last executing test programs:

4m39.637668117s ago: executing program 1 (id=957):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000740)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x4e23, @broadcast}, 0x2, 0x0, 0x4}}, 0x2e) (async)
connect$pppl2tp(r0, &(0x7f0000000740)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x4e23, @broadcast}, 0x2, 0x0, 0x4}}, 0x2e)
fcntl$dupfd(r0, 0x0, r0) (async)
r2 = fcntl$dupfd(r0, 0x0, r0)
ioctl$VIDIOC_S_EDID(r2, 0xc0285629, &(0x7f0000000040)={0x0, 0x2, 0x7, '\x00', &(0x7f0000000000)=0x38})
getsockname$packet(r2, 0x0, &(0x7f00000000c0))

4m39.63746344s ago: executing program 1 (id=958):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000160a03020002000000000000020000000900020073797a30000000000900010073797a30000000002c00038008000140000000000800024000000000180003801400010073797a5f74756e00000000000000000014000000110001"], 0x80}}, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)

4m39.546998252s ago: executing program 1 (id=959):
syz_emit_vhci(&(0x7f0000000280)=ANY=[@ANYBLOB], 0x7)
link(&(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
execve(&(0x7f0000000040)='./file1\x00', &(0x7f0000000200)={[&(0x7f00000000c0)='\x00', &(0x7f0000000100)='!.@\x00']}, &(0x7f0000000580)={[&(0x7f0000000280)='*$#\x00', &(0x7f0000000400)='\x00']})

4m39.546785712s ago: executing program 1 (id=960):
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
openat$selinux_commit_pending_bools(0xffffffffffffff9c, 0x0, 0x1, 0x0)
getsockname(r0, 0x0, &(0x7f00000002c0))
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0)
chroot(&(0x7f0000000100)='./file0\x00')
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x21d000, 0x0)
pivot_root(&(0x7f00000002c0)='./file0/../file0/../file0\x00', &(0x7f00000000c0)='./file0/../file0/../file0\x00')
syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)

4m39.45684068s ago: executing program 1 (id=963):
r0 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$inet6_group_source_req(r0, 0x29, 0x4, &(0x7f00000001c0)={0x7ff, {{0xa, 0x4e22, 0x7fffffff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x800}}, {{0xa, 0x4e22, 0x4d14, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x9}}}, 0x108)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f0000000040)=[{0x28, 0x0, 0x0, 0xfff7f038}, {0x6}]}, 0x10) (async)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newtaction={0x64, 0x30, 0x1, 0x0, 0x0, {}, [{0x50, 0x1, [@m_ct={0x4c, 0x1, 0x0, 0x0, {{0x7}, {0x24, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}, @TCA_CT_ZONE={0x6, 0x4, 0x2e4}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x64}}, 0x0)
sendmmsg$unix(r1, &(0x7f00000000c0)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000ac}}], 0x1, 0x24002104)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc) (async)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000780)=ANY=[@ANYBLOB="9feb01001800000000000000340000003400000006000000040000000000000e0400000000000000000000000000000d000000000000000000040010040000000000000000000009030000000000000061"], 0x0, 0x52}, 0x20)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000090a0104000000000000000000000000080014"], 0x80}}, 0x0) (async)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_TYPE(r5, &(0x7f0000000400)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x50, 0xd, 0x6, 0x500, 0x0, 0x0, {0xa, 0x0, 0x5}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_TYPENAME={0x13, 0x3, 'hash:net,iface\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x50}}, 0x8000)

4m38.49788883s ago: executing program 1 (id=978):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff})
getsockopt$IP_SET_OP_GET_FNAME(r0, 0x1, 0x53, 0x0, &(0x7f00000001c0))
r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000040), 0x900, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000007c0), 0x181800, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000240)='mountinfo\x00')
ppoll(&(0x7f0000000b00)=[{r2, 0x4009}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_dev$radio(&(0x7f00000003c0), 0x2, 0x2)
read(r3, &(0x7f0000000080)=""/116, 0xfffffeb2)
read(r3, &(0x7f0000000280)=""/96, 0x60)
ioctl$SNDCTL_DSP_SYNC(r2, 0x5001, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xd, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000811200000000000095000007000000003501c9fdd96692868a2cbe24bde4e5e63beab1d2d69db1ec9b811858e245ef8c635a72ad4c16e06c6e46f891c08b02fbf6340a2f5bd24dc7f018fbdbd75742b7ae2ee06a6bf7455ed20536e2d936a369d4499f4122670a10ec54585e86ae182f9b1170646cd72a4d905d75164780a6c9066d83fa4389dfbbabafa4917b5d3ff21d2cee2f191e4c2ac2923dce468393c251ef03c244f9832f62a733d584f7dc11e8ff12de23a5b75734b0ae948a11de49ac2ad3f3b64827b09ea7bac5fa0f7ebb873c377e041a1c5239da16ed4f9a44455e0a7817df6d4636f994637c95ff4b2326071f0cf5567f22aa0b176ade8cc47da78205d2690c4faff7a43fd4c0e12ae9fde1d42a3f67f2df5f"], &(0x7f0000000000)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xc}, 0x90)
ioctl$SNDCTL_DSP_SUBDIVIDE(r1, 0xc0045009, &(0x7f0000000000)=0x1)
ioctl$SNDCTL_DSP_SUBDIVIDE(r1, 0xc0045009, &(0x7f0000000200))
r4 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000780), 0xa400, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, 0x0)
ioctl$SNDCTL_DSP_SUBDIVIDE(r4, 0xc0045009, &(0x7f0000000080))

4m38.441689741s ago: executing program 32 (id=978):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff})
getsockopt$IP_SET_OP_GET_FNAME(r0, 0x1, 0x53, 0x0, &(0x7f00000001c0))
r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000040), 0x900, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000007c0), 0x181800, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000240)='mountinfo\x00')
ppoll(&(0x7f0000000b00)=[{r2, 0x4009}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_dev$radio(&(0x7f00000003c0), 0x2, 0x2)
read(r3, &(0x7f0000000080)=""/116, 0xfffffeb2)
read(r3, &(0x7f0000000280)=""/96, 0x60)
ioctl$SNDCTL_DSP_SYNC(r2, 0x5001, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xd, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000811200000000000095000007000000003501c9fdd96692868a2cbe24bde4e5e63beab1d2d69db1ec9b811858e245ef8c635a72ad4c16e06c6e46f891c08b02fbf6340a2f5bd24dc7f018fbdbd75742b7ae2ee06a6bf7455ed20536e2d936a369d4499f4122670a10ec54585e86ae182f9b1170646cd72a4d905d75164780a6c9066d83fa4389dfbbabafa4917b5d3ff21d2cee2f191e4c2ac2923dce468393c251ef03c244f9832f62a733d584f7dc11e8ff12de23a5b75734b0ae948a11de49ac2ad3f3b64827b09ea7bac5fa0f7ebb873c377e041a1c5239da16ed4f9a44455e0a7817df6d4636f994637c95ff4b2326071f0cf5567f22aa0b176ade8cc47da78205d2690c4faff7a43fd4c0e12ae9fde1d42a3f67f2df5f"], &(0x7f0000000000)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xc}, 0x90)
ioctl$SNDCTL_DSP_SUBDIVIDE(r1, 0xc0045009, &(0x7f0000000000)=0x1)
ioctl$SNDCTL_DSP_SUBDIVIDE(r1, 0xc0045009, &(0x7f0000000200))
r4 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000780), 0xa400, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, 0x0)
ioctl$SNDCTL_DSP_SUBDIVIDE(r4, 0xc0045009, &(0x7f0000000080))

2m53.983112639s ago: executing program 3 (id=2101):
socket$inet6(0xa, 0x3, 0x8000000003c)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000800)=[{{&(0x7f00000000c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x3a}, 0x80000006}, 0x1c, 0x0, 0x0, 0x0, 0x18}}], 0x1, 0x40000000)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c0000002e00090027bd7000fedbdf250400"], 0x1c}, 0x1, 0x2000000000000000, 0x0, 0x42804}, 0x84)

2m53.654756449s ago: executing program 3 (id=2105):
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000000)={0xdf, 0x0, 0x11000})
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8b29, &(0x7f0000000040)={'wlan1\x00'})
r1 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r1, &(0x7f0000000140)={&(0x7f0000000440)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000100)="a6", 0xfffffcf4}, {0x0}], 0x2, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000005040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b00000009860f5878c37ffe36e1165814d435be5b317c6c8189767d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988c5944741afe403461323110f62055394412158e7a3adb164d641aa40d4ab077fe34232aa8b319d7666d0998a61d7da0c86d70000001010"], 0x10b8}, 0x106)
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
ioctl$KVM_GET_MSRS_cpu(r3, 0xc008ae88, &(0x7f00000001c0)={0x1, 0x0, [{0x6a4, 0x0, 0xffffffff}]})

2m53.563689791s ago: executing program 3 (id=2107):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_DELETE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="2400000002010101000000000000000002000006040002800c0019"], 0x24}, 0x1, 0x0, 0x0, 0x80000}, 0x4000)
socket$kcm(0x10, 0x3, 0x10)
r1 = open_tree(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x1100)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0xfe, 0x7fff0006}]})
r3 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000240), 0xa2003, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r3, 0xc0184800, &(0x7f0000000100)={0x20004, <r4=>r2, 0x2})
r5 = syz_open_dev$dri(&(0x7f0000000280), 0x1ff, 0x140)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r5, 0xc00c642e, &(0x7f00000000c0)={<r6=>0x0, 0x0, r4})
ioctl$DRM_IOCTL_GEM_FLINK(r5, 0xc008640a, &(0x7f0000000300)={r6, <r7=>0x0})
socket(0x200000000000011, 0x2, 0xd)
socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
socket(0x22, 0x2, 0x3)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="22000000040000001000000012"], 0x48)
socket$netlink(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0x9}, [@call={0x85, 0x0, 0x0, 0x41}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x11, 0x4, 0x4, 0xff}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r8}, &(0x7f00000002c0), &(0x7f0000000340)=r9}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0)={r8, <r10=>0xffffffffffffffff}, 0x4)
r11 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x6, 0x1c, &(0x7f0000000440)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x18, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r11}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x5, 0x0, 0xb, 0x9, 0x0, 0x2, 0x2}, {0x3, 0x2, 0x3, 0xa, 0x9, 0xfe00}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x0, 0x4}, {0x3, 0x0, 0x6, 0xa, 0x9, 0xfe04, 0xf1}, {0x7, 0x1, 0xb, 0x7, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x2, 0x2, 0x0, r10}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x44, '\x00', 0x0, @xdp=0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$DRM_IOCTL_GEM_OPEN(r5, 0xc010640b, &(0x7f0000000140)={r7, <r12=>0x0})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r5, 0xc00c64d2, &(0x7f0000000180)={r12, 0x80000})
ioctl$DRM_IOCTL_GEM_FLINK(r1, 0xc008640a, &(0x7f0000000100)={r12})
r13 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r13, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000002c00038008000140000000000800024000000000180003801400010076657468305f746f5f687372000000005c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a3000000000300003802c0003801400010076657468305f746f5f687372000000001400010076657468315f766c616e"], 0xfc}}, 0x0)

2m53.516760061s ago: executing program 3 (id=2108):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112})
ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0xaf, 0x5, 0x4}]})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x13, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff15, 0x0, 0x0, 0x10, 0xfffffffc}, 0x94)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'rose0\x00', 0x112})

2m53.361553357s ago: executing program 3 (id=2113):
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b18094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f00000001c0)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000140)='./file1\x00')
r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r1 = syz_open_dev$usbfs(&(0x7f0000000000), 0xe5ce, 0x204100)
ioctl$USBDEVFS_SETCONFIGURATION(r1, 0x80045505, &(0x7f0000000100)=0x349)
ioctl$VIDIOC_QUERYCTRL(r0, 0xc0445624, &(0x7f0000000680)={0xa22fc007, 0x0, "ee9a8000bc5e143f8437bb6bbe34fb7e7b692abe4bb49c3df484131ac9564da5", 0xffffff81, 0x9, 0xebc3, 0x5, 0x140})
r2 = open(&(0x7f0000000640)='.\x00', 0x0, 0xdd)
mkdir(&(0x7f0000000340)='./file0\x00', 0x9b)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000080)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x40049366, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
read$FUSE(r2, &(0x7f00000007c0)={0x2020, 0x0, <r4=>0x0}, 0x2020)
write$FUSE_OPEN(r2, &(0x7f0000002800)={0x20, 0x0, r4, {0x0, 0xe}}, 0x20)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000005c0)=ANY=[@ANYBLOB="7000000018000500000000000000000002000000000200090000000006001500040000004c0016804800088044000180"], 0x70}, 0x1, 0x0, 0x0, 0x40000}, 0x0)

2m53.203238482s ago: executing program 3 (id=2115):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001480)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = syz_open_dev$vim2m(&(0x7f0000000440), 0x4, 0x2)
ioctl$vim2m_VIDIOC_PREPARE_BUF(r3, 0xc0405602, &(0x7f00000001c0)=@overlay={0x0, 0x1, 0x4, 0x171003, 0x0, {}, {0x1, 0xc, 0x18, 0xa4, 0xb, 0x9e, "f50f8900"}, 0x4, 0x3, {}, 0x44})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', <r4=>0x0})
r5 = syz_open_dev$dri(&(0x7f0000000080), 0x2, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f00000002c0)={0x0, 0x0, 0x0, &(0x7f0000000280)=[<r6=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETENCODER(r5, 0xc01464a6, &(0x7f0000000380)={r6})
r7 = syz_open_procfs(0x0, &(0x7f0000000f80)='timerslack_ns\x00')
write$cgroup_pid(r7, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000013000100000000000000000007000000", @ANYRES32=r4, @ANYBLOB="00000000000000000c001a800800058004000880"], 0x2c}}, 0x0)
r8 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r8, 0x29, 0x20, &(0x7f0000000200)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x800, 0x0, 0x1, 0x1}, 0x20)
setsockopt$inet6_int(r8, 0x29, 0x2, 0x0, 0x0)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(r8, 0x29, 0x20, &(0x7f0000000300)={@dev={0xfe, 0x80, '\x00', 0x2b}}, &(0x7f0000000040)=0x20)
sendmsg$netlink(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000080)=ANY=[@ANYRESHEX=r8], 0x18}], 0x1, 0x0, 0x0, 0x4000001}, 0x0)

2m38.167395514s ago: executing program 33 (id=2115):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001480)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = syz_open_dev$vim2m(&(0x7f0000000440), 0x4, 0x2)
ioctl$vim2m_VIDIOC_PREPARE_BUF(r3, 0xc0405602, &(0x7f00000001c0)=@overlay={0x0, 0x1, 0x4, 0x171003, 0x0, {}, {0x1, 0xc, 0x18, 0xa4, 0xb, 0x9e, "f50f8900"}, 0x4, 0x3, {}, 0x44})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', <r4=>0x0})
r5 = syz_open_dev$dri(&(0x7f0000000080), 0x2, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f00000002c0)={0x0, 0x0, 0x0, &(0x7f0000000280)=[<r6=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETENCODER(r5, 0xc01464a6, &(0x7f0000000380)={r6})
r7 = syz_open_procfs(0x0, &(0x7f0000000f80)='timerslack_ns\x00')
write$cgroup_pid(r7, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000013000100000000000000000007000000", @ANYRES32=r4, @ANYBLOB="00000000000000000c001a800800058004000880"], 0x2c}}, 0x0)
r8 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r8, 0x29, 0x20, &(0x7f0000000200)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x800, 0x0, 0x1, 0x1}, 0x20)
setsockopt$inet6_int(r8, 0x29, 0x2, 0x0, 0x0)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(r8, 0x29, 0x20, &(0x7f0000000300)={@dev={0xfe, 0x80, '\x00', 0x2b}}, &(0x7f0000000040)=0x20)
sendmsg$netlink(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000080)=ANY=[@ANYRESHEX=r8], 0x18}], 0x1, 0x0, 0x0, 0x4000001}, 0x0)

2m36.184071151s ago: executing program 0 (id=2268):
r0 = socket$kcm(0x11, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f00000005c0)={&(0x7f0000000600)=@hci={0x1f, 0xa888, 0x1}, 0x80, &(0x7f0000000300)=[{&(0x7f0000004580)="30ae88a88453307bef9373", 0xb}], 0x1}, 0x0)

2m36.123720255s ago: executing program 0 (id=2271):
r0 = socket$kcm(0x2, 0x200000000000001, 0x0)
sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000340)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x3000c085)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.stat\x00', 0x26e1, 0x0)
setsockopt$sock_attach_bpf(r0, 0x1, 0x3e, &(0x7f00000001c0)=r1, 0x4)
sendmsg$inet(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000940)=[{&(0x7f0000000c40)="02", 0x1}], 0x1}, 0x408c4)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000400)="a5", 0x7eae}], 0x1, 0x0, 0x0, 0x10000000}, 0x52cc)

2m35.222276901s ago: executing program 0 (id=2294):
r0 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r0, &(0x7f0000000180)={0x0, 0x140, &(0x7f0000000240)=[{&(0x7f0000000380)="5c00000012006bab9e3fe3d86e6c1d000014a10d00000000000004b68675f8001d000a00a0e69ee517d34460bc24eab556a705251e6182949a36c23d3b48dffefffffffffffffff60a64c9f4080003fe060100000400020015b53631", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x44010)

2m35.172100274s ago: executing program 0 (id=2296):
mkdir(&(0x7f0000000000)='./file1\x00', 0x0)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
mount$fuse(0x0, 0x0, 0x0, 0x100000, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x2, &(0x7f0000000400))
chdir(&(0x7f0000000180)='./file1\x00')
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(r1, 0x0)
r2 = getpgid(r1)
setpgid(0x0, r2)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x8000, 0x0)
setresuid(0x0, 0xee00, 0x0)
ioctl$AUTOFS_IOC_EXPIRE(r3, 0x810c9365, 0x0)

2m35.101101587s ago: executing program 0 (id=2298):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x94, 0x7fff0000}]})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x401, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_GUEST_MEMFD(r2, 0xc040aed4, &(0x7f00000001c0)={0x200001fe0000, 0x3})
lseek(0xffffffffffffffff, 0x0, 0x2)
close_range(r0, 0xffffffffffffffff, 0x0)

2m34.250471851s ago: executing program 0 (id=2302):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000500), 0x40, 0x0)
close(r1)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000900)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xe}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x5, 0x7, 0xb3}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=@newqdisc={0x58, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xffffbddc, {0x0, 0x0, 0x0, r5, {0x10}, {}, {0xe, 0x1}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x200000, 0xe, 0x7, 0x7, 0x9, 0x40, 0xffffffff, 0x2}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x4040098}, 0x4000)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
r7 = socket$packet(0x11, 0x3, 0x300)
sendto$packet(r7, &(0x7f0000000140)="bad330fbc9b5544972e7a5ea0756", 0x36, 0x40, &(0x7f00000001c0)={0x11, 0x1a, r6, 0x1, 0xd8, 0x6, @random="98c8ca7122df"}, 0x14)

2m33.882114471s ago: executing program 34 (id=2302):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000500), 0x40, 0x0)
close(r1)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000900)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xe}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x5, 0x7, 0xb3}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=@newqdisc={0x58, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xffffbddc, {0x0, 0x0, 0x0, r5, {0x10}, {}, {0xe, 0x1}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x200000, 0xe, 0x7, 0x7, 0x9, 0x40, 0xffffffff, 0x2}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x4040098}, 0x4000)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
r7 = socket$packet(0x11, 0x3, 0x300)
sendto$packet(r7, &(0x7f0000000140)="bad330fbc9b5544972e7a5ea0756", 0x36, 0x40, &(0x7f00000001c0)={0x11, 0x1a, r6, 0x1, 0xd8, 0x6, @random="98c8ca7122df"}, 0x14)

6.659184523s ago: executing program 4 (id=3722):
syz_emit_ethernet(0x4a, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaa"], 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0xf, &(0x7f0000000200)=ANY=[@ANYRESDEC, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf0900000000000055"], 0x0, 0x9, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94)
r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x2001)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_misc(r1, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x14, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d960001000000000000000000007efff100004000", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c527d3d458dd4992861ac0000000000000000000000000000000000001200", "f4bd000000801900", [0x8, 0xffffffff9673e35d]}})

6.561165437s ago: executing program 4 (id=3723):
r0 = syz_usb_connect(0x0, 0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000371055900090582eb1000000001020009050276"], 0x0)
syz_usb_control_io$cdc_ecm(r0, &(0x7f0000000140)={0x14, 0x0, &(0x7f0000000000)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x2000094}, 0x4000800)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=@base={0x12, 0x3a, 0x8, 0x2}, 0x48)
r2 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo/3\x00')
read$qrtrtun(r2, &(0x7f00000004c0)=""/57, 0x39)
r3 = socket(0x10, 0x3, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = syz_open_dev$vcsu(&(0x7f0000000100), 0x7, 0x801)
r6 = inotify_add_watch(r2, &(0x7f0000000500)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x8)
inotify_rm_watch(r5, r6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000080)={'vxcan1\x00', <r7=>0x0})
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000280)={'vxcan0\x00', <r8=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="2400000018000100000000011d0102000800090000000000", @ANYRES32=r7, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r8, @ANYBLOB], 0x24}, 0x1, 0x0, 0x0, 0x26004890}, 0x0)
sendmmsg(r3, &(0x7f0000000000), 0x400000000000235, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_REPLACE(r1, 0x3ba0, &(0x7f0000000180)={0x48})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=@getchain={0x2c, 0x66, 0x400, 0x70bd25, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0xf, 0xfff2}, {0x9, 0x1}, {0x6, 0xffff}}, [{0x8, 0xb, 0x6}]}, 0x2c}, 0x1, 0xf0ffffffffffff, 0x0, 0x4040940}, 0x0)
r9 = syz_open_dev$evdev(&(0x7f0000000000), 0x4, 0x800)
connect$inet(r3, &(0x7f00000000c0)={0x2, 0x4e20, @multicast2}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=ANY=[@ANYBLOB="400004002100040026bd7000fedbdf2502142006030000081400000008000200ac14141208fb00000000000005001300000000000c000c440000000000000006"], 0x40}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@gettfilter={0x3c, 0x2e, 0x100, 0x70bc25, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x10, 0xc}, {0xe, 0xf}, {0x8, 0xffff}}, [{0x8, 0xb, 0x5}, {0x8, 0xb, 0x9}, {0x8, 0xb, 0xc0e}]}, 0x3c}}, 0x0)
r10 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a30000000009c000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d58001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000008200001800e000100636f6e6e6c696d69740000000c00028008000140000000001400017b090001006cdbf80789f3f947dd000280080003"], 0xe4}, 0x1, 0x0, 0x0, 0x8001}, 0x20050840)
sendmsg$kcm(r10, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030041000b05d25a806c8c6394f90324fc60100000000a000200053582c137153e3704020180fc5409000c00", 0x33fe0}], 0x1}, 0x0)
ioctl$EVIOCGKEYCODE_V2(r9, 0x80284504, &(0x7f0000000140)=""/215)

4.261194791s ago: executing program 4 (id=3728):
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
socket$kcm(0xa, 0x922000000003, 0x11)
r0 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000380)="48000000140081fb7059ae08060c04000aff0f03000004000011000000006fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8f", 0x48}], 0x1}, 0x0)
recvmsg$kcm(r0, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000000c0)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
r2 = accept4(r1, 0x0, 0x0, 0x80000)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000200)="ad00"/16, 0x10)
recvmmsg$unix(r2, &(0x7f0000004600)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40000000, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1342, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'geneve1\x00', 0x896ff1c61f7d938e})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r4)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000300), 0xffffffffffffffff)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x0)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
writev(r3, &(0x7f00000004c0)=[{&(0x7f00000001c0)="89e7ee0c7cdad9b4b47380c988ca", 0xe}], 0x1)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = syz_open_dev$loop(&(0x7f0000000100), 0x5, 0x0)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r8, 0x4c0a, &(0x7f0000000800)={r9, 0x0, {0x2a00, 0x80010000, 0x0, 0x10000000000002, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d8a000100", "2809e8030000008948224ad54afac171ec0000bdb22d0000b420a1a93c5240f45f819e01177d3d078dd4992861ac00", "f4fec4000000020000d800000000020000000000004e00", [0x0, 0x2000000000001]}})
pwritev(r8, &(0x7f0000000980)=[{&(0x7f0000000440)="90fccf3ace0644d0daabd7a3e4668a4a8af7b6a7bb624240aea4e3bfe89cb80662df35dff61b8487cb92f69fe135ee4d3f7f3bf5124e361d479bf7dccd7d4d06207cbe4a532a3bf5df40f5d5ec2b00df35d87651837e16e288cee612", 0x5c}, {&(0x7f0000000500)="e241", 0x2}, {&(0x7f0000000540)="cfb17ee7217405799345e2c1bc329493963b7fee7b08a4cf0bb989299299daf1d46f9526b10e6c5859d00b5cadace37665ccfb6e1a31c037423a7d27a5fe0ab7a57065da2e5e747a0884d8bdbc4c0a22e469af841ea5be0564c026af4caa75180caa29df8a86cfd452fd461ff8e77078f2defbffa504390982f6f24d9658a0d84f8a92ebaa9e7db637af7015616477f8cd5b39b433c55e11f68b68bbfd6dff493a58eda89e62ef332430f20dfa069b77966dfd5643b43d6b514a952eca8e3e9eef14ea6e78420812e791835bdbecb58b1c", 0xd1}, {&(0x7f00000006c0)="96fa196040efbd869426b7d539198c6a80eb3b34281d3e7186409bb4ae2a80db86512db69d8864e81ee9db284e0e077616912a01572bd31a945982f07dac0b3efef5c990efc886cb378ed4ae80f742f71625370f33970c50336d1e446398d39bb640838d6194", 0x66}, {&(0x7f0000000740)="60653cd8e5e5dab4195fabd6c4e5ff73641742d61885952fb75fefe377033f20f78a178629a9136a133e7c", 0x2b}, {&(0x7f0000000780)="d6749f3fac8c6777d89b42bba46823759a4a551149bf8e16347bd7cf75f9a2b0587da09002a89fb8a9c8fd5ef1a5e42ac3f5169e06158676eb649bd88dc8052476f828e4015f033ed0f6688c0c82b7370138579479712b8213bc50268c71ebd81ac0404a6b526f7f4450b1f93fc0c32d05fec8f1bb4407efe1ee565a39dd", 0x7e}, {&(0x7f0000000940)="9d4a572b3986bb4dab4d9bf9", 0xc}], 0x7, 0x8, 0x2)
syz_genetlink_get_family_id$smc(&(0x7f0000000040), r9)
syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYRESDEC=r7, @ANYRES8=r7, @ANYRES64=r6, @ANYRESOCT=r6, @ANYRESDEC=r7], 0x7)
r10 = accept4$netrom(0xffffffffffffffff, &(0x7f0000000a00)={{}, [@rose, @remote, @rose, @rose, @rose, @null, @default, @netrom]}, &(0x7f0000000640)=0x48, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r10, &(0x7f0000000240)={0x10000010})

4.068844547s ago: executing program 4 (id=3729):
socket$alg(0x26, 0x5, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmmsg$unix(r0, 0x0, 0x0, 0x0)
ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, &(0x7f00000003c0)={{0x2, 0x4e22, @empty}, {0x20000010304, @local}, 0x6, {0x2, 0x4e20, @rand_addr=0x64010101}})
waitid(0x1, 0x0, 0x0, 0x2, 0x0)
r1 = syz_usb_connect$printer(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201000000030020f003176c400000000001090224725100000000090400001207010300090501020000000000090582020002"], 0x0)
syz_usb_disconnect(r1)
r2 = syz_usb_connect(0x0, 0x4a, &(0x7f0000000080)=ANY=[], 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
syz_usb_ep_write$ath9k_ep1(r2, 0x82, 0x4, &(0x7f0000000440)=ANY=[@ANYRES32, @ANYRESDEC, @ANYRES8, @ANYRESDEC, @ANYRESDEC=r1])
r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
write$char_usb(r3, &(0x7f0000000180)="6245164ce7", 0x5)

3.590462409s ago: executing program 2 (id=3738):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
r1 = fcntl$dupfd(r0, 0x0, r0)
r2 = syz_open_dev$dri(&(0x7f0000000000), 0x2, 0x2000)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, &(0x7f00000000c0)={<r3=>0x0, 0x1})
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_WAIT(r2, 0xc03064ca, &(0x7f0000000200)={&(0x7f00000003c0)=[r3], &(0x7f0000000400), 0x800000ea25, 0x1, 0x6})
r4 = syz_open_dev$radio(&(0x7f0000002040), 0x3, 0x2)
ioctl$VIDIOC_G_MODULATOR(r4, 0xc0445636, &(0x7f0000000140)={0x0, "c1e3c6e9d4e0668be33dfa93c2a82cbbd334b5351b615cf0fac06b6babfa8bf6", 0x2, 0xffffc7d7, 0x4, 0x2, 0x3})
prctl$PR_SCHED_CORE(0x4d, 0x0, 0x0, 0x0, 0x0)
ioctl$TCFLSH(r1, 0x400455c8, 0x2)
r5 = syz_io_uring_setup(0xf00, &(0x7f0000000080)={0x0, 0x0, 0xc00, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0, &(0x7f0000000180)=<r8=>0x0)
r9 = openat(0xffffffffffffff9c, &(0x7f00000013c0)='./file0/file0\x00', 0x82042, 0xc0)
ioctl$sock_inet_tcp_SIOCOUTQ(r9, 0x5415, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(r9, 0xc01864c1, &(0x7f0000000240)={r3})
syz_io_uring_submit(r6, r7, r8, &(0x7f00000001c0)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x16, 0x1})
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r10, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r10, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc080003400000001408000c4000000e45400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d103000014000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r11 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETSETELEM(r11, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001000)={0x40, 0xd, 0xa, 0x801, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "edff"}]}]}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000805}, 0x8000)
io_uring_enter(r5, 0x1, 0x1, 0x1, 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000140)=0xffffffc0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000040)=0xfc)
ioctl$HIDIOCGFLAG(r1, 0x8004480e, &(0x7f0000000080))
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000280)=0xc0)

3.431025861s ago: executing program 2 (id=3739):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000083667d1040206402d14e0102030109021b000100000000090400000190f19c00090584"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000780)={0x14, &(0x7f0000000680)={0x0, 0x11, 0xb2, {0xb2, 0xf, "5db36bf034427291342b4667e2a4117fb84375eca6e0a1f12bc97a97e438472065a3157b76a2b940e7c67c2dc9ae4aff6949a78053958b2d63dcb83e0f36bbc5943ea67418c356f25f4ad8616bc0e72b5c258451fc6e04b388879c368bb6412adb64524d2ea72b965ac0b23a4ed796fb5fdff41107db1eb4eb979ba37dac4b4283eca555988e5cfc00723e2466c546d1577248e7f35e936a72f9a67d43d23726b65b53e3b98a23945cd1ed7109e284ca"}}, &(0x7f0000000740)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000a80)={0x44, 0x0, &(0x7f00000008c0)={0x0, 0xa, 0x1, 0x4}, &(0x7f0000000900)={0x0, 0x8, 0x1, 0x9}, &(0x7f0000000940)={0x20, 0x80, 0x1c, {0x8, 0x1, 0x3, 0x2, 0x7, 0x1, 0xa88a, 0x4, 0xfff8, 0xfff, 0x81, 0x4}}, &(0x7f0000000980)={0x20, 0x85, 0x4, 0x1}, &(0x7f00000009c0)={0x20, 0x83, 0x2}, &(0x7f0000000a00)={0x20, 0x87, 0x2, 0x8}, &(0x7f0000000a40)={0x20, 0x89, 0x2, 0x1}})
syz_usb_control_io$uac2(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
r1 = syz_open_dev$I2C(&(0x7f0000000100), 0x2, 0x1)
ioctl$I2C_RDWR(r1, 0x707, &(0x7f0000000140)={&(0x7f0000000300)=[{0x101, 0x0, 0x48, &(0x7f0000000240)='\x00\x00\x00\x00\x00'}], 0x1})

1.441085985s ago: executing program 2 (id=3749):
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$bt_BT_VOICE(r0, 0x112, 0xb, &(0x7f0000000000)=0x3, 0x2)
connect$bt_sco(r0, &(0x7f00000001c0), 0x8)

1.360421371s ago: executing program 2 (id=3752):
r0 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000), 0x8502, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180200002343ffff0000000000000000850000004100000095"], &(0x7f00000000c0)='GPL\x00'}, 0x4e)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r3=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r2, r3, 0x25, 0x4, @void}, 0x10)
syz_emit_ethernet(0x3a, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa3e8100400008004500002800670000020690786401fb00ac1414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c02000090780000"], 0x0)
write$sndseq(r0, &(0x7f0000001380)=[{0x6, 0x0, 0x0, 0x0, @tick, {0x1}, {}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @time={0xffff, 0xa5}, {}, {}, @connect={{0x2, 0x3}, {0x3}}}, {0x0, 0x0, 0x0, 0x0, @time={0x2, 0x2}, {0x0, 0x8}, {}, @control}, {0x0, 0x0, 0x0, 0x0, @time, {0x0, 0x1}, {}, @connect={{0x0, 0xff}, {0x0, 0x5}}}], 0x70)
getpid()
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000004, 0x3032, r0, 0x0)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), r0)
sendmsg$ETHTOOL_MSG_WOL_SET(r0, &(0x7f0000000300)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)={0xc0, r4, 0x200, 0x70bd27, 0x25dfdbfc, {}, [@ETHTOOL_A_WOL_HEADER={0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}, @ETHTOOL_A_WOL_SOPASS={0x80, 0x3, "2be9db4c3c6bc8bb6a8fe3ea2771fada9dd9ba15385a759f66b3e62aa17dd1fd9b27fbb0a6476002847d2c2e8d3d2b1d5051cbbf031e031beb4fa95d8de177ee2f27104a435441354bd00d8c2da90b63789facda2db9c8334a13cf06de1f6df55ce9cdb9aec1ee117c43f58100923ad2a9e8207413066c4baba4b2e6"}]}, 0xc0}, 0x1, 0x0, 0x0, 0x50}, 0x40c0)
r5 = socket$kcm(0x2, 0x200000000000001, 0x106)
setsockopt$sock_attach_bpf(r5, 0x6, 0xd, &(0x7f0000000000), 0x4)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x6)

1.218482466s ago: executing program 4 (id=3755):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000540)=@bridge_getvlan={0x20, 0x72, 0x301, 0x4000001, 0x4, {}, [@BRIDGE_VLANDB_DUMP_FLAGS={0x8, 0x1, 0x12}]}, 0x20}, 0x1, 0xf00, 0x0, 0x80}, 0x4000810)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000008c0)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r1, &(0x7f0000000a00)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x38, r2, 0xd55319eec59dfa33, 0xfffffffd, 0x25dfdbfc, {{}, {@void, @val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'caif0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x4}]}, 0x38}, 0x1, 0x0, 0x0, 0xc804}, 0xc2010)
r4 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi3\x00', 0x2000, 0x0)
ioctl$COMEDI_INSN(r4, 0x8028640c, &(0x7f0000000000)={0x4000000, 0xa, 0x0, 0x0, 0x80000000})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'veth0_to_bond\x00'})

1.151365198s ago: executing program 2 (id=3756):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
r1 = fcntl$dupfd(r0, 0x0, r0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="3000000040000701feffffff00000000047c0000040042801400018006000600800a000008001c"], 0x30}, 0x1, 0x0, 0x0, 0x48815}, 0xc000)
ioctl$TCFLSH(r1, 0x400455c8, 0x2)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000040)=0xfc)

1.049117729s ago: executing program 2 (id=3758):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000083667d1040206402d14e0102030109021b000100000000090400000190f19c00090584"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000780)={0x14, &(0x7f0000000680)={0x0, 0x11, 0xb2, {0xb2, 0xf, "5db36bf034427291342b4667e2a4117fb84375eca6e0a1f12bc97a97e438472065a3157b76a2b940e7c67c2dc9ae4aff6949a78053958b2d63dcb83e0f36bbc5943ea67418c356f25f4ad8616bc0e72b5c258451fc6e04b388879c368bb6412adb64524d2ea72b965ac0b23a4ed796fb5fdff41107db1eb4eb979ba37dac4b4283eca555988e5cfc00723e2466c546d1577248e7f35e936a72f9a67d43d23726b65b53e3b98a23945cd1ed7109e284ca"}}, &(0x7f0000000740)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000a80)={0x44, 0x0, &(0x7f00000008c0)={0x0, 0xa, 0x1, 0x4}, &(0x7f0000000900)={0x0, 0x8, 0x1, 0x9}, &(0x7f0000000940)={0x20, 0x80, 0x1c, {0x8, 0x1, 0x3, 0x2, 0x7, 0x1, 0xa88a, 0x4, 0xfff8, 0xfff, 0x81, 0x4}}, &(0x7f0000000980)={0x20, 0x85, 0x4, 0x1}, &(0x7f00000009c0)={0x20, 0x83, 0x2}, &(0x7f0000000a00)={0x20, 0x87, 0x2, 0x8}, &(0x7f0000000a40)={0x20, 0x89, 0x2, 0x1}})
syz_usb_control_io$uac2(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
r1 = syz_open_dev$I2C(&(0x7f0000000100), 0x2, 0x1)
ioctl$I2C_RDWR(r1, 0x707, &(0x7f0000000140)={&(0x7f0000000300)=[{0x101, 0x0, 0x48, &(0x7f0000000240)='\x00\x00\x00\x00\x00'}], 0x1})

679.76847ms ago: executing program 5 (id=3760):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00000000041100001c00128009000100626f6e64000000000cfcffffffffffffff000000"], 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x44, 0x6, 0x3c8, 0x0, 0x298, 0x200, 0x200, 0x298, 0x330, 0x330, 0x330, 0x330, 0x330, 0x6, 0x0, {[{{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x98}}, {{@ip={@remote, @local, 0x0, 0x0, 'vcan0\x00', 'veth0_virt_wifi\x00'}, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x4]}}}}, {{@uncond, 0x0, 0x70, 0x98}, @ECN={0x28}}, {{@ip={@rand_addr, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'bond0\x00'}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@remote, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'lo\x00', 'batadv_slave_1\x00'}, 0x0, 0x70, 0x98}, @ECN={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x428)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xf, 0x4, 0x8, 0x9}, 0x48)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000a40)={@map=r1, 0x4, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0}, 0x40)
r2 = syz_open_dev$dri(&(0x7f0000002580), 0x200, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f00000026c0)={0x0, &(0x7f0000002600)=[<r3=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_SETCRTC(r2, 0xc06864a2, &(0x7f0000000200)={0x0, 0xffffffffffffff1e, r3, 0x0, 0x0, 0x3, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0xa7e9, 0x0, 0x7, 0x4, 0x0, 0x10000, 0x406, 0x0, "427f4d0561864078b7f952fc7ebbfea1deee063e520cc38c6a002000"}})
r4 = syz_open_dev$dri(&(0x7f00000008c0), 0xd22, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r5=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r4, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r5, <r6=>0x0})
ioctl$DRM_IOCTL_MODE_SETCRTC(r4, 0xc06864a2, &(0x7f00000006c0)={0x0, 0x0, r5, r6, 0x1, 0x6, 0x8, 0x672c, {0xf4e, 0x4, 0x2, 0x1, 0x3, 0x9, 0xfffb, 0x6, 0x1, 0x5, 0x8, 0x5, 0x3, 0x4, "b1552a0c2b9f65354fdb6e6609b97f1e38bf118fa6e80e960743c4a9f0128d54"}})
ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000000440)={r6, 0xffff, 0xfffffffc, 0x40, 0x2, [], [0x80000001, 0x9, 0x401, 0xee4], [0x8, 0x6, 0x5, 0x9], [0xcb45, 0x200, 0x0, 0xc51]})
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e"], 0x50}}, 0x4000000)

438.074172ms ago: executing program 5 (id=3761):
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(r0, 0xc0389424, &(0x7f00000000c0)={0x7fff, 0x40, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
socket$kcm(0x29, 0x2, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
syz_emit_ethernet(0x2a, &(0x7f0000000340)={@random="1ca12d394eaa", @empty, @void, {@ipv4={0x892f, @igmp={{0x5, 0x4, 0x1, 0x3, 0x1c, 0x66, 0x0, 0xa, 0x2, 0x0, @multicast2, @loopback}, {0x14, 0x5, 0x0, @multicast2}}}}}, 0x0)
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r2, 0x8914, &(0x7f0000000000))
r3 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_VERSION(r3, 0xc0189371, &(0x7f0000000180)={{0x1, 0x1, 0x18, r2}, './file0\x00'})
ioctl$sock_netrom_SIOCADDRT(r0, 0x890b, &(0x7f0000000280)={0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @bpq0, 0xffff, 'syz0\x00', @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0xfffffdba, 0x1, [@default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @default, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}]})
ioctl$sock_netrom_SIOCADDRT(r0, 0x890b, &(0x7f0000000000)={0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x6, 'syz1\x00', @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, 0x1, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @default]})

380.930097ms ago: executing program 5 (id=3762):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x80800, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$TCFLSH(r1, 0x400455c8, 0x2)
ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000140)=0xffffffc0)

281.011555ms ago: executing program 6 (id=3764):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2002, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000240)="67400f07c40249af4b8bb9800000c00f3235010000000f300f20a366450f769e00000100440f20c03588001d00440f22c0460f01c9c4827d24c366bafc0cf0ff07ef87f345a57a43e16806a4", 0x4c}], 0x1, 0x7c, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000000)={{0x80a0000, 0xeeed5002, 0x8, 0xfa, 0x3, 0x2, 0x42, 0x7, 0x0, 0x2, 0x6}, {0x10000, 0x4, 0x9, 0x2, 0x43, 0x7, 0x7f, 0x6, 0x5, 0x6, 0x3}, {0xdddd0000, 0xdddd1000, 0x9, 0x5, 0x3, 0x7, 0x0, 0x9, 0x1, 0x8, 0x8, 0x81}, {0xb000, 0x100000, 0x10, 0x6, 0x3, 0x2, 0x2, 0x40, 0xa, 0x9, 0x49, 0xf1}, {0x1, 0xffffffff, 0x4, 0x5, 0x4c, 0x2, 0xab, 0x7f, 0x40, 0x83, 0xf7, 0x6}, {0x1000, 0x191bd000, 0xf, 0x9, 0xb5, 0x6, 0x1, 0x7, 0x80, 0x13, 0x1, 0x2}, {0x6000, 0x1, 0x0, 0xf2, 0x0, 0x2, 0x6, 0x1, 0x3, 0x7d, 0xff, 0x70}, {0x80a0000, 0x0, 0x9, 0x9, 0x12, 0x7, 0x5, 0xe0, 0x2, 0x6, 0xf0, 0x9}, {0xeeef0000, 0x29ad}, {0x3000, 0x3}, 0x80000031, 0x0, 0xeeef0000, 0x2024, 0x400000006, 0x0, 0x0, [0x20d0, 0x1000, 0x400000000060, 0x6]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2002, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (async)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000240)="67400f07c40249af4b8bb9800000c00f3235010000000f300f20a366450f769e00000100440f20c03588001d00440f22c0460f01c9c4827d24c366bafc0cf0ff07ef87f345a57a43e16806a4", 0x4c}], 0x1, 0x7c, 0x0, 0x0) (async)
ioctl$KVM_RUN(r2, 0xae80, 0x0) (async)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, 0x0) (async)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000000)={{0x80a0000, 0xeeed5002, 0x8, 0xfa, 0x3, 0x2, 0x42, 0x7, 0x0, 0x2, 0x6}, {0x10000, 0x4, 0x9, 0x2, 0x43, 0x7, 0x7f, 0x6, 0x5, 0x6, 0x3}, {0xdddd0000, 0xdddd1000, 0x9, 0x5, 0x3, 0x7, 0x0, 0x9, 0x1, 0x8, 0x8, 0x81}, {0xb000, 0x100000, 0x10, 0x6, 0x3, 0x2, 0x2, 0x40, 0xa, 0x9, 0x49, 0xf1}, {0x1, 0xffffffff, 0x4, 0x5, 0x4c, 0x2, 0xab, 0x7f, 0x40, 0x83, 0xf7, 0x6}, {0x1000, 0x191bd000, 0xf, 0x9, 0xb5, 0x6, 0x1, 0x7, 0x80, 0x13, 0x1, 0x2}, {0x6000, 0x1, 0x0, 0xf2, 0x0, 0x2, 0x6, 0x1, 0x3, 0x7d, 0xff, 0x70}, {0x80a0000, 0x0, 0x9, 0x9, 0x12, 0x7, 0x5, 0xe0, 0x2, 0x6, 0xf0, 0x9}, {0xeeef0000, 0x29ad}, {0x3000, 0x3}, 0x80000031, 0x0, 0xeeef0000, 0x2024, 0x400000006, 0x0, 0x0, [0x20d0, 0x1000, 0x400000000060, 0x6]}) (async)
ioctl$KVM_RUN(r2, 0xae80, 0x0) (async)

280.56754ms ago: executing program 6 (id=3765):
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x100002, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
ioctl$KVM_SET_CPUID(r3, 0x4008ae8a, &(0x7f0000000100)={0x2, 0x0, [{0x1, 0x6, 0x3, 0xfffffff7, 0xafe}, {0x7, 0x3, 0xd433, 0xfffffff8, 0x2b8f24ad}]})
setsockopt$bt_BT_VOICE(r0, 0x112, 0xb, &(0x7f0000000200)=0x3, 0x2)
connect$bt_sco(r0, &(0x7f00000001c0), 0x8)

232.957318ms ago: executing program 6 (id=3766):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x80)
mkdir(&(0x7f0000000200)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f00000003c0)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}]})
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001440)=@newtaction={0x74, 0x30, 0xb, 0x0, 0x0, {}, [{0x60, 0x1, [@m_ct={0x5c, 0x1, 0x0, 0x0, {{0x7}, {0x34, 0x2, 0x0, 0x1, [@TCA_CT_NAT_PORT_MIN={0x6}, @TCA_CT_PARMS={0x18, 0x1, {0xf, 0x0, 0x3}}, @TCA_CT_ACTION={0x6, 0x3, 0x19}, @TCA_CT_NAT_PORT_MAX={0x6, 0xe, 0x4e24}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x74}, 0x1, 0x0, 0x0, 0x604ff3648f564820}, 0x40)
r1 = open(&(0x7f0000000280)='./file0\x00', 0x325082, 0x43)
mknodat$loop(r1, &(0x7f0000000200)='./file1\x00', 0x800, 0x1)
r2 = open(&(0x7f00000005c0)='./file1\x00', 0x20000, 0x718bb647156ec2f6)
chdir(&(0x7f0000000000)='./bus\x00')
linkat(r1, &(0x7f0000000100)='./file1\x00', r2, &(0x7f0000000180)='./file0\x00', 0x1000)
symlink(&(0x7f0000000140)='./file1\x00', &(0x7f00000001c0)='./file1\x00')
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x80) (async)
mkdir(&(0x7f0000000200)='./file1\x00', 0x0) (async)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0) (async)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f00000003c0)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}]}) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001440)=@newtaction={0x74, 0x30, 0xb, 0x0, 0x0, {}, [{0x60, 0x1, [@m_ct={0x5c, 0x1, 0x0, 0x0, {{0x7}, {0x34, 0x2, 0x0, 0x1, [@TCA_CT_NAT_PORT_MIN={0x6}, @TCA_CT_PARMS={0x18, 0x1, {0xf, 0x0, 0x3}}, @TCA_CT_ACTION={0x6, 0x3, 0x19}, @TCA_CT_NAT_PORT_MAX={0x6, 0xe, 0x4e24}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x74}, 0x1, 0x0, 0x0, 0x604ff3648f564820}, 0x40) (async)
open(&(0x7f0000000280)='./file0\x00', 0x325082, 0x43) (async)
mknodat$loop(r1, &(0x7f0000000200)='./file1\x00', 0x800, 0x1) (async)
open(&(0x7f00000005c0)='./file1\x00', 0x20000, 0x718bb647156ec2f6) (async)
chdir(&(0x7f0000000000)='./bus\x00') (async)
linkat(r1, &(0x7f0000000100)='./file1\x00', r2, &(0x7f0000000180)='./file0\x00', 0x1000) (async)
symlink(&(0x7f0000000140)='./file1\x00', &(0x7f00000001c0)='./file1\x00') (async)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0) (async)

146.120519ms ago: executing program 4 (id=3767):
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r0 = socket(0x400000000010, 0x3, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x100, 0xe}}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x4}, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
r4 = socket$kcm(0x11, 0x3, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
r7 = socket(0x400000000010, 0x3, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000004c0)=@newtfilter={0x8c, 0x2c, 0xd27, 0x70bd26, 0x25dfdbfe, {0x0, 0x0, 0x0, r6, {0xb, 0xfff3}, {}, {0x7}}, [@filter_kind_options=@f_matchall={{0xd}, {0x58, 0x2, [@TCA_MATCHALL_ACT={0x54, 0x2, [@m_skbedit={0x50, 0x1, 0x0, 0x0, {{0xc}, {0x24, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PARMS={0x18, 0x2, {0x3, 0x1, 0x5, 0x40, 0x401}}, @TCA_SKBEDIT_PRIORITY={0x8, 0x3, {0x10, 0x6}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x810}, 0x0)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r8)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$kcm(r4, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x7, r9, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000002300)="81", 0x1}], 0x1}, 0x4)

145.66852ms ago: executing program 5 (id=3768):
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
ioctl$sock_netrom_SIOCADDRT(r0, 0x890b, &(0x7f00000001c0)={0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x2, 'syz1\x00', @bcast, 0x40005, 0x1, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @default]})

145.193178ms ago: executing program 6 (id=3769):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$smc(&(0x7f0000000280), r0)
sendmsg$SMC_PNETID_GET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, r1, 0x9df36cc7d1878f77, 0x70bd28, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0xf000, 0x80}, 0x4080)

84.560389ms ago: executing program 6 (id=3770):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000540)=@newlink={0x40, 0x10, 0x403, 0x0, 0x0, {}, [@IFLA_ALT_IFNAME={0x14, 0x35, 'wlan0\x00'}, @IFLA_ADDRESS={0xa, 0x1, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000000}, 0x1000000)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x9, 0x0, 0x0, {0x2, 0x0, 0xfffd}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}]}, @NFT_MSG_DELOBJ={0x34, 0x14, 0xa, 0x3, 0x0, 0x0, {0x2}, [@NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x9}, @NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x2}]}], {0x14}}, 0x98}}, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000000580)={0x2020, 0x0, 0x0, <r3=>0x0}, 0x2020)
quotactl_fd$Q_GETINFO(r2, 0xffffffff80000502, r3, &(0x7f00000025c0))
getsockopt$inet_int(r0, 0x0, 0x13, 0x0, &(0x7f0000000040))
r4 = syz_io_uring_setup(0xf00, &(0x7f0000000080)={0x0, 0x0, 0xc00, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0, &(0x7f0000000180)=<r7=>0x0)
r8 = accept4$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14, 0x800)
accept$packet(r8, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000300)=0x14)
syz_io_uring_submit(r5, r6, r7, &(0x7f00000001c0)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x16, 0x1})
r9 = syz_open_dev$loop(&(0x7f00000002c0), 0x101, 0x0)
ioctl$FAT_IOCTL_SET_ATTRIBUTES(r9, 0x40047211, &(0x7f00000003c0)=0x10)
io_uring_enter(r4, 0x1, 0x1, 0x1, 0x0, 0x0)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r10, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r12=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x38, r11, 0x5, 0x0, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r12}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0x1c, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT={0x6, 0xa, 0xd6}, @NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL={0x6, 0xc, 0x1}, @NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL={0x6, 0x19, 0x8}]}]}, 0x38}}, 0x0)

84.13142ms ago: executing program 5 (id=3771):
mkdirat(0xffffffffffffff9c, &(0x7f00000021c0)='./file0\x00', 0x3a)
mount$tmpfs(0x0, &(0x7f0000002040)='./file0\x00', &(0x7f0000002200), 0x1000000, 0x0) (async)
mount$tmpfs(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2b00b8, &(0x7f00000002c0)={[{@grpquota_block_hardlimit={'grpquota_block_hardlimit', 0x3d, [0x38, 0x65]}}]})
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x9}]}, 0x24}, 0x1, 0x0, 0x0, 0x24004040}, 0x0) (async)
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)={0x80, r1, 0x5, 0x70bd26, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x4c, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @val={0x4, 0x6, {0x0, 0x7, 0x9, 0x7}}, @void, @void, @void, @void, @void, @val={0x2d, 0x1a, {0x1, 0x1, 0x7, 0x0, {0xa600000000000000, 0x2, 0x0, 0x3fe, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x9, 0x3}}, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0x3}]}, 0x80}}, 0x20000014)

733.249µs ago: executing program 5 (id=3772):
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x80000, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xf, 0xf}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=@newqdisc={0x38, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0x25dfdbff, {0x0, 0x0, 0x0, r7, {0x8}, {0xffff, 0xffff}, {0x2, 0x1}}, [@qdisc_kind_options=@q_skbprio={{0xc}, {0x8, 0x2, 0x7}}]}, 0x38}, 0x1, 0x0, 0x0, 0x204c8cc}, 0x4000080)
r8 = socket(0x400000000010, 0x3, 0x0)
r9 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd28, 0xfffff000, {0x0, 0x0, 0x0, r10, {0xf000, 0xffff}, {}, {0x7, 0xfff3}}, [@filter_kind_options=@f_route={{0xa}, {0xc, 0x2, [@TCA_ROUTE4_CLASSID={0x8, 0x1, {0x0, 0xfff1}}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x20000800)
ioctl$sock_netrom_SIOCADDRT(r0, 0x890b, &(0x7f0000000280)={0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @bpq0, 0xffff, 'syz0\x00', @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0xfffffdba, 0x1, [@default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @default, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}]})
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r11 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB='gd=', @ANYRESHEX=r11, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB="2c67726fc50ac618f9", @ANYBLOB="59750600000000ff0000a2e9504c7670a00a2a44797eb4a0ec1564a5f3083c2b88e0891f2a03143d0d05000bd97c336e4f64034a"])
ioctl$sock_netrom_SIOCADDRT(r0, 0x890b, &(0x7f0000000000)={0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x6, 'syz1\x00', @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, 0x1, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default]})
close(r11)
ioctl$sock_netrom_SIOCADDRT(r0, 0x890b, &(0x7f0000000300)={0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @bpq0, 0x9, 'syz0\x00', @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x82e, 0x4, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}]})
ioctl$sock_netrom_SIOCADDRT(r0, 0x890b, &(0x7f00000001c0)={0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x2, 'syz1\x00', @bcast, 0x40005, 0x1, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @default]})
ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000080))

0s ago: executing program 6 (id=3773):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000190c0)='syscall\x00')
pread64(r1, &(0x7f0000000080)=""/102356, 0x18fd4, 0x200)
r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000500)={&(0x7f0000019100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xfc, 0xfc, 0x8, [@var={0xb, 0x0, 0x0, 0xe, 0x4, 0x2}, @type_tag={0x2, 0x0, 0x0, 0x12, 0x2}, @enum={0x8, 0x5, 0x0, 0x6, 0x4, [{0xd, 0xe}, {0xc, 0x4}, {0x1, 0x8}, {0xa, 0x9e}, {0x7, 0x5}]}, @int={0x7, 0x0, 0x0, 0x1, 0x0, 0x74, 0x0, 0x45}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x5, 0x1, 0x2}}, @type_tag={0x1, 0x0, 0x0, 0x12, 0x5}, @union={0xb, 0x7, 0x0, 0x5, 0x0, 0x46, [{0x7, 0x1, 0x8}, {0x5, 0x4, 0x8}, {0xe, 0x3, 0x9}, {0xa, 0x2, 0x3}, {0x3, 0x3, 0x6}, {0xd, 0x0, 0x3}, {0x0, 0x5, 0x7}]}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x5, 0x3, 0x4}}]}, {0x0, [0x0, 0x0, 0x5f, 0x30, 0x0, 0x0]}}, &(0x7f0000000400)=""/203, 0x11c, 0xcb, 0x0, 0x5}, 0x28)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f00000003c0)={0x0, <r3=>0x0}, 0x8)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000080)=r3, 0x4)
r4 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f00000005c0), 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000680)={{0x1}, &(0x7f0000000600), &(0x7f0000000640)}, 0x20) (async)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000680)={{0x1, <r5=>0xffffffffffffffff}, &(0x7f0000000600), &(0x7f0000000640)}, 0x20)
r6 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000005c0), 0x2, 0x0)
r7 = openat$selinux_policy(0xffffff9c, &(0x7f00000002c0), 0x0, 0x0)
ioctl$LOOP_SET_STATUS(r0, 0x4c02, &(0x7f0000019240)={0x0, {}, 0x0, {}, 0x4, 0x4, 0xf, 0x1d, "cf3dd2a1d46d3e0fc4ee48630bfd5f3b7a9b528d607e2ed717261deeb388ee85ca97040cd85b5e22af2faff0557882b017dcc46d3d16cf123d84cf61dea4c7a0", "f7ff457ffb8d693dce1d95dba775b56877366f9ad86ff5076c145844ebb7736b", [0xa, 0x8]}) (async)
ioctl$LOOP_SET_STATUS(r0, 0x4c02, &(0x7f0000019240)={0x0, {}, 0x0, {}, 0x4, 0x4, 0xf, 0x1d, "cf3dd2a1d46d3e0fc4ee48630bfd5f3b7a9b528d607e2ed717261deeb388ee85ca97040cd85b5e22af2faff0557882b017dcc46d3d16cf123d84cf61dea4c7a0", "f7ff457ffb8d693dce1d95dba775b56877366f9ad86ff5076c145844ebb7736b", [0xa, 0x8]})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r7, 0x0)
write$selinux_load(r6, &(0x7f0000000000)=ANY=[], 0x190ec)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r8=>0xffffffffffffffff})
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.swap.events\x00', 0x275a, 0x0)
setsockopt$sock_attach_bpf(r8, 0x1, 0x2a, &(0x7f0000000100)=r9, 0x4) (async)
setsockopt$sock_attach_bpf(r8, 0x1, 0x2a, &(0x7f0000000100)=r9, 0x4)
syz_init_net_socket$netrom(0x6, 0x5, 0x0) (async)
r10 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
connect$netrom(r10, &(0x7f0000000300)={{0x6, @rose, 0x8}, [@default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default]}, 0x48) (async)
connect$netrom(r10, &(0x7f0000000300)={{0x6, @rose, 0x8}, [@default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default]}, 0x48)
syz_init_net_socket$netrom(0x6, 0x5, 0x0) (async)
r11 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
bind$netrom(r11, &(0x7f00000004c0)={{0x6, @rose, 0x1}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null]}, 0x48)
listen(r11, 0x80) (async)
listen(r11, 0x80)
r12 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000700)=@generic={&(0x7f00000006c0)='./file0\x00', 0x0, 0x10}, 0x18)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000007c0)={{r0, <r13=>0xffffffffffffffff}, &(0x7f0000000740), &(0x7f0000000780)='%ps    \x00'}, 0x20)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000880)={{0x1, <r14=>0xffffffffffffffff}, &(0x7f0000000800), &(0x7f0000000840)='%-010d \x00'}, 0x20)
r15 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000008c0)={0x1b, 0x0, 0x0, 0x8, 0x0, 0xffffffffffffffff, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x2, 0x2}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x16, 0x15, &(0x7f0000000080)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xf6}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@generic={0x1, 0x4, 0x0, 0x9, 0x2}, @tail_call], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000140)='GPL\x00', 0x3, 0xe8, &(0x7f00000001c0)=""/232, 0x40f00, 0x6, '\x00', 0x0, @flow_dissector, r2, 0x8, &(0x7f0000000540)={0x2, 0x4}, 0x8, 0x10, &(0x7f0000000580)={0x5, 0x1, 0x81, 0xfffffffc}, 0x10, r3, r4, 0x0, &(0x7f0000000940)=[r5, r9, 0x1, r12, r13, 0x1, r14, r15], 0x0, 0x10, 0x80000000}, 0x94) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x16, 0x15, &(0x7f0000000080)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xf6}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@generic={0x1, 0x4, 0x0, 0x9, 0x2}, @tail_call], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000140)='GPL\x00', 0x3, 0xe8, &(0x7f00000001c0)=""/232, 0x40f00, 0x6, '\x00', 0x0, @flow_dissector, r2, 0x8, &(0x7f0000000540)={0x2, 0x4}, 0x8, 0x10, &(0x7f0000000580)={0x5, 0x1, 0x81, 0xfffffffc}, 0x10, r3, r4, 0x0, &(0x7f0000000940)=[r5, r9, 0x1, r12, r13, 0x1, r14, r15], 0x0, 0x10, 0x80000000}, 0x94)
sendmsg$nl_route(r0, &(0x7f00000102c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=@newlink={0x40, 0x10, 0x401, 0xfffffffc, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_QUERY_INTVL={0xc, 0x21, 0xfffffffffffffff7}]}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x8100}, 0x0) (async)
sendmsg$nl_route(r0, &(0x7f00000102c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=@newlink={0x40, 0x10, 0x401, 0xfffffffc, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_QUERY_INTVL={0xc, 0x21, 0xfffffffffffffff7}]}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x8100}, 0x0)

kernel console output (not intermixed with test programs):

d084816038 R14: 00007fd084815fa0 R15: 00007fff3136cbb8
[  401.659747][T28787]  </TASK>
[  401.659865][T28787] ERROR: Out of memory at tomoyo_realpath_from_path.
[  401.746629][T28787] Bluetooth: (null): Too short H5 packet
[  401.749064][  T217] Bluetooth: (null): Invalid header checksum
[  401.917299][T28799] loop2: detected capacity change from 0 to 7
[  401.922298][T28799] Dev loop2: unable to read RDB block 7
[  401.924973][T28799]  loop2: unable to read partition table
[  401.927571][T28799] loop2: partition table beyond EOD, truncated
[  401.932462][T28799] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  402.044744][T28810] syzkaller0: entered promiscuous mode
[  402.055801][T28810] syzkaller0: entered allmulticast mode
[  402.213947][ T6018] usb 7-1: new high-speed USB device number 43 using dummy_hcd
[  402.268879][T28825] netlink: 'syz.4.3519': attribute type 12 has an invalid length.
[  402.364053][ T6018] usb 7-1: Using ep0 maxpacket: 16
[  402.367600][ T6018] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  402.374576][ T6018] usb 7-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  402.379446][ T6018] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  402.382829][ T6018] usb 7-1: Product: syz
[  402.384466][ T6018] usb 7-1: Manufacturer: syz
[  402.386120][ T6018] usb 7-1: SerialNumber: syz
[  402.389772][ T6018] usb 7-1: config 0 descriptor??
[  402.396705][ T6018] em28xx 7-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  402.400199][ T6018] em28xx 7-1:0.0: DVB interface 0 found: bulk
[  402.504002][   T54] usb 9-1: new high-speed USB device number 41 using dummy_hcd
[  402.559282][T28840] fuse: fd is not a fuse device
[  402.653982][   T54] usb 9-1: Using ep0 maxpacket: 32
[  402.658678][   T54] usb 9-1: config index 0 descriptor too short (expected 29220, got 36)
[  402.663927][   T54] usb 9-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  402.667802][   T54] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 81
[  402.670985][T28849] netlink: 16 bytes leftover after parsing attributes in process `syz.6.3525'.
[  402.671325][   T54] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  402.674735][T28849] openvswitch: netlink: Flow key attr not present in new flow.
[  402.678175][   T54] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  402.678205][   T54] usb 9-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  402.678245][   T54] usb 9-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  402.678259][   T54] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  402.701079][   T54] usb 9-1: config 0 descriptor??
[  402.854055][ T8753] usb 10-1: new high-speed USB device number 28 using dummy_hcd
[  402.911330][   T54] usblp 9-1:0.0: usblp0: USB Bidirectional printer dev 41 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  402.922997][   T54] usb 9-1: USB disconnect, device number 41
[  402.930069][   T54] usblp0: removed
[  403.001346][ T6018] em28xx 7-1:0.0: unknown em28xx chip ID (0)
[  403.005255][ T8753] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  403.009383][ T8753] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  403.012886][ T8753] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  403.017329][ T8753] usb 10-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  403.020532][ T8753] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  403.024940][ T8753] usb 10-1: config 0 descriptor??
[  403.095794][T28878] fuse: fd is not a fuse device
[  403.353882][ T6045] usb 9-1: new high-speed USB device number 42 using dummy_hcd
[  403.411494][    C1] raw-gadget.0 gadget.2: ignoring, device is not running
[  403.414746][ T6018] em28xx 7-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  403.418011][ T6018] em28xx 7-1:0.0: board has no eeprom
[  403.452980][ T8753] plantronics 0003:047F:FFFF.0014: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0
[  403.473945][ T6018] em28xx 7-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  403.476907][ T6018] em28xx 7-1:0.0: dvb set to bulk mode.
[  403.479206][   T53] em28xx 7-1:0.0: Binding DVB extension
[  403.497822][ T6018] usb 7-1: USB disconnect, device number 43
[  403.504864][ T6018] em28xx 7-1:0.0: Disconnecting em28xx
[  403.507282][ T6045] usb 9-1: Using ep0 maxpacket: 32
[  403.517873][ T6045] usb 9-1: config index 0 descriptor too short (expected 29220, got 36)
[  403.522601][   T53] em28xx 7-1:0.0: Registering input extension
[  403.528530][ T6045] usb 9-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  403.534676][ T6018] em28xx 7-1:0.0: Closing input extension
[  403.537632][ T6045] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 81
[  403.545760][ T6045] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  403.550849][ T6045] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  403.558216][ T6018] em28xx 7-1:0.0: Freeing device
[  403.560799][ T6045] usb 9-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  403.567512][ T6045] usb 9-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  403.571330][ T6045] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  403.582062][ T6045] usb 9-1: config 0 descriptor??
[  403.649143][ T8753] usb 10-1: USB disconnect, device number 28
[  403.734502][T28927] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  403.804630][ T6045] usblp 9-1:0.0: usblp0: USB Bidirectional printer dev 42 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  403.977608][T28935] netlink: 'syz.2.3531': attribute type 1 has an invalid length.
[  403.983670][T28935] netlink: 244 bytes leftover after parsing attributes in process `syz.2.3531'.
[  404.009221][ T6045] usb 9-1: USB disconnect, device number 42
[  404.017049][ T6045] usblp0: removed
[  404.041078][T28945] FAULT_INJECTION: forcing a failure.
[  404.041078][T28945] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  404.046716][T28945] CPU: 1 UID: 0 PID: 28945 Comm: syz.2.3532 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  404.046748][T28945] Tainted: [L]=SOFTLOCKUP
[  404.046756][T28945] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  404.046768][T28945] Call Trace:
[  404.046776][T28945]  <TASK>
[  404.046791][T28945]  dump_stack_lvl+0x100/0x190
[  404.046825][T28945]  should_fail_ex.cold+0x5/0xa
[  404.046853][T28945]  _copy_to_user+0x32/0xd0
[  404.046882][T28945]  simple_read_from_buffer+0xcb/0x170
[  404.046909][T28945]  proc_fail_nth_read+0x1af/0x230
[  404.046932][T28945]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  404.046953][T28945]  ? rw_verify_area+0xce/0x6d0
[  404.046983][T28945]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  404.047002][T28945]  vfs_read+0x1e4/0xb30
[  404.047026][T28945]  ? __pfx_vfs_read+0x10/0x10
[  404.047045][T28945]  ? __fget_files+0x215/0x3d0
[  404.047070][T28945]  ? __fget_files+0x21f/0x3d0
[  404.047101][T28945]  ksys_read+0x12a/0x250
[  404.047121][T28945]  ? __pfx_ksys_read+0x10/0x10
[  404.047142][T28945]  ? rcu_is_watching+0x12/0xc0
[  404.047175][T28945]  do_syscall_64+0x10b/0xf80
[  404.047201][T28945]  ? clear_bhb_loop+0x40/0x90
[  404.047224][T28945]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  404.047244][T28945] RIP: 0033:0x7f0b4c35d04e
[  404.047261][T28945] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  404.047278][T28945] RSP: 002b:00007f0b4d1bbfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  404.047297][T28945] RAX: ffffffffffffffda RBX: 00007f0b4d1bc6c0 RCX: 00007f0b4c35d04e
[  404.047309][T28945] RDX: 000000000000000f RSI: 00007f0b4d1bc0a0 RDI: 0000000000000005
[  404.047320][T28945] RBP: 00007f0b4d1bc090 R08: 0000000000000000 R09: 0000000000000000
[  404.047332][T28945] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  404.047342][T28945] R13: 00007f0b4c616038 R14: 00007f0b4c615fa0 R15: 00007fff2703df38
[  404.047369][T28945]  </TASK>
[  404.202403][T28948] qrtr: Invalid version 0
[  404.309775][ T5959] Bluetooth: hci4: unexpected event for opcode 0xffff
[  404.327567][T28954] syzkaller0: entered promiscuous mode
[  404.330186][T28954] syzkaller0: entered allmulticast mode
[  404.754352][ T6018] usb 7-1: new high-speed USB device number 44 using dummy_hcd
[  404.813888][ T6045] usb 9-1: new high-speed USB device number 43 using dummy_hcd
[  404.914062][ T6018] usb 7-1: Using ep0 maxpacket: 16
[  404.931894][ T6018] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  404.935670][ T6018] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  404.939677][ T6018] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  404.947116][ T6018] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  404.950507][ T6018] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  404.956881][ T6018] usb 7-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  404.960888][ T6018] usb 7-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  404.963973][ T6018] usb 7-1: Manufacturer: syz
[  404.968042][ T6018] usb 7-1: config 0 descriptor??
[  404.974492][ T6045] usb 9-1: Using ep0 maxpacket: 16
[  404.981298][ T6045] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  404.989019][ T6045] usb 9-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  404.993796][ T6045] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  404.998467][ T6045] usb 9-1: Product: syz
[  405.000076][ T6045] usb 9-1: Manufacturer: syz
[  405.001761][ T6045] usb 9-1: SerialNumber: syz
[  405.006243][ T6045] usb 9-1: config 0 descriptor??
[  405.014841][ T6045] em28xx 9-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  405.018909][ T6045] em28xx 9-1:0.0: DVB interface 0 found: bulk
[  405.283979][ T6018] rc_core: IR keymap rc-hauppauge not found
[  405.286132][ T6018] Registered IR keymap rc-empty
[  405.287810][ T6018] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  405.304255][ T6018] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  405.331132][ T6018] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/rc/rc0
[  405.347049][ T6018] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/rc/rc0/input65
[  405.356709][   T40] kauditd_printk_skb: 178 callbacks suppressed
[  405.356727][   T40] audit: type=1400 audit(1777427955.380:12227): avc:  denied  { read } for  pid=5342 comm="acpid" name="event4" dev="devtmpfs" ino=4070 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  405.369777][ T6018] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  405.373326][   T40] audit: type=1400 audit(1777427955.380:12228): avc:  denied  { open } for  pid=5342 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=4070 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  405.381438][   T40] audit: type=1400 audit(1777427955.380:12229): avc:  denied  { ioctl } for  pid=5342 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=4070 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  405.390352][ T6018] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  405.390861][   T40] audit: type=1400 audit(1777427955.380:12230): avc:  denied  { map_create } for  pid=28989 comm="syz.6.3542" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  405.404080][ T6018] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  405.416522][   T40] audit: type=1400 audit(1777427955.380:12231): avc:  denied  { perfmon } for  pid=28989 comm="syz.6.3542" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  405.424286][ T6018] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  405.429835][   T40] audit: type=1400 audit(1777427955.380:12232): avc:  denied  { map_read map_write } for  pid=28989 comm="syz.6.3542" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  405.444170][ T6018] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  405.450400][   T40] audit: type=1400 audit(1777427955.380:12233): avc:  denied  { prog_load } for  pid=28989 comm="syz.6.3542" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  405.460129][   T40] audit: type=1400 audit(1777427955.400:12234): avc:  denied  { prog_run } for  pid=28989 comm="syz.6.3542" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  405.464313][ T6018] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  405.485849][ T6018] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  405.503843][   T40] audit: type=1400 audit(1777427955.520:12235): avc:  denied  { create } for  pid=28999 comm="syz.6.3543" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1
[  405.504306][ T6018] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  405.532291][   T40] audit: type=1400 audit(1777427955.550:12236): avc:  denied  { sys_admin } for  pid=28999 comm="syz.6.3543" capability=21  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1
[  405.544057][ T6018] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  405.564152][ T6018] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  405.589629][ T6018] mceusb 7-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  405.594254][ T6018] mceusb 7-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  405.613416][ T6018] usb 7-1: USB disconnect, device number 44
[  405.623331][ T6045] em28xx 9-1:0.0: unknown em28xx chip ID (0)
[  405.745962][ T5959] Bluetooth: hci1: unexpected event for opcode 0xffff
[  405.877880][T29021] fuse: fd is not a fuse device
[  406.065859][ T6045] em28xx 9-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  406.069223][ T6045] em28xx 9-1:0.0: board has no eeprom
[  406.134017][ T6045] em28xx 9-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  406.137422][ T6045] em28xx 9-1:0.0: dvb set to bulk mode.
[  406.140261][ T6018] em28xx 9-1:0.0: Binding DVB extension
[  406.153469][ T6045] usb 9-1: USB disconnect, device number 43
[  406.161124][ T6045] em28xx 9-1:0.0: Disconnecting em28xx
[  406.189589][ T6018] em28xx 9-1:0.0: Registering input extension
[  406.194055][ T6045] em28xx 9-1:0.0: Closing input extension
[  406.267420][ T6045] em28xx 9-1:0.0: Freeing device
[  406.658854][T29062] iommufd_mock iommufd_mock0: Adding to iommu group 9
[  406.710272][T29068] sg_write: data in/out 262109/64 bytes for SCSI command 0x69-- guessing data in;
[  406.710272][T29068]    program syz.4.3553 not setting count and/or reply_len properly
[  406.722932][T29068] openvswitch: netlink: IPv6 tunnel dst address is zero
[  406.915087][   T39] usb 7-1: new high-speed USB device number 45 using dummy_hcd
[  407.124790][   T39] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  407.128838][   T39] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  407.132477][   T39] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  407.137290][   T39] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  407.145024][   T39] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  407.193983][ T6018] usb 9-1: new high-speed USB device number 44 using dummy_hcd
[  407.200899][   T39] usb 7-1: config 0 descriptor??
[  407.367474][ T6018] usb 9-1: Using ep0 maxpacket: 16
[  407.371937][ T6018] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  407.375820][ T6018] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  407.380237][ T6018] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  407.383655][ T6018] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  407.386936][ T6018] usb 9-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  407.392192][ T6018] usb 9-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  407.395841][ T6018] usb 9-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  407.399127][ T6018] usb 9-1: Manufacturer: syz
[  407.403256][ T6018] usb 9-1: config 0 descriptor??
[  407.659136][   T39] plantronics 0003:047F:FFFF.0015: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  407.707352][ T6018] rc_core: IR keymap rc-hauppauge not found
[  407.709571][ T6018] Registered IR keymap rc-empty
[  407.711298][ T6018] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  407.733901][ T6018] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  407.755267][ T6018] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:0.0/rc/rc0
[  407.789521][ T6018] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:0.0/rc/rc0/input67
[  407.796205][ T6018] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  407.831252][ T6018] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  407.854684][ T8753] usb 7-1: USB disconnect, device number 45
[  407.857075][ T6018] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  407.873955][ T6018] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  407.927863][ T6018] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  407.948271][ T6018] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  407.964560][ T6018] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  407.984079][ T6018] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  408.003979][ T6018] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  408.038796][ T6018] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  408.058658][ T6018] mceusb 9-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  408.062736][ T6018] mceusb 9-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  408.068007][ T6018] usb 9-1: USB disconnect, device number 44
[  408.704073][ T6018] usb 7-1: new high-speed USB device number 46 using dummy_hcd
[  408.839174][T29023] netlink: 'syz.6.3547': attribute type 12 has an invalid length.
[  408.853949][ T6018] usb 7-1: Using ep0 maxpacket: 16
[  408.857838][ T6018] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  408.863666][ T6018] usb 7-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  408.867026][ T6018] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  408.891153][ T6018] usb 7-1: Product: syz
[  408.903621][ T6018] usb 7-1: Manufacturer: syz
[  408.905790][ T6018] usb 7-1: SerialNumber: syz
[  408.911433][ T6018] usb 7-1: config 0 descriptor??
[  408.918068][ T6018] em28xx 7-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  408.933980][ T6018] em28xx 7-1:0.0: DVB interface 0 found: bulk
[  408.986754][T29146] FAULT_INJECTION: forcing a failure.
[  408.986754][T29146] name failslab, interval 1, probability 0, space 0, times 0
[  408.992808][T29146] CPU: 1 UID: 0 PID: 29146 Comm: syz.5.3561 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  408.992836][T29146] Tainted: [L]=SOFTLOCKUP
[  408.992843][T29146] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  408.992854][T29146] Call Trace:
[  408.992861][T29146]  <TASK>
[  408.992870][T29146]  dump_stack_lvl+0x100/0x190
[  408.992922][T29146]  should_fail_ex.cold+0x5/0xa
[  408.992950][T29146]  ? tomoyo_realpath_from_path+0xb6/0x690
[  408.992975][T29146]  should_failslab+0xc2/0x120
[  408.992997][T29146]  __kmalloc_noprof+0xe0/0x850
[  408.993024][T29146]  ? kfree+0x1dd/0x6c0
[  408.993051][T29146]  tomoyo_realpath_from_path+0xb6/0x690
[  408.993081][T29146]  tomoyo_path_number_perm+0x23c/0x580
[  408.993100][T29146]  ? tomoyo_path_number_perm+0x22e/0x580
[  408.993121][T29146]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  408.993166][T29146]  ? find_held_lock+0x2b/0x80
[  408.993185][T29146]  ? __fget_files+0x215/0x3d0
[  408.993208][T29146]  ? hook_file_ioctl_common+0x149/0x410
[  408.993232][T29146]  ? __fget_files+0x215/0x3d0
[  408.993257][T29146]  ? __fget_files+0x21f/0x3d0
[  408.993283][T29146]  security_file_ioctl+0xd3/0x230
[  408.993310][T29146]  __x64_sys_ioctl+0xb7/0x210
[  408.993331][T29146]  do_syscall_64+0x10b/0xf80
[  408.993353][T29146]  ? clear_bhb_loop+0x40/0x90
[  408.993375][T29146]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  408.993394][T29146] RIP: 0033:0x7f60f739c819
[  408.993413][T29146] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  408.993430][T29146] RSP: 002b:00007f60f817f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  408.993450][T29146] RAX: ffffffffffffffda RBX: 00007f60f7615fa0 RCX: 00007f60f739c819
[  408.993462][T29146] RDX: 0000200000000000 RSI: 000000000000890b RDI: 0000000000000004
[  408.993472][T29146] RBP: 00007f60f817f090 R08: 0000000000000000 R09: 0000000000000000
[  408.993483][T29146] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  408.993493][T29146] R13: 00007f60f7616038 R14: 00007f60f7615fa0 R15: 00007ffdabae3a48
[  408.993523][T29146]  </TASK>
[  408.993587][T29146] ERROR: Out of memory at tomoyo_realpath_from_path.
[  409.544367][ T6018] em28xx 7-1:0.0: unknown em28xx chip ID (0)
[  409.613434][ T5959] Bluetooth: hci1: unexpected event for opcode 0xff03
[  409.959608][ T6018] em28xx 7-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  409.965522][ T6018] em28xx 7-1:0.0: board has no eeprom
[  410.044134][ T6018] em28xx 7-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  410.047860][ T6018] em28xx 7-1:0.0: dvb set to bulk mode.
[  410.064582][ T6045] em28xx 7-1:0.0: Binding DVB extension
[  410.072575][ T6018] usb 7-1: USB disconnect, device number 46
[  410.076852][ T6018] em28xx 7-1:0.0: Disconnecting em28xx
[  410.107596][ T6045] em28xx 7-1:0.0: Registering input extension
[  410.110222][ T6018] em28xx 7-1:0.0: Closing input extension
[  410.124825][ T6018] em28xx 7-1:0.0: Freeing device
[  410.204163][   T53] usb 9-1: new high-speed USB device number 45 using dummy_hcd
[  410.286273][T29207] syzkaller0: entered promiscuous mode
[  410.289005][T29207] syzkaller0: entered allmulticast mode
[  410.361420][   T53] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  410.365263][   T53] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  410.368773][   T53] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  410.376368][   T53] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  410.382211][   T53] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  410.392722][   T53] usb 9-1: config 0 descriptor??
[  410.408143][   T40] kauditd_printk_skb: 87 callbacks suppressed
[  410.408159][   T40] audit: type=1400 audit(1777427960.430:12324): avc:  denied  { create } for  pid=29212 comm="syz.6.3571" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  410.421044][   T40] audit: type=1400 audit(1777427960.430:12325): avc:  denied  { map_create } for  pid=29212 comm="syz.6.3571" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  410.430412][   T40] audit: type=1400 audit(1777427960.440:12326): avc:  denied  { connect } for  pid=29212 comm="syz.6.3571" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  410.444510][T29214] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3571'.
[  410.452005][   T40] audit: type=1400 audit(1777427960.460:12327): avc:  denied  { write } for  pid=29212 comm="syz.6.3571" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  410.462598][   T40] audit: type=1400 audit(1777427960.470:12328): avc:  denied  { read } for  pid=29212 comm="syz.6.3571" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  410.614079][ T5959] Bluetooth: hci4: unexpected event for opcode 0xff03
[  410.639145][   T40] audit: type=1400 audit(1777427960.660:12329): avc:  denied  { create } for  pid=29221 comm="syz.6.3572" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  410.731890][T29226] FAULT_INJECTION: forcing a failure.
[  410.731890][T29226] name failslab, interval 1, probability 0, space 0, times 0
[  410.738107][T29226] CPU: 3 UID: 0 PID: 29226 Comm: syz.2.3574 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  410.738161][T29226] Tainted: [L]=SOFTLOCKUP
[  410.738169][T29226] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  410.738181][T29226] Call Trace:
[  410.738190][T29226]  <TASK>
[  410.738199][T29226]  dump_stack_lvl+0x100/0x190
[  410.745195][T29226]  should_fail_ex.cold+0x5/0xa
[  410.745500][T29226]  ? tomoyo_encode2+0xfb/0x3c0
[  410.745748][T29226]  should_failslab+0xc2/0x120
[  410.745987][T29226]  __kmalloc_noprof+0xe0/0x850
[  410.746015][T29226]  ? d_absolute_path+0x136/0x1b0
[  410.746043][T29226]  tomoyo_encode2+0xfb/0x3c0
[  410.746077][T29226]  tomoyo_encode+0x29/0x50
[  410.746097][T29226]  tomoyo_realpath_from_path+0x18c/0x690
[  410.746149][T29226]  tomoyo_path_number_perm+0x23c/0x580
[  410.746168][T29226]  ? tomoyo_path_number_perm+0x22e/0x580
[  410.746186][T29226]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  410.746231][T29226]  ? find_held_lock+0x2b/0x80
[  410.746553][T29226]  ? __fget_files+0x215/0x3d0
[  410.746575][T29226]  ? hook_file_ioctl_common+0x149/0x410
[  410.746600][T29226]  ? __fget_files+0x215/0x3d0
[  410.746626][T29226]  ? __fget_files+0x21f/0x3d0
[  410.746653][T29226]  security_file_ioctl+0xd3/0x230
[  410.747034][T29226]  __x64_sys_ioctl+0xb7/0x210
[  410.747057][T29226]  do_syscall_64+0x10b/0xf80
[  410.748167][T29226]  ? clear_bhb_loop+0x40/0x90
[  410.748193][T29226]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  410.748214][T29226] RIP: 0033:0x7f0b4c39c819
[  410.748234][T29226] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  410.748254][T29226] RSP: 002b:00007f0b4d1bc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  410.748278][T29226] RAX: ffffffffffffffda RBX: 00007f0b4c615fa0 RCX: 00007f0b4c39c819
[  410.748292][T29226] RDX: 0000200000000280 RSI: 0000000000005412 RDI: 0000000000000004
[  410.748305][T29226] RBP: 00007f0b4d1bc090 R08: 0000000000000000 R09: 0000000000000000
[  410.748317][T29226] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  410.748329][T29226] R13: 00007f0b4c616038 R14: 00007f0b4c615fa0 R15: 00007fff2703df38
[  410.748358][T29226]  </TASK>
[  410.848676][ T1168] Bluetooth: (null): Too short H5 packet
[  410.851292][ T1168] Bluetooth: (null): Invalid header checksum
[  410.851785][   T53] usbhid 9-1:0.0: can't add hid device: -71
[  410.858887][T29226] ERROR: Out of memory at tomoyo_realpath_from_path.
[  410.860059][   T53] usbhid 9-1:0.0: probe with driver usbhid failed with error -71
[  410.869790][   T53] usb 9-1: USB disconnect, device number 45
[  411.066626][   T40] audit: type=1400 audit(1777427961.070:12330): avc:  denied  { create } for  pid=29235 comm="syz.2.3575" anonclass=[userfaultfd] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  411.079791][   T40] audit: type=1400 audit(1777427961.070:12331): avc:  denied  { ioctl } for  pid=29235 comm="syz.2.3575" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=73904 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  411.280143][   T40] audit: type=1400 audit(1777427961.310:12332): avc:  denied  { read write } for  pid=29238 comm="syz.2.3576" name="fuse" dev="devtmpfs" ino=105 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1
[  411.291482][   T40] audit: type=1400 audit(1777427961.310:12333): avc:  denied  { open } for  pid=29238 comm="syz.2.3576" path="/dev/fuse" dev="devtmpfs" ino=105 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1
[  411.863429][ T8753] usb 7-1: new high-speed USB device number 47 using dummy_hcd
[  411.934702][T29258] loop2: detected capacity change from 0 to 7
[  411.942428][T29258] Dev loop2: unable to read RDB block 7
[  411.945033][T29258]  loop2: unable to read partition table
[  411.947481][T29258] loop2: partition table beyond EOD, truncated
[  411.950297][T29258] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  412.039004][ T8753] usb 7-1: Using ep0 maxpacket: 16
[  412.060050][ T8753] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  412.063958][ T8753] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  412.068397][ T8753] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  412.085570][ T8753] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  412.089613][ T8753] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  412.097369][ T8753] usb 7-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  412.101012][ T8753] usb 7-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  412.119042][ T8753] usb 7-1: Manufacturer: syz
[  412.124739][ T8753] usb 7-1: config 0 descriptor??
[  412.503961][ T8753] rc_core: IR keymap rc-hauppauge not found
[  412.506273][ T8753] Registered IR keymap rc-empty
[  412.508305][ T8753] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  412.534033][ T8753] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  412.556676][ T8753] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/rc/rc0
[  412.562289][ T8753] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/rc/rc0/input69
[  412.570880][ T8753] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  412.594464][ T8753] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  412.629251][ T8753] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  412.644784][ T8753] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  412.664040][ T8753] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  412.698334][ T8753] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  412.719055][ T8753] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  412.734576][ T8753] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  412.754080][ T8753] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  412.778251][ T8753] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  412.801188][ T8753] mceusb 7-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  412.805409][ T8753] mceusb 7-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  412.838976][ T8753] usb 7-1: USB disconnect, device number 47
[  412.981235][    C1] bridge0: port 3(syz_tun) entered forwarding state
[  412.983630][    C1] bridge0: topology change detected, propagating
[  413.157045][T29291] random: crng reseeded on system resumption
[  413.235770][ T5959] Bluetooth: hci4: unexpected event for opcode 0xff03
[  413.593854][   T53] usb 9-1: new high-speed USB device number 46 using dummy_hcd
[  413.693892][ T6018] usb 7-1: new high-speed USB device number 48 using dummy_hcd
[  413.754956][   T53] usb 9-1: Using ep0 maxpacket: 16
[  413.770861][   T53] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  413.836426][   T53] usb 9-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  413.839733][   T53] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  413.842458][   T53] usb 9-1: Product: syz
[  413.844473][   T53] usb 9-1: Manufacturer: syz
[  413.846222][   T53] usb 9-1: SerialNumber: syz
[  413.848999][ T6018] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  413.853917][ T6018] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  413.857045][ T6018] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  413.861768][   T53] usb 9-1: config 0 descriptor??
[  413.863539][ T6018] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  413.866865][ T6018] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  413.873827][   T53] em28xx 9-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  413.877637][   T53] em28xx 9-1:0.0: DVB interface 0 found: bulk
[  413.883561][ T6018] usb 7-1: config 0 descriptor??
[  414.307613][ T6018] usbhid 7-1:0.0: can't add hid device: -71
[  414.309685][ T6018] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  414.319638][ T6018] usb 7-1: USB disconnect, device number 48
[  414.496831][   T53] em28xx 9-1:0.0: unknown em28xx chip ID (0)
[  414.909203][T29222] netlink: 'syz.6.3572': attribute type 12 has an invalid length.
[  414.934210][   T53] em28xx 9-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  414.936812][   T53] em28xx 9-1:0.0: board has no eeprom
[  415.015317][   T53] em28xx 9-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  415.021234][   T53] em28xx 9-1:0.0: dvb set to bulk mode.
[  415.023247][ T6045] em28xx 9-1:0.0: Binding DVB extension
[  415.071389][   T53] usb 9-1: USB disconnect, device number 46
[  415.075591][   T53] em28xx 9-1:0.0: Disconnecting em28xx
[  415.082953][ T6045] em28xx 9-1:0.0: Registering input extension
[  415.086039][   T53] em28xx 9-1:0.0: Closing input extension
[  415.096174][   T53] em28xx 9-1:0.0: Freeing device
[  415.145873][T29366] bond0: option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0)
[  415.149691][T29366] bond0: option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0)
[  415.304952][ T6018] usb 7-1: new high-speed USB device number 49 using dummy_hcd
[  415.464021][ T6018] usb 7-1: Using ep0 maxpacket: 16
[  415.468631][ T6018] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  415.473093][ T6018] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  415.478682][ T6018] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  415.482705][ T6018] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  415.489465][ T6018] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  415.491025][   T40] kauditd_printk_skb: 55 callbacks suppressed
[  415.491038][   T40] audit: type=1400 audit(1777427965.510:12389): avc:  denied  { create } for  pid=29378 comm="syz.4.3595" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  415.496689][ T6018] usb 7-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  415.501604][T29379] netlink: 'syz.4.3595': attribute type 12 has an invalid length.
[  415.506346][ T6018] usb 7-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  415.506374][ T6018] usb 7-1: Manufacturer: syz
[  415.512337][ T6018] usb 7-1: config 0 descriptor??
[  415.764525][ T6024] usb 9-1: new high-speed USB device number 47 using dummy_hcd
[  415.795165][ T6018] rc_core: IR keymap rc-hauppauge not found
[  415.797742][ T6018] Registered IR keymap rc-empty
[  415.799844][ T6018] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  415.814053][ T6018] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  415.845124][ T6018] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/rc/rc0
[  415.851453][ T6018] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/rc/rc0/input71
[  415.859218][   T40] audit: type=1400 audit(1777427965.880:12390): avc:  denied  { read } for  pid=5342 comm="acpid" name="event4" dev="devtmpfs" ino=4111 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  415.861292][ T6018] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  415.867665][   T40] audit: type=1400 audit(1777427965.880:12391): avc:  denied  { open } for  pid=5342 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=4111 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  415.879530][   T40] audit: type=1400 audit(1777427965.880:12392): avc:  denied  { ioctl } for  pid=5342 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=4111 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  415.893992][ T6018] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  415.923907][ T6024] usb 9-1: Using ep0 maxpacket: 32
[  415.923961][ T6018] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  415.927895][   T40] audit: type=1400 audit(1777427965.950:12393): avc:  denied  { ioctl } for  pid=29378 comm="syz.4.3595" path="/dev/raw-gadget" dev="devtmpfs" ino=849 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  415.941884][   T40] audit: type=1400 audit(1777427965.960:12394): avc:  denied  { read } for  pid=29343 comm="syz.2.3590" name="event4" dev="devtmpfs" ino=4111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  415.947297][ T6018] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  415.951778][   T40] audit: type=1400 audit(1777427965.960:12395): avc:  denied  { open } for  pid=29343 comm="syz.2.3590" path="/dev/input/event4" dev="devtmpfs" ino=4111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  415.964797][ T6024] usb 9-1: config index 0 descriptor too short (expected 29220, got 36)
[  415.968652][ T6024] usb 9-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  415.971565][ T6024] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 81
[  415.974700][ T6018] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  415.974723][   T40] audit: type=1400 audit(1777427965.960:12396): avc:  denied  { recv } for  pid=5888 comm="syz-executor" saddr=127.0.0.1 src=36022 daddr=127.0.0.1 dest=30000 netif=lo scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1
[  415.986529][ T6024] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  415.987253][   T40] audit: type=1400 audit(1777427966.000:12397): avc:  denied  { allowed } for  pid=29393 comm="syz.6.3596" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  415.989889][ T6024] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  415.989933][ T6024] usb 9-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  415.989964][ T6024] usb 9-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  415.989976][ T6024] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  415.998526][ T6024] usb 9-1: config 0 descriptor??
[  416.001768][ T6018] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  416.015562][   T40] audit: type=1400 audit(1777427966.020:12398): avc:  denied  { create } for  pid=29393 comm="syz.6.3596" anonclass=[io_uring] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  416.043900][ T6018] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  416.063979][ T6018] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  416.085461][ T6018] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  416.114003][ T6018] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  416.147146][ T6018] mceusb 7-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  416.151094][ T6018] mceusb 7-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  416.158809][ T6018] usb 7-1: USB disconnect, device number 49
[  416.216210][ T6024] usblp 9-1:0.0: usblp0: USB Bidirectional printer dev 47 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  416.227635][ T6024] usb 9-1: USB disconnect, device number 47
[  416.236107][ T6024] usblp0: removed
[  416.359884][T29431] fuse: fd is not a fuse device
[  416.714579][ T6024] usb 9-1: new high-speed USB device number 48 using dummy_hcd
[  416.803255][T29455] iommufd_mock iommufd_mock0: Adding to iommu group 9
[  416.834012][ T6018] usb 7-1: new high-speed USB device number 50 using dummy_hcd
[  416.864861][ T6024] usb 9-1: Using ep0 maxpacket: 32
[  416.869138][ T6024] usb 9-1: config index 0 descriptor too short (expected 29220, got 36)
[  416.873002][ T6024] usb 9-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  416.876681][ T6024] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 81
[  416.880881][ T6024] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  416.886864][ T6024] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  416.891115][ T6024] usb 9-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  416.897711][ T6024] usb 9-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  416.901586][ T6024] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  416.909784][ T6024] usb 9-1: config 0 descriptor??
[  416.988727][ T6018] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  416.993390][ T6018] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  416.997729][ T6018] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  417.002693][ T6018] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  417.006012][ T6018] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  417.010493][ T6018] usb 7-1: config 0 descriptor??
[  417.118693][ T6024] usblp 9-1:0.0: usblp0: USB Bidirectional printer dev 48 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  417.317446][T29473] fuse: fd is not a fuse device
[  417.319832][ T8753] usb 9-1: USB disconnect, device number 48
[  417.327322][ T8753] usblp0: removed
[  417.422006][ T6018] usbhid 7-1:0.0: can't add hid device: -71
[  417.424766][ T6018] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  417.433122][ T6018] usb 7-1: USB disconnect, device number 50
[  417.933946][ T6018] usb 10-1: new high-speed USB device number 29 using dummy_hcd
[  418.009353][T29509] FAULT_INJECTION: forcing a failure.
[  418.009353][T29509] name failslab, interval 1, probability 0, space 0, times 0
[  418.014426][T29509] CPU: 0 UID: 0 PID: 29509 Comm: syz.2.3614 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  418.014445][T29509] Tainted: [L]=SOFTLOCKUP
[  418.014449][T29509] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  418.014458][T29509] Call Trace:
[  418.014462][T29509]  <TASK>
[  418.014467][T29509]  dump_stack_lvl+0x100/0x190
[  418.014488][T29509]  should_fail_ex.cold+0x5/0xa
[  418.014506][T29509]  ? tomoyo_encode2+0xfb/0x3c0
[  418.014524][T29509]  should_failslab+0xc2/0x120
[  418.014537][T29509]  __kmalloc_noprof+0xe0/0x850
[  418.014556][T29509]  tomoyo_encode2+0xfb/0x3c0
[  418.014572][T29509]  tomoyo_encode+0x29/0x50
[  418.014584][T29509]  tomoyo_realpath_from_path+0x18c/0x690
[  418.014600][T29509]  tomoyo_path_number_perm+0x23c/0x580
[  418.014611][T29509]  ? tomoyo_path_number_perm+0x22e/0x580
[  418.014623][T29509]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  418.014650][T29509]  ? find_held_lock+0x2b/0x80
[  418.014661][T29509]  ? __fget_files+0x215/0x3d0
[  418.014675][T29509]  ? hook_file_ioctl_common+0x149/0x410
[  418.014691][T29509]  ? __fget_files+0x215/0x3d0
[  418.014706][T29509]  ? __fget_files+0x21f/0x3d0
[  418.014720][T29509]  security_file_ioctl+0xd3/0x230
[  418.014735][T29509]  __x64_sys_ioctl+0xb7/0x210
[  418.014747][T29509]  do_syscall_64+0x10b/0xf80
[  418.014764][T29509]  ? clear_bhb_loop+0x40/0x90
[  418.014778][T29509]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  418.014789][T29509] RIP: 0033:0x7f0b4c39c819
[  418.014800][T29509] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  418.014811][T29509] RSP: 002b:00007f0b4d1bc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  418.014823][T29509] RAX: ffffffffffffffda RBX: 00007f0b4c615fa0 RCX: 00007f0b4c39c819
[  418.014830][T29509] RDX: 0000200000000000 RSI: 000000000000890b RDI: 0000000000000004
[  418.014837][T29509] RBP: 00007f0b4d1bc090 R08: 0000000000000000 R09: 0000000000000000
[  418.014844][T29509] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  418.014850][T29509] R13: 00007f0b4c616038 R14: 00007f0b4c615fa0 R15: 00007fff2703df38
[  418.014864][T29509]  </TASK>
[  418.014876][T29509] ERROR: Out of memory at tomoyo_realpath_from_path.
[  418.104101][ T6018] usb 10-1: Using ep0 maxpacket: 16
[  418.107607][ T6018] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  418.113595][ T6018] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  418.118500][ T6018] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  418.124101][ T6018] usb 10-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  418.127482][ T6018] usb 10-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  418.132650][ T6018] usb 10-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  418.136152][ T6018] usb 10-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  418.139161][ T6018] usb 10-1: Manufacturer: syz
[  418.143261][ T6018] usb 10-1: config 0 descriptor??
[  418.229623][T29519] syzkaller0: entered promiscuous mode
[  418.232014][T29519] syzkaller0: entered allmulticast mode
[  418.305031][T29524] fuse: fd is not a fuse device
[  418.354050][ T6024] usb 9-1: new high-speed USB device number 49 using dummy_hcd
[  418.359859][T29526] netlink: 'syz.6.3618': attribute type 1 has an invalid length.
[  418.435183][ T6018] rc_core: IR keymap rc-hauppauge not found
[  418.437605][ T6018] Registered IR keymap rc-empty
[  418.439810][ T6018] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  418.460408][ T6018] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  418.496011][ T6018] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.5/usb10/10-1/10-1:0.0/rc/rc0
[  418.504692][ T6018] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.5/usb10/10-1/10-1:0.0/rc/rc0/input72
[  418.513914][ T6024] usb 9-1: Using ep0 maxpacket: 16
[  418.514467][ T6018] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  418.520807][ T6024] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  418.536600][ T6024] usb 9-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  418.542381][ T6024] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  418.546948][ T6024] usb 9-1: Product: syz
[  418.548870][ T6024] usb 9-1: Manufacturer: syz
[  418.550812][ T6024] usb 9-1: SerialNumber: syz
[  418.552033][ T6018] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  418.555980][ T6024] usb 9-1: config 0 descriptor??
[  418.562168][ T6024] em28xx 9-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  418.566454][ T6024] em28xx 9-1:0.0: DVB interface 0 found: bulk
[  418.574468][ T6018] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  418.599731][ T6018] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  418.618698][ T6018] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  418.637692][ T6018] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  418.654209][ T6018] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  418.684371][ T6018] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  418.706353][ T6018] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  418.734459][ T6018] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  418.748935][ T6018] mceusb 10-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  418.753327][ T6018] mceusb 10-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  418.759219][ T6018] usb 10-1: USB disconnect, device number 29
[  419.148176][T29554] befs: (nullb0): No write support. Marking filesystem read-only
[  419.159344][T29554] befs: (nullb0): invalid magic header
[  419.183360][ T6024] em28xx 9-1:0.0: unknown em28xx chip ID (0)
[  419.244821][T29555] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=51 sclass=netlink_route_socket pid=29555 comm=syz.5.3619
[  419.606862][ T6024] em28xx 9-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  419.609829][ T6024] em28xx 9-1:0.0: board has no eeprom
[  419.673916][ T6024] em28xx 9-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  419.677346][ T6024] em28xx 9-1:0.0: dvb set to bulk mode.
[  419.679656][    T9] em28xx 9-1:0.0: Binding DVB extension
[  419.686316][ T6024] usb 9-1: USB disconnect, device number 49
[  419.689476][ T6024] em28xx 9-1:0.0: Disconnecting em28xx
[  419.746704][    T9] em28xx 9-1:0.0: Registering input extension
[  419.749782][ T6024] em28xx 9-1:0.0: Closing input extension
[  419.851407][ T6024] em28xx 9-1:0.0: Freeing device
[  420.473936][ T6018] usb 9-1: new high-speed USB device number 50 using dummy_hcd
[  420.664067][ T6018] usb 9-1: Using ep0 maxpacket: 32
[  420.669036][ T6018] usb 9-1: config index 0 descriptor too short (expected 29220, got 36)
[  420.672991][ T6018] usb 9-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  420.685256][ T6018] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 81
[  420.689698][ T6018] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  420.694360][ T6018] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  420.698888][ T6018] usb 9-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  420.704534][ T6018] usb 9-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  420.708223][ T6018] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  420.714936][ T6018] usb 9-1: config 0 descriptor??
[  420.925543][ T6018] usblp 9-1:0.0: usblp0: USB Bidirectional printer dev 50 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  420.935812][ T6018] usb 9-1: USB disconnect, device number 50
[  420.944152][ T6018] usblp0: removed
[  421.429854][ T6018] usb 9-1: new high-speed USB device number 51 using dummy_hcd
[  421.601982][ T6018] usb 9-1: Using ep0 maxpacket: 32
[  421.605833][ T6018] usb 9-1: config index 0 descriptor too short (expected 29220, got 36)
[  421.609130][ T6018] usb 9-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  421.613208][ T6018] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 81
[  421.617335][ T6018] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  421.621409][ T6018] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  421.625700][ T6018] usb 9-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  421.630569][ T6018] usb 9-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  421.634290][ T6018] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  421.640465][ T6018] usb 9-1: config 0 descriptor??
[  421.874624][ T6018] usblp 9-1:0.0: usblp0: USB Bidirectional printer dev 51 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  422.069078][   T40] kauditd_printk_skb: 50 callbacks suppressed
[  422.069132][   T40] audit: type=1400 audit(1777427972.080:12449): avc:  denied  { read write } for  pid=29580 comm="syz.4.3620" name="lp0" dev="devtmpfs" ino=4140 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1
[  422.081134][   T40] audit: type=1400 audit(1777427972.080:12450): avc:  denied  { open } for  pid=29580 comm="syz.4.3620" path="/dev/usb/lp0" dev="devtmpfs" ino=4140 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1
[  422.244911][T29526] workqueue: Failed to create a rescuer kthread for wq "bond13": -EINTR
[  422.309700][T29581] netlink: 'syz.4.3620': attribute type 12 has an invalid length.
[  422.320383][ T6019] usb 9-1: USB disconnect, device number 51
[  422.361746][   T40] audit: type=1400 audit(1777427972.380:12451): avc:  denied  { lock } for  pid=29634 comm="syz.5.3622" path="socket:[73331]" dev="sockfs" ino=73331 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1
[  422.374507][   T40] audit: type=1400 audit(1777427972.390:12452): avc:  denied  { read } for  pid=29634 comm="syz.5.3622" dev="nsfs" ino=4026534215 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  422.376117][ T6019] usblp0: removed
[  422.381655][T29635] tmpfs: Bad value for 'mpol'
[  422.386505][   T40] audit: type=1400 audit(1777427972.390:12453): avc:  denied  { open } for  pid=29634 comm="syz.5.3622" path="net:[4026534215]" dev="nsfs" ino=4026534215 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  422.397268][   T40] audit: type=1400 audit(1777427972.390:12454): avc:  denied  { create } for  pid=29634 comm="syz.5.3622" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  422.404434][   T40] audit: type=1400 audit(1777427972.390:12455): avc:  denied  { setopt } for  pid=29634 comm="syz.5.3622" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  422.411352][   T40] audit: type=1400 audit(1777427972.400:12456): avc:  denied  { mounton } for  pid=29634 comm="syz.5.3622" path="/301/file0" dev="tmpfs" ino=1579 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  422.433161][   T40] audit: type=1400 audit(1777427972.420:12457): avc:  denied  { connect } for  pid=29634 comm="syz.5.3622" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  422.446398][T29640] Bluetooth: (null): Too short H5 packet
[  422.464867][   T40] audit: type=1400 audit(1777427972.490:12458): avc:  denied  { module_request } for  pid=29643 comm="syz.6.3624" kmod="netdev-syzkaller1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  422.523964][T29647] No source specified
[  422.575415][ T6018] usb 7-1: new high-speed USB device number 51 using dummy_hcd
[  422.578108][T29650] Bluetooth: (null): Too short H5 packet
[  422.581469][T29650] FAULT_INJECTION: forcing a failure.
[  422.581469][T29650] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  422.588763][T29650] CPU: 0 UID: 0 PID: 29650 Comm: syz.5.3625 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  422.588788][T29650] Tainted: [L]=SOFTLOCKUP
[  422.588793][T29650] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  422.588802][T29650] Call Trace:
[  422.588809][T29650]  <TASK>
[  422.588816][T29650]  dump_stack_lvl+0x100/0x190
[  422.588841][T29650]  should_fail_ex.cold+0x5/0xa
[  422.588867][T29650]  _copy_to_user+0x32/0xd0
[  422.588891][T29650]  simple_read_from_buffer+0xcb/0x170
[  422.588911][T29650]  proc_fail_nth_read+0x1af/0x230
[  422.588927][T29650]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  422.588943][T29650]  ? rw_verify_area+0xce/0x6d0
[  422.588970][T29650]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  422.588988][T29650]  vfs_read+0x1e4/0xb30
[  422.589005][T29650]  ? __pfx_vfs_read+0x10/0x10
[  422.589018][T29650]  ? __fget_files+0x215/0x3d0
[  422.589063][T29650]  ? __fget_files+0x21f/0x3d0
[  422.589085][T29650]  ksys_read+0x12a/0x250
[  422.589099][T29650]  ? __pfx_ksys_read+0x10/0x10
[  422.589117][T29650]  ? rcu_is_watching+0x12/0xc0
[  422.589145][T29650]  do_syscall_64+0x10b/0xf80
[  422.589168][T29650]  ? clear_bhb_loop+0x40/0x90
[  422.589186][T29650]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  422.589201][T29650] RIP: 0033:0x7f60f735d04e
[  422.589215][T29650] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  422.589229][T29650] RSP: 002b:00007f60f817efe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  422.589244][T29650] RAX: ffffffffffffffda RBX: 00007f60f817f6c0 RCX: 00007f60f735d04e
[  422.589253][T29650] RDX: 000000000000000f RSI: 00007f60f817f0a0 RDI: 0000000000000005
[  422.589262][T29650] RBP: 00007f60f817f090 R08: 0000000000000000 R09: 0000000000000000
[  422.589271][T29650] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  422.589279][T29650] R13: 00007f60f7616038 R14: 00007f60f7615fa0 R15: 00007ffdabae3a48
[  422.589299][T29650]  </TASK>
[  422.736704][ T6018] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  422.740612][ T6018] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  422.744344][ T6018] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  422.752448][ T6018] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  422.757086][ T6018] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  422.761985][ T6018] usb 7-1: config 0 descriptor??
[  422.954229][T29662] syzkaller0: entered promiscuous mode
[  422.956661][T29662] syzkaller0: entered allmulticast mode
[  422.994084][ T8753] usb 10-1: new high-speed USB device number 30 using dummy_hcd
[  423.163909][ T8753] usb 10-1: Using ep0 maxpacket: 16
[  423.167307][ T8753] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  423.172275][ T8753] usb 10-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  423.175919][ T8753] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  423.178954][ T8753] usb 10-1: Product: syz
[  423.180413][ T8753] usb 10-1: Manufacturer: syz
[  423.182010][ T8753] usb 10-1: SerialNumber: syz
[  423.185862][ T8753] usb 10-1: config 0 descriptor??
[  423.190618][ T8753] em28xx 10-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  423.193967][ T8753] em28xx 10-1:0.0: DVB interface 0 found: bulk
[  423.208154][ T6018] usbhid 7-1:0.0: can't add hid device: -71
[  423.224655][ T6018] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  423.234462][ T6018] usb 7-1: USB disconnect, device number 51
[  423.348580][T29672] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3630'.
[  423.819603][ T8753] em28xx 10-1:0.0: unknown em28xx chip ID (0)
[  423.941421][T29686] loop2: detected capacity change from 0 to 7
[  423.945882][T29686] Dev loop2: unable to read RDB block 7
[  423.948435][T29686]  loop2: unable to read partition table
[  423.951321][T29686] loop2: partition table beyond EOD, truncated
[  423.954042][T29686] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  424.236223][ T8753] em28xx 10-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  424.239494][ T8753] em28xx 10-1:0.0: board has no eeprom
[  424.313864][ T8753] em28xx 10-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  424.317406][ T8753] em28xx 10-1:0.0: dvb set to bulk mode.
[  424.319679][ T6448] em28xx 10-1:0.0: Binding DVB extension
[  424.350195][ T8753] usb 10-1: USB disconnect, device number 30
[  424.375112][ T8753] em28xx 10-1:0.0: Disconnecting em28xx
[  424.440244][ T6448] em28xx 10-1:0.0: Registering input extension
[  424.443019][ T8753] em28xx 10-1:0.0: Closing input extension
[  424.464702][ T8753] em28xx 10-1:0.0: Freeing device
[  425.109027][ T5959] Bluetooth: hci4: unexpected event for opcode 0x0c03
[  425.433948][ T8753] usb 7-1: new high-speed USB device number 52 using dummy_hcd
[  425.573862][ T8753] usb 7-1: Using ep0 maxpacket: 32
[  425.579112][ T8753] usb 7-1: config index 0 descriptor too short (expected 29220, got 36)
[  425.582929][ T8753] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  425.587109][ T8753] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 81
[  425.594787][ T8753] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  425.599397][ T8753] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  425.604170][ T8753] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  425.609748][ T8753] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  425.613850][ T8753] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  425.621595][ T8753] usb 7-1: config 0 descriptor??
[  425.837860][ T8753] usblp 7-1:0.0: usblp0: USB Bidirectional printer dev 52 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  425.865523][ T8753] usb 7-1: USB disconnect, device number 52
[  425.872719][ T8753] usblp0: removed
[  426.313980][ T8753] usb 7-1: new high-speed USB device number 53 using dummy_hcd
[  426.479772][ T8753] usb 7-1: Using ep0 maxpacket: 32
[  426.495303][ T8753] usb 7-1: config index 0 descriptor too short (expected 29220, got 36)
[  426.498174][ T8753] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  426.501184][ T8753] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 81
[  426.504371][ T8753] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  426.507846][ T8753] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  426.511096][ T8753] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  426.515829][ T8753] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  426.519027][ T8753] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  426.523876][ T8753] usb 7-1: config 0 descriptor??
[  426.682953][T29735] can0: slcan on ptm0.
[  426.738425][ T8753] usblp 7-1:0.0: usblp0: USB Bidirectional printer dev 53 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  426.775080][T29735] can0 (unregistered): slcan off ptm0.
[  426.798774][T29769] input: syz0 as /devices/virtual/input/input75
[  426.936396][ T8753] usb 7-1: USB disconnect, device number 53
[  426.956365][ T8753] usblp0: removed
[  427.214281][ T6448] usb 9-1: new high-speed USB device number 52 using dummy_hcd
[  427.256326][   T40] kauditd_printk_skb: 71 callbacks suppressed
[  427.256374][   T40] audit: type=1400 audit(1777427977.280:12530): avc:  denied  { create } for  pid=29804 comm="syz.5.3643" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  427.261669][T29805] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3643'.
[  427.370872][   T40] audit: type=1400 audit(1777427977.390:12531): avc:  denied  { accept } for  pid=29804 comm="syz.5.3643" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1
[  427.370925][T29805] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3643'.
[  427.384038][ T6448] usb 9-1: Using ep0 maxpacket: 16
[  427.388039][   T40] audit: type=1400 audit(1777427977.390:12532): avc:  denied  { write } for  pid=29804 comm="syz.5.3643" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  427.388651][ T6448] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  427.395938][   T40] audit: type=1400 audit(1777427977.390:12533): avc:  denied  { read } for  pid=29804 comm="syz.5.3643" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  427.400487][ T6448] usb 9-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  427.407863][   T40] audit: type=1400 audit(1777427977.430:12534): avc:  denied  { execmem } for  pid=29874 comm="syz.6.3645" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  427.410347][ T6448] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  427.419346][ T6448] usb 9-1: Product: syz
[  427.421290][ T6448] usb 9-1: Manufacturer: syz
[  427.423247][ T6448] usb 9-1: SerialNumber: syz
[  427.425006][   T40] audit: type=1400 audit(1777427977.450:12535): avc:  denied  { recv } for  pid=29874 comm="syz.6.3645" saddr=127.0.0.1 src=30000 daddr=127.0.0.1 dest=36022 netif=lo scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1
[  427.436991][ T6448] usb 9-1: config 0 descriptor??
[  427.441710][ T6448] em28xx 9-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  427.445524][ T6448] em28xx 9-1:0.0: DVB interface 0 found: bulk
[  427.574939][   T40] audit: type=1400 audit(1777427977.600:12536): avc:  denied  { ioctl } for  pid=29886 comm="syz.2.3648" path="socket:[66159]" dev="sockfs" ino=66159 ioctlcmd=0x8914 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  427.585323][   T40] audit: type=1400 audit(1777427977.610:12537): avc:  denied  { create } for  pid=29874 comm="syz.6.3645" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  427.591953][   T40] audit: type=1400 audit(1777427977.610:12538): avc:  denied  { create } for  pid=29874 comm="syz.6.3645" anonclass=[userfaultfd] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  427.599727][   T40] audit: type=1400 audit(1777427977.610:12539): avc:  denied  { ioctl } for  pid=29874 comm="syz.6.3645" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=73441 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  427.655744][T29888] syzkaller0: entered promiscuous mode
[  427.658260][T29888] syzkaller0: entered allmulticast mode
[  428.060908][ T6448] em28xx 9-1:0.0: unknown em28xx chip ID (0)
[  428.508654][ T6448] em28xx 9-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  428.512062][ T6448] em28xx 9-1:0.0: board has no eeprom
[  428.603062][ T6448] em28xx 9-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  428.603986][    T9] usb 10-1: new high-speed USB device number 31 using dummy_hcd
[  428.605870][ T6448] em28xx 9-1:0.0: dvb set to bulk mode.
[  428.610727][ T8753] em28xx 9-1:0.0: Binding DVB extension
[  428.630161][ T6448] usb 9-1: USB disconnect, device number 52
[  428.635062][ T6448] em28xx 9-1:0.0: Disconnecting em28xx
[  428.645150][ T8753] em28xx 9-1:0.0: Registering input extension
[  428.653623][ T6448] em28xx 9-1:0.0: Closing input extension
[  428.719897][ T6448] em28xx 9-1:0.0: Freeing device
[  428.754006][    T9] usb 10-1: Using ep0 maxpacket: 32
[  428.757171][    T9] usb 10-1: config index 0 descriptor too short (expected 29220, got 36)
[  428.760302][    T9] usb 10-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  428.763323][    T9] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 81
[  428.767407][    T9] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  428.770867][    T9] usb 10-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  428.774607][    T9] usb 10-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  428.778991][    T9] usb 10-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  428.782203][    T9] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  428.791289][    T9] usb 10-1: config 0 descriptor??
[  428.983973][ T5959] Bluetooth: hci4: command 0x0c1a tx timeout
[  428.985359][ T6018] Bluetooth: hci4: Opcode 0x0c1a failed: -110
[  429.006184][ T6018] Bluetooth: hci4: Error when powering off device on rfkill (-110)
[  429.039364][    T9] usblp 10-1:0.0: usblp0: USB Bidirectional printer dev 31 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  429.047277][    T9] usb 10-1: USB disconnect, device number 31
[  429.051684][    T9] usblp0: removed
[  429.109027][T29951] iommufd_mock iommufd_mock0: Adding to iommu group 9
[  429.503880][ T6448] usb 10-1: new high-speed USB device number 32 using dummy_hcd
[  429.673853][ T6448] usb 10-1: Using ep0 maxpacket: 32
[  429.677301][ T6448] usb 10-1: config index 0 descriptor too short (expected 29220, got 36)
[  429.680390][ T6448] usb 10-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  429.683636][ T6448] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 81
[  429.687082][ T6448] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  429.690385][ T6448] usb 10-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  429.694319][ T6448] usb 10-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  429.699271][ T6448] usb 10-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  429.702462][ T6448] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  429.708302][ T6448] usb 10-1: config 0 descriptor??
[  429.969222][ T6448] usblp 10-1:0.0: usblp0: USB Bidirectional printer dev 32 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  430.158500][ T6019] usb 10-1: USB disconnect, device number 32
[  430.249856][ T6019] usblp0: removed
[  430.897788][T29987] FAULT_INJECTION: forcing a failure.
[  430.897788][T29987] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  430.903284][T29987] CPU: 0 UID: 0 PID: 29987 Comm: syz.5.3659 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  430.903319][T29987] Tainted: [L]=SOFTLOCKUP
[  430.903325][T29987] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  430.903337][T29987] Call Trace:
[  430.903346][T29987]  <TASK>
[  430.903355][T29987]  dump_stack_lvl+0x100/0x190
[  430.903389][T29987]  should_fail_ex.cold+0x5/0xa
[  430.903418][T29987]  _copy_from_user+0x2e/0xd0
[  430.903446][T29987]  nr_rt_ioctl+0x103/0x29e0
[  430.903885][T29987]  ? avc_has_perm_noaudit+0x145/0x3b0
[  430.903916][T29987]  ? __pfx_nr_rt_ioctl+0x10/0x10
[  430.903947][T29987]  ? kasan_quarantine_put+0x104/0x240
[  430.903991][T29987]  ? bpf_lsm_capable+0x9/0x10
[  430.904355][T29987]  ? security_capable+0x80/0x260
[  430.904388][T29987]  nr_ioctl+0x16e/0x2d0
[  430.904412][T29987]  sock_do_ioctl+0x118/0x280
[  430.905057][T29987]  ? __pfx_sock_do_ioctl+0x10/0x10
[  430.905083][T29987]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  430.905103][T29987]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  430.905135][T29987]  sock_ioctl+0x599/0x6b0
[  430.905160][T29987]  ? __pfx_sock_ioctl+0x10/0x10
[  430.905182][T29987]  ? hook_file_ioctl_common+0x149/0x410
[  430.905218][T29987]  ? selinux_file_ioctl+0x13b/0x290
[  430.905238][T29987]  ? selinux_file_ioctl+0xb6/0x290
[  430.905265][T29987]  ? __pfx_sock_ioctl+0x10/0x10
[  430.905288][T29987]  __x64_sys_ioctl+0x18e/0x210
[  430.905311][T29987]  do_syscall_64+0x10b/0xf80
[  430.905339][T29987]  ? clear_bhb_loop+0x40/0x90
[  430.905365][T29987]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  430.905385][T29987] RIP: 0033:0x7f60f739c819
[  430.905402][T29987] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  430.905423][T29987] RSP: 002b:00007f60f55f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  430.905445][T29987] RAX: ffffffffffffffda RBX: 00007f60f7616090 RCX: 00007f60f739c819
[  430.905458][T29987] RDX: 0000200000000000 RSI: 000000000000890b RDI: 0000000000000004
[  430.905469][T29987] RBP: 00007f60f55f6090 R08: 0000000000000000 R09: 0000000000000000
[  430.905480][T29987] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  430.905492][T29987] R13: 00007f60f7616128 R14: 00007f60f7616090 R15: 00007ffdabae3a48
[  430.905522][T29987]  </TASK>
[  431.870918][T29993] fuse: Bad value for 'fd'
[  432.154036][ T6448] usb 9-1: new high-speed USB device number 53 using dummy_hcd
[  432.303890][ T6448] usb 9-1: Using ep0 maxpacket: 16
[  432.309911][ T6448] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  432.317727][ T6448] usb 9-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  432.320641][ T6448] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  432.323258][ T6448] usb 9-1: Product: syz
[  432.325037][ T6448] usb 9-1: Manufacturer: syz
[  432.326815][ T6448] usb 9-1: SerialNumber: syz
[  432.330910][ T6448] usb 9-1: config 0 descriptor??
[  432.334704][ T6448] em28xx 9-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  432.337826][ T6448] em28xx 9-1:0.0: DVB interface 0 found: bulk
[  432.449322][   T40] kauditd_printk_skb: 59 callbacks suppressed
[  432.449343][   T40] audit: type=1400 audit(1777427982.460:12599): avc:  denied  { read write } for  pid=19524 comm="syz-executor" name="loop2" dev="devtmpfs" ino=660 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  432.462171][   T40] audit: type=1400 audit(1777427982.460:12600): avc:  denied  { open } for  pid=19524 comm="syz-executor" path="/dev/loop2" dev="devtmpfs" ino=660 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  432.473311][   T40] audit: type=1400 audit(1777427982.460:12601): avc:  denied  { ioctl } for  pid=19524 comm="syz-executor" path="/dev/loop2" dev="devtmpfs" ino=660 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  432.486667][   T40] audit: type=1400 audit(1777427982.460:12602): avc:  denied  { create } for  pid=30021 comm="syz.2.3668" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  432.540083][   T40] audit: type=1400 audit(1777427982.540:12603): avc:  denied  { create } for  pid=30023 comm="syz.5.3670" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  432.578606][T30025] syzkaller0: entered promiscuous mode
[  432.581118][T30025] syzkaller0: entered allmulticast mode
[  432.591753][   T40] audit: type=1400 audit(1777427982.620:12604): avc:  denied  { write } for  pid=30023 comm="syz.5.3670" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  432.814068][ T8753] usb 7-1: new high-speed USB device number 54 using dummy_hcd
[  432.912465][   T40] audit: type=1400 audit(1777427982.930:12605): avc:  denied  { ioctl } for  pid=30033 comm="syz.6.3671" path="socket:[66172]" dev="sockfs" ino=66172 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  432.925483][T30034] fuse: fd is not a fuse device
[  432.933011][   T40] audit: type=1400 audit(1777427982.950:12606): avc:  denied  { mounton } for  pid=30033 comm="syz.6.3671" path="/456/file0" dev="tmpfs" ino=2419 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  432.950737][ T6448] em28xx 9-1:0.0: unknown em28xx chip ID (0)
[  433.004397][ T8753] usb 7-1: Using ep0 maxpacket: 16
[  433.010457][ T8753] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  433.014552][ T8753] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  433.018183][ T8753] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  433.021514][ T8753] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  433.025470][ T8753] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  433.030953][ T8753] usb 7-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  433.034803][ T8753] usb 7-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  433.037766][ T8753] usb 7-1: Manufacturer: syz
[  433.041447][ T8753] usb 7-1: config 0 descriptor??
[  433.294444][ T8753] rc_core: IR keymap rc-hauppauge not found
[  433.299964][ T8753] Registered IR keymap rc-empty
[  433.303116][ T8753] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  433.334090][ T8753] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  433.358054][ T8753] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/rc/rc0
[  433.365517][ T8753] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/rc/rc0/input77
[  433.377731][ T6448] em28xx 9-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  433.383036][ T6448] em28xx 9-1:0.0: board has no eeprom
[  433.386870][ T8753] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  433.395136][   T40] audit: type=1400 audit(1777427983.420:12607): avc:  denied  { read } for  pid=5342 comm="acpid" name="event4" dev="devtmpfs" ino=4186 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  433.405103][   T40] audit: type=1400 audit(1777427983.420:12608): avc:  denied  { open } for  pid=5342 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=4186 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  433.448548][ T8753] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  433.479621][ T6448] em28xx 9-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  433.482379][ T8753] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  433.484825][ T6448] em28xx 9-1:0.0: dvb set to bulk mode.
[  433.500704][ T6448] usb 9-1: USB disconnect, device number 53
[  433.502821][   T54] em28xx 9-1:0.0: Binding DVB extension
[  433.524675][ T6448] em28xx 9-1:0.0: Disconnecting em28xx
[  433.526719][ T8753] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  433.563969][ T8753] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  433.593250][   T54] em28xx 9-1:0.0: Registering input extension
[  433.595530][ T6448] em28xx 9-1:0.0: Closing input extension
[  433.604516][ T6448] em28xx 9-1:0.0: Freeing device
[  433.624047][ T8753] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  433.653876][ T8753] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  433.714101][ T8753] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  433.737224][ T8753] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  433.754228][ T8753] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  433.796204][ T8753] mceusb 7-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  433.799322][ T8753] mceusb 7-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  433.805907][ T8753] usb 7-1: USB disconnect, device number 54
[  433.870835][ T5959] Bluetooth: hci3: command 0x0c1a tx timeout
[  433.875795][ T6018] Bluetooth: hci3: Opcode 0x0c1a failed: -110
[  433.879287][ T6018] Bluetooth: hci3: Error when powering off device on rfkill (-110)
[  434.183964][ T6045] usb 9-1: new high-speed USB device number 54 using dummy_hcd
[  434.244233][T30089] fuse: Bad value for 'fd'
[  434.363941][ T6045] usb 9-1: Using ep0 maxpacket: 16
[  434.368797][ T6045] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  434.374156][ T6045] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  434.378169][ T6045] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  434.381919][ T6045] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  434.388812][ T6045] usb 9-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  434.396141][ T6045] usb 9-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  434.400200][ T6045] usb 9-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  434.403531][ T6045] usb 9-1: Manufacturer: syz
[  434.431934][ T6045] usb 9-1: config 0 descriptor??
[  434.532907][   T29] usb 7-1: new high-speed USB device number 55 using dummy_hcd
[  434.723957][   T29] usb 7-1: Using ep0 maxpacket: 16
[  434.725919][ T6045] rc_core: IR keymap rc-hauppauge not found
[  434.727937][ T6045] Registered IR keymap rc-empty
[  434.730252][ T6045] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  434.733986][   T29] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  434.740568][   T29] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  434.744465][   T29] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  434.748003][   T29] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  434.751141][   T29] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  434.755863][ T6045] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  434.760113][   T29] usb 7-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  434.763360][   T29] usb 7-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  434.766136][   T29] usb 7-1: Manufacturer: syz
[  434.775407][   T29] usb 7-1: config 0 descriptor??
[  434.813033][ T6045] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:0.0/rc/rc0
[  434.819034][ T6045] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:0.0/rc/rc0/input79
[  434.827584][ T6045] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  434.838106][T30084] FAULT_INJECTION: forcing a failure.
[  434.838106][T30084] name failslab, interval 1, probability 0, space 0, times 0
[  434.842923][T30084] CPU: 1 UID: 0 PID: 30084 Comm: syz.4.3672 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  434.842943][T30084] Tainted: [L]=SOFTLOCKUP
[  434.842948][T30084] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  434.842955][T30084] Call Trace:
[  434.842962][T30084]  <TASK>
[  434.842969][T30084]  dump_stack_lvl+0x100/0x190
[  434.842993][T30084]  should_fail_ex.cold+0x5/0xa
[  434.843027][T30084]  ? tomoyo_realpath_from_path+0xb6/0x690
[  434.843042][T30084]  should_failslab+0xc2/0x120
[  434.843058][T30084]  __kmalloc_noprof+0xe0/0x850
[  434.843074][T30084]  ? kfree+0x1dd/0x6c0
[  434.843090][T30084]  tomoyo_realpath_from_path+0xb6/0x690
[  434.843108][T30084]  tomoyo_path_number_perm+0x23c/0x580
[  434.843119][T30084]  ? tomoyo_path_number_perm+0x22e/0x580
[  434.843131][T30084]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  434.843156][T30084]  ? find_held_lock+0x2b/0x80
[  434.843168][T30084]  ? __fget_files+0x215/0x3d0
[  434.843183][T30084]  ? hook_file_ioctl_common+0x149/0x410
[  434.843197][T30084]  ? __fget_files+0x215/0x3d0
[  434.843213][T30084]  ? __fget_files+0x21f/0x3d0
[  434.843228][T30084]  security_file_ioctl+0xd3/0x230
[  434.843242][T30084]  __x64_sys_ioctl+0xb7/0x210
[  434.843256][T30084]  do_syscall_64+0x10b/0xf80
[  434.843274][T30084]  ? clear_bhb_loop+0x40/0x90
[  434.843289][T30084]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  434.843301][T30084] RIP: 0033:0x7fd08459c819
[  434.843312][T30084] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  434.843324][T30084] RSP: 002b:00007fd085387028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  434.843336][T30084] RAX: ffffffffffffffda RBX: 00007fd084815fa0 RCX: 00007fd08459c819
[  434.843343][T30084] RDX: 0000200000000140 RSI: 0000000080284504 RDI: 0000000000000004
[  434.843350][T30084] RBP: 00007fd085387090 R08: 0000000000000000 R09: 0000000000000000
[  434.843357][T30084] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  434.843364][T30084] R13: 00007fd084816038 R14: 00007fd084815fa0 R15: 00007fff3136cbb8
[  434.843380][T30084]  </TASK>
[  434.843425][T30084] ERROR: Out of memory at tomoyo_realpath_from_path.
[  434.928627][ T6045] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  434.974057][ T6045] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  435.003859][ T6045] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  435.054120][ T6045] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  435.056529][   T29] rc_core: IR keymap rc-hauppauge not found
[  435.058640][   T29] Registered IR keymap rc-empty
[  435.060468][   T29] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  435.083963][ T6045] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  435.086749][   T29] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  435.144039][ T6045] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  435.147431][   T29] rc rc1: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/rc/rc1
[  435.153781][   T29] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/rc/rc1/input80
[  435.161142][   T29] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  435.184981][ T6045] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  435.187892][   T29] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  435.235433][ T6045] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  435.238820][   T29] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  435.263865][ T6045] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  435.266557][   T29] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  435.304086][   T29] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  435.308689][ T6045] mceusb 9-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  435.312469][ T6045] mceusb 9-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  435.322268][ T6045] usb 9-1: USB disconnect, device number 54
[  435.343886][   T29] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  435.403922][   T29] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  435.443902][   T29] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  435.504296][   T29] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  435.527644][   T29] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  435.584493][   T29] mceusb 7-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  435.588000][   T29] mceusb 7-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  436.214397][   T63] Bluetooth: hci1: command 0x0c1a tx timeout
[  436.220486][ T6018] Bluetooth: hci1: Opcode 0x0c1a failed: -110
[  436.241033][ T6018] Bluetooth: hci1: Error when powering off device on rfkill (-110)
[  437.154937][T30092] netlink: 'syz.2.3674': attribute type 12 has an invalid length.
[  437.157841][T30092] netlink: 132 bytes leftover after parsing attributes in process `syz.2.3674'.
[  437.179571][   T53] usb 7-1: USB disconnect, device number 55
[  437.481712][T30151] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3677'.
[  437.486127][   T40] kauditd_printk_skb: 14 callbacks suppressed
[  437.486138][   T40] audit: type=1400 audit(1777427987.510:12623): avc:  denied  { module_request } for  pid=30150 comm="syz.5.3677" kmod="rtnl-link-gr" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  437.496899][   T40] audit: type=1400 audit(1777427987.510:12624): avc:  denied  { prog_load } for  pid=30152 comm="syz.6.3676" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  437.509029][   T40] audit: type=1400 audit(1777427987.510:12625): avc:  denied  { bpf } for  pid=30152 comm="syz.6.3676" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  437.517817][   T40] audit: type=1400 audit(1777427987.510:12626): avc:  denied  { perfmon } for  pid=30152 comm="syz.6.3676" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  437.526391][   T40] audit: type=1400 audit(1777427987.510:12627): avc:  denied  { read write } for  pid=10981 comm="syz-executor" name="loop4" dev="devtmpfs" ino=662 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  437.530296][T30157] veth1_to_team: left allmulticast mode
[  437.536278][   T40] audit: type=1400 audit(1777427987.510:12628): avc:  denied  { open } for  pid=10981 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=662 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  437.536328][   T40] audit: type=1400 audit(1777427987.510:12629): avc:  denied  { ioctl } for  pid=10981 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=662 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  437.536364][   T40] audit: type=1400 audit(1777427987.510:12630): avc:  denied  { map } for  pid=30150 comm="syz.5.3677" path="socket:[73500]" dev="sockfs" ino=73500 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1
[  437.536399][   T40] audit: type=1400 audit(1777427987.510:12631): avc:  denied  { accept } for  pid=30150 comm="syz.5.3677" path="socket:[73500]" dev="sockfs" ino=73500 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1
[  437.536437][   T40] audit: type=1400 audit(1777427987.510:12632): avc:  denied  { create } for  pid=30150 comm="syz.5.3677" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  438.013955][   T53] usb 9-1: new high-speed USB device number 55 using dummy_hcd
[  438.039978][ T6019] usb 7-1: new high-speed USB device number 56 using dummy_hcd
[  438.088621][T30179] fuse: Bad value for 'fd'
[  438.125624][T30181] cgroup: No subsys list or none specified
[  438.206070][   T53] usb 9-1: Using ep0 maxpacket: 32
[  438.211336][   T53] usb 9-1: config index 0 descriptor too short (expected 29220, got 36)
[  438.220273][   T53] usb 9-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  438.226579][   T53] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 81
[  438.230424][   T53] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  438.237060][   T53] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  438.241145][   T53] usb 9-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  438.246729][   T53] usb 9-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  438.251041][   T53] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  438.257375][   T53] usb 9-1: config 0 descriptor??
[  438.375785][ T6019] usb 7-1: Using ep0 maxpacket: 16
[  438.391744][ T6019] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  438.406486][ T6019] usb 7-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  438.409768][ T6019] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  438.413611][T30196] fuse: fd is not a fuse device
[  438.414353][ T6019] usb 7-1: Product: syz
[  438.417761][ T6019] usb 7-1: Manufacturer: syz
[  438.419661][ T6019] usb 7-1: SerialNumber: syz
[  438.420167][T30192] syzkaller0: entered promiscuous mode
[  438.423430][T30192] syzkaller0: entered allmulticast mode
[  438.449744][ T6019] usb 7-1: config 0 descriptor??
[  438.467625][T30199] overlayfs: failed to clone upperpath
[  438.472853][   T53] usblp 9-1:0.0: usblp0: USB Bidirectional printer dev 55 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  438.485135][ T6019] em28xx 7-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  438.489635][   T53] usb 9-1: USB disconnect, device number 55
[  438.493129][ T6019] em28xx 7-1:0.0: DVB interface 0 found: bulk
[  438.500332][   T53] usblp0: removed
[  438.592113][T30213] fuse: fd is not a fuse device
[  438.599068][T30213] netlink: 'syz.6.3688': attribute type 11 has an invalid length.
[  438.602544][T30213] netlink: 44 bytes leftover after parsing attributes in process `syz.6.3688'.
[  439.003946][   T53] usb 9-1: new high-speed USB device number 56 using dummy_hcd
[  439.079133][ T6019] em28xx 7-1:0.0: unknown em28xx chip ID (0)
[  439.163865][   T53] usb 9-1: Using ep0 maxpacket: 32
[  439.167865][   T53] usb 9-1: config index 0 descriptor too short (expected 29220, got 36)
[  439.171067][   T53] usb 9-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  439.174233][   T53] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 81
[  439.177440][   T53] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  439.180525][   T53] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  439.183640][   T53] usb 9-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  439.189325][   T53] usb 9-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  439.193074][   T53] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  439.199264][   T53] usb 9-1: config 0 descriptor??
[  439.415827][   T53] usblp 9-1:0.0: usblp0: USB Bidirectional printer dev 56 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  439.535252][ T6019] em28xx 7-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  439.538362][ T6019] em28xx 7-1:0.0: board has no eeprom
[  439.617636][ T8753] usb 9-1: USB disconnect, device number 56
[  439.630970][ T6019] em28xx 7-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  439.633094][ T8753] usblp0: removed
[  439.636723][ T6019] em28xx 7-1:0.0: dvb set to bulk mode.
[  439.638744][   T39] em28xx 7-1:0.0: Binding DVB extension
[  439.659140][ T6019] usb 7-1: USB disconnect, device number 56
[  439.675752][ T6019] em28xx 7-1:0.0: Disconnecting em28xx
[  439.780175][   T39] em28xx 7-1:0.0: Registering input extension
[  439.782805][ T6019] em28xx 7-1:0.0: Closing input extension
[  439.793721][ T6019] em28xx 7-1:0.0: Freeing device
[  440.048602][T30255] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3689'.
[  440.051862][T30255] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3689'.
[  441.832730][T30266] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed
[  441.868779][T30266] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff)
[  442.140009][T30273] netlink: 'syz.2.3694': attribute type 1 has an invalid length.
[  442.179840][T30273] 8021q: adding VLAN 0 to HW filter on device bond6
[  442.464455][ T6037] usb 9-1: new high-speed USB device number 57 using dummy_hcd
[  442.614605][ T6037] usb 9-1: Using ep0 maxpacket: 16
[  442.619067][ T6037] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  442.626427][ T6037] usb 9-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  442.630345][ T6037] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  442.633878][ T6037] usb 9-1: Product: syz
[  442.635767][ T6037] usb 9-1: Manufacturer: syz
[  442.637795][ T6037] usb 9-1: SerialNumber: syz
[  442.643268][ T6037] usb 9-1: config 0 descriptor??
[  442.656863][ T6037] em28xx 9-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  442.661378][ T6037] em28xx 9-1:0.0: DVB interface 0 found: bulk
[  442.809925][   T40] kauditd_printk_skb: 75 callbacks suppressed
[  442.809941][   T40] audit: type=1400 audit(1777427992.830:12708): avc:  denied  { create } for  pid=30330 comm="syz.2.3701" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_dnrt_socket permissive=1
[  442.819195][   T40] audit: type=1400 audit(1777427992.840:12709): avc:  denied  { module_request } for  pid=30330 comm="syz.2.3701" kmod="net-pf-16-proto-14" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  442.850706][   T40] audit: type=1400 audit(1777427992.870:12710): avc:  denied  { recv } for  pid=28 comm="ksoftirqd/1" saddr=10.0.2.2 src=43718 daddr=10.0.2.15 dest=22 netif=eth0 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1
[  442.864986][   T40] audit: type=1400 audit(1777427992.890:12711): avc:  denied  { ioctl } for  pid=30314 comm="syz.4.3697" path="/dev/raw-gadget" dev="devtmpfs" ino=849 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  442.892777][   T40] audit: type=1400 audit(1777427992.910:12712): avc:  denied  { create } for  pid=30338 comm="syz.2.3702" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  442.897946][T30339] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  442.901846][   T40] audit: type=1400 audit(1777427992.920:12713): avc:  denied  { ioctl } for  pid=30338 comm="syz.2.3702" path="socket:[73531]" dev="sockfs" ino=73531 ioctlcmd=0x890b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  442.911769][   T40] audit: type=1400 audit(1777427992.920:12714): avc:  denied  { create } for  pid=30338 comm="syz.2.3702" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  442.919406][   T40] audit: type=1400 audit(1777427992.920:12715): avc:  denied  { write } for  pid=30338 comm="syz.2.3702" name="cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1
[  442.926875][   T40] audit: type=1400 audit(1777427992.920:12716): avc:  denied  { open } for  pid=30338 comm="syz.2.3702" path="/dev/cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1
[  442.935332][   T40] audit: type=1400 audit(1777427992.920:12717): avc:  denied  { write } for  pid=30338 comm="syz.2.3702" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  442.977739][T30342] iommufd_mock iommufd_mock0: Adding to iommu group 9
[  443.072009][T30354] netlink: 44 bytes leftover after parsing attributes in process `syz.2.3706'.
[  443.258664][T30369] netlink: 60 bytes leftover after parsing attributes in process `syz.5.3708'.
[  443.274923][ T6037] em28xx 9-1:0.0: unknown em28xx chip ID (0)
[  443.297080][T30375] FAULT_INJECTION: forcing a failure.
[  443.297080][T30375] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  443.304646][T30375] CPU: 1 UID: 0 PID: 30375 Comm: syz.2.3710 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  443.304667][T30375] Tainted: [L]=SOFTLOCKUP
[  443.304675][T30375] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  443.304682][T30375] Call Trace:
[  443.304688][T30375]  <TASK>
[  443.304693][T30375]  dump_stack_lvl+0x100/0x190
[  443.304713][T30375]  should_fail_ex.cold+0x5/0xa
[  443.304730][T30375]  _copy_to_user+0x32/0xd0
[  443.304748][T30375]  simple_read_from_buffer+0xcb/0x170
[  443.304765][T30375]  proc_fail_nth_read+0x1af/0x230
[  443.304778][T30375]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  443.304790][T30375]  ? rw_verify_area+0xce/0x6d0
[  443.304808][T30375]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  443.304819][T30375]  vfs_read+0x1e4/0xb30
[  443.304835][T30375]  ? __pfx_vfs_read+0x10/0x10
[  443.304851][T30375]  ? __fget_files+0x215/0x3d0
[  443.304868][T30375]  ? __fget_files+0x21f/0x3d0
[  443.304884][T30375]  ksys_read+0x12a/0x250
[  443.304895][T30375]  ? __pfx_ksys_read+0x10/0x10
[  443.304907][T30375]  ? rcu_is_watching+0x12/0xc0
[  443.304926][T30375]  do_syscall_64+0x10b/0xf80
[  443.304942][T30375]  ? clear_bhb_loop+0x40/0x90
[  443.304955][T30375]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  443.304967][T30375] RIP: 0033:0x7f0b4c35d04e
[  443.304978][T30375] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  443.304988][T30375] RSP: 002b:00007f0b4d1bbfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  443.305001][T30375] RAX: ffffffffffffffda RBX: 00007f0b4d1bc6c0 RCX: 00007f0b4c35d04e
[  443.305008][T30375] RDX: 000000000000000f RSI: 00007f0b4d1bc0a0 RDI: 0000000000000006
[  443.305014][T30375] RBP: 00007f0b4d1bc090 R08: 0000000000000000 R09: 0000000000000000
[  443.305021][T30375] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  443.305027][T30375] R13: 00007f0b4c616038 R14: 00007f0b4c615fa0 R15: 00007fff2703df38
[  443.305042][T30375]  </TASK>
[  443.703280][ T6037] em28xx 9-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  443.706818][ T6037] em28xx 9-1:0.0: board has no eeprom
[  443.764209][ T6037] em28xx 9-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  443.770831][ T6037] em28xx 9-1:0.0: dvb set to bulk mode.
[  443.775006][ T6024] em28xx 9-1:0.0: Binding DVB extension
[  443.796900][ T6037] usb 9-1: USB disconnect, device number 57
[  443.807747][ T6037] em28xx 9-1:0.0: Disconnecting em28xx
[  443.849171][ T6024] em28xx 9-1:0.0: Registering input extension
[  443.852114][ T6037] em28xx 9-1:0.0: Closing input extension
[  443.855000][    T9] usb 7-1: new high-speed USB device number 57 using dummy_hcd
[  443.875890][ T6037] em28xx 9-1:0.0: Freeing device
[  443.939981][T30408] syzkaller0: entered promiscuous mode
[  443.941765][T30408] syzkaller0: entered allmulticast mode
[  444.005385][    T9] usb 7-1: Using ep0 maxpacket: 32
[  444.016114][    T9] usb 7-1: config index 0 descriptor too short (expected 29220, got 36)
[  444.020171][    T9] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  444.024924][    T9] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 81
[  444.029555][    T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  444.033636][    T9] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  444.040278][    T9] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  444.047731][    T9] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  444.051281][    T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  444.058189][    T9] usb 7-1: config 0 descriptor??
[  444.270814][    T9] usblp 7-1:0.0: usblp0: USB Bidirectional printer dev 57 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  444.306621][    T9] usb 7-1: USB disconnect, device number 57
[  444.319165][    T9] usblp0: removed
[  444.614480][ T8753] usb 9-1: new high-speed USB device number 58 using dummy_hcd
[  444.806091][ T8753] usb 9-1: Using ep0 maxpacket: 16
[  444.810154][ T8753] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  444.815114][ T8753] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  444.819543][ T8753] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  444.824334][ T8753] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  444.828711][ T8753] usb 9-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  444.844815][    T9] usb 7-1: new high-speed USB device number 58 using dummy_hcd
[  444.850395][ T8753] usb 9-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  444.854935][ T8753] usb 9-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  444.858924][ T8753] usb 9-1: Manufacturer: syz
[  444.863418][ T8753] usb 9-1: config 0 descriptor??
[  444.993929][    T9] usb 7-1: Using ep0 maxpacket: 32
[  444.998926][    T9] usb 7-1: config index 0 descriptor too short (expected 29220, got 36)
[  445.002611][    T9] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  445.006913][    T9] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 81
[  445.010978][    T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  445.016168][    T9] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  445.021025][    T9] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  445.026798][    T9] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  445.030699][    T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  445.038622][    T9] usb 7-1: config 0 descriptor??
[  445.178978][ T8753] rc_core: IR keymap rc-hauppauge not found
[  445.181695][ T8753] Registered IR keymap rc-empty
[  445.183482][ T8753] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  445.207448][ T8753] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  445.230819][ T8753] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:0.0/rc/rc0
[  445.254198][ T8753] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:0.0/rc/rc0/input83
[  445.259652][    T9] usblp 7-1:0.0: usblp0: USB Bidirectional printer dev 58 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  445.283151][ T8753] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  445.304073][ T8753] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  445.329116][ T8753] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  445.348287][ T8753] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  445.370914][ T8753] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  445.393908][ T8753] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  445.428880][ T8753] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  445.447628][ T8753] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  445.459924][    T9] usb 7-1: USB disconnect, device number 58
[  445.464124][    T9] usblp0: removed
[  445.467840][ T8753] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  445.487688][ T8753] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  445.514473][ T8753] mceusb 9-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  445.519608][ T8753] mceusb 9-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  445.547753][ T8753] usb 9-1: USB disconnect, device number 58
[  446.236375][ T6019] usb 9-1: new high-speed USB device number 59 using dummy_hcd
[  446.293987][   T53] usb 7-1: new high-speed USB device number 59 using dummy_hcd
[  446.434638][   T53] usb 7-1: device descriptor read/64, error -71
[  446.454207][ T6019] usb 9-1: Using ep0 maxpacket: 16
[  446.495792][ T6019] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  446.500299][ T6019] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  446.504394][ T6019] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  446.508911][ T6019] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  446.513045][ T6019] usb 9-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  446.529926][ T6019] usb 9-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  446.554073][ T6019] usb 9-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  446.557155][ T6019] usb 9-1: Manufacturer: syz
[  446.617282][ T6019] usb 9-1: config 0 descriptor??
[  446.683990][   T53] usb 7-1: new high-speed USB device number 60 using dummy_hcd
[  446.831496][   T53] usb 7-1: device descriptor read/64, error -71
[  446.944426][   T53] usb usb7-port1: attempt power cycle
[  446.964834][ T6019] rc_core: IR keymap rc-hauppauge not found
[  446.967422][ T6019] Registered IR keymap rc-empty
[  446.969781][ T6019] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  446.994258][ T6019] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  447.032871][T30486] FAULT_INJECTION: forcing a failure.
[  447.032871][T30486] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  447.039065][T30486] CPU: 3 UID: 0 PID: 30486 Comm: syz.4.3720 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  447.039095][T30486] Tainted: [L]=SOFTLOCKUP
[  447.039102][T30486] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  447.039114][T30486] Call Trace:
[  447.039123][T30486]  <TASK>
[  447.039134][T30486]  dump_stack_lvl+0x100/0x190
[  447.039164][T30486]  should_fail_ex.cold+0x5/0xa
[  447.039198][T30486]  _copy_from_user+0x2e/0xd0
[  447.039223][T30486]  kstrtouint_from_user+0xd6/0x1d0
[  447.039239][T30486]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  447.039264][T30486]  ? __lock_acquire+0x4a5/0x2630
[  447.039293][T30486]  ? lock_acquire+0x1b1/0x370
[  447.039319][T30486]  proc_fail_nth_write+0x83/0x220
[  447.039338][T30486]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  447.039363][T30486]  vfs_write+0x2aa/0x1070
[  447.039384][T30486]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  447.039404][T30486]  ? __pfx_vfs_write+0x10/0x10
[  447.039421][T30486]  ? __fget_files+0x215/0x3d0
[  447.039446][T30486]  ? __fget_files+0x21f/0x3d0
[  447.039476][T30486]  ksys_write+0x12a/0x250
[  447.039493][T30486]  ? __pfx_ksys_write+0x10/0x10
[  447.039514][T30486]  ? rcu_is_watching+0x12/0xc0
[  447.039543][T30486]  do_syscall_64+0x10b/0xf80
[  447.039567][T30486]  ? clear_bhb_loop+0x40/0x90
[  447.039590][T30486]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  447.039610][T30486] RIP: 0033:0x7fd08455d04e
[  447.039629][T30486] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  447.039646][T30486] RSP: 002b:00007fd085386fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  447.039664][T30486] RAX: ffffffffffffffda RBX: 00007fd0853876c0 RCX: 00007fd08455d04e
[  447.039677][T30486] RDX: 0000000000000001 RSI: 00007fd0853870a0 RDI: 0000000000000004
[  447.039687][T30486] RBP: 00007fd085387090 R08: 0000000000000000 R09: 0000000000000000
[  447.039698][T30486] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  447.039708][T30486] R13: 00007fd084816038 R14: 00007fd084815fa0 R15: 00007fff3136cbb8
[  447.039734][T30486]  </TASK>
[  447.040134][ T6019] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:0.0/rc/rc0
[  447.099442][T30508] loop2: detected capacity change from 0 to 7
[  447.122978][ T6019] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:0.0/rc/rc0/input84
[  447.126400][T30508] Dev loop2: unable to read RDB block 7
[  447.147179][T30508]  loop2: unable to read partition table
[  447.150833][T30508] loop2: partition table beyond EOD, truncated
[  447.158792][ T6019] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  447.159316][T30508] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  447.185204][ T6019] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  447.216922][ T6019] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  447.246743][ T6019] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  447.278562][ T6019] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  447.283921][   T53] usb 7-1: new high-speed USB device number 61 using dummy_hcd
[  447.304522][   T53] usb 7-1: device descriptor read/8, error -71
[  447.314642][ T6019] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  447.335545][ T6019] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  447.356826][ T6019] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  447.386323][ T6019] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  447.414750][ T6019] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  447.468454][ T6019] mceusb 9-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  447.472950][ T6019] mceusb 9-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  447.508469][ T6019] usb 9-1: USB disconnect, device number 59
[  447.551374][ T1434] ieee802154 phy0 wpan0: encryption failed: -22
[  447.552696][   T53] usb 7-1: new high-speed USB device number 62 using dummy_hcd
[  447.558302][ T1434] ieee802154 phy1 wpan1: encryption failed: -22
[  447.589094][   T53] usb 7-1: device descriptor read/8, error -71
[  447.724732][   T53] usb usb7-port1: unable to enumerate USB device
[  448.084647][ T6019] usb 9-1: new high-speed USB device number 60 using dummy_hcd
[  448.364948][ T6019] usb 9-1: Using ep0 maxpacket: 16
[  448.396343][ T6019] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  448.403520][ T6019] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  448.409301][ T6019] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  448.413155][ T6019] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  448.424033][ T6019] usb 9-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  448.437927][ T6019] usb 9-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  448.441566][ T6019] usb 9-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  448.444943][ T6019] usb 9-1: Manufacturer: syz
[  448.467088][ T6019] usb 9-1: config 0 descriptor??
[  448.780605][ T6019] rc_core: IR keymap rc-hauppauge not found
[  448.782921][ T6019] Registered IR keymap rc-empty
[  448.786259][ T6019] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  448.805365][ T6019] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  448.837873][ T6019] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:0.0/rc/rc0
[  448.864940][ T6019] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:0.0/rc/rc0/input85
[  448.882624][   T40] kauditd_printk_skb: 70 callbacks suppressed
[  448.882639][   T40] audit: type=1400 audit(1777427998.900:12788): avc:  denied  { map_create } for  pid=30514 comm="syz.4.3723" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  448.889163][ T6019] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  448.893278][   T40] audit: type=1400 audit(1777427998.910:12789): avc:  denied  { map_read map_write } for  pid=30514 comm="syz.4.3723" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  448.909671][   T40] audit: type=1400 audit(1777427998.930:12790): avc:  denied  { create } for  pid=30514 comm="syz.4.3723" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  448.910200][T30515] netlink: 207952 bytes leftover after parsing attributes in process `syz.4.3723'.
[  448.918944][ T6019] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  448.924334][   T40] audit: type=1400 audit(1777427998.930:12791): avc:  denied  { write } for  pid=30514 comm="syz.4.3723" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  448.955715][ T6019] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  448.976881][ T6019] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  449.005849][ T6019] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  449.079545][   T40] audit: type=1400 audit(1777427999.100:12792): avc:  denied  { create } for  pid=30552 comm="syz.6.3725" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  449.089635][   T40] audit: type=1400 audit(1777427999.110:12793): avc:  denied  { setopt } for  pid=30552 comm="syz.6.3725" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  449.099050][   T40] audit: type=1400 audit(1777427999.120:12794): avc:  denied  { read write } for  pid=30557 comm="syz.2.3726" name="fuse" dev="devtmpfs" ino=105 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1
[  449.110118][   T40] audit: type=1400 audit(1777427999.120:12795): avc:  denied  { open } for  pid=30557 comm="syz.2.3726" path="/dev/fuse" dev="devtmpfs" ino=105 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1
[  449.123651][ T6019] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  449.124038][   T40] audit: type=1400 audit(1777427999.120:12796): avc:  denied  { module_request } for  pid=30557 comm="syz.2.3726" kmod="fs-<NULL>" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  449.135977][   T40] audit: type=1400 audit(1777427999.130:12797): avc:  denied  { recv } for  pid=33 comm="ksoftirqd/3" saddr=127.0.0.1 src=36022 daddr=127.0.0.1 dest=30000 netif=lo scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1
[  449.155862][ T6019] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  449.174774][ T6019] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  449.205413][ T6019] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  449.248864][ T6019] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  449.256052][ T6037] usb 10-1: new high-speed USB device number 33 using dummy_hcd
[  449.274886][ T6019] mceusb 9-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  449.285989][ T6019] mceusb 9-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  449.394336][ T6037] usb 10-1: device descriptor read/64, error -71
[  449.425590][ T6019] usb 9-1: USB disconnect, device number 60
[  449.634609][ T6037] usb 10-1: new high-speed USB device number 34 using dummy_hcd
[  449.703835][T30593] 9pnet_virtio: no channels available for device 127.0.0.1
[  449.718260][T30593] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3730'.
[  449.722108][T30593] netlink: 16 bytes leftover after parsing attributes in process `syz.6.3730'.
[  449.736924][T30593] CIFS mount error: No usable UNC path provided in device string!
[  449.736924][T30593] 
[  449.741636][T30593] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  449.784555][ T6037] usb 10-1: device descriptor read/64, error -71
[  449.894239][ T6037] usb usb10-port1: attempt power cycle
[  450.034763][ T6019] usb 9-1: new high-speed USB device number 61 using dummy_hcd
[  450.198118][ T6019] usb 9-1: Using ep0 maxpacket: 32
[  450.222082][ T6019] usb 9-1: config index 0 descriptor too short (expected 29220, got 36)
[  450.225114][ T6019] usb 9-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  450.228757][ T6019] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 81
[  450.232558][ T6019] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  450.237725][T30625] Bluetooth: (null): Too short H5 packet
[  450.243173][ T6019] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  450.245016][ T6037] usb 10-1: new high-speed USB device number 35 using dummy_hcd
[  450.249609][ T6019] usb 9-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  450.254322][ T1168] Bluetooth: (null): Invalid header checksum
[  450.258151][ T6019] usb 9-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  450.267920][ T6037] usb 10-1: device descriptor read/8, error -71
[  450.271303][ T6019] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  450.295651][ T6019] usb 9-1: config 0 descriptor??
[  450.504577][ T6037] usb 10-1: new high-speed USB device number 36 using dummy_hcd
[  450.516597][ T6019] usblp 9-1:0.0: usblp0: USB Bidirectional printer dev 61 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  450.524776][ T6037] usb 10-1: device descriptor read/8, error -71
[  450.555530][ T6019] usb 9-1: USB disconnect, device number 61
[  450.583877][   T53] usb 7-1: new high-speed USB device number 63 using dummy_hcd
[  450.590063][ T6019] usblp0: removed
[  450.634936][ T6037] usb usb10-port1: unable to enumerate USB device
[  450.734364][   T53] usb 7-1: Using ep0 maxpacket: 16
[  450.738136][   T53] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  450.745191][   T53] usb 7-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  450.748310][   T53] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  450.751265][   T53] usb 7-1: Product: syz
[  450.752856][   T53] usb 7-1: Manufacturer: syz
[  450.754771][   T53] usb 7-1: SerialNumber: syz
[  450.759840][   T53] usb 7-1: config 0 descriptor??
[  450.764550][   T53] em28xx 7-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  450.768507][   T53] em28xx 7-1:0.0: DVB interface 0 found: bulk
[  451.025085][ T6019] usb 9-1: new high-speed USB device number 62 using dummy_hcd
[  451.254884][ T6019] usb 9-1: Using ep0 maxpacket: 32
[  451.328646][T30661] netlink: 'syz.6.3743': attribute type 4 has an invalid length.
[  451.369686][   T53] em28xx 7-1:0.0: unknown em28xx chip ID (0)
[  451.496423][ T6019] usb 9-1: config index 0 descriptor too short (expected 29220, got 36)
[  451.500714][ T6019] usb 9-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  451.504006][ T6019] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 81
[  451.507731][ T6019] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  451.511200][ T6019] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  451.514904][ T6019] usb 9-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  451.520085][ T6019] usb 9-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  451.523391][ T6019] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  451.557081][ T6019] usb 9-1: config 0 descriptor??
[  451.781678][ T6019] usblp 9-1:0.0: usblp0: USB Bidirectional printer dev 62 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  451.786680][   T53] em28xx 7-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  451.790270][   T53] em28xx 7-1:0.0: board has no eeprom
[  451.854277][   T53] em28xx 7-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  451.857662][   T53] em28xx 7-1:0.0: dvb set to bulk mode.
[  451.863403][ T6018] em28xx 7-1:0.0: Binding DVB extension
[  451.868872][   T53] usb 7-1: USB disconnect, device number 63
[  451.872127][   T53] em28xx 7-1:0.0: Disconnecting em28xx
[  451.889163][ T6018] em28xx 7-1:0.0: Registering input extension
[  451.892157][   T53] em28xx 7-1:0.0: Closing input extension
[  451.935271][   T53] em28xx 7-1:0.0: Freeing device
[  451.966929][ T6018] usb 9-1: USB disconnect, device number 62
[  451.975268][ T6018] usblp0: removed
[  452.039528][T30702] SELinux: ebitmap: map size 0 does not match my size 64 (high bit was 0)
[  452.047189][T30702] SELinux: failed to load policy
[  452.280487][T30715] iommufd_mock iommufd_mock0: Adding to iommu group 9
[  452.429706][T30735] dlm: no locking on control device
[  452.526440][T30739] netlink: 'syz.6.3754': attribute type 5 has an invalid length.
[  452.661433][T30748] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3756'.
[  452.664952][T30748] openvswitch: netlink: nsh attribute has 4 unknown bytes.
[  453.084055][ T8753] usb 7-1: new high-speed USB device number 64 using dummy_hcd
[  453.149826][T30773] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3760'.
[  453.193866][T30773] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3760'.
[  453.198328][T30773] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3760'.
[  453.233892][ T8753] usb 7-1: Using ep0 maxpacket: 16
[  453.239531][ T8753] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  453.246608][ T8753] usb 7-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  453.250310][ T8753] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  453.253483][ T8753] usb 7-1: Product: syz
[  453.255581][ T8753] usb 7-1: Manufacturer: syz
[  453.257837][ T8753] usb 7-1: SerialNumber: syz
[  453.262856][ T8753] usb 7-1: config 0 descriptor??
[  453.272612][ T8753] em28xx 7-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  453.276240][ T8753] em28xx 7-1:0.0: DVB interface 0 found: bulk
[  453.561249][T30825] overlayfs: failed to clone upperpath
[  453.698364][T30839] tmpfs: Group quota block hardlimit too large.
[  453.702140][T30837] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3770'.
[  453.795646][T30849] bridge1: trying to set multicast query interval above maximum, setting to 8640000 (86400000ms)
[  453.820775][T30847] bridge2: trying to set multicast query interval above maximum, setting to 8640000 (86400000ms)
[  453.826601][T30848] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3772'.
[  453.844040][T30848] fuse: Unknown parameter 'gd'
[  453.850323][T30848] 
[  453.851406][T30848] ======================================================
[  453.854409][T30848] WARNING: possible circular locking dependency detected
[  453.857364][T30848] syzkaller #0 Tainted: G             L     
[  453.860020][T30848] ------------------------------------------------------
[  453.863187][T30848] syz.5.3772/30848 is trying to acquire lock:
[  453.866539][T30848] ffffffff908a9ad8 (nr_neigh_list_lock){+...}-{3:3}, at: nr_remove_neigh+0x1a/0x290
[  453.870880][T30848] 
[  453.870880][T30848] but task is already holding lock:
[  453.873952][T30848] ffff88805be9f470 (&nr_node->node_lock){+...}-{3:3}, at: nr_add_node+0x603/0x2cb0
[  453.877417][ T8753] em28xx 7-1:0.0: unknown em28xx chip ID (0)
[  453.877939][T30848] 
[  453.877939][T30848] which lock already depends on the new lock.
[  453.877939][T30848] 
[  453.877950][T30848] 
[  453.877950][T30848] the existing dependency chain (in reverse order) is:
[  453.889686][T30848] 
[  453.889686][T30848] -> #2 (&nr_node->node_lock){+...}-{3:3}:
[  453.892838][T30848]        _raw_spin_lock_bh+0x33/0x40
[  453.895190][T30848]        nr_rt_device_down+0x18e/0x820
[  453.897514][T30848]        nr_device_event+0x126/0x170
[  453.900084][T30848]        notifier_call_chain+0x99/0x400
[  453.902882][T30848]        call_netdevice_notifiers_info+0xbe/0x110
[  453.906082][T30848]        __dev_notify_flags+0x1f7/0x2e0
[  453.908490][T30848]        netif_change_flags+0x108/0x160
[  453.910867][T30848]        dev_change_flags+0xba/0x250
[  453.913049][T30848]        dev_ifsioc+0x1682/0x1f20
[  453.915082][T30848]        dev_ioctl+0x342/0x10e0
[  453.917414][T30848]        sock_do_ioctl+0x1a0/0x280
[  453.919941][T30848]        sock_ioctl+0x599/0x6b0
[  453.922365][T30848]        __x64_sys_ioctl+0x18e/0x210
[  453.924751][T30848]        do_syscall_64+0x10b/0xf80
[  453.926653][T30848]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  453.929007][T30848] 
[  453.929007][T30848] -> #1 (nr_node_list_lock){+...}-{3:3}:
[  453.932196][T30848]        _raw_spin_lock_bh+0x33/0x40
[  453.934285][T30848]        nr_rt_device_down+0xd3/0x820
[  453.936366][T30848]        nr_device_event+0x126/0x170
[  453.938409][T30848]        notifier_call_chain+0x99/0x400
[  453.940763][T30848]        call_netdevice_notifiers_info+0xbe/0x110
[  453.943822][T30848]        __dev_notify_flags+0x1f7/0x2e0
[  453.946681][T30848]        netif_change_flags+0x108/0x160
[  453.949024][T30848]        dev_change_flags+0xba/0x250
[  453.951249][T30848]        dev_ifsioc+0x1682/0x1f20
[  453.953432][T30848]        dev_ioctl+0x342/0x10e0
[  453.955361][T30848]        sock_do_ioctl+0x1a0/0x280
[  453.957353][T30848]        sock_ioctl+0x599/0x6b0
[  453.959371][T30848]        __x64_sys_ioctl+0x18e/0x210
[  453.961803][T30848]        do_syscall_64+0x10b/0xf80
[  453.964393][T30848]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  453.967232][T30848] 
[  453.967232][T30848] -> #0 (nr_neigh_list_lock){+...}-{3:3}:
[  453.970317][T30848]        __lock_acquire+0x14b8/0x2630
[  453.972032][T30848]        lock_acquire+0x1b1/0x370
[  453.973665][T30848]        _raw_spin_lock_bh+0x33/0x40
[  453.975844][T30848]        nr_remove_neigh+0x1a/0x290
[  453.978219][T30848]        nr_add_node+0x24c4/0x2cb0
[  453.980585][T30848]        nr_rt_ioctl+0x16a5/0x29e0
[  453.983043][T30848]        nr_ioctl+0x16e/0x2d0
[  453.985105][T30848]        sock_do_ioctl+0x118/0x280
[  453.987139][T30848]        sock_ioctl+0x599/0x6b0
[  453.989177][T30848]        __x64_sys_ioctl+0x18e/0x210
[  453.991169][T30848]        do_syscall_64+0x10b/0xf80
[  453.992806][T30848]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  453.995393][T30848] 
[  453.995393][T30848] other info that might help us debug this:
[  453.995393][T30848] 
[  453.999417][   T40] kauditd_printk_skb: 145 callbacks suppressed
[  453.999439][   T40] audit: type=1400 audit(1777428004.020:12943): avc:  denied  { write } for  pid=30842 comm="syz.4.3767" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  454.000119][T30848] Chain exists of:
[  454.000119][T30848]   nr_neigh_list_lock --> nr_node_list_lock --> &nr_node->node_lock
[  454.000119][T30848] 
[  454.016102][T30848]  Possible unsafe locking scenario:
[  454.016102][T30848] 
[  454.019197][T30848]        CPU0                    CPU1
[  454.021428][T30848]        ----                    ----
[  454.023912][T30848]   lock(&nr_node->node_lock);
[  454.026536][T30848]                                lock(nr_node_list_lock);
[  454.029838][T30848]                                lock(&nr_node->node_lock);
[  454.032643][T30848]   lock(nr_neigh_list_lock);
[  454.034664][T30848] 
[  454.034664][T30848]  *** DEADLOCK ***
[  454.034664][T30848] 
[  454.037889][T30848] 1 lock held by syz.5.3772/30848:
[  454.039933][T30848]  #0: ffff88805be9f470 (&nr_node->node_lock){+...}-{3:3}, at: nr_add_node+0x603/0x2cb0
[  454.043769][T30848] 
[  454.043769][T30848] stack backtrace:
[  454.046921][T30848] CPU: 0 UID: 0 PID: 30848 Comm: syz.5.3772 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  454.046959][T30848] Tainted: [L]=SOFTLOCKUP
[  454.046969][T30848] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  454.046985][T30848] Call Trace:
[  454.046996][T30848]  <TASK>
[  454.047008][T30848]  dump_stack_lvl+0x100/0x190
[  454.047045][T30848]  print_circular_bug.cold+0x178/0x1c7
[  454.047086][T30848]  check_noncircular+0x146/0x160
[  454.047117][T30848]  __lock_acquire+0x14b8/0x2630
[  454.047152][T30848]  lock_acquire+0x1b1/0x370
[  454.047179][T30848]  ? nr_remove_neigh+0x1a/0x290
[  454.047207][T30848]  ? do_raw_spin_lock+0x128/0x260
[  454.047248][T30848]  _raw_spin_lock_bh+0x33/0x40
[  454.047277][T30848]  ? nr_remove_neigh+0x1a/0x290
[  454.047306][T30848]  nr_remove_neigh+0x1a/0x290
[  454.047336][T30848]  nr_add_node+0x24c4/0x2cb0
[  454.047368][T30848]  nr_rt_ioctl+0x16a5/0x29e0
[  454.047396][T30848]  ? __pfx_nr_rt_ioctl+0x10/0x10
[  454.047424][T30848]  ? kasan_quarantine_put+0x104/0x240
[  454.047466][T30848]  ? bpf_lsm_capable+0x9/0x10
[  454.047489][T30848]  ? security_capable+0x80/0x260
[  454.047530][T30848]  nr_ioctl+0x16e/0x2d0
[  454.047554][T30848]  sock_do_ioctl+0x118/0x280
[  454.047581][T30848]  ? __pfx_sock_do_ioctl+0x10/0x10
[  454.047615][T30848]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  454.047638][T30848]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  454.047669][T30848]  sock_ioctl+0x599/0x6b0
[  454.047695][T30848]  ? __pfx_sock_ioctl+0x10/0x10
[  454.047717][T30848]  ? hook_file_ioctl_common+0x149/0x410
[  454.047749][T30848]  ? selinux_file_ioctl+0x13b/0x290
[  454.047773][T30848]  ? selinux_file_ioctl+0xb6/0x290
[  454.047800][T30848]  ? __pfx_sock_ioctl+0x10/0x10
[  454.047827][T30848]  __x64_sys_ioctl+0x18e/0x210
[  454.047852][T30848]  do_syscall_64+0x10b/0xf80
[  454.047882][T30848]  ? clear_bhb_loop+0x40/0x90
[  454.047911][T30848]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  454.047937][T30848] RIP: 0033:0x7f60f739c819
[  454.047958][T30848] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  454.047983][T30848] RSP: 002b:00007f60f817f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  454.048008][T30848] RAX: ffffffffffffffda RBX: 00007f60f7615fa0 RCX: 00007f60f739c819
[  454.048024][T30848] RDX: 0000200000000300 RSI: 000000000000890b RDI: 0000000000000004
[  454.048041][T30848] RBP: 00007f60f7432c91 R08: 0000000000000000 R09: 0000000000000000
[  454.048056][T30848] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  454.048070][T30848] R13: 00007f60f7616038 R14: 00007f60f7615fa0 R15: 00007ffdabae3a48
[  454.048092][T30848]  </TASK>
[  454.211295][   T40] audit: type=1400 audit(1777428004.230:12944): avc:  denied  { read write } for  pid=10981 comm="syz-executor" name="loop4" dev="devtmpfs" ino=662 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  454.225195][   T40] audit: type=1400 audit(1777428004.230:12945): avc:  denied  { open } for  pid=10981 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=662 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  454.237114][   T40] audit: type=1400 audit(1777428004.230:12946): avc:  denied  { ioctl } for  pid=10981 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=662 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  454.290478][    C3] raw-gadget.0 gadget.2: ignoring, device is not running
[  454.293099][ T8753] em28xx 7-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  454.296249][ T8753] em28xx 7-1:0.0: board has no eeprom
[  454.364201][ T8753] em28xx 7-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  454.367476][ T8753] em28xx 7-1:0.0: dvb set to bulk mode.
[  454.370371][ T6448] em28xx 7-1:0.0: Binding DVB extension
[  454.380040][ T8753] usb 7-1: USB disconnect, device number 64
[  454.386238][ T8753] em28xx 7-1:0.0: Disconnecting em28xx
[  454.391098][ T6448] em28xx 7-1:0.0: Registering input extension
[  454.399310][ T8753] em28xx 7-1:0.0: Closing input extension
[  454.424808][ T8753] em28xx 7-1:0.0: Freeing device