last executing test programs:

6m33.439501249s ago: executing program 3 (id=193):
pipe(&(0x7f00000045c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
vmsplice(r1, &(0x7f00000019c0)=[{&(0x7f0000001a00)="ce", 0x1}], 0x1, 0x1)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(aes))\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18)
r3 = accept4(r2, 0x0, 0x0, 0x0)
sendmsg$IPVS_CMD_SET_CONFIG(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000640)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x10881}, 0x20008010)
splice(r0, 0x0, r3, 0x0, 0x2, 0xe)

6m33.270073648s ago: executing program 3 (id=195):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000380)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r3, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000005c0)=@newtfilter={0x24, 0x2c, 0xf3f, 0x130bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0xb, 0xfff3}, {0x10, 0x1}, {0x7, 0x2}}}, 0x24}, 0x1, 0x0, 0x0, 0x20041090}, 0x0)

6m33.035712606s ago: executing program 3 (id=198):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x81)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000480)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='io_uring_file_get\x00', r0, 0x0, 0xf}, 0x18)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000480)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='io_uring_file_get\x00', r1, 0x0, 0xf}, 0x18)
r2 = syz_io_uring_setup(0x1e1e, &(0x7f0000000380)={0x0, 0x86f7, 0x10100, 0x3, 0x38a}, &(0x7f0000002000)=<r3=>0x0, &(0x7f0000000440)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f00000000c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x6000, @fd_index=0x8, 0xffffffffffffdffd, 0x0, 0x0, 0x22, 0x1})
io_uring_enter(r2, 0x48e9, 0xf2bb, 0x2, 0x0, 0x0)

6m32.876348707s ago: executing program 3 (id=202):
mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000300)='./file0/../file0\x00', 0x0, 0x2151090, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000480)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x9b101a, 0x0)
mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2125099, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000800), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])

6m32.722182785s ago: executing program 3 (id=204):
pipe2(&(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@remote, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9d}}, {{@in6=@mcast2, 0x0, 0x2b}, 0x0, @in=@empty, 0x0, 0x4}}, 0xe8)
r2 = socket$key(0xf, 0x3, 0x2)
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f00000001c0), 0x4)
sendmsg$key(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0)
sendmsg$key(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

6m32.177187985s ago: executing program 3 (id=212):
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x89a0, &(0x7f0000000040)={'syzkaller0\x00'})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'syzkaller0\x00', <r1=>0x0})
bind$packet(r0, &(0x7f0000000080)={0x11, 0x1a, r1, 0x1, 0x8, 0x6, @broadcast}, 0x14)
r2 = socket$packet(0x11, 0x3, 0x300)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x89a1, &(0x7f0000000040)={'syzkaller0\x00'})

6m31.773297019s ago: executing program 32 (id=212):
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x89a0, &(0x7f0000000040)={'syzkaller0\x00'})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'syzkaller0\x00', <r1=>0x0})
bind$packet(r0, &(0x7f0000000080)={0x11, 0x1a, r1, 0x1, 0x8, 0x6, @broadcast}, 0x14)
r2 = socket$packet(0x11, 0x3, 0x300)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x89a1, &(0x7f0000000040)={'syzkaller0\x00'})

6m19.634534733s ago: executing program 1 (id=296):
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$l2tp(0x2, 0x2, 0x73)
r0 = syz_io_uring_setup(0xd38, &(0x7f0000000680)={0x0, 0x7735, 0x10, 0x201, 0x350}, &(0x7f00000000c0)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2e, 0x0, 0x0, 0x4}]}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_TIMEOUT={0xb, 0x36, 0x0, 0x0, 0x4, 0x0, 0x1, 0x20})
io_uring_enter(r0, 0x47bc, 0x0, 0x0, 0x0, 0x0)

6m19.371224336s ago: executing program 1 (id=297):
r0 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
setsockopt$SO_RDS_TRANSPORT(r0, 0x114, 0x8, &(0x7f0000000400)=0x2, 0x4)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f00006dbffc), 0x4)
bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
sendmsg$xdp(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000200)="0000000000aa303e97380e90231bdbdaf6a4bd866226b7cdb7c26858c4e4fd703be2f51ed6ddc4a47116ec2db75c7042a22491af0ffea4174a9de3350c0a498396b28c7d1784d04aa38922721cb7816094cb82950fd012efd26d", 0x5a}, {&(0x7f0000000900)="0f198d5aa5caa1c55b84b414797cbdd4e8c576a921a070fc828060506683fd1106a961ac55b5b8ea3342ca7de5559ca2c14e05e42aed8ba14b2c78cb540f71a817d80fbf1945a046ebda494a8048a106a4d49d7f214735ada53397db3b203885ce39ee48d69465935eade21ce36e61826c52c82f038341d9bab5687c740ed3c18897094e7e1391eb84a4052e03c0c7c39ae86d454938f65e284620b99481c33d9f5e5b7a6c0d7548723f55b213c76be37f40c850c38e265758ebd8238257a146d6eced16fd658a784c928fea7a841db1a7fd6520442dae5fc0d3a3d3a5f16fcf6fe4f062ecdad7d0f3c6cd339339533c0ef28ad1e2729907094c3de93c1b1b00ad6df89507000000fb7565d3a8e9eaea020ed173c2179fb03e0944460989240a689c7fe795d310be4e7a6b778a903280dbf426b39c3603c49049980767e31edb997f59785184cbd7b9070400000073c745f71db0906cb51780f908fa61634af8ac85d9f04f3dff0a948e81cd3229a59aaeb00995358155343e3239588a0383e4df109d5ca24276d0d83a27d0e9bf681c1bbea12a6f3c20ad50f63430333bb327eb6ae32fe8809065bce26d2dc2fbb2b48d404637d61fd86852e0e1b6ccc6f75b1107aaa5f60ef45f94e953b3f213c3cb4ca4c716565078c666f84e1a99bb4cb5c7190648132f6ff1f6cb79b93f20752753c938da6241607a742361d995188b23cb4b8269e98e822585695962620673433748e476f7cc3e37db88639c525ff3a502c82c283b00aecfe7734ab369e1ed7c75e27a5a333641817baa3ea37844e20e6266c5095abf9d47ca5f8ad93f1a4d8795daec222ada00d65cf91425fae7939ceaa8d94ec1ab5082e1d251c27b3132119b350e81771f3733be232ffb90c03a818bf458aac3314007c3e35d5e4bed6b897608b01e7e26a54433e5f5c74a2ee3c2fc50067be05a677f122b7dba7010830b879a41b579d44158fb89ea05761d2d369853bea84dfb8081ed7b891dcb3bb3361534fdc5252e4964aed936ad2838e7af14fc65c7c1c6d44c6256f2462ae83cfd6a6b2651da607fe79d345e5080098e9e6e7482cc5c267e00d8d09dcde70b60fe6220fe9530547201664db91cf1885ecc2f106b66cd99131523c99f6102ddd7403791b3a7ac59b256cc4c938fe01740ae4f19b5204ca305b1666b0c2a7e5015d6d530995843adfbac3954306d4cd82257d4d2c3283d45dbae43548fed9879328f114f7c8238ac955391b24614d91be1701ae07c170a9c299fcf3d0ac4cea07e88fbf66b697883af17a06ac3f9954eb2fbd20f101802cd023fc48c5d464c16059cc9dce8558c5322ac7612db0e2725427628c2c41a21f0d2f3962e32f710bf9e216ff1694e8d88c8a81328744b36d9ef9f08c0ea3ccd4f8729e2f00a048162834a95", 0x3f1}, {&(0x7f00000003c0)="128b9306006d4810e5ac5040ad9201847839fc378469d5765b9cc241840896c1498194a7197b45d74a8532b82037b02c9e6045c361eb", 0x36}], 0x3}, 0x0)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r1, 0xffffffffffffffff, 0x0)

6m19.196705877s ago: executing program 1 (id=298):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x300000a, 0x4031, 0xffffffffffffffff, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00)
sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00')
writev(r2, &(0x7f0000000100)=[{&(0x7f0000000000)='4', 0x1}], 0x1)

6m17.856585703s ago: executing program 1 (id=303):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x109041, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x81105a, 0x0)
mount$bind(&(0x7f0000000880)='./file0/../file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x1adc13, 0x0)
mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f0000000080)='./file0/file0/file0\x00', 0x0, 0x887008, 0x0)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r0, &(0x7f0000006b40)={0x2020}, 0x2020)

6m17.723586626s ago: executing program 1 (id=304):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TCSBRKP(r1, 0x5425, 0x0)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TCSETSW2(r2, 0x5408, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, "23f555d9adb42d4408020e90d1beaa82dc1ecf"})

6m16.751930085s ago: executing program 1 (id=316):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000006c0)={0x1, &(0x7f0000000500)=[{0x6, 0x43, 0x0, 0x7fff0000}]})
r1 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r1, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
listen(r1, 0x2)
r2 = socket$unix(0x1, 0x1, 0x0)
connect$unix(r2, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000140)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000340)="90", 0x1}], 0x1, &(0x7f0000000580)=[@rights={{0x14, 0x1, 0x1, [r1]}}], 0x18, 0x8801}}], 0x1, 0x4000001)
close_range(r0, 0xffffffffffffffff, 0x0)

6m16.556257091s ago: executing program 33 (id=316):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000006c0)={0x1, &(0x7f0000000500)=[{0x6, 0x43, 0x0, 0x7fff0000}]})
r1 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r1, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
listen(r1, 0x2)
r2 = socket$unix(0x1, 0x1, 0x0)
connect$unix(r2, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000140)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000340)="90", 0x1}], 0x1, &(0x7f0000000580)=[@rights={{0x14, 0x1, 0x1, [r1]}}], 0x18, 0x8801}}], 0x1, 0x4000001)
close_range(r0, 0xffffffffffffffff, 0x0)

59.056936159s ago: executing program 5 (id=2284):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
lsetxattr$system_posix_acl(&(0x7f0000000140)='./file1\x00', &(0x7f0000000040)='system.posix_acl_default\x00', &(0x7f0000000000)=ANY=[@ANYBLOB="02000000010000000000f40004000000000000"], 0x1c, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000000140)=ANY=[@ANYBLOB="61128c000000000061134c0000000000bf20000000000000070000000f0000003d030100000000009500ffb1000000006926000000000000bf67000000000000160602000fff52007607faff10000000d60600000ee60000bf050000000000001f63000000000000650700000200000007070000fbffffff1f75000000000000bf54000000000000070400000410f900bd430100000000009500000000000000050000000000000095000000000000001c15a3ce747c693a74b62fd0758b15f09429c09074bc4b2bd2dc480dd7a064b8673e2060162cc43bcba1060999f9d60bb39d0af449deaa27ea949e8f9000d885dfea2783835e29eb532ba8546fc020c1966f8b5f32b095f566edf66b7751828da9dbd5b996b9e8d897e461c01c697671d100000000400036c17fb01dde179c1f2686ee970d6482a2e7ddbf51c74ccac1c7b21bde7d1af255d6ebff9bff35e3888a0e356d82e43407a6d7fa94b2100204000000000000009ab62d7b07ba0a71a72145edade9941f04000000000000004ea9e4c70ef8b7407740ab3312edee62a4dc2fc85755d387bfa1bc8eb71fbe11b2216cc8d1f0160c237d929b49da28724b95555b74be2f76fb5f330b015a68587a75c01300"/467], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffe1}, 0x48)
socket$nl_route(0x10, 0x3, 0x0)

57.576231399s ago: executing program 5 (id=2288):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r0)
sendmsg$NL80211_CMD_START_AP(r0, 0x0, 0x4004)
sendmsg$nl_generic(r0, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001780)=ANY=[@ANYBLOB="200000001000010700000000000000000a0000000c0002006e6c3830323131"], 0x20}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
prlimit64(0x0, 0x7, &(0x7f0000000300), 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x30, 0x30, 0x2, [@struct={0x0, 0x1, 0x0, 0x4, 0x0, 0xffffffff, [{0x0, 0x3}]}, @ptr, @restrict={0x0, 0x0, 0x0, 0x6, 0x2}]}}, 0x0, 0x4a}, 0x28)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000200), r0)

55.00380163s ago: executing program 5 (id=2301):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0)
bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r2, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f0000001580)={{{@in6=@private1, @in=@local, 0x0, 0x0, 0x4e22, 0x0, 0x2, 0x0, 0x20, 0x11}, {0x0, 0x0, 0x8, 0x0, 0x1, 0x0, 0x10, 0x9}, {}, 0x6, 0x0, 0x1}, {{@in=@rand_addr=0x64010102, 0x4d2, 0x33}, 0x0, @in=@loopback, 0x3506, 0x0, 0x2, 0xb7, 0x2, 0xfffffff9}}, 0xe8)
sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x1c)

51.844588794s ago: executing program 5 (id=2313):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='devtmpfs\x00', 0x0, 0x0)
chdir(&(0x7f0000000240)='./file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x11a)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
open(&(0x7f0000000480)='./file0\x00', 0x0, 0x718bb647156ec2b7)
link(&(0x7f0000000000)='./file1\x00', &(0x7f00000001c0)='./file0\x00')
chroot(&(0x7f0000000140)='./file0\x00')
link(&(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')

51.627782149s ago: executing program 5 (id=2315):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8004}, 0x94)
r1 = socket(0x2, 0x2, 0x1)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', <r2=>0x0})
r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f00000001c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1}}, &(0x7f0000000040)='GPL\x00', 0x5, 0x0, 0x0, 0x40f00, 0x40, '\x00', r2, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xff}, 0x94)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f0000000040)={0x201, 0xa, 0x4, 0x0, 0x9})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000000280)={'batadv_slave_1\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {0xe, 0xb}}}, 0x24}}, 0x800)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000001840)=@bpf_ext={0x1c, 0x1, &(0x7f0000000300)=@raw=[@alu={0x4, 0x1, 0xf3767c68fa0481d3, 0x4, 0x7, 0x20, 0x8}], &(0x7f0000000340)='GPL\x00', 0xfffffc00, 0x0, 0x0, 0x41000, 0x20, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000003c0)={0x3, 0x3, 0x9, 0xc}, 0x10, 0x2469, r3, 0x0, 0x0, 0x0, 0x10, 0x878}, 0x94)
sendmsg$NFNL_MSG_ACCT_GET_CTRZERO(r0, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f0000000a80)={0x14, 0x2, 0x7, 0x5, 0x0, 0x0, {0x3, 0x0, 0x7}}, 0x14}, 0x1, 0x0, 0x0, 0x40800}, 0x0)

48.388029492s ago: executing program 5 (id=2323):
sendmsg$NFT_MSG_GETRULE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000540)=ANY=[], 0x78}, 0x1, 0x0, 0x0, 0x48055}, 0x1000c080)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r0)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000580)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000000040200f2c8dc1b000000180001801400020073797a5f74756e0000000000000000000c000280"], 0x38}, 0x1, 0x0, 0x0, 0x20000844}, 0x0)
r2 = io_uring_setup(0x4133, &(0x7f0000000300)={0x0, 0x6db8, 0x20000, 0x3, 0x327})
close_range(r2, 0xffffffffffffffff, 0x0)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f00000012c0), 0x80400, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r4}, 0x10)
ioctl$RTC_ALM_READ(r3, 0x80247008, &(0x7f0000001300))
r5 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r5, &(0x7f0000000000)={&(0x7f0000000080)=@rxrpc=@in4={0x21, 0x3f, 0x2, 0x10, {0x2, 0x4e22, @empty}}, 0x80, &(0x7f0000000140)=[{&(0x7f0000000ac0)="ee", 0xfffffe5e}], 0x1, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000000040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b57000000860f5878c37ffe36e1165814d435be5b317c6c8189587d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988ab013f40afe403041323110f62055394412158e7a3adb148d641aa40d4ab077fe34232aa8b31851466d0998a61d7da0c86d70000001010"], 0x10b8}, 0x1108)

46.217536051s ago: executing program 34 (id=2323):
sendmsg$NFT_MSG_GETRULE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000540)=ANY=[], 0x78}, 0x1, 0x0, 0x0, 0x48055}, 0x1000c080)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r0)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000580)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000000040200f2c8dc1b000000180001801400020073797a5f74756e0000000000000000000c000280"], 0x38}, 0x1, 0x0, 0x0, 0x20000844}, 0x0)
r2 = io_uring_setup(0x4133, &(0x7f0000000300)={0x0, 0x6db8, 0x20000, 0x3, 0x327})
close_range(r2, 0xffffffffffffffff, 0x0)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f00000012c0), 0x80400, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r4}, 0x10)
ioctl$RTC_ALM_READ(r3, 0x80247008, &(0x7f0000001300))
r5 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r5, &(0x7f0000000000)={&(0x7f0000000080)=@rxrpc=@in4={0x21, 0x3f, 0x2, 0x10, {0x2, 0x4e22, @empty}}, 0x80, &(0x7f0000000140)=[{&(0x7f0000000ac0)="ee", 0xfffffe5e}], 0x1, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000000040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b57000000860f5878c37ffe36e1165814d435be5b317c6c8189587d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988ab013f40afe403041323110f62055394412158e7a3adb148d641aa40d4ab077fe34232aa8b31851466d0998a61d7da0c86d70000001010"], 0x10b8}, 0x1108)

11.072119217s ago: executing program 7 (id=2448):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0}], 0x1, 0x4, 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
write(0xffffffffffffffff, &(0x7f0000000140)="547bbee68789313efe846d6698abfeac0d12b144933fa6f684f1ba13b34680bf4b9ea70f71faa2a82a45ab47458c1f827355ad34033fbb8b9699eb0b279252dfcf29e377e14dcfbde42857cbf2aa88d3dad8ec2deea7afe4e747fa392fe01d425970fb2dd7a000ea3889f0d9021f347818106963e18c256e3df26b41c61d30284a8ad61c6269756119d62e3a7a24c1dcd09d3eb35dfee6ec945ac190c4797988e0d7f6f38bf9b124431dd8208a9208195a70c8e558c216e78d5f5b3f6df6f155e16bf7dd8f4e9eaf61d5142a82da7a87aeca19c25b631cd8a14ce9f2fc8dbcd05f51dc9260abc82d780c9348bd6411ebf48520694d413024432d0bfc3759a620289c9c8705009fd829da6eb5b72b454436b0af8e9dc4941ca2cff92561cad984e15849dcd73f04c7f70a30304da2", 0x12e)
sendmsg$inet_sctp(0xffffffffffffffff, 0x0, 0x1)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x43, 0x0, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0x40, 0x1, 0xc, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x80, 0x9, 0x0, 0x0, 0x0, 0xfffffff8, 0x80, 0xff, 0x2})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x2, 0x0, @ioapic={0x0, 0x9, 0x2, 0xfffffffe, 0x0, [{0x2, 0x4, 0x87}, {0x9, 0x8, 0x8, '\x00', 0xf}, {0xff, 0x7f, 0xd3, '\x00', 0x69}, {0x0, 0x5, 0xf5, '\x00', 0xf}, {0x7, 0x9, 0xf5, '\x00', 0xb4}, {0xf, 0x4, 0x54, '\x00', 0xff}, {0x75, 0xd5, 0xf1, '\x00', 0x7f}, {0x3, 0x5, 0xc}, {0x7f, 0x5, 0x4a, '\x00', 0x8}, {0xd7, 0xd, 0x8, '\x00', 0x6}, {0x0, 0x28, 0x80, '\x00', 0xdc}, {0xfb, 0x58, 0xff, '\x00', 0x1}, {0xfe, 0x7, 0x26}, {0xcf, 0x3, 0x8, '\x00', 0x6}, {0xf, 0xee, 0x7, '\x00', 0x3}, {0x39, 0x9, 0x6, '\x00', 0xb}, {0x9, 0x6, 0x2, '\x00', 0x9}, {0x4, 0xc, 0x5, '\x00', 0xe9}, {0x7, 0x2, 0x7, '\x00', 0xc2}, {0x0, 0x80, 0xe, '\x00', 0x7f}, {0x1, 0xc, 0x83, '\x00', 0x7c}, {0x10, 0x6, 0x92, '\x00', 0x10}, {0x1, 0x3, 0xf3, '\x00', 0x4}, {0x7, 0x6, 0x4}]}})

10.153536063s ago: executing program 7 (id=2455):
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
io_pgetevents(0x0, 0x7, 0x0, 0x0, 0x0, 0x0)
ioctl$VHOST_SET_OWNER(0xffffffffffffffff, 0xaf01, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = dup(r1)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000100)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
write$tun(r0, &(0x7f0000000000)={@void, @void, @eth={@broadcast, @remote, @val={@val={0x88a8, 0x3, 0x1, 0x2}}, {@ipv4={0x800, @udp={{0x5, 0x4, 0x2, 0x15, 0x5c, 0x65, 0x0, 0x82, 0x11, 0x0, @empty, @multicast1}, {0x4e22, 0x4e23, 0x48, 0x0, @wg=@cookie={0x3, 0x1, "562d9ba90683726398023d5cc4caf4390083568d7c99bfb9", "eb835fb65c8b9ae493d4fb662704b8db08835fefb6a4d7ea9378cfc98b077903"}}}}}}}, 0x72)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000040), 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={r3}, 0x4)
r4 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
write$UHID_CREATE2(r4, &(0x7f00000007c0)=ANY=[], 0x119)

9.420060783s ago: executing program 7 (id=2460):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_io_uring_setup(0x118d7, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
getsockname$inet(0xffffffffffffffff, 0x0, &(0x7f0000002280))
r2 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_udp_int(r2, 0x11, 0x67, &(0x7f0000000000)=0x507, 0x4)
sendmmsg$inet(r2, &(0x7f0000000600)=[{{&(0x7f0000000080)={0x2, 0x4e20, @local}, 0x10, 0x0}}], 0x1, 0x2000c844)
r3 = socket$netlink(0x10, 0x3, 0x0)
writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000280)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
sendto$inet(r2, &(0x7f00000000c0)="8689d46205a34100bf2bbe11a5ce7839edaf02afe39ead95913e9c4f8cf31440606769ebdf12cfacae8e8c03f5db079da7d9ecda75e2a7d49d5cbcb370c4d789390a328ba42c9c60cf2154d1b659aa709e8980a522cfb72f23ad87fb7019706ccae98cfe7c4fd23e8297b8cabc46ede1ac3da78f1b488c6357e7edfcd417df6660af20a54ecdcb02f689ae15ee655d4b7b1ea733e88ee9f53669388dff487c1c49953f3bc142112bd4b582b29b35d43962ed245c2cd5d5df40a3e0ed6beaf3b641e84b0f0dfa121a9efe05269f9f4a0e9bcbf43c7a90a711f453668c730c3badedca687b71a9c27bab9e724cc4a4918713031596ea6fd01124f973f257ccd9665aee7df4a9d64f079d176abc00000000d7af3e2dd4396f72373fb0a787a6129ca41181f5087fb843212550b58e3707d5a0399de36c2503836cbe2133de4f574e9e05c96788b0de1bd13e390445433d96737b964fa8af2ac4b2f0f9390ca93d8d3d810044d024359e067c4553230ab748947d33f8fc115ce9a49e6571c45a05d786cbd49342c236537dbbeec666b07baab917252113a5b9a77283189b518f356debe42d80cf2d0687b9c64d0253a6a09286fded6e4f8557b8fb4f25ca4fb138af8945c74bbc98748eaaa030be5317646f195e6e085ac6ddb29542e3581961259987241f7e7061526a7afec8962e74215fea43703a4e543ee9d1a3c3f5f2a41977ece8fdadcf89ce331ce59bebae5f53513d0e10485d7ddbda60513bf339602510b3a23ea29a0d5d03a61e34d12942ea4a847c884b27b5344a456d02a55f8929cc567e7c792c01fab7a7b32780a14c361000609b817dd91507b04d875279527946fdb8fb92a512485e234d092c28f1d0a0498731ccc0eb10515d510e8945839307b46512ceca6f495fdd2c6ae5eb2ef3b2a40ebdc7edf0048e3fb5e3d97a9ea5113a6b70d20ad5c43f0df95d88c0f121a1884da21a21f0ba47420f8391a97921cc51871dbb272e43710fe71d5e342c3afd10608a8b02f00e8fbd8d570b6faace86c494ecea8913233391e7b7cec3d571bb3032181ed58e1b513e511f79ee562c8cde9b3b74c2e95dcde7fadb5a666bdc0c1684794620ce8cf0c0aee8e90b3ef6e7160d3f055cb4d1ced32e4edc15e7d102952d3237e6c02c591a95a182bf190c0124abc7f1225332ff1c5e1b94e4e9bf02c1a18bd7bfce20707f7298da322560bc1a4cf298d46f5bf8ff41da21e25aa17f65f9ee43ca890b5ef6a3ccf3efedf3ca60a9acef1352ad0c43e6cf375108cf0974ce89a99adba7e6a3f8949dc573440fafe0e3abdd0066057a2d868e8386080f18a421568d8e7a89536a4173861bd55245c8fcf7dcba18edce36d2e85b9630fbc218db9ebd16abb11ac06fdbf2bc3e6394d4c6e7ae71813d30772d487743a2856348fee09989ce03331e7848770fc91e62191c20fe5f4a73c5dae467dd612bdb63b1e50921d38271305d7412103d5a6214d6d534d1d530b9169f882b6926bbd338f0282a8bd9a44603934e5249e83f1d0947b39f82a7843d2b6f796d8abf7ff3e66cfd4519324d71cebbf6580dffc10d555e479e9acaa12c3c59e3732c181aa4223d0fcdac514e9d7c7963c2634964520286b028f60a4ae612b8e6049315139e884cbffd6836253094ad023329183496cf663366ad4d7f7f5f1bd2db9b0d33f106c041fba4494c7da404d45d8955e5459ca4a62862721ec1fa534fd95e262c5814426816e60000000000000000001aa4fb6f40ec24f42f6949cc28d2a0d4eb61cb1664627582d962523586539445b81e9759321652280ecb", 0xffe3, 0x6000000000000000, 0x0, 0x0)

8.579479008s ago: executing program 6 (id=2461):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=@updsa={0x138, 0x1a, 0x1, 0x0, 0x0, {{@in6=@private0, @in6=@empty, 0x40}, {@in=@local, 0x0, 0x33}, @in6=@private1, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth={0x48, 0x1, {{'md5\x00'}}}]}, 0x138}}, 0x0)

7.089902348s ago: executing program 6 (id=2465):
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000004c0)={0x7, 0x800000000000008a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
connect$pppl2tp(r1, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r2, 0x2, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, 0x32)
sendmmsg(r1, &(0x7f0000004380)=[{{0x0, 0x0, 0x0}}], 0x34000, 0x0)

7.035112835s ago: executing program 4 (id=2466):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240), 0x50)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
futex(&(0x7f00000000c0)=0x1, 0x6, 0x0, &(0x7f00000001c0), &(0x7f0000000300)=0x2, 0x2)

6.848009911s ago: executing program 6 (id=2467):
r0 = syz_io_uring_setup(0x5777, &(0x7f0000000480)={0x0, 0x8901, 0x400, 0xffffffff, 0x171}, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000600)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in={{0x2, 0x0, @empty}}, 0x5, 0x12, 0x0, 0x3}, 0x9c)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f00000001c0)=ANY=[@ANYBLOB='3'], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x24, 0x2007, @fd, 0x800, 0x0, 0x0, 0x18, 0x0, {0x2}})
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000003, 0x4031, 0xffffffffffffffff, 0x0)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014fa0000b7030000000008008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000020000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r5}, 0x10)
io_uring_enter(r0, 0x47ba, 0x0, 0x0, 0x0, 0x0)

6.327454711s ago: executing program 7 (id=2470):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = syz_io_uring_setup(0xbe7, &(0x7f0000000400)={0x0, 0xe7a8, 0x80, 0x3, 0x40024e}, &(0x7f0000000340)=<r3=>0x0, &(0x7f0000000040)=<r4=>0x0)
ioctl$SNDRV_TIMER_IOCTL_START(0xffffffffffffffff, 0x54a0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
r5 = eventfd2(0xff, 0x80001)
io_uring_register$IORING_REGISTER_EVENTFD(r2, 0x4, &(0x7f0000000300)=r5, 0x1)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_MSG_RING={0x28, 0x40, 0x0, r2, 0x0, 0x0, 0x0, 0x2})
io_uring_enter(r2, 0x3d0e, 0x4c1, 0x43, 0x0, 0x0)

5.935348898s ago: executing program 6 (id=2475):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r0, 0x400448ca, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$unix(0x1, 0x2, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
socket$kcm(0x10, 0x3, 0x0)
syz_80211_join_ibss(&(0x7f0000000100)='wlan1\x00', &(0x7f0000000180)=@default_ibss_ssid, 0x6, 0x2)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000140)={'wlan1\x00'})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r2)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}})

5.907721847s ago: executing program 4 (id=2476):
openat$rtc(0xffffffffffffff9c, &(0x7f0000000280), 0x40000, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0)
socket(0x840000000002, 0x3, 0xfa)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="4800000010000304000000000400000000007400", @ANYRES32=0x0, @ANYBLOB="0000000003120100280012800b00010062726964676500001800028005002c00020000000c002e"], 0x48}, 0x1, 0x0, 0x0, 0x20040884}, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
r0 = socket(0x400000000010, 0x3, 0x0)
write(r0, &(0x7f0000000040)="3a03000018002551075c0165ff0ffc02802000030004000500e1000c0400070080000900", 0x33a)

5.87184893s ago: executing program 2 (id=2477):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r1, 0x0, <r2=>0x0, 0x0, <r3=>0x0})
ioctl$IOMMU_HWPT_ALLOC$NONE(r0, 0x3b89, &(0x7f0000000180)={0x28, 0x1, r3, r1, <r4=>0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)})
ioctl$IOMMU_HWPT_ALLOC$TEST(r0, 0x3b89, &(0x7f0000000200)={0x28, 0x0, r3, r4, <r5=>0x0, 0x0, 0xdead, 0x4, &(0x7f0000000240)})
ioctl$IOMMU_HWPT_INVALIDATE$TEST(r0, 0x3b8d, &(0x7f0000000280)={0x20, r5, &(0x7f00000002c0)=[{}], 0xdeadbeef, 0x8, 0x1})
ioctl$IOMMU_DESTROY$hwpt(r0, 0x3b80, &(0x7f0000000300)={0x8, r5})
ioctl$IOMMU_DESTROY$hwpt(r0, 0x3b80, &(0x7f0000000340)={0x8, r4})
ioctl$IOMMU_GET_HW_INFO(r0, 0x3b8a, &(0x7f0000000380)={0x24, 0x0, r3, 0x1c, &(0x7f00000003c0)=""/28})
ioctl$IOMMU_DESTROY$stdev(r0, 0x3b80, &(0x7f0000000400)={0x8, r2})
ioctl$IOMMU_DESTROY$ioas(r0, 0x3b80, &(0x7f0000000440)={0x8, r1})
close(r0)

5.62426654s ago: executing program 2 (id=2478):
r0 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0)
write$tcp_mem(r0, &(0x7f0000000100)={0x7fffffffffffffff, 0x20, 0xfffe, 0x20, 0xb9c0}, 0x3)
fsconfig$FSCONFIG_CMD_RECONFIGURE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x2000000000007)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = openat$cgroup_int(r1, &(0x7f0000000040)='cpuset.memory_spread_slab\x00', 0x2, 0x0)
write$cgroup_int(r2, &(0x7f00000000c0)=0xd, 0x12)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x3, &(0x7f0000000780)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ec}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000080)={r4, 0x0, 0x2d, 0x0, @val=@netfilter={0xa, 0x1, 0x353a, 0x1}}, 0x20)
close_range(r3, 0xffffffffffffffff, 0x40000000000000)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040))

5.557494844s ago: executing program 0 (id=2479):
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xffffffff7ffffffd]}, 0x0, 0x8)
r0 = gettid()
timer_create(0x3, &(0x7f000049efa0)={0x0, 0x14, 0x4, @tid=r0}, &(0x7f0000044000)=<r1=>0x0)
timer_settime(0x0, 0x236bd4336e4642df, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)
r2 = gettid()
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000b28000)=0x3)
timer_delete(r1)
fcntl$setsig(r3, 0xa, 0x12)
poll(&(0x7f0000b2c000)=[{r4}], 0x2c, 0xffffffffffbffff8)
dup2(r3, r4)
fcntl$setown(r3, 0x8, r2)
tkill(r2, 0x13)

5.423319675s ago: executing program 6 (id=2480):
openat$kvm(0xffffffffffffff9c, 0x0, 0x2003, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x15)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x5)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)

5.371555667s ago: executing program 4 (id=2481):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
modify_ldt$write2(0x11, &(0x7f0000000100)={0x1d30, 0x0, 0x2000, 0x1}, 0x10)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone(0xa0001000, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0)

5.344414489s ago: executing program 2 (id=2482):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f00000000c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x71, 0x11, 0x42}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x5}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x6}, 0x70)

5.330401834s ago: executing program 0 (id=2483):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x0, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r3)
ptrace$pokeuser(0x6, r3, 0x358, 0x0)

4.137922861s ago: executing program 4 (id=2484):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff)
r2 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x4003, 0x2, 0x81, 0x1ff, 0x1, 0x1}, 0x1c)
recvmsg$unix(r2, &(0x7f0000000100)={0x0, 0x1d, &(0x7f0000000080)=[{&(0x7f0000000180)=""/254, 0xfe}], 0x1}, 0x20)
sendmmsg(r2, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)

3.088166765s ago: executing program 2 (id=2485):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeeb, 0x8031, 0xffffffffffffffff, 0xc36e5000)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="12000000220000000400000002"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r2, <r3=>0xffffffffffffffff}, &(0x7f0000000200), &(0x7f0000000140)=r1}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r3}, &(0x7f0000000040)=0x2, &(0x7f0000000240)=r1}, 0x20)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000080)={r2, &(0x7f0000000040)}, 0x20)

3.010901215s ago: executing program 0 (id=2486):
socket(0x29, 0x5, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = semget$private(0x0, 0x6, 0x0)
semtimedop(r0, &(0x7f0000000040)=[{0x0, 0x7}], 0x1, 0x0)
semop(r0, &(0x7f00000000c0)=[{}], 0x1)
semop(r0, &(0x7f0000000280)=[{}], 0x1)
semctl$IPC_RMID(r0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
remap_file_pages(&(0x7f00005fd000/0x4000)=nil, 0x4000, 0x0, 0x5, 0x20000)
openat(0xffffffffffffff9c, 0x0, 0x441, 0x20)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)

2.137992761s ago: executing program 7 (id=2487):
r0 = io_uring_setup(0x7d1, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
bpf$BPF_LINK_CREATE(0x1c, 0x0, 0x0)
bpf$LINK_DETACH(0x22, 0x0, 0x0)
close_range(r0, r0, 0x0)
listen(0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x67c})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa04, 0x0)

1.931467031s ago: executing program 6 (id=2488):
mlockall(0x6)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f0000000080)={0x5, 0x1, 0x1, 0xe0a, 0x7f, "3f3c5e0000ff77dcfffffffff903ffee00", 0xb1, 0x5})
syz_usb_connect(0x5, 0x24, &(0x7f0000001040)={{0x12, 0x1, 0x0, 0xa4, 0x22, 0x94, 0x40, 0xab4, 0x14, 0xc109, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x20, [{{0x9, 0x4, 0x11, 0x48, 0x0, 0xc6, 0x66, 0x64}}]}}]}}, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x5, 0x5, 0x9fd, 0x85, 0x41}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x15, 0xe, &(0x7f0000000640)=ANY=[@ANYBLOB="b700000028000000bca30000000000002403000040feffff7b0af0ff0000000079a4f0ff000000001f030000000000002e0a0200000000002604fdffffff000e61142000000000001d430000000000007a0a00fe0000001f61141c0000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f30002af51efd601b6bf01c8e8b1fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f0177184b6a89adaf17b0a6041bdef728f5089048dd"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_reuseport}, 0x94)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0xffffffffffffffff, 0x0, &(0x7f00000000c0), &(0x7f0000000180), 0x800, r1}, 0x38)
bpf$MAP_LOOKUP_BATCH(0x19, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000680), &(0x7f0000000540), 0x6c, r1}, 0x38)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x19)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000040)=0xff)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newlink={0x3c, 0x10, 0xffffffffffffffff, 0x70bd27, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, 0x50a10, 0x33822}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_MLD_VERSION={0x5, 0x2c, 0x14}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x440c5}, 0x240408d0)

1.439454065s ago: executing program 0 (id=2489):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_PROTOCOL(r0, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000005c0)={0x14, 0x1, 0x6, 0x401, 0x0, 0x0, {0x2, 0x0, 0xa}}, 0x14}}, 0x20008040)
r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x149002, 0x0)
write$P9_RSTATu(r1, &(0x7f00000004c0)=ANY=[@ANYBLOB="930200007d00000005f0000000000000050000000000000000000000000000000000000000000000000000000000000000001f00046e6f6465767b6376666f7892ffffff8102000000000031ffcebc920000003800704a86cec602007dfa673effeb09b5351f5bde05f7"], 0x232)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000002000)=""/102400, 0x19000)
bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x7, 0x17, &(0x7f00000007c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x6, 0x9, 0x0, 0x1, 0xfffa0000}, {0x66, 0x0, 0x0, 0x6}}, [@printk={@p, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x1, 0x5, 0x1, 0x9}, {0x7, 0x0, 0x3}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xffff0000}, {0x56}}], {{0x4, 0x1, 0x2, 0x3}, {0x5, 0x0, 0xb, 0x3}, {0x85, 0x0, 0x0, 0x76}}}, &(0x7f0000000040)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1.372677639s ago: executing program 2 (id=2490):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
shmctl$IPC_RMID(0x0, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000400)=@raw={'raw\x00', 0x8, 0x3, 0x370, 0x238, 0x11, 0x148, 0x238, 0x0, 0x2d8, 0x2a8, 0x2a8, 0x2d8, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x1f0, 0x238, 0x0, {}, [@common=@inet=@socket2={{0x28}}, @common=@inet=@hashlimit3={{0x158}, {'bridge0\x00', {0x6, 0x6, 0x40, 0x6, 0x0, 0x3, 0x5, 0x8, 0x0, 0x20}, {0x5}}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0xfffffffe}}}, {{@ip={@multicast2, @remote, 0x0, 0x0, 'vlan0\x00', 'macvlan1\x00', {}, {0xff}}, 0x0, 0x70, 0xa0}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d0)

1.326453185s ago: executing program 0 (id=2491):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'sha384\x00'}, 0x58)
r4 = accept4(r3, 0x0, 0x0, 0x0)
recvmmsg$unix(r4, &(0x7f0000003700)=[{{0x0, 0x700, 0x0, 0x0, 0x0, 0x500}}], 0x600, 0x0, 0x0)

1.30478173s ago: executing program 4 (id=2492):
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4008840)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
sendmsg$can_j1939(0xffffffffffffffff, 0x0, 0x14001)
sched_setscheduler(0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8)
r1 = socket$inet(0x2, 0x3, 0xd)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x7, 0x0, 0x0, 0xfffffffb}]})
getsockopt$inet_mreqsrc(r1, 0x0, 0x53, &(0x7f0000000000)={@dev, @local, @broadcast}, &(0x7f0000000040)=0x28)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000080)='./cgroup\x00', &(0x7f0000000240)='ocfs2\x00', 0x0, 0x0)

227.956059ms ago: executing program 7 (id=2493):
socket$inet(0x2, 0x4000000000000001, 0x0)
r0 = userfaultfd(0x1)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x79})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0, 0xffffffffffffff2c}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r1 = io_uring_setup(0x64a, &(0x7f0000000040)={0x0, 0x8835c, 0xc000, 0x20000a, 0x20002f7})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x8, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x1}, {0x3}, {0xe, 0xe}}}, 0x24}, 0x1, 0x0, 0x0, 0x40005}, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, &(0x7f0000000000)=0x6, 0x4)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8)
io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)

227.536773ms ago: executing program 4 (id=2494):
syz_emit_vhci(&(0x7f0000000440)=ANY=[@ANYBLOB="040effff2820"], 0x7)
r0 = socket(0x10, 0x803, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000100), 0x2, 0x862b01)
syz_emit_vhci(0x0, 0x0)
ioctl$EVIOCSFF(r1, 0x40304580, 0x0)
ioctl$EVIOCSREP(r1, 0x40084503, &(0x7f0000000140)=[0x2, 0x9])
setxattr(0x0, &(0x7f0000000200)=@random={'security.', 'team0\x00'}, &(0x7f0000000240)='/dev/input/event#\x00', 0x12, 0x3)
write$char_usb(r1, &(0x7f0000000040)="e2", 0x2250)
ioctl$EVIOCGKEY(r1, 0x80404518, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f00000000c0))
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

930.241µs ago: executing program 0 (id=2495):
r0 = openat(0xffffffffffffff9c, 0x0, 0x2, 0x48)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
listen(r2, 0x0)
accept4(r2, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)

0s ago: executing program 2 (id=2496):
syz_clone(0xc0004000, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = open(&(0x7f00009e1000)='./file0\x00', 0x149040, 0x10)
fcntl$setsig(r0, 0xa, 0x13)
fcntl$setlease(r0, 0x400, 0x0)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000280))
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = getpid()
fcntl$setownex(r1, 0xf, &(0x7f0000000100)={0x2, r2})
ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000001c0)=<r3=>0x0)
fcntl$setown(r0, 0x8, r3)
timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0)
truncate(&(0x7f0000000080)='./file0\x00', 0x4)
fcntl$setlease(r0, 0x400, 0x2)

kernel console output (not intermixed with test programs):

[  226.626472][T12660] overlayfs: failed to clone upperpath
[  227.042407][   T30] audit: type=1400 audit(1765038777.329:560): avc:  denied  { write } for  pid=12674 comm="syz.4.1156" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  227.081469][   T49] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  227.233937][   T49] usb 1-1: config 0 has no interfaces?
[  227.358064][   T49] usb 1-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  227.376467][   T49] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  227.390282][   T49] usb 1-1: Product: syz
[  227.402827][   T49] usb 1-1: Manufacturer: syz
[  227.416946][   T49] usb 1-1: SerialNumber: syz
[  227.492876][   T49] usb 1-1: config 0 descriptor??
[  227.499946][T12682] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1159'.
[  227.739309][   T30] audit: type=1400 audit(1765038778.029:561): avc:  denied  { execute } for  pid=12683 comm="syz.6.1160" path=2F6D656D66643A01FDAE2E2BA68CB63F32193994532C7C783F55655BBDE1210333BC2723FF179B25F35B64202097F5479741C2D8F05571E62BA56C940BB607175CFB0421E4C4B1A21CFF433B94510DB67D9CEC430BCFEBE49A52E52C8203202864656C6574656429 dev="hugetlbfs" ino=27868 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[  227.861111][T12663] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  227.921814][  T183] usb 1-1: USB disconnect, device number 9
[  228.673558][   T30] audit: type=1400 audit(1765038778.969:562): avc:  denied  { read } for  pid=5483 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1
[  230.189543][T12753] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  230.294092][T12753] syzkaller0: entered promiscuous mode
[  230.301781][T12753] syzkaller0: entered allmulticast mode
[  230.316518][T12753] tipc: Resetting bearer <eth:syzkaller0>
[  230.420136][T12751] tipc: Resetting bearer <eth:syzkaller0>
[  230.550325][   T30] audit: type=1400 audit(1765038780.849:563): avc:  denied  { write } for  pid=12761 comm="syz.2.1180" name="nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  230.587403][   T30] audit: type=1400 audit(1765038780.849:564): avc:  denied  { open } for  pid=12761 comm="syz.2.1180" path="/dev/nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  232.114130][T12800] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1192'.
[  232.575038][   T30] audit: type=1400 audit(1765038782.869:565): avc:  denied  { setattr } for  pid=12784 comm="syz.4.1187" name="/" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[  232.871476][ T5924] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  233.022175][ T5924] usb 6-1: Using ep0 maxpacket: 32
[  233.045959][ T5924] usb 6-1: config 0 has no interfaces?
[  233.051817][ T5924] usb 6-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  233.060867][ T5924] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  233.087556][ T5924] usb 6-1: config 0 descriptor??
[  233.152847][T12751] tipc: Disabling bearer <eth:syzkaller0>
[  233.221532][ T5876] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  233.274910][T12814] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1198'.
[  233.371564][ T5876] usb 5-1: Using ep0 maxpacket: 16
[  233.383024][ T5876] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  233.395992][T12814] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1198'.
[  233.413923][ T5876] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  233.433247][ T5876] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  233.436088][ T5924] usb 6-1: USB disconnect, device number 8
[  233.452772][ T5876] usb 5-1: Product: syz
[  233.457937][ T5876] usb 5-1: Manufacturer: syz
[  233.475885][ T5876] usb 5-1: SerialNumber: syz
[  233.500905][ T5876] usb 5-1: config 0 descriptor??
[  233.587210][T12820] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  235.333751][ T5819] usb 1-1: new full-speed USB device number 10 using dummy_hcd
[  235.502979][ T5819] usb 1-1: config 0 has an invalid interface number: 133 but max is 0
[  235.511278][ T5819] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  235.531540][ T5819] usb 1-1: config 0 has no interface number 0
[  235.558862][ T5819] usb 1-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d
[  235.571544][ T5819] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  235.624417][ T5819] usb 1-1: Product: syz
[  235.628609][ T5819] usb 1-1: Manufacturer: syz
[  235.652959][ T5819] usb 1-1: SerialNumber: syz
[  235.680434][ T5819] usb 1-1: config 0 descriptor??
[  235.904783][ T5819] keyspan 1-1:0.133: Keyspan 1 port adapter converter detected
[  235.920025][ T5819] keyspan 1-1:0.133: found no endpoint descriptor for endpoint 82
[  235.948704][ T5819] keyspan 1-1:0.133: found no endpoint descriptor for endpoint 81
[  235.981002][ T5819] keyspan 1-1:0.133: found no endpoint descriptor for endpoint 1
[  236.018757][ T5819] keyspan 1-1:0.133: found no endpoint descriptor for endpoint 2
[  236.083882][ T5819] usb 1-1: Keyspan 1 port adapter converter now attached to ttyUSB0
[  236.147244][ T5819] usb 1-1: USB disconnect, device number 10
[  236.167744][ T5819] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0
[  236.179296][ T5819] keyspan 1-1:0.133: device disconnected
[  236.434505][T12868] netlink: 'syz.2.1219': attribute type 1 has an invalid length.
[  236.461044][T12868] 8021q: adding VLAN 0 to HW filter on device bond1
[  236.486424][T12868] bond1: (slave geneve2): making interface the new active one
[  236.495976][T12868] bond1: (slave geneve2): Enslaving as an active interface with an up link
[  236.699768][T12878] bridge: RTM_NEWNEIGH with invalid ether address
[  236.874018][T12885] netlink: 'syz.5.1226': attribute type 1 has an invalid length.
[  236.950811][ T5819] usb 5-1: USB disconnect, device number 24
[  239.876198][T12941] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1241'.
[  240.279676][T12952] netlink: set zone limit has 4 unknown bytes
[  240.424701][T12955] netlink: 96 bytes leftover after parsing attributes in process `syz.5.1245'.
[  242.929342][   T49] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  242.966217][T12995] overlayfs: failed to clone upperpath
[  243.431447][   T49] usb 1-1: Using ep0 maxpacket: 8
[  243.447262][   T49] usb 1-1: unable to get BOS descriptor or descriptor too short
[  243.459245][T12980] team0 (unregistering): Port device team_slave_0 removed
[  243.483474][   T49] usb 1-1: config 11 has an invalid interface number: 242 but max is 0
[  243.511719][   T49] usb 1-1: config 11 has no interface number 0
[  243.517919][   T49] usb 1-1: config 11 interface 242 altsetting 225 endpoint 0x6 has invalid maxpacket 15735, setting to 1024
[  243.542271][T12980] team0 (unregistering): Port device team_slave_1 removed
[  243.581455][   T49] usb 1-1: config 11 interface 242 altsetting 225 bulk endpoint 0x6 has invalid maxpacket 1024
[  243.598740][   T49] usb 1-1: config 11 interface 242 altsetting 225 endpoint 0xE has invalid maxpacket 512, setting to 64
[  243.633861][   T49] usb 1-1: config 11 interface 242 has no altsetting 0
[  243.656454][   T49] usb 1-1: New USB device found, idVendor=05da, idProduct=0094, bcdDevice=38.8a
[  243.676955][   T49] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  243.690808][   T49] usb 1-1: Product: syz
[  243.706865][   T30] audit: type=1400 audit(1765038794.009:566): avc:  denied  { setopt } for  pid=13000 comm="syz.2.1260" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  243.756416][   T49] usb 1-1: Manufacturer: syz
[  243.770205][   T49] usb 1-1: SerialNumber: syz
[  243.791574][T12990] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  243.804768][   T30] audit: type=1400 audit(1765038794.029:567): avc:  denied  { connect } for  pid=13000 comm="syz.2.1260" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  243.880403][   T30] audit: type=1400 audit(1765038794.029:568): avc:  denied  { write } for  pid=13000 comm="syz.2.1260" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  244.057880][   T49] microtek usb (rev 0.4.3): can only deal with bulk endpoints; endpoint 4 is not bulk.
[  244.073441][   T49] microtek usb (rev 0.4.3): can only deal with bulk endpoints; endpoint 14 is not bulk.
[  244.085026][   T30] audit: type=1400 audit(1765038794.389:569): avc:  denied  { mounton } for  pid=13013 comm="syz.6.1266" path="/221/file0" dev="tmpfs" ino=1203 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  244.108384][   T49] microtek usb (rev 0.4.3): couldn't find two input bulk endpoints. Bailing out.
[  244.144661][   T49] usb 1-1: USB disconnect, device number 11
[  244.151703][   T30] audit: type=1400 audit(1765038794.419:570): avc:  denied  { read write } for  pid=13013 comm="syz.6.1266" name="file0" dev="tmpfs" ino=1203 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  244.192873][   T30] audit: type=1400 audit(1765038794.419:571): avc:  denied  { open } for  pid=13013 comm="syz.6.1266" path="/221/file0" dev="tmpfs" ino=1203 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  244.363980][   T30] audit: type=1400 audit(1765038794.659:572): avc:  denied  { create } for  pid=13019 comm="syz.6.1269" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1
[  244.505815][T13025] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method
[  244.911502][T13034] binder: 13031:13034 unknown command 0
[  244.930589][T13034] binder: 13031:13034 ioctl c0306201 200000000080 returned -22
[  244.955925][T13030] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  244.960290][T13034] binder: 13031:13034 ioctl c0306201 200000000180 returned -14
[  245.262158][T13030] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  245.373005][T13030] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  246.275912][   T30] audit: type=1400 audit(1765038796.559:573): avc:  denied  { rename } for  pid=13052 comm="syz.4.1279" name="file0" dev="tmpfs" ino=1256 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  247.140449][   T30] audit: type=1326 audit(1765038797.429:574): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13070 comm="syz.2.1285" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8a36b8f749 code=0x0
[  247.665416][   T30] audit: type=1400 audit(1765038797.959:575): avc:  denied  { read } for  pid=13076 comm="syz.0.1287" path="socket:[29411]" dev="sockfs" ino=29411 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  248.155693][T13086] netlink: 'syz.6.1289': attribute type 1 has an invalid length.
[  248.188382][T13086] netlink: 132 bytes leftover after parsing attributes in process `syz.6.1289'.
[  249.841629][   T30] audit: type=1400 audit(1765038800.139:576): avc:  denied  { ioctl } for  pid=13128 comm="syz.6.1306" path="socket:[29865]" dev="sockfs" ino=29865 ioctlcmd=0x89e1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  249.943520][T13136] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1308'.
[  250.519357][T13141] sctp: [Deprecated]: syz.2.1310 (pid 13141) Use of struct sctp_assoc_value in delayed_ack socket option.
[  250.519357][T13141] Use struct sctp_sack_info instead
[  251.443552][T13158] netlink: 96 bytes leftover after parsing attributes in process `syz.0.1316'.
[  252.031589][ T5876] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  252.642758][ T5876] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  252.887123][ T5876] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  253.243827][ T5876] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  253.328033][ T5876] usb 1-1: config 0 descriptor??
[  253.883438][ T5876] usbhid 1-1:0.0: can't add hid device: -71
[  253.940233][ T5876] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  254.161672][ T5876] usb 1-1: USB disconnect, device number 12
[  254.533979][ T5876] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  254.711540][ T5876] usb 1-1: Using ep0 maxpacket: 32
[  254.724682][ T5876] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  254.748506][ T5876] usb 1-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40
[  254.757179][ T5924] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  254.766436][ T5876] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  254.794509][ T5876] usb 1-1: config 0 descriptor??
[  254.816727][ T5876] ldusb 1-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  254.834287][ T5876] ldusb 1-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  254.914440][ T5924] usb 5-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  254.926907][ T5924] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  254.936386][ T5924] usb 5-1: Product: syz
[  254.941418][ T5924] usb 5-1: Manufacturer: syz
[  254.947175][ T5924] usb 5-1: SerialNumber: syz
[  255.120262][T13196] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1332'.
[  255.129675][T13196] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1332'.
[  255.138693][T13196] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1332'.
[  255.147636][T13196] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1332'.
[  255.156570][T13196] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1332'.
[  255.165487][T13196] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1332'.
[  255.174427][T13196] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1332'.
[  255.183341][T13196] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1332'.
[  255.192223][T13196] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1332'.
[  255.201300][T13196] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1332'.
[  255.224283][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[  255.230899][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[  255.431930][ T5924] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE
[  255.456412][ T5924] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE
[  255.560762][ T6408] usb 1-1: USB disconnect, device number 13
[  255.571176][   T30] audit: type=1400 audit(1765038805.869:577): avc:  denied  { create } for  pid=13208 comm="syz.5.1338" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  255.572644][ T6408] ldusb 1-1:0.0: LD USB Device #0 now disconnected
[  255.679928][   T30] audit: type=1400 audit(1765038805.939:578): avc:  denied  { bind } for  pid=13208 comm="syz.5.1338" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  255.765295][T13213] 8021q: adding VLAN 0 to HW filter on device bond1
[  255.826549][T13213] bond1: (slave vti0): refused to change device type
[  256.905412][ T5924] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000040. ret = -EPROTO
[  256.981861][ T5924] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00001000. ret = -EPROTO
[  256.994627][T13240] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  257.004342][ T5924] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x0000011c. ret = -EPROTO
[  257.189004][ T5924] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[  257.295024][ T5924] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  257.488756][ T5924] lan78xx 5-1:1.0: probe with driver lan78xx failed with error -71
[  257.522435][ T5924] usb 5-1: USB disconnect, device number 25
[  257.731724][    T9] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  257.908334][    C1] vcan0: j1939_tp_rxtimer: 0xffff88802651b400: rx timeout, send abort
[  257.923095][   T30] audit: type=1400 audit(1765038808.219:579): avc:  denied  { read } for  pid=5170 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[  257.950668][    T9] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[  257.960564][    T9] usb 6-1: config 0 has no interface number 0
[  257.971482][    T9] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  257.989383][    T9] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  258.002432][   T30] audit: type=1400 audit(1765038808.219:580): avc:  denied  { search } for  pid=5170 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  258.030457][    T9] usb 6-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.00
[  258.045491][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  258.058989][   T30] audit: type=1400 audit(1765038808.219:581): avc:  denied  { search } for  pid=5170 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  258.100725][    T9] usb 6-1: config 0 descriptor??
[  258.131468][   T30] audit: type=1400 audit(1765038808.219:582): avc:  denied  { add_name } for  pid=5170 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  258.184924][   T30] audit: type=1400 audit(1765038808.219:583): avc:  denied  { create } for  pid=5170 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  258.235152][   T30] audit: type=1400 audit(1765038808.219:584): avc:  denied  { append open } for  pid=5170 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  258.294100][   T30] audit: type=1400 audit(1765038808.219:585): avc:  denied  { getattr } for  pid=5170 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  258.408385][    C1] vcan0: j1939_tp_rxtimer: 0xffff88802651b000: rx timeout, send abort
[  258.418069][    C1] vcan0: j1939_tp_rxtimer: 0xffff88802651b400: abort rx timeout. Force session deactivation
[  258.524282][    T9] prodikeys 0003:041E:2801.000F: unknown main item tag 0x0
[  258.532885][    T9] prodikeys 0003:041E:2801.000F: unknown main item tag 0x0
[  258.546163][    T9] prodikeys 0003:041E:2801.000F: unknown main item tag 0x0
[  258.568373][    T9] prodikeys 0003:041E:2801.000F: unknown main item tag 0x0
[  258.598440][    T9] prodikeys 0003:041E:2801.000F: unknown main item tag 0x0
[  258.621500][    T9] prodikeys 0003:041E:2801.000F: unknown main item tag 0x0
[  258.643331][    T9] prodikeys 0003:041E:2801.000F: unknown main item tag 0x0
[  258.683485][    T9] prodikeys 0003:041E:2801.000F: hidraw0: USB HID v0.00 Device [HID 041e:2801] on usb-dummy_hcd.5-1/input1
[  258.732208][   T30] audit: type=1400 audit(1765038809.029:586): avc:  denied  { read } for  pid=13245 comm="syz.5.1350" name="loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  258.776875][    T9] hid_prodikeys: hid-prodikeys: failed to find output report
[  258.776875][    T9] 
[  258.821203][    T9] usb 6-1: USB disconnect, device number 9
[  258.867178][T13261] fido_id[13261]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory
[  258.916636][    C1] vcan0: j1939_tp_rxtimer: 0xffff88802651b000: abort rx timeout. Force session deactivation
[  259.147389][T13271] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4068521576 (4068521576 ns) > initial count (2794446801 ns). Using initial count to start timer.
[  259.770420][ T5924] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  259.908876][T13277] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  259.940796][T13277] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  259.955266][ T5924] usb 3-1: config 0 has an invalid interface number: 50 but max is 0
[  259.966041][ T5924] usb 3-1: config 0 has no interface number 0
[  260.095584][ T5924] usb 3-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=e6.fc
[  260.118015][ T5924] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  260.147020][ T5924] usb 3-1: Product: syz
[  260.176797][ T5924] usb 3-1: Manufacturer: syz
[  260.187285][ T5924] usb 3-1: SerialNumber: syz
[  260.245214][ T5924] usb 3-1: config 0 descriptor??
[  260.313059][ T5924] yurex 3-1:0.50: Could not find endpoints
[  260.592404][T13265] kvm: kvm [13263]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc2) = 0x9d00
[  260.671792][T13265] kvm: kvm [13263]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc1) = 0x9d00
[  260.860597][ T7592] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  260.879282][ T7592] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  260.923447][   T24] usb 3-1: USB disconnect, device number 10
[  260.943355][ T7592] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  260.962085][ T7592] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  261.296699][   T30] kauditd_printk_skb: 6 callbacks suppressed
[  261.296715][   T30] audit: type=1400 audit(1765038811.589:593): avc:  denied  { transfer } for  pid=13319 comm="syz.0.1372" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  261.532031][   T30] audit: type=1326 audit(1765038811.819:594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13324 comm="syz.0.1373" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f57d538f749 code=0x7ffc0000
[  261.655428][   T30] audit: type=1326 audit(1765038811.819:595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13324 comm="syz.0.1373" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f57d538f749 code=0x7ffc0000
[  261.752811][   T30] audit: type=1326 audit(1765038811.819:596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13324 comm="syz.0.1373" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f57d538f749 code=0x7ffc0000
[  261.777405][   T30] audit: type=1326 audit(1765038811.819:597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13324 comm="syz.0.1373" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f57d538f749 code=0x7ffc0000
[  261.807990][   T30] audit: type=1326 audit(1765038811.819:598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13324 comm="syz.0.1373" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f57d538f749 code=0x7ffc0000
[  261.832734][   T30] audit: type=1326 audit(1765038811.829:599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13324 comm="syz.0.1373" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f57d538f749 code=0x7ffc0000
[  261.863894][   T30] audit: type=1326 audit(1765038811.859:600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13324 comm="syz.0.1373" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f57d538f749 code=0x7ffc0000
[  261.891434][T13284] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  261.928267][   T30] audit: type=1326 audit(1765038811.889:601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13324 comm="syz.0.1373" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f57d538f749 code=0x7ffc0000
[  262.343750][T13284] usb 3-1: unable to get BOS descriptor or descriptor too short
[  262.356511][T13284] usb 3-1: config 6 has an invalid interface number: 158 but max is 0
[  262.471411][T13284] usb 3-1: config 6 has no interface number 0
[  262.477530][T13284] usb 3-1: config 6 interface 158 has no altsetting 0
[  262.486057][   T30] audit: type=1326 audit(1765038811.909:602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13324 comm="syz.0.1373" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f57d538f749 code=0x7ffc0000
[  262.527284][T13284] usb 3-1: New USB device found, idVendor=0bda, idProduct=0140, bcdDevice=da.29
[  262.536835][T13284] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  262.550658][T13284] usb 3-1: Product: syz
[  262.556036][T13284] usb 3-1: Manufacturer: syz
[  262.562864][T13284] usb 3-1: SerialNumber: syz
[  262.823788][T13328] vlan2: entered allmulticast mode
[  262.829007][T13328] veth0_to_bond: entered allmulticast mode
[  263.094722][T13284] rtsx_usb 3-1:6.158: probe with driver rtsx_usb failed with error -22
[  263.130683][T13284] usb 3-1: USB disconnect, device number 11
[  265.654262][T13383] xt_NFQUEUE: number of queues (63489) out of range (got 96768)
[  265.814058][T13390] binder: 13389:13390 ioctl c0306201 200000000640 returned -22
[  265.951429][T13298] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  266.121482][T13298] usb 6-1: Using ep0 maxpacket: 8
[  266.134540][T13298] usb 6-1: config 0 has an invalid interface number: 31 but max is 0
[  266.181526][T13298] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  266.231473][T13298] usb 6-1: config 0 has no interface number 0
[  266.249862][T13298] usb 6-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[  266.413171][T13298] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  266.421280][T13298] usb 6-1: Product: syz
[  266.434613][T13298] usb 6-1: Manufacturer: syz
[  266.439244][T13298] usb 6-1: SerialNumber: syz
[  266.447701][T13298] usb 6-1: config 0 descriptor??
[  266.470980][T13298] uvcvideo 6-1:0.31: Found UVC 0.04 device syz (046d:08c3)
[  266.478409][T13298] uvcvideo 6-1:0.31: No valid video chain found.
[  266.972715][T13298] usb 6-1: USB disconnect, device number 10
[  267.764255][T13410] netlink: 'syz.5.1401': attribute type 27 has an invalid length.
[  267.808920][T13298] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  267.838206][T13410] 8021q: adding VLAN 0 to HW filter on device bond0
[  267.847956][T13410] 8021q: adding VLAN 0 to HW filter on device team0
[  267.887450][T13410] 8021q: adding VLAN 0 to HW filter on device batadv0
[  267.991054][T13410] batman_adv: batadv0: Interface activated: batadv_slave_0
[  268.001604][T13298] usb 1-1: Using ep0 maxpacket: 32
[  268.009144][T13298] usb 1-1: config 0 has an invalid interface number: 184 but max is 0
[  268.014681][T13410] batman_adv: batadv0: Interface activated: batadv_slave_1
[  268.037338][T13298] usb 1-1: config 0 has no interface number 0
[  268.058909][T13410] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  268.071777][T13298] usb 1-1: config 0 interface 184 has no altsetting 0
[  268.145239][T13410] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  268.152623][T13298] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  268.191290][T13298] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  268.213633][T13298] usb 1-1: Product: syz
[  268.223461][T13298] usb 1-1: Manufacturer: syz
[  268.233087][T13298] usb 1-1: SerialNumber: syz
[  268.248063][T13298] usb 1-1: config 0 descriptor??
[  268.266008][T13410] veth1_vlan: left promiscuous mode
[  268.274698][T13415] capability: warning: `syz.6.1403' uses 32-bit capabilities (legacy support in use)
[  268.307224][T13410] veth0_vlan: left promiscuous mode
[  268.355629][   T30] kauditd_printk_skb: 59 callbacks suppressed
[  268.355648][   T30] audit: type=1400 audit(1765038818.629:662): avc:  denied  { associate } for  pid=13416 comm="syz.6.1403" name="core" scontext=root:object_r:etc_runtime_t tcontext=system_u:object_r:root_t tclass=filesystem permissive=1
[  268.522119][T13410] veth0_vlan: entered promiscuous mode
[  268.529444][T13410] veth1_vlan: entered promiscuous mode
[  268.536721][T13298] smsc75xx v1.0.0
[  268.540368][T13298] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  268.559360][T13420] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  268.565350][T13298] smsc75xx 1-1:0.184: probe with driver smsc75xx failed with error -22
[  268.583431][T13410] veth1_macvtap: left promiscuous mode
[  268.601663][T13410] veth0_macvtap: left promiscuous mode
[  268.623524][T13410] veth0_macvtap: entered promiscuous mode
[  268.644012][T13410] veth1_macvtap: entered promiscuous mode
[  268.668270][T13420] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  268.692433][ T3638] bridge0: port 1(bridge_slave_0) entered blocking state
[  268.699589][ T3638] bridge0: port 1(bridge_slave_0) entered forwarding state
[  268.731697][ T3638] bridge0: port 2(bridge_slave_1) entered blocking state
[  268.738866][ T3638] bridge0: port 2(bridge_slave_1) entered forwarding state
[  268.797100][T13420] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  268.809672][T13284] usb 1-1: USB disconnect, device number 14
[  268.868380][ T4290] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  268.880045][ T4290] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  268.914394][ T4290] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  268.935326][ T4290] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  269.127634][   T30] audit: type=1400 audit(1765038819.419:663): avc:  denied  { shutdown } for  pid=13435 comm="syz.6.1408" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  269.460396][T13448] __nla_validate_parse: 41 callbacks suppressed
[  269.460417][T13448] netlink: 120 bytes leftover after parsing attributes in process `syz.5.1410'.
[  270.447526][T13489] netlink: 'syz.4.1421': attribute type 27 has an invalid length.
[  270.463068][   T30] audit: type=1400 audit(1765038820.759:664): avc:  denied  { read write } for  pid=13488 comm="syz.0.1423" name="rdma_cm" dev="devtmpfs" ino=1271 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1
[  270.620033][   T30] audit: type=1400 audit(1765038820.759:665): avc:  denied  { open } for  pid=13488 comm="syz.0.1423" path="/dev/infiniband/rdma_cm" dev="devtmpfs" ino=1271 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1
[  270.713880][T13499] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  270.821208][T13489] bridge0: port 2(bridge_slave_1) entered disabled state
[  270.828562][T13489] bridge0: port 1(bridge_slave_0) entered disabled state
[  270.840611][T13499] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  270.905613][T13499] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  271.083999][T13489] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  271.099448][T13489] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  271.328564][T13484] 8021q: adding VLAN 0 to HW filter on device bond0
[  271.349924][T13484] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  271.375958][ T3638] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  271.411664][ T3638] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  271.428018][ T3638] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  271.446781][ T3638] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  271.913562][   T30] audit: type=1400 audit(1765038822.209:666): avc:  denied  { watch watch_reads } for  pid=13509 comm="syz.2.1430" path="/277/file0" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  272.471442][ T5932] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  272.945218][ T5932] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  272.958333][ T5932] usb 5-1: config 0 has no interfaces?
[  272.964136][ T5932] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  272.978546][ T5932] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  273.032270][ T5932] usb 5-1: config 0 descriptor??
[  273.314220][T13526] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  273.345815][T13526] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  273.472842][T13526] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[  273.836458][T13298] usb 5-1: USB disconnect, device number 26
[  274.625878][   T30] audit: type=1400 audit(1765038824.909:667): avc:  denied  { read } for  pid=13568 comm="syz.0.1449" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  274.694361][T13575] netlink: 56 bytes leftover after parsing attributes in process `syz.4.1448'.
[  274.724131][   T30] audit: type=1400 audit(1765038824.919:668): avc:  denied  { open } for  pid=13568 comm="syz.0.1449" path="/dev/fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  274.880065][   T30] audit: type=1400 audit(1765038824.959:669): avc:  denied  { append } for  pid=13566 comm="syz.2.1450" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  275.324827][ T5819] IPVS: starting estimator thread 0...
[  275.333029][T13574] IPVS: wlc: FWM 3 0x00000003 - no destination available
[  275.438338][T13587] IPVS: using max 42 ests per chain, 100800 per kthread
[  275.760288][ T1137] IPVS: stop unused estimator thread 0...
[  276.294627][T13619] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1463'.
[  276.347696][T13619] 8021q: adding VLAN 0 to HW filter on device bond2
[  276.436371][T13624] macvlan2: entered promiscuous mode
[  276.463318][T13624] macvlan2: entered allmulticast mode
[  276.512201][T13624] veth0: entered promiscuous mode
[  276.532317][T13624] veth0: entered allmulticast mode
[  276.554773][T13624] bond2: (slave macvlan2): Enslaving as an active interface with an up link
[  277.171202][   T30] audit: type=1400 audit(1765038827.459:670): avc:  denied  { read } for  pid=13636 comm="syz.0.1471" path="socket:[31962]" dev="sockfs" ino=31962 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  277.227877][    C0] vcan0: j1939_tp_rxtimer: 0xffff8880549cb000: rx timeout, send abort
[  277.326463][T13644] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  277.334547][T13644] IPv6: NLM_F_CREATE should be set when creating new route
[  277.341801][T13644] IPv6: NLM_F_CREATE should be set when creating new route
[  277.385534][T13648] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1474'.
[  277.727966][    C0] vcan0: j1939_tp_rxtimer: 0xffff8880549cac00: rx timeout, send abort
[  277.736402][    C0] vcan0: j1939_tp_rxtimer: 0xffff8880549cb000: abort rx timeout. Force session deactivation
[  278.236267][    C0] vcan0: j1939_tp_rxtimer: 0xffff8880549cac00: abort rx timeout. Force session deactivation
[  278.327159][T13676] 9pnet_fd: p9_fd_create_tcp (13676): problem connecting socket to 127.0.0.1
[  278.385804][T13676] 9pnet_fd: p9_fd_create_tcp (13676): problem connecting socket to 127.0.0.1
[  278.404940][T13676] 9pnet_fd: p9_fd_create_tcp (13676): problem connecting socket to 127.0.0.1
[  278.419367][T13676] 9pnet_fd: p9_fd_create_tcp (13676): problem connecting socket to 127.0.0.1
[  278.431199][T13676] 9pnet_fd: p9_fd_create_tcp (13676): problem connecting socket to 127.0.0.1
[  278.445139][T13676] 9pnet_fd: p9_fd_create_tcp (13676): problem connecting socket to 127.0.0.1
[  278.455872][T13676] 9pnet_fd: p9_fd_create_tcp (13676): problem connecting socket to 127.0.0.1
[  278.467887][T13676] 9pnet_fd: p9_fd_create_tcp (13676): problem connecting socket to 127.0.0.1
[  278.478820][T13676] 9pnet_fd: p9_fd_create_tcp (13676): problem connecting socket to 127.0.0.1
[  278.513632][T13676] 9pnet_fd: p9_fd_create_tcp (13676): problem connecting socket to 127.0.0.1
[  278.527853][T13676] 9pnet_fd: p9_fd_create_tcp (13676): problem connecting socket to 127.0.0.1
[  278.539888][T13676] 9pnet_fd: p9_fd_create_tcp (13676): problem connecting socket to 127.0.0.1
[  278.554815][T13676] 9pnet_fd: p9_fd_create_tcp (13676): problem connecting socket to 127.0.0.1
[  278.569836][T13676] 9pnet_fd: p9_fd_create_tcp (13676): problem connecting socket to 127.0.0.1
[  278.582078][T13676] 9pnet_fd: p9_fd_create_tcp (13676): problem connecting socket to 127.0.0.1
[  278.600899][T13676] 9pnet_fd: p9_fd_create_tcp (13676): problem connecting socket to 127.0.0.1
[  278.642865][T13676] 9pnet_fd: p9_fd_create_tcp (13676): problem connecting socket to 127.0.0.1
[  278.654651][T13676] 9pnet_fd: p9_fd_create_tcp (13676): problem connecting socket to 127.0.0.1
[  278.683277][T13676] 9pnet_fd: p9_fd_create_tcp (13676): problem connecting socket to 127.0.0.1
[  278.700898][T13676] 9pnet_fd: p9_fd_create_tcp (13676): problem connecting socket to 127.0.0.1
[  278.713835][T13676] 9pnet_fd: p9_fd_create_tcp (13676): problem connecting socket to 127.0.0.1
[  278.724195][T13676] 9pnet_fd: p9_fd_create_tcp (13676): problem connecting socket to 127.0.0.1
[  278.735098][T13676] 9pnet_fd: p9_fd_create_tcp (13676): problem connecting socket to 127.0.0.1
[  278.842885][T13676] 9pnet_fd: p9_fd_create_tcp (13676): problem connecting socket to 127.0.0.1
[  278.863093][T13676] 9pnet_fd: p9_fd_create_tcp (13676): problem connecting socket to 127.0.0.1
[  278.910256][T13676] 9pnet_fd: p9_fd_create_tcp (13676): problem connecting socket to 127.0.0.1
[  278.920772][T13676] 9pnet_fd: p9_fd_create_tcp (13676): problem connecting socket to 127.0.0.1
[  278.939287][T13676] 9pnet_fd: p9_fd_create_tcp (13676): problem connecting socket to 127.0.0.1
[  278.949910][T13676] 9pnet_fd: p9_fd_create_tcp (13676): problem connecting socket to 127.0.0.1
[  278.960732][T13676] 9pnet_fd: p9_fd_create_tcp (13676): problem connecting socket to 127.0.0.1
[  278.971558][T13676] 9pnet_fd: p9_fd_create_tcp (13676): problem connecting socket to 127.0.0.1
[  278.985700][T13676] 9pnet_fd: p9_fd_create_tcp (13676): problem connecting socket to 127.0.0.1
[  278.999678][T13676] 9pnet_fd: p9_fd_create_tcp (13676): problem connecting socket to 127.0.0.1
[  279.010266][T13676] 9pnet_fd: p9_fd_create_tcp (13676): problem connecting socket to 127.0.0.1
[  279.024287][T13676] 9pnet_fd: p9_fd_create_tcp (13676): problem connecting socket to 127.0.0.1
[  279.034851][T13676] 9pnet_fd: p9_fd_create_tcp (13676): problem connecting socket to 127.0.0.1
[  279.045429][T13676] 9pnet_fd: p9_fd_create_tcp (13676): problem connecting socket to 127.0.0.1
[  279.056799][T13676] 9pnet_fd: p9_fd_create_tcp (13676): problem connecting socket to 127.0.0.1
[  279.067451][T13676] 9pnet_fd: p9_fd_create_tcp (13676): problem connecting socket to 127.0.0.1
[  279.077725][T13676] 9pnet_fd: p9_fd_create_tcp (13676): problem connecting socket to 127.0.0.1
[  279.089882][T13676] 9pnet_fd: p9_fd_create_tcp (13676): problem connecting socket to 127.0.0.1
[  279.117687][T13676] 9pnet_fd: p9_fd_create_tcp (13676): problem connecting socket to 127.0.0.1
[  279.269284][T13679] Process accounting resumed
[  279.959134][T13712] netlink: 'syz.4.1495': attribute type 1 has an invalid length.
[  280.030715][T13712] bond1: (slave geneve2): making interface the new active one
[  280.052412][T13712] bond1: (slave geneve2): Enslaving as an active interface with an up link
[  280.078607][   T13] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 20004 - 0
[  280.102589][   T13] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 20004 - 0
[  280.116098][   T13] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 20004 - 0
[  280.171465][   T13] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 20004 - 0
[  280.920955][T13741] kernel profiling enabled (shift: 63)
[  280.927335][T13741] profiling shift: 63 too large
[  281.006253][T13744] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1506'.
[  281.109249][T13748] netlink: 9 bytes leftover after parsing attributes in process `syz.0.1507'.
[  281.120085][T13748] gretap0: entered promiscuous mode
[  281.560154][T13750] netlink: 5 bytes leftover after parsing attributes in process `syz.0.1507'.
[  281.651066][T13747] macvlan3: entered promiscuous mode
[  281.796620][T13747] macvlan3: entered allmulticast mode
[  281.828864][T13747] bond3: (slave macvlan3): Opening slave failed
[  281.847439][T13756] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1509'.
[  281.856504][T13756] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1509'.
[  281.938230][T13750] 0ªî{X¹¦: renamed from gretap0
[  281.963034][T13750] 0ªî{X¹¦: left promiscuous mode
[  281.972192][T13750] 0ªî{X¹¦: entered allmulticast mode
[  282.002888][T13750] A link change request failed with some changes committed already. Interface 
30ªî{X¹¦ may have been left with an inconsistent configuration, please check.
[  282.040472][T13761] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1511'.
[  282.050531][   T30] audit: type=1326 audit(1765038832.339:671): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13757 comm="syz.5.1510" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd85918f749 code=0x0
[  282.089999][T13761] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1511'.
[  282.118364][T13761] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1511'.
[  282.173973][T13766] Bluetooth: MGMT ver 1.23
[  282.310465][T13777] 8021q: adding VLAN 0 to HW filter on device bond2
[  282.318680][T13777] bond0: (slave bond2): Enslaving as an active interface with an up link
[  282.350978][T13777] netlink: 14 bytes leftover after parsing attributes in process `syz.4.1518'.
[  282.500417][ T5924] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  282.650489][T13777] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  282.659361][ T5924] usb 3-1: Using ep0 maxpacket: 32
[  282.676675][T13777] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  282.687379][T13777] bond0 (unregistering): (slave bond2): Releasing backup interface
[  282.690331][ T5924] usb 3-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[  282.710462][T13777] bond0 (unregistering): Released all slaves
[  282.717876][ T5924] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  282.733725][ T5924] usb 3-1: Product: syz
[  282.744519][ T5924] usb 3-1: Manufacturer: syz
[  282.755635][ T5924] usb 3-1: SerialNumber: syz
[  282.767988][ T5924] usb 3-1: config 0 descriptor??
[  282.779078][ T5924] gspca_main: ov534_9-2.14.0 probing 05a9:1550
[  282.901420][ T5827] Bluetooth: hci3: command 0x0406 tx timeout
[  283.418725][   T30] audit: type=1400 audit(1765038833.649:672): avc:  denied  { setopt } for  pid=13788 comm="syz.6.1521" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  283.592380][   T30] audit: type=1400 audit(1765038833.889:673): avc:  denied  { write } for  pid=13797 comm="syz.0.1526" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  284.033551][T13812] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1530'.
[  284.183607][T13810] kvm: pic: non byte write
[  284.274157][ T5827] Bluetooth: hci2: command 0x0406 tx timeout
[  284.283640][ T5817] Bluetooth: hci2: Opcode 0x0401 failed: -110
[  284.427658][ T5924] gspca_ov534_9: reg_r err -71
[  284.701702][ T5924] gspca_ov534_9: Unknown sensor 0000
[  284.701779][ T5924] ov534_9 3-1:0.0: probe with driver ov534_9 failed with error -22
[  284.762913][ T5924] usb 3-1: USB disconnect, device number 12
[  285.679233][T13854] bridge_slave_0: left allmulticast mode
[  285.696256][T13854] bridge_slave_0: left promiscuous mode
[  285.712786][T13854] bridge0: port 1(bridge_slave_0) entered disabled state
[  285.731876][T13857] netlink: 'syz.2.1546': attribute type 10 has an invalid length.
[  285.765081][   T30] audit: type=1326 audit(1765038835.999:674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13855 comm="syz.4.1547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ad478f749 code=0x7ffc0000
[  285.770218][T13854] bridge_slave_1: left allmulticast mode
[  285.789133][   T30] audit: type=1326 audit(1765038835.999:675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13855 comm="syz.4.1547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ad478f749 code=0x7ffc0000
[  285.838497][T13854] bridge_slave_1: left promiscuous mode
[  285.849808][T13854] bridge0: port 2(bridge_slave_1) entered disabled state
[  285.869109][T13861] netlink: 'syz.4.1549': attribute type 1 has an invalid length.
[  285.882078][   T30] audit: type=1326 audit(1765038835.999:676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13855 comm="syz.4.1547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ad478f749 code=0x7ffc0000
[  285.912725][   T30] audit: type=1326 audit(1765038835.999:677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13855 comm="syz.4.1547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ad478f749 code=0x7ffc0000
[  285.913396][T13854] bond0: (slave bond_slave_0): Releasing backup interface
[  285.992080][T13854] bond0: (slave bond_slave_1): Releasing backup interface
[  286.015474][T13854] team0: Port device team_slave_0 removed
[  286.046015][T13854] team0: Port device team_slave_1 removed
[  286.060429][T13854] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  286.082198][T13854] batman_adv: batadv0: Removing interface: batadv_slave_0
[  286.098194][   T30] audit: type=1326 audit(1765038835.999:678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13855 comm="syz.4.1547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f1ad478f749 code=0x7ffc0000
[  286.128545][T13854] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  286.148366][T13854] batman_adv: batadv0: Removing interface: batadv_slave_1
[  286.184056][   T30] audit: type=1326 audit(1765038835.999:679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13855 comm="syz.4.1547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ad478f749 code=0x7ffc0000
[  286.227927][T13854] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  286.261764][   T30] audit: type=1326 audit(1765038835.999:680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13855 comm="syz.4.1547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ad478f749 code=0x7ffc0000
[  286.291786][T13857] team0: entered promiscuous mode
[  286.307257][T13857] bridge0: port 1(team0) entered blocking state
[  286.321450][T13857] bridge0: port 1(team0) entered disabled state
[  286.339027][T13857] team0: entered allmulticast mode
[  286.362821][T13857] bridge0: port 1(team0) entered blocking state
[  286.369205][T13857] bridge0: port 1(team0) entered forwarding state
[  286.410576][ T1137] bridge0: port 1(team0) entered disabled state
[  286.735240][T13861] 8021q: adding VLAN 0 to HW filter on device bond0
[  286.836428][T13863] bond0: (slave veth7): Enslaving as an active interface with a down link
[  286.947013][T13866] bond0: (slave vlan3): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened)
[  287.607933][ T5896] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  287.747917][T13890] netlink: set zone limit has 4 unknown bytes
[  287.808549][ T5896] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 127, changing to 10
[  287.833732][ T5896] usb 3-1: New USB device found, idVendor=0c70, idProduct=f0bd, bcdDevice= 0.00
[  287.872240][ T5896] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  287.895155][ T5896] usb 3-1: config 0 descriptor??
[  287.966331][T13897] __nla_validate_parse: 1 callbacks suppressed
[  287.966350][T13897] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1559'.
[  288.328344][   T30] kauditd_printk_skb: 53 callbacks suppressed
[  288.328363][   T30] audit: type=1400 audit(1765038838.609:734): avc:  denied  { execute } for  pid=13888 comm="syz.2.1557" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=33067 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  288.556144][ T5896] usbhid 3-1:0.0: can't add hid device: -71
[  288.581573][ T5896] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  288.605279][ T5896] usb 3-1: USB disconnect, device number 13
[  290.261539][ T5896] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  290.639662][ T5896] usb 1-1: Using ep0 maxpacket: 32
[  290.747192][ T5896] usb 1-1: config 0 interface 0 altsetting 8 endpoint 0x81 has invalid wMaxPacketSize 0
[  290.763674][ T5896] usb 1-1: config 0 interface 0 has no altsetting 0
[  290.787904][ T5896] usb 1-1: New USB device found, idVendor=05ac, idProduct=0265, bcdDevice= 0.00
[  290.817045][ T5896] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  290.959054][T13945] x_tables: ip_tables: HMARK.0 target: invalid size 64 (kernel) != (user) 72
[  291.169770][ T5896] usb 1-1: config 0 descriptor??
[  291.685529][ T5896] magicmouse 0003:05AC:0265.0010: unknown main item tag 0x0
[  291.724534][ T5896] magicmouse 0003:05AC:0265.0010: unknown main item tag 0x0
[  291.751642][ T5896] magicmouse 0003:05AC:0265.0010: unknown main item tag 0x0
[  291.771050][ T5896] magicmouse 0003:05AC:0265.0010: unknown main item tag 0x0
[  291.788735][ T5896] magicmouse 0003:05AC:0265.0010: unknown main item tag 0x0
[  291.812174][ T5896] magicmouse 0003:05AC:0265.0010: hidraw0: USB HID v0.07 Device [HID 05ac:0265] on usb-dummy_hcd.0-1/input0
[  291.982130][ T5896] usb 1-1: USB disconnect, device number 15
[  292.291982][ T5924] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  292.451450][ T5924] usb 6-1: Using ep0 maxpacket: 16
[  292.726565][ T5924] usb 6-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  292.925886][ T5924] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  292.964262][ T5924] usb 6-1: Product: syz
[  292.968473][ T5924] usb 6-1: Manufacturer: syz
[  292.973526][ T5924] usb 6-1: SerialNumber: syz
[  292.981421][ T5924] r8152-cfgselector 6-1: Unknown version 0x0000
[  292.988274][ T5924] r8152-cfgselector 6-1: config 0 descriptor??
[  293.464952][ T5924] r8152-cfgselector 6-1: USB disconnect, device number 11
[  293.614902][   T30] audit: type=1326 audit(1765038843.909:735): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14008 comm="syz.6.1604" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd2e078f749 code=0x0
[  293.651444][ T5896] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  294.101606][ T5896] usb 3-1: Using ep0 maxpacket: 8
[  294.108356][ T5896] usb 3-1: config 0 has no interfaces?
[  294.119102][ T5896] usb 3-1: New USB device found, idVendor=05c6, idProduct=9212, bcdDevice=47.83
[  294.148524][ T5896] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  294.186642][ T5896] usb 3-1: Product: syz
[  294.192323][ T5896] usb 3-1: Manufacturer: syz
[  294.197320][ T5896] usb 3-1: SerialNumber: syz
[  294.211076][ T5896] usb 3-1: config 0 descriptor??
[  294.510314][T14005] kvm: kvm [14004]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc2) = 0x9d00
[  294.519837][T14005] kvm: kvm [14004]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc1) = 0x9d00
[  294.561456][ T5896] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  294.586159][T13284] usb 3-1: USB disconnect, device number 14
[  294.751481][ T5896] usb 1-1: Using ep0 maxpacket: 32
[  294.758941][ T5896] usb 1-1: config index 0 descriptor too short (expected 29220, got 36)
[  294.768106][ T5896] usb 1-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  294.781251][ T5896] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 81
[  294.797826][ T5896] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  294.810256][ T5896] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  294.820401][ T5896] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 14385, setting to 1024
[  294.834904][ T5896] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024
[  294.845195][ T5896] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  294.865602][ T5896] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  294.880981][ T5896] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  294.906575][ T5896] usb 1-1: config 0 descriptor??
[  294.919666][T14023] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  295.138304][ T5896] usblp 1-1:0.0: usblp0: USB Bidirectional printer dev 16 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  295.138922][T14023] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  295.164501][T14023] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  295.245315][T14038] overlayfs: failed to clone upperpath
[  295.348269][   T30] audit: type=1400 audit(1765038845.639:736): avc:  denied  { setopt } for  pid=14041 comm="syz.4.1605" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  295.403952][    C0] usblp0: nonzero read bulk status received: -71
[  295.420624][   T30] audit: type=1400 audit(1765038845.689:737): avc:  denied  { read write } for  pid=14022 comm="syz.0.1596" name="lp0" dev="devtmpfs" ino=3201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1
[  295.521481][   T30] audit: type=1400 audit(1765038845.689:738): avc:  denied  { open } for  pid=14022 comm="syz.0.1596" path="/dev/usb/lp0" dev="devtmpfs" ino=3201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1
[  295.528773][T14023] usblp0: error -71 reading from printer
[  295.585717][T14048] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  295.599452][    C1] usblp0: nonzero read bulk status received: -71
[  295.654760][T13284] usb 1-1: USB disconnect, device number 16
[  295.670008][T13284] usblp0: removed
[  296.639840][T14074] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1615'.
[  296.951406][ T5896] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  297.203079][ T5817] Bluetooth: hci0: command 0x0406 tx timeout
[  297.203850][ T5896] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  297.221453][ T5896] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  297.230825][ T5896] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  297.320470][ T5896] usb 6-1: config 0 descriptor??
[  297.576349][ T5896] usbhid 6-1:0.0: can't add hid device: -71
[  297.584844][T14095] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1623'.
[  297.664716][ T5896] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  297.701519][T13284] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  297.827096][ T5896] usb 6-1: USB disconnect, device number 12
[  297.911643][T13284] usb 1-1: New USB device found, idVendor=0c45, idProduct=8001, bcdDevice=90.0a
[  297.920926][T13284] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  297.930837][T13284] usb 1-1: config 0 descriptor??
[  297.939617][T13284] gspca_main: sn9c2028-2.14.0 probing 0c45:8001
[  298.154782][ T9772] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 20004 - 0
[  298.166479][ T9772] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 20004 - 0
[  298.176325][T13284] gspca_sn9c2028: read1 error -71
[  298.185549][T13284] gspca_sn9c2028: read1 error -71
[  298.190862][T13284] gspca_sn9c2028: read1 error -71
[  298.201112][ T9772] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 20004 - 0
[  298.208887][T13284] sn9c2028 1-1:0.0: probe with driver sn9c2028 failed with error -71
[  298.239794][T13284] usb 1-1: USB disconnect, device number 17
[  298.251687][ T5896] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  298.269138][ T9772] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 20004 - 0
[  298.425434][ T5896] usb 6-1: Using ep0 maxpacket: 32
[  298.462339][ T5896] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  298.481485][ T5896] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40
[  298.531003][ T5896] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  298.543046][ T5896] usb 6-1: config 0 descriptor??
[  298.550830][ T5896] ldusb 6-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  298.584842][ T5896] ldusb 6-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  299.106455][T13284] usb 6-1: USB disconnect, device number 13
[  299.118215][T13284] ldusb 6-1:0.0: LD USB Device #0 now disconnected
[  299.856573][T14133] netlink: 'syz.6.1636': attribute type 1 has an invalid length.
[  300.022151][T14133] bond2: (slave ip6gretap1): making interface the new active one
[  300.042303][T14133] bond2: (slave ip6gretap1): Enslaving as an active interface with an up link
[  300.065269][   T10] usb 6-1: new full-speed USB device number 14 using dummy_hcd
[  300.132542][T14133] bond2: entered promiscuous mode
[  300.142552][T14133] ip6gretap1: entered promiscuous mode
[  300.148232][T14133] bond2: entered allmulticast mode
[  300.164718][T14133] ip6gretap1: entered allmulticast mode
[  300.176456][T14133] 8021q: adding VLAN 0 to HW filter on device bond2
[  300.233660][   T10] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  300.275268][   T10] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2
[  300.289906][   T10] usb 6-1: config 1 has no interface number 0
[  300.296480][   T10] usb 6-1: config 1 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  300.320075][   T10] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  300.343059][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  300.376540][   T10] usb 6-1: Product: syz
[  300.381570][   T10] usb 6-1: Manufacturer: syz
[  300.391762][   T10] usb 6-1: SerialNumber: syz
[  300.411748][ T5924] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  300.421151][   T10] cdc_ncm 6-1:1.1: CDC Union missing and no IAD found
[  300.441178][   T10] cdc_ncm 6-1:1.1: bind() failure
[  300.562980][ T5924] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  300.577554][ T5924] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  300.619729][ T5924] usb 3-1: New USB device found, idVendor=048d, idProduct=ce50, bcdDevice= 0.00
[  300.650464][ T5924] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  300.685583][ T5924] usb 3-1: config 0 descriptor??
[  300.717890][   T10] usb 6-1: USB disconnect, device number 14
[  301.117213][ T5924] asus 0003:048D:CE50.0011: item fetching failed at offset 2/5
[  301.126838][ T5924] asus 0003:048D:CE50.0011: Asus hid parse failed: -22
[  301.135621][ T5924] asus 0003:048D:CE50.0011: probe with driver asus failed with error -22
[  301.159489][T14170] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  301.339703][   T10] usb 3-1: USB disconnect, device number 15
[  302.481601][ T5896] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  303.051013][ T5896] usb 3-1: unable to get BOS descriptor or descriptor too short
[  303.085177][ T5896] usb 3-1: config 0 has an invalid interface number: 144 but max is 1
[  303.171464][ T5896] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  303.212882][ T5896] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2
[  303.259724][ T5896] usb 3-1: config 0 has no interface number 0
[  303.266338][ T5896] usb 3-1: config 0 interface 144 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 13
[  303.286198][ T5896] usb 3-1: config 0 interface 144 has no altsetting 0
[  303.295114][ T5896] usb 3-1: New USB device found, idVendor=04d8, idProduct=0082, bcdDevice=d0.ae
[  303.342420][ T5896] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  303.701579][ T5896] usb 3-1: Product: syz
[  303.705867][ T5896] usb 3-1: Manufacturer: syz
[  303.717232][ T5896] usb 3-1: SerialNumber: syz
[  303.766460][ T5896] usb 3-1: config 0 descriptor??
[  304.043380][ T5896] ims_pcu 3-1:0.144: Missing CDC union descriptor
[  304.051259][ T5896] ims_pcu 3-1:0.144: probe with driver ims_pcu failed with error -22
[  304.321636][ T5896] usb 3-1: USB disconnect, device number 16
[  305.306872][   T30] audit: type=1400 audit(1765038855.599:739): avc:  denied  { getopt } for  pid=14247 comm="syz.2.1669" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  306.083800][T13284] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  306.252907][T13284] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  306.300569][T13284] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  306.403398][T13284] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  306.450335][T13284] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  306.476335][T13284] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  306.521015][T13284] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  306.550836][T13284] usb 1-1: config 0 descriptor??
[  307.452176][T13284] plantronics 0003:047F:FFFF.0012: unknown main item tag 0x0
[  307.464847][T13284] plantronics 0003:047F:FFFF.0012: unknown main item tag 0x0
[  307.487222][T13284] plantronics 0003:047F:FFFF.0012: unknown main item tag 0x0
[  307.491952][T14288] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  307.495171][T13284] plantronics 0003:047F:FFFF.0012: unknown main item tag 0x0
[  307.533682][T13284] plantronics 0003:047F:FFFF.0012: unknown main item tag 0x0
[  307.545996][T13284] plantronics 0003:047F:FFFF.0012: unknown main item tag 0x0
[  307.597654][T13284] plantronics 0003:047F:FFFF.0012: unknown main item tag 0x0
[  307.608778][T13284] plantronics 0003:047F:FFFF.0012: unknown main item tag 0x0
[  307.620048][T13284] plantronics 0003:047F:FFFF.0012: unknown main item tag 0x0
[  307.662497][T13284] plantronics 0003:047F:FFFF.0012: unknown main item tag 0x0
[  307.943512][T13284] plantronics 0003:047F:FFFF.0012: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  307.999990][T14301] bridge: RTM_NEWNEIGH with invalid ether address
[  308.035859][T13284] usb 1-1: USB disconnect, device number 18
[  308.179280][T14299] fido_id[14299]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory
[  308.269468][ T5924] usb 3-1: new full-speed USB device number 17 using dummy_hcd
[  308.433534][ T5924] usb 3-1: config 0 has an invalid interface number: 55 but max is 0
[  308.441916][ T5924] usb 3-1: config 0 has no interface number 0
[  308.460634][ T5924] usb 3-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  308.471936][ T5924] usb 3-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  308.484571][ T5924] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  308.561492][T13284] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  308.607662][ T5924] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 64
[  309.032626][ T5924] usb 3-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  309.059496][ T5924] usb 3-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  309.071880][ T5924] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  309.111396][T13284] usb 1-1: Using ep0 maxpacket: 32
[  309.117779][T13284] usb 1-1: config 0 has an invalid interface number: 12 but max is 0
[  309.126242][T13284] usb 1-1: config 0 has no interface number 0
[  309.133655][T13284] usb 1-1: config 0 interface 12 has no altsetting 0
[  309.143318][ T5924] usb 3-1: config 0 descriptor??
[  309.150531][T14298] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  309.158275][T13284] usb 1-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  309.167656][T13284] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  309.176010][T13284] usb 1-1: Product: syz
[  309.183684][ T5924] ldusb 3-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  309.192907][T13284] usb 1-1: Manufacturer: syz
[  309.198908][T13284] usb 1-1: SerialNumber: syz
[  309.208144][T13284] usb 1-1: config 0 descriptor??
[  309.259465][T14313] netlink: 'syz.5.1690': attribute type 1 has an invalid length.
[  309.299617][T14313] 8021q: adding VLAN 0 to HW filter on device bond2
[  309.309750][T14313] bond1: (slave bond2): making interface the new active one
[  309.317822][T14313] bond1: (slave bond2): Enslaving as an active interface with an up link
[  309.765327][ T5924] usb 3-1: USB disconnect, device number 17
[  309.765365][    C0] ldusb 3-1:0.55: usb_submit_urb failed (-19)
[  309.780876][T14322] netlink: 128124 bytes leftover after parsing attributes in process `syz.4.1692'.
[  309.792280][ T5924] ldusb 3-1:0.55: LD USB Device #0 now disconnected
[  310.846105][   T30] audit: type=1326 audit(1765038861.139:740): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14346 comm="syz.2.1701" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a36b8f749 code=0x7ffc0000
[  310.881901][   T30] audit: type=1326 audit(1765038861.139:741): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14346 comm="syz.2.1701" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a36b8f749 code=0x7ffc0000
[  310.929930][   T30] audit: type=1326 audit(1765038861.139:742): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14346 comm="syz.2.1701" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a36b8f749 code=0x7ffc0000
[  310.961738][   T30] audit: type=1326 audit(1765038861.139:743): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14346 comm="syz.2.1701" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a36b8f749 code=0x7ffc0000
[  310.990250][   T30] audit: type=1326 audit(1765038861.179:744): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14346 comm="syz.2.1701" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f8a36b8f749 code=0x7ffc0000
[  311.030648][   T30] audit: type=1326 audit(1765038861.259:745): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14346 comm="syz.2.1701" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a36b8f749 code=0x7ffc0000
[  311.130627][T14350] overlayfs: failed to clone upperpath
[  311.146430][   T30] audit: type=1326 audit(1765038861.259:746): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14346 comm="syz.2.1701" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a36b8f749 code=0x7ffc0000
[  311.237759][   T30] audit: type=1326 audit(1765038861.359:747): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14346 comm="syz.2.1701" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a36b8f749 code=0x7ffc0000
[  311.264319][   T30] audit: type=1326 audit(1765038861.359:748): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14346 comm="syz.2.1701" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f8a36b8f749 code=0x7ffc0000
[  311.288929][   T30] audit: type=1326 audit(1765038861.359:749): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14346 comm="syz.2.1701" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a36b8f749 code=0x7ffc0000
[  311.494438][T14356] netlink: 'syz.4.1705': attribute type 4 has an invalid length.
[  311.538118][T14356] netlink: 'syz.4.1705': attribute type 4 has an invalid length.
[  311.577952][T13284] f81534 1-1:0.12: f81534_get_register: reg: 1003 failed: -71
[  311.591629][T13284] f81534 1-1:0.12: f81534_find_config_idx: read failed: -71
[  311.611898][T13284] f81534 1-1:0.12: f81534_calc_num_ports: find idx failed: -71
[  311.627279][T13284] f81534 1-1:0.12: probe with driver f81534 failed with error -71
[  311.660383][T13284] usb 1-1: USB disconnect, device number 19
[  311.711735][ T5896] usb 6-1: new full-speed USB device number 15 using dummy_hcd
[  311.822019][T14363] team0: left promiscuous mode
[  311.865248][ T5896] usb 6-1: config 0 has an invalid interface number: 55 but max is 0
[  311.879330][ T5896] usb 6-1: config 0 has no interface number 0
[  311.891131][ T5896] usb 6-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  311.908468][ T5896] usb 6-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  311.923413][ T5896] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  311.937564][ T5896] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 64
[  311.961421][ T5896] usb 6-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  311.995917][ T5896] usb 6-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  312.021270][ T5896] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  312.050515][ T5896] usb 6-1: config 0 descriptor??
[  312.062818][T14358] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  312.080491][ T5896] ldusb 6-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  312.356565][ T5896] usb 6-1: USB disconnect, device number 15
[  312.362578][    C0] ldusb 6-1:0.55: usb_submit_urb failed (-19)
[  312.382511][ T5896] ldusb 6-1:0.55: LD USB Device #0 now disconnected
[  312.487852][T14363] veth4: left promiscuous mode
[  312.524727][T14363] veth4: left allmulticast mode
[  312.578585][T14363] vlan2: left allmulticast mode
[  312.647955][T14363] veth0_to_bond: left allmulticast mode
[  312.724480][T14363] veth0: left allmulticast mode
[  312.742246][T14363] macvlan2: left promiscuous mode
[  312.750037][T14363] macvlan2: left allmulticast mode
[  312.765386][T14385] netlink: 'syz.0.1715': attribute type 12 has an invalid length.
[  312.828344][ T1137] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  312.843833][ T1137] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  312.854233][ T1137] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  312.864349][ T1137] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  313.611401][T13284] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  313.891639][T13284] usb 1-1: Using ep0 maxpacket: 8
[  313.926298][T13284] usb 1-1: config 0 has no interfaces?
[  313.947682][T13284] usb 1-1: New USB device found, idVendor=05c6, idProduct=9212, bcdDevice=47.83
[  313.981657][T13284] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  314.021472][T13284] usb 1-1: Product: syz
[  314.057610][T13284] usb 1-1: Manufacturer: syz
[  314.081411][T13284] usb 1-1: SerialNumber: syz
[  314.116942][T13284] usb 1-1: config 0 descriptor??
[  314.362281][T14400] kvm: kvm [14399]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc2) = 0x9d00
[  314.444607][T14400] kvm: kvm [14399]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc1) = 0x9d00
[  314.511782][T13284] usb 1-1: USB disconnect, device number 20
[  315.783411][T14429] sch_tbf: burst 1821 is lower than device lo mtu (11337746) !
[  315.972991][T14429] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1728'.
[  316.471506][T14439] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  316.601947][T14442] binder_alloc: 14441: binder_alloc_buf size 20480 failed, no address space
[  316.641979][T14442] binder_alloc: allocated: 4096 (num: 1 largest: 4096), free: 8192 (num: 1 largest: 8192)
[  316.673795][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[  316.685733][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[  317.243444][T14458] tipc: Started in network mode
[  317.258495][T14458] tipc: Node identity ce45b4237f59, cluster identity 4711
[  317.274925][T14458] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  317.408182][T14465] syzkaller0: entered promiscuous mode
[  317.413917][T14465] syzkaller0: entered allmulticast mode
[  317.419820][T14465] tipc: Resetting bearer <eth:syzkaller0>
[  317.562201][T14457] tipc: Resetting bearer <eth:syzkaller0>
[  317.596544][T14468] kvm: requested 72914 ns i8254 timer period limited to 200000 ns
[  317.691815][T14468] kvm: requested 199466 ns i8254 timer period limited to 200000 ns
[  317.721647][T14468] kvm: requested 72914 ns i8254 timer period limited to 200000 ns
[  317.735729][T14468] kvm: requested 44419 ns i8254 timer period limited to 200000 ns
[  317.768677][T14468] kvm: requested 197790 ns i8254 timer period limited to 200000 ns
[  317.959134][T14468] kvm: requested 186057 ns i8254 timer period limited to 200000 ns
[  317.971633][T14468] kvm: requested 173485 ns i8254 timer period limited to 200000 ns
[  318.000922][T14468] kvm: requested 13409 ns i8254 timer period limited to 200000 ns
[  318.035186][T14468] kvm: requested 5028 ns i8254 timer period limited to 200000 ns
[  318.061929][T14468] kvm: requested 129066 ns i8254 timer period limited to 200000 ns
[  323.323304][T14457] tipc: Disabling bearer <eth:syzkaller0>
[  323.330976][T13284] tipc: Node number set to 2971448355
[  323.343757][T14525] bridge_slave_0: left allmulticast mode
[  323.349436][T14525] bridge_slave_0: left promiscuous mode
[  323.355762][T14525] bridge0: port 1(bridge_slave_0) entered disabled state
[  323.393060][T14525] bridge_slave_1: left allmulticast mode
[  323.407528][T14525] bridge_slave_1: left promiscuous mode
[  323.413241][   T30] kauditd_printk_skb: 58 callbacks suppressed
[  323.413252][   T30] audit: type=1804 audit(1765038873.699:808): pid=14584 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.6.1766" name="file0" dev="ramfs" ino=35209 res=1 errno=0
[  323.448830][T14525] bridge0: port 2(bridge_slave_1) entered disabled state
[  323.482500][T14525] bond0: (slave bond_slave_0): Releasing backup interface
[  323.516021][T14525] bond0: (slave bond_slave_1): Releasing backup interface
[  323.528071][T14525] team0: Port device team_slave_0 removed
[  323.535449][T14525] team0: Port device team_slave_1 removed
[  323.546886][T14525] batman_adv: batadv0: Removing interface: batadv_slave_0
[  323.560916][T14525] batman_adv: batadv0: Removing interface: batadv_slave_1
[  323.578805][T14525] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  325.309217][T14615] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4)
[  325.315730][T14615] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  325.335468][T14615] vhci_hcd vhci_hcd.0: Device attached
[  325.555742][T14616] vhci_hcd: connection closed
[  325.558571][ T3728] vhci_hcd: stop threads
[  325.580176][ T3728] vhci_hcd: release socket
[  325.581407][T13284] usb 33-1: new low-speed USB device number 2 using vhci_hcd
[  325.602890][ T3728] vhci_hcd: disconnect device
[  326.653694][   T30] audit: type=1400 audit(1765038876.949:809): avc:  denied  { listen } for  pid=14640 comm="syz.2.1784" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  326.683926][T14641] Set syz0 is full, maxelem 0 reached
[  326.735016][   T30] audit: type=1400 audit(1765038876.979:810): avc:  denied  { ioctl } for  pid=14640 comm="syz.2.1784" path="socket:[36508]" dev="sockfs" ino=36508 ioctlcmd=0x89eb scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  326.821663][ T5819] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  326.971468][ T5819] usb 1-1: device descriptor read/64, error -71
[  329.382885][   T10] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  329.807353][   T30] audit: type=1400 audit(1765038880.099:811): avc:  denied  { lock } for  pid=14671 comm="syz.6.1795" path="socket:[36644]" dev="sockfs" ino=36644 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1
[  329.885596][   T10] usb 1-1: Using ep0 maxpacket: 16
[  329.896362][   T10] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  329.906268][   T10] usb 1-1: config 1 has no interface number 1
[  329.913913][   T10] usb 1-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  329.925252][   T10] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0
[  329.938668][   T10] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  329.953316][   T10] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  329.997734][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  330.006133][   T10] usb 1-1: Product: syz
[  330.010373][   T10] usb 1-1: Manufacturer: syz
[  330.015319][   T10] usb 1-1: SerialNumber: syz
[  330.066673][T14693] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1799'.
[  330.138623][T14693] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=14693 comm=syz.4.1799
[  330.474381][   T10] usb 1-1: 2:1 : format type 0 is detected, processed as PCM
[  330.788098][T13284] vhci_hcd: vhci_device speed not set
[  330.910830][   T30] audit: type=1400 audit(1765038881.199:812): avc:  denied  { ioctl } for  pid=14715 comm="syz.4.1807" path="socket:[35398]" dev="sockfs" ino=35398 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  331.281089][   T10] usb 1-1: 2:1: cannot get freq at ep 0x82
[  331.317478][   T10] usb 1-1: USB disconnect, device number 23
[  331.340321][T14732] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  331.399056][T14733] udevd[14733]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  331.828876][T14745] netlink: 'syz.0.1816': attribute type 1 has an invalid length.
[  331.849662][T14745] 8021q: adding VLAN 0 to HW filter on device bond3
[  331.883332][T14745] veth5: entered promiscuous mode
[  331.893311][T14745] bond3: (slave veth5): Enslaving as an active interface with a down link
[  331.920263][T14745] bond3: entered allmulticast mode
[  331.929602][   T30] audit: type=1400 audit(1765038882.229:813): avc:  denied  { write } for  pid=14742 comm="syz.4.1815" path="socket:[35467]" dev="sockfs" ino=35467 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  331.931628][T13284] usb 6-1: new full-speed USB device number 16 using dummy_hcd
[  332.058147][T14750] overlayfs: failed to clone upperpath
[  332.123130][T13284] usb 6-1: config 17 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  332.148290][T13284] usb 6-1: config 17 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  332.197285][T13284] usb 6-1: config 17 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 64
[  332.249581][T13284] usb 6-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  332.281212][T13284] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  332.334191][T14737] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  332.789834][T13284] aiptek 6-1:17.0: Aiptek using 400 ms programming speed
[  332.829742][T13284] input: Aiptek as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:17.0/input/input20
[  332.969138][T13284] usb 6-1: USB disconnect, device number 16
[  332.975279][    C1] aiptek 6-1:17.0: aiptek_irq - usb_submit_urb failed with result -19
[  332.996058][   T30] audit: type=1400 audit(1765038883.289:814): avc:  denied  { ioctl } for  pid=14764 comm="syz.6.1822" path="socket:[35507]" dev="sockfs" ino=35507 ioctlcmd=0x8914 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  333.214557][T14765] netlink: 'syz.6.1822': attribute type 10 has an invalid length.
[  334.407473][ T5817] Bluetooth: hci0: Malformed MSFT vendor event: 0x02
[  334.517124][   T30] audit: type=1400 audit(1765038884.799:815): avc:  denied  { write } for  pid=14781 comm="syz.0.1829" name="ptp0" dev="devtmpfs" ino=1265 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  334.779589][T14791] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1831'.
[  336.389471][   T30] audit: type=1400 audit(1765038886.679:816): avc:  denied  { ioctl } for  pid=14824 comm="syz.5.1842" path="socket:[35611]" dev="sockfs" ino=35611 ioctlcmd=0x89e2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  336.973262][T14838] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14838 comm=syz.5.1846
[  337.732448][T14850] netlink: 'syz.6.1851': attribute type 12 has an invalid length.
[  337.810095][T14850] netlink: 'syz.6.1851': attribute type 29 has an invalid length.
[  337.872755][T14850] netlink: 148 bytes leftover after parsing attributes in process `syz.6.1851'.
[  337.927237][T14850] netlink: 'syz.6.1851': attribute type 1 has an invalid length.
[  337.989131][T14850] netlink: 'syz.6.1851': attribute type 2 has an invalid length.
[  338.051690][T14850] netlink: 31 bytes leftover after parsing attributes in process `syz.6.1851'.
[  341.601399][ T5819] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  342.138779][ T5819] usb 3-1: Using ep0 maxpacket: 8
[  342.195253][ T5819] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  342.310243][ T5819] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  342.419314][ T5819] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  342.459402][ T5819] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  342.551208][ T5819] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  342.561032][T14925] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1872'.
[  342.601665][ T5819] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  342.861710][ T5819] usb 3-1: usb_control_msg returned -32
[  342.896860][ T5819] usbtmc 3-1:16.0: can't read capabilities
[  343.121682][ T5924] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[  343.331507][ T5924] usb 6-1: Using ep0 maxpacket: 16
[  343.350651][ T5924] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  343.426299][ T5924] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  343.459403][ T5924] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  343.501822][ T5924] usb 6-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  343.564107][ T5924] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  344.672434][ T5924] usb 6-1: config 0 descriptor??
[  344.772365][ T5819] usb 3-1: USB disconnect, device number 18
[  345.193715][ T5924] input: HID 0955:7214 Haptics as /devices/virtual/input/input21
[  345.264676][ T5924] shield 0003:0955:7214.0013: Registered Thunderstrike controller
[  345.291129][ T5924] shield 0003:0955:7214.0013: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.5-1/input0
[  345.326014][T14932] random: crng reseeded on system resumption
[  345.344437][   T30] audit: type=1804 audit(1765038895.639:817): pid=14951 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.2.1881" name="/newroot/354/file0" dev="fuse" ino=1 res=1 errno=0
[  345.568379][ T5822] shield 0003:0955:7214.0013: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[  345.593552][ T5819] usb 6-1: USB disconnect, device number 17
[  345.596816][ T5822] shield 0003:0955:7214.0013: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[  345.629743][ T5822] shield 0003:0955:7214.0013: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  345.658324][ T5822] shield 0003:0955:7214.0013: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  346.569581][T14978] usb usb8: usbfs: process 14978 (syz.5.1889) did not claim interface 0 before use
[  347.033928][T14988] syz_tun: entered allmulticast mode
[  347.054201][T14988] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1892'.
[  347.077989][T14988] syz_tun (unregistering): left allmulticast mode
[  347.194242][   T30] audit: type=1400 audit(1765038897.469:818): avc:  denied  { setopt } for  pid=14991 comm="syz.4.1894" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  347.404735][T14994] netlink: 'syz.4.1895': attribute type 20 has an invalid length.
[  347.924219][T15012] overlayfs: failed to clone upperpath
[  354.381818][ T5896] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[  355.618121][ T5896] usb 1-1: too many configurations: 88, using maximum allowed: 8
[  355.645679][ T5896] usb 1-1: config index 0 descriptor too short (expected 107, got 45)
[  355.684939][ T5896] usb 1-1: config index 1 descriptor too short (expected 107, got 45)
[  355.712947][ T5896] usb 1-1: config index 2 descriptor too short (expected 107, got 45)
[  355.752054][ T5896] usb 1-1: config index 3 descriptor too short (expected 107, got 45)
[  355.787078][ T5896] usb 1-1: config index 4 descriptor too short (expected 107, got 45)
[  355.807470][ T5896] usb 1-1: config index 5 descriptor too short (expected 107, got 45)
[  355.927171][ T5896] usb 1-1: config index 6 descriptor too short (expected 107, got 45)
[  355.963461][ T5896] usb 1-1: config index 7 descriptor too short (expected 107, got 45)
[  356.100226][ T5896] usb 1-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  356.132147][ T5896] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  357.001862][ T5896] usb 1-1: Product: syz
[  357.024766][ T5896] usb 1-1: Manufacturer: syz
[  357.045068][ T5896] usb 1-1: SerialNumber: syz
[  357.134590][ T5896] usb 1-1: can't set config #1, error -71
[  357.162836][ T5896] usb 1-1: USB disconnect, device number 24
[  361.031186][T15210] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  361.103144][T15222] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1963'.
[  361.585782][T15230] netlink: zone id is out of range
[  361.877612][T15230] netlink: set zone limit has 4 unknown bytes
[  363.901454][ T5925] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[  364.091574][ T5925] usb 6-1: Using ep0 maxpacket: 8
[  364.113362][ T5925] usb 6-1: config 0 has an invalid interface number: 31 but max is 0
[  364.138340][ T5925] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  364.179471][ T5925] usb 6-1: config 0 has no interface number 0
[  364.193651][ T5925] usb 6-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[  364.224500][ T5925] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  364.245315][ T5925] usb 6-1: Product: syz
[  364.249500][ T5925] usb 6-1: Manufacturer: syz
[  364.275592][ T5925] usb 6-1: SerialNumber: syz
[  364.295889][ T5925] usb 6-1: config 0 descriptor??
[  364.313727][ T5925] uvcvideo 6-1:0.31: Found UVC 0.04 device syz (046d:08c3)
[  364.353512][ T5925] uvcvideo 6-1:0.31: No valid video chain found.
[  364.549576][T15263] xt_hashlimit: size too large, truncated to 1048576
[  364.792395][T13284] usb 6-1: USB disconnect, device number 18
[  364.975769][T15301] sch_tbf: burst 4398 is lower than device lo mtu (11337746) !
[  365.104665][   T30] audit: type=1400 audit(1765038915.399:819): avc:  denied  { setopt } for  pid=15306 comm="syz.4.1993" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  365.400142][T15315] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  366.491435][T13284] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  366.652932][   T30] audit: type=1400 audit(1765038916.949:820): avc:  denied  { checkpoint_restore } for  pid=15343 comm="syz.4.2007" capability=40  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  366.691616][T13284] usb 3-1: Using ep0 maxpacket: 32
[  366.700186][T13284] usb 3-1: config 0 has an invalid interface number: 188 but max is 0
[  366.718865][T13284] usb 3-1: config 0 has no interface number 0
[  366.725702][T13284] usb 3-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[  366.758525][T13284] usb 3-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36
[  366.782701][T13284] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  366.800914][T13284] usb 3-1: Product: syz
[  366.811052][T13284] usb 3-1: Manufacturer: syz
[  366.815821][T13284] usb 3-1: SerialNumber: syz
[  366.832617][T13284] usb 3-1: config 0 descriptor??
[  366.834889][T15356] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  366.849730][T15333] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  367.081005][T15333] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  367.707395][T15365] smc: net device bond0 applied user defined pnetid SYZ2
[  367.718814][T15365] netlink: 14 bytes leftover after parsing attributes in process `syz.6.2013'.
[  369.429700][T15392] netlink: 'syz.6.2022': attribute type 4 has an invalid length.
[  369.594278][T13284] asix 3-1:0.188 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  369.616290][T13284] asix 3-1:0.188 (unnamed net_device) (uninitialized): Failed to write Medium Mode mode to 0x0306: ffffffb9
[  369.628641][T13284] asix 3-1:0.188: probe with driver asix failed with error -71
[  369.648031][T13284] usb 3-1: USB disconnect, device number 19
[  369.660772][   T30] audit: type=1400 audit(1765038919.959:821): avc:  denied  { write } for  pid=15398 comm="syz.5.2025" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  369.660813][   T30] audit: type=1400 audit(1765038919.959:822): avc:  denied  { ioctl } for  pid=15398 comm="syz.5.2025" path="/dev/fb0" dev="devtmpfs" ino=629 ioctlcmd=0x4601 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  369.928951][   T30] audit: type=1326 audit(1765038920.209:823): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15405 comm="syz.5.2026" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd85918f749 code=0x0
[  370.401844][T15411] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  370.421995][T15411] cramfs: wrong magic
[  370.879002][T15414] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  371.104575][T15424] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2032'.
[  371.259853][T15430] bond3: (slave ip6gretap1): Enslaving as an active interface with an up link
[  371.289250][T15424] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2032'.
[  371.398853][T15424] bond3 (unregistering): (slave ip6gretap1): Releasing backup interface
[  371.474876][T15424] bond3 (unregistering): Released all slaves
[  373.927526][   T30] audit: type=1400 audit(1765038924.219:824): avc:  denied  { lock } for  pid=15462 comm="syz.6.2042" path="socket:[40073]" dev="sockfs" ino=40073 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  375.605518][T15482] trusted_key: encrypted_key: insufficient parameters specified
[  377.668833][T15500] overlayfs: failed to clone upperpath
[  377.731903][T15441] syz.0.2036 (15441): drop_caches: 1
[  378.031751][T15518] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2060'.
[  378.106204][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[  378.112687][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[  379.746986][T15552] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2065'.
[  379.876747][T15556] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=15556 comm=syz.4.2065
[  381.336832][T15576] binder: 15574:15576 unknown command 0
[  381.349643][T15576] binder: 15574:15576 ioctl c0306201 200000000080 returned -22
[  381.428429][   T30] audit: type=1400 audit(1765038931.719:825): avc:  denied  { shutdown } for  pid=15575 comm="syz.2.2074" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  381.494698][   T30] audit: type=1400 audit(1765038931.719:826): avc:  denied  { read } for  pid=15575 comm="syz.2.2074" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  381.634639][T15585] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2076'.
[  381.668860][T15585] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2076'.
[  381.913057][   T30] audit: type=1400 audit(1765038932.209:827): avc:  denied  { read } for  pid=15588 comm="syz.5.2077" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  382.420406][T15601] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5)
[  382.426957][T15601] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  382.435648][T15601] vhci_hcd vhci_hcd.0: Device attached
[  382.586226][T15603] vhci_hcd: connection closed
[  382.586451][T14501] vhci_hcd: stop threads
[  382.614665][T14501] vhci_hcd: release socket
[  382.629434][T14501] vhci_hcd: disconnect device
[  382.681467][ T5924] usb 37-1: new high-speed USB device number 2 using vhci_hcd
[  382.705759][ T5924] usb 37-1: enqueue for inactive port 0
[  382.794755][ T5924] vhci_hcd: vhci_device speed not set
[  383.099402][T13284] libceph: connect (1)[c::]:6789 error -101
[  383.122213][T13284] libceph: mon0 (1)[c::]:6789 connect error
[  383.233602][T15616] ceph: No mds server is up or the cluster is laggy
[  385.457677][T15653] overlayfs: failed to clone upperpath
[  386.317298][T15678] netlink: 'syz.0.2105': attribute type 6 has an invalid length.
[  389.802150][T15729] netlink: 'syz.6.2119': attribute type 3 has an invalid length.
[  390.629067][   T30] audit: type=1400 audit(1765038940.919:828): avc:  denied  { map } for  pid=15740 comm="syz.5.2124" path="/dev/ttyS3" dev="devtmpfs" ino=619 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tty_device_t tclass=chr_file permissive=1
[  391.181497][T13289] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[  391.561459][T13289] usb 1-1: Using ep0 maxpacket: 16
[  391.815182][T13289] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  391.839701][T13289] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  391.864791][T13289] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  391.894429][T13289] usb 1-1: Product: syz
[  391.905132][T13289] usb 1-1: Manufacturer: syz
[  391.924548][T13289] usb 1-1: SerialNumber: syz
[  391.940993][T13289] usb 1-1: config 0 descriptor??
[  391.967185][T13289] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  391.994183][T13289] em28xx 1-1:0.0: DVB interface 0 found: bulk
[  392.633673][T13289] em28xx 1-1:0.0: chip ID is em2765
[  392.817981][   T30] audit: type=1400 audit(1765038943.109:829): avc:  denied  { connect } for  pid=15761 comm="syz.4.2130" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  392.888561][T15774] xt_hashlimit: max too large, truncated to 1048576
[  392.901939][T15774] No such timeout policy "syz1"
[  393.802953][T13289] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  393.838100][T13289] em28xx 1-1:0.0: board has no eeprom
[  394.905831][T15745] em28xx 1-1:0.0: writing to i2c device at 0xfffe failed (error=-5)
[  394.981423][T13289] em28xx 1-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  395.040220][T13289] em28xx 1-1:0.0: dvb set to bulk mode.
[  395.081976][ T5819] em28xx 1-1:0.0: Binding DVB extension
[  395.118420][T13289] usb 1-1: USB disconnect, device number 25
[  395.169248][T13289] em28xx 1-1:0.0: Disconnecting em28xx
[  395.379557][ T5819] em28xx 1-1:0.0: Registering input extension
[  395.413907][T13289] em28xx 1-1:0.0: Closing input extension
[  395.580850][T13289] em28xx 1-1:0.0: Freeing device
[  396.694218][   T30] audit: type=1400 audit(1765038946.979:830): avc:  denied  { getopt } for  pid=15817 comm="syz.5.2147" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  397.657294][T15836] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2152'.
[  397.812622][T15841] bond3: (slave ip6gretap2): Enslaving as an active interface with an up link
[  397.833091][T15836] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2152'.
[  397.866893][T15836] bond3 (unregistering): (slave ip6gretap2): Releasing backup interface
[  397.894047][   T30] audit: type=1400 audit(1765038948.189:831): avc:  denied  { read } for  pid=15842 comm="syz.2.2154" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  398.367216][T15836] bond3 (unregistering): Released all slaves
[  399.591478][T13284] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  399.653336][T15876] netlink: 'syz.0.2165': attribute type 10 has an invalid length.
[  399.690764][T15876] team0: Port device dummy0 added
[  399.709680][T15877] netlink: 'syz.0.2165': attribute type 10 has an invalid length.
[  399.746132][T15877] team0: Port device dummy0 removed
[  399.769961][T15877] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  399.771412][T13284] usb 3-1: Using ep0 maxpacket: 16
[  399.805063][T15876] openvswitch: netlink: Key type 4127 is out of range max 32
[  399.828700][T13284] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  399.866140][T13284] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  399.897450][T13284] usb 3-1: New USB device found, idVendor=04d8, idProduct=f002, bcdDevice= 0.00
[  399.922515][T13284] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  399.958429][T13284] usb 3-1: config 0 descriptor??
[  399.990395][T13284] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[  400.505174][T13284] usb 3-1: USB disconnect, device number 20
[  404.789185][T15923] netlink: 'syz.5.2177': attribute type 1 has an invalid length.
[  404.854413][T15923] 8021q: adding VLAN 0 to HW filter on device bond3
[  404.910255][T15925] 8021q: adding VLAN 0 to HW filter on device bond3
[  404.927957][T15925] bond3: (slave vxcan1): The slave device specified does not support setting the MAC address
[  405.003940][T15925] bond3: (slave vxcan1): Error -95 calling set_mac_address
[  405.080153][T15923] ip6erspan0: entered promiscuous mode
[  405.088398][T15923] bond3: (slave ip6erspan0): making interface the new active one
[  405.098311][T15923] bond3: (slave ip6erspan0): Enslaving as an active interface with an up link
[  406.545605][   T30] audit: type=1400 audit(1765038956.839:832): avc:  denied  { write } for  pid=15937 comm="syz.6.2182" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1
[  406.873952][T15955] binder: 15952:15955 ioctl 40044591 0 returned -22
[  407.377747][T15959] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2186'.
[  410.549381][T15999] kvm: Disabled LAPIC found during irq injection
[  411.314917][T16022] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2203'.
[  413.879223][T16048] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2214'.
[  413.997551][T16058] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2219'.
[  414.222448][   T30] audit: type=1400 audit(1765038964.479:833): avc:  denied  { getopt } for  pid=16055 comm="syz.5.2218" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  415.661376][   T30] audit: type=1326 audit(1765038965.939:834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16088 comm="syz.6.2228" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd2e078f749 code=0x7fc00000
[  416.293487][   T30] audit: type=1326 audit(1765038966.559:835): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16088 comm="syz.6.2228" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fd2e078f749 code=0x7fc00000
[  418.493006][   T30] audit: type=1400 audit(1765038968.779:836): avc:  denied  { override_creds } for  pid=16140 comm="syz.2.2244" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  419.322233][T16160] netlink: 'syz.4.2247': attribute type 39 has an invalid length.
[  420.895163][T16184] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2252'.
[  424.015703][T16192] Set syz1 is full, maxelem 65536 reached
[  425.550973][T16239] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2268'.
[  425.594010][T16239] 8021q: adding VLAN 0 to HW filter on device bond4
[  425.715937][T16239] bond4: (slave veth7): Enslaving as a backup interface with a down link
[  425.746166][T16244] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2268'.
[  425.817196][T16251] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  426.213550][T16258] Invalid source name
[  426.217639][T16258] UBIFS error (pid: 16258): cannot open "./file0", error -22
[  426.741908][   T30] audit: type=1400 audit(1765038977.039:837): avc:  denied  { getopt } for  pid=16261 comm="syz.0.2275" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  427.137228][   T30] audit: type=1400 audit(1765038977.419:838): avc:  denied  { accept } for  pid=16269 comm="syz.0.2278" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  428.366587][T16292] netlink: 'syz.6.2282': attribute type 12 has an invalid length.
[  429.711127][   T30] audit: type=1400 audit(1765038979.999:839): avc:  denied  { name_bind } for  pid=16295 comm="syz.2.2285" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1
[  431.381488][   T30] audit: type=1400 audit(1765038981.659:840): avc:  denied  { bind } for  pid=16327 comm="syz.6.2296" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  431.437930][   T30] audit: type=1400 audit(1765038981.659:841): avc:  denied  { name_bind } for  pid=16327 comm="syz.6.2296" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=icmp_socket permissive=1
[  431.618796][   T30] audit: type=1400 audit(1765038981.659:842): avc:  denied  { node_bind } for  pid=16327 comm="syz.6.2296" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=icmp_socket permissive=1
[  431.641972][   T30] audit: type=1326 audit(1765038981.659:843): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16327 comm="syz.6.2296" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd2e078f749 code=0x0
[  433.120032][T16357] F2FS-fs (loop5): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  433.128281][T16357] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  433.137339][T16357] F2FS-fs (loop5): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  433.145249][T16357] F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock
[  433.214455][ T5817] Bluetooth: hci3: adv larger than maximum supported
[  433.214529][ T5817] Bluetooth: hci3: Unknown advertising packet type: 0x7f
[  433.221804][ T5817] Bluetooth: hci3: Malformed LE Event: 0x0d
[  434.476627][T16372] team0: Mode changed to "loadbalance"
[  434.534402][   T30] audit: type=1400 audit(1765038984.819:844): avc:  denied  { create } for  pid=16383 comm="syz.2.2308" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1
[  434.555576][T16384] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2308'.
[  434.689513][   T30] audit: type=1400 audit(1765038984.859:845): avc:  denied  { write } for  pid=16383 comm="syz.2.2308" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1
[  435.469486][   T30] audit: type=1400 audit(1765038985.759:846): avc:  denied  { mount } for  pid=16399 comm="syz.5.2313" name="/" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[  435.571851][   T30] audit: type=1400 audit(1765038985.799:847): avc:  denied  { mounton } for  pid=16399 comm="syz.5.2313" path="/367/file0/bus" dev="devtmpfs" ino=718 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=dir permissive=1
[  435.652372][   T30] audit: type=1400 audit(1765038985.809:848): avc:  denied  { unlink } for  pid=16399 comm="syz.5.2313" name="#31" dev="devtmpfs" ino=3292 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=chr_file permissive=1
[  435.696273][   T30] audit: type=1400 audit(1765038985.839:849): avc:  denied  { unmount } for  pid=6529 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[  435.718886][   T30] audit: type=1400 audit(1765038985.859:850): avc:  denied  { unlink } for  pid=6529 comm="syz-executor" name="tap63" dev="devtmpfs" ino=2870 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  437.337834][   T30] audit: type=1400 audit(1765038987.629:851): avc:  denied  { name_bind } for  pid=16415 comm="syz.0.2318" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  437.758979][T13004] syz_tun (unregistering): left allmulticast mode
[  439.228236][ T3728] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  439.731844][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[  439.742611][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[  440.952851][ T3728] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  441.057952][ T3728] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  441.518741][ T3728] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  441.590266][ T5827] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  441.602293][ T5827] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  441.612969][ T5827] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  441.621061][ T5827] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  441.629571][ T5827] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  441.955369][ T3728] bridge_slave_1: left allmulticast mode
[  441.992645][ T3728] bridge_slave_1: left promiscuous mode
[  441.998363][ T3728] bridge0: port 2(bridge_slave_1) entered disabled state
[  442.102808][ T3728] bridge_slave_0: left allmulticast mode
[  442.108481][ T3728] bridge_slave_0: left promiscuous mode
[  442.140736][ T3728] bridge0: port 1(bridge_slave_0) entered disabled state
[  442.928230][ T3728] bond3 (unregistering): (slave ip6erspan0): Releasing active interface
[  443.719839][ T5817] Bluetooth: hci4: command tx timeout
[  443.812771][ T3728] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  443.933977][ T3728] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  444.083059][ T3728] bond0 (unregistering): Released all slaves
[  444.484371][ T3728] bond1 (unregistering): (slave bond2): Releasing backup interface
[  444.598278][ T3728] bond1 (unregistering): Released all slaves
[  445.781409][ T5817] Bluetooth: hci4: command tx timeout
[  445.882378][ T3728] bond2 (unregistering): Released all slaves
[  446.861148][   T30] audit: type=1400 audit(1765038997.149:852): avc:  denied  { read } for  pid=16524 comm="syz.2.2348" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  446.862367][ T3728] bond3 (unregistering): Released all slaves
[  447.414894][T16489] lo speed is unknown, defaulting to 1000
[  447.418800][T16465] chnl_net:caif_netlink_parms(): no params data found
[  447.660552][T16489] lo speed is unknown, defaulting to 1000
[  447.661630][ T3728] tipc: Left network mode
[  447.732913][T16489] lo speed is unknown, defaulting to 1000
[  447.863407][ T5817] Bluetooth: hci4: command tx timeout
[  448.393946][T16551] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2352'.
[  448.521063][T16465] bridge0: port 1(bridge_slave_0) entered blocking state
[  448.564037][T16465] bridge0: port 1(bridge_slave_0) entered disabled state
[  448.615623][T16465] bridge_slave_0: entered allmulticast mode
[  448.651250][T16465] bridge_slave_0: entered promiscuous mode
[  448.667680][T16489] infiniband syz1: set down
[  448.704387][T16489] infiniband syz1: added lo
[  448.811653][ T5924] lo speed is unknown, defaulting to 1000
[  448.841189][T16465] bridge0: port 2(bridge_slave_1) entered blocking state
[  448.925185][T16489] RDS/IB: syz1: added
[  448.965610][T16489] smc: adding ib device syz1 with port count 1
[  448.996561][T16489] smc:    ib device syz1 port 1 has no pnetid
[  449.022633][T16465] bridge0: port 2(bridge_slave_1) entered disabled state
[  449.118490][T16465] bridge_slave_1: entered allmulticast mode
[  449.203097][T16465] bridge_slave_1: entered promiscuous mode
[  449.265508][   T30] audit: type=1400 audit(1765038999.529:853): avc:  denied  { accept } for  pid=16569 comm="syz.0.2358" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  449.886438][ T5924] lo speed is unknown, defaulting to 1000
[  449.949531][ T5817] Bluetooth: hci4: command tx timeout
[  449.984956][T16489] lo speed is unknown, defaulting to 1000
[  450.662662][T16465] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  450.989174][T16465] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  451.032794][T16489] lo speed is unknown, defaulting to 1000
[  451.286982][T16465] team0: Port device team_slave_0 added
[  451.330171][T16465] team0: Port device team_slave_1 added
[  451.475613][T16465] batman_adv: batadv0: Adding interface: batadv_slave_0
[  451.510281][T16465] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  451.586260][T16465] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  451.611808][T16465] batman_adv: batadv0: Adding interface: batadv_slave_1
[  451.631628][T16465] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  451.686196][T16465] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  451.697428][T16489] lo speed is unknown, defaulting to 1000
[  452.312632][T16465] hsr_slave_0: entered promiscuous mode
[  452.319187][T16465] hsr_slave_1: entered promiscuous mode
[  452.343667][T16465] debugfs: 'hsr0' already exists in 'hsr'
[  452.349418][T16465] Cannot create hsr debugfs directory
[  452.565805][   T30] audit: type=1804 audit(1765039002.859:854): pid=16616 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.2.2367" name="/newroot/431/bus/file0" dev="overlay" ino=2322 res=1 errno=0
[  452.850405][T16489] lo speed is unknown, defaulting to 1000
[  453.152003][T16625] Invalid source name
[  453.156054][T16625] UBIFS error (pid: 16625): cannot open "./file0", error -22
[  453.606295][T16489] lo speed is unknown, defaulting to 1000
[  453.853259][T16465] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  453.912586][T16465] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  453.954599][T16465] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  453.993815][T16465] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  454.153507][T16489] lo speed is unknown, defaulting to 1000
[  454.165316][ T5819] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  454.256936][T16465] 8021q: adding VLAN 0 to HW filter on device bond0
[  454.309324][T16465] 8021q: adding VLAN 0 to HW filter on device team0
[  454.347004][ T5819] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  454.373088][T14528] bridge0: port 1(bridge_slave_0) entered blocking state
[  454.380296][T14528] bridge0: port 1(bridge_slave_0) entered forwarding state
[  454.401397][ T5819] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  454.501392][ T5819] usb 3-1: New USB device found, idVendor=1d34, idProduct=000a, bcdDevice= 0.00
[  454.510462][ T5819] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  454.542403][T14528] bridge0: port 2(bridge_slave_1) entered blocking state
[  454.549480][T14528] bridge0: port 2(bridge_slave_1) entered forwarding state
[  455.872205][ T5819] usb 3-1: config 0 descriptor??
[  456.259411][   T30] audit: type=1400 audit(1765039006.549:855): avc:  denied  { execute } for  pid=16668 comm="syz.4.2375" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=44617 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[  456.378228][ T3728] hsr_slave_0: left promiscuous mode
[  456.392238][ T3728] hsr_slave_1: left promiscuous mode
[  456.533905][ T3728] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  456.541505][ T3728] batman_adv: batadv0: Removing interface: batadv_slave_0
[  456.565431][ T5819] hid-led 0003:1D34:000A.0014: hidraw0: USB HID v0.00 Device [HID 1d34:000a] on usb-dummy_hcd.2-1/input0
[  456.578393][ T3728] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  456.592851][ T3728] batman_adv: batadv0: Removing interface: batadv_slave_1
[  456.681420][   T30] audit: type=1400 audit(1765039006.949:856): avc:  denied  { bind } for  pid=16672 comm="syz.6.2376" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  457.027171][ T3728] veth1_macvtap: left promiscuous mode
[  457.035443][ T5819] hid-led 0003:1D34:000A.0014: Dream Cheeky Webmail Notifier initialized
[  457.052183][ T5819] usb 3-1: USB disconnect, device number 21
[  457.088413][ T3728] veth0_macvtap: left promiscuous mode
[  457.112874][ T3728] veth1_vlan: left promiscuous mode
[  457.118199][ T3728] veth0_vlan: left promiscuous mode
[  457.517392][T16678] fido_id[16678]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory
[  458.298310][T16701] overlayfs: failed to resolve './file1/file0': -2
[  459.196419][T16714] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  459.911858][T16726] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2386'.
[  461.068081][T16736] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2390'.
[  462.023392][ T3728] team0 (unregistering): Port device team_slave_1 removed
[  462.123196][ T3728] team0 (unregistering): Port device team_slave_0 removed
[  463.126665][T16465] 8021q: adding VLAN 0 to HW filter on device batadv0
[  463.307950][T16772] overlayfs: failed to clone upperpath
[  463.616018][T16465] veth0_vlan: entered promiscuous mode
[  463.664908][T16465] veth1_vlan: entered promiscuous mode
[  464.555095][T16465] veth0_macvtap: entered promiscuous mode
[  464.589639][T16465] veth1_macvtap: entered promiscuous mode
[  464.668676][T16465] batman_adv: batadv0: Interface activated: batadv_slave_0
[  464.752774][T16465] batman_adv: batadv0: Interface activated: batadv_slave_1
[  464.822799][ T1137] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  464.896244][ T1137] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  464.952948][ T1137] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  465.015270][ T1137] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  465.224746][ T5936] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  465.284168][ T5936] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  465.382716][ T3728] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  465.435914][ T3728] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  465.492732][   T30] audit: type=1400 audit(1765039015.779:857): avc:  denied  { mounton } for  pid=16465 comm="syz-executor" path="/root/syzkaller.OG9wQN/syz-tmp" dev="sda1" ino=2051 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[  465.622390][   T30] audit: type=1400 audit(1765039015.779:858): avc:  denied  { mounton } for  pid=16465 comm="syz-executor" path="/root/syzkaller.OG9wQN/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  465.808663][   T30] audit: type=1400 audit(1765039015.849:859): avc:  denied  { mounton } for  pid=16465 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=2784 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  466.687652][T16827] syzkaller0: entered promiscuous mode
[  466.704655][T16827] syzkaller0: entered allmulticast mode
[  466.883364][T16830] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2411'.
[  467.092060][   T30] audit: type=1400 audit(1765039017.379:860): avc:  denied  { set_context_mgr } for  pid=16831 comm="syz.2.2412" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  467.150342][   T30] audit: type=1400 audit(1765039017.399:861): avc:  denied  { call } for  pid=16831 comm="syz.2.2412" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  469.887310][T16856] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2420'.
[  469.909448][T16853] syzkaller0: entered promiscuous mode
[  469.953821][T16853] syzkaller0: entered allmulticast mode
[  471.956994][T13289] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  472.643087][T13289] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  472.656372][T13289] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  472.667680][T13289] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  472.677021][T13289] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  472.695074][T13289] usb 3-1: SerialNumber: syz
[  472.968638][T13289] usb 3-1: 0:2 : does not exist
[  472.982992][T13289] usb 3-1: unit 5: unexpected type 0x0d
[  473.003895][T13289] usb 3-1: USB disconnect, device number 22
[  473.115754][T16851] udevd[16851]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  473.194750][   T30] audit: type=1804 audit(1765039023.489:862): pid=16909 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.6.2437" name="file0" dev="tmpfs" ino=2616 res=1 errno=0
[  473.195341][T16909] ref_ctr going negative. vaddr: 0x200000ffd002, curr val: -2360, delta: 1
[  473.409699][T16909] ref_ctr increment failed for inode: 0xa38 offset: 0x5 ref_ctr_offset: 0x2 of mm: 0xffff8880256e8000
[  473.889363][T16915] ref_ctr going negative. vaddr: 0x200000ffd002, curr val: -2360, delta: -1
[  473.935154][T16915] ref_ctr decrement failed for inode: 0xa38 offset: 0x5 ref_ctr_offset: 0x2 of mm: 0xffff8880256e8000
[  473.953003][T16915] uprobe: syz.6.2437:16915 failed to unregister, leaking uprobe
[  474.195658][T16921] SELinux:  Context system_u:object_r:systemd_logger_exec_t:s0 is not valid (left unmapped).
[  474.217490][   T30] audit: type=1400 audit(1765039024.499:863): avc:  denied  { relabelto } for  pid=16916 comm="syz.0.2440" name="495" dev="tmpfs" ino=2637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:systemd_logger_exec_t:s0"
[  474.581234][   T30] audit: type=1400 audit(1765039024.499:864): avc:  denied  { associate } for  pid=16916 comm="syz.0.2440" name="495" dev="tmpfs" ino=2637 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="system_u:object_r:systemd_logger_exec_t:s0"
[  475.005063][   T30] audit: type=1400 audit(1765039024.509:865): avc:  denied  { mounton } for  pid=16916 comm="syz.0.2440" path="/495" dev="tmpfs" ino=2637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:systemd_logger_exec_t:s0"
[  475.127736][   T30] audit: type=1400 audit(1765039025.289:866): avc:  denied  { remove_name } for  pid=5811 comm="syz-executor" name="binderfs" dev="tmpfs" ino=2641 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:systemd_logger_exec_t:s0"
[  475.318131][   T30] audit: type=1400 audit(1765039025.289:867): avc:  denied  { rmdir } for  pid=5811 comm="syz-executor" name="495" dev="tmpfs" ino=2637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:systemd_logger_exec_t:s0"
[  476.251544][   T30] audit: type=1400 audit(1765039026.499:868): avc:  denied  { ioctl } for  pid=16947 comm="syz.6.2447" path="socket:[45018]" dev="sockfs" ino=45018 ioctlcmd=0x8905 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  476.824638][T16959] kvm: Disabled LAPIC found during irq injection
[  476.946724][T16963] netlink: 'syz.0.2449': attribute type 3 has an invalid length.
[  476.971713][T16963] netlink: 'syz.0.2449': attribute type 3 has an invalid length.
[  478.138562][T16997] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  478.146702][T16997] syzkaller0: entered promiscuous mode
[  478.152552][T16997] syzkaller0: entered allmulticast mode
[  478.228060][T17000] tipc: Resetting bearer <eth:syzkaller0>
[  478.275372][T16995] tipc: Resetting bearer <eth:syzkaller0>
[  478.423148][T17008] netlink: 'syz.7.2460': attribute type 4 has an invalid length.
[  478.456467][T16995] tipc: Disabling bearer <eth:syzkaller0>
[  479.091433][ T5822] usb 3-1: new full-speed USB device number 23 using dummy_hcd
[  480.164746][ T5822] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  480.202429][ T5822] usb 3-1: New USB device found, idVendor=056e, idProduct=00e6, bcdDevice= 0.00
[  480.241639][ T5822] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  480.309994][ T5822] usb 3-1: config 0 descriptor??
[  480.676747][ T5822] usbhid 3-1:0.0: can't add hid device: -71
[  480.707370][ T5822] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  480.735074][ T5822] usb 3-1: USB disconnect, device number 23
[  480.986796][   T30] audit: type=1400 audit(1765039031.279:869): avc:  denied  { sys_module } for  pid=17057 comm="syz.0.2472" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  481.355988][T17068] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2474'.
[  481.679102][T14519] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  481.745544][T14519] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  487.308741][ T5817] Bluetooth: hci2: unexpected event for opcode 0x2028
[  487.356750][T17163] lo speed is unknown, defaulting to 1000
[  487.374725][T17167] 
[  487.377078][T17167] =====================================================
[  487.384006][T17167] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected
[  487.391550][T17167] syzkaller #0 Tainted: G             L     
[  487.397522][T17167] -----------------------------------------------------
[  487.404538][T17167] syz.2.2496/17167 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
[  487.412257][T17167] ffffffff8e00c098 (tasklist_lock){.+.+}-{3:3}, at: send_sigio+0xb8/0x3e0
[  487.420791][T17167] 
[  487.420791][T17167] and this task is already holding:
[  487.428143][T17167] ffff888056d976a0 (&f_owner->lock){....}-{3:3}, at: send_sigio+0x31/0x3e0
[  487.436765][T17167] which would create a new lock dependency:
[  487.442645][T17167]  (&f_owner->lock){....}-{3:3} -> (tasklist_lock){.+.+}-{3:3}
[  487.450203][T17167] 
[  487.450203][T17167] but this new dependency connects a SOFTIRQ-irq-safe lock:
[  487.459625][T17167]  (&dev->event_lock#2){..-.}-{3:3}
[  487.459649][T17167] 
[  487.459649][T17167] ... which became SOFTIRQ-irq-safe at:
[  487.472494][T17167]   lock_acquire+0x179/0x330
[  487.477072][T17167]   _raw_spin_lock_irqsave+0x3a/0x60
[  487.482340][T17167]   input_event+0x74/0xd0
[  487.486665][T17167]   xpad360_process_packet.part.0+0xed/0xce0
[  487.492627][T17167]   xpad_irq_in+0x1414/0x2ac0
[  487.497285][T17167]   __usb_hcd_giveback_urb+0x38b/0x610
[  487.502724][T17167]   usb_hcd_giveback_urb+0x39b/0x450
[  487.507986][T17167]   dummy_timer+0x1809/0x3a00
[  487.512646][T17167]   __hrtimer_run_queues+0x202/0xc40
[  487.517934][T17167]   hrtimer_run_softirq+0x17d/0x350
[  487.523132][T17167]   handle_softirqs+0x219/0x8b0
[  487.527961][T17167]   __irq_exit_rcu+0x109/0x170
[  487.532702][T17167]   irq_exit_rcu+0x9/0x30
[  487.537009][T17167]   sysvec_apic_timer_interrupt+0x57/0xc0
[  487.542714][T17167]   asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  487.548775][T17167] 
[  487.548775][T17167] to a SOFTIRQ-irq-unsafe lock:
[  487.555766][T17167]  (tasklist_lock){.+.+}-{3:3}
[  487.555786][T17167] 
[  487.555786][T17167] ... which became SOFTIRQ-irq-unsafe at:
[  487.568370][T17167] ...
[  487.568375][T17167]   lock_acquire+0x179/0x330
[  487.575509][T17167]   _raw_read_lock+0x5f/0x70
[  487.580077][T17167]   __do_wait+0x105/0x890
[  487.584390][T17167]   do_wait+0x21d/0x570
[  487.588529][T17167]   kernel_wait+0x9f/0x160
[  487.592925][T17167]   call_usermodehelper_exec_work+0xf1/0x170
[  487.598886][T17167]   process_one_work+0x9ba/0x1b20
[  487.603896][T17167]   worker_thread+0x6c8/0xf10
[  487.608731][T17167]   kthread+0x3c5/0x780
[  487.612869][T17167]   ret_from_fork+0x983/0xb10
[  487.617524][T17167]   ret_from_fork_asm+0x1a/0x30
[  487.622359][T17167] 
[  487.622359][T17167] other info that might help us debug this:
[  487.622359][T17167] 
[  487.632560][T17167] Chain exists of:
[  487.632560][T17167]   &dev->event_lock#2 --> &f_owner->lock --> tasklist_lock
[  487.632560][T17167] 
[  487.645575][T17167]  Possible interrupt unsafe locking scenario:
[  487.645575][T17167] 
[  487.653865][T17167]        CPU0                    CPU1
[  487.659203][T17167]        ----                    ----
[  487.664542][T17167]   lock(tasklist_lock);
[  487.668761][T17167]                                local_irq_disable();
[  487.675487][T17167]                                lock(&dev->event_lock#2);
[  487.682662][T17167]                                lock(&f_owner->lock);
[  487.689488][T17167]   <Interrupt>
[  487.692915][T17167]     lock(&dev->event_lock#2);
[  487.697751][T17167] 
[  487.697751][T17167]  *** DEADLOCK ***
[  487.697751][T17167] 
[  487.705865][T17167] 6 locks held by syz.2.2496/17167:
[  487.711034][T17167]  #0: ffff88805527e420 (sb_writers#6){.+.+}-{0:0}, at: vfs_truncate+0x336/0x6d0
[  487.720166][T17167]  #1: ffffffff8e61b370 (file_rwsem){.+.+}-{0:0}, at: vfs_truncate+0x4ce/0x6d0
[  487.729106][T17167]  #2: ffff888076c4f858 (&ctx->flc_lock){+.+.}-{3:3}, at: __break_lease+0x4ef/0x1800
[  487.738570][T17167]  #3: ffffffff8e3c9460 (rcu_read_lock){....}-{1:3}, at: kill_fasync+0x62/0x510
[  487.747594][T17167]  #4: ffff888074ca96a8 (&new->fa_lock){....}-{3:3}, at: kill_fasync+0x138/0x510
[  487.756721][T17167]  #5: ffff888056d976a0 (&f_owner->lock){....}-{3:3}, at: send_sigio+0x31/0x3e0
[  487.765754][T17167] 
[  487.765754][T17167] the dependencies between SOFTIRQ-irq-safe lock and the holding lock:
[  487.776132][T17167]    -> (&dev->event_lock#2){..-.}-{3:3} {
[  487.781932][T17167]       IN-SOFTIRQ-W at:
[  487.786150][T17167]                           lock_acquire+0x179/0x330
[  487.792805][T17167]                           _raw_spin_lock_irqsave+0x3a/0x60
[  487.800155][T17167]                           input_event+0x74/0xd0
[  487.806554][T17167]                           xpad360_process_packet.part.0+0xed/0xce0
[  487.814599][T17167]                           xpad_irq_in+0x1414/0x2ac0
[  487.821339][T17167]                           __usb_hcd_giveback_urb+0x38b/0x610
[  487.828860][T17167]                           usb_hcd_giveback_urb+0x39b/0x450
[  487.836203][T17167]                           dummy_timer+0x1809/0x3a00
[  487.842946][T17167]                           __hrtimer_run_queues+0x202/0xc40
[  487.850309][T17167]                           hrtimer_run_softirq+0x17d/0x350
[  487.857570][T17167]                           handle_softirqs+0x219/0x8b0
[  487.864483][T17167]                           __irq_exit_rcu+0x109/0x170
[  487.871307][T17167]                           irq_exit_rcu+0x9/0x30
[  487.877698][T17167]                           sysvec_apic_timer_interrupt+0x57/0xc0
[  487.885479][T17167]                           asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  487.893610][T17167]       INITIAL USE at:
[  487.897737][T17167]                          lock_acquire+0x179/0x330
[  487.904306][T17167]                          _raw_spin_lock_irqsave+0x3a/0x60
[  487.911565][T17167]                          input_inject_event+0x9f/0x3b0
[  487.918571][T17167]                          led_set_brightness+0x217/0x290
[  487.925659][T17167]                          kbd_led_trigger_activate+0xcb/0x110
[  487.933185][T17167]                          led_trigger_set+0x59a/0xc50
[  487.940013][T17167]                          led_trigger_set_default+0x1e0/0x2e0
[  487.947532][T17167]                          led_classdev_register_ext+0x7b8/0xa10
[  487.955316][T17167]                          input_leds_connect+0x552/0x8e0
[  487.962403][T17167]                          input_attach_handler.isra.0+0x176/0x250
[  487.970284][T17167]                          input_register_device+0xab9/0x1180
[  487.977742][T17167]                          atkbd_connect+0x5f8/0xa40
[  487.984403][T17167]                          serio_driver_probe+0x7f/0xd0
[  487.991322][T17167]                          really_probe+0x241/0xa90
[  487.997891][T17167]                          __driver_probe_device+0x1de/0x440
[  488.005327][T17167]                          driver_probe_device+0x4c/0x1b0
[  488.012419][T17167]                          __driver_attach+0x283/0x580
[  488.019246][T17167]                          bus_for_each_dev+0x13e/0x1d0
[  488.026159][T17167]                          serio_handle_event+0x281/0xb30
[  488.033254][T17167]                          process_one_work+0x9ba/0x1b20
[  488.040261][T17167]                          worker_thread+0x6c8/0xf10
[  488.046919][T17167]                          kthread+0x3c5/0x780
[  488.053062][T17167]                          ret_from_fork+0x983/0xb10
[  488.059726][T17167]                          ret_from_fork_asm+0x1a/0x30
[  488.066563][T17167]     }
[  488.069299][T17167]     ... key      at: [<ffffffff9aed9f00>] __key.7+0x0/0x40
[  488.076656][T17167]   -> (&client->buffer_lock){....}-{3:3} {
[  488.082551][T17167]      INITIAL USE at:
[  488.086595][T17167]                        lock_acquire+0x179/0x330
[  488.092992][T17167]                        _raw_spin_lock+0x2e/0x40
[  488.099403][T17167]                        evdev_pass_values+0x10e/0x9b0
[  488.106236][T17167]                        evdev_events+0x1bb/0x390
[  488.112635][T17167]                        input_pass_values+0x74e/0x880
[  488.119467][T17167]                        input_handle_event+0xf00/0x14d0
[  488.126475][T17167]                        input_inject_event+0x1e8/0x3b0
[  488.133395][T17167]                        evdev_write+0x457/0x750
[  488.139713][T17167]                        vfs_write+0x2a0/0x11d0
[  488.145936][T17167]                        ksys_write+0x1f8/0x250
[  488.152157][T17167]                        do_syscall_64+0xcd/0xf80
[  488.158833][T17167]                        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  488.166616][T17167]    }
[  488.169266][T17167]    ... key      at: [<ffffffff9aeda380>] __key.88+0x0/0x40
[  488.176638][T17167]    ... acquired at:
[  488.180593][T17167]    _raw_spin_lock+0x2e/0x40
[  488.185249][T17167]    evdev_pass_values+0x10e/0x9b0
[  488.190343][T17167]    evdev_events+0x1bb/0x390
[  488.195003][T17167]    input_pass_values+0x74e/0x880
[  488.200100][T17167]    input_handle_event+0xf00/0x14d0
[  488.205370][T17167]    input_inject_event+0x1e8/0x3b0
[  488.210554][T17167]    evdev_write+0x457/0x750
[  488.215125][T17167]    vfs_write+0x2a0/0x11d0
[  488.219607][T17167]    ksys_write+0x1f8/0x250
[  488.224092][T17167]    do_syscall_64+0xcd/0xf80
[  488.228752][T17167]    entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  488.234797][T17167] 
[  488.237099][T17167]  -> (&new->fa_lock){....}-{3:3} {
[  488.242288][T17167]     INITIAL USE at:
[  488.246245][T17167]                      lock_acquire+0x179/0x330
[  488.252474][T17167]                      _raw_write_lock_irq+0x36/0x50
[  488.259132][T17167]                      fasync_remove_entry+0xb2/0x1e0
[  488.265885][T17167]                      fasync_helper+0xaf/0xd0
[  488.272017][T17167]                      lease_modify+0x232/0x500
[  488.278241][T17167]                      locks_remove_file+0x29e/0x5c0
[  488.284899][T17167]                      __fput+0x351/0xb70
[  488.290607][T17167]                      task_work_run+0x150/0x240
[  488.296920][T17167]                      exit_to_user_mode_loop+0xfb/0x540
[  488.303924][T17167]                      do_syscall_64+0x4ee/0xf80
[  488.310232][T17167]                      entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  488.317842][T17167]     INITIAL READ USE at:
[  488.322233][T17167]                           lock_acquire+0x179/0x330
[  488.328889][T17167]                           _raw_read_lock_irqsave+0x74/0x90
[  488.336240][T17167]                           kill_fasync+0x138/0x510
[  488.342806][T17167]                           lease_break_callback+0x23/0x30
[  488.349982][T17167]                           __break_lease+0x6cd/0x1800
[  488.356810][T17167]                           do_dentry_open+0x6e7/0x1590
[  488.363723][T17167]                           vfs_open+0x82/0x3f0
[  488.369945][T17167]                           dentry_open+0x71/0xd0
[  488.376341][T17167]                           do_mq_open+0x471/0x9e0
[  488.382825][T17167]                           __x64_sys_mq_open+0x155/0x1e0
[  488.389918][T17167]                           do_syscall_64+0xcd/0xf80
[  488.396574][T17167]                           entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  488.404628][T17167]   }
[  488.407186][T17167]   ... key      at: [<ffffffff9abf4280>] __key.0+0x0/0x40
[  488.414364][T17167]   ... acquired at:
[  488.418226][T17167]    _raw_read_lock_irqsave+0x74/0x90
[  488.423575][T17167]    kill_fasync+0x138/0x510
[  488.428139][T17167]    evdev_pass_values+0x619/0x9b0
[  488.433238][T17167]    evdev_events+0x1bb/0x390
[  488.437896][T17167]    input_pass_values+0x74e/0x880
[  488.442993][T17167]    input_handle_event+0xf00/0x14d0
[  488.448262][T17167]    input_inject_event+0x1e8/0x3b0
[  488.453441][T17167]    evdev_write+0x457/0x750
[  488.458003][T17167]    vfs_write+0x2a0/0x11d0
[  488.462490][T17167]    ksys_write+0x1f8/0x250
[  488.466975][T17167]    do_syscall_64+0xcd/0xf80
[  488.471631][T17167]    entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  488.477674][T17167] 
[  488.479975][T17167] -> (&f_owner->lock){....}-{3:3} {
[  488.485167][T17167]    INITIAL USE at:
[  488.489037][T17167]                    lock_acquire+0x179/0x330
[  488.495091][T17167]                    _raw_write_lock_irq+0x36/0x50
[  488.501571][T17167]                    __f_setown+0x61/0x3c0
[  488.507353][T17167]                    generic_setlease+0xf0f/0x1330
[  488.513847][T17167]                    kernel_setlease+0x106/0x140
[  488.520157][T17167]                    vfs_setlease+0x1e8/0x280
[  488.526219][T17167]                    do_fcntl_add_lease+0x3c4/0x550
[  488.532794][T17167]                    fcntl_setlease+0xfc/0x180
[  488.538934][T17167]                    do_fcntl+0x153b/0x1660
[  488.544805][T17167]                    __x64_sys_fcntl+0x163/0x200
[  488.551105][T17167]                    do_syscall_64+0xcd/0xf80
[  488.557152][T17167]                    entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  488.564592][T17167]    INITIAL READ USE at:
[  488.568896][T17167]                         lock_acquire+0x179/0x330
[  488.575397][T17167]                         _raw_read_lock_irqsave+0x74/0x90
[  488.582573][T17167]                         send_sigio+0x31/0x3e0
[  488.588792][T17167]                         kill_fasync+0x214/0x510
[  488.595184][T17167]                         lease_break_callback+0x23/0x30
[  488.602188][T17167]                         __break_lease+0x6cd/0x1800
[  488.608851][T17167]                         do_dentry_open+0x6e7/0x1590
[  488.615591][T17167]                         vfs_open+0x82/0x3f0
[  488.621659][T17167]                         dentry_open+0x71/0xd0
[  488.627883][T17167]                         do_mq_open+0x471/0x9e0
[  488.634201][T17167]                         __x64_sys_mq_open+0x155/0x1e0
[  488.641132][T17167]                         do_syscall_64+0xcd/0xf80
[  488.647620][T17167]                         entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  488.655488][T17167]  }
[  488.657963][T17167]  ... key      at: [<ffffffff9abf42c0>] __key.1+0x0/0x40
[  488.665060][T17167]  ... acquired at:
[  488.668844][T17167]    _raw_read_lock_irqsave+0x74/0x90
[  488.674198][T17167]    send_sigio+0x31/0x3e0
[  488.678593][T17167]    kill_fasync+0x214/0x510
[  488.683158][T17167]    lease_break_callback+0x23/0x30
[  488.688343][T17167]    __break_lease+0x6cd/0x1800
[  488.693183][T17167]    do_dentry_open+0x6e7/0x1590
[  488.698110][T17167]    vfs_open+0x82/0x3f0
[  488.702337][T17167]    dentry_open+0x71/0xd0
[  488.707160][T17167]    do_mq_open+0x471/0x9e0
[  488.711650][T17167]    __x64_sys_mq_open+0x155/0x1e0
[  488.716744][T17167]    do_syscall_64+0xcd/0xf80
[  488.721403][T17167]    entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  488.727446][T17167] 
[  488.729746][T17167] 
[  488.729746][T17167] the dependencies between the lock to be acquired
[  488.729752][T17167]  and SOFTIRQ-irq-unsafe lock:
[  488.743237][T17167] -> (tasklist_lock){.+.+}-{3:3} {
[  488.748355][T17167]    HARDIRQ-ON-R at:
[  488.752314][T17167]                     lock_acquire+0x179/0x330
[  488.758458][T17167]                     _raw_read_lock+0x5f/0x70
[  488.764591][T17167]                     __do_wait+0x105/0x890
[  488.770553][T17167]                     do_wait+0x21d/0x570
[  488.776252][T17167]                     kernel_wait+0x9f/0x160
[  488.782216][T17167]                     call_usermodehelper_exec_work+0xf1/0x170
[  488.789738][T17167]                     process_one_work+0x9ba/0x1b20
[  488.796312][T17167]                     worker_thread+0x6c8/0xf10
[  488.802539][T17167]                     kthread+0x3c5/0x780
[  488.808259][T17167]                     ret_from_fork+0x983/0xb10
[  488.814480][T17167]                     ret_from_fork_asm+0x1a/0x30
[  488.820911][T17167]    SOFTIRQ-ON-R at:
[  488.824899][T17167]                     lock_acquire+0x179/0x330
[  488.831049][T17167]                     _raw_read_lock+0x5f/0x70
[  488.837199][T17167]                     __do_wait+0x105/0x890
[  488.843074][T17167]                     do_wait+0x21d/0x570
[  488.848772][T17167]                     kernel_wait+0x9f/0x160
[  488.854736][T17167]                     call_usermodehelper_exec_work+0xf1/0x170
[  488.862254][T17167]                     process_one_work+0x9ba/0x1b20
[  488.868825][T17167]                     worker_thread+0x6c8/0xf10
[  488.875048][T17167]                     kthread+0x3c5/0x780
[  488.880750][T17167]                     ret_from_fork+0x983/0xb10
[  488.886972][T17167]                     ret_from_fork_asm+0x1a/0x30
[  488.893374][T17167]    INITIAL USE at:
[  488.897243][T17167]                    lock_acquire+0x179/0x330
[  488.903294][T17167]                    _raw_write_lock_irq+0x36/0x50
[  488.909778][T17167]                    copy_process+0x4185/0x74e0
[  488.915996][T17167]                    kernel_clone+0xfc/0x910
[  488.921953][T17167]                    user_mode_thread+0xc8/0x110
[  488.928268][T17167]                    rest_init+0x23/0x2b0
[  488.933982][T17167]                    start_kernel+0x3f6/0x4d0
[  488.940048][T17167]                    x86_64_start_reservations+0x18/0x30
[  488.947048][T17167]                    x86_64_start_kernel+0x130/0x190
[  488.953704][T17167]                    common_startup_64+0x13e/0x148
[  488.960193][T17167]    INITIAL READ USE at:
[  488.964497][T17167]                         lock_acquire+0x179/0x330
[  488.970990][T17167]                         _raw_read_lock+0x5f/0x70
[  488.977484][T17167]                         __do_wait+0x105/0x890
[  488.983729][T17167]                         do_wait+0x21d/0x570
[  488.989778][T17167]                         kernel_wait+0x9f/0x160
[  488.996109][T17167]                         call_usermodehelper_exec_work+0xf1/0x170
[  489.003995][T17167]                         process_one_work+0x9ba/0x1b20
[  489.010937][T17167]                         worker_thread+0x6c8/0xf10
[  489.017510][T17167]                         kthread+0x3c5/0x780
[  489.023561][T17167]                         ret_from_fork+0x983/0xb10
[  489.030130][T17167]                         ret_from_fork_asm+0x1a/0x30
[  489.036876][T17167]  }
[  489.039351][T17167]  ... key      at: [<ffffffff8e00c098>] tasklist_lock+0x18/0x40
[  489.047070][T17167]  ... acquired at:
[  489.050851][T17167]    lock_acquire+0x179/0x330
[  489.055512][T17167]    _raw_read_lock+0x5f/0x70
[  489.060170][T17167]    send_sigio+0xb8/0x3e0
[  489.064914][T17167]    kill_fasync+0x214/0x510
[  489.069482][T17167]    lease_break_callback+0x23/0x30
[  489.074777][T17167]    __break_lease+0x6cd/0x1800
[  489.079644][T17167]    vfs_truncate+0x4ce/0x6d0
[  489.084309][T17167]    __x64_sys_truncate+0x172/0x1e0
[  489.089493][T17167]    do_syscall_64+0xcd/0xf80
[  489.094153][T17167]    entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  489.100199][T17167] 
[  489.102502][T17167] 
[  489.102502][T17167] stack backtrace:
[  489.108369][T17167] CPU: 1 UID: 0 PID: 17167 Comm: syz.2.2496 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  489.108389][T17167] Tainted: [L]=SOFTLOCKUP
[  489.108394][T17167] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  489.108403][T17167] Call Trace:
[  489.108408][T17167]  <TASK>
[  489.108413][T17167]  dump_stack_lvl+0x116/0x1f0
[  489.108431][T17167]  check_irq_usage+0x8f9/0xc10
[  489.108451][T17167]  ? stack_depot_save_flags+0x29/0x9b0
[  489.108473][T17167]  ? check_path.constprop.0+0x24/0x50
[  489.108493][T17167]  ? __lock_acquire+0x1558/0x22f0
[  489.108513][T17167]  __lock_acquire+0x1558/0x22f0
[  489.108536][T17167]  lock_acquire+0x179/0x330
[  489.108555][T17167]  ? send_sigio+0xb8/0x3e0
[  489.108570][T17167]  ? lock_acquire+0x179/0x330
[  489.108590][T17167]  _raw_read_lock+0x5f/0x70
[  489.108605][T17167]  ? send_sigio+0xb8/0x3e0
[  489.108618][T17167]  send_sigio+0xb8/0x3e0
[  489.108631][T17167]  kill_fasync+0x214/0x510
[  489.108645][T17167]  lease_break_callback+0x23/0x30
[  489.108662][T17167]  __break_lease+0x6cd/0x1800
[  489.108682][T17167]  ? lock_acquire+0x179/0x330
[  489.108702][T17167]  ? __pfx___break_lease+0x10/0x10
[  489.108722][T17167]  ? mnt_get_write_access+0x52/0x2f0
[  489.108737][T17167]  ? mnt_get_write_access+0x1e9/0x2f0
[  489.108752][T17167]  vfs_truncate+0x4ce/0x6d0
[  489.108769][T17167]  ? __pfx_vfs_truncate+0x10/0x10
[  489.108786][T17167]  ? putname+0xf5/0x1a0
[  489.108804][T17167]  ? putname+0xf5/0x1a0
[  489.108824][T17167]  __x64_sys_truncate+0x172/0x1e0
[  489.108842][T17167]  ? __pfx___x64_sys_truncate+0x10/0x10
[  489.108862][T17167]  do_syscall_64+0xcd/0xf80
[  489.108879][T17167]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  489.108893][T17167] RIP: 0033:0x7f8a36b8f749
[  489.108906][T17167] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  489.108920][T17167] RSP: 002b:00007f8a37a8c038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c
[  489.108934][T17167] RAX: ffffffffffffffda RBX: 00007f8a36de6090 RCX: 00007f8a36b8f749
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  489.108943][T17167] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000200000000080
[  489.108952][T17167] RBP: 00007f8a36c13f91 R08: 0000000000000000 R09: 0000000000000000
[  489.108960][T17167] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  489.108969][T17167] R13: 00007f8a36de6128 R14: 00007f8a36de6090 R15: 00007ffca007e468
[  489.108983][T17167]  </TASK>
[  490.096946][T14518] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  490.149430][T14518] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  490.197005][T14518] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  490.285079][T14518] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  490.617562][T14518] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  490.676870][T14518] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  490.712624][T14518] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  490.769406][T14518] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  490.860786][T14518] bridge_slave_1: left allmulticast mode
[  490.873632][T14518] bridge_slave_1: left promiscuous mode
[  490.879324][T14518] bridge0: port 2(bridge_slave_1) entered disabled state
[  490.887801][T14518] bridge_slave_0: left allmulticast mode
[  490.893604][T14518] bridge_slave_0: left promiscuous mode
[  490.899259][T14518] bridge0: port 1(bridge_slave_0) entered disabled state
[  490.908501][T14518] team0: left allmulticast mode
[  490.914082][T14518] bridge0: port 1(team0) entered disabled state
[  490.931031][T14518] bridge_slave_1: left allmulticast mode
[  490.937410][T14518] bridge_slave_1: left promiscuous mode
[  490.944095][T14518] bridge0: port 2(bridge_slave_1) entered disabled state
[  490.952930][T14518] bridge_slave_0: left allmulticast mode
[  490.958576][T14518] bridge_slave_0: left promiscuous mode
[  490.965170][T14518] bridge0: port 1(bridge_slave_0) entered disabled state
[  491.065151][T14518] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  491.074809][T14518] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  491.084415][T14518] bond0 (unregistering): Released all slaves
[  491.168449][T14518] bond1 (unregistering): (slave geneve2): Releasing active interface
[  491.360344][T14518] bond0 (unregistering): Released all slaves
[  491.439737][T14518] bond1 (unregistering): Released all slaves
[  491.518509][T14518] bond2 (unregistering): (slave macvlan2): Releasing backup interface
[  491.527243][T14518] bond2 (unregistering): Released all slaves
[  491.535075][T14518] bond3 (unregistering): Released all slaves
[  491.610120][T14518] bond4 (unregistering): (slave veth7): Releasing backup interface
[  491.618634][T14518] bond4 (unregistering): Released all slaves
[  491.626592][T14518] bond5 (unregistering): Released all slaves
[  491.636798][T14518] bond2 (unregistering): (slave ip6gretap1): Releasing active interface
[  491.645585][T14518] ip6gretap1 (unregistering): left promiscuous mode
[  491.652297][T14518] ip6gretap1 (unregistering): left allmulticast mode
[  491.949578][T14518] smc: removing net device bond0 with user defined pnetid SYZ2
[  491.959536][T14518] bond0 (unregistering): (slave veth5): Releasing active interface
[  491.968512][T14518] bond0 (unregistering): (slave veth0_to_bond): Releasing active interface
[  491.978077][T14518] bond0 (unregistering): Released all slaves
[  492.056727][T14518] bond1 (unregistering): Released all slaves
[  492.065850][T14518] bond2 (unregistering): Released all slaves
[  492.141072][T14518] tipc: Left network mode
[  492.156377][T14518] tipc: Left network mode
[  492.713073][T14518] hsr_slave_0: left promiscuous mode
[  492.718820][T14518] hsr_slave_1: left promiscuous mode
[  492.740402][T14518] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  492.760693][T14518] batman_adv: batadv0: Removing interface: batadv_slave_0
[  492.768514][T14518] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  492.776006][T14518] batman_adv: batadv0: Removing interface: batadv_slave_1
[  492.785714][T14518] hsr_slave_0: left promiscuous mode
[  492.791771][T14518] hsr_slave_1: left promiscuous mode
[  492.799214][T14518] hsr_slave_0: left promiscuous mode
[  492.807684][T14518] hsr_slave_1: left promiscuous mode
[  492.813679][T14518] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  492.821029][T14518] batman_adv: batadv0: Removing interface: batadv_slave_0
[  492.828529][T14518] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  492.835964][T14518] batman_adv: batadv0: Removing interface: batadv_slave_1
[  492.846244][T14518] veth1_macvtap: left promiscuous mode
[  492.851777][T14518] veth0_macvtap: left promiscuous mode
[  492.857314][T14518] veth1_vlan: left promiscuous mode
[  492.862635][T14518] veth0_vlan: left promiscuous mode
[  492.868371][T14518] veth1_macvtap: left promiscuous mode
[  492.873872][T14518] veth0_macvtap: left promiscuous mode
[  492.879354][T14518] veth1_vlan: left promiscuous mode
[  492.884894][T14518] veth0_vlan: left promiscuous mode
[  492.998961][T14518] team0 (unregistering): Port device team_slave_1 removed
[  493.018150][T14518] team0 (unregistering): Port device team_slave_0 removed
[  493.090339][T14518] pimreg (unregistering): left allmulticast mode
[  493.637886][T14518] team0 (unregistering): Port device team_slave_1 removed
[  493.657534][T14518] team0 (unregistering): Port device team_slave_0 removed
[  493.744532][T14511] smc: removing ib device syz1
[  494.386368][T14518] IPVS: stop unused estimator thread 0...
[  494.395041][T14518] IPVS: stop unused estimator thread 0...