e5ee9e27032e2b75d78f1b79f5a6bb6f0645e267770ef7e8f3a92148091217450ce8581e54223eeb6486205a209bf1fe854d211c03f8c3140fc3979d824082990d119473d20e94f253c9621fac339560ae46cb24b88bf2d01559bb658e343257b90f233b81bc5c398be3bbddb23a1e", 0xffd6, 0xc001, 0x0, 0xffffffffffffff0c)
setsockopt$inet6_udp_int(r0, 0x11, 0x1, &(0x7f0000000080), 0x4)

21m53.009568829s ago: executing program 4 (id=272):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), r0)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002dbd7000fedbdf252c000000180001801400020064756d6d7930"], 0x2c}, 0x1, 0x0, 0x0, 0x20048881}, 0x2000c800)

21m52.660114817s ago: executing program 4 (id=274):
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32, @ANYBLOB], 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000001340))
ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000080)=0x6e)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, 0x0, 0x0, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt(r5, 0xff, 0x7, &(0x7f0000000000)="fa794bfa", 0x4)
ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f0000000200)={0xc, 0x0, <r6=>0x0})
ioctl$IOMMU_VFIO_IOAS$SET(r4, 0x3b88, &(0x7f00000002c0)={0xc, r6})
ioctl$IOMMU_VFIO_IOMMU_MAP_DMA(r4, 0x3b71, &(0x7f0000000240)={0x20, 0x2, &(0x7f0000000480), 0x8000, 0x10000})
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
fchdir(r7)
mkdir(&(0x7f00000000c0)='./file0\x00', 0x12a)
openat$cgroup_freezer_state(r7, &(0x7f0000000080), 0x2, 0x0)

21m51.15204592s ago: executing program 4 (id=279):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x801, 0x0)
prctl$PR_SET_PDEATHSIG(0x1, 0x4)
r0 = syz_open_dev$vbi(&(0x7f0000000080), 0x3, 0x2)
ioctl$VIDIOC_S_OUTPUT(r0, 0xc004562f, &(0x7f0000000000)=0x1)
ioctl$VIDIOC_S_DV_TIMINGS(r0, 0xc0845657, &(0x7f0000000380)={0x0, @bt={0x2d0, 0x190, 0x1, 0x0, 0xdd9f83, 0x1, 0x40009, 0x4, 0x2, 0x5, 0x722, 0x113, 0x8000008, 0x200007f, 0x3c, 0xb763599953cb091d, {0x2, 0x6fd8e94b}, 0x3, 0xed}})
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r0, 0xc0845657, &(0x7f0000000500)={0x0, @reserved})
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x0)
r4 = socket$kcm(0x29, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r4, 0x89e2, &(0x7f0000000040)={r2})
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x104000, 0x0)
mount$9p_unix(&(0x7f0000000140)='./file0\x00', &(0x7f00000004c0)='./file0\x00', 0x0, 0x12c5c18, 0x0)
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x2a05004, 0x0)
umount2(&(0x7f0000000180)='./file0/file0\x00', 0x0)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
open(0x0, 0x0, 0xc8)
syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
syz_init_net_socket$llc(0x1a, 0x2, 0x0)
ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, 0x0)
mremap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x3000, 0x0, &(0x7f0000ffd000/0x3000)=nil)
openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
pselect6(0x40, &(0x7f0000000080)={0x5, 0x0, 0x120000000100, 0xffffffffffffffff, 0x29, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f0000000180)={0x3fe, 0x7, 0x0, 0x9, 0x86, 0x800, 0x5, 0x2}, 0x0, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)

21m50.117829638s ago: executing program 4 (id=283):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x40042, 0x1)
pipe2$9p(&(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000700)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r3 = socket$netlink(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_NEW(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r4, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0)
sendmsg$DEVLINK_CMD_GET(r0, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000240)={&(0x7f0000000440)={0x8c, r4, 0x20, 0x70bd2c, 0x25dfdbfc, {}, [@pci={{0x8}, {0x11}}, @pci={{0x8}, {0x11}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x20000800}, 0x80)
r5 = dup(r2)
write$FUSE_BMAP(r5, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r5, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r5, @ANYBLOB=',cache=mmap'])
chmod(&(0x7f0000000140)='./file0\x00', 0x0)
r6 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
write$UHID_INPUT(r6, 0x0, 0x0)
pwritev2(r6, &(0x7f00000002c0)=[{&(0x7f0000000180)="8c", 0x1}], 0x1, 0x8, 0x5, 0x12)

21m49.178574245s ago: executing program 4 (id=286):
r0 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0xa2)
fcntl$setlease(r0, 0x400, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f0000000040), 0x1, 0x40002)
mq_open(0x0, 0x1, 0x102, 0xfffffffffffffffe)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000100)=ANY=[@ANYBLOB="9feb01001800000000000000000000000000000003000000006100facba2a0272c9e1251a204ba95b53c9037b0f4609b1318ee8ffa256889f0219a8631b758633e846ec8bbe4f2bd3bedd18743f7d1ed0e"], 0x0, 0x1b}, 0x28)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0], 0x50)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x18)
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
add_key(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff)
ioctl$VHOST_SET_VRING_BASE(r4, 0xaf01, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
getpid()
sched_setscheduler(0x0, 0x1, &(0x7f00000000c0)=0x6)
io_uring_enter(0xffffffffffffffff, 0x3, 0x10a5, 0x0, 0x0, 0x0)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r7, 0x29, 0x40, 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
msgsnd(0x0, &(0x7f0000002500)=ANY=[@ANYBLOB="03"], 0x0, 0x0)
msgrcv(0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0)
writev(r1, &(0x7f0000000c40)=[{0x0}, {&(0x7f00000005c0)="c21cfb", 0x3}, {&(0x7f00000007c0), 0x300}, {&(0x7f0000000900), 0x4000}], 0xe)

21m48.250551614s ago: executing program 32 (id=286):
r0 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0xa2)
fcntl$setlease(r0, 0x400, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f0000000040), 0x1, 0x40002)
mq_open(0x0, 0x1, 0x102, 0xfffffffffffffffe)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000100)=ANY=[@ANYBLOB="9feb01001800000000000000000000000000000003000000006100facba2a0272c9e1251a204ba95b53c9037b0f4609b1318ee8ffa256889f0219a8631b758633e846ec8bbe4f2bd3bedd18743f7d1ed0e"], 0x0, 0x1b}, 0x28)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0], 0x50)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x18)
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
add_key(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff)
ioctl$VHOST_SET_VRING_BASE(r4, 0xaf01, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
getpid()
sched_setscheduler(0x0, 0x1, &(0x7f00000000c0)=0x6)
io_uring_enter(0xffffffffffffffff, 0x3, 0x10a5, 0x0, 0x0, 0x0)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r7, 0x29, 0x40, 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
msgsnd(0x0, &(0x7f0000002500)=ANY=[@ANYBLOB="03"], 0x0, 0x0)
msgrcv(0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0)
writev(r1, &(0x7f0000000c40)=[{0x0}, {&(0x7f00000005c0)="c21cfb", 0x3}, {&(0x7f00000007c0), 0x300}, {&(0x7f0000000900), 0x4000}], 0xe)

20m52.180531853s ago: executing program 1 (id=498):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000ac0)={0x2, &(0x7f0000000a80)=[{0x20, 0x0, 0x0, 0xfffff00c}, {0x16}]}, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
sendmmsg(r0, &(0x7f0000003180)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x3ec0}}], 0x1, 0x0)

20m52.091011308s ago: executing program 1 (id=499):
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r4, &(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10)
sendto$inet(r4, 0x0, 0x0, 0x20020084, &(0x7f00000018c0)={0x2, 0x4e20}, 0x10)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x50)
sendto$inet(r4, &(0x7f0000000580)="e1", 0xfffffffffffffef1, 0x40000, 0x0, 0x0)
r6 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=@base={0xa, 0x9, 0x8, 0x2}, 0x48)
r7 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x6, &(0x7f0000000180)=@framed={{0x18, 0x2}, [@map_fd={0x18, 0x3, 0x1, 0x0, r6}, @call={0x85, 0x0, 0x0, 0x26}]}, &(0x7f0000000000)='GPL\x00'}, 0x90)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000280)=ANY=[@ANYRES32=r5, @ANYRES32=r7, @ANYBLOB="05"], 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r5, &(0x7f0000000340), &(0x7f0000000040)=@tcp=r4}, 0x20)
r8 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000400)='/sys/power/pm_print_times', 0x101080, 0x102)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f00000004c0)={<r9=>0x0, 0x6}, &(0x7f0000000500)=0x8)
getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r8, 0x84, 0x9, &(0x7f00000005c0)={r9, @in={{0x2, 0x4e23, @multicast2}}, 0xfff, 0xfffa, 0x200, 0x8000, 0x0, 0x85, 0x6}, &(0x7f0000000540)=0x9c)
recvmsg(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000800)=""/140, 0x8c}], 0x1}, 0x10000)
syz_usb_connect(0x0, 0x0, 0x0, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(0xffffffffffffffff, &(0x7f0000000280)={0x15, 0x110, 0xfa00, {0xffffffffffffffff, 0x0, 0x0, 0x30, 0x0, @in6={0x1b, 0x0, 0x7, @loopback, 0x3aa7}, @ib={0x1b, 0xffff, 0x0, {"040200090000000800"}, 0x0, 0xfffffffffffffffc, 0x6}}}, 0x118)

20m49.771519013s ago: executing program 2 (id=508):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x40000, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x1c9282, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x200000000000003d, &(0x7f0000000180)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000440)='block_bio_complete\x00', r3, 0x0, 0x1}, 0x18)
write$cgroup_int(r2, &(0x7f0000000040)=0x1c9, 0x12)
r4 = memfd_create(&(0x7f0000000000)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05\xd7\xe7X\xc7/\xae5\x93wwT\x13\xbd,\xd6\x16\x84\xcd\xd1\xd8\xe1P_\xbf0\xd8\x8d%Yh\xb5\xb4\"\xf5\x93\xdeh\xce\xa5\xe8\xc8\xec\x88\x89\xf07{\x95\xc9\xd0\xee\xe1\x1d\x80\xcc]-\xc2\xa1\x02ELhI\xd9\xf5\xcfk\x8a&i\xc1\xff9T\x8e\xe2rY\xa3\xd2H9\xfe\x0e\x1e\xac\x0f\xc3\xbd{\xd9\xcc\xbe\xa9\x93\xe0\xa4W\x1cn>\xc1\xf1\x9e\"\x93\x19\x19\x1a\xcc\x7fy\xd2~\x05\x99\xe6\x00o\xca\xe0\xc6\xd4\xf5\xa0\xc8P\xd6;\xf3\xc6~E\xacI\xd4\xe9\xa1|>\x91.K\x81\xa9+\xcf\xff\xcb\xfa\x0f\xe7n\x83H\x12\xac\x80\x16\xf8\x87Q\x97Az\n`\xb6\xe13A\xec\x8d(\\D\xec\xa6\t1\xa0h\xfc\x1f\xdd1@-4\xb4:\xf8\xd5wP \x84m\xe2\xd9\xfcb\xa0\xc3\xc9\xe7W\x86\xd7$\xa4ml\xee\x97[\xb7\xfa', 0x2)
mmap(&(0x7f0000321000/0x2000)=nil, 0x2000, 0x3000002, 0x12, r4, 0xd10a3000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
mount$tmpfs(0x0, &(0x7f0000000040)='./cgroup\x00', 0x0, 0x507ddce3a86cbf73, &(0x7f0000000080)=ANY=[])
lseek(r1, 0xd0, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000400)={r2, <r5=>0xffffffffffffffff}, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x9, &(0x7f00000006c0)=ANY=[@ANYBLOB="1800000040000000000000000800000018320000030000000000000000000000180001"], &(0x7f0000000340)='syzkaller\x00', 0x5, 0xa, &(0x7f00000002c0)=""/10, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000003c0)={0x6, 0x20000003}, 0x8, 0x10, &(0x7f0000000480)={0x3, 0xf, 0x1, 0x4}, 0x10, 0x0, 0x0, 0x7, 0x0, &(0x7f0000000540)=[{0x2, 0x1, 0x8, 0xa}, {0x5, 0x2, 0x5, 0x5}, {0x2, 0x5, 0x6, 0x8}, {0x7, 0x1, 0xc, 0x5}, {0x0, 0x1, 0xfffffffd}, {0x1, 0x3, 0x3, 0x2}, {0x3, 0x1, 0xf, 0x1}], 0x10, 0x1}, 0x94)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000300)={r2, r2, 0x4, r2}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="09000000040010000400000007000000000000008c363cc30232fc198c1d39e678a0a3294b06301fccc524504a8cd1d96b7de6b2b0bc36cb58ba7a88ac2b8102dcd26fcfed0facbf32958bd0061e67589f8f96429214282b84145476e3f5", @ANYRESHEX=r5, @ANYBLOB="000002000000001800"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="020000000100"/28], 0x48)
r6 = gettid()
rt_sigqueueinfo(r6, 0x21, &(0x7f0000000000))
mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f00000004c0)='cpuset\x00', 0x200000, 0x0)
socket$kcm(0x10, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000a80)=ANY=[], 0x48)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
readv(r0, &(0x7f0000000000)=[{&(0x7f0000000440)=""/244, 0xf4}], 0x1)

20m48.474883137s ago: executing program 1 (id=513):
bind$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x47)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
connect$inet(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000340)=[@window, @mss={0x2, 0x8}, @sack_perm, @window={0x3, 0x8, 0x6}, @timestamp, @timestamp, @mss={0x2, 0x1}, @window={0x3, 0x7, 0xceca}], 0x20d0)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x18, &(0x7f00000002c0)=0x3, 0x4)
setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000001c0), 0x4)
sendto$inet(0xffffffffffffffff, &(0x7f0000000940)="5cdd2d64882de34031c3bffe9154da701d874fa14d5477cec20dec641ee490682d42da21e4ed6b90594b054d2c236b7795067e00a08c711792ab628ba8e737f822212edb8955da2628bc5f414e589318bb0b8a007cad6c82", 0x58, 0x400d0, 0x0, 0x0)

20m48.088760776s ago: executing program 1 (id=517):
r0 = openat$ttyprintk(0xffffffffffffff9c, 0x0, 0x400, 0x0)
r1 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000080)={0x81, "42a8a45d8d000000000500000000000000000000c2bf330e00"})
ioctl$SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f00000007c0)={0x81, "7ad3dd1fc2423dff92fa199fb64951078c533f7bd1bbca78dbff4ed99b2caf14"})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480), 0x22401, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000200)="ea0d00b0000f229464670fc79c8100800000ba6100ecbaf80c66b8ecb1048566efbafc0c66b8106d7dd166eff0867dc5decb66b9800000c00f326635000100000f30ea0000e50066b8010000000f01d9", 0x50}], 0x1, 0x43, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, 0x0, 0x3f}], 0x1, 0x0, 0x0, 0x0)
ioctl$DRM_IOCTL_SG_ALLOC(r3, 0xc0106438, &(0x7f0000000180)={0x100})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x8000000000001, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x4002)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$TCSETA(r0, 0x8924, 0x0)

20m48.06733767s ago: executing program 2 (id=518):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x20020084, &(0x7f00000018c0)={0x2, 0x4e20}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x50)
sendto$inet(r0, &(0x7f0000000580)="e1", 0xfffffffffffffef1, 0x40000, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=@base={0xa, 0x9, 0x8, 0x2}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x6, &(0x7f0000000180)=@framed={{0x18, 0x2}, [@map_fd={0x18, 0x3, 0x1, 0x0, r2}, @call={0x85, 0x0, 0x0, 0x26}]}, &(0x7f0000000000)='GPL\x00'}, 0x90)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r1, &(0x7f0000000340), &(0x7f0000000040)=@tcp=r0}, 0x20)
recvmsg(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000800)=""/140, 0x8c}], 0x1}, 0x10000)

20m46.411641421s ago: executing program 2 (id=524):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r1 = syz_open_dev$tty20(0xc, 0x4, 0x0)
r2 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_int(r3, 0x29, 0x48, &(0x7f0000000000)=0x5, 0xedbee61c307273fa)
r4 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
bind$llc(r4, &(0x7f0000000140)={0x1a, 0x0, 0x0, 0x0, 0x2, 0x9}, 0x10)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_queued\x00', 0x275a, 0x0)
write$cgroup_int(r5, &(0x7f0000000000), 0xffffff6a)
sendfile(r4, r5, 0x0, 0xffffffff000)
r6 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$IPVS_CMD_GET_DAEMON(r5, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x24, r6, 0x15328219b41d75b, 0x70bd25, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x4015}, 0x41)
getsockopt$inet6_int(r3, 0x29, 0x48, 0x0, &(0x7f00007d0000))
mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x200000a, 0x13, r2, 0x40000)
ioctl$TIOCL_BLANKSCREEN(r1, 0x541c, &(0x7f0000000040))
munmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000)
io_setup(0x1000, &(0x7f00000000c0)=<r7=>0x0)
io_destroy(r7)
sendmsg$netlink(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000340)=ANY=[@ANYBLOB="140100001f0001002cbd70000000000003010080", @ANYRESHEX], 0x114}], 0x1, 0x0, 0x0, 0x4000005}, 0x24048000)

20m45.273251915s ago: executing program 2 (id=531):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000300)='./file0/../file0\x00', 0x0, 0x2151090, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
unshare(0x22020600)
mount$bind(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0xab101a, 0x0)
mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
r1 = openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x22242, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
write$USERIO_CMD_SET_PORT_TYPE(r1, &(0x7f00000002c0)={0x1, 0x5}, 0x2)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000080)='./file0/file0\x00', 0x0)
umount2(&(0x7f00000006c0)='./file0/file0\x00', 0xb)
socket$alg(0x26, 0x5, 0x0)
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000700)={{{@in6=@local, @in6=@mcast2}}, {{@in6=@private2}, 0x0, @in6=@mcast2}}, &(0x7f0000000240)=0xffffff03)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x400000000008d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
io_setup(0x1000, 0x0)
r6 = socket$inet6(0x10, 0x2, 0x0)
write(r6, &(0x7f0000000000)="fc0000001c000705ab092509b86813000aab080102000000b85b0e93210001c0f0060848050000010000000000039815fa2c53c28648000000b937799f377a00bc000c00f0036cdf0db400600033d44000040060b16a482c0a3c313012dafd5a32e273fc83ab82d710f74cec18444ef90d475ef8b2863ef3d92c94170e5bba2e177312e081f691bc5110556888100000463ae4f5df1b394cfd6239ec2a0f0d1bcae5f5502943283f4b9e611183b102b2b8f5566791cb19020191bd0733802e0784f2013cd1890058a10000c880ac801fe4af000049f0d4794eedfca92c09d776e7a90ab79a6f00a1960548deac279c00"/252, 0x17)

20m45.104831996s ago: executing program 1 (id=533):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = syz_init_net_socket$ax25(0x3, 0x3, 0x0)
connect$ax25(r1, &(0x7f0000000040)={{0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, 0x8}, [@default, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @null, @bcast, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x47)
socket$nl_netfilter(0x10, 0x3, 0xc)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
open(&(0x7f0000000000)='.\x00', 0x800000, 0x0)
mkdir(&(0x7f00000000c0)='./file0\x00', 0x16)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={0x0, 0xa0}}, 0x0)
r2 = socket(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000200)={'geneve0\x00'})
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x2}, 0x0)
sendmmsg(r2, &(0x7f0000000000), 0x4000000000001f2, 0x0)
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000840)='./file0\x00', &(0x7f0000000080), 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
r4 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r4)
ptrace$PTRACE_GETSIGMASK(0x420a, r4, 0x8, &(0x7f0000000040))
r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x400000001, &(0x7f0000000300)={<r6=>0xffffffffffffffff}, 0x13f, 0x9}}, 0x20)
write$RDMA_USER_CM_CMD_QUERY_ROUTE(r5, &(0x7f00000000c0)={0x5, 0x10, 0xfa00, {&(0x7f00000004c0), r6, 0x1}}, 0x18)
ioctl$IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, &(0x7f0000000080)=0xb0000)
r7 = syz_open_dev$dri(&(0x7f0000000440), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r7, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_ATOMIC(r7, 0xc03864bc, &(0x7f0000000180)={0x301, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x2000000})

20m44.899000381s ago: executing program 1 (id=534):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r1, 0x0)
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10)
syz_emit_ethernet(0x36, &(0x7f00000001c0)={@local, @empty, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)
syz_emit_ethernet(0x3a, &(0x7f0000000100)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x2, 0x2c, 0x65, 0x0, 0xf, 0x6, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @local}, {{0x11, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x6, 0x2, 0xfff5, 0x0, 0x0, {[@mss={0x2, 0x4, 0x80}]}}}}}}}, 0x0)

20m43.96715353s ago: executing program 2 (id=536):
r0 = socket(0xa, 0x5, 0x0)
ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r0, 0x8983, &(0x7f0000000080)={0x1, 'pim6reg\x00', {}, 0x401})
sendmsg$inet_sctp(r0, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x4e24, 0xff, @loopback, 0x5}, 0x1c, &(0x7f0000000040)=[{&(0x7f0000000100)="e6", 0x1}], 0x1, &(0x7f00000002c0)=[@dstaddrv4={0x18, 0x84, 0x7, @local}, @dstaddrv6={0x20, 0x84, 0x8, @rand_addr=' \x01\x00'}], 0x38, 0x4855}, 0x24000052)

20m43.602821757s ago: executing program 2 (id=537):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = eventfd2(0x4000e58, 0x800)
r3 = eventfd2(0x4001, 0x0)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f00000000c0)={r2, 0x0, 0x2, r3})
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r5 = eventfd2(0x8, 0x800)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000140)={r5, 0x7, 0x2, r5})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000600)={0x0, 0x0, @pic={0x2d, 0xc0, 0x5, 0x7, 0x7f, 0x5, 0xf, 0x9, 0x3, 0x41, 0x7, 0x5c, 0x5, 0x5, 0xb, 0x7f}})
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xe, 0x4, 0x4, 0x2, 0x1000, 0xf1, 0x0, 0x7fffffffffffb, 0x5, 0x3, 0x1, 0x0, 0x5, 0x0, 0xbde], 0x1000, 0x3c4210})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
syz_io_uring_setup(0x20c4, &(0x7f00000000c0)={0x0, 0x8006d89, 0x8, 0x2, 0x400066}, &(0x7f0000000400)=<r6=>0x0, &(0x7f0000000040))
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0xb, &(0x7f0000000980)=ANY=[@ANYBLOB="180000000000000000000000a9000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt(0xffffffffffffffff, 0x1, 0x8, &(0x7f00000002c0)="7d8c855ea62370f26e2850327c0d8f44ca42f8487303dfbd09a4eef1211d68227ec5fb46f05a5984842bf3666533d78aae1d8a9373bc094fe00cd8ba735b2bd7ead1a71a2c914a76c9a5d8a9a16fd85368c350418103e01ad45fa85c9433270c156b68e71135409c98824f4293e89b4832582e9d9b69a84484a4edc514ad780a719f3465626736b2c3870f80b3f423a74a3fe1a949062c334f9f82ed56c3cd184b2dc4e2025a72adced0de539539584d6c38146df78961bcda1cfbd1a497a9e6ec51eb7c2678bfc6e3f4c18c47e34d1b0537b30bbbf36daccab1808e4896958f217f2916db0fad021c084df8bc56f49935c416b8ea5e243eb9", 0xf9)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0xb, &(0x7f0000000980)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000180)='io_uring_poll_arm\x00', r8}, 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000180)='io_uring_poll_arm\x00', r7}, 0x18)
r9 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_GEM_CLOSE(r9, 0x40086409, &(0x7f0000000080))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r10 = socket(0x10, 0x803, 0x0)
r11 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000100)={'vlan0\x00', <r12=>0x0})
sendmsg$nl_route_sched(r10, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r12, {0x0, 0xfff3}, {0xffff, 0xffff}, {0xffe0, 0xf}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(r10, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newtfilter={0x7c, 0x2c, 0xd2b, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, r12, {0xf, 0x8}, {}, {0x7, 0xfff3}}, [@filter_kind_options=@f_u32={{0x8}, {0x50, 0x2, [@TCA_U32_SEL={0x44, 0x5, {0xe, 0x10, 0x3, 0x1, 0x4, 0x1002, 0x6, 0xfffffffa, [{0x200, 0x500, 0x3, 0x6}, {0x6783, 0x2, 0xffffffff, 0x10}, {0x0, 0x53, 0xa9, 0x1}]}}, @TCA_U32_CLASSID={0x8, 0x1, {0xffff, 0x8}}]}}]}, 0x7c}}, 0x24040084)
r13 = syz_open_dev$vcsa(&(0x7f0000000140), 0x3, 0x100)
bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1e000000e70000000b00000008000000", @ANYRES32, @ANYBLOB="0300"/20, @ANYRES32=r12, @ANYRES32=r13, @ANYBLOB="0000000003000000030000000800"/28], 0x50)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000200))
syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00')

20m43.391296846s ago: executing program 33 (id=537):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = eventfd2(0x4000e58, 0x800)
r3 = eventfd2(0x4001, 0x0)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f00000000c0)={r2, 0x0, 0x2, r3})
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r5 = eventfd2(0x8, 0x800)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000140)={r5, 0x7, 0x2, r5})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000600)={0x0, 0x0, @pic={0x2d, 0xc0, 0x5, 0x7, 0x7f, 0x5, 0xf, 0x9, 0x3, 0x41, 0x7, 0x5c, 0x5, 0x5, 0xb, 0x7f}})
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xe, 0x4, 0x4, 0x2, 0x1000, 0xf1, 0x0, 0x7fffffffffffb, 0x5, 0x3, 0x1, 0x0, 0x5, 0x0, 0xbde], 0x1000, 0x3c4210})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
syz_io_uring_setup(0x20c4, &(0x7f00000000c0)={0x0, 0x8006d89, 0x8, 0x2, 0x400066}, &(0x7f0000000400)=<r6=>0x0, &(0x7f0000000040))
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0xb, &(0x7f0000000980)=ANY=[@ANYBLOB="180000000000000000000000a9000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt(0xffffffffffffffff, 0x1, 0x8, &(0x7f00000002c0)="7d8c855ea62370f26e2850327c0d8f44ca42f8487303dfbd09a4eef1211d68227ec5fb46f05a5984842bf3666533d78aae1d8a9373bc094fe00cd8ba735b2bd7ead1a71a2c914a76c9a5d8a9a16fd85368c350418103e01ad45fa85c9433270c156b68e71135409c98824f4293e89b4832582e9d9b69a84484a4edc514ad780a719f3465626736b2c3870f80b3f423a74a3fe1a949062c334f9f82ed56c3cd184b2dc4e2025a72adced0de539539584d6c38146df78961bcda1cfbd1a497a9e6ec51eb7c2678bfc6e3f4c18c47e34d1b0537b30bbbf36daccab1808e4896958f217f2916db0fad021c084df8bc56f49935c416b8ea5e243eb9", 0xf9)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0xb, &(0x7f0000000980)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000180)='io_uring_poll_arm\x00', r8}, 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000180)='io_uring_poll_arm\x00', r7}, 0x18)
r9 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_GEM_CLOSE(r9, 0x40086409, &(0x7f0000000080))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r10 = socket(0x10, 0x803, 0x0)
r11 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000100)={'vlan0\x00', <r12=>0x0})
sendmsg$nl_route_sched(r10, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r12, {0x0, 0xfff3}, {0xffff, 0xffff}, {0xffe0, 0xf}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(r10, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newtfilter={0x7c, 0x2c, 0xd2b, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, r12, {0xf, 0x8}, {}, {0x7, 0xfff3}}, [@filter_kind_options=@f_u32={{0x8}, {0x50, 0x2, [@TCA_U32_SEL={0x44, 0x5, {0xe, 0x10, 0x3, 0x1, 0x4, 0x1002, 0x6, 0xfffffffa, [{0x200, 0x500, 0x3, 0x6}, {0x6783, 0x2, 0xffffffff, 0x10}, {0x0, 0x53, 0xa9, 0x1}]}}, @TCA_U32_CLASSID={0x8, 0x1, {0xffff, 0x8}}]}}]}, 0x7c}}, 0x24040084)
r13 = syz_open_dev$vcsa(&(0x7f0000000140), 0x3, 0x100)
bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1e000000e70000000b00000008000000", @ANYRES32, @ANYBLOB="0300"/20, @ANYRES32=r12, @ANYRES32=r13, @ANYBLOB="0000000003000000030000000800"/28], 0x50)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000200))
syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00')

20m29.533703785s ago: executing program 34 (id=534):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r1, 0x0)
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10)
syz_emit_ethernet(0x36, &(0x7f00000001c0)={@local, @empty, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)
syz_emit_ethernet(0x3a, &(0x7f0000000100)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x2, 0x2c, 0x65, 0x0, 0xf, 0x6, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @local}, {{0x11, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x6, 0x2, 0xfff5, 0x0, 0x0, {[@mss={0x2, 0x4, 0x80}]}}}}}}}, 0x0)

19m24.127411369s ago: executing program 6 (id=836):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000000)='ext4_es_insert_delayed_block\x00', 0xffffffffffffffff, 0x0, 0x5}, 0x18)
keyctl$restrict_keyring(0xa, 0x0, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="0c3ef502"], 0xf8)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff})
r1 = syz_io_uring_setup(0x88f, &(0x7f0000000300)={0x0, 0x3cfa, 0x0, 0x2, 0x3b9}, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
openat$selinux_policy(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
io_uring_enter(r1, 0x47f6, 0x0, 0x2, 0x0, 0x0)
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
r4 = fcntl$dupfd(r1, 0x406, r0)
sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x41, &(0x7f0000000080)={0x0, 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)

19m23.079211921s ago: executing program 6 (id=837):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sched_switch\x00', r0, 0x0, 0xf}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(0x0, r1)
r2 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, 0x0, 0x0)
socket$nl_rdma(0x10, 0x3, 0x14)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000600)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
timer_create(0x0, 0x0, &(0x7f0000000300))
timer_create(0x3, 0x0, &(0x7f0000000300))
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0)
r6 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
r7 = dup2(r6, r6)
ioctl$BLKTRACESETUP(r7, 0xc0481273, &(0x7f0000000240)={'\x00', 0x40, 0xa, 0x1, 0x40000000, 0x10})
ioctl$BLKTRACESTART(r6, 0x1274, 0x0)
bpf$BPF_PROG_DETACH(0x9, 0x0, 0x0)
ioctl$BLKTRACETEARDOWN(r7, 0x1276, 0x0)

19m21.714477113s ago: executing program 6 (id=841):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r0 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f00003e2000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f000020e000/0x2000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f000017e000/0xa000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f00004cc000/0x3000)=nil, 0x0}, 0x68)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff}, 0x13f, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_BIND(r1, &(0x7f0000000140)={0x14, 0x88, 0xfa00, {r2, 0x30, 0x0, @ib={0x1b, 0x0, 0x0, {}, 0x2000000000001005, 0x19dff}}}, 0x90)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x2)
chdir(&(0x7f0000000140)='./bus\x00')
creat(&(0x7f0000000200)='./file5\x00', 0x10)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000a40)='./file5\x00', 0x2)
sendmsg$nl_xfrm(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="4801000010000100feffffbf00010000fe880000000000000000000000000001fe8000000000000000000000000000bb000107944e2300050000000087000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ff020000000000000000000000000001000004d46c0000007f000001000000000000000000000000010000000000000009080000000000000600000000000000ffff0000000000001c25080000000000020000000000000008000000000000000000000000000000ffffffffffffffff00000000000000001f00000000000000ff0100000000000002000000fcffffff000000002abd7000043500000a0001fd2000000000000000480003006465666c61746573a5c8e78e0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000a0026bd70002bbd700009000000"], 0x148}, 0x1, 0x0, 0x0, 0x8801}, 0x10)

19m21.240406403s ago: executing program 6 (id=842):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x21)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x108)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2925099, 0x0)
umount2(&(0x7f0000000100)='./file0/../file0\x00', 0x4)
mount$overlay(0x0, &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0xa000, 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="200000002b000b00000000000000000006"], 0x20}}, 0xc00)
chdir(&(0x7f0000000080)='./file1\x00')
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(r1, 0x0)
setpgid(0x0, r1)

19m20.919205781s ago: executing program 6 (id=844):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWSET={0x30, 0x12, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8, 0x4, 0x1, 0x0, 0xf5}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0xa}]}], {0x14}}, 0x58}}, 0x0)

19m20.78916943s ago: executing program 6 (id=845):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, 0x0, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x20020084, &(0x7f00000018c0)={0x2, 0x4e20}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x50)
sendto$inet(r0, &(0x7f0000000580)="e1", 0xfffffffffffffef1, 0x40000, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r1, &(0x7f0000000340), &(0x7f0000000040)=@tcp=r0}, 0x20)
recvmsg(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000800)=""/140, 0x8c}], 0x1}, 0x10000)

19m20.58597278s ago: executing program 35 (id=845):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, 0x0, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x20020084, &(0x7f00000018c0)={0x2, 0x4e20}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x50)
sendto$inet(r0, &(0x7f0000000580)="e1", 0xfffffffffffffef1, 0x40000, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r1, &(0x7f0000000340), &(0x7f0000000040)=@tcp=r0}, 0x20)
recvmsg(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000800)=""/140, 0x8c}], 0x1}, 0x10000)

29.096294046s ago: executing program 8 (id=5151):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
syz_io_uring_setup(0x68e, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x80, 0x1d4}, &(0x7f0000000180)=<r0=>0x0, &(0x7f00000001c0)=<r1=>0x0)
syz_io_uring_submit(r0, r1, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd, 0x0, 0x0, 0x0, {}, 0x1})
recvmsg(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x54}, 0x122)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x2c, &(0x7f0000000000)='/proc/sys/net/\x00\x00v4\x00\x00s/\x92ync_\x00le\xf44.\x00\x00\x00\x00\xd4\xa2\x88\x00\xd1l,'}, 0x30)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x2082)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
fchdir(r2)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
getdents64(r4, &(0x7f00000000c0)=""/4096, 0x1000)

26.9551831s ago: executing program 8 (id=5171):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xffff}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x4}}]}}]}, 0x48}}, 0x20040084)
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000008c0)=@newqdisc={0x24, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r4, {0xffff}, {0xffff, 0xffff}, {0x2, 0x1}}}, 0x24}, 0x1, 0x0, 0x0, 0x400dc}, 0x0)

26.780242531s ago: executing program 8 (id=5176):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000080)={0x63, 0x1000, 0x8})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f00000000c0)={0xdb, 0x1ff, 0xb})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000000)={0x7fff, 0x8, 0x100})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000240)={0x2, 0x5, 0x40083})
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x20400)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000340)={0xda2, 0x8166, 0x7})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000200)={0x200, 0x1fb, 0xc38})
r4 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000340)={0x8, 0x8169, 0x6})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000040)={0x49, 0x7fff, 0x4})
dup(r2)
close_range(r0, 0xffffffffffffffff, 0x0)

26.664253894s ago: executing program 8 (id=5178):
r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000040)=0x7)
r1 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x1000000000000, 0x0}}, 0xfdbc)
syz_usb_connect(0x0, 0x24, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000f2d07c40501d89601dd00000000109021200010000"], 0x0)
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r1, 0xc0884113, &(0x7f0000000080)={0x1, 0xfffffdfe, 0x0, 0x8, 0x8000, 0x0, 0x1, 0x0, 0x0, 0x1, 0x3, 0x1})
ioctl$SNDCTL_DSP_GETODELAY(0xffffffffffffffff, 0x80045017, &(0x7f0000000180))

26.101438497s ago: executing program 0 (id=5183):
r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1, 0x0)
r1 = syz_io_uring_setup(0x888, 0x0, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x8001}})
io_uring_enter(r1, 0x2b90, 0xf9d0, 0x22, 0x0, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r0, 0xc018643a, &(0x7f0000000140)={0x4000000})

26.002777349s ago: executing program 0 (id=5184):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000003c0)={0x26, 'rng\x00', 0x0, 0x0, 'ansi_cprng\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="b9da06ce171c2e7cc2a25d589ccd75d0275367048f46e1d1833f0b225d71e6ae", 0x20)
r1 = accept4(r0, 0x0, 0x0, 0x80000)
recvmsg$can_raw(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000480)=[{0x0}], 0x1}, 0x40010022)
recvmsg$unix(r1, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000002e00)=[{&(0x7f00000002c0)=""/187, 0xbb}], 0x1}, 0x0)

25.887974619s ago: executing program 0 (id=5185):
r0 = openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$int_in(r0, 0x40000000af01, 0x0)
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0)=<r3=>0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nfc(&(0x7f00000009c0), r2)
sendmsg$NFC_CMD_DEV_UP(r4, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000a00)={0x1c, r5, 0x1, 0x70bd28, 0x25dfdbfc, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x40000)

25.81006907s ago: executing program 0 (id=5186):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x80000000, 0x3, 0x3ff, 0x8, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x4, 0x0, 0x0, 0x0, 0x0, 0xf5b1, 0xffffffff, 0x10000000, 0x99, 0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x8, 0x0, 0x0, 0x0, 0x4, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfffffffe, 0x0, 0x0, 0x1], [0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xedc0, 0x0, 0x5ee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa0000000, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0xfffffff8, 0x2, 0x0, 0x2000079, 0x400, 0x0, 0x0, 0x10000, 0x40000, 0x0, 0xc0800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x4771], [0x0, 0x7f, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x6, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0xfffffffc, 0x4], [0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, 0x0, 0x0, 0x0, 0x3, 0xfffffffc, 0x4, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5, 0xfffffffd, 0x0, 0x0, 0x0, 0x8001, 0x80, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x4, 0x0, 0x0, 0x0, 0xffffe]}, 0x45c)
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5)
ioctl$UI_SET_SWBIT(r0, 0x4004556d, 0x3)
ioctl$UI_DEV_CREATE(r0, 0x5501)
write$uinput_user_dev(r0, 0x0, 0x0)

25.622992511s ago: executing program 0 (id=5188):
syz_io_uring_setup(0x3813, &(0x7f0000000340)={0x0, 0xbe47, 0x40, 0x3, 0x144}, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x4, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0x40, 0x1, 0xc, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x80, 0x9, 0x0, 0x0, 0x0, 0xfffffff8, 0x0, 0xff, 0xff})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

25.582766246s ago: executing program 0 (id=5189):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000100)={0x6, 0x6, 0x6})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f00000000c0)={0xdb, 0x1ff, 0xb})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000000)={0x7fff, 0x8, 0x100})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000240)={0x2, 0x5, 0x40083})
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x20400)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000340)={0xda2, 0x8166, 0x7})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000200)={0x200, 0x1fb, 0xc38})
r4 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000340)={0x8, 0x8169, 0x6})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000040)={0x49, 0x7fff, 0x4})
dup(r2)
close_range(r0, 0xffffffffffffffff, 0x0)

25.30230659s ago: executing program 8 (id=5192):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x40041)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
write$sndseq(r0, &(0x7f00000002c0), 0x0)
openat$mixer(0xffffffffffffff9c, &(0x7f00000018c0), 0x440, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@getqdisc={0x30, 0x26, 0x1, 0x70bd28, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0xffff, 0xffff}, {0x5, 0xfff1}, {0xc, 0x4}}, [{0x4}, {0x4}, {0x4}]}, 0x30}, 0x1, 0x0, 0x0, 0x24000815}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_GET(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r4, 0x325, 0x400, 0x0, {0x8}}, 0x14}}, 0x4800)

24.241779524s ago: executing program 8 (id=5196):
r0 = openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$int_in(r0, 0x40000000af01, 0x0)
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0)=<r3=>0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nfc(&(0x7f00000009c0), r2)
sendmsg$NFC_CMD_DEV_UP(r4, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000a00)={0x1c, r5, 0x1, 0x70bd28, 0x25dfdbfc, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x40000)

23.278325709s ago: executing program 5 (id=5202):
r0 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x20000000)
r1 = syz_open_dev$MSR(&(0x7f00000002c0), 0x2, 0x0)
read$msr(r1, &(0x7f0000000380)=""/4096, 0x1000)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0)
r2 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'ip6tnl0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newqdisc={0x48, 0x24, 0xf0b, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0xe, 0x5}}, [@qdisc_kind_options=@q_etf={{0x8}, {0x14, 0x2, @TCA_ETF_PARMS={0x3e, 0x1, {0x0, 0xb, 0x5}}}}, @TCA_RATE={0x6, 0x5, {0x9, 0x6}}]}, 0x48}}, 0x4000010)
getsockopt$bt_BT_FLUSHABLE(r2, 0x112, 0x8, &(0x7f00000000c0)=0x2000, &(0x7f0000000100)=0x4)
r4 = gettid()
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
write$USERIO_CMD_REGISTER(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x1}, 0x2)
r5 = syz_open_dev$MSR(&(0x7f0000000340), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, 0x0, 0x0, 0x0)
r6 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_TCP_CONGESTION(r6, 0x6, 0xd, &(0x7f0000000080)='reno', 0x4)
bind$inet6(r6, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c)
connect$inet6(r6, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c)
r7 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', <r8=>0x0})
r9 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000880)=@bridge_setlink={0x2c, 0x13, 0xa29, 0x0, 0x0, {0x7, 0x0, 0x0, r8}, [@IFLA_AF_SPEC={0xc, 0x1a, 0x0, 0x1, [@AF_INET={0x8, 0x5, 0x0, 0x1, {0x4, 0x5}}]}]}, 0x2c}}, 0x0)
sendmmsg$inet6(r6, &(0x7f0000003d00)=[{{0x0, 0x0, &(0x7f0000000ac0)=[{&(0x7f0000000b40)="8b", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000240)=' ', 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000dc0)=[{&(0x7f0000000bc0)}], 0x1}}], 0x3, 0x48800)
tkill(r4, 0xb)
getgroups(0xfffffffffffffdb2, 0xfffffffffffffffe)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)

22.35650519s ago: executing program 5 (id=5203):
syz_open_dev$rtc(&(0x7f0000000140), 0x0, 0x0)
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
pselect6(0x40, &(0x7f0000000440)={0x0, 0x0, 0x3, 0xfffffffffffffff9, 0x9, 0x0, 0x8000000000, 0x800000000}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x4, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)

20.655482762s ago: executing program 5 (id=5212):
syz_usb_connect(0x3, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x141, 0xe5, 0x1e, 0x2, 0x20, 0x84e, 0x1001, 0x9c61, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x0, 0x2, 0x1, 0x79, 0xff, 0xcf, 0x8, [], [{{0x9, 0x5, 0x6, 0x2, 0x40, 0x2, 0x5, 0xa}}]}}]}}]}}, 0x0)

19.495465155s ago: executing program 7 (id=5213):
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380))
chdir(&(0x7f00000000c0)='./bus\x00')
mkdir(&(0x7f0000000340)='./file\x00', 0x0)
mount(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x2200020, 0x0)
rmdir(&(0x7f0000000000)='./file\x00')

19.439611254s ago: executing program 7 (id=5214):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0}], 0x1, 0x4, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x6, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000002000)=""/102400, 0x19000)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x43, 0x0, 0x0)
r4 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000200), 0x40046, 0x0)
ioctl$FBIOPAN_DISPLAY(r4, 0x4606, &(0x7f0000000240)={0xf00, 0x10, 0x3180, 0x300, 0x0, 0x4, 0xa, 0x1, {0x3, 0xfffffff8}, {0x200}, {0x1ff, 0x4, 0x1}, {0x3, 0x3, 0x1}, 0x44cfcd75ff2cc277, 0x40, 0x3, 0xfffff801, 0x1, 0x9, 0x3b22, 0x4, 0x9, 0x2, 0x10, 0xacc, 0x2, 0x100, 0x0, 0x7})
ioctl$KVM_GET_DEVICE_ATTR_vcpu(0xffffffffffffffff, 0x4018aee2, 0x0)
r5 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
sendmmsg$inet(r5, &(0x7f00000020c0)=[{{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f00000004c0)='\f', 0x1}], 0x1, 0x0, 0x0, 0x2000000}}], 0xfdef, 0x0)
r6 = socket$can_j1939(0x1d, 0x2, 0x7)
setsockopt$SO_J1939_FILTER(r6, 0x6b, 0x1, &(0x7f0000000000)=[{}], 0x4000)

19.3108277s ago: executing program 5 (id=5215):
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000000500)=ANY=[], 0x180}, 0x1, 0x0, 0x0, 0x4075}, 0x4880)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x3, &(0x7f0000000380)=ANY=[@ANYRESDEC, @ANYRESDEC, @ANYRES8], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000900), r2)
sendmsg$NL802154_CMD_SET_CHANNEL(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000940)={0x2c, r3, 0x1, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_CHANNEL={0x5, 0x8, 0x7}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x1}, @NL802154_ATTR_PAGE={0x5, 0x7, 0x1}]}, 0x2c}}, 0x64000)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x110)
mount$9p_virtio(&(0x7f00000001c0), 0x0, 0x0, 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d39"])
chdir(&(0x7f00000000c0)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x62881, 0x19d)
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0)
open(&(0x7f0000000140)='./file0\x00', 0x33f, 0x0)
fcntl$lock(r1, 0x24, &(0x7f0000000280)={0x2, 0x3, 0x10000, 0xe3, r0})
syz_init_net_socket$rose(0xb, 0x5, 0x0)

18.44599996s ago: executing program 3 (id=5216):
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = dup(r0)
sendmsg$inet(r1, &(0x7f0000000780)={&(0x7f0000000100)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f0000000140)="be38", 0x2}], 0x1, &(0x7f0000000c80)=[@ip_retopts={{0x18, 0x0, 0x7, {[@timestamp={0x44, 0x4, 0x73}, @noop]}}}], 0x18}, 0x0)

18.393041159s ago: executing program 5 (id=5217):
r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$key(0xf, 0x3, 0x2)
ioctl$KVM_HYPERV_EVENTFD(r1, 0x4018aebd, &(0x7f0000000480)={0x2, r2})

18.355308159s ago: executing program 3 (id=5218):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
write$proc_mixer(0xffffffffffffffff, &(0x7f0000000100)=ANY=[], 0xb0)
ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f00000000c0))
read$msr(0xffffffffffffffff, &(0x7f000001b700)=""/102392, 0x18ff8)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r1, &(0x7f0000000040)={0x0, 0x20, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0)

18.311016602s ago: executing program 7 (id=5219):
r0 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f0904"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000740)={0x84, &(0x7f0000000340)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

18.247125804s ago: executing program 3 (id=5220):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42)
r2 = socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x1)
sched_setaffinity(0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0xffffffffffffff1a, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="1400000016000b63d25a80648c25940121", 0x11}, {&(0x7f0000000280)="e26248", 0x3}], 0x2}, 0x40050)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000040)={'batadv0\x00', <r5=>0x0})
sendmsg$nl_route(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=@newlink={0x30, 0x10, 0x401, 0x20000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x8003}, [@IFLA_LINK={0x8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x30}, 0x1, 0x0, 0x0, 0x240008c4}, 0x4054)
ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000001ac0)={r0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1c, "ff9f020bbe82b398b1c4369d03740250ceaac594b1b3d741dd17c1ac0d38ef2a565ef1e8336300", "a9103939c787a16c1ca43f80026d1f3c4da06963dd89d130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b7e7772fd29f35239d2", "24431a1e77a68e174f000000000000000010e200", [0xfffffffffffffffe]}})
ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x2ac, 0x0, 0x1, 0x55, 0x0, "89753015418ab0cb0900245518580ce0c8bf604cca41f31c108938fcfa393ef569e0bcf244bb4b23555b130900000000000000d0f08e8ad896ba67a07673defa", "8b6090092aa722681a1ee3f88792f688a9e306ee1dba533f02e1b69da6e26ec889fee40080000027cc7d24d796682495d702020000e4b8fb1703e47463b969e4", "ca1bf5ffffc92915ff6e000000abf60400", [0xc]})

18.246805933s ago: executing program 5 (id=5221):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$netlink(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000008c0)=@newqdisc={0x24, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r3, {0xffff}, {0xffff, 0xffff}, {0x2, 0x1}}}, 0x24}, 0x1, 0x0, 0x0, 0x400dc}, 0x0)

17.82258925s ago: executing program 3 (id=5222):
mremap(&(0x7f000055a000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000003000/0x1000)=nil)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x3, 0x8, 0x8001, 0x0, 0x9, 0xf66f, 0xfffffe0000000001, 0x800, 0xffffffff}, 0x0)
ioctl$BTRFS_IOC_GET_FEATURES(r0, 0x80189439, &(0x7f0000000100))
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x50, 0x0, 0x0)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c000000020601080000000000000000000000400500010006200000050005000a00000005000400000000000900020073797a310000000011000300686173683a69702c6d61726b"], 0x4c}}, 0x0)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, 0x0, 0x4000080)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_DESTROY(r3, 0x0, 0x20000090)
r4 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0)
ioctl$TIOCSETD(r4, 0x5423, 0x0)

16.937436839s ago: executing program 3 (id=5223):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="300000003d0007010000000008000000047c000008000880040008001400018006000600894f0000", @ANYRESDEC=0x0], 0x30}, 0x1, 0x0, 0x0, 0x4040000}, 0xc000)

16.916579039s ago: executing program 3 (id=5224):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x20040, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000480)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
fsopen(&(0x7f0000000080)='jffs2\x00', 0x0)
r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$uinput_user_dev(r5, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x80000000, 0x3, 0x3ff, 0x8, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x4, 0x0, 0x0, 0x0, 0x0, 0xf5b1, 0xffffffff, 0x10000000, 0x99, 0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x8, 0x0, 0x0, 0x0, 0x4, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfffffffe, 0x0, 0x0, 0x1], [0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xedc0, 0x0, 0x5ee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa0000000, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0xfffffff8, 0x2, 0x0, 0x2000079, 0x400, 0x0, 0x0, 0x10000, 0x40000, 0x0, 0xc0800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x4771], [0x0, 0x7f, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x6, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0xfffffffc, 0x4], [0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, 0x0, 0x0, 0x0, 0x3, 0xfffffffc, 0x4, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5, 0xfffffffd, 0x0, 0x0, 0x0, 0x8001, 0x80, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x4, 0x0, 0x0, 0x0, 0xffffe]}, 0x45c)
ioctl$UI_SET_EVBIT(r5, 0x40045564, 0x5)
ioctl$UI_SET_SWBIT(r5, 0x4004556d, 0x3)
ioctl$UI_DEV_CREATE(r5, 0x5501)

15.241635739s ago: executing program 7 (id=5225):
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
r0 = socket$alg(0x26, 0x5, 0x0)
socket(0x11, 0x800000003, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bind$alg(r0, &(0x7f0000000a00)={0x26, 'hash\x00', 0x0, 0x0, 'md5\x00'}, 0x58)
socket$packet(0x11, 0x3, 0x300)
accept4(r0, 0x0, 0x0, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = socket$alg(0x26, 0x5, 0x0)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
bind$alg(r1, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
accept4(r1, 0x0, 0x0, 0x800)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="300000003d0007010000000008000000047c000008000880040008001400018006000600894f00000800", @ANYRES32=r2], 0x30}, 0x1, 0x0, 0x0, 0x4040000}, 0xc000)

15.240328165s ago: executing program 7 (id=5226):
mount$tmpfs(0x0, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000f80), 0x400, 0x0)

15.214044989s ago: executing program 7 (id=5227):
lseek(0xffffffffffffffff, 0x0, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r4)
r5 = socket$unix(0x1, 0x1, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
r8 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xe}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x28, 0x2, {{0x100, 0x7, 0x6361, 0x5, 0xffffffed, 0x6}, [@TCA_NETEM_LATENCY64={0xc, 0xa, 0x5}]}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x80000, {0x0, 0x0, 0x0, r7, {0x0, 0xffff}, {0x2, 0xb}, {0x0, 0xb}}, [@qdisc_kind_options=@q_pfifo_head_drop={{0x14}, {0x8}}]}, 0x40}, 0x1, 0x0, 0x0, 0x240008f0}, 0x4008000)
ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

9.009415192s ago: executing program 36 (id=5196):
r0 = openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$int_in(r0, 0x40000000af01, 0x0)
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0)=<r3=>0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nfc(&(0x7f00000009c0), r2)
sendmsg$NFC_CMD_DEV_UP(r4, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000a00)={0x1c, r5, 0x1, 0x70bd28, 0x25dfdbfc, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x40000)

3.00369134s ago: executing program 37 (id=5221):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$netlink(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000008c0)=@newqdisc={0x24, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r3, {0xffff}, {0xffff, 0xffff}, {0x2, 0x1}}}, 0x24}, 0x1, 0x0, 0x0, 0x400dc}, 0x0)

1.501547875s ago: executing program 38 (id=5224):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x20040, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000480)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
fsopen(&(0x7f0000000080)='jffs2\x00', 0x0)
r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$uinput_user_dev(r5, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x80000000, 0x3, 0x3ff, 0x8, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x4, 0x0, 0x0, 0x0, 0x0, 0xf5b1, 0xffffffff, 0x10000000, 0x99, 0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x8, 0x0, 0x0, 0x0, 0x4, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfffffffe, 0x0, 0x0, 0x1], [0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xedc0, 0x0, 0x5ee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa0000000, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0xfffffff8, 0x2, 0x0, 0x2000079, 0x400, 0x0, 0x0, 0x10000, 0x40000, 0x0, 0xc0800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x4771], [0x0, 0x7f, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x6, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0xfffffffc, 0x4], [0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, 0x0, 0x0, 0x0, 0x3, 0xfffffffc, 0x4, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5, 0xfffffffd, 0x0, 0x0, 0x0, 0x8001, 0x80, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x4, 0x0, 0x0, 0x0, 0xffffe]}, 0x45c)
ioctl$UI_SET_EVBIT(r5, 0x40045564, 0x5)
ioctl$UI_SET_SWBIT(r5, 0x4004556d, 0x3)
ioctl$UI_DEV_CREATE(r5, 0x5501)

0s ago: executing program 39 (id=5227):
lseek(0xffffffffffffffff, 0x0, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r4)
r5 = socket$unix(0x1, 0x1, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
r8 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xe}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x28, 0x2, {{0x100, 0x7, 0x6361, 0x5, 0xffffffed, 0x6}, [@TCA_NETEM_LATENCY64={0xc, 0xa, 0x5}]}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x80000, {0x0, 0x0, 0x0, r7, {0x0, 0xffff}, {0x2, 0xb}, {0x0, 0xb}}, [@qdisc_kind_options=@q_pfifo_head_drop={{0x14}, {0x8}}]}, 0x40}, 0x1, 0x0, 0x0, 0x240008f0}, 0x4008000)
ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

kernel console output (not intermixed with test programs):

877974][ T5823] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1187.994422][ T5823] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[ 1188.013993][ T5823] usb 4-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[ 1188.029804][ T5823] usb 4-1: Product: syz
[ 1188.034734][ T5823] usb 4-1: Manufacturer: syz
[ 1188.039444][ T5823] usb 4-1: SerialNumber: syz
[ 1188.049523][ T5823] usb 4-1: config 0 descriptor??
[ 1188.140242][ T5823] usb 4-1: selecting invalid altsetting 0
[ 1190.055693][ T5823] usb 6-1: new high-speed USB device number 92 using dummy_hcd
[ 1190.182280][T21131] ip6_vti0 speed is unknown, defaulting to 1000
[ 1190.231117][ T5823] usb 6-1: config index 0 descriptor too short (expected 45, got 27)
[ 1190.735723][ T5823] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1190.760512][ T5823] usb 6-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00
[ 1190.862941][ T5937] usb 4-1: USB disconnect, device number 93
[ 1190.898350][ T5823] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1190.944851][ T5823] usb 6-1: Product: syz
[ 1190.959562][ T5823] usb 6-1: Manufacturer: syz
[ 1191.001304][ T5823] usb 6-1: SerialNumber: syz
[ 1191.034203][ T5823] rtl8150 6-1:1.0: couldn't find required endpoints
[ 1191.043814][ T5823] rtl8150 6-1:1.0: probe with driver rtl8150 failed with error -5
[ 1191.137045][T21146] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3967'.
[ 1191.197364][T21148] netlink: 'syz.3.3970': attribute type 1 has an invalid length.
[ 1191.269950][T21148] bond6: entered promiscuous mode
[ 1191.275250][T21148] 8021q: adding VLAN 0 to HW filter on device bond6
[ 1191.282740][T21135] ip6_vti0 speed is unknown, defaulting to 1000
[ 1191.289786][T21131] lo speed is unknown, defaulting to 1000
[ 1191.343778][T21153] 8021q: adding VLAN 0 to HW filter on device bond7
[ 1191.654189][T21153] bond6: (slave bond7): making interface the new active one
[ 1191.684317][T21153] bond7: entered promiscuous mode
[ 1191.695312][T21153] bond6: (slave bond7): Enslaving as an active interface with an up link
[ 1191.823938][T21120] netlink: 830 bytes leftover after parsing attributes in process `syz.5.3964'.
[ 1191.917030][T21150] netlink: 'syz.8.3971': attribute type 13 has an invalid length.
[ 1192.103697][ T6039] usb 6-1: USB disconnect, device number 92
[ 1192.318181][T21135] lo speed is unknown, defaulting to 1000
[ 1195.143761][   T30] audit: type=1326 audit(1195.101:1843): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21197 comm="syz.3.3983" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fe11b18eec9 code=0x0
[ 1197.295837][T21214] netlink: 8 bytes leftover after parsing attributes in process `syz.8.3986'.
[ 1197.335756][   T30] audit: type=1326 audit(1197.291:1844): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21218 comm="syz.0.3988" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f20fbb8eec9 code=0x0
[ 1199.276749][T21238] overlayfs: failed to clone lowerpath
[ 1199.333177][T21239] overlayfs: failed to clone upperpath
[ 1199.406395][T21238] fuse: Unknown parameter 'workdir'
[ 1199.454409][T21238] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3992'.
[ 1200.444051][   T30] audit: type=1326 audit(1200.391:1845): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21244 comm="syz.5.3995" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f0abf58eec9 code=0x0
[ 1200.482402][T21251] overlayfs: failed to clone upperpath
[ 1200.983305][T21260] netlink: 'syz.0.3996': attribute type 12 has an invalid length.
[ 1201.547974][T21274] netlink: 'syz.5.4001': attribute type 1 has an invalid length.
[ 1201.727978][T21274] bond1: entered promiscuous mode
[ 1201.739173][T21274] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1201.751341][   T30] audit: type=1326 audit(1201.711:1846): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21278 comm="syz.0.4002" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f20fbb8eec9 code=0x0
[ 1201.817106][T21275] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1201.846324][T21275] bond1: (slave bond2): making interface the new active one
[ 1201.853655][T21275] bond2: entered promiscuous mode
[ 1201.901130][T21283] ieee802154 phy0 wpan0: encryption failed: -22
[ 1201.916495][T21275] bond1: (slave bond2): Enslaving as an active interface with an up link
[ 1202.103724][T21286] genirq: Flags mismatch irq 5. 00200000 (pcl812) vs. 00200000 (at-a2150c)
[ 1203.293379][T21292] genirq: Flags mismatch irq 5. 00200000 (pcl812) vs. 00200000 (at-a2150c)
[ 1204.105798][ T6039] usb 6-1: new high-speed USB device number 93 using dummy_hcd
[ 1204.597297][ T6039] usb 6-1: Using ep0 maxpacket: 32
[ 1204.607578][ T6039] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1204.651731][ T6039] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1204.667647][ T6039] usb 6-1: New USB device found, idVendor=5543, idProduct=0781, bcdDevice= 0.00
[ 1204.983703][T21317] binder: 21305:21317 ioctl c0306201 200000000040 returned -22
[ 1205.007710][ T6039] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1205.269351][ T6039] usb 6-1: config 0 descriptor??
[ 1206.047224][ T6039] uclogic 0003:5543:0781.0028: reserved main item tag 0xe
[ 1206.213691][ T6039] uclogic 0003:5543:0781.0028: hidraw0: USB HID v0.00 Device [HID 5543:0781] on usb-dummy_hcd.5-1/input0
[ 1206.509962][T21343] sp0: Synchronizing with TNC
[ 1206.515135][   T30] audit: type=1326 audit(1206.441:1847): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21340 comm="syz.8.4019" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f815718eec9 code=0x0
[ 1206.959995][ T5881] usb 6-1: USB disconnect, device number 93
[ 1207.493105][T21360] genirq: Flags mismatch irq 5. 00200000 (pcl812) vs. 00200000 (at-a2150c)
[ 1207.519509][   T30] audit: type=1326 audit(1207.481:1848): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21359 comm="syz.0.4024" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f20fbb8eec9 code=0x0
[ 1209.435854][ T5937] usb 6-1: new full-speed USB device number 94 using dummy_hcd
[ 1209.688603][ T5937] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1209.765661][ T5937] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1210.008995][ T5937] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64
[ 1210.208490][   T30] audit: type=1326 audit(1210.171:1849): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21407 comm="syz.7.4035" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7a1cd8eec9 code=0x0
[ 1210.270006][ T5937] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1211.625228][ T5937] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1211.724085][   T30] audit: type=1326 audit(1211.681:1850): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21415 comm="syz.0.4038" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f20fbb8eec9 code=0x7ffc0000
[ 1211.726584][ T5937] usb 6-1: Product: syz
[ 1211.922534][ T5937] usb 6-1: Manufacturer: syz
[ 1211.931494][ T5937] usb 6-1: SerialNumber: syz
[ 1211.937269][T21409] genirq: Flags mismatch irq 5. 00200000 (pcl812) vs. 00200000 (at-a2150c)
[ 1211.937866][   T30] audit: type=1326 audit(1211.721:1851): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21415 comm="syz.0.4038" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f20fbb8eec9 code=0x7ffc0000
[ 1211.969903][   T30] audit: type=1326 audit(1211.721:1852): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21415 comm="syz.0.4038" exe="/root/syz-executor" sig=0 arch=c000003e syscall=98 compat=0 ip=0x7f20fbb8eec9 code=0x7ffc0000
[ 1211.993758][T21382] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[ 1212.002835][   T30] audit: type=1326 audit(1211.721:1853): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21415 comm="syz.0.4038" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f20fbb8eec9 code=0x7ffc0000
[ 1212.004324][ T5937] cdc_mbim 6-1:1.0: skipping garbage
[ 1212.042134][   T30] audit: type=1326 audit(1211.721:1854): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21415 comm="syz.0.4038" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f20fbb8eec9 code=0x7ffc0000
[ 1212.095607][   T30] audit: type=1326 audit(1211.721:1855): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21415 comm="syz.0.4038" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f20fbb8eec9 code=0x7ffc0000
[ 1212.123304][   T30] audit: type=1326 audit(1211.721:1856): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21415 comm="syz.0.4038" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f20fbb8eec9 code=0x7ffc0000
[ 1212.165736][   T30] audit: type=1326 audit(1211.721:1857): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21415 comm="syz.0.4038" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f20fbb8eec9 code=0x7ffc0000
[ 1212.193376][T21424] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=21424 comm=syz.3.4040
[ 1212.233922][ T5937] cdc_mbim 6-1:1.0: bind() failure
[ 1212.242282][ T5937] cdc_ncm 6-1:1.1: CDC Union missing and no IAD found
[ 1212.250319][ T5937] cdc_ncm 6-1:1.1: bind() failure
[ 1212.257953][   T30] audit: type=1326 audit(1211.721:1858): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21415 comm="syz.0.4038" exe="/root/syz-executor" sig=0 arch=c000003e syscall=248 compat=0 ip=0x7f20fbb8eec9 code=0x7ffc0000
[ 1212.289476][ T5937] usb 6-1: USB disconnect, device number 94
[ 1212.319161][   T30] audit: type=1326 audit(1211.731:1859): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21415 comm="syz.0.4038" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f20fbb8eec9 code=0x7ffc0000
[ 1212.714175][T21435] netlink: 48 bytes leftover after parsing attributes in process `syz.8.4044'.
[ 1213.419353][T21420] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1213.460098][T21455] netlink: 48 bytes leftover after parsing attributes in process `syz.0.4049'.
[ 1213.904472][T21461] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1213.913625][T21461] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1215.251134][T21476] mkiss: ax0: crc mode is auto.
[ 1215.483248][T21476] netlink: 'syz.3.4057': attribute type 12 has an invalid length.
[ 1215.716181][T21489] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4062'.
[ 1215.815779][ T5881] usb 6-1: new high-speed USB device number 95 using dummy_hcd
[ 1216.089786][ T5881] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1216.100862][ T5881] usb 6-1: New USB device found, idVendor=0079, idProduct=1846, bcdDevice= 0.00
[ 1216.112567][ T5881] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1216.135716][ T5881] usb 6-1: config 0 descriptor??
[ 1216.744649][ T5881] hid_mf 0003:0079:1846.0029: unknown main item tag 0x7
[ 1217.357689][ T5881] hid_mf 0003:0079:1846.0029: hidraw0: USB HID v0.00 Device [HID 0079:1846] on usb-dummy_hcd.5-1/input0
[ 1217.380906][ T5881] hid_mf 0003:0079:1846.0029: Invalid report, this should never happen!
[ 1217.826064][ T5881] hid_mf 0003:0079:1846.0029: Force feedback init failed.
[ 1218.321438][T21528] netlink: 'syz.0.4073': attribute type 21 has an invalid length.
[ 1218.329448][T21528] netlink: 128 bytes leftover after parsing attributes in process `syz.0.4073'.
[ 1218.338638][T21528] netlink: 'syz.0.4073': attribute type 6 has an invalid length.
[ 1218.346368][T21528] netlink: 3 bytes leftover after parsing attributes in process `syz.0.4073'.
[ 1218.796019][   T30] kauditd_printk_skb: 22 callbacks suppressed
[ 1218.796038][   T30] audit: type=1326 audit(1218.731:1882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21530 comm="syz.3.4074" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fe11b18eec9 code=0x0
[ 1218.811643][T21535] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1218.834462][T21535] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1219.101779][T21531] netlink: 16 bytes leftover after parsing attributes in process `syz.7.4071'.
[ 1219.588002][ T5823] usb 6-1: USB disconnect, device number 95
[ 1220.271601][T21559] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1220.311197][T21559] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1220.372351][T21564] netlink: 48 bytes leftover after parsing attributes in process `syz.5.4078'.
[ 1220.412688][T21567] netlink: 'syz.3.4085': attribute type 1 has an invalid length.
[ 1220.435900][T21563] can0 (unregistered): slcan off ttyS3.
[ 1220.479930][T21567] bond8: entered promiscuous mode
[ 1220.489605][T21567] 8021q: adding VLAN 0 to HW filter on device bond8
[ 1220.553205][   T30] audit: type=1326 audit(1220.511:1883): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21577 comm="syz.0.4087" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f20fbb8eec9 code=0x0
[ 1220.916724][T21585] ip6_vti0 speed is unknown, defaulting to 1000
[ 1221.394839][T21582] netlink: 800 bytes leftover after parsing attributes in process `syz.5.4088'.
[ 1221.422603][T21585] lo speed is unknown, defaulting to 1000
[ 1221.646964][T21588] netlink: 48 bytes leftover after parsing attributes in process `syz.3.4089'.
[ 1222.496843][T21600] genirq: Flags mismatch irq 5. 00200000 (pcl812) vs. 00200000 (at-a2150c)
[ 1223.370520][T21622] binder: 21608:21622 ioctl c0306201 200000000040 returned -22
[ 1223.722952][T21627] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4098'.
[ 1224.339274][T21643] netlink: 'syz.5.4101': attribute type 13 has an invalid length.
[ 1224.928063][   T30] audit: type=1326 audit(1224.891:1884): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21651 comm="syz.3.4105" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fe11b18eec9 code=0x0
[ 1225.623787][ T7286] bond0 (unregistering): Released all slaves
[ 1226.819514][T21659] x_tables: ip6_tables: cluster.0 match: invalid size 16 (kernel) != (user) 104
[ 1227.549792][ T7286] hsr_slave_0: left promiscuous mode
[ 1227.716272][ T7286] hsr_slave_1: left promiscuous mode
[ 1227.805121][ T7286] veth1_macvtap: left promiscuous mode
[ 1227.813449][ T7286] veth0_macvtap: left promiscuous mode
[ 1227.824120][ T7286] veth1_vlan: left promiscuous mode
[ 1227.851097][ T7286] veth0_vlan: left promiscuous mode
[ 1229.158863][T21693] svc: failed to register nfsdv3 RPC service (errno 111).
[ 1229.174743][T21693] svc: failed to register nfsaclv3 RPC service (errno 111).
[ 1229.724983][T21691] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4114'.
[ 1229.734202][T21691] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4114'.
[ 1230.809483][T21675] netlink: 830 bytes leftover after parsing attributes in process `syz.0.4111'.
[ 1231.061273][T21706] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4119'.
[ 1231.078390][T21711] netlink: 'syz.8.4117': attribute type 13 has an invalid length.
[ 1231.868782][ T7286] IPVS: stop unused estimator thread 0...
[ 1231.908251][T21723] netlink: 'syz.3.4122': attribute type 1 has an invalid length.
[ 1232.086272][T21733] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1232.095009][T21733] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1235.202335][T21758] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4128'.
[ 1235.211252][T21758] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4128'.
[ 1235.238464][T21754] can0: slcan on ttyS3.
[ 1235.330108][T21764] fuse: Unknown parameter ''
[ 1236.630708][T21773] netlink: 48 bytes leftover after parsing attributes in process `syz.0.4133'.
[ 1236.698682][   T30] audit: type=1326 audit(1236.661:1885): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21776 comm="syz.8.4134" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f815718eec9 code=0x0
[ 1236.934458][T21785] tipc: Started in network mode
[ 1236.939678][T21785] tipc: Node identity 160d0c62d2ca, cluster identity 4711
[ 1236.948068][T21785] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1237.065602][   T30] audit: type=1400 audit(1236.961:1886): avc:  denied  { ioctl } for  pid=21780 comm="syz.7.4136" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 ioctlcmd=0x8914 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[ 1237.111360][T21786] netlink: 'syz.0.4137': attribute type 21 has an invalid length.
[ 1237.169522][T21786] netlink: 128 bytes leftover after parsing attributes in process `syz.0.4137'.
[ 1237.179926][T21786] netlink: 'syz.0.4137': attribute type 6 has an invalid length.
[ 1237.187755][T21786] netlink: 3 bytes leftover after parsing attributes in process `syz.0.4137'.
[ 1237.503591][T21780] tipc: Disabling bearer <eth:syzkaller0>
[ 1237.662616][   T30] audit: type=1326 audit(1237.611:1887): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21791 comm="syz.3.4141" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fe11b18eec9 code=0x0
[ 1238.300878][ T2147] usb 6-1: new high-speed USB device number 96 using dummy_hcd
[ 1238.305920][T21806] netlink: 48 bytes leftover after parsing attributes in process `syz.8.4139'.
[ 1238.625196][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[ 1238.627728][   T30] audit: type=1326 audit(1238.591:1888): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21795 comm="syz.7.4142" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7a1cd8eec9 code=0x0
[ 1238.634086][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[ 1238.808871][ T2147] usb 6-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[ 1238.820047][ T2147] usb 6-1: config 220 has 1 interface, different from the descriptor's value: 3
[ 1238.965642][ T2147] usb 6-1: config 220 interface 0 has no altsetting 0
[ 1239.147874][ T2147] usb 6-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[ 1239.169580][ T2147] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1239.264740][T21817] netlink: 12 bytes leftover after parsing attributes in process `syz.8.4144'.
[ 1239.361875][ T2147] usb 6-1: Product: syz
[ 1239.366306][ T2147] usb 6-1: Manufacturer: syz
[ 1239.370913][ T2147] usb 6-1: SerialNumber: syz
[ 1240.150336][T21790] Bluetooth: hci3: Frame reassembly failed (-84)
[ 1240.183024][ T7295] Bluetooth: hci3: Frame reassembly failed (-84)
[ 1240.480869][T21830] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4147'.
[ 1241.508265][ T2147] uvcvideo 6-1:220.0: Found UVC 7.01 device syz (8086:0b07)
[ 1241.535878][ T2147] uvcvideo 6-1:220.0: No valid video chain found.
[ 1241.563620][   T10] usb 9-1: USB disconnect, device number 69
[ 1241.599203][ T2147] usb 6-1: USB disconnect, device number 96
[ 1241.625149][   T10] ipheth 9-1:0.196: Apple iPhone USB Ethernet now disconnected
[ 1241.679760][T18884] can0 (unregistered): slcan off ttyS3.
[ 1242.009574][   T13] netdevsim netdevsim8 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1242.024349][T16820] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1242.036762][   T13] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1242.047287][T16820] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1242.055874][   T13] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 53041 - 0
[ 1242.066594][T16820] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1242.075991][T16820] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1242.084942][T16820] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1242.139967][T21846] ip6_vti0 speed is unknown, defaulting to 1000
[ 1242.201882][   T13] netdevsim netdevsim8 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1242.245803][T16820] Bluetooth: hci3: command 0xfc11 tx timeout
[ 1242.255958][ T5833] Bluetooth: hci3: Entering manufacturer mode failed (-110)
[ 1242.310886][   T13] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1242.373525][   T13] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 53041 - 0
[ 1242.497061][   T13] netdevsim netdevsim8 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1242.519439][   T13] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1242.553443][   T13] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 53041 - 0
[ 1242.611352][T21846] lo speed is unknown, defaulting to 1000
[ 1242.679318][T21861] binder: 21855:21861 ioctl c0306201 200000000040 returned -22
[ 1243.067609][   T13] netdevsim netdevsim8 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1243.080237][   T13] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1243.090993][   T13] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 53041 - 0
[ 1244.165633][ T5833] Bluetooth: hci0: command tx timeout
[ 1244.359882][T21881] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=198462431 (396924862 ns) > initial count (200000 ns). Using initial count to start timer.
[ 1244.724094][   T30] audit: type=1400 audit(1244.681:1889): avc:  denied  { listen } for  pid=21889 comm="syz.5.4165" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[ 1244.959121][   T13] bridge_slave_1: left allmulticast mode
[ 1244.967037][   T13] bridge_slave_1: left promiscuous mode
[ 1245.083468][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1245.095396][   T30] audit: type=1400 audit(1244.891:1890): avc:  denied  { accept } for  pid=21889 comm="syz.5.4165" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[ 1245.125379][   T13] bridge_slave_0: left promiscuous mode
[ 1245.133161][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1245.562939][T21900] netlink: 'syz.5.4167': attribute type 10 has an invalid length.
[ 1246.247183][ T5833] Bluetooth: hci0: command tx timeout
[ 1246.691595][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1246.701798][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1246.711581][   T13] bond0 (unregistering): Released all slaves
[ 1246.722203][   T13] bond1 (unregistering): Released all slaves
[ 1246.733522][   T13] bond2 (unregistering): Released all slaves
[ 1246.879448][   T13] bond3 (unregistering): (slave vlan2): Releasing active interface
[ 1246.889411][   T13] bond3 (unregistering): Released all slaves
[ 1247.038270][   T13] bond4 (unregistering): (slave bond5): Releasing backup interface
[ 1247.046334][   T13] bond5 (unregistering): left promiscuous mode
[ 1247.052990][   T13] bond4 (unregistering): Released all slaves
[ 1247.181964][   T13] bond5 (unregistering): Released all slaves
[ 1247.329724][   T13] bond6 (unregistering): (slave bond7): Releasing backup interface
[ 1247.337801][   T13] bond7 (unregistering): left promiscuous mode
[ 1247.344490][   T13] bond6 (unregistering): Released all slaves
[ 1247.479656][   T13] bond7 (unregistering): Released all slaves
[ 1247.490326][   T13] bond8 (unregistering): Released all slaves
[ 1247.511273][T21846] chnl_net:caif_netlink_parms(): no params data found
[ 1247.748711][T21909] binder: 21905:21909 ioctl c0306201 200000000040 returned -22
[ 1248.135154][   T13] tipc: Left network mode
[ 1248.191461][T21915] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4172'.
[ 1248.202498][T21846] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1248.215674][T21846] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1248.229399][T21846] bridge_slave_0: entered allmulticast mode
[ 1248.244289][T21846] bridge_slave_0: entered promiscuous mode
[ 1248.302858][T21915] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4172'.
[ 1248.332132][ T5833] Bluetooth: hci0: command tx timeout
[ 1248.340170][T21846] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1248.347833][T21846] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1248.355104][T21846] bridge_slave_1: entered allmulticast mode
[ 1248.363169][T21846] bridge_slave_1: entered promiscuous mode
[ 1248.446856][T21922] netlink: 96 bytes leftover after parsing attributes in process `syz.5.4174'.
[ 1248.520087][T21846] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1248.532249][T21846] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1248.585426][T21846] team0: Port device team_slave_0 added
[ 1248.594309][T21846] team0: Port device team_slave_1 added
[ 1248.701258][T21846] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1248.708537][T21846] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1248.734938][T21846] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1248.749776][   T13] hsr_slave_0: left promiscuous mode
[ 1248.755662][   T13] hsr_slave_1: left promiscuous mode
[ 1248.771248][   T13] veth1_macvtap: left promiscuous mode
[ 1248.777034][   T13] veth0_macvtap: left promiscuous mode
[ 1248.782559][   T13] veth1_vlan: left promiscuous mode
[ 1248.788008][   T13] veth0_vlan: left promiscuous mode
[ 1248.825583][ T5881] usb 4-1: new high-speed USB device number 94 using dummy_hcd
[ 1248.975845][ T5881] usb 4-1: Using ep0 maxpacket: 8
[ 1248.993700][ T5881] usb 4-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[ 1249.019139][ T5881] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1249.127295][ T5881] usb 4-1: config 0 descriptor??
[ 1249.914906][ T5881] asix 4-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random
[ 1250.617974][ T5833] Bluetooth: hci0: command tx timeout
[ 1250.981880][ T5881] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[ 1250.998348][ T5881] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to write GPIO value 0x00b0: ffffffb9
[ 1251.097781][ T5881] asix 4-1:0.0: probe with driver asix failed with error -71
[ 1251.133086][T21945] binder: 21938:21945 ioctl c0306201 200000000040 returned -22
[ 1251.133497][ T5881] usb 4-1: USB disconnect, device number 94
[ 1251.539700][   T13] team0 (unregistering): Port device team_slave_1 removed
[ 1251.811243][   T13] team0 (unregistering): Port device team_slave_0 removed
[ 1253.063036][   T13] team0 (unregistering): Port device dummy0 removed
[ 1253.338118][T21846] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1253.345119][T21846] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1253.372226][T21846] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1253.391688][T21967] netlink: 'syz.0.4186': attribute type 13 has an invalid length.
[ 1253.399751][   T48] infiniband syz1: ib_query_port failed (-19)
[ 1253.563478][T21846] hsr_slave_0: entered promiscuous mode
[ 1253.571853][T21846] hsr_slave_1: entered promiscuous mode
[ 1253.596016][   T13] IPVS: stop unused estimator thread 0...
[ 1253.677719][T21971] ip6_vti0 speed is unknown, defaulting to 1000
[ 1253.809114][T21975] genirq: Flags mismatch irq 5. 00200000 (pcl812) vs. 00200000 (at-a2150c)
[ 1254.326376][T21982] veth0_to_bond: entered allmulticast mode
[ 1254.938619][T21993] netlink: 'syz.5.4196': attribute type 13 has an invalid length.
[ 1256.004585][T22004] bridge5: entered promiscuous mode
[ 1256.640817][T21971] lo speed is unknown, defaulting to 1000
[ 1256.870242][T22012] netlink: 2384 bytes leftover after parsing attributes in process `syz.0.4202'.
[ 1256.888843][T22010] bond3 (unregistering): Released all slaves
[ 1256.987495][T21846] netdevsim netdevsim8 netdevsim0: renamed from eth0
[ 1257.000902][T21846] netdevsim netdevsim8 netdevsim1: renamed from eth1
[ 1257.023102][T21846] netdevsim netdevsim8 netdevsim2: renamed from eth2
[ 1257.039682][T21846] netdevsim netdevsim8 netdevsim3: renamed from eth3
[ 1257.431517][   T30] audit: type=1400 audit(1257.371:1891): avc:  denied  { listen } for  pid=22020 comm="syz.5.4205" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 1257.958342][   T30] audit: type=1800 audit(1257.921:1892): pid=22033 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.0.4204" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[ 1258.065581][   T10] usb 6-1: new high-speed USB device number 97 using dummy_hcd
[ 1258.144042][T21846] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1258.305725][T21846] 8021q: adding VLAN 0 to HW filter on device team0
[ 1258.377690][   T10] usb 6-1: Using ep0 maxpacket: 32
[ 1258.506337][   T10] usb 6-1: no configurations
[ 1258.521155][   T10] usb 6-1: can't read configurations, error -22
[ 1258.527141][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1258.534503][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1258.601414][ T6038] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1258.608543][ T6038] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1258.617063][T22041] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1258.716794][   T10] usb 6-1: new high-speed USB device number 98 using dummy_hcd
[ 1258.788551][T21846] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1258.837246][T22054] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2846 sclass=netlink_route_socket pid=22054 comm=syz.7.4211
[ 1258.898031][   T10] usb 6-1: Using ep0 maxpacket: 32
[ 1259.088762][   T10] usb 6-1: no configurations
[ 1259.096613][   T10] usb 6-1: can't read configurations, error -22
[ 1259.104865][   T10] usb usb6-port1: attempt power cycle
[ 1259.906260][   T10] usb 6-1: new high-speed USB device number 99 using dummy_hcd
[ 1260.560651][T22024] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1260.569288][T22024] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1260.928029][   T10] usb 6-1: Using ep0 maxpacket: 32
[ 1260.937079][   T10] usb 6-1: no configurations
[ 1260.941853][   T10] usb 6-1: can't read configurations, error -22
[ 1261.712444][T21846] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1261.725567][   T10] usb 6-1: new high-speed USB device number 100 using dummy_hcd
[ 1261.777269][   T10] usb 6-1: Using ep0 maxpacket: 32
[ 1261.811537][   T10] usb 6-1: no configurations
[ 1261.991751][   T10] usb 6-1: can't read configurations, error -22
[ 1262.236086][   T10] usb usb6-port1: unable to enumerate USB device
[ 1262.303548][T22082] veth0_vlan: left promiscuous mode
[ 1262.322762][T22082] veth0_vlan: entered promiscuous mode
[ 1262.829273][T21846] veth0_vlan: entered promiscuous mode
[ 1262.844130][T21846] veth1_vlan: entered promiscuous mode
[ 1262.882504][T21846] veth0_macvtap: entered promiscuous mode
[ 1262.895168][T21846] veth1_macvtap: entered promiscuous mode
[ 1262.920748][T21846] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1262.935197][T21846] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1262.950991][ T7288] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1262.960968][ T7288] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1262.976533][ T7288] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1262.985307][ T7288] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1263.059822][   T80] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1263.070619][   T80] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1263.086167][   T10] usb 6-1: new full-speed USB device number 101 using dummy_hcd
[ 1263.111229][ T7304] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1263.120470][ T7304] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1263.120874][T22102] netlink: 'syz.0.4224': attribute type 10 has an invalid length.
[ 1263.162577][T22102] bond0: (slave bridge0): Enslaving as an active interface with an up link
[ 1263.344640][   T10] usb 6-1: unable to get BOS descriptor or descriptor too short
[ 1263.353349][T22107] netlink: 'syz.8.4150': attribute type 21 has an invalid length.
[ 1263.361426][T22107] netlink: 128 bytes leftover after parsing attributes in process `syz.8.4150'.
[ 1263.371974][T22107] netlink: 'syz.8.4150': attribute type 6 has an invalid length.
[ 1263.380023][T22107] netlink: 3 bytes leftover after parsing attributes in process `syz.8.4150'.
[ 1263.551573][   T10] usb 6-1: unable to read config index 0 descriptor/start: -71
[ 1263.559436][   T10] usb 6-1: can't read configurations, error -71
[ 1263.870470][T22123] netlink: 196 bytes leftover after parsing attributes in process `syz.3.4229'.
[ 1264.479849][   T30] audit: type=1400 audit(1264.411:1893): avc:  denied  { bind } for  pid=22131 comm="syz.0.4233" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[ 1265.003087][T22148] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4238'.
[ 1265.096169][T22150] netlink: 32 bytes leftover after parsing attributes in process `syz.8.4236'.
[ 1265.616148][   T10] usb 4-1: new low-speed USB device number 95 using dummy_hcd
[ 1266.217754][   T10] usb 4-1: config 179 has an invalid interface number: 65 but max is 0
[ 1266.226180][   T10] usb 4-1: config 179 has no interface number 0
[ 1266.232430][   T10] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 10
[ 1266.300915][   T10] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0
[ 1266.361492][   T10] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10
[ 1266.385548][   T10] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 45824, setting to 8
[ 1266.415642][   T10] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1266.439246][   T10] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1266.462641][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1266.489965][T22167] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4245'.
[ 1266.542556][T22155] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[ 1266.552525][   T10] xpad 4-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90
[ 1266.573563][   T10] xpad 4-1:179.65: probe with driver xpad failed with error -90
[ 1266.585471][ T5833] Bluetooth: hci4: unexpected event for opcode 0x1003
[ 1267.026919][T22155] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[ 1267.065202][ T2147] usb 4-1: USB disconnect, device number 95
[ 1267.101951][ T5823] usb 6-1: new high-speed USB device number 103 using dummy_hcd
[ 1267.265804][ T5823] usb 6-1: Using ep0 maxpacket: 32
[ 1267.272851][ T5823] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1267.285459][ T5823] usb 6-1: New USB device found, idVendor=1ae7, idProduct=0525, bcdDevice=74.d5
[ 1267.353452][ T5823] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=34
[ 1267.362415][ T5823] usb 6-1: Product: syz
[ 1267.371996][ T5823] usb 6-1: Manufacturer: syz
[ 1267.376910][ T5823] usb 6-1: SerialNumber: syz
[ 1267.383640][ T5823] usb 6-1: config 0 descriptor??
[ 1267.391861][ T5823] HFC-S_USB 6-1:0.0: probe with driver HFC-S_USB failed with error -5
[ 1267.518178][T22182] ip6_vti0 speed is unknown, defaulting to 1000
[ 1267.693921][T22182] lo speed is unknown, defaulting to 1000
[ 1268.359547][T22191] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=22191 comm=syz.8.4252
[ 1268.372158][ T5823] usb 4-1: new full-speed USB device number 96 using dummy_hcd
[ 1268.439395][T22193] netlink: 'syz.7.4253': attribute type 13 has an invalid length.
[ 1268.539228][ T5823] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[ 1268.549602][ T5823] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1268.865161][ T5823] usb 4-1: Product: syz
[ 1268.869520][ T5823] usb 4-1: Manufacturer: syz
[ 1268.878370][ T5823] usb 4-1: SerialNumber: syz
[ 1268.970411][ T5823] usb 4-1: config 0 descriptor??
[ 1269.181255][ T5823] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[ 1269.734635][T22209] FAULT_INJECTION: forcing a failure.
[ 1269.734635][T22209] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1269.749473][T22209] CPU: 1 UID: 0 PID: 22209 Comm: syz.8.4257 Not tainted syzkaller #0 PREEMPT(full) 
[ 1269.749500][T22209] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1269.749511][T22209] Call Trace:
[ 1269.749517][T22209]  <TASK>
[ 1269.749526][T22209]  dump_stack_lvl+0x16c/0x1f0
[ 1269.749550][T22209]  should_fail_ex+0x512/0x640
[ 1269.749574][T22209]  _copy_from_iter+0x29f/0x1720
[ 1269.749599][T22209]  ? __alloc_skb+0x200/0x380
[ 1269.749619][T22209]  ? __pfx__copy_from_iter+0x10/0x10
[ 1269.749638][T22209]  ? netlink_autobind.isra.0+0x158/0x370
[ 1269.749672][T22209]  netlink_sendmsg+0x820/0xdd0
[ 1269.749706][T22209]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1269.749737][T22209]  ____sys_sendmsg+0xa95/0xc70
[ 1269.749765][T22209]  ? copy_msghdr_from_user+0x10a/0x160
[ 1269.749784][T22209]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1269.749818][T22209]  ___sys_sendmsg+0x134/0x1d0
[ 1269.749837][T22209]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1269.749886][T22209]  __sys_sendmsg+0x16d/0x220
[ 1269.749907][T22209]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1269.749941][T22209]  do_syscall_64+0xcd/0x4e0
[ 1269.749960][T22209]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1269.749977][T22209] RIP: 0033:0x7f793b38eec9
[ 1269.749992][T22209] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1269.750008][T22209] RSP: 002b:00007f793c22a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1269.750025][T22209] RAX: ffffffffffffffda RBX: 00007f793b5e5fa0 RCX: 00007f793b38eec9
[ 1269.750038][T22209] RDX: 0000000000000000 RSI: 00002000000003c0 RDI: 0000000000000003
[ 1269.750048][T22209] RBP: 00007f793c22a090 R08: 0000000000000000 R09: 0000000000000000
[ 1269.750058][T22209] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1269.750068][T22209] R13: 00007f793b5e6038 R14: 00007f793b5e5fa0 R15: 00007fff5d2701e8
[ 1269.750092][T22209]  </TASK>
[ 1270.029261][ T2147] usb 6-1: USB disconnect, device number 103
[ 1270.154969][   T30] audit: type=1400 audit(1270.111:1894): avc:  denied  { setopt } for  pid=22210 comm="syz.8.4258" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[ 1270.351801][T22227] netlink: 'syz.7.4264': attribute type 13 has an invalid length.
[ 1270.362477][T22228] loop5: detected capacity change from 0 to 2903
[ 1270.390682][T22187] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1270.399548][T22187] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1270.421189][T22230] loop5: detected capacity change from 2903 to 3703
[ 1270.447981][T22228] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[ 1270.647723][ T5833] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0
[ 1270.879413][T22228] overlayfs: missing 'lowerdir'
[ 1270.920827][ T5833] Bluetooth: hci4: Injecting HCI hardware error event
[ 1270.932807][T16820] Bluetooth: hci4: hardware error 0x00
[ 1270.961392][T22230] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[ 1270.961518][   T48] IPVS: starting estimator thread 0...
[ 1270.990693][T22228] netlink: 4 bytes leftover after parsing attributes in process `syz.8.4263'.
[ 1271.010176][T22228] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[ 1271.075691][T22235] IPVS: using max 42 ests per chain, 100800 per kthread
[ 1271.205458][ T7304] Bluetooth: hci3: Frame reassembly failed (-84)
[ 1271.319214][T22187] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1271.320805][T22247] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2
[ 1271.340750][T22187] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1271.679709][ T5823] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[ 1271.697095][ T5823] usb 4-1: USB disconnect, device number 96
[ 1272.193566][T22257] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4272'.
[ 1272.203791][T22257] netlink: 'syz.5.4272': attribute type 15 has an invalid length.
[ 1272.258072][   T80] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 2816 - 0
[ 1272.258138][T22257] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4272'.
[ 1272.282978][T22257] netlink: 'syz.5.4272': attribute type 15 has an invalid length.
[ 1272.283796][   T80] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 2816 - 0
[ 1272.307774][   T80] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 2816 - 0
[ 1272.317394][   T80] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 2816 - 0
[ 1273.529423][T16820] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[ 1273.534900][T17881] Bluetooth: hci3: command 0x1003 tx timeout
[ 1273.542379][ T5833] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 1274.537966][T22270] can0: slcan on ttyS3.
[ 1276.348452][T22269] can0 (unregistered): slcan off ttyS3.
[ 1276.391027][   T48] libceph: connect (1)[c::]:6789 error -101
[ 1276.394280][T22278] No control pipe specified
[ 1276.418287][T22274] svc: failed to register nfsdv3 RPC service (errno 512).
[ 1276.425597][T22274] svc: failed to register nfsaclv3 RPC service (errno 512).
[ 1276.491529][   T48] libceph: mon0 (1)[c::]:6789 connect error
[ 1276.577675][T22277] ceph: No mds server is up or the cluster is laggy
[ 1276.585738][   T48] libceph: connect (1)[c::]:6789 error -101
[ 1276.615430][   T48] libceph: mon0 (1)[c::]:6789 connect error
[ 1277.365625][ T5881] usb 4-1: new full-speed USB device number 97 using dummy_hcd
[ 1277.366314][T22305] /dev/nullb0: Can't open blockdev
[ 1277.584370][ T5881] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1277.607705][ T5881] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2
[ 1277.635182][ T5881] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 64
[ 1277.809128][T22317] netlink: 'syz.5.4291': attribute type 21 has an invalid length.
[ 1277.817334][T22317] netlink: 128 bytes leftover after parsing attributes in process `syz.5.4291'.
[ 1277.827405][T22317] netlink: 'syz.5.4291': attribute type 6 has an invalid length.
[ 1277.835241][T22317] netlink: 3 bytes leftover after parsing attributes in process `syz.5.4291'.
[ 1277.955994][ T5881] usb 4-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[ 1277.989520][ T5881] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1278.052768][T22294] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 1278.060750][T22323] FAULT_INJECTION: forcing a failure.
[ 1278.060750][T22323] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1278.102959][ T5881] hub 4-1:1.0: bad descriptor, ignoring hub
[ 1278.152886][ T5881] hub 4-1:1.0: probe with driver hub failed with error -5
[ 1278.195314][T22323] CPU: 0 UID: 0 PID: 22323 Comm: syz.8.4290 Not tainted syzkaller #0 PREEMPT(full) 
[ 1278.195344][T22323] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1278.195355][T22323] Call Trace:
[ 1278.195363][T22323]  <TASK>
[ 1278.195371][T22323]  dump_stack_lvl+0x16c/0x1f0
[ 1278.195395][T22323]  should_fail_ex+0x512/0x640
[ 1278.195420][T22323]  _copy_from_iter+0x29f/0x1720
[ 1278.195442][T22323]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1278.195476][T22323]  ? __pfx__copy_from_iter+0x10/0x10
[ 1278.195495][T22323]  ? alloc_pages_mpol+0x25a/0x550
[ 1278.195518][T22323]  ? __pfx_alloc_pages_mpol+0x10/0x10
[ 1278.195543][T22323]  copy_page_from_iter+0xde/0x180
[ 1278.195565][T22323]  anon_pipe_write+0xed5/0x1bd0
[ 1278.195595][T22323]  ? __pfx_anon_pipe_write+0x10/0x10
[ 1278.195614][T22323]  ? selinux_file_permission+0x126/0x660
[ 1278.195637][T22323]  ? bpf_lsm_file_permission+0x9/0x10
[ 1278.195655][T22323]  ? security_file_permission+0x71/0x210
[ 1278.195678][T22323]  ? rw_verify_area+0xcf/0x6c0
[ 1278.195708][T22323]  vfs_write+0x7d3/0x11d0
[ 1278.195727][T22323]  ? __pfx_anon_pipe_write+0x10/0x10
[ 1278.195750][T22323]  ? __pfx_vfs_write+0x10/0x10
[ 1278.195766][T22323]  ? find_held_lock+0x2b/0x80
[ 1278.195810][T22323]  ksys_write+0x1f8/0x250
[ 1278.195827][T22323]  ? __pfx_ksys_write+0x10/0x10
[ 1278.195859][T22323]  do_syscall_64+0xcd/0x4e0
[ 1278.195879][T22323]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1278.195897][T22323] RIP: 0033:0x7f793b38eec9
[ 1278.195913][T22323] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1278.195930][T22323] RSP: 002b:00007f793c209038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1278.195949][T22323] RAX: ffffffffffffffda RBX: 00007f793b5e6090 RCX: 00007f793b38eec9
[ 1278.195961][T22323] RDX: 00000000fffffd97 RSI: 0000200000000040 RDI: 0000000000000006
[ 1278.195972][T22323] RBP: 00007f793c209090 R08: 0000000000000000 R09: 0000000000000000
[ 1278.195983][T22323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1278.195994][T22323] R13: 00007f793b5e6128 R14: 00007f793b5e6090 R15: 00007fff5d2701e8
[ 1278.196020][T22323]  </TASK>
[ 1278.407021][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1278.446594][ T5881] cdc_wdm 4-1:1.0: skipping garbage
[ 1278.470208][ T5881] cdc_wdm 4-1:1.0: skipping garbage
[ 1278.546996][ T5881] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device
[ 1278.558784][ T5881] cdc_wdm 4-1:1.0: Unknown control protocol
[ 1278.624068][ T5881] usb 4-1: USB disconnect, device number 97
[ 1279.695797][ T5881] usb 4-1: new full-speed USB device number 98 using dummy_hcd
[ 1280.913700][T22371] netlink: 40 bytes leftover after parsing attributes in process `syz.7.4306'.
[ 1280.980203][ T5881] usb 4-1: device descriptor read/all, error -71
[ 1281.118550][T22371] pimreg: entered allmulticast mode
[ 1281.123196][T22379] random: crng reseeded on system resumption
[ 1281.765893][ T5881] usb 4-1: new high-speed USB device number 99 using dummy_hcd
[ 1282.240739][ T5881] usb 4-1: Using ep0 maxpacket: 8
[ 1282.389596][ T5881] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[ 1282.397123][ T5881] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1282.408840][ T5881] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1282.420855][ T5881] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1282.443139][ T5881] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1282.479483][ T5881] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[ 1282.508329][ T5881] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1282.635728][ T5881] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1282.647561][ T5881] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1282.664051][ T5881] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1282.679629][ T5881] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[ 1282.689522][ T5881] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1282.701090][ T5881] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1282.768227][ T5881] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1283.086351][ T5881] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1283.286604][ T5881] usb 4-1: string descriptor 0 read error: -22
[ 1283.294074][ T5881] usb 4-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[ 1283.373577][ T5881] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1283.503785][ T5881] adutux 4-1:168.0: ADU100  now attached to /dev/usb/adutux0
[ 1283.800468][ T5881] usb 4-1: USB disconnect, device number 99
[ 1283.800683][T22412] netlink: 20 bytes leftover after parsing attributes in process `syz.8.4319'.
[ 1284.307056][T22416] sch_fq: defrate 0 ignored.
[ 1284.343436][T22371] pimreg: left allmulticast mode
[ 1284.805971][ T5823] usb 6-1: new full-speed USB device number 104 using dummy_hcd
[ 1284.818171][T22433] netlink: 'syz.7.4325': attribute type 2 has an invalid length.
[ 1284.869163][T22433] netlink: 'syz.7.4325': attribute type 1 has an invalid length.
[ 1284.967675][ T5823] usb 6-1: config 0 has an invalid interface number: 20 but max is 0
[ 1285.003946][ T5823] usb 6-1: config 0 has no interface number 0
[ 1285.026382][T22446] ptrace attach of "./syz-executor exec"[17035] was attempted by "./syz-executor exec"[22446]
[ 1285.047580][ T5823] usb 6-1: config 0 interface 20 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64
[ 1285.048023][T22444] bond1 (unregistering): Released all slaves
[ 1285.093759][ T5823] usb 6-1: New USB device found, idVendor=04e6, idProduct=000b, bcdDevice= 1.00
[ 1285.106468][ T5823] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1285.115159][ T5823] usb 6-1: Product: syz
[ 1285.127416][ T5823] usb 6-1: Manufacturer: syz
[ 1285.141341][ T5823] usb 6-1: SerialNumber: syz
[ 1285.408423][ T5823] usb 6-1: config 0 descriptor??
[ 1285.433279][T22423] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 1285.481352][ T5823] usb-storage 6-1:0.20: USB Mass Storage device detected
[ 1285.529625][ T5823] usb-storage 6-1:0.20: Quirks match for vid 04e6 pid 000b: 4
[ 1285.690133][ T5823] scsi host1: usb-storage 6-1:0.20
[ 1285.704051][ T5823] usb 6-1: USB disconnect, device number 104
[ 1287.104246][T22470] netlink: 'syz.8.4335': attribute type 21 has an invalid length.
[ 1287.112311][T22470] netlink: 128 bytes leftover after parsing attributes in process `syz.8.4335'.
[ 1287.121945][T22470] netlink: 'syz.8.4335': attribute type 6 has an invalid length.
[ 1287.131798][T22470] netlink: 3 bytes leftover after parsing attributes in process `syz.8.4335'.
[ 1287.539563][T22481] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4337'.
[ 1288.336632][   T48] usb 6-1: new high-speed USB device number 105 using dummy_hcd
[ 1288.546013][   T48] usb 6-1: Using ep0 maxpacket: 8
[ 1288.647001][   T48] usb 6-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=3a.b2
[ 1288.678229][   T48] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1288.688744][   T48] usb 6-1: Product: syz
[ 1288.693034][   T48] usb 6-1: Manufacturer: syz
[ 1288.699957][   T48] usb 6-1: SerialNumber: syz
[ 1288.711821][   T48] usb 6-1: config 0 descriptor??
[ 1288.921133][   T48] gspca_main: sunplus-2.14.0 probing 04a5:3003
[ 1289.085757][T22510] mkiss: ax0: crc mode is auto.
[ 1290.228063][   T48] gspca_sunplus: reg_w_riv err -110
[ 1290.233378][   T48] sunplus 6-1:0.0: probe with driver sunplus failed with error -110
[ 1290.503704][    T9] usb 6-1: USB disconnect, device number 105
[ 1291.727662][T22547] bond5 (unregistering): Released all slaves
[ 1292.638631][T22554] bridge3: entered promiscuous mode
[ 1292.668723][   T30] audit: type=1326 audit(1292.631:1895): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22556 comm="syz.7.4363" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7a1cd8eec9 code=0x0
[ 1293.106969][ T6039] usb 6-1: new full-speed USB device number 106 using dummy_hcd
[ 1293.321794][ T6039] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1293.735666][    T9] usb 9-1: new high-speed USB device number 70 using dummy_hcd
[ 1293.785554][ T6039] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[ 1293.797196][ T6039] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid maxpacket 65535, setting to 64
[ 1293.808548][ T6039] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[ 1293.833926][ T6039] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1293.843635][ T6039] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1293.856930][ T6039] usb 6-1: Manufacturer: syz
[ 1293.868257][ T6039] usb 6-1: config 0 descriptor??
[ 1293.925553][    T9] usb 9-1: Using ep0 maxpacket: 32
[ 1293.932493][    T9] usb 9-1: config index 0 descriptor too short (expected 29220, got 36)
[ 1293.942954][    T9] usb 9-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[ 1293.981442][    T9] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 81
[ 1293.996377][    T9] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1294.010417][    T9] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1294.014955][T22582] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4372'.
[ 1294.021086][    T9] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1294.040632][    T9] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[ 1294.051714][    T9] usb 9-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[ 1294.065895][    T9] usb 9-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[ 1294.075077][    T9] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1294.085936][    T9] usb 9-1: config 0 descriptor??
[ 1294.225627][ T6039] rc_core: IR keymap rc-hauppauge not found
[ 1294.231601][ T6039] Registered IR keymap rc-empty
[ 1294.239554][ T6039] mceusb 6-1:0.0: Error: mce write urb status = -71
[ 1294.282280][ T6039] mceusb 6-1:0.0: Error: mce write urb status = -71
[ 1294.330435][ T6039] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0
[ 1294.421990][T22564] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1294.469448][ T6039] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0/input38
[ 1294.506212][T22564] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1294.609996][T22564] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1294.625608][    T9] usblp 9-1:0.0: usblp0: USB Bidirectional printer dev 70 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[ 1294.640321][T22564] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1294.641745][ T6039] mceusb 6-1:0.0: Error: mce write urb status = -71
[ 1294.670496][   T48] usb 9-1: USB disconnect, device number 70
[ 1294.677683][ T6039] mceusb 6-1:0.0: Error: mce write urb status = -71
[ 1294.688145][   T48] usblp0: removed
[ 1294.705869][ T6039] mceusb 6-1:0.0: Error: mce write urb status = -71
[ 1294.719205][T22596] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[ 1294.730155][ T6039] mceusb 6-1:0.0: Error: mce write urb status = -71
[ 1294.755955][ T6039] mceusb 6-1:0.0: Error: mce write urb status = -71
[ 1294.764956][T22598] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(3)
[ 1294.771570][T22598] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 1294.780740][T22598] vhci_hcd vhci_hcd.0: Device attached
[ 1294.789017][ T6039] mceusb 6-1:0.0: Error: mce write urb status = -71
[ 1294.826052][ T6039] mceusb 6-1:0.0: Error: mce write urb status = -71
[ 1294.853315][ T6039] mceusb 6-1:0.0: Error: mce write urb status = -71
[ 1294.875844][ T6039] mceusb 6-1:0.0: Error: mce write urb status = -71
[ 1294.905878][ T6039] mceusb 6-1:0.0: Error: mce write urb status = -71
[ 1294.937842][ T6039] mceusb 6-1:0.0: Registered  with mce emulator interface version 1
[ 1294.947492][ T6039] mceusb 6-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[ 1295.106184][    T9] usb 43-1: new high-speed USB device number 2 using vhci_hcd
[ 1295.108394][ T6039] usb 6-1: USB disconnect, device number 106
[ 1295.826088][ T6039] usb 6-1: new high-speed USB device number 107 using dummy_hcd
[ 1296.019126][ T6039] usb 6-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00
[ 1296.040425][ T6039] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1296.071610][ T6039] usb 6-1: Product: syz
[ 1296.083631][ T6039] usb 6-1: Manufacturer: syz
[ 1296.093780][ T6039] usb 6-1: SerialNumber: syz
[ 1296.130433][ T6039] usb 6-1: config 0 descriptor??
[ 1296.485824][ T6039] hso 6-1:0.0: Failed to find BULK IN ep
[ 1296.947901][ T6039] usb-storage 6-1:0.0: USB Mass Storage device detected
[ 1297.298798][T22598] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1297.366713][T22598] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1297.556409][    T9] usb 43-1: device descriptor read/64, error -71
[ 1297.892137][    T9] usb 43-1: new high-speed USB device number 3 using vhci_hcd
[ 1298.363167][   T10] usb 6-1: USB disconnect, device number 107
[ 1298.370916][T22599] vhci_hcd: connection closed
[ 1298.373550][ T7295] vhci_hcd: stop threads
[ 1298.397251][ T7295] vhci_hcd: release socket
[ 1298.517435][ T7295] vhci_hcd: disconnect device
[ 1298.542782][T22680] batman_adv: batadv0: Adding interface: dummy0
[ 1298.550131][T22680] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1298.712629][T22680] batman_adv: batadv0: Interface activated: dummy0
[ 1298.720463][T22684] lo: entered promiscuous mode
[ 1298.725456][T22684] lo: entered allmulticast mode
[ 1298.731001][T22684] tunl0: entered promiscuous mode
[ 1298.736203][T22684] tunl0: entered allmulticast mode
[ 1298.742032][T22684] gre0: entered promiscuous mode
[ 1298.747040][T22684] gre0: entered allmulticast mode
[ 1298.752696][T22684] gretap0: entered promiscuous mode
[ 1298.757946][T22684] gretap0: entered allmulticast mode
[ 1298.763643][T22684] erspan0: entered promiscuous mode
[ 1298.769057][T22684] erspan0: entered allmulticast mode
[ 1298.774855][T22684] ip_vti0: entered promiscuous mode
[ 1298.780075][T22684] ip_vti0: entered allmulticast mode
[ 1298.785941][T22684] ip6_vti0: entered promiscuous mode
[ 1298.791234][T22684] ip6_vti0: entered allmulticast mode
[ 1298.797238][T22684] sit0: entered promiscuous mode
[ 1298.802188][T22684] sit0: entered allmulticast mode
[ 1298.807713][T22684] ip6tnl0: entered promiscuous mode
[ 1298.812926][T22684] ip6tnl0: entered allmulticast mode
[ 1298.818764][T22684] ip6gre0: entered promiscuous mode
[ 1298.823962][T22684] ip6gre0: entered allmulticast mode
[ 1298.829712][T22684] syz_tun: entered promiscuous mode
[ 1298.834924][T22684] syz_tun: entered allmulticast mode
[ 1298.840686][T22684] ip6gretap0: entered promiscuous mode
[ 1298.846188][T22684] ip6gretap0: entered allmulticast mode
[ 1298.852126][T22684] bridge0: entered promiscuous mode
[ 1298.857371][T22684] bridge0: entered allmulticast mode
[ 1298.863221][T22684] vcan0: entered promiscuous mode
[ 1298.868462][T22684] vcan0: entered allmulticast mode
[ 1298.874030][T22684] bond0: entered promiscuous mode
[ 1298.879185][T22684] bond0: entered allmulticast mode
[ 1298.884797][T22684] dummy0: entered promiscuous mode
[ 1298.889992][T22684] dummy0: entered allmulticast mode
[ 1298.895694][T22684] nlmon0: entered promiscuous mode
[ 1298.900813][T22684] nlmon0: entered allmulticast mode
[ 1298.909094][T22684] caif0: entered promiscuous mode
[ 1298.914247][T22684] caif0: entered allmulticast mode
[ 1298.919418][T22684] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1299.061383][   T30] audit: type=1326 audit(1299.021:1896): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22689 comm="syz.7.4399" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7a1cd8eec9 code=0x0
[ 1299.128582][   T10] usb 6-1: new low-speed USB device number 108 using dummy_hcd
[ 1299.552177][T22697] can0: slcan on ttyS3.
[ 1299.563827][   T10] usb 6-1: config 179 has an invalid interface number: 65 but max is 0
[ 1299.581083][T22697] svc: failed to register nfsdv3 RPC service (errno 111).
[ 1299.591429][T22697] svc: failed to register nfsaclv3 RPC service (errno 111).
[ 1299.693347][   T10] usb 6-1: config 179 has no interface number 0
[ 1299.724664][   T10] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 10
[ 1299.812021][   T10] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0
[ 1299.877829][   T10] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10
[ 1299.897139][   T10] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 45824, setting to 8
[ 1299.908827][T22687] can0 (unregistered): slcan off ttyS3.
[ 1299.919962][   T10] usb 6-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1299.959145][   T10] usb 6-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1299.978832][   T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1299.984492][   T30] audit: type=1400 audit(1299.941:1897): avc:  denied  { ioctl } for  pid=22702 comm="syz.7.4402" path="/dev/input/mice" dev="devtmpfs" ino=915 ioctlcmd=0xab00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[ 1300.037176][T22678] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 1300.037226][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[ 1300.051823][   T10] xpad 6-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90
[ 1300.053455][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[ 1300.091170][   T10] xpad 6-1:179.65: probe with driver xpad failed with error -90
[ 1300.256467][   T48] usb 6-1: USB disconnect, device number 108
[ 1302.990187][T22738] netlink: 16 bytes leftover after parsing attributes in process `syz.5.4409'.
[ 1303.437317][   T10] usb 9-1: new high-speed USB device number 71 using dummy_hcd
[ 1303.447627][    T9] vhci_hcd: vhci_device speed not set
[ 1303.610530][   T10] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1303.629575][   T10] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1303.640453][   T10] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1303.655433][   T10] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1303.667473][   T10] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1303.678623][   T10] usb 9-1: config 0 descriptor??
[ 1304.267794][   T10] plantronics 0003:047F:FFFF.002A: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.8-1/input0
[ 1304.746570][   T30] audit: type=1400 audit(1304.701:1898): avc:  denied  { connect } for  pid=22763 comm="syz.3.4422" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[ 1304.807252][T22767] kernel profiling enabled (shift: 17)
[ 1305.417829][T22773] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1305.444743][T22773] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1305.458611][T17881] Bluetooth: hci0: command 0x0405 tx timeout
[ 1305.487001][T22778] netlink: 'syz.3.4426': attribute type 10 has an invalid length.
[ 1305.511089][T22778] tmpfs: Unknown parameter '0x0000000000000005'
[ 1305.683368][T22784] ntfs3(nullb0): Primary boot signature is not NTFS.
[ 1305.695675][T22784] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00
[ 1306.342897][T22795] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4432'.
[ 1306.530842][   T48] usb 9-1: USB disconnect, device number 71
[ 1307.718696][T22813] netlink: 'syz.0.4439': attribute type 21 has an invalid length.
[ 1307.726673][T22813] netlink: 128 bytes leftover after parsing attributes in process `syz.0.4439'.
[ 1307.735735][T22813] netlink: 'syz.0.4439': attribute type 6 has an invalid length.
[ 1307.743441][T22813] netlink: 3 bytes leftover after parsing attributes in process `syz.0.4439'.
[ 1308.435568][   T30] audit: type=1400 audit(1308.391:1899): avc:  denied  { execute } for  pid=22822 comm="syz.0.4443" name="file1" dev="ramfs" ino=89926 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=file permissive=1
[ 1308.519655][   T30] audit: type=1400 audit(1308.391:1900): avc:  denied  { execute_no_trans } for  pid=22822 comm="syz.0.4443" path="/file1" dev="ramfs" ino=89926 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=file permissive=1
[ 1310.813294][T22827] netlink: 12 bytes leftover after parsing attributes in process `syz.8.4444'.
[ 1312.283322][T22853] 9pnet_fd: Insufficient options for proto=fd
[ 1312.695598][    T9] usb 9-1: new high-speed USB device number 72 using dummy_hcd
[ 1313.298340][T22865] netlink: 'syz.0.4452': attribute type 21 has an invalid length.
[ 1313.306607][T22865] netlink: 128 bytes leftover after parsing attributes in process `syz.0.4452'.
[ 1313.315864][T22865] netlink: 'syz.0.4452': attribute type 6 has an invalid length.
[ 1313.323591][T22865] netlink: 3 bytes leftover after parsing attributes in process `syz.0.4452'.
[ 1313.372588][    T9] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1313.410632][    T9] usb 9-1: New USB device found, idVendor=0079, idProduct=1846, bcdDevice= 0.00
[ 1313.415942][T22864] netlink: 'syz.7.4453': attribute type 21 has an invalid length.
[ 1313.427607][T22864] netlink: 128 bytes leftover after parsing attributes in process `syz.7.4453'.
[ 1313.436689][T22864] netlink: 'syz.7.4453': attribute type 6 has an invalid length.
[ 1313.444393][T22864] netlink: 3 bytes leftover after parsing attributes in process `syz.7.4453'.
[ 1313.483948][    T9] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1313.594756][    T9] usb 9-1: config 0 descriptor??
[ 1313.617637][T22881] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4457'.
[ 1313.626849][T22881] netlink: 16 bytes leftover after parsing attributes in process `syz.5.4457'.
[ 1313.640558][T22881] input: syz0 as /devices/virtual/input/input40
[ 1314.992854][    T9] hid_mf 0003:0079:1846.002B: unknown main item tag 0x7
[ 1315.002665][    T9] hid_mf 0003:0079:1846.002B: hidraw0: USB HID v0.00 Device [HID 0079:1846] on usb-dummy_hcd.8-1/input0
[ 1315.014136][    T9] hid_mf 0003:0079:1846.002B: Invalid report, this should never happen!
[ 1315.022837][    T9] hid_mf 0003:0079:1846.002B: Force feedback init failed.
[ 1316.325020][T22922] netlink: 'syz.5.4467': attribute type 21 has an invalid length.
[ 1316.333083][T22922] netlink: 128 bytes leftover after parsing attributes in process `syz.5.4467'.
[ 1316.342598][T22922] netlink: 'syz.5.4467': attribute type 6 has an invalid length.
[ 1316.350478][T22922] netlink: 3 bytes leftover after parsing attributes in process `syz.5.4467'.
[ 1316.817189][    T9] usb 9-1: USB disconnect, device number 72
[ 1317.636322][   T30] audit: type=1400 audit(1317.581:1901): avc:  denied  { read } for  pid=22946 comm="syz.0.4470" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[ 1317.875157][   T30] audit: type=1400 audit(1317.761:1902): avc:  denied  { setopt } for  pid=22946 comm="syz.0.4470" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[ 1318.295744][   T30] audit: type=1400 audit(1317.901:1903): avc:  denied  { getopt } for  pid=22967 comm="syz.3.4475" lport=55560 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1
[ 1318.698195][T22979] sp0: Synchronizing with TNC
[ 1318.744511][T22977] netlink: 64 bytes leftover after parsing attributes in process `syz.7.4477'.
[ 1318.941283][   T30] audit: type=1400 audit(1318.881:1904): avc:  denied  { read } for  pid=22981 comm="syz.5.4479" path="socket:[92280]" dev="sockfs" ino=92280 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[ 1319.168215][T22987] loop7: detected capacity change from 0 to 7
[ 1319.176370][T22987] buffer_io_error: 4 callbacks suppressed
[ 1319.176398][T22987] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1319.190928][T22987] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1319.199658][T22987] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1319.210202][T22987] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1319.218814][T22987] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1319.233075][T22987] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1319.241256][T22987] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1319.255437][T22987] ldm_validate_partition_table(): Disk read failed.
[ 1319.272097][T22987] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1319.292751][T22987] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1319.326367][T22987] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1319.334844][T22987] Dev loop7: unable to read RDB block 0
[ 1319.344594][T22987]  loop7: unable to read partition table
[ 1319.351722][T22987] loop7: partition table beyond EOD, truncated
[ 1319.358152][T22987] loop_reread_partitions: partition scan of loop7 (úùƒå¡™‰ü�¾CêjÌ–ã¢P=ý?ã}X‹ºÐ	œëÜ%õ«`ÉæÖ€ù…ˆ{í©Ö�˜Èµ4FLQkÝŠ) failed (rc=-5)
[ 1319.526116][T22973] [U] è``
[ 1319.828801][T23000] netlink: 'syz.0.4482': attribute type 21 has an invalid length.
[ 1319.855187][T23000] netlink: 128 bytes leftover after parsing attributes in process `syz.0.4482'.
[ 1319.866276][T23000] netlink: 'syz.0.4482': attribute type 6 has an invalid length.
[ 1319.874046][T23000] netlink: 3 bytes leftover after parsing attributes in process `syz.0.4482'.
[ 1320.429699][T23017] tmpfs: Bad value for 'nr_blocks'
[ 1320.445697][T23017] IPVS: Error connecting to the multicast addr
[ 1320.496477][ T5937] usb 4-1: new high-speed USB device number 100 using dummy_hcd
[ 1320.816069][ T5937] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1320.864290][ T5937] usb 4-1: New USB device found, idVendor=0079, idProduct=1846, bcdDevice= 0.00
[ 1320.892574][ T5937] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1320.904114][ T5937] usb 4-1: config 0 descriptor??
[ 1321.584905][ T5937] hid_mf 0003:0079:1846.002C: unknown main item tag 0x7
[ 1321.621566][ T5937] hid_mf 0003:0079:1846.002C: hidraw0: USB HID v0.00 Device [HID 0079:1846] on usb-dummy_hcd.3-1/input0
[ 1321.635551][   T10] usb 9-1: new high-speed USB device number 73 using dummy_hcd
[ 1321.687997][ T5937] hid_mf 0003:0079:1846.002C: Invalid report, this should never happen!
[ 1321.696797][ T5937] hid_mf 0003:0079:1846.002C: Force feedback init failed.
[ 1321.807817][   T10] usb 9-1: device descriptor read/64, error -71
[ 1322.455530][   T10] usb 9-1: new high-speed USB device number 74 using dummy_hcd
[ 1322.595572][   T10] usb 9-1: device descriptor read/64, error -71
[ 1322.706385][   T10] usb usb9-port1: attempt power cycle
[ 1323.088377][   T10] usb 9-1: new high-speed USB device number 75 using dummy_hcd
[ 1323.326041][   T10] usb 9-1: device descriptor read/8, error -71
[ 1323.655655][   T10] usb 9-1: new high-speed USB device number 76 using dummy_hcd
[ 1323.676249][   T10] usb 9-1: device descriptor read/8, error -71
[ 1323.788122][   T10] usb usb9-port1: unable to enumerate USB device
[ 1324.189748][T23071] qrtr: Invalid version 255
[ 1324.590588][    T9] usb 4-1: USB disconnect, device number 100
[ 1324.644658][T23081] netlink: 'syz.0.4505': attribute type 2 has an invalid length.
[ 1324.667799][T23081] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1325.835240][T23101] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4513'.
[ 1327.955792][    T9] usb 4-1: new high-speed USB device number 101 using dummy_hcd
[ 1328.115544][    T9] usb 4-1: Using ep0 maxpacket: 32
[ 1328.159306][    T9] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[ 1328.199867][    T9] usb 4-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[ 1328.209495][    T9] usb 4-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[ 1328.217984][    T9] usb 4-1: Product: syz
[ 1328.222314][    T9] usb 4-1: Manufacturer: syz
[ 1328.227467][    T9] usb 4-1: SerialNumber: syz
[ 1328.233613][    T9] usb 4-1: config 0 descriptor??
[ 1328.239623][T23125] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 1328.597807][ T6039] usb 4-1: USB disconnect, device number 101
[ 1330.197233][T23151] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4529'.
[ 1330.308090][T23151] bond5 (unregistering): Released all slaves
[ 1330.839034][T23164] can0: slcan on ttyS3.
[ 1330.882775][T23164] svc: failed to register nfsdv3 RPC service (errno 111).
[ 1330.891586][T23164] svc: failed to register nfsaclv3 RPC service (errno 111).
[ 1331.598592][T23179] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[ 1331.715226][ T5937] libceph: connect (1)[c::]:6789 error -101
[ 1331.728577][ T5937] libceph: mon0 (1)[c::]:6789 connect error
[ 1331.797000][T23182] binder: 23173:23182 ioctl c0306201 0 returned -14
[ 1331.850631][T23179] ceph: No mds server is up or the cluster is laggy
[ 1332.178361][T23158] can0 (unregistered): slcan off ttyS3.
[ 1333.727698][T23214] netlink: 'syz.0.4546': attribute type 1 has an invalid length.
[ 1333.743906][T23214] 8021q: adding VLAN 0 to HW filter on device bond5
[ 1333.789217][T23217] FAULT_INJECTION: forcing a failure.
[ 1333.789217][T23217] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1333.805564][T23217] CPU: 0 UID: 0 PID: 23217 Comm: syz.5.4547 Not tainted syzkaller #0 PREEMPT(full) 
[ 1333.805591][T23217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1333.805602][T23217] Call Trace:
[ 1333.805608][T23217]  <TASK>
[ 1333.805616][T23217]  dump_stack_lvl+0x16c/0x1f0
[ 1333.805640][T23217]  should_fail_ex+0x512/0x640
[ 1333.805664][T23217]  _copy_from_user+0x2e/0xd0
[ 1333.805685][T23217]  copy_mount_options+0x76/0x190
[ 1333.805712][T23217]  __x64_sys_mount+0x1ab/0x310
[ 1333.805736][T23217]  ? __pfx___x64_sys_mount+0x10/0x10
[ 1333.805765][T23217]  do_syscall_64+0xcd/0x4e0
[ 1333.805784][T23217]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1333.805800][T23217] RIP: 0033:0x7f0abf58eec9
[ 1333.805815][T23217] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1333.805831][T23217] RSP: 002b:00007f0ac0404038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 1333.805848][T23217] RAX: ffffffffffffffda RBX: 00007f0abf7e5fa0 RCX: 00007f0abf58eec9
[ 1333.805859][T23217] RDX: 0000200000000080 RSI: 0000200000000040 RDI: 0000000000000000
[ 1333.805870][T23217] RBP: 00007f0ac0404090 R08: 0000200000000840 R09: 0000000000000000
[ 1333.805881][T23217] R10: 000000000000008c R11: 0000000000000246 R12: 0000000000000001
[ 1333.805902][T23217] R13: 00007f0abf7e6038 R14: 00007f0abf7e5fa0 R15: 00007ffedb785ea8
[ 1333.805926][T23217]  </TASK>
[ 1333.814791][T23218] bond5: (slave wlan0): Enslaving as an active interface with a down link
[ 1334.086597][ T5937] usb 4-1: new high-speed USB device number 102 using dummy_hcd
[ 1334.474995][   T30] audit: type=1400 audit(1334.161:1905): avc:  denied  { watch_sb } for  pid=23221 comm="syz.8.4549" path="/59/file0" dev="tmpfs" ino=323 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[ 1334.577344][ T5937] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1335.245771][ T5937] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 1335.325523][ T5937] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1335.330518][T23227] usb usb7: usbfs: process 23227 (syz.5.4550) did not claim interface 0 before use
[ 1335.434851][T23228] binder: BINDER_SET_CONTEXT_MGR already set
[ 1335.441162][T23228] binder: 23226:23228 ioctl 4018620d 200000004a80 returned -16
[ 1335.675737][ T5937] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1335.746250][T23220] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 1335.797182][ T5937] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[ 1336.012912][ T6039] usb 4-1: USB disconnect, device number 102
[ 1336.573357][   T30] audit: type=1326 audit(1336.531:1906): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23245 comm="syz.3.4556" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe11b18eec9 code=0x0
[ 1337.125608][   T30] audit: type=1400 audit(1337.081:1907): avc:  denied  { listen } for  pid=23245 comm="syz.3.4556" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[ 1337.230484][   T30] audit: type=1400 audit(1337.081:1908): avc:  denied  { accept } for  pid=23245 comm="syz.3.4556" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[ 1339.387361][   T30] audit: type=1400 audit(1339.351:1909): avc:  denied  { mounton } for  pid=23277 comm="syz.7.4567" path="/" dev="configfs" ino=1066 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[ 1339.427210][   T30] audit: type=1400 audit(1339.381:1910): avc:  denied  { read open } for  pid=23277 comm="syz.7.4567" path="/" dev="configfs" ino=1066 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[ 1339.614036][   T30] audit: type=1400 audit(1339.571:1911): avc:  denied  { unmount } for  pid=19242 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1
[ 1339.886421][    T9] usb 9-1: new full-speed USB device number 77 using dummy_hcd
[ 1341.077935][    T9] usb 9-1: unable to get BOS descriptor or descriptor too short
[ 1341.584561][T23315] netlink: 'syz.5.4579': attribute type 1 has an invalid length.
[ 1341.606023][T23315] netlink: 16150 bytes leftover after parsing attributes in process `syz.5.4579'.
[ 1341.616298][    T9] usb 9-1: not running at top speed; connect to a high speed hub
[ 1341.629722][    T9] usb 9-1: config 1 interface 0 has no altsetting 0
[ 1341.770054][    T9] usb 9-1: New USB device found, idVendor=0dfc, idProduct=0101, bcdDevice= 0.40
[ 1341.779516][    T9] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1341.787648][    T9] usb 9-1: Product: syz
[ 1341.792057][    T9] usb 9-1: SerialNumber: syz
[ 1341.819920][T23320] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4582'.
[ 1342.025917][    T9] usbhid 9-1:1.0: can't add hid device: -71
[ 1342.031886][    T9] usbhid 9-1:1.0: probe with driver usbhid failed with error -71
[ 1342.505851][    T9] usb 9-1: USB disconnect, device number 77
[ 1342.919664][T23342] netlink: 16 bytes leftover after parsing attributes in process `syz.5.4591'.
[ 1343.005721][    T9] usb 9-1: new high-speed USB device number 78 using dummy_hcd
[ 1343.655954][    T9] usb 9-1: New USB device found, idVendor=05e1, idProduct=0893, bcdDevice=d9.bc
[ 1343.665058][    T9] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1343.683366][    T9] usb 9-1: Product: syz
[ 1343.688090][    T9] usb 9-1: Manufacturer: syz
[ 1343.692703][    T9] usb 9-1: SerialNumber: syz
[ 1343.699988][    T9] usb 9-1: config 0 descriptor??
[ 1343.709857][    T9] gspca_main: stk014-2.14.0 probing 05e1:0893
[ 1343.716137][    T9] usb 9-1: selecting invalid altsetting 1
[ 1343.939163][    T9] gspca_stk014: init reg: 0x00
[ 1343.944187][    T9] stk014 9-1:0.0: probe with driver stk014 failed with error -5
[ 1344.123818][ T6039] usb 9-1: USB disconnect, device number 78
[ 1345.136118][T23393] syzkaller1: entered promiscuous mode
[ 1345.151900][T23393] syzkaller1: entered allmulticast mode
[ 1345.314714][ T6039] libceph: connect (1)[c::]:6789 error -101
[ 1345.335740][ T6039] libceph: mon0 (1)[c::]:6789 connect error
[ 1345.372345][T23396] netlink: 16 bytes leftover after parsing attributes in process `syz.5.4614'.
[ 1345.640572][T23401] ceph: No mds server is up or the cluster is laggy
[ 1345.649373][   T48] libceph: connect (1)[c::]:6789 error -101
[ 1345.666262][   T48] libceph: mon0 (1)[c::]:6789 connect error
[ 1345.895326][   T30] audit: type=1400 audit(1345.851:1912): avc:  denied  { unmount } for  pid=16818 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[ 1349.791297][T23451] netlink: 88 bytes leftover after parsing attributes in process `syz.7.4632'.
[ 1349.877294][T23461] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1350.075593][ T5937] usb 9-1: new high-speed USB device number 79 using dummy_hcd
[ 1350.594930][ T5937] usb 9-1: config 220 has an invalid interface number: 76 but max is 2
[ 1350.612735][ T5937] usb 9-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[ 1350.639379][ T5937] usb 9-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[ 1350.663236][ T5937] usb 9-1: config 220 has no interface number 2
[ 1350.673786][ T5937] usb 9-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[ 1350.788952][ T5937] usb 9-1: config 220 interface 0 has no altsetting 0
[ 1350.799356][ T5937] usb 9-1: config 220 interface 76 has no altsetting 0
[ 1350.808774][ T5937] usb 9-1: config 220 interface 1 has no altsetting 0
[ 1350.819140][ T5937] usb 9-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[ 1350.843323][ T5937] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1350.945846][ T5937] usb 9-1: Product: syz
[ 1350.960001][ T5937] usb 9-1: Manufacturer: syz
[ 1350.971699][ T5937] usb 9-1: SerialNumber: syz
[ 1351.267056][ T5937] uvcvideo 9-1:220.0: Found UVC 7.01 device syz (8086:0b07)
[ 1351.373876][ T5937] uvcvideo 9-1:220.0: No valid video chain found.
[ 1351.406717][ T5937] usb 9-1: selecting invalid altsetting 0
[ 1351.482535][ T5937] usb 9-1: selecting invalid altsetting 0
[ 1351.489995][ T5937] usbtest 9-1:220.1: probe with driver usbtest failed with error -22
[ 1351.510307][ T5937] usb 9-1: USB disconnect, device number 79
[ 1353.415609][   T48] usb 6-1: new high-speed USB device number 109 using dummy_hcd
[ 1353.821218][T23522] mkiss: ax0: crc mode is auto.
[ 1353.832222][T23522] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1354.575610][   T48] usb 6-1: Using ep0 maxpacket: 32
[ 1354.583994][   T48] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1354.593248][   T48] usb 6-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[ 1354.663260][   T48] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1354.669917][T23531] netlink: 'syz.3.4659': attribute type 1 has an invalid length.
[ 1354.681808][   T48] usb 6-1: Product: syz
[ 1354.691955][   T48] usb 6-1: Manufacturer: syz
[ 1354.705647][   T48] usb 6-1: SerialNumber: syz
[ 1354.721212][   T48] usb 6-1: config 0 descriptor??
[ 1355.350599][   T48] gs_usb 6-1:0.0: Configuring for 1 interfaces
[ 1355.741068][T23546] kvm: pic: non byte write
[ 1355.768995][   T48] gs_usb 6-1:0.0: Disabling termination support for channel 0 (-EPROTO)
[ 1355.858499][   T30] audit: type=1326 audit(1355.791:1913): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23547 comm="syz.3.4664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe11b18eec9 code=0x7ffc0000
[ 1355.875648][   T48] usb 6-1: USB disconnect, device number 109
[ 1355.882178][   T13] Bluetooth: hci3: Frame reassembly failed (-84)
[ 1355.986049][   T30] audit: type=1326 audit(1355.791:1914): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23547 comm="syz.3.4664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe11b18eec9 code=0x7ffc0000
[ 1356.098500][T23556] ip6_vti0 speed is unknown, defaulting to 1000
[ 1356.235845][   T30] audit: type=1326 audit(1355.791:1915): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23547 comm="syz.3.4664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7fe11b18eec9 code=0x7ffc0000
[ 1356.386277][T23558] 
[ 1356.523387][T23556] lo speed is unknown, defaulting to 1000
[ 1356.644166][   T30] audit: type=1326 audit(1355.791:1916): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23547 comm="syz.3.4664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe11b18eec9 code=0x7ffc0000
[ 1356.713561][   T30] audit: type=1326 audit(1355.791:1917): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23547 comm="syz.3.4664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe11b18eec9 code=0x7ffc0000
[ 1356.738182][   T30] audit: type=1326 audit(1355.791:1918): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23547 comm="syz.3.4664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fe11b18eec9 code=0x7ffc0000
[ 1356.761354][   T30] audit: type=1326 audit(1355.791:1919): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23547 comm="syz.3.4664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe11b18eec9 code=0x7ffc0000
[ 1356.784920][   T30] audit: type=1326 audit(1355.791:1920): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23547 comm="syz.3.4664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe11b18eec9 code=0x7ffc0000
[ 1356.913273][   T30] audit: type=1326 audit(1355.791:1921): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23547 comm="syz.3.4664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe11b18eec9 code=0x7ffc0000
[ 1357.423004][   T30] audit: type=1326 audit(1355.791:1922): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23547 comm="syz.3.4664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe11b18eec9 code=0x7ffc0000
[ 1357.987408][ T5833] Bluetooth: hci3: command 0x1003 tx timeout
[ 1357.995249][T17881] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 1359.624367][T23606] netlink: 4280 bytes leftover after parsing attributes in process `syz.8.4679'.
[ 1359.634145][T23606] netlink: 4280 bytes leftover after parsing attributes in process `syz.8.4679'.
[ 1361.395548][ T5937] usb 4-1: new low-speed USB device number 103 using dummy_hcd
[ 1361.447896][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[ 1361.454583][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[ 1361.606794][ T5937] usb 4-1: config 0 interface 0 altsetting 5 endpoint 0x81 has invalid maxpacket 512, setting to 8
[ 1361.792178][T23626] ip6_vti0 speed is unknown, defaulting to 1000
[ 1362.646913][ T5937] usb 4-1: config 0 interface 0 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1362.791612][T23626] lo speed is unknown, defaulting to 1000
[ 1363.051985][ T5937] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1363.058984][ T5937] usb 4-1: New USB device found, idVendor=058f, idProduct=9410, bcdDevice= 0.00
[ 1363.068146][ T5937] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1363.081126][ T5937] usb 4-1: config 0 descriptor??
[ 1363.097489][T23619] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 1363.311912][ T5937] usbhid 4-1:0.0: can't add hid device: -71
[ 1363.570436][ T5937] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[ 1363.581187][ T5937] usb 4-1: USB disconnect, device number 103
[ 1364.005706][   T48] usb 9-1: new high-speed USB device number 80 using dummy_hcd
[ 1364.251447][   T48] usb 9-1: config 0 has an invalid interface number: 1 but max is 0
[ 1364.600884][   T48] usb 9-1: config 0 has no interface number 0
[ 1364.621457][   T48] usb 9-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[ 1364.637790][   T48] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1364.649362][   T48] usb 9-1: Product: syz
[ 1364.653844][   T48] usb 9-1: Manufacturer: syz
[ 1364.664171][   T48] usb 9-1: SerialNumber: syz
[ 1364.671659][   T48] usb 9-1: config 0 descriptor??
[ 1364.917659][   T48] usb 9-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state
[ 1365.306072][   T48] usb 9-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[ 1365.468845][   T48] dvbdev: DVB: registering new adapter (E3C EC168 reference design)
[ 1365.477825][   T48] usb 9-1: media controller created
[ 1365.506461][   T48] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1365.739592][   T80] Bluetooth: (null): Invalid header checksum
[ 1365.817771][   T80] Bluetooth: (null): Invalid header checksum
[ 1365.908388][   T80] Bluetooth: (null): Invalid header checksum
[ 1366.014685][T22654] Bluetooth: (null): Invalid header checksum
[ 1366.036519][   T48] usb 9-1: USB disconnect, device number 80
[ 1366.076252][ T6602] Bluetooth: (null): Invalid header checksum
[ 1367.085541][   T48] usb 6-1: new high-speed USB device number 110 using dummy_hcd
[ 1367.446574][   T48] usb 6-1: Using ep0 maxpacket: 32
[ 1367.491620][   T48] usb 6-1: config 0 has an invalid interface number: 8 but max is 0
[ 1367.521168][   T48] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1367.531632][   T48] usb 6-1: config 0 has no interface number 0
[ 1367.541149][   T48] usb 6-1: config 0 interface 8 altsetting 248 endpoint 0xC has an invalid bInterval 0, changing to 7
[ 1367.558377][   T48] usb 6-1: config 0 interface 8 altsetting 248 has 1 endpoint descriptor, different from the interface descriptor's value: 10
[ 1367.573697][   T48] usb 6-1: config 0 interface 8 has no altsetting 0
[ 1367.583580][   T48] usb 6-1: New USB device found, idVendor=04da, idProduct=390d, bcdDevice=2d.bb
[ 1367.593090][   T48] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1367.604280][   T48] usb 6-1: Product: syz
[ 1367.610198][   T48] usb 6-1: Manufacturer: syz
[ 1367.614917][   T48] usb 6-1: SerialNumber: syz
[ 1367.631393][   T48] usb 6-1: config 0 descriptor??
[ 1367.853710][   T48] ath6kl: Failed to submit usb control message: -71
[ 1367.861127][   T48] ath6kl: unable to send the bmi data to the device: -71
[ 1367.868829][   T48] ath6kl: Unable to send get target info: -71
[ 1367.897450][   T48] ath6kl: Failed to init ath6kl core: -71
[ 1367.903644][   T48] ath6kl_usb 6-1:0.8: probe with driver ath6kl_usb failed with error -71
[ 1367.916718][   T48] usb 6-1: USB disconnect, device number 110
[ 1368.727801][T17881] Bluetooth: hci0: command 0x0405 tx timeout
[ 1369.545538][ T5937] usb 6-1: new full-speed USB device number 111 using dummy_hcd
[ 1369.801654][ T5937] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1370.543394][ T5937] usb 6-1: New USB device found, idVendor=1bc7, idProduct=1040, bcdDevice=b5.b1
[ 1370.553417][ T5937] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1370.612179][ T5937] usb 6-1: Product: syz
[ 1370.619501][ T5937] usb 6-1: Manufacturer: syz
[ 1370.662206][ T5937] usb 6-1: SerialNumber: syz
[ 1370.706218][ T5937] usb 6-1: config 0 descriptor??
[ 1370.713552][ T5937] option 6-1:0.0: GSM modem (1-port) converter detected
[ 1370.972673][ T6039] usb 6-1: USB disconnect, device number 111
[ 1370.982392][ T6039] option 6-1:0.0: device disconnected
[ 1371.026139][   T48] usb 4-1: new full-speed USB device number 104 using dummy_hcd
[ 1371.189778][   T48] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[ 1371.199601][   T48] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1371.209046][   T48] usb 4-1: Product: syz
[ 1371.213232][   T48] usb 4-1: Manufacturer: syz
[ 1371.218342][   T48] usb 4-1: SerialNumber: syz
[ 1371.249670][   T48] usb 4-1: config 0 descriptor??
[ 1371.549525][   T48] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[ 1371.717456][   T50] Bluetooth: hci3: Frame reassembly failed (-84)
[ 1372.049674][T23798] netlink: 24 bytes leftover after parsing attributes in process `syz.5.4751'.
[ 1372.058843][T23798] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[ 1372.286564][T23805] bond1: left promiscuous mode
[ 1372.291617][T23805] bond2: left promiscuous mode
[ 1372.307991][   T80] netdevsim netdevsim5 netdevsim0: unset [0, 0] type 1 family 0 port 2816 - 0
[ 1372.323969][   T80] netdevsim netdevsim5 netdevsim1: unset [0, 0] type 1 family 0 port 2816 - 0
[ 1372.333690][   T80] netdevsim netdevsim5 netdevsim2: unset [0, 0] type 1 family 0 port 2816 - 0
[ 1372.343451][   T80] netdevsim netdevsim5 netdevsim3: unset [0, 0] type 1 family 0 port 2816 - 0
[ 1373.024672][    C1] raw-gadget.2 gadget.3: ignoring, device is not running
[ 1373.051993][   T48] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[ 1373.068063][   T48] usb 4-1: USB disconnect, device number 104
[ 1373.295639][ T5937] usb 6-1: new full-speed USB device number 112 using dummy_hcd
[ 1373.433860][T23823] kvm: pic: non byte write
[ 1373.811676][ T5833] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 1373.819909][T17881] Bluetooth: hci3: command 0x1003 tx timeout
[ 1374.037042][ T5937] usb 6-1: config 0 has an invalid interface number: 206 but max is 0
[ 1374.051440][ T5937] usb 6-1: config 0 has no interface number 0
[ 1374.059787][ T5937] usb 6-1: config 0 interface 206 altsetting 2 endpoint 0x6 has invalid maxpacket 512, setting to 64
[ 1374.071220][ T5937] usb 6-1: config 0 interface 206 has no altsetting 0
[ 1374.082606][ T5937] usb 6-1: New USB device found, idVendor=04e8, idProduct=ff30, bcdDevice=2b.4b
[ 1374.125344][ T5937] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1374.142874][ T5937] usb 6-1: Product: syz
[ 1374.208666][ T5937] usb 6-1: Manufacturer: syz
[ 1374.218736][ T5937] usb 6-1: SerialNumber: syz
[ 1374.260461][ T5937] usb 6-1: config 0 descriptor??
[ 1374.271527][T23817] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 1374.282135][ T5937] imon_raw 6-1:0.206: IR endpoint missing
[ 1374.375583][    T9] usb 4-1: new high-speed USB device number 105 using dummy_hcd
[ 1374.484069][ T5937] usb 6-1: USB disconnect, device number 112
[ 1374.535655][    T9] usb 4-1: Using ep0 maxpacket: 32
[ 1374.544748][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1374.557795][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1374.568094][    T9] usb 4-1: New USB device found, idVendor=20bc, idProduct=5500, bcdDevice= 0.00
[ 1374.577299][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1374.594401][    T9] usb 4-1: config 0 descriptor??
[ 1375.079472][    T9] betop 0003:20BC:5500.002D: global environment stack underflow
[ 1375.106203][    T9] betop 0003:20BC:5500.002D: item 0 4 1 11 parsing failed
[ 1375.133495][    T9] betop 0003:20BC:5500.002D: parse failed
[ 1375.239318][    T9] betop 0003:20BC:5500.002D: probe with driver betop failed with error -22
[ 1375.268229][    T9] usb 4-1: USB disconnect, device number 105
[ 1377.067223][   T30] kauditd_printk_skb: 36 callbacks suppressed
[ 1377.067240][   T30] audit: type=1400 audit(1377.031:1959): avc:  denied  { write } for  pid=23894 comm="syz.3.4787" name="random" dev="devtmpfs" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1
[ 1381.598801][ T6039] usb 6-1: new full-speed USB device number 113 using dummy_hcd
[ 1381.666276][T23969] genirq: Flags mismatch irq 5. 00200000 (pcl812) vs. 00200000 (at-a2150c)
[ 1382.022349][ T6039] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[ 1382.038572][ T6039] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1382.065694][ T6039] usb 6-1: Product: syz
[ 1382.072836][ T6039] usb 6-1: Manufacturer: syz
[ 1382.077600][ T6039] usb 6-1: SerialNumber: syz
[ 1382.086952][ T6039] usb 6-1: config 0 descriptor??
[ 1382.303447][ T6039] usb 6-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[ 1383.215614][ T5937] usb 9-1: new high-speed USB device number 81 using dummy_hcd
[ 1383.375940][ T5937] usb 9-1: Using ep0 maxpacket: 16
[ 1383.431425][ T5937] usb 9-1: unable to get BOS descriptor or descriptor too short
[ 1383.503541][ T5937] usb 9-1: config 13 has an invalid interface number: 50 but max is 0
[ 1383.528223][ T5937] usb 9-1: config 13 has an invalid descriptor of length 0, skipping remainder of the config
[ 1383.553695][ T5937] usb 9-1: config 13 has no interface number 0
[ 1383.570589][ T5937] usb 9-1: config 13 interface 50 altsetting 167 bulk endpoint 0x8 has invalid maxpacket 16
[ 1383.585762][ T5937] usb 9-1: config 13 interface 50 altsetting 167 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1383.600914][ T5937] usb 9-1: config 13 interface 50 has no altsetting 0
[ 1383.617884][ T5937] usb 9-1: New USB device found, idVendor=1aca, idProduct=b28e, bcdDevice=92.32
[ 1383.631368][ T5937] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1383.640983][ T5937] usb 9-1: Product: syz
[ 1383.645182][ T5937] usb 9-1: Manufacturer: syz
[ 1383.650114][ T5937] usb 9-1: SerialNumber: syz
[ 1383.660500][T23995] raw-gadget.1 gadget.8: fail, usb_ep_enable returned -22
[ 1383.750754][T24015] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4834'.
[ 1384.872737][ T5937] usb 9-1: Quirk or no altset; falling back to MIDI 1.0
[ 1384.880203][ T5937] usb 9-1: MIDIStreaming interface descriptor not found
[ 1384.892181][ T6039] dvb_usb_rtl28xxu 6-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[ 1384.925768][ T6039] usb 6-1: USB disconnect, device number 113
[ 1384.938691][ T5937] usb 9-1: USB disconnect, device number 81
[ 1385.189002][T24036] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=24036 comm=syz.0.4841
[ 1387.553436][T24073] input: syz0 as /devices/virtual/input/input41
[ 1389.655577][ T5833] Bluetooth: hci2: command 0x0401 tx timeout
[ 1389.680178][    T9] Bluetooth: hci2: Opcode 0x0c1a failed: -110
[ 1389.687083][    T9] Bluetooth: hci2: Error when powering off device on rfkill (-110)
[ 1390.486106][   T10] usb 4-1: new high-speed USB device number 106 using dummy_hcd
[ 1391.275481][   T10] usb 4-1: Using ep0 maxpacket: 32
[ 1391.285390][   T10] usb 4-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be
[ 1391.312707][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1391.462082][   T10] usb 4-1: config 0 descriptor??
[ 1391.474239][   T10] gspca_main: vc032x-2.14.0 probing 0ac8:0321
[ 1391.825649][   T30] audit: type=1400 audit(1391.651:1960): avc:  denied  { write } for  pid=24122 comm="syz.8.4871" name="loop-control" dev="devtmpfs" ino=645 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[ 1391.865443][ T5833] Bluetooth: hci1: command 0x0406 tx timeout
[ 1392.050542][    T9] Bluetooth: hci1: Opcode 0x0c1a failed: -110
[ 1392.061703][    T9] Bluetooth: hci1: Error when powering off device on rfkill (-110)
[ 1393.577304][   T10] gspca_vc032x: reg_w err -71
[ 1393.590496][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[ 1394.058814][ T5937] IPVS: starting estimator thread 0...
[ 1394.087425][ T5833] Bluetooth: hci5: command 0x0405 tx timeout
[ 1394.116401][    T9] Bluetooth: hci5: Opcode 0x0c1a failed: -110
[ 1394.282263][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[ 1394.303837][T24153] IPVS: using max 73 ests per chain, 175200 per kthread
[ 1394.311152][    T9] Bluetooth: hci5: Error when powering off device on rfkill (-110)
[ 1394.321141][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[ 1394.328400][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[ 1394.349726][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[ 1394.355032][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[ 1394.474573][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[ 1394.480098][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[ 1394.492774][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[ 1394.499395][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[ 1394.504697][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[ 1394.512237][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[ 1394.523178][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[ 1394.529597][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[ 1394.535013][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[ 1394.948825][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[ 1394.954148][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[ 1394.960046][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[ 1394.965352][   T10] gspca_vc032x: Unknown sensor...
[ 1394.971010][   T10] vc032x 4-1:0.0: probe with driver vc032x failed with error -22
[ 1394.980509][   T10] usb 4-1: USB disconnect, device number 106
[ 1395.549601][T24172] overlayfs: failed to resolve './file1': -2
[ 1396.565768][ T5833] Bluetooth: hci0: command 0x0405 tx timeout
[ 1396.565796][    T9] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[ 1396.591319][    T9] Bluetooth: hci0: Error when powering off device on rfkill (-110)
[ 1396.653371][T24200] overlayfs: failed to resolve './file1': -2
[ 1398.860760][T17881] Bluetooth: hci3: command 0x1003 tx timeout
[ 1398.867233][ T5833] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 1399.820376][T24255] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4918'.
[ 1400.044759][T24270] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4923'.
[ 1400.053895][T24270] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4923'.
[ 1400.721668][T24292] netlink: 28 bytes leftover after parsing attributes in process `syz.7.4933'.
[ 1400.796518][T24294] input: syz0 as /devices/virtual/input/input42
[ 1401.263525][T24298] syzkaller1: entered promiscuous mode
[ 1401.269097][T24298] syzkaller1: entered allmulticast mode
[ 1401.341619][T24301] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[ 1401.898113][ T2147] usb 4-1: new high-speed USB device number 107 using dummy_hcd
[ 1402.516228][ T2147] usb 4-1: Using ep0 maxpacket: 16
[ 1402.536302][ T2147] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[ 1403.007071][ T2147] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1403.045541][    T9] usb 6-1: new full-speed USB device number 114 using dummy_hcd
[ 1403.080881][ T2147] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[ 1403.227121][    T9] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1403.231090][ T2147] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1403.249794][    T9] usb 6-1: New USB device found, idVendor=1bc7, idProduct=1040, bcdDevice=b5.b1
[ 1403.272833][ T2147] usb 4-1: Product: syz
[ 1403.277211][ T2147] usb 4-1: Manufacturer: syz
[ 1403.282054][ T2147] usb 4-1: SerialNumber: syz
[ 1403.282069][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1403.322833][ T2147] usb 4-1: config 0 descriptor??
[ 1403.330286][    T9] usb 6-1: Product: syz
[ 1403.342703][    T9] usb 6-1: Manufacturer: syz
[ 1403.344776][ T2147] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[ 1403.355605][    T9] usb 6-1: SerialNumber: syz
[ 1403.382521][    T9] usb 6-1: config 0 descriptor??
[ 1403.397865][ T2147] em28xx 4-1:0.0: Audio interface 0 found (Vendor Class)
[ 1403.400021][    T9] option 6-1:0.0: GSM modem (1-port) converter detected
[ 1403.641773][   T48] usb 6-1: USB disconnect, device number 114
[ 1403.655048][   T48] option 6-1:0.0: device disconnected
[ 1403.816165][ T2147] em28xx 4-1:0.0: unknown em28xx chip ID (0)
[ 1403.827952][ T2147] em28xx 4-1:0.0: Config register raw data: 0xfffffffb
[ 1403.841628][ T2147] em28xx 4-1:0.0: AC97 chip type couldn't be determined
[ 1403.849089][ T2147] em28xx 4-1:0.0: No AC97 audio processor
[ 1404.020735][ T2147] usb 4-1: USB disconnect, device number 107
[ 1404.028080][ T2147] em28xx 4-1:0.0: Disconnecting em28xx
[ 1404.034487][ T2147] em28xx 4-1:0.0: Freeing device
[ 1404.219662][ T7286] Bluetooth: hci3: Frame reassembly failed (-84)
[ 1405.467328][T24397] ip6_vti0 speed is unknown, defaulting to 1000
[ 1405.698761][T24397] lo speed is unknown, defaulting to 1000
[ 1406.170469][ T5833] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 1406.330447][T24415] netlink: 8 bytes leftover after parsing attributes in process `syz.8.4965'.
[ 1407.393916][T24437] mkiss: ax0: crc mode is auto.
[ 1408.284905][T18249] Bluetooth: hci3: Frame reassembly failed (-84)
[ 1408.454769][T24451] No memory to map
[ 1409.764655][T24480] netlink: 'syz.7.4990': attribute type 1 has an invalid length.
[ 1410.189153][T24489] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4994'.
[ 1410.198351][T24489] unsupported nlmsg_type 40
[ 1410.255698][ T5833] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 1411.578807][T24514] [U] $(c#æÞÙ™€35±üDnÔTý §ajpËÀH�õÍwá†RÈy‰Ê6å‚›jÒØ5Ò†J)'j¹êžÕ‡Tý'zH1,^¹.*©bÜÞ‡X¸ÛæÀäf£Oÿ<Kî¹~(B„loÜ,\@MH5ÓÐiõõêöÄ@‘(•˜>´Ûbc;{Ô�mƒP†…ÄͦlF¢| »šIY‰ÿX
[ 1412.279747][T24537] netlink: 'syz.8.5009': attribute type 14 has an invalid length.
[ 1412.375559][    T9] usb 6-1: new low-speed USB device number 115 using dummy_hcd
[ 1412.620157][    T9] usb 6-1: unable to get BOS descriptor or descriptor too short
[ 1412.640131][    T9] usb 6-1: config 4 interface 0 has no altsetting 0
[ 1412.649866][    T9] usb 6-1: language id specifier not provided by device, defaulting to English
[ 1412.665228][    T9] usb 6-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[ 1412.674926][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1412.683499][    T9] usb 6-1: SerialNumber: 喢籀ﱧ耬캪�⃫�話릟臈
[ 1412.886303][T24550] netlink: 'syz.0.5012': attribute type 10 has an invalid length.
[ 1412.994631][    T9] usb 6-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[ 1413.004137][    T9] usb 6-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[ 1413.022602][    T9] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[ 1413.039005][    T9] usb 6-1: media controller created
[ 1413.147045][    T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1413.192954][    T9] zl10353_read_register: readreg error (reg=127, ret==0)
[ 1413.269746][    T9] usb 6-1: USB disconnect, device number 115
[ 1415.953256][T24593] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5028'.
[ 1415.986421][   T30] audit: type=1326 audit(1415.911:1961): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24591 comm="syz.0.5028" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f20fbb8eec9 code=0x0
[ 1417.395479][ T6039] usb 4-1: new high-speed USB device number 108 using dummy_hcd
[ 1417.545592][ T6039] usb 4-1: device descriptor read/64, error -71
[ 1417.905483][ T6039] usb 4-1: new high-speed USB device number 109 using dummy_hcd
[ 1418.075605][ T6039] usb 4-1: device descriptor read/64, error -71
[ 1419.627126][   T30] audit: type=1400 audit(1419.591:1962): avc:  denied  { accept } for  pid=24650 comm="syz.5.5043" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[ 1419.655958][ T6039] usb usb4-port1: attempt power cycle
[ 1419.999059][ T6039] usb 4-1: new high-speed USB device number 110 using dummy_hcd
[ 1420.418783][T24675] netlink: 4400 bytes leftover after parsing attributes in process `syz.8.5050'.
[ 1420.429161][T24675] workqueue: name exceeds WQ_NAME_LEN. Truncating to: Ç`]Š•Iöq¯!¾>Ýsó³Îú*Š®!)\Ç+`
[ 1420.519420][ T6039] usb 4-1: device descriptor read/8, error -71
[ 1422.626050][T24699] fuse: Bad value for 'fd'
[ 1422.896398][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[ 1422.902817][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[ 1423.975514][ T5823] usb 6-1: new high-speed USB device number 116 using dummy_hcd
[ 1424.388053][ T5823] usb 6-1: device descriptor read/64, error -71
[ 1424.425555][T24723] netlink: 4804 bytes leftover after parsing attributes in process `syz.0.5068'.
[ 1424.486307][T24723] netlink: 4804 bytes leftover after parsing attributes in process `syz.0.5068'.
[ 1424.779435][T24730] syzkaller0: entered promiscuous mode
[ 1424.826856][ T5823] usb 6-1: new high-speed USB device number 117 using dummy_hcd
[ 1424.977868][ T5823] usb 6-1: device descriptor read/64, error -71
[ 1424.989906][T24739] fuse: Bad value for 'fd'
[ 1425.095955][ T5823] usb usb6-port1: attempt power cycle
[ 1425.118832][T24745] openvswitch: netlink: Message has 8 unknown bytes.
[ 1425.329649][T24750] netlink: 'syz.7.5076': attribute type 1 has an invalid length.
[ 1425.735500][ T5823] usb 6-1: new high-speed USB device number 118 using dummy_hcd
[ 1425.768014][ T5823] usb 6-1: device descriptor read/8, error -71
[ 1425.887101][T24758] netlink: 4804 bytes leftover after parsing attributes in process `syz.5.5082'.
[ 1425.966128][T24758] netlink: 4804 bytes leftover after parsing attributes in process `syz.5.5082'.
[ 1426.015805][ T6039] usb 4-1: new high-speed USB device number 112 using dummy_hcd
[ 1426.095171][T24768] fuse: Bad value for 'fd'
[ 1426.207327][ T6039] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1426.253713][T24771] openvswitch: netlink: Message has 8 unknown bytes.
[ 1426.835548][ T6039] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1426.844742][ T6039] usb 4-1: New USB device found, idVendor=1d50, idProduct=6089, bcdDevice=d0.1d
[ 1426.854229][ T6039] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1426.864735][ T6039] usb 4-1: config 0 descriptor??
[ 1427.024197][T24780] ip6_vti0 speed is unknown, defaulting to 1000
[ 1428.047055][T24780] lo speed is unknown, defaulting to 1000
[ 1428.268162][T24793] netlink: 'syz.0.5095': attribute type 1 has an invalid length.
[ 1429.159272][ T2147] usb 6-1: new high-speed USB device number 120 using dummy_hcd
[ 1429.202231][   T48] usb 4-1: USB disconnect, device number 112
[ 1429.843356][ T2147] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1429.877853][ T2147] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 1429.887915][ T2147] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1429.897379][ T2147] usb 6-1: config 0 descriptor??
[ 1430.587450][ T2147] keytouch 0003:0926:3333.002E: fixing up Keytouch IEC report descriptor
[ 1430.599776][ T2147] input: HID 0926:3333 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:0926:3333.002E/input/input43
[ 1430.711315][ T2147] keytouch 0003:0926:3333.002E: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.5-1/input0
[ 1430.916732][T24836] kvm: pic: non byte write
[ 1430.945180][ T2147] usb 6-1: USB disconnect, device number 120
[ 1431.185580][   T10] usb 4-1: new high-speed USB device number 113 using dummy_hcd
[ 1431.276377][ T5881] usb 9-1: new high-speed USB device number 82 using dummy_hcd
[ 1431.336828][   T10] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1431.347062][   T10] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1431.356188][   T10] usb 4-1: New USB device found, idVendor=1d50, idProduct=6089, bcdDevice=d0.1d
[ 1431.365229][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1431.374606][   T10] usb 4-1: config 0 descriptor??
[ 1431.425495][ T5881] usb 9-1: Using ep0 maxpacket: 16
[ 1431.433259][ T5881] usb 9-1: unable to get BOS descriptor or descriptor too short
[ 1431.442668][ T5881] usb 9-1: config 13 has an invalid descriptor of length 0, skipping remainder of the config
[ 1431.453909][ T5881] usb 9-1: config 13 has 0 interfaces, different from the descriptor's value: 1
[ 1431.476336][ T5881] usb 9-1: New USB device found, idVendor=1aca, idProduct=b28e, bcdDevice=92.32
[ 1431.490116][ T5881] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1431.500360][ T5881] usb 9-1: Product: syz
[ 1431.504565][ T5881] usb 9-1: Manufacturer: syz
[ 1431.519277][ T5881] usb 9-1: SerialNumber: syz
[ 1432.348232][ T5881] usb 9-1: USB disconnect, device number 82
[ 1433.412479][T24893] netlink: 4280 bytes leftover after parsing attributes in process `syz.0.5136'.
[ 1433.421836][T24893] netlink: 4280 bytes leftover after parsing attributes in process `syz.0.5136'.
[ 1433.608375][T24900] tmpfs: Bad value for 'mpol'
[ 1434.280956][ T5823] usb 4-1: USB disconnect, device number 113
[ 1434.353651][T24913] openvswitch: netlink: Message has 8 unknown bytes.
[ 1434.730028][T24928] netlink: 'syz.0.5150': attribute type 29 has an invalid length.
[ 1435.232523][T24934] netlink: 'syz.0.5150': attribute type 29 has an invalid length.
[ 1436.463019][T24958] overlayfs: missing 'lowerdir'
[ 1436.775665][T24974] netlink: 1280 bytes leftover after parsing attributes in process `syz.0.5167'.
[ 1436.808940][T24974] openvswitch: netlink: Flow actions attr not present in new flow.
[ 1436.905697][ T5881] usb 6-1: new high-speed USB device number 121 using dummy_hcd
[ 1437.075503][ T5881] usb 6-1: Using ep0 maxpacket: 16
[ 1437.112866][ T5881] usb 6-1: unable to get BOS descriptor or descriptor too short
[ 1437.143173][ T5881] usb 6-1: config 13 has an invalid descriptor of length 0, skipping remainder of the config
[ 1437.157093][ T5881] usb 6-1: config 13 has 0 interfaces, different from the descriptor's value: 1
[ 1437.187611][ T5881] usb 6-1: New USB device found, idVendor=1aca, idProduct=b28e, bcdDevice=92.32
[ 1437.202523][ T5881] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1437.252296][ T5881] usb 6-1: Product: syz
[ 1437.270679][ T5881] usb 6-1: Manufacturer: syz
[ 1437.279205][ T5881] usb 6-1: SerialNumber: syz
[ 1437.455582][ T5823] usb 9-1: new high-speed USB device number 83 using dummy_hcd
[ 1437.498696][ T5881] usb 6-1: USB disconnect, device number 121
[ 1437.574429][T25010] netlink: 1280 bytes leftover after parsing attributes in process `syz.0.5181'.
[ 1437.587126][T25010] openvswitch: netlink: Flow actions attr not present in new flow.
[ 1437.621924][ T5823] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1437.645595][ T5823] usb 9-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1437.655753][ T5823] usb 9-1: New USB device found, idVendor=1d50, idProduct=6089, bcdDevice=d0.1d
[ 1437.667212][ T5823] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1437.703675][ T5823] usb 9-1: config 0 descriptor??
[ 1437.941003][ T5823] usb 9-1: USB disconnect, device number 83
[ 1438.305738][   T10] usb 6-1: new high-speed USB device number 122 using dummy_hcd
[ 1438.479510][   T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1438.535902][   T10] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 1438.564398][   T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1438.586400][   T10] usb 6-1: config 0 descriptor??
[ 1439.004706][   T10] keytouch 0003:0926:3333.002F: fixing up Keytouch IEC report descriptor
[ 1439.068268][   T10] input: HID 0926:3333 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:0926:3333.002F/input/input46
[ 1439.370234][T17881] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1439.382961][T17881] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1439.399061][T17881] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1439.445000][T17881] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1439.453882][T17881] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1439.553048][   T10] keytouch 0003:0926:3333.002F: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.5-1/input0
[ 1439.565806][ T5833] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1439.620722][ T5833] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1439.628881][ T5833] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1439.637277][ T5833] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1439.644937][ T5833] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1439.652795][   T10] usb 6-1: USB disconnect, device number 122
[ 1439.929179][ T7295] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1439.953664][ T7295] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 35444 - 0
[ 1439.999225][T25064] input: syz0 as /devices/virtual/input/input47
[ 1440.112410][ T7295] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1440.123672][ T7295] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 35444 - 0
[ 1440.143102][T25049] ip6_vti0 speed is unknown, defaulting to 1000
[ 1440.239728][ T7295] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1440.278117][ T7295] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 35444 - 0
[ 1440.425336][ T7295] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1440.441480][ T7295] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 35444 - 0
[ 1440.458321][T25049] lo speed is unknown, defaulting to 1000
[ 1440.561874][T25076] netlink: 16 bytes leftover after parsing attributes in process `syz.5.5202'.
[ 1440.599789][    T9] libceph: connect (1)[c::]:6789 error -101
[ 1440.606452][    T9] libceph: mon0 (1)[c::]:6789 connect error
[ 1440.687148][T25049] chnl_net:caif_netlink_parms(): no params data found
[ 1440.705570][ T5881] usb 4-1: new high-speed USB device number 114 using dummy_hcd
[ 1440.725676][T25076] ceph: No mds server is up or the cluster is laggy
[ 1440.869672][ T5881] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1440.880824][ T5881] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1440.892333][ T5881] usb 4-1: New USB device found, idVendor=1d50, idProduct=6089, bcdDevice=d0.1d
[ 1440.902113][ T5881] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1440.925007][ T5881] usb 4-1: config 0 descriptor??
[ 1441.136172][ T5881] usb 4-1: USB disconnect, device number 114
[ 1441.251773][ T7295] bond0 (unregistering): (slave bridge0): Releasing backup interface
[ 1441.729439][ T7295] bond0 (unregistering): Released all slaves
[ 1441.782117][ T5833] Bluetooth: hci3: command tx timeout
[ 1441.955092][ T7295] bond1 (unregistering): (slave bond2): Releasing backup interface
[ 1441.963245][ T7295] bond2 (unregistering): left promiscuous mode
[ 1441.974874][ T7295] bond1 (unregistering): Released all slaves
[ 1442.089375][   T10] Bluetooth: hci3: Opcode 0x0c1a failed: -110
[ 1442.109808][   T10] Bluetooth: hci3: Error when powering off device on rfkill (-110)
[ 1442.389706][ T7295] bond2 (unregistering): Released all slaves
[ 1442.688895][ T7295] bond3 (unregistering): (slave bond4): Releasing backup interface
[ 1442.696881][ T7295] bond4 (unregistering): left promiscuous mode
[ 1442.703555][ T7295] bond3 (unregistering): Released all slaves
[ 1442.854468][ T7295] bond4 (unregistering): Released all slaves
[ 1442.901309][ T5881] usb 4-1: new full-speed USB device number 115 using dummy_hcd
[ 1443.030528][ T7295] bond5 (unregistering): (slave wlan0): Releasing active interface
[ 1443.039381][ T7295] bond5 (unregistering): Released all slaves
[ 1443.075109][ T5881] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[ 1443.089003][ T5881] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1443.099796][ T5881] usb 4-1: Product: syz
[ 1443.104127][ T5881] usb 4-1: Manufacturer: syz
[ 1443.109482][ T5881] usb 4-1: SerialNumber: syz
[ 1443.133167][ T5881] usb 4-1: config 0 descriptor??
[ 1443.195651][T25049] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1443.202970][T25049] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1443.216930][T25049] bridge_slave_0: entered allmulticast mode
[ 1443.233816][T25049] bridge_slave_0: entered promiscuous mode
[ 1443.258907][T25049] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1443.266365][T25049] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1443.274568][T25049] bridge_slave_1: entered allmulticast mode
[ 1443.283435][T25049] bridge_slave_1: entered promiscuous mode
[ 1443.345882][T25049] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1443.348307][ T5881] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[ 1443.358010][T25049] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1443.425160][T25049] team0: Port device team_slave_0 added
[ 1443.435622][  T932] usb 6-1: new high-speed USB device number 123 using dummy_hcd
[ 1443.446682][T25049] team0: Port device team_slave_1 added
[ 1443.501499][T25049] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1443.509399][T25049] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1443.539841][T25049] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1443.553040][T25049] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1443.560780][T25049] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1443.587487][T25049] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1443.605710][  T932] usb 6-1: Using ep0 maxpacket: 32
[ 1443.613667][  T932] usb 6-1: config 0 interface 0 altsetting 2 bulk endpoint 0x6 has invalid maxpacket 64
[ 1443.623728][  T932] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1443.633820][  T932] usb 6-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=9c.61
[ 1443.643042][  T932] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1443.651359][  T932] usb 6-1: Product: syz
[ 1443.655759][  T932] usb 6-1: Manufacturer: syz
[ 1443.660984][  T932] usb 6-1: SerialNumber: syz
[ 1443.678293][  T932] usb 6-1: config 0 descriptor??
[ 1443.684299][T25109] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 1443.716717][T25049] hsr_slave_0: entered promiscuous mode
[ 1443.725064][T25049] hsr_slave_1: entered promiscuous mode
[ 1443.732402][T25049] debugfs: 'hsr0' already exists in 'hsr'
[ 1443.738399][T25049] Cannot create hsr debugfs directory
[ 1443.903297][  T932] usb 6-1: USB disconnect, device number 123
[ 1444.222998][T25049] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 1444.234488][T25049] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 1444.247802][T25049] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 1444.263434][T25049] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 1444.324688][T25118] overlayfs: missing 'lowerdir'
[ 1444.374674][T25049] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1444.402312][T25049] 8021q: adding VLAN 0 to HW filter on device team0
[ 1444.414765][ T7291] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1444.421961][ T7291] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1444.461911][ T6602] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1444.469095][ T6602] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1444.653241][   T30] audit: type=1400 audit(1444.611:1963): avc:  denied  { lock } for  pid=25121 comm="syz.5.5215" path="socket:[101724]" dev="sockfs" ino=101724 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1
[ 1444.714759][T25124] ieee802154 phy0 wpan0: encryption failed: -22
[ 1444.790974][ T5881] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[ 1444.810484][ T5881] usb 4-1: USB disconnect, device number 115
[ 1444.995891][T25049] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1445.100644][T25049] veth0_vlan: entered promiscuous mode
[ 1445.123467][T25049] veth1_vlan: entered promiscuous mode
[ 1445.186660][T25049] veth0_macvtap: entered promiscuous mode
[ 1445.206020][T25049] veth1_macvtap: entered promiscuous mode
[ 1445.271186][T25049] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1445.286880][T25049] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1445.300141][   T80] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1445.327111][   T80] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1445.378736][ T7291] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1445.418275][ T7291] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1445.748929][T25145] loop6: detected capacity change from 0 to 524288000
[ 1448.698678][T25167] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[ 1484.329233][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[ 1484.335592][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[ 1545.767939][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[ 1545.774249][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[ 1602.086054][   T31] INFO: task kworker/0:1:10 blocked for more than 143 seconds.
[ 1602.093646][   T31]       Not tainted syzkaller #0
[ 1602.098639][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1602.107349][   T31] task:kworker/0:1     state:D stack:22056 pid:10    tgid:10    ppid:2      task_flags:0x4208060 flags:0x00080000
[ 1602.119460][   T31] Workqueue: events rfkill_op_handler
[ 1602.124846][   T31] Call Trace:
[ 1602.128197][   T31]  <TASK>
[ 1602.131130][   T31]  __schedule+0x1190/0x5de0
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1602.135704][   T31]  ? __lock_acquire+0x62e/0x1ce0
[ 1602.140666][   T30] audit: type=1400 audit(1602.101:1964): avc:  denied  { write } for  pid=5809 comm="syz-executor" path="pipe:[4537]" dev="pipefs" ino=4537 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[ 1602.163336][   T31]  ? __pfx___schedule+0x10/0x10
[ 1602.168443][   T31]  ? find_held_lock+0x2b/0x80
[ 1602.173145][   T31]  ? schedule+0x2d7/0x3a0
[ 1602.177793][   T31]  ? nfc_dev_down+0x2d/0x2e0
[ 1602.183003][   T31]  schedule+0xe7/0x3a0
[ 1602.195314][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1602.200810][   T31]  __mutex_lock+0x818/0x1060
[ 1602.213299][   T31]  ? nfc_dev_down+0x2d/0x2e0
[ 1602.218212][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1602.223340][   T31]  ? kobject_uevent_env+0x2e5/0x1870
[ 1602.228885][   T31]  ? do_raw_spin_lock+0x12c/0x2b0
[ 1602.233927][   T31]  ? nfc_dev_down+0x2d/0x2e0
[ 1602.247610][   T31]  nfc_dev_down+0x2d/0x2e0
[ 1602.252089][   T31]  nfc_rfkill_set_block+0x39/0xe0
[ 1602.257446][   T31]  ? __pfx_nfc_rfkill_set_block+0x10/0x10
[ 1602.263184][   T31]  rfkill_set_block+0x1fe/0x550
[ 1602.268481][   T31]  rfkill_epo+0x8e/0x1d0
[ 1602.272726][   T31]  rfkill_op_handler+0x262/0x280
[ 1602.277740][   T31]  process_one_work+0x9cc/0x1b70
[ 1602.282700][   T31]  ? __pfx_process_one_work+0x10/0x10
[ 1602.288107][   T31]  ? assign_work+0x1a0/0x250
[ 1602.292700][   T31]  worker_thread+0x6c8/0xf10
[ 1602.297392][   T31]  ? __pfx_worker_thread+0x10/0x10
[ 1602.302505][   T31]  kthread+0x3c5/0x780
[ 1602.306604][   T31]  ? __pfx_kthread+0x10/0x10
[ 1602.311190][   T31]  ? rcu_is_watching+0x12/0xc0
[ 1602.316036][   T31]  ? __pfx_kthread+0x10/0x10
[ 1602.320626][   T31]  ret_from_fork+0x56d/0x730
[ 1602.325193][   T31]  ? __pfx_kthread+0x10/0x10
[ 1602.329820][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1602.334602][   T31]  </TASK>
[ 1602.337812][   T31] INFO: task kworker/0:3:5823 blocked for more than 143 seconds.
[ 1602.345557][   T31]       Not tainted syzkaller #0
[ 1602.350476][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1602.359349][   T31] task:kworker/0:3     state:D stack:20864 pid:5823  tgid:5823  ppid:2      task_flags:0x4208060 flags:0x00080000
[ 1602.372567][   T31] Workqueue: events rfkill_global_led_trigger_worker
[ 1602.379329][   T31] Call Trace:
[ 1602.382602][   T31]  <TASK>
[ 1602.385569][   T31]  __schedule+0x1190/0x5de0
[ 1602.390091][   T31]  ? __pfx___schedule+0x10/0x10
[ 1602.394928][   T31]  ? find_held_lock+0x2b/0x80
[ 1602.399738][   T31]  ? schedule+0x2d7/0x3a0
[ 1602.404099][   T31]  ? rfkill_global_led_trigger_worker+0x1b/0x160
[ 1602.410556][   T31]  schedule+0xe7/0x3a0
[ 1602.414629][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1602.420190][   T31]  __mutex_lock+0x818/0x1060
[ 1602.424781][   T31]  ? rfkill_global_led_trigger_worker+0x1b/0x160
[ 1602.431163][   T31]  ? __lock_acquire+0xb97/0x1ce0
[ 1602.436144][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1602.441160][   T31]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[ 1602.447028][   T31]  ? rfkill_global_led_trigger_worker+0x1b/0x160
[ 1602.453382][   T31]  rfkill_global_led_trigger_worker+0x1b/0x160
[ 1602.459602][   T31]  process_one_work+0x9cc/0x1b70
[ 1602.464545][   T31]  ? __pfx_process_one_work+0x10/0x10
[ 1602.469970][   T31]  ? assign_work+0x1a0/0x250
[ 1602.474569][   T31]  worker_thread+0x6c8/0xf10
[ 1602.479201][   T31]  ? __kthread_parkme+0x19e/0x250
[ 1602.484225][   T31]  ? __pfx_worker_thread+0x10/0x10
[ 1602.489374][   T31]  kthread+0x3c5/0x780
[ 1602.493451][   T31]  ? __pfx_kthread+0x10/0x10
[ 1602.498112][   T31]  ? rcu_is_watching+0x12/0xc0
[ 1602.502880][   T31]  ? __pfx_kthread+0x10/0x10
[ 1602.507532][   T31]  ret_from_fork+0x56d/0x730
[ 1602.512129][   T31]  ? __pfx_kthread+0x10/0x10
[ 1602.516751][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1602.521525][   T31]  </TASK>
[ 1602.524541][   T31] INFO: task kworker/u8:15:7295 blocked for more than 143 seconds.
[ 1602.532495][   T31]       Not tainted syzkaller #0
[ 1602.537476][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1602.546200][   T31] task:kworker/u8:15   state:D stack:23304 pid:7295  tgid:7295  ppid:2      task_flags:0x4208160 flags:0x00080000
[ 1602.558237][   T31] Workqueue: netns cleanup_net
[ 1602.562989][   T31] Call Trace:
[ 1602.566275][   T31]  <TASK>
[ 1602.569200][   T31]  __schedule+0x1190/0x5de0
[ 1602.573700][   T31]  ? __pfx___schedule+0x10/0x10
[ 1602.578658][   T31]  ? find_held_lock+0x2b/0x80
[ 1602.583352][   T31]  ? schedule+0x2d7/0x3a0
[ 1602.587729][   T31]  ? rfkill_unregister+0xec/0x2c0
[ 1602.592751][   T31]  schedule+0xe7/0x3a0
[ 1602.596842][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1602.602302][   T31]  __mutex_lock+0x818/0x1060
[ 1602.606921][   T31]  ? class_to_subsys+0x10f/0x160
[ 1602.611893][   T31]  ? rfkill_unregister+0xec/0x2c0
[ 1602.616961][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1602.621990][   T31]  ? device_del+0x6b6/0x9f0
[ 1602.626611][   T31]  ? __pfx_device_del+0x10/0x10
[ 1602.631472][   T31]  ? rfkill_unregister+0xec/0x2c0
[ 1602.636579][   T31]  rfkill_unregister+0xec/0x2c0
[ 1602.641429][   T31]  wiphy_unregister+0x133/0xc50
[ 1602.646455][   T31]  ? __pfx_wiphy_unregister+0x10/0x10
[ 1602.651859][   T31]  ieee80211_unregister_hw+0x248/0x3a0
[ 1602.657379][   T31]  hwsim_exit_net+0x788/0x1590
[ 1602.662153][   T31]  ? __pfx_hwsim_exit_net+0x10/0x10
[ 1602.667428][   T31]  ? ip_vs_sync_net_cleanup+0x72/0xb0
[ 1602.672801][   T31]  ? __ip_vs_dev_cleanup_batch+0xb1/0x290
[ 1602.678532][   T31]  ? __pfx_hwsim_exit_net+0x10/0x10
[ 1602.683734][   T31]  ops_undo_list+0x2ee/0xab0
[ 1602.688401][   T31]  ? __pfx_ops_undo_list+0x10/0x10
[ 1602.693510][   T31]  ? cleanup_net+0x347/0x8b0
[ 1602.698168][   T31]  ? idr_destroy+0x62/0x2e0
[ 1602.702675][   T31]  cleanup_net+0x41b/0x8b0
[ 1602.707157][   T31]  ? __pfx_cleanup_net+0x10/0x10
[ 1602.712195][   T31]  ? rcu_is_watching+0x12/0xc0
[ 1602.716995][   T31]  process_one_work+0x9cc/0x1b70
[ 1602.721938][   T31]  ? __pfx_process_one_work+0x10/0x10
[ 1602.727571][   T31]  ? assign_work+0x1a0/0x250
[ 1602.732169][   T31]  worker_thread+0x6c8/0xf10
[ 1602.736872][   T31]  ? __pfx_worker_thread+0x10/0x10
[ 1602.741990][   T31]  kthread+0x3c5/0x780
[ 1602.746115][   T31]  ? __pfx_kthread+0x10/0x10
[ 1602.750711][   T31]  ? rcu_is_watching+0x12/0xc0
[ 1602.755549][   T31]  ? __pfx_kthread+0x10/0x10
[ 1602.760138][   T31]  ret_from_fork+0x56d/0x730
[ 1602.764726][   T31]  ? __pfx_kthread+0x10/0x10
[ 1602.769395][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1602.774160][   T31]  </TASK>
[ 1602.777278][   T31] INFO: task syz-executor:25049 blocked for more than 144 seconds.
[ 1602.785159][   T31]       Not tainted syzkaller #0
[ 1602.790131][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1602.798822][   T31] task:syz-executor    state:D stack:23720 pid:25049 tgid:25049 ppid:1      task_flags:0x400140 flags:0x00080002
[ 1602.810796][   T31] Call Trace:
[ 1602.814063][   T31]  <TASK>
[ 1602.817076][   T31]  __schedule+0x1190/0x5de0
[ 1602.821614][   T31]  ? __lock_acquire+0x62e/0x1ce0
[ 1602.826616][   T31]  ? __pfx___schedule+0x10/0x10
[ 1602.831472][   T31]  ? find_held_lock+0x2b/0x80
[ 1602.836193][   T31]  ? schedule+0x2d7/0x3a0
[ 1602.840533][   T31]  ? rfkill_fop_open+0x136/0x750
[ 1602.845542][   T31]  schedule+0xe7/0x3a0
[ 1602.849612][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1602.855079][   T31]  __mutex_lock+0x818/0x1060
[ 1602.859745][   T31]  ? rfkill_fop_open+0x136/0x750
[ 1602.864689][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1602.869752][   T31]  ? lockdep_init_map_type+0x5c/0x280
[ 1602.875119][   T31]  ? lockdep_init_map_type+0x5c/0x280
[ 1602.880535][   T31]  ? __pfx_rfkill_fop_open+0x10/0x10
[ 1602.885879][   T31]  ? rfkill_fop_open+0x136/0x750
[ 1602.890823][   T31]  rfkill_fop_open+0x136/0x750
[ 1602.895642][   T31]  ? kobject_get_unless_zero+0x156/0x1e0
[ 1602.901269][   T31]  ? __pfx_rfkill_fop_open+0x10/0x10
[ 1602.906581][   T31]  misc_open+0x26a/0x450
[ 1602.910825][   T31]  ? __pfx_misc_open+0x10/0x10
[ 1602.915652][   T31]  chrdev_open+0x234/0x6a0
[ 1602.920068][   T31]  ? __pfx_chrdev_open+0x10/0x10
[ 1602.924989][   T31]  ? fsnotify_open_perm_and_set_mode+0x17c/0xa60
[ 1602.931389][   T31]  do_dentry_open+0x982/0x1530
[ 1602.936182][   T31]  ? __pfx_chrdev_open+0x10/0x10
[ 1602.941114][   T31]  vfs_open+0x82/0x3f0
[ 1602.945162][   T31]  path_openat+0x1de4/0x2cb0
[ 1602.949782][   T31]  ? __pfx_path_openat+0x10/0x10
[ 1602.954718][   T31]  do_filp_open+0x20b/0x470
[ 1602.959252][   T31]  ? __pfx_do_filp_open+0x10/0x10
[ 1602.964291][   T31]  ? alloc_fd+0x471/0x7d0
[ 1602.968943][   T31]  do_sys_openat2+0x11b/0x1d0
[ 1602.973650][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1602.978916][   T31]  ? __fput+0x68d/0xb70
[ 1602.983080][   T31]  ? __fput+0x68d/0xb70
[ 1602.987291][   T31]  __x64_sys_openat+0x174/0x210
[ 1602.992142][   T31]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1602.997554][   T31]  do_syscall_64+0xcd/0x4e0
[ 1603.002050][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1603.008018][   T31] RIP: 0033:0x7f390ad8d710
[ 1603.012443][   T31] RSP: 002b:00007fff02bba4f0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1603.020930][   T31] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f390ad8d710
[ 1603.028936][   T31] RDX: 0000000000000002 RSI: 00007f390ae12a45 RDI: 00000000ffffff9c
[ 1603.036946][   T31] RBP: 00007f390ae12a45 R08: 0000000000000000 R09: 0000000000000000
[ 1603.044936][   T31] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000008
[ 1603.052985][   T31] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000
[ 1603.061009][   T31]  </TASK>
[ 1603.064111][   T31] INFO: task syz.8.5196:25056 blocked for more than 144 seconds.
[ 1603.071919][   T31]       Not tainted syzkaller #0
[ 1603.077044][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1603.085767][   T31] task:syz.8.5196      state:D stack:24952 pid:25056 tgid:25056 ppid:21846  task_flags:0x400040 flags:0x00080002
[ 1603.097713][   T31] Call Trace:
[ 1603.100985][   T31]  <TASK>
[ 1603.103892][   T31]  __schedule+0x1190/0x5de0
[ 1603.108440][   T31]  ? __lock_acquire+0x62e/0x1ce0
[ 1603.113373][   T31]  ? __pfx___schedule+0x10/0x10
[ 1603.118260][   T31]  ? find_held_lock+0x2b/0x80
[ 1603.122938][   T31]  ? schedule+0x2d7/0x3a0
[ 1603.127412][   T31]  ? rfkill_unregister+0xec/0x2c0
[ 1603.132444][   T31]  schedule+0xe7/0x3a0
[ 1603.136542][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1603.141999][   T31]  __mutex_lock+0x818/0x1060
[ 1603.146630][   T31]  ? class_to_subsys+0x10f/0x160
[ 1603.151569][   T31]  ? rfkill_unregister+0xec/0x2c0
[ 1603.156628][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1603.161659][   T31]  ? device_del+0x6b6/0x9f0
[ 1603.166270][   T31]  ? __pfx_device_del+0x10/0x10
[ 1603.171239][   T31]  ? rfkill_unregister+0xec/0x2c0
[ 1603.176316][   T31]  rfkill_unregister+0xec/0x2c0
[ 1603.181189][   T31]  nfc_unregister_device+0x94/0x330
[ 1603.186418][   T31]  ? __pfx_virtual_ncidev_close+0x10/0x10
[ 1603.192131][   T31]  virtual_ncidev_close+0x4b/0xa0
[ 1603.197188][   T31]  __fput+0x3ff/0xb70
[ 1603.201177][   T31]  task_work_run+0x150/0x240
[ 1603.205829][   T31]  ? __pfx_task_work_run+0x10/0x10
[ 1603.210950][   T31]  ? __pfx___do_sys_close_range+0x10/0x10
[ 1603.216715][   T31]  exit_to_user_mode_loop+0xec/0x130
[ 1603.221999][   T31]  do_syscall_64+0x419/0x4e0
[ 1603.226633][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1603.232519][   T31] RIP: 0033:0x7f793b38eec9
[ 1603.236950][   T31] RSP: 002b:00007fff5d270348 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 1603.245438][   T31] RAX: 0000000000000000 RBX: 00007f793b5e7da0 RCX: 00007f793b38eec9
[ 1603.253420][   T31] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 1603.261425][   T31] RBP: 00007f793b5e7da0 R08: 0000000000000094 R09: 000000085d27063f
[ 1603.269452][   T31] R10: 00007f793b5e7cb0 R11: 0000000000000246 R12: 000000000015facb
[ 1603.277464][   T31] R13: 00007fff5d270440 R14: ffffffffffffffff R15: 00007fff5d270460
[ 1603.285501][   T31]  </TASK>
[ 1603.288530][   T31] INFO: task syz.5.5221:25141 blocked for more than 144 seconds.
[ 1603.296306][   T31]       Not tainted syzkaller #0
[ 1603.301229][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1603.309918][   T31] task:syz.5.5221      state:D stack:28856 pid:25141 tgid:25139 ppid:18705  task_flags:0x400040 flags:0x00080002
[ 1603.321921][   T31] Call Trace:
[ 1603.325189][   T31]  <TASK>
[ 1603.328178][   T31]  __schedule+0x1190/0x5de0
[ 1603.332691][   T31]  ? __lock_acquire+0x62e/0x1ce0
[ 1603.337665][   T31]  ? __pfx___schedule+0x10/0x10
[ 1603.342520][   T31]  ? find_held_lock+0x2b/0x80
[ 1603.347220][   T31]  ? schedule+0x2d7/0x3a0
[ 1603.351550][   T31]  ? misc_open+0x63/0x450
[ 1603.355926][   T31]  schedule+0xe7/0x3a0
[ 1603.360013][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1603.365758][   T31]  __mutex_lock+0x818/0x1060
[ 1603.370391][   T31]  ? misc_open+0x63/0x450
[ 1603.374709][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1603.379789][   T31]  ? __pfx_avc_has_perm+0x10/0x10
[ 1603.384814][   T31]  ? kobject_get_unless_zero+0x156/0x1e0
[ 1603.390498][   T31]  ? __pfx_misc_open+0x10/0x10
[ 1603.395308][   T31]  ? misc_open+0x63/0x450
[ 1603.399637][   T31]  misc_open+0x63/0x450
[ 1603.403778][   T31]  ? __pfx_misc_open+0x10/0x10
[ 1603.408594][   T31]  chrdev_open+0x234/0x6a0
[ 1603.413026][   T31]  ? __pfx_chrdev_open+0x10/0x10
[ 1603.417980][   T31]  ? fsnotify_open_perm_and_set_mode+0x17c/0xa60
[ 1603.424324][   T31]  do_dentry_open+0x982/0x1530
[ 1603.429148][   T31]  ? __pfx_chrdev_open+0x10/0x10
[ 1603.434087][   T31]  vfs_open+0x82/0x3f0
[ 1603.438219][   T31]  path_openat+0x1de4/0x2cb0
[ 1603.442822][   T31]  ? __pfx_path_openat+0x10/0x10
[ 1603.447846][   T31]  do_filp_open+0x20b/0x470
[ 1603.452350][   T31]  ? __pfx_do_filp_open+0x10/0x10
[ 1603.457421][   T31]  ? alloc_fd+0x471/0x7d0
[ 1603.461886][   T31]  do_sys_openat2+0x11b/0x1d0
[ 1603.466588][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1603.471784][   T31]  ? find_held_lock+0x2b/0x80
[ 1603.476480][   T31]  ? handle_mm_fault+0x2ab/0xd10
[ 1603.481420][   T31]  __x64_sys_openat+0x174/0x210
[ 1603.486338][   T31]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1603.491725][   T31]  ? do_user_addr_fault+0x843/0x1370
[ 1603.497077][   T31]  do_syscall_64+0xcd/0x4e0
[ 1603.501582][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1603.507494][   T31] RIP: 0033:0x7f0abf58eec9
[ 1603.511900][   T31] RSP: 002b:00007f0ac0404038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1603.520340][   T31] RAX: ffffffffffffffda RBX: 00007f0abf7e5fa0 RCX: 00007f0abf58eec9
[ 1603.528354][   T31] RDX: 0000000000000000 RSI: 0000200000000240 RDI: ffffffffffffff9c
[ 1603.536353][   T31] RBP: 00007f0abf611f91 R08: 0000000000000000 R09: 0000000000000000
[ 1603.544311][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1603.552297][   T31] R13: 00007f0abf7e6038 R14: 00007f0abf7e5fa0 R15: 00007ffedb785ea8
[ 1603.560309][   T31]  </TASK>
[ 1603.563316][   T31] INFO: task syz.3.5224:25156 blocked for more than 144 seconds.
[ 1603.571085][   T31]       Not tainted syzkaller #0
[ 1603.576038][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1603.584703][   T31] task:syz.3.5224      state:D stack:28856 pid:25156 tgid:25155 ppid:16818  task_flags:0x400040 flags:0x00080002
[ 1603.596659][   T31] Call Trace:
[ 1603.599930][   T31]  <TASK>
[ 1603.602863][   T31]  __schedule+0x1190/0x5de0
[ 1603.607418][   T31]  ? __lock_acquire+0x62e/0x1ce0
[ 1603.612380][   T31]  ? __pfx___schedule+0x10/0x10
[ 1603.617333][   T31]  ? find_held_lock+0x2b/0x80
[ 1603.622007][   T31]  ? schedule+0x2d7/0x3a0
[ 1603.626370][   T31]  ? misc_open+0x63/0x450
[ 1603.630699][   T31]  schedule+0xe7/0x3a0
[ 1603.634749][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1603.640273][   T31]  __mutex_lock+0x818/0x1060
[ 1603.644853][   T31]  ? misc_open+0x63/0x450
[ 1603.649204][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1603.654223][   T31]  ? __pfx_avc_has_perm+0x10/0x10
[ 1603.659339][   T31]  ? kobject_get_unless_zero+0x156/0x1e0
[ 1603.664989][   T31]  ? __pfx_misc_open+0x10/0x10
[ 1603.669774][   T31]  ? misc_open+0x63/0x450
[ 1603.674102][   T31]  misc_open+0x63/0x450
[ 1603.678343][   T31]  ? __pfx_misc_open+0x10/0x10
[ 1603.683119][   T31]  chrdev_open+0x234/0x6a0
[ 1603.687697][   T31]  ? __pfx_chrdev_open+0x10/0x10
[ 1603.692687][   T31]  ? fsnotify_open_perm_and_set_mode+0x17c/0xa60
[ 1603.699531][   T31]  do_dentry_open+0x982/0x1530
[ 1603.704311][   T31]  ? __pfx_chrdev_open+0x10/0x10
[ 1603.710993][   T31]  vfs_open+0x82/0x3f0
[ 1603.715081][   T31]  path_openat+0x1de4/0x2cb0
[ 1603.719709][   T31]  ? __pfx_path_openat+0x10/0x10
[ 1603.724658][   T31]  do_filp_open+0x20b/0x470
[ 1603.729204][   T31]  ? __pfx_do_filp_open+0x10/0x10
[ 1603.734245][   T31]  ? alloc_fd+0x471/0x7d0
[ 1603.738616][   T31]  do_sys_openat2+0x11b/0x1d0
[ 1603.743309][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1603.748583][   T31]  ? find_held_lock+0x2b/0x80
[ 1603.753291][   T31]  ? handle_mm_fault+0x2ab/0xd10
[ 1603.758262][   T31]  __x64_sys_openat+0x174/0x210
[ 1603.763117][   T31]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1603.768545][   T31]  ? do_user_addr_fault+0x843/0x1370
[ 1603.773837][   T31]  do_syscall_64+0xcd/0x4e0
[ 1603.778422][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1603.784322][   T31] RIP: 0033:0x7fe11b18eec9
[ 1603.788761][   T31] RSP: 002b:00007fe11bf5a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1603.797192][   T31] RAX: ffffffffffffffda RBX: 00007fe11b3e5fa0 RCX: 00007fe11b18eec9
[ 1603.805159][   T31] RDX: 0000000000020040 RSI: 00002000000000c0 RDI: ffffffffffffff9c
[ 1603.813194][   T31] RBP: 00007fe11b211f91 R08: 0000000000000000 R09: 0000000000000000
[ 1603.821262][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1603.829270][   T31] R13: 00007fe11b3e6038 R14: 00007fe11b3e5fa0 R15: 00007ffdd70ee828
[ 1603.837276][   T31]  </TASK>
[ 1603.840309][   T31] INFO: task syz.3.5224:25158 blocked for more than 145 seconds.
[ 1603.848691][   T31]       Not tainted syzkaller #0
[ 1603.853627][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1603.862510][   T31] task:syz.3.5224      state:D stack:28856 pid:25158 tgid:25155 ppid:16818  task_flags:0x400140 flags:0x00080002
[ 1603.874500][   T31] Call Trace:
[ 1603.877821][   T31]  <TASK>
[ 1603.880743][   T31]  __schedule+0x1190/0x5de0
[ 1603.885237][   T31]  ? __lock_acquire+0x62e/0x1ce0
[ 1603.890197][   T31]  ? __pfx___schedule+0x10/0x10
[ 1603.895035][   T31]  ? find_held_lock+0x2b/0x80
[ 1603.899765][   T31]  ? schedule+0x2d7/0x3a0
[ 1603.904109][   T31]  ? misc_open+0x63/0x450
[ 1603.908454][   T31]  schedule+0xe7/0x3a0
[ 1603.912528][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1603.918031][   T31]  __mutex_lock+0x818/0x1060
[ 1603.922611][   T31]  ? misc_open+0x63/0x450
[ 1603.927050][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1603.932080][   T31]  ? __pfx_avc_has_perm+0x10/0x10
[ 1603.937150][   T31]  ? kobject_get_unless_zero+0x156/0x1e0
[ 1603.942782][   T31]  ? __pfx_misc_open+0x10/0x10
[ 1603.947579][   T31]  ? misc_open+0x63/0x450
[ 1603.951910][   T31]  misc_open+0x63/0x450
[ 1603.956090][   T31]  ? __pfx_misc_open+0x10/0x10
[ 1603.960857][   T31]  chrdev_open+0x234/0x6a0
[ 1603.965293][   T31]  ? __pfx_chrdev_open+0x10/0x10
[ 1603.970229][   T31]  ? fsnotify_open_perm_and_set_mode+0x17c/0xa60
[ 1603.976627][   T31]  do_dentry_open+0x982/0x1530
[ 1603.981419][   T31]  ? __pfx_chrdev_open+0x10/0x10
[ 1603.986404][   T31]  vfs_open+0x82/0x3f0
[ 1603.990493][   T31]  path_openat+0x1de4/0x2cb0
[ 1603.995065][   T31]  ? __pfx_path_openat+0x10/0x10
[ 1604.000032][   T31]  do_filp_open+0x20b/0x470
[ 1604.004525][   T31]  ? __pfx_do_filp_open+0x10/0x10
[ 1604.009659][   T31]  ? alloc_fd+0x471/0x7d0
[ 1604.013987][   T31]  do_sys_openat2+0x11b/0x1d0
[ 1604.018686][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1604.023889][   T31]  __x64_sys_openat+0x174/0x210
[ 1604.028741][   T31]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1604.034108][   T31]  ? fd_install+0x244/0x750
[ 1604.038624][   T31]  ? anon_inode_getfd+0x81/0xb0
[ 1604.043475][   T31]  do_syscall_64+0xcd/0x4e0
[ 1604.048023][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1604.053927][   T31] RIP: 0033:0x7fe11b18eec9
[ 1604.058368][   T31] RSP: 002b:00007fe1193d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1604.066797][   T31] RAX: ffffffffffffffda RBX: 00007fe11b3e6180 RCX: 00007fe11b18eec9
[ 1604.074745][   T31] RDX: 0000000000000002 RSI: 0000200000000000 RDI: ffffffffffffff9c
[ 1604.082728][   T31] RBP: 00007fe11b211f91 R08: 0000000000000000 R09: 0000000000000000
[ 1604.090755][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1604.098770][   T31] R13: 00007fe11b3e6218 R14: 00007fe11b3e6180 R15: 00007ffdd70ee828
[ 1604.106776][   T31]  </TASK>
[ 1604.109829][   T31] INFO: task syz.7.5227:25165 blocked for more than 145 seconds.
[ 1604.117597][   T31]       Not tainted syzkaller #0
[ 1604.122521][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1604.131211][   T31] task:syz.7.5227      state:D stack:28856 pid:25165 tgid:25164 ppid:19242  task_flags:0x400040 flags:0x00080002
[ 1604.143162][   T31] Call Trace:
[ 1604.146469][   T31]  <TASK>
[ 1604.149406][   T31]  __schedule+0x1190/0x5de0
[ 1604.153900][   T31]  ? __lock_acquire+0x62e/0x1ce0
[ 1604.158898][   T31]  ? __pfx___schedule+0x10/0x10
[ 1604.163750][   T31]  ? find_held_lock+0x2b/0x80
[ 1604.168470][   T31]  ? schedule+0x2d7/0x3a0
[ 1604.172802][   T31]  ? misc_open+0x63/0x450
[ 1604.177152][   T31]  schedule+0xe7/0x3a0
[ 1604.181221][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1604.186707][   T31]  __mutex_lock+0x818/0x1060
[ 1604.191297][   T31]  ? misc_open+0x63/0x450
[ 1604.195664][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1604.200681][   T31]  ? __pfx_avc_has_perm+0x10/0x10
[ 1604.205743][   T31]  ? kobject_get_unless_zero+0x156/0x1e0
[ 1604.211382][   T31]  ? __pfx_misc_open+0x10/0x10
[ 1604.216207][   T31]  ? misc_open+0x63/0x450
[ 1604.220553][   T31]  misc_open+0x63/0x450
[ 1604.224694][   T31]  ? __pfx_misc_open+0x10/0x10
[ 1604.229469][   T31]  chrdev_open+0x234/0x6a0
[ 1604.233886][   T31]  ? __pfx_chrdev_open+0x10/0x10
[ 1604.238851][   T31]  ? fsnotify_open_perm_and_set_mode+0x17c/0xa60
[ 1604.245184][   T31]  do_dentry_open+0x982/0x1530
[ 1604.249991][   T31]  ? __pfx_chrdev_open+0x10/0x10
[ 1604.254923][   T31]  vfs_open+0x82/0x3f0
[ 1604.259006][   T31]  path_openat+0x1de4/0x2cb0
[ 1604.263595][   T31]  ? __pfx_path_openat+0x10/0x10
[ 1604.268578][   T31]  do_filp_open+0x20b/0x470
[ 1604.273081][   T31]  ? __pfx_do_filp_open+0x10/0x10
[ 1604.278149][   T31]  ? alloc_fd+0x471/0x7d0
[ 1604.282482][   T31]  do_sys_openat2+0x11b/0x1d0
[ 1604.287198][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1604.292396][   T31]  ? find_held_lock+0x2b/0x80
[ 1604.297127][   T31]  __x64_sys_openat+0x174/0x210
[ 1604.301976][   T31]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1604.307376][   T31]  do_syscall_64+0xcd/0x4e0
[ 1604.311873][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1604.317762][   T31] RIP: 0033:0x7f7a1cd8eec9
[ 1604.322167][   T31] RSP: 002b:00007f7a1dcab038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1604.330580][   T31] RAX: ffffffffffffffda RBX: 00007f7a1cfe5fa0 RCX: 00007f7a1cd8eec9
[ 1604.338559][   T31] RDX: 0000000000000000 RSI: 0000200000000100 RDI: ffffffffffffff9c
[ 1604.346542][   T31] RBP: 00007f7a1ce11f91 R08: 0000000000000000 R09: 0000000000000000
[ 1604.354510][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1604.362515][   T31] R13: 00007f7a1cfe6038 R14: 00007f7a1cfe5fa0 R15: 00007fff58926cb8
[ 1604.370521][   T31]  </TASK>
[ 1604.373545][   T31] INFO: task syz.7.5227:25166 blocked for more than 145 seconds.
[ 1604.381291][   T31]       Not tainted syzkaller #0
[ 1604.386244][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1604.394901][   T31] task:syz.7.5227      state:D stack:28856 pid:25166 tgid:25164 ppid:19242  task_flags:0x400040 flags:0x00080002
[ 1604.406869][   T31] Call Trace:
[ 1604.410134][   T31]  <TASK>
[ 1604.413044][   T31]  __schedule+0x1190/0x5de0
[ 1604.417594][   T31]  ? __lock_acquire+0x62e/0x1ce0
[ 1604.422527][   T31]  ? __pfx___schedule+0x10/0x10
[ 1604.427402][   T31]  ? find_held_lock+0x2b/0x80
[ 1604.432093][   T31]  ? schedule+0x2d7/0x3a0
[ 1604.436444][   T31]  ? misc_open+0x63/0x450
[ 1604.440769][   T31]  schedule+0xe7/0x3a0
[ 1604.444831][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1604.450330][   T31]  __mutex_lock+0x818/0x1060
[ 1604.454922][   T31]  ? misc_open+0x63/0x450
[ 1604.459286][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1604.464306][   T31]  ? __pfx_avc_has_perm+0x10/0x10
[ 1604.469355][   T31]  ? kobject_get_unless_zero+0x156/0x1e0
[ 1604.474980][   T31]  ? __pfx_misc_open+0x10/0x10
[ 1604.479798][   T31]  ? misc_open+0x63/0x450
[ 1604.484125][   T31]  misc_open+0x63/0x450
[ 1604.488379][   T31]  ? __pfx_misc_open+0x10/0x10
[ 1604.493142][   T31]  chrdev_open+0x234/0x6a0
[ 1604.497579][   T31]  ? __pfx_chrdev_open+0x10/0x10
[ 1604.502519][   T31]  ? fsnotify_open_perm_and_set_mode+0x17c/0xa60
[ 1604.508882][   T31]  do_dentry_open+0x982/0x1530
[ 1604.513654][   T31]  ? __pfx_chrdev_open+0x10/0x10
[ 1604.518651][   T31]  vfs_open+0x82/0x3f0
[ 1604.522718][   T31]  path_openat+0x1de4/0x2cb0
[ 1604.527351][   T31]  ? __pfx_path_openat+0x10/0x10
[ 1604.532290][   T31]  do_filp_open+0x20b/0x470
[ 1604.536813][   T31]  ? __pfx_do_filp_open+0x10/0x10
[ 1604.541838][   T31]  ? alloc_fd+0x471/0x7d0
[ 1604.546186][   T31]  do_sys_openat2+0x11b/0x1d0
[ 1604.550858][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1604.556080][   T31]  ? find_held_lock+0x2b/0x80
[ 1604.560758][   T31]  __x64_sys_openat+0x174/0x210
[ 1604.565668][   T31]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1604.571038][   T31]  ? fdget+0x187/0x210
[ 1604.575093][   T31]  do_syscall_64+0xcd/0x4e0
[ 1604.579637][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1604.585592][   T31] RIP: 0033:0x7f7a1cd8eec9
[ 1604.590007][   T31] RSP: 002b:00007f7a1dc8a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1604.598442][   T31] RAX: ffffffffffffffda RBX: 00007f7a1cfe6090 RCX: 00007f7a1cd8eec9
[ 1604.606423][   T31] RDX: 0000000000000000 RSI: 0000200000000400 RDI: ffffffffffffff9c
[ 1604.614366][   T31] RBP: 00007f7a1ce11f91 R08: 0000000000000000 R09: 0000000000000000
[ 1604.622363][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1604.630363][   T31] R13: 00007f7a1cfe6128 R14: 00007f7a1cfe6090 R15: 00007fff58926cb8
[ 1604.638823][   T31]  </TASK>
[ 1604.641844][   T31] Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings
[ 1604.651285][   T31] INFO: task syz.7.5227:25167 blocked for more than 145 seconds.
[ 1604.659166][   T31]       Not tainted syzkaller #0
[ 1604.664099][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1604.672857][   T31] task:syz.7.5227      state:D stack:26192 pid:25167 tgid:25164 ppid:19242  task_flags:0x400140 flags:0x00080002
[ 1604.684830][   T31] Call Trace:
[ 1604.688213][   T31]  <TASK>
[ 1604.691139][   T31]  __schedule+0x1190/0x5de0
[ 1604.695815][   T31]  ? __lock_acquire+0x62e/0x1ce0
[ 1604.700766][   T31]  ? __pfx___schedule+0x10/0x10
[ 1604.705800][   T31]  ? find_held_lock+0x2b/0x80
[ 1604.710485][   T31]  ? schedule+0x2d7/0x3a0
[ 1604.714797][   T31]  ? misc_open+0x63/0x450
[ 1604.719143][   T31]  schedule+0xe7/0x3a0
[ 1604.723210][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1604.728732][   T31]  __mutex_lock+0x818/0x1060
[ 1604.733319][   T31]  ? misc_open+0x63/0x450
[ 1604.737682][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1604.742700][   T31]  ? __pfx_avc_has_perm+0x10/0x10
[ 1604.747780][   T31]  ? kobject_get_unless_zero+0x156/0x1e0
[ 1604.753425][   T31]  ? __pfx_misc_open+0x10/0x10
[ 1604.758245][   T31]  ? misc_open+0x63/0x450
[ 1604.762575][   T31]  misc_open+0x63/0x450
[ 1604.766820][   T31]  ? __pfx_misc_open+0x10/0x10
[ 1604.771584][   T31]  chrdev_open+0x234/0x6a0
[ 1604.776038][   T31]  ? __pfx_chrdev_open+0x10/0x10
[ 1604.780970][   T31]  ? fsnotify_open_perm_and_set_mode+0x17c/0xa60
[ 1604.787318][   T31]  do_dentry_open+0x982/0x1530
[ 1604.792076][   T31]  ? __pfx_chrdev_open+0x10/0x10
[ 1604.797036][   T31]  vfs_open+0x82/0x3f0
[ 1604.801114][   T31]  path_openat+0x1de4/0x2cb0
[ 1604.805732][   T31]  ? __pfx_path_openat+0x10/0x10
[ 1604.810666][   T31]  do_filp_open+0x20b/0x470
[ 1604.815144][   T31]  ? __pfx_do_filp_open+0x10/0x10
[ 1604.820205][   T31]  ? alloc_fd+0x471/0x7d0
[ 1604.824527][   T31]  do_sys_openat2+0x11b/0x1d0
[ 1604.829226][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1604.834418][   T31]  ? find_held_lock+0x2b/0x80
[ 1604.839106][   T31]  __x64_sys_openat+0x174/0x210
[ 1604.843952][   T31]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1604.849338][   T31]  ? fdget+0x187/0x210
[ 1604.853399][   T31]  do_syscall_64+0xcd/0x4e0
[ 1604.857920][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1604.863802][   T31] RIP: 0033:0x7f7a1cd8eec9
[ 1604.868213][   T31] RSP: 002b:00007f7a1dc69038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1604.876660][   T31] RAX: ffffffffffffffda RBX: 00007f7a1cfe6180 RCX: 00007f7a1cd8eec9
[ 1604.884620][   T31] RDX: 0000000000000100 RSI: 0000200000000080 RDI: ffffffffffffff9c
[ 1604.892618][   T31] RBP: 00007f7a1ce11f91 R08: 0000000000000000 R09: 0000000000000000
[ 1604.900612][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1604.908579][   T31] R13: 00007f7a1cfe6218 R14: 00007f7a1cfe6180 R15: 00007fff58926cb8
[ 1604.916569][   T31]  </TASK>
[ 1604.919564][   T31] Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings
[ 1604.928594][   T31] INFO: task syz-executor:25172 blocked for more than 146 seconds.
[ 1604.936488][   T31]       Not tainted syzkaller #0
[ 1604.941397][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1604.950074][   T31] task:syz-executor    state:D stack:28696 pid:25172 tgid:25172 ppid:1      task_flags:0x400040 flags:0x00080000
[ 1604.962012][   T31] Call Trace:
[ 1604.965519][   T31]  <TASK>
[ 1604.968448][   T31]  __schedule+0x1190/0x5de0
[ 1604.972935][   T31]  ? __lock_acquire+0x62e/0x1ce0
[ 1604.977888][   T31]  ? __pfx___schedule+0x10/0x10
[ 1604.982763][   T31]  ? find_held_lock+0x2b/0x80
[ 1604.987459][   T31]  ? schedule+0x2d7/0x3a0
[ 1604.991796][   T31]  ? misc_open+0x63/0x450
[ 1604.996142][   T31]  schedule+0xe7/0x3a0
[ 1605.000215][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1605.005721][   T31]  __mutex_lock+0x818/0x1060
[ 1605.010303][   T31]  ? misc_open+0x63/0x450
[ 1605.014614][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1605.019646][   T31]  ? __pfx_avc_has_perm+0x10/0x10
[ 1605.024677][   T31]  ? kobject_get_unless_zero+0x156/0x1e0
[ 1605.030322][   T31]  ? __pfx_misc_open+0x10/0x10
[ 1605.035085][   T31]  ? misc_open+0x63/0x450
[ 1605.039533][   T31]  misc_open+0x63/0x450
[ 1605.043705][   T31]  ? __pfx_misc_open+0x10/0x10
[ 1605.048520][   T31]  chrdev_open+0x234/0x6a0
[ 1605.052935][   T31]  ? __pfx_chrdev_open+0x10/0x10
[ 1605.057886][   T31]  ? fsnotify_open_perm_and_set_mode+0x17c/0xa60
[ 1605.064226][   T31]  do_dentry_open+0x982/0x1530
[ 1605.069026][   T31]  ? __pfx_chrdev_open+0x10/0x10
[ 1605.073967][   T31]  vfs_open+0x82/0x3f0
[ 1605.078082][   T31]  path_openat+0x1de4/0x2cb0
[ 1605.082669][   T31]  ? __pfx___up_read+0x10/0x10
[ 1605.087438][   T31]  ? __pfx_path_openat+0x10/0x10
[ 1605.092389][   T31]  do_filp_open+0x20b/0x470
[ 1605.096909][   T31]  ? __pfx_do_filp_open+0x10/0x10
[ 1605.101958][   T31]  ? rcu_is_watching+0x12/0xc0
[ 1605.106756][   T31]  ? alloc_fd+0x471/0x7d0
[ 1605.111094][   T31]  do_sys_openat2+0x11b/0x1d0
[ 1605.115798][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1605.121023][   T31]  ? fd_install+0x244/0x750
[ 1605.125560][   T31]  __x64_sys_openat+0x174/0x210
[ 1605.130409][   T31]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1605.135816][   T31]  ? do_user_addr_fault+0x843/0x1370
[ 1605.141097][   T31]  do_syscall_64+0xcd/0x4e0
[ 1605.145628][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1605.151512][   T31] RIP: 0033:0x7f92edb8d691
[ 1605.155944][   T31] RSP: 002b:00007fffb415aab0 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[ 1605.164344][   T31] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f92edb8d691
[ 1605.172349][   T31] RDX: 0000000000000002 RSI: 00007f92edc1299a RDI: 00000000ffffff9c
[ 1605.180344][   T31] RBP: 00007f92edc1299a R08: 0000000000000000 R09: 00007f92ee91d6c0
[ 1605.188359][   T31] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000008
[ 1605.196333][   T31] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000
[ 1605.204284][   T31]  </TASK>
[ 1605.207398][   T31] Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings
[ 1605.216423][   T31] 
[ 1605.216423][   T31] Showing all locks held in the system:
[ 1605.224117][   T31] 4 locks held by kworker/0:1/10:
[ 1605.229174][   T31]  #0: ffff88801b051948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[ 1605.239688][   T31]  #1: ffffc900000f7d10 ((rfkill_op_work).work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[ 1605.250137][   T31]  #2: ffffffff9036b988 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_epo+0x55/0x1d0
[ 1605.259666][   T31]  #3: ffff88801b13e100 (&dev->mutex){....}-{4:4}, at: nfc_dev_down+0x2d/0x2e0
[ 1605.269176][   T31] 1 lock held by khungtaskd/31:
[ 1605.274027][   T31]  #0: ffffffff8e1c23a0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0
[ 1605.284029][   T31] 4 locks held by kworker/u8:5/80:
[ 1605.289331][   T31]  #0: ffff8880b863a358 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x29/0x130
[ 1605.299497][   T31]  #1: ffffc9000213fd10 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[ 1605.313660][   T31]  #2: ffff8880b8625b18 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x127/0x1d0
[ 1605.322998][   T31]  #3: ffffffff9aaf9230 (&obj_hash[i].lock){-.-.}-{2:2}, at: debug_object_activate+0x14c/0x4c0
[ 1605.333377][   T31] 1 lock held by klogd/5185:
[ 1605.337972][   T31]  #0: ffff8880b863a358 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x29/0x130
[ 1605.347885][   T31] 2 locks held by getty/5581:
[ 1605.352548][   T31]  #0: ffff88814d0dc0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80
[ 1605.362304][   T31]  #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x14f0
[ 1605.372445][   T31] 3 locks held by kworker/0:3/5823:
[ 1605.377669][   T31]  #0: ffff88801b051948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[ 1605.388146][   T31]  #1: ffffc900040ffd10 ((work_completion)(&rfkill_global_led_trigger_work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[ 1605.401185][   T31]  #2: ffffffff9036b988 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_global_led_trigger_worker+0x1b/0x160
[ 1605.412752][   T31] 2 locks held by kworker/u8:13/7291:
[ 1605.418256][   T31]  #0: ffff8880b873a358 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x29/0x130
[ 1605.428280][   T31]  #1: ffff8880b8724088 (psi_seq){-.-.}-{0:0}, at: __schedule+0x1861/0x5de0
[ 1605.437024][   T31] 4 locks held by kworker/u8:15/7295:
[ 1605.442377][   T31]  #0: ffff88801bed4948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[ 1605.452824][   T31]  #1: ffffc9000bdd7d10 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[ 1605.462813][   T31]  #2: ffffffff8fecedd0 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xad/0x8b0
[ 1605.472215][   T31]  #3: ffffffff9036b988 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_unregister+0xec/0x2c0
[ 1605.482654][   T31] 2 locks held by syz-executor/25049:
[ 1605.488078][   T31]  #0: ffffffff8ee4f0e8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x63/0x450
[ 1605.496605][   T31]  #1: ffffffff9036b988 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_fop_open+0x136/0x750
[ 1605.506684][   T31] 2 locks held by syz.8.5196/25056:
[ 1605.511868][   T31]  #0: ffff88801b13e100 (&dev->mutex){....}-{4:4}, at: nfc_unregister_device+0x60/0x330
[ 1605.521685][   T31]  #1: ffffffff9036b988 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_unregister+0xec/0x2c0
[ 1605.531833][   T31] 1 lock held by syz.5.5221/25141:
[ 1605.536989][   T31]  #0: ffffffff8ee4f0e8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x63/0x450
[ 1605.545454][   T31] 1 lock held by syz.3.5224/25156:
[ 1605.550563][   T31]  #0: ffffffff8ee4f0e8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x63/0x450
[ 1605.559045][   T31] 1 lock held by syz.3.5224/25158:
[ 1605.564143][   T31]  #0: ffffffff8ee4f0e8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x63/0x450
[ 1605.572629][   T31] 1 lock held by syz.7.5227/25165:
[ 1605.577766][   T31]  #0: ffffffff8ee4f0e8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x63/0x450
[ 1605.586403][   T31] 1 lock held by syz.7.5227/25166:
[ 1605.591505][   T31]  #0: ffffffff8ee4f0e8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x63/0x450
[ 1605.600264][   T31] 1 lock held by syz.7.5227/25167:
[ 1605.605454][   T31]  #0: ffffffff8ee4f0e8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x63/0x450
[ 1605.613902][   T31] 1 lock held by syz-executor/25172:
[ 1605.619208][   T31]  #0: ffffffff8ee4f0e8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x63/0x450
[ 1605.627689][   T31] 1 lock held by syz-executor/25175:
[ 1605.632945][   T31]  #0: ffffffff8ee4f0e8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x63/0x450
[ 1605.641434][   T31] 1 lock held by syz-executor/25177:
[ 1605.646739][   T31]  #0: ffffffff8ee4f0e8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x63/0x450
[ 1605.655205][   T31] 1 lock held by syz-executor/25179:
[ 1605.660524][   T31]  #0: ffffffff8ee4f0e8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x63/0x450
[ 1605.668999][   T31] 1 lock held by syz-executor/25181:
[ 1605.674251][   T31]  #0: ffffffff8ee4f0e8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x63/0x450
[ 1605.682692][   T31] 1 lock held by syz-executor/25185:
[ 1605.688104][   T31]  #0: ffffffff8ee4f0e8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x63/0x450
[ 1605.696763][   T31] 1 lock held by syz-executor/25188:
[ 1605.702037][   T31]  #0: ffffffff8ee4f0e8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x63/0x450
[ 1605.710760][   T31] 1 lock held by syz-executor/25190:
[ 1605.716112][   T31]  #0: ffffffff8ee4f0e8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x63/0x450
[ 1605.724566][   T31] 1 lock held by syz-executor/25192:
[ 1605.729890][   T31]  #0: ffffffff8ee4f0e8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x63/0x450
[ 1605.738382][   T31] 1 lock held by syz-executor/25194:
[ 1605.743634][   T31]  #0: ffffffff8ee4f0e8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x63/0x450
[ 1605.752206][   T31] 1 lock held by syz-executor/25198:
[ 1605.757511][   T31]  #0: ffffffff8ee4f0e8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x63/0x450
[ 1605.766107][   T31] 1 lock held by syz-executor/25200:
[ 1605.771376][   T31]  #0: ffffffff8ee4f0e8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x63/0x450
[ 1605.779945][   T31] 1 lock held by syz-executor/25202:
[ 1605.785214][   T31]  #0: ffffffff8ee4f0e8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x63/0x450
[ 1605.793721][   T31] 1 lock held by syz-executor/25205:
[ 1605.799098][   T31]  #0: ffffffff8ee4f0e8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x63/0x450
[ 1605.807692][   T31] 
[ 1605.810015][   T31] =============================================
[ 1605.810015][   T31] 
[ 1605.818509][   T31] NMI backtrace for cpu 0
[ 1605.818521][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[ 1605.818539][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1605.818549][   T31] Call Trace:
[ 1605.818555][   T31]  <TASK>
[ 1605.818562][   T31]  dump_stack_lvl+0x116/0x1f0
[ 1605.818584][   T31]  nmi_cpu_backtrace+0x27b/0x390
[ 1605.818605][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[ 1605.818624][   T31]  nmi_trigger_cpumask_backtrace+0x29c/0x300
[ 1605.818649][   T31]  watchdog+0xf3f/0x1170
[ 1605.818675][   T31]  ? rcu_is_watching+0x12/0xc0
[ 1605.818699][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1605.818720][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1605.818746][   T31]  ? __kthread_parkme+0x19e/0x250
[ 1605.818765][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1605.818787][   T31]  kthread+0x3c5/0x780
[ 1605.818807][   T31]  ? __pfx_kthread+0x10/0x10
[ 1605.818826][   T31]  ? rcu_is_watching+0x12/0xc0
[ 1605.818850][   T31]  ? __pfx_kthread+0x10/0x10
[ 1605.818870][   T31]  ret_from_fork+0x56d/0x730
[ 1605.818887][   T31]  ? __pfx_kthread+0x10/0x10
[ 1605.818906][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1605.818948][   T31]  </TASK>
[ 1605.818955][   T31] Sending NMI from CPU 0 to CPUs 1:
[ 1605.939038][    C1] NMI backtrace for cpu 1
[ 1605.939052][    C1] CPU: 1 UID: 0 PID: 80 Comm: kworker/u8:5 Not tainted syzkaller #0 PREEMPT(full) 
[ 1605.939069][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1605.939078][    C1] Workqueue: wg-kex-wg2 wg_packet_handshake_send_worker
[ 1605.939100][    C1] RIP: 0010:chacha_permute+0x3f1/0x6d0
[ 1605.939118][    C1] Code: 8b 44 24 24 8b 7c 24 08 8b 54 24 1c 8b 74 24 04 01 c3 44 8b 5c 24 10 8b 4c 24 20 01 d7 41 31 dd 44 8b 44 24 0c 44 8b 54 24 14 <89> 7c 24 08 41 c1 c5 10 31 fd 8b 7c 24 28 41 01 f3 45 01 ee 41 01
[ 1605.939132][    C1] RSP: 0018:ffffc9000213f5f0 EFLAGS: 00000086
[ 1605.939143][    C1] RAX: 00000000e626e6d4 RBX: 0000000039c4214d RCX: 00000000103b5495
[ 1605.939157][    C1] RDX: 00000000cb0e1540 RSI: 0000000058c7be5e RDI: 00000000f7229516
[ 1605.939166][    C1] RBP: 00000000076c60da R08: 00000000e2fd80ec R09: 0000000000000014
[ 1605.939175][    C1] R10: 0000000095860a71 R11: 00000000e85ec6bb R12: 000000001e9ce0b7
[ 1605.939185][    C1] R13: 000000008517ab0c R14: 000000007e57d449 R15: 000000006a8bc1e5
[ 1605.939194][    C1] FS:  0000000000000000(0000) GS:ffff888124f67000(0000) knlGS:0000000000000000
[ 1605.939209][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1605.939218][    C1] CR2: 00007f084c8553b6 CR3: 000000000df80000 CR4: 00000000003526f0
[ 1605.939236][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1605.939244][    C1] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[ 1605.939256][    C1] Call Trace:
[ 1605.939261][    C1]  <TASK>
[ 1605.939271][    C1]  chacha_block_generic+0x129/0x330
[ 1605.939288][    C1]  ? __pfx_chacha_block_generic+0x10/0x10
[ 1605.939307][    C1]  ? __lock_acquire+0xb97/0x1ce0
[ 1605.939325][    C1]  crng_fast_key_erasure+0x19e/0x250
[ 1605.939344][    C1]  ? __pfx_crng_fast_key_erasure+0x10/0x10
[ 1605.939368][    C1]  crng_make_state+0x1cc/0x6d0
[ 1605.939388][    C1]  _get_random_bytes+0x120/0x1e0
[ 1605.939404][    C1]  ? __pfx__get_random_bytes+0x10/0x10
[ 1605.939423][    C1]  ? wait_for_random_bytes+0x7c/0x280
[ 1605.939448][    C1]  ? __pfx_wait_for_random_bytes+0x10/0x10
[ 1605.939471][    C1]  ? __pfx_down_write+0x10/0x10
[ 1605.939488][    C1]  ? __asan_memcpy+0x3c/0x60
[ 1605.939502][    C1]  wg_noise_handshake_create_initiation+0x1d6/0x610
[ 1605.939526][    C1]  ? __pfx_wg_noise_handshake_create_initiation+0x10/0x10
[ 1605.939549][    C1]  ? find_held_lock+0x2b/0x80
[ 1605.939568][    C1]  ? ktime_get_coarse_with_offset+0x1af/0x240
[ 1605.939583][    C1]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1605.939602][    C1]  ? ktime_get_coarse_with_offset+0x1c1/0x240
[ 1605.939615][    C1]  ? ktime_get_coarse_with_offset+0x150/0x240
[ 1605.939631][    C1]  wg_packet_send_handshake_initiation+0x19a/0x360
[ 1605.939648][    C1]  ? __pfx_wg_packet_send_handshake_initiation+0x10/0x10
[ 1605.939663][    C1]  ? __lock_acquire+0xb97/0x1ce0
[ 1605.939687][    C1]  wg_packet_handshake_send_worker+0x1c/0x30
[ 1605.939703][    C1]  process_one_work+0x9cc/0x1b70
[ 1605.939724][    C1]  ? __pfx_batadv_iv_send_outstanding_bat_ogm_packet+0x10/0x10
[ 1605.939748][    C1]  ? __pfx_process_one_work+0x10/0x10
[ 1605.939776][    C1]  ? assign_work+0x1a0/0x250
[ 1605.939792][    C1]  worker_thread+0x6c8/0xf10
[ 1605.939814][    C1]  ? __pfx_worker_thread+0x10/0x10
[ 1605.939830][    C1]  kthread+0x3c5/0x780
[ 1605.939845][    C1]  ? __pfx_kthread+0x10/0x10
[ 1605.939861][    C1]  ? rcu_is_watching+0x12/0xc0
[ 1605.939880][    C1]  ? __pfx_kthread+0x10/0x10
[ 1605.939896][    C1]  ret_from_fork+0x56d/0x730
[ 1605.939910][    C1]  ? __pfx_kthread+0x10/0x10
[ 1605.939925][    C1]  ret_from_fork_asm+0x1a/0x30
[ 1605.939950][    C1]  </TASK>
[ 1605.943846][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[ 1606.291952][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[ 1606.301042][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1606.311083][   T31] Call Trace:
[ 1606.314342][   T31]  <TASK>
[ 1606.317268][   T31]  dump_stack_lvl+0x3d/0x1f0
[ 1606.321844][   T31]  vpanic+0x640/0x6f0
[ 1606.325819][   T31]  panic+0xca/0xd0
[ 1606.329526][   T31]  ? __pfx_panic+0x10/0x10
[ 1606.333924][   T31]  ? preempt_schedule_thunk+0x16/0x30
[ 1606.339291][   T31]  ? nmi_trigger_cpumask_backtrace+0x1b1/0x300
[ 1606.345436][   T31]  ? watchdog+0xe48/0x1170
[ 1606.349853][   T31]  ? watchdog+0xe3b/0x1170
[ 1606.354262][   T31]  watchdog+0xe59/0x1170
[ 1606.358493][   T31]  ? rcu_is_watching+0x12/0xc0
[ 1606.363250][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1606.367911][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1606.373112][   T31]  ? __kthread_parkme+0x19e/0x250
[ 1606.378122][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1606.382789][   T31]  kthread+0x3c5/0x780
[ 1606.386843][   T31]  ? __pfx_kthread+0x10/0x10
[ 1606.391418][   T31]  ? rcu_is_watching+0x12/0xc0
[ 1606.396174][   T31]  ? __pfx_kthread+0x10/0x10
[ 1606.400749][   T31]  ret_from_fork+0x56d/0x730
[ 1606.405319][   T31]  ? __pfx_kthread+0x10/0x10
[ 1606.409899][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1606.414658][   T31]  </TASK>
[ 1606.417900][   T31] Kernel Offset: disabled
[ 1606.422202][   T31] Rebooting in 86400 seconds..