last executing test programs:

12.303456522s ago: executing program 4 (id=1101):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102400, 0x19000)
r1 = fsopen(&(0x7f0000000100)='cifs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000040)='source', &(0x7f0000000380)='//\xf2b\x06\b\xba\xdfXo\xdc\xea\x95\x9a\x82\x10\x97W\x8f7\x98\x9b/Q9\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce\x14\\//\x00\x00\xa7\xfb\xf4\x84\x1fA\xeas^\xef\xa2\x85\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7ul\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\xef\x8b<M\n\xc0`[\x82\xf6$\xa4\xbe\x1e\xd3\xe4\xd9L\x14\xed\xcfK\xcc\xeb,\x1a1\xa6\xf3e\xc2F\xc3\x00\xaa\xd5\xfc\x1bR\xa9\x8c\xb4&\x9f\xa2$\x06\x1a\xb0W#\xf4\xde6\x04c\xc0\xeec\xa0l\xd5d\xe5\xcd\xb2\xc10\x97w\x87\xe5\x06\x91W\rr\xf5\x97%\xe8pO\xeb]\xc2\x98C\xffK\xa0\xb3\\\x99{\xcdR\x92\x94\xf7\x1d\x01Q\x1a\xbd\x15b\x15h\xe2!\x00\xb9z)\x19\x00\xee\xd2)[p`\xb3\x03\xa7p\'X\xec\xcdoX\x05\xff\xff/o\xb2\xad\xb8\x89i@\f\xffS&\x8a\xc9\xfez\xc2\x90\xe7F\xa6\xdb\r\x03j,N\xe1lw\n\xad\xe8\xf0\xbd\xa1\x98\xce\xf9\x1eR\x9cc\xc5ke_\xa7\x11\"\x04\xd8.\xa0\x15\x83\xf1\x92\xdby\xe9\xdc@.\xc1g\xc6\fc\xa26\xd8\xdf\xef\xf7\x9c\x1a\xcc\x8am\x8b7\xcf\xc5\xa6\xf4\f\xabj%Y\xa9\xdd\x0e9e\xb5\xec\x99@\xd2\t\n\xb1o\xe5\xa8Q\xc9\xe75Q\xea\xd8\xa2=F\x9b\x8f\x8d\xfc\' {e\x949X\xda\xe8H\x1a\x85\xd7%\x93?w}\xfb\xd9t\xea\xbb\xbe\x9b\\\xd7\xd7\xd4\xe2\xd6c(`(r\xd2\xb1G\xe3\xda&\xca\xaa\xba\v\xc5\xa3H\xb1\x11G\xab\xa2\x1f\xa0\xc3\xd9\xcd\xfb\x1a,\x13S\xf1\xfe\xe5F\xf4\xfb\xc8|\x89\x0fNq\x97J\xb9J\x88S\xc5\xb8\x12\x93\xbe\xb9b\xc7\xbc\x03\x03.E\xab\x82\x1c\xbc1\x9d\x14\xfa\x1f\xdd\x1e*\x03`\x91\xe8x\x0f\x05\x1e\xf5\xbfNo\xd4\x0f]S\x85\x89@\xa9f\x05\xfe\x9fkM\xa5\xf6\xc2\x04\xbf\xc7', 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000000), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000640)={'batadv0\x00', <r6=>0x0})
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)={0x1c, r5, 0x70f, 0x0, 0xfffffffc, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r6}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4005}, 0x0)
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
msgctl$MSG_STAT(0x0, 0xb, 0x0)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
openat$kvm(0xffffff9c, &(0x7f0000000100), 0x41, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000006c0)=ANY=[@ANYBLOB="840000001000010029bd", @ANYRES32=0x0, @ANYBLOB="4db20200201a0100140003006e6574646576696d30000000000000480016804400018040000c8014000104ff0300ff88a8000014000100390e00003f0000000d000000810000001400010006000000af0600000700000088a8000005001100060000000000000000000000337289ae8504346600e663960b2466b8aeb6d543ca7b0ab342095dd8aa80a9436ac2f322cd6bb964e3248157af44c58b53fb284ad18ee521b78b0b06ef2dad61583deb42535f695fa951acd31c264302f8cf225703e15e75fdce5a1ff4e570ebb45af53eccb1516d8def50533b5f61b1961d6e411e810b50479cbc89d6eb23e675fab18f5bc89bdf67e63c3a34a9b8d2f3463364440011f94697a1268132e3156cb0b86d0f71cd3e098d4e882411b6763ef758914a129ed919881e570d9c2c4d45de1caa2435dd1ab7a763a6f01bdb1e36727c8c58cd23ad23fc2062ffb4739414d48a51a88f347f23e25f86997fba7ff58b9bf71852fbd447671c42bd634bfa3596779eda8fee1fb15795043e407170dfb2505fadfdc458a14fd5bc0590426fa7934d1ff54cbbb906eafd578be843cecda14de96ee5424b"], 0x84}, 0x1, 0x0, 0x0, 0xc1}, 0x0)
ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_open_dev$swradio(&(0x7f0000000240), 0x0, 0x2)
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x35}, {0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x7}, {0x0, 0x4, 0x9, 0x0, 0x0, 0x0, 0x8, 0x10, 0x2, 0x0, 0x0, 0xff}]})
r8 = msgget$private(0x0, 0x4a0)
msgctl$IPC_STAT(r8, 0x2, 0x0)

11.119309638s ago: executing program 4 (id=1105):
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x8044)
r0 = socket$netlink(0x10, 0x3, 0xc)
r1 = syz_genetlink_get_family_id$nl80211(0x0, r0)
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0028144edbaa7815cd81f11098bb2c20688f04346d473fac1a38bd70", @ANYRES32=0x0, @ANYBLOB="0c009900ad0000003700000010003400b6aa10f4458b6ef510df8542"], 0x38}, 0x1, 0x0, 0x0, 0x8080}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r3 = dup(r2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r3, 0x0)
ioctl$BLKZEROOUT(r3, 0x127f, &(0x7f00000000c0)={0x4000, 0x80600})
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x6, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000040000000000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x74, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$tipc(0x1e, 0x2, 0x0, 0x0)
close(0xffffffffffffffff)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x8202, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='fdinfo/3\x00')
read$FUSE(r5, &(0x7f0000006140)={0x2020}, 0x2048)
bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="1200000007000000010001000180000002200200", @ANYRES32, @ANYBLOB="2000000000000004252fa589d3930000000000000000001458ca", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r6 = io_uring_setup(0x51ce, &(0x7f0000000240)={0x0, 0x823c, 0x8, 0x2, 0x108})
io_uring_register$IORING_UNREGISTER_BUFFERS(r6, 0x1, 0x2000000, 0x0)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
r7 = gettid()
openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r8 = syz_open_procfs(0x0, &(0x7f0000000500)='fd/3\x00')
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x1)
ioctl$KVM_SET_SREGS2(r11, 0x4140aecd, &(0x7f0000002240)={{0x6000, 0x2000, 0xd, 0xf8, 0x4, 0x3, 0x0, 0x7f, 0x6, 0x2, 0x8, 0xac}, {0xffff1000, 0x40000, 0xe, 0xff, 0x40, 0x6b, 0x9, 0x5, 0x6d, 0x51, 0x80}, {0xdddd1000, 0x58000, 0x8, 0x8, 0x66, 0x8, 0x0, 0xf, 0x3, 0x7, 0x8, 0x6}, {0x4, 0x5000, 0xe, 0x6, 0xf, 0x8, 0xff, 0x6, 0x10, 0x9, 0x8, 0x99}, {0x9000, 0xfffe1000, 0x3, 0x9, 0x7, 0x1, 0x85, 0x9, 0x6, 0x80, 0x7, 0x3}, {0x6c004, 0xfec00000, 0xd, 0xbf, 0x2f, 0x8, 0x3, 0x2b, 0x2, 0x36, 0x79, 0xc5}, {0x7000, 0xeeef0000, 0x9, 0x9, 0xc, 0xff, 0x1, 0xe, 0x43, 0x1, 0x4d, 0x3}, {0x25000, 0xdddd0000, 0x8, 0x2, 0x4, 0xa, 0xe, 0x32, 0x1, 0xdc, 0xd0}, {0xd000, 0x9}, {0x41000, 0xfe12}, 0xa0010020, 0x0, 0x7000, 0x140400, 0xc, 0x9d01, 0x4000, 0x0, [0x6, 0xa, 0xc, 0xfffffffffffffffa]})
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r8, 0x541b, 0x0)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x800000000004, @tid=r7}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)

9.647669827s ago: executing program 4 (id=1112):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x800001000088}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000040)=0x7)
r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040301, 0x0)
r2 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x1000000000000, 0x0}}, 0xfdbc)
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r2, 0xc0884113, &(0x7f0000000080)={0x1, 0x80, 0x80000000, 0x0, 0x31, 0x0, 0x1, 0x0, 0xfffffffffffffffc, 0x1, 0x0, 0x2})
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000940)={{0x14}, [@NFT_MSG_NEWRULE={0x78, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0x5}, [@NFTA_RULE_EXPRESSIONS={0x4c, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @osf={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_OSF_DREG={0x8, 0x1, 0x1, 0x0, 0x4}]}}}, {0x30, 0x1, 0x0, 0x1, @nat={{0x8}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_NAT_TYPE={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_NAT_REG_ADDR_MIN={0x8, 0x3, 0x1, 0x0, 0x14}, @NFTA_NAT_FAMILY={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_NAT_REG_ADDR_MAX={0x8, 0x4, 0x1, 0x0, 0x15}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0xa0}, 0x1, 0x0, 0x0, 0x850}, 0x0)
r4 = getpgrp(0x0)
sched_setaffinity(r4, 0x8, &(0x7f0000000040)=0x5)
prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x2, 0x0)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r6 = syz_clone(0x80000, 0x0, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r6, 0x1, 0x0)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$TIPC_CONN_TIMEOUT(0xffffffffffffffff, 0x10f, 0x82, 0x0, 0x0)
r8 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r8, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r8, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r8, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@dev, @in6=@mcast2, 0x0, 0x0, 0xfbff, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x28c, 0x1, 0x0, 0x5e}, {0x7}, 0x0, 0x0, 0x2}, {{@in=@rand_addr=0x64010102, 0x4d5, 0x33}, 0x0, @in6=@loopback, 0x0, 0x3, 0x0, 0xf7, 0x0, 0x8000000}}, 0xe8)
sendmmsg(r8, &(0x7f0000007fc0), 0x800001d, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000080), 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
ioctl$FS_IOC_FIEMAP(0xffffffffffffffff, 0xc020660b, 0x0)

9.297994459s ago: executing program 0 (id=1115):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102400, 0x19000)
r1 = fsopen(&(0x7f0000000100)='cifs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000040)='source', &(0x7f0000000380)='//\xf2b\x06\b\xba\xdfXo\xdc\xea\x95\x9a\x82\x10\x97W\x8f7\x98\x9b/Q9\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce\x14\\//\x00\x00\xa7\xfb\xf4\x84\x1fA\xeas^\xef\xa2\x85\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7ul\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\xef\x8b<M\n\xc0`[\x82\xf6$\xa4\xbe\x1e\xd3\xe4\xd9L\x14\xed\xcfK\xcc\xeb,\x1a1\xa6\xf3e\xc2F\xc3\x00\xaa\xd5\xfc\x1bR\xa9\x8c\xb4&\x9f\xa2$\x06\x1a\xb0W#\xf4\xde6\x04c\xc0\xeec\xa0l\xd5d\xe5\xcd\xb2\xc10\x97w\x87\xe5\x06\x91W\rr\xf5\x97%\xe8pO\xeb]\xc2\x98C\xffK\xa0\xb3\\\x99{\xcdR\x92\x94\xf7\x1d\x01Q\x1a\xbd\x15b\x15h\xe2!\x00\xb9z)\x19\x00\xee\xd2)[p`\xb3\x03\xa7p\'X\xec\xcdoX\x05\xff\xff/o\xb2\xad\xb8\x89i@\f\xffS&\x8a\xc9\xfez\xc2\x90\xe7F\xa6\xdb\r\x03j,N\xe1lw\n\xad\xe8\xf0\xbd\xa1\x98\xce\xf9\x1eR\x9cc\xc5ke_\xa7\x11\"\x04\xd8.\xa0\x15\x83\xf1\x92\xdby\xe9\xdc@.\xc1g\xc6\fc\xa26\xd8\xdf\xef\xf7\x9c\x1a\xcc\x8am\x8b7\xcf\xc5\xa6\xf4\f\xabj%Y\xa9\xdd\x0e9e\xb5\xec\x99@\xd2\t\n\xb1o\xe5\xa8Q\xc9\xe75Q\xea\xd8\xa2=F\x9b\x8f\x8d\xfc\' {e\x949X\xda\xe8H\x1a\x85\xd7%\x93?w}\xfb\xd9t\xea\xbb\xbe\x9b\\\xd7\xd7\xd4\xe2\xd6c(`(r\xd2\xb1G\xe3\xda&\xca\xaa\xba\v\xc5\xa3H\xb1\x11G\xab\xa2\x1f\xa0\xc3\xd9\xcd\xfb\x1a,\x13S\xf1\xfe\xe5F\xf4\xfb\xc8|\x89\x0fNq\x97J\xb9J\x88S\xc5\xb8\x12\x93\xbe\xb9b\xc7\xbc\x03\x03.E\xab\x82\x1c\xbc1\x9d\x14\xfa\x1f\xdd\x1e*\x03`\x91\xe8x\x0f\x05\x1e\xf5\xbfNo\xd4\x0f]S\x85\x89@\xa9f\x05\xfe\x9fkM\xa5\xf6\xc2\x04\xbf\xc7', 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000000), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000640)={'batadv0\x00', <r6=>0x0})
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)={0x1c, r5, 0x70f, 0x0, 0xfffffffc, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r6}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4005}, 0x0)
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
msgctl$MSG_STAT(0x0, 0xb, 0x0)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
openat$kvm(0xffffff9c, &(0x7f0000000100), 0x41, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000006c0)=ANY=[@ANYBLOB="840000001000010029bd", @ANYRES32=0x0, @ANYBLOB="4db20200201a0100140003006e6574646576696d30000000000000480016804400018040000c8014000104ff0300ff88a8000014000100390e00003f0000000d000000810000001400010006000000af0600000700000088a8000005001100060000000000000000000000337289ae8504346600e663960b2466b8aeb6d543ca7b0ab342095dd8aa80a9436ac2f322cd6bb964e3248157af44c58b53fb284ad18ee521b78b0b06ef2dad61583deb42535f695fa951acd31c264302f8cf225703e15e75fdce5a1ff4e570ebb45af53eccb1516d8def50533b5f61b1961d6e411e810b50479cbc89d6eb23e675fab18f5bc89bdf67e63c3a34a9b8d2f3463364440011f94697a1268132e3156cb0b86d0f71cd3e098d4e882411b6763ef758914a129ed919881e570d9c2c4d45de1caa2435dd1ab7a763a6f01bdb1e36727c8c58cd23ad23fc2062ffb4739414d48a51a88f347f23e25f86997fba7ff58b9bf71852fbd447671c42bd634bfa3596779eda8fee1fb15795043e407170dfb2505fadfdc458a14fd5bc0590426fa7934d1ff54cbbb906eafd578be843cecda14de96ee5424b"], 0x84}, 0x1, 0x0, 0x0, 0xc1}, 0x0)
ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_open_dev$swradio(&(0x7f0000000240), 0x0, 0x2)
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x35}, {0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x7}, {0x0, 0x4, 0x9, 0x0, 0x0, 0x0, 0x8, 0x10, 0x2, 0x0, 0x0, 0xff}]})
r8 = msgget$private(0x0, 0x4a0)
msgctl$IPC_STAT(r8, 0x2, 0x0)

7.367437364s ago: executing program 0 (id=1117):
syz_usb_connect(0x3, 0x24, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x44800)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x2)
fsopen(0x0, 0x1)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="0500000004000000060000000400000000000000", @ANYRES32, @ANYBLOB="03100000000000000000000000d0f80000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000000000000000000d1cd75547e5a031bcdfd43a0d5f9269d729d1990468c3639b0317915532338aa18707f"], 0x48)
r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000080), 0x80081, 0x0)
ioctl$SOUND_MIXER_READ_RECMASK(r4, 0x80044dfd, &(0x7f0000000140))
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0b00000005000000020000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0x15, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000020000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000070000047b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002000000850000008200000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)

6.897494091s ago: executing program 4 (id=1121):
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(0xffffffffffffffff, 0x40045532, &(0x7f0000000000))
prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x6, 0x7}, 0x0)
close(0xffffffffffffffff)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$alg(0x26, 0x5, 0x0)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
faccessat2(0xffffffffffffffff, &(0x7f0000001400)='\x00', 0x0, 0x1100)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb0958730", 0x4c}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb", 0x4d}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(0xffffffffffffffff, 0x0, 0x40000103)
r2 = syz_open_dev$ttys(0xc, 0x2, 0x1)
r3 = syz_open_dev$ptys(0xc, 0x3, 0x1)
ioctl$TIOCPKT(r2, 0x5420, 0x0)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000880)=0x3)

6.606326688s ago: executing program 2 (id=1124):
r0 = openat$kvm(0x0, &(0x7f0000000180), 0x3ac42, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000c00000/0x400000)=nil)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
syz_clone(0x1906000, &(0x7f0000000000), 0x0, 0x0, 0x0, 0x0)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
process_vm_writev(r2, &(0x7f0000002180)=[{&(0x7f0000000080)=""/215, 0xd7}], 0x1, &(0x7f0000002540)=[{&(0x7f00000021c0)=""/233, 0xe9}], 0x1, 0x0)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r3, 0xffffffffffffffff, 0x0)

6.452081972s ago: executing program 0 (id=1125):
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x2000, 0x1)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x4, 0x0, 0x20}]}, 0x10)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8bf, 0x10008b}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$sndmidi(0x0, 0x2, 0x141102)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$inet_IP_XFRM_POLICY(r0, 0x11, 0x11, &(0x7f0000000880)={{{@in6=@local, @in=@multicast1}}, {{@in=@remote}, 0x0, @in=@multicast1}}, &(0x7f0000000000)=0xe8)
r1 = socket$phonet_pipe(0x23, 0x5, 0x2)
syz_io_uring_setup(0x497, &(0x7f0000000400)={0x0, 0x8e82, 0x100, 0x14, 0x2ac}, &(0x7f00000003c0)=<r2=>0x0, 0x0)
syz_io_uring_submit(r2, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x1000000000002)
sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, 0x0, 0x20000000)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x6, 0x10, &(0x7f0000000340)=ANY=[@ANYRES64=r2, @ANYRES8=r0, @ANYRESOCT=r1, @ANYRES16=0x0], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001480), 0x42002, 0x0)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDFONTOP_GET(r4, 0x4b72, &(0x7f0000000100)={0x1, 0x0, 0x5, 0x1d, 0x88, &(0x7f0000000480)})
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r5 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x862b01)
ioctl$EVIOCSFF(r5, 0x40304580, &(0x7f00000003c0)={0x55, 0x8000, 0xfffd, {0x0, 0x1}, {0x50, 0x2}, @cond=[{0x1ff, 0x5388, 0x6f5, 0x800, 0xc7, 0x2}, {0xffff, 0x5, 0x1, 0x46, 0x6, 0xfd}]})
write$char_usb(r5, &(0x7f0000000040)="e2", 0x2250)

5.566513623s ago: executing program 3 (id=1128):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f00000002c0)={0x3, 0x100, 0x7f})
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r1, 0x100000000)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x585d}, [@IFLA_IFNAME={0x14, 0x3, 'ipvlan1\x00'}, @IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPVLAN_FLAGS={0x6, 0x2, 0x1}]}}}]}, 0x50}, 0x1, 0x0, 0x0, 0x840}, 0x0)

5.516364181s ago: executing program 1 (id=1129):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_int(r2, 0x0, 0x33, 0x0, 0x0)
listen(r2, 0x7)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000040)={@val={0x6f01, 0x800}, @val={0x1, 0x0, 0x0, 0x3, 0x20}, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local}, {{0x0, 0x8000, 0x41424344, 0x41424344, 0x0, 0x5, 0x5, 0x0, 0x700, 0x0, 0x1b}}}}}, 0x36)

5.444375596s ago: executing program 2 (id=1130):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x0, &(0x7f0000000200)=0x7)
socket$inet_icmp(0x2, 0x2, 0x1)
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x275a, 0x0)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000180), 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x26e1, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x24, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r4 = openat$mice(0xffffffffffffff9c, &(0x7f00000002c0), 0x0)
read$FUSE(r4, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
syz_open_dev$MSR(&(0x7f0000000300), 0x0, 0x0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
splice(0xffffffffffffffff, 0x0, r5, 0x0, 0x88000cc, 0x0)
write$eventfd(0xffffffffffffffff, &(0x7f0000000240), 0xffffff14)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)

5.170919467s ago: executing program 3 (id=1131):
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=0x0])
mount$tmpfs(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180), 0x1004442, &(0x7f00000002c0)={[{@huge_never}, {@usrquota_inode_hardlimit={'usrquota_inode_hardlimit', 0x3d, [0x67, 0x35]}}, {@huge_always}], [{@measure}, {@seclabel}, {@audit}, {@dont_measure}, {@fsuuid={'fsuuid', 0x3d, {[0x31, 0x33, 0x33, 0x36, 0x31, 0x34, 0x37, 0x65], 0x2d, [0x63, 0x30, 0x32, 0x37], 0x2d, [0x37, 0x56, 0x6c, 0x39], 0x2d, [0x61, 0x64, 0x32, 0x64], 0x2d, [0x63, 0x34, 0x31, 0x66, 0x66, 0x39, 0x6, 0x51]}}}, {@subj_user={'subj_user', 0x3d, '/proc/self\x00'}}, {@pcr={'pcr', 0x3d, 0x11}}, {@fsmagic={'fsmagic', 0x3d, 0x6}}, {@func={'func', 0x3d, 'CREDS_CHECK'}}]})
mount(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000280)='autofs\x00', 0x201000c, &(0x7f0000000040))
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000480)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}])
openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x40000, 0x120)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r1, 0xffffffffffffffff, 0x0)

5.114539576s ago: executing program 1 (id=1132):
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000600)=ANY=[], 0x0, 0x26}, 0x28)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000000)='source', &(0x7f00000000c0)='%(:2', 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(0xffffffffffffffff, &(0x7f0000000300)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), 0x0, &(0x7f00000004c0), 0x8c, 0x0)
prctl$PR_SET_MM(0x23, 0x4, &(0x7f0000ffd000/0x2000)=nil)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000000c0)='debugfs\x00', 0x1214040, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f00000003c0)={[], [], 0x2f})
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f0000000040)={[{@xino_on}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x4, 0x80)
getdents64(r3, &(0x7f0000000400)=""/4096, 0x1000)
sendmsg$inet6(0xffffffffffffffff, 0x0, 0x4048043)
r4 = openat$yama_ptrace_scope(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
sendfile(r1, r4, 0x0, 0x200000000000005)
umount2(&(0x7f0000000100)='./file0\x00', 0x8)
syz_open_dev$sndpcmp(0x0, 0x1, 0x40842)

4.079278836s ago: executing program 1 (id=1133):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r6 = dup3(r1, r0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000002c0)='./binderfs/custom0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x1000000, 0x0})

4.078551926s ago: executing program 2 (id=1134):
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x9)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x36, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x30}, 0x1, 0x0, 0x0, 0x1}, 0xc31fe084736598c)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
rseq(0x0, 0x0, 0x0, 0x0)
r5 = gettid()
r6 = syz_open_procfs(0x0, &(0x7f0000000300)='attr/keycreate\x00')
read$FUSE(r6, 0x0, 0x0)
sendmsg$IPSET_CMD_HEADER(r1, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="286c13be8c0601080000000000b884000a00000405005e44834ed4e032859a8a2cc2e630b6890200"], 0x28}, 0x1, 0x0, 0x0, 0xc4}, 0x20000004)
rt_sigtimedwait(&(0x7f0000000000)={[0xe]}, 0x0, 0x0, 0x8)
tkill(r5, 0x4)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000001714000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4010}, 0x4008050)
sendmsg$NFT_BATCH(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000020000000a3c000000120a09000000000000000000020000000900020073797a320000000008000440040000000900010073797a30000000000800034000000007"], 0x64}, 0x1, 0x0, 0x0, 0x44800}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f00000005c0)='kfree_skb\x00', r8}, 0x18)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={0x0, r9}, 0x18)

4.049548348s ago: executing program 3 (id=1135):
syz_usb_connect(0x3, 0x24, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x44800)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x2)
fsopen(0x0, 0x1)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="0500000004000000060000000400000000000000", @ANYRES32, @ANYBLOB="03100000000000000000000000d0f80000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000000000000000000d1cd75547e5a031bcdfd43a0d5f9269d729d1990468c3639b0317915532338aa18707f"], 0x48)
r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000080), 0x80081, 0x0)
ioctl$SOUND_MIXER_READ_RECMASK(r4, 0x80044dfd, &(0x7f0000000140))
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0b00000005000000020000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0x15, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000020000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000070000047b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002000000850000008200000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)

2.732461032s ago: executing program 1 (id=1136):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'bridge0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000580)=@newlink={0x40, 0x10, 0x401, 0x70bd27, 0x80, {0x0, 0x0, 0x11, 0x0, 0x1503}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @wireguard={{0xe}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r1}]}, 0x40}, 0x1, 0x0, 0x0, 0x2004d808}, 0x0)

2.601108832s ago: executing program 3 (id=1137):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
bind$inet(0xffffffffffffffff, 0x0, 0x0)
syz_open_dev$radio(&(0x7f0000000180), 0x1, 0x2)
r1 = syz_open_dev$usbfs(&(0x7f0000000080), 0x76, 0x109301)
ioctl$USBDEVFS_SUBMITURB(r1, 0x8038550a, &(0x7f0000001ac0)=@urb_type_bulk={0x3, {0x1, 0x1}, 0xffff, 0x40, 0x0, 0x0, 0x200006, 0x75, 0x6, 0x8, 0x79, 0x0})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xa, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2, 0x0, 0xffffffffffffffff}, 0x18)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$l2tp(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r3, &(0x7f0000000300)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)={0x64, r4, 0x10, 0x70bd28, 0x25dfdbfd, {}, [@L2TP_ATTR_VLAN_ID={0x6, 0xe, 0xfffc}, @L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x2}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_UDP_SPORT={0x6, 0x1a, 0x4e21}, @L2TP_ATTR_UDP_ZERO_CSUM6_RX={0x5, 0x22, 0x1}, @L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0x3}, @L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x8}, @L2TP_ATTR_DEBUG={0x8, 0x11, 0x1}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x2}, @L2TP_ATTR_LNS_MODE={0x5, 0x14, 0x7f}]}, 0x64}, 0x1, 0x0, 0x0, 0x4000000}, 0x8000)
r5 = getpid()
clock_gettime(0x7, &(0x7f0000000040))
r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000380), 0x4000000004882, 0x0)
io_setup(0x1, &(0x7f00000004c0)=<r7=>0x0)
io_submit(r7, 0xf3, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a0012fb, 0x2759, 0x7, 0x1, 0x0, r6, &(0x7f0000000000)="98", 0x3e8000072a, 0x1000000, 0x0, 0x10}])
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
connect$unix(r8, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r9, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r8, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x67)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x500, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043ef50d"], 0xf8)
close_range(r0, 0xffffffffffffffff, 0x0)

2.528433374s ago: executing program 2 (id=1138):
ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102400, 0x19000)
sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x40880)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
getsockopt$bt_BT_SNDMTU(r1, 0x112, 0xc, 0x0, 0x0)

1.572366237s ago: executing program 0 (id=1139):
ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x0)
sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x40880)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
getsockopt$bt_BT_SNDMTU(r0, 0x112, 0xc, 0x0, 0x0)

1.505269208s ago: executing program 3 (id=1140):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDFONTOP_SET(r0, 0x4b72, &(0x7f0000000000)={0x0, 0x3e00, 0x5, 0x5, 0x200, &(0x7f0000003c40)="1ae19337aa151f36ae49bb3f8cb95c5bf840d4f1e55efaaf098d47a70eb36a73090000000000001b0f4743f490c585108c1331c7749299a25a705f5096cb268cbc6070d680e1be250700000000000000472471ff550c0010000007f3c7b61abe4162256004ea8ca5e5b5f379c6eb3257eda08f7e6959090000004d13184d382747e035b4722525e00ade86b4c6d1e157c75d15c1f961ebc0a64d7f2a73f8979fcecacaa64f9b9069ebcc1d5b471edbc4f6c7f1b98ae74e909aa6f25b7fa77bf9cd4ed36d5c53dc519d11c3cc1c22a3b86cf3c645413f4afbcea0c99ded703699d2bb6a4a663b99b6069da5aaf64785a5887c31261d4b9e57ee07000000def6f255ca26108f11f02047d47f2d0fec30f7e92482f71496e184214a4e0c5fdc48b0af0c0478940016d8f0990a0e1090fd515380aae83c5eaeed338701574b64200a16ef2811fadcf1e0f49a514df529061e09ce45e3da03a03fe9b4a6bcfa7d04594e4f6d0714a2e14ea127ab37d64a5e0db630cd4f4a2e6c985a542ff20a9b2193f265f93a258a88dd6c9d6a926dd23d32425849c5d9210007660a617f22133b6cb5087f4c6057942aa18193172bd995fa70a1f949b196f2e2a3c175858575713be5ee3f7f4dcecc98123f9ded3afdebe13d79a7f7fcb2469ae0ac503111401612df7ee995f74fb97a63bf62d61f78c062f959119ab50c1f706a930121ebcd53ccb93d158186ed360750ca8e728150d988844b9a5cff46591ccaff416e5a8c25f9555da5ca6fdf75b86ea6171b046b856168f403b5253a5cc393430a09a4489a0895571e597ac8846f945ffb372a88d3a25978b463dc961416c80c55773f917020751ed51cfd73c1e06fbadd156d56bedc117af95d242d6dccbe2ce34dccd6005e944afa92b22ec9a698469c6edc06caa2cfcd61912607d459b4c28ebea9745bcd4697d75c9601fd333d3cd797963a3c71b7cc5fdc756da8d97207936e5f53b53b732533c2722e03002293517966611602f297de6ff5408777b7a93c45cee3ee5c5601a4e94266b295ea7a86812a7ab8896ec5ea1b12643e1844b185734528399e62bceb8700cc6cd491e4a4430d0a3ba329a5a2fa170fd0b1cc4ba8294de988cd35df2cd7344aa8a9f3432b96fb889c02f484f635a0cc3466a3c2733d45f176931b2db18dba54991a9553cedb7f585786388d4042dbae1c95b769e3d4e036e8afea0a04c04f542b152ca1fd1f8efee60425c5a122fd1b90e98635284abd9f217d9e19cb2a64b354c9d79509cc47d7305114990148a7291cb0fe2d1c773a6664b66ae04aa62c534d072ae54c2ca0d5962cc58945d8924abfc4d5af922462507430d8f2c17479a6678b0b3700000000000000000000000000000000000000000000f800"})

1.372081757s ago: executing program 1 (id=1141):
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x84}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0)
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000100)=[{&(0x7f0000000140)="d8bea3d4332f44f588d8ecc795", 0xd}, {0x0}], 0x2)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x1010, 0xffffffffffffffff, 0x0)
userfaultfd(0x80801)
sendmsg$NL80211_CMD_SET_BSS(0xffffffffffffffff, 0x0, 0x10)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x6)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000340)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b189a, 0x0)
mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='./file0/file0/file0\x00', 0x0, 0x18e5811, 0x0)
mount$bind(0x0, &(0x7f0000000240)='./file0\x00', 0x0, 0x84000, 0x0)
r2 = socket$pppl2tp(0x18, 0x1, 0x1)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r2, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r3, {0x2, 0x0, @rand_addr=0x64010100}, 0x4002, 0x1}}, 0x2e)
r4 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r4, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @loopback}, 0x2, 0x1, 0x4, 0x2}}, 0x2e)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r5 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r5, 0xffffffffffffffff, &(0x7f0000b46000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000240)="9f66b9800000c00f326635008000000f300f181c0f2f0fea0000b4000f20d86635200000000f22d8643e0f01c90f01cf65640fadbf0000700e", 0x39}], 0x0, 0x13, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

1.33939557s ago: executing program 3 (id=1142):
r0 = socket$l2tp(0x2, 0x2, 0x73)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000240)='wlan0\x00', 0x10)
socket$netlink(0x10, 0x3, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
symlink(0x0, 0x0)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x48000)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = syz_usb_connect(0x0, 0x0, 0x0, 0x0)
r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
epoll_create(0x80)
syz_usb_disconnect(r2)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x8202, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x200102, 0x0)
close(r5)
r6 = fcntl$dupfd(r3, 0x406, 0xffffffffffffffff)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @random="b3ffe14e4d56"})
write$cgroup_subtree(r6, &(0x7f0000000040)=ANY=[@ANYRESDEC=r3], 0x140)
r7 = getpid()
sched_setscheduler(r7, 0x0, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000725000/0x1000)=nil, 0x1000, 0xb635773f06ebbeef, 0x10, 0xffffffffffffffff, 0x1000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
connect$unix(r8, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r9, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r8, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$nl_netfilter(0x10, 0x3, 0xc)

1.324509955s ago: executing program 0 (id=1143):
r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0)
r1 = memfd_create(&(0x7f0000000780)='\x01\xfd\xae.+\xa6\x8c\xb6?2\x199\x94S,|x?Ue[\xbd\xe1!\x033\xbc\'#\xff\x17\x9b%\xf3[d \x06\x00\x00\x00\x97A\xc2\xd8\xf0Uq!\xe4\xc4\xb1\xa2\x1c\xffC;\x94Q\r\xb6}\x9c\xecC\v\xcf\xeb\xe4\x9aR\xe5,\x82\x03\x00\x19\x8d\xe8\xc6\xb9\xe4\xb4\x99\x8a\x19\xe5\xb8\x8cx\b\x99\x04R\x05\xaf\xa2\xea5\f\xcc\x1a\x9b\x00Uf\xa5\xf7\x80Tgiz\nX\b\x91\xfd0\x8e\xb6\xa3\v#\x16\xdf\xb4\xc0\xe6\xb4\xef\xa8i\xd8\xa2\xd2(\x98\x9bA\x8f\x13\xeb\xf4b/\xef!\x8f\xf6]-\xf1k\xb62\x89gEv\x13\xf4\xc7\xb2\xf5\\\x17\x90\xb5\xa6\xa8\xb8o\x0f\xe2 \xe7\x9c$\xd7\xf2@\xf7cdv[\t\x00\x8d\xf3\xcc1\r$\x1e\xff\xf0P\xb2\x97\xb8\xbc\xeb\x91\x87\x8bu\xbf\xd4\'\xff\x1f\f\x016\x9dQ\xeeT\xe8\bY\x00\xb2\x06\xa6\xbel\x9b.o\xbe\x80\x9dx\xd5O\xd6h\\I\xc9\x8d\a\x1d\xc9k\x83\xfc\xa4\xad4\x03\xa2X\x0f\x82\xdbs\xc7\x83L\x9e\xa2\xd1\xb3\xac\x8d\xd8\xb4\xb4\xea\x90Q\xd8\xc7\xeb%\x8bOp\x1ab\x96\xcf\xbb\x15\xcf\xfcN\xed\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00s\xaf\xa2\x14]p+\x96\x1ei|n\xda\xee\\\xae\x96*\x82*\xb8j\xda\xaa\x14\x1f\x1d\xf8\xf8\xae\xfcH\xc4\xb3j\xe8\xcfO\xef\x0e\xafe\xb5*\x89\x18\xb2w\x96\b\x1by\xeaT\xdd\xb3g6\xbc\x85\xb2Y\xccv\x06\x00\x00\x00\xc5e\x90\xc51\x9f\v_# \b\xa5\xbcP,|\xe9\xd6s\x1f\x1f\xbe\xd3\x80\xb1\xa8 \xce|df\x903\v\x02\xea.\x03X\xb5\xe4,8\xb7\xadEI\xdcA\xa7\xcc\xd7\xf9n\x1b\x95\xf8\x11Z\xe6:\x03\xce\xfe\x02\x8ctdy~_oC\x9e\xef\xf0\xa2K\xe9;\x8e:\x01\x03C\x92\xeb\x16\x1c\xbf\xbe\xef\xccUxhg\xdfY\xe6\x83\xa6z\xff\x01\x9d o_{!O\xaajU\x84 \xe9\xb59r\x9cw\x18Z\xd3\xcd\x0e\xba\\\xdb\xf0\xe1\x86\t\xaf\vi\xdc\xbf?\xf5\n\xbd^\x05\xc0\xceuC}\xa8\xc7\xad\x86\xd7\x15&\xb9]1\x05J\x96\xf0\x84\xc1\f\xa6p\x96?\x00\x00\x00\x00\x00\x00\x00\x12\x88\xc8\x9c\xc9Cn\xd4\xa47V\'+\xcc\xbf\r\xa9\x10\x1d\xcf\xebKl\xcc\xa4:\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00G\xdf\xbb\xc0_\x99F\xf4n]\x14\xbc\xcd\xd3\x9f\x9fe\xc5\xe6\xe8Mb\xc6\x82\x82\xcb\xcaXe\xe1\xa2\xaa\x02\x86\xb8\x18\xe2C\xeb\xa9\x17&\x01&\'w\xa1t0\x80\xf0\x93\x80\x9f\x9b\xe0\x9f\xea\xb9\x9eD]#V\xda\x92\xca\xc6\xfa.\xd6\xe31\xfe\xe8\x02\xebX\xbd\nz\x01O\xd3r\xa2\xa9u\x93>m\xd7q\'\xdf\xfajo\xd8n\xa7\xecJi\xde\xdf\x7f\xe3\xc4*Z 4\xe8S$\xa1H=\xdf\x05\xf3\xc3T\xd1\xdd\xc6f\xa4\xb4\x96\\\xa0\xf9\x0f\x17\x11{\xb6\x9d\xd21\xc1\x90Vj\x13r\x00\x00\xde\x03\xab\xff\x8as0\xc6E\xca\"\xd9*\x9a\x15\xb95r\x8f\xaaj\x82\xd6\xd2%\xed\xa2WQ\xec2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xccX\xfdRB\xffU\xe9\xfa\x1f\xf6\xce\b\xde@\x061\xc6z\xe4\xe0\xc9?\xa7\x94>\x9c\xd1\xa5o\x04\xaaim\xae\xfe\xc7f\xa3\x96\xd7\xb4c)r{\r#\xddI&\n\xf2\xec\xd4\xff\x9f\x136zZ-2\x80\xfbH+\x9b8\xf3\xed\xdf\xa2my\xb28c[\xc3\xfe\xb5M\x84\x97\xa5\'s\xe9\xdc=)I\xabLt2\x9c\v\xd9S', 0x6)
fcntl$addseals(r1, 0x409, 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x300000a, 0x1010, r1, 0x0)
ioctl$VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x201, 0x9, 0x4, 0x0, 0x9})
ioctl$VIDIOC_S_STD(r0, 0x40085618, &(0x7f0000000000)=0x200000)
r2 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
write$P9_RRENAME(r2, &(0x7f00000000c0)={0x7, 0x15, 0x1}, 0x7)

1.152152905s ago: executing program 2 (id=1144):
r0 = socket$netlink(0x10, 0x3, 0xa)
r1 = socket(0x10, 0x3, 0x0) (async)
r2 = syz_open_dev$usbfs(&(0x7f0000000180), 0x205, 0x2581)
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x24}}, 0x0) (async)
getsockname$packet(r1, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) (async)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4800000010000507000000000000000016000000", @ANYRESHEX=r2, @ANYBLOB="0000000200000000280012000c00010076657468"], 0x48}}, 0x0) (async)
bpf$PROG_LOAD(0x5, 0x0, 0x0) (async)
bpf$PROG_LOAD(0x5, 0x0, 0x0) (async)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) (async)
r3 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
fsmount(r3, 0x0, 0x80) (async)
prlimit64(0x0, 0x6, &(0x7f00000000c0)={0x8, 0x6}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) (async)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) (async)
sendmmsg$unix(r5, &(0x7f00000001c0), 0xfffffffffffffeb3, 0x448c0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
unshare(0x2a020400) (async)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000880), 0x0, 0x0) (async)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_NEW(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="5800000000090101000000000000000000000000100004800800014000000004240002000c0002800500010a0000000014000280080001000000000008000200ac1414000800"], 0x58}, 0x1, 0x0, 0x0, 0x24006084}, 0x0)
r7 = msgget$private(0x0, 0x0)
msgsnd(r7, &(0x7f0000000480)=ANY=[], 0x2000, 0x0)

1.084142245s ago: executing program 1 (id=1145):
mount(&(0x7f0000000280)=@nullb, &(0x7f0000000240)='./cgroup\x00', &(0x7f00000002c0)='f2fs\x00', 0x1800, &(0x7f0000000000)='discard')
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000780)='devpts\x00', 0x0, 0x0)
mount$binder(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x28, &(0x7f0000000400)={[{}]})
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='mountinfo\x00')
sendfile(r0, r0, &(0x7f0000000000)=0x2eb4, 0x2000007ff)
r1 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0x0, @host}, 0x10, 0x80800)
setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT_OLD(r1, 0x28, 0x6, &(0x7f00000001c0), 0x10)
pipe(&(0x7f0000000600)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
io_setup(0x3ff, &(0x7f0000000500)=<r3=>0x0)
close(0x3)
io_submit(r3, 0x1, &(0x7f0000000300)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f00000001c0)='m', 0x1}])
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000002c0)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x16, 0xc, &(0x7f00000000c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}}]}, &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x3)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r6, 0x0, 0x10, 0x38, &(0x7f00000006c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000700)=""/8, 0x60ff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)

1.070063725s ago: executing program 0 (id=1146):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000980)=ANY=[@ANYBLOB="12010000b1bd2f087d0403508c2f010203010902120001000000000904"], 0x0) (async)
r1 = syz_usb_connect$cdc_ecm(0x0, 0x70, &(0x7f0000000000)={{0x12, 0x1, 0x110, 0x2, 0x0, 0x0, 0xa7, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5e, 0x1, 0x1, 0x80, 0x20, 0x6, [{{0x9, 0x4, 0x0, 0x2, 0x2, 0x2, 0x6, 0x0, 0x16, {{0xa, 0x24, 0x6, 0x0, 0x0, "e7bb0c04db"}, {0x5, 0x24, 0x0, 0x617b}, {0xd, 0x24, 0xf, 0x1, 0x0, 0x8, 0x2, 0x1}, [@mdlm={0x15, 0x24, 0x12, 0x2}]}, {[{{0x9, 0x5, 0x81, 0x3, 0x400, 0x1, 0x2e, 0x37}}], {{0x9, 0x5, 0x82, 0x2, 0x40, 0x0, 0x8, 0x2}}, {{0x9, 0x5, 0x3, 0x2, 0x40, 0x49, 0xe, 0x3}}}}}]}}]}}, &(0x7f0000000300)={0xa, &(0x7f0000000080)={0xa, 0x6, 0x201, 0x9d, 0x2, 0x1, 0xff, 0xe}, 0x8, &(0x7f0000000100)={0x5, 0xf, 0x8, 0x1, [@ptm_cap={0x3}]}, 0x6, [{0x5b, &(0x7f0000000140)=@string={0x5b, 0x3, "ac1c6472498be8d2254854d0cbbd7419ee618187145837187f5b39f55808d3b00ba5ec7ee864e89bcba64482b82fdbfae689c5a3ea30e2e6b612fa7e1a89e4358af5bf5dae8bbeac77c53b98ab696a27a368ddd4c3b1410201"}}, {0x4, &(0x7f00000001c0)=@lang_id={0x4, 0x3, 0x2809}}, {0x34, &(0x7f0000000200)=@string={0x34, 0x3, "a3886f6d0fb7fd76ef0817b96bfc98df24c24e1a6429fab5fbbe28c455629a88ac3324a7f374fd79c76c1791a7dd298b4178"}}, {0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x40b}}, {0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0x480a}}, {0x4, &(0x7f00000002c0)=@lang_id={0x4, 0x3, 0x1}}]})
syz_usb_control_io$cdc_ecm(r1, &(0x7f0000000380)={0x14, &(0x7f00000000c0)=ANY=[], 0x0}, 0x0) (async)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0) (async, rerun: 64)
getsockopt(0xffffffffffffffff, 0x111, 0x5, 0x0, 0x0) (rerun: 64)

500.049447ms ago: executing program 2 (id=1147):
openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0)
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f00000000c0)=0xa0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000040)={@host})
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSIGACCEPT(r1, 0x4bfa, 0x41)
ioctl$IOCTL_VMCI_DATAGRAM_SEND(r0, 0x7ab, &(0x7f00000001c0)={&(0x7f0000000540)={{@host, 0xffffffff}, {@local, 0x1}, 0x400, "d49e0b1f09a3e05cb898141464441748655937bb34d22f02362479246bb6372d891a3b5dafa58a6abc5a678d6874fc8fb5f8a529c6e30103484f2667c174fb6cda19ea0a9301bc3238eb816e9c3882f243bcd4bd7115b26dacf5923f060498d471cb4f789562fcda119739dd1a5b0e4e1a4a64dbd7b398bd4e7a247d81f968f2e945f293fc3860bf11f0424193fce743067d27f0ac187b44b128a4999547f73d8c35d3c2bd8b51bbc9a31123f773be89e109cc71b8ec29a539083c0cba15b08933865e3e154c28b3c4e2ebe360ac44f942a703b9a3a37fbbefe9ae0de04a32336a6eba07b2fb6ad426d56e17291bb1a9d1fcdaa939378bab6dd2eac37b369ef163c9e0fc8039352c24d8147fcc2e2559b47066abd21a3a5f83f239a2227d17d4ca90f60ed9acc243ed38818e3883a985106b54dc157b67022525a74e8f9cb99852760359278d5d22294a70433ba4cec5147fbb09b1d0008ba76257f1c5af6b8d6bf3bcfd5a468a566a4e98fe5f264f2663b72cb421c90d8b7883ddfb5749b27a3e146f9d8538706fea61b07c6e064446337439b9d5a5dc82f6c63c57d6ba0e709b7c1b15fa8367f8e6df2cf59b0b30740ef47c5cccffce5911569591ce4ab62275964cd147e87a30cc6e71f7e40e161997cdbadcfbfb6c54e0289ac137508b7b5339414e4ab7afcc420148e37d49b664cc07c8178a3b50f566c5bdd3aa9217ef909805972bd63ee1d729b282cd866c183744b20da3227f9d43843236b571c8d3237408c266e08d0699ebd30e0820362664ab323b15d3ae9896d6120aae6ef9085f53a2b39cc31238b031476c86e6b16d7703fcbacc7269ce8622eab1cfdf82a364209ec4ac912db924bb76bc35ddf8d0e7a3aff0d08a48c07be47303b59653d9409f14dc59ac33cae5e010466f54d86772e43e3680863bb9bf10c971f16a731e601d7fcdbb91d7146e7834d89059ad522d70398c2bacf113ed791e32f933dfa23f5d6d11bfc9d9e0f04a34b0eddd99d16cd9712485e0a5c9aaf1ebf3f14d00005f8960b6145cbb7d4522692ebe1f9491f87a29ed67c5fb60f5e69bde2a758742999fc986a2dbf6199977e9b446691bf9f95d0abd84557c77ea13356c977d0f098ab9fec85acbd6447f2e6893e2fa6a0a7b272dab66e69b7def48f8b3583a53a0941fb3e4367fa8d56e05ee3b265f17ca0439fcdcea276f7f0a9bf4c2a324d7143658007cf4019e8da69ba1b7dff4383714cbcb71dfe6f1b1ac5d5e99394cb2c360ddb1889d92cd36f8fc72ac865f1c6445957b2a57c1af59ef8d2e9fe328ec2bde763d65c4dea965042f540515bf2f879d1b26309ebc1d7f76c569fa88fbe61845e96e93d3b6025b6285777e59495943596c128fdacc545263ce458bf99f57d7e5dc77f65cf650902b5b6d5af9359334759843365bf0dfb244817a40e8cc9030"}, 0x418, 0x8})
r2 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f00020000000905050200de7e001009058b1e20"], 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040))
io_uring_enter(0xffffffffffffffff, 0x46f3, 0x0, 0x0, 0x0, 0x0)
close(0x3)
syz_usb_control_io(r2, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r3 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
bind$x25(r3, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
io_uring_register$IORING_REGISTER_RING_FDS(0xffffffffffffffff, 0x13, &(0x7f0000001bc0), 0x2)
r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
write(r3, &(0x7f0000000000)="13f955f53b60b81303d6f0033c726292f4f39de7fc7020679905dfa33a08cb65bb5b8c760e838acc447cdb61721bcbd25b93", 0x32)
openat$drirender128(0xffffffffffffff9c, 0x0, 0x200440, 0x0)

119.294109ms ago: executing program 4 (id=1148):
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0) (async)
sched_setaffinity(0x0, 0x0, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0) (async)
r0 = fsopen(&(0x7f00000000c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) (async)
r1 = fsmount(r0, 0x1, 0x0)
fchdir(r1) (async)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000040), 0x208e24b) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$team(&(0x7f00000044c0), 0xffffffffffffffff) (async)
ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000004700)={'team0\x00', <r5=>0x0}) (async)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
read$FUSE(0xffffffffffffffff, 0x0, 0x0) (async)
sendmsg$TEAM_CMD_OPTIONS_SET(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="19922cbd7000fddbdf250100000008000100", @ANYRES32=r5, @ANYBLOB="400002803c000100240001006270665f686173685f66756e6300000000000000000000000000000000000000050003000b0000000c0004000300040506000000"], 0x5c}, 0x1, 0x0, 0x0, 0x4000}, 0x400c0) (async)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r7) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) (async, rerun: 64)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (rerun: 64)

0s ago: executing program 4 (id=1149):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f00000014c0), r0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_LLSEC_SETPARAMS(r2, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x0, 0x800, 0x70bd27, 0x25dfdbff, {}, [@IEEE802154_ATTR_LLSEC_KEY_MODE={0xfffffffffffffdb9, 0x2b, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40040}, 0x30000010)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000ec0)=@raw={'raw\x00', 0x8, 0x3, 0x6e8, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x618, 0xffffffff, 0xffffffff, 0x618, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0x330, 0x358, 0x0, {}, [@common=@unspec=@bpf1={{0x230}, @pinned={0x1, 0x0, 0x0, './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa', {0x6}}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00'}, 0x0, 0x258, 0x2c0, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0xc4, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0xffffffffffffffff, 0x0, 0x41, 0x0, 0x2, 0x1000, 0x6, 0x3}}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x8000, 0x16a, 0x1, 'syz1\x00', 'syz0\x00', {0x80000001}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x748)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
r6 = syz_io_uring_setup(0x497, &(0x7f0000000180)={0x0, 0x4885, 0x100, 0x3, 0x1d}, &(0x7f00000000c0)=<r7=>0x0, &(0x7f0000000600)=<r8=>0x0)
io_uring_register$IORING_REGISTER_PBUF_RING(r6, 0x16, &(0x7f0000000040)={&(0x7f0000002000)={[{0x0, 0x0, 0x3, 0xf4}]}, 0x1, 0x1}, 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r7, r8, &(0x7f00000002c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x10, r5, 0x0, 0x0, 0x0, 0x40002202, 0x1, {0x1}})
io_uring_enter(r6, 0x3516, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080), 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001040)={0x3, 0x11, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000be07000000000000000000008500000029000000b7080000000000007b8af8ff00000000b7080000800000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="0000000000000000b70500000000000085000000a500000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x40, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x101}, 0x94)
sendmsg$NLBL_CALIPSO_C_LIST(r0, &(0x7f0000001580)={0x0, 0x0, &(0x7f0000001540)={&(0x7f0000001500)={0x1c, r1, 0x1, 0x70bd29, 0x25dfdbff, {}, [@NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x4004)

kernel console output (not intermixed with test programs):

R12: 0000000000000001
[  279.165089][ T8281] R13: 00007f0eff1e6218 R14: 00007f0eff1e6180 R15: 00007ffd5cf6fd78
[  279.165113][ T8281]  </TASK>
[  279.454619][ T8282] FAULT_INJECTION: forcing a failure.
[  279.454619][ T8282] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  279.472711][ T8282] CPU: 0 UID: 0 PID: 8282 Comm: syz.2.573 Not tainted syzkaller #0 PREEMPT(full) 
[  279.472743][ T8282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  279.472756][ T8282] Call Trace:
[  279.472763][ T8282]  <TASK>
[  279.472771][ T8282]  dump_stack_lvl+0x16c/0x1f0
[  279.472812][ T8282]  should_fail_ex+0x512/0x640
[  279.472846][ T8282]  _copy_to_user+0x32/0xd0
[  279.472877][ T8282]  simple_read_from_buffer+0xcb/0x170
[  279.472907][ T8282]  proc_fail_nth_read+0x197/0x240
[  279.472932][ T8282]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  279.472953][ T8282]  ? rw_verify_area+0xcf/0x6c0
[  279.472990][ T8282]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  279.473010][ T8282]  vfs_read+0x1e4/0xcf0
[  279.473035][ T8282]  ? __pfx___mutex_lock+0x10/0x10
[  279.473063][ T8282]  ? __pfx_vfs_read+0x10/0x10
[  279.473093][ T8282]  ? __fget_files+0x20e/0x3c0
[  279.473128][ T8282]  ksys_read+0x12a/0x250
[  279.473150][ T8282]  ? __pfx_ksys_read+0x10/0x10
[  279.473179][ T8282]  do_syscall_64+0xcd/0xf80
[  279.473206][ T8282]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  279.473227][ T8282] RIP: 0033:0x7fb19a38e15c
[  279.473242][ T8282] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  279.473260][ T8282] RSP: 002b:00007fb19b1a8030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  279.473280][ T8282] RAX: ffffffffffffffda RBX: 00007fb19a5e6090 RCX: 00007fb19a38e15c
[  279.473293][ T8282] RDX: 000000000000000f RSI: 00007fb19b1a80a0 RDI: 0000000000000004
[  279.473304][ T8282] RBP: 00007fb19b1a8090 R08: 0000000000000000 R09: 0000000000000000
[  279.473313][ T8282] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  279.473324][ T8282] R13: 00007fb19a5e6128 R14: 00007fb19a5e6090 R15: 00007ffef7774538
[  279.473350][ T8282]  </TASK>
[  279.888465][   T24] gspca_stv0680: usb_control_msg error 2, request = 0x6, error = -71
[  279.904040][   T24] gspca_stv0680: usb_control_msg error 0, request = 0x80, error = -71
[  279.974928][ T8293] vivid-000: =================  START STATUS  =================
[  279.983787][ T8293] vivid-000: Generate PTS: true
[  279.989183][ T8293] vivid-000: Generate SCR: true
[  279.994479][ T8293] tpg source WxH: 720x576 (Y'CbCr)
[  279.999853][ T8293] tpg field: 4
[  280.003355][ T8293] tpg crop: (0,0)/720x576
[  280.007715][ T8293] tpg compose: (0,0)/720x576
[  280.012514][ T8293] tpg colorspace: 1
[  280.017442][ T8293] tpg transfer function: 0/0
[  280.022134][ T8293] tpg Y'CbCr encoding: 0/0
[  280.027721][ T8293] tpg quantization: 0/0
[  280.034168][ T8293] tpg RGB range: 0/2
[  280.035711][   T24] stv0680 2-1:4.0: last error: 86,  command = 0x78
[  280.046015][ T8293] vivid-000: ==================  END STATUS  ==================
[  280.192352][   T24] usb 2-1: USB disconnect, device number 16
[  280.553454][ T8300] FAULT_INJECTION: forcing a failure.
[  280.553454][ T8300] name failslab, interval 1, probability 0, space 0, times 0
[  280.607310][ T8300] CPU: 1 UID: 0 PID: 8300 Comm: syz.2.581 Not tainted syzkaller #0 PREEMPT(full) 
[  280.607342][ T8300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  280.607354][ T8300] Call Trace:
[  280.607362][ T8300]  <TASK>
[  280.607370][ T8300]  dump_stack_lvl+0x16c/0x1f0
[  280.607407][ T8300]  should_fail_ex+0x512/0x640
[  280.607437][ T8300]  ? fs_reclaim_acquire+0xae/0x150
[  280.607468][ T8300]  should_failslab+0xc2/0x120
[  280.607496][ T8300]  __kmalloc_noprof+0xeb/0x910
[  280.607527][ T8300]  ? tomoyo_encode2+0x100/0x3e0
[  280.607580][ T8300]  ? tomoyo_encode2+0x100/0x3e0
[  280.607603][ T8300]  tomoyo_encode2+0x100/0x3e0
[  280.607631][ T8300]  tomoyo_encode+0x29/0x50
[  280.607655][ T8300]  tomoyo_realpath_from_path+0x18f/0x6e0
[  280.607689][ T8300]  tomoyo_path_number_perm+0x245/0x580
[  280.607709][ T8300]  ? tomoyo_path_number_perm+0x237/0x580
[  280.607733][ T8300]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  280.607762][ T8300]  ? find_held_lock+0x2b/0x80
[  280.607815][ T8300]  ? find_held_lock+0x2b/0x80
[  280.607841][ T8300]  ? hook_file_ioctl_common+0x144/0x410
[  280.607876][ T8300]  ? __fget_files+0x20e/0x3c0
[  280.607909][ T8300]  security_file_ioctl+0x9b/0x240
[  280.607937][ T8300]  __x64_sys_ioctl+0xb7/0x210
[  280.607963][ T8300]  do_syscall_64+0xcd/0xf80
[  280.607988][ T8300]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  280.608007][ T8300] RIP: 0033:0x7fb19a38f749
[  280.608022][ T8300] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  280.608041][ T8300] RSP: 002b:00007fb19b1c9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  280.608061][ T8300] RAX: ffffffffffffffda RBX: 00007fb19a5e5fa0 RCX: 00007fb19a38f749
[  280.608073][ T8300] RDX: 00002000000002c0 RSI: 00000000c0d05604 RDI: 0000000000000003
[  280.608086][ T8300] RBP: 00007fb19b1c9090 R08: 0000000000000000 R09: 0000000000000000
[  280.608097][ T8300] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  280.608108][ T8300] R13: 00007fb19a5e6038 R14: 00007fb19a5e5fa0 R15: 00007ffef7774538
[  280.608134][ T8300]  </TASK>
[  280.608246][ T8300] ERROR: Out of memory at tomoyo_realpath_from_path.
[  281.030009][ T5880] usbhid 4-1:0.0: can't add hid device: -71
[  281.037465][ T5880] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  281.048559][ T5880] usb 4-1: USB disconnect, device number 19
[  281.517826][ T8311] netlink: 4 bytes leftover after parsing attributes in process `syz.0.582'.
[  282.024598][   T10] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  282.255416][   T10] usb 1-1: Using ep0 maxpacket: 8
[  282.274586][   T10] usb 1-1: too many endpoints for config 0 interface 0 altsetting 250: 255, using maximum allowed: 30
[  282.289707][   T10] usb 1-1: config 0 interface 0 altsetting 250 has 1 endpoint descriptor, different from the interface descriptor's value: 255
[  282.303366][   T10] usb 1-1: config 0 interface 0 has no altsetting 0
[  282.310406][   T10] usb 1-1: New USB device found, idVendor=1770, idProduct=ff00, bcdDevice= 0.00
[  282.340907][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  282.363052][   T10] usb 1-1: config 0 descriptor??
[  282.431989][ T8329] 9p: Bad value for 'wfdno'
[  282.686992][ T5985] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  283.352573][   T30] kauditd_printk_skb: 6 callbacks suppressed
[  283.352596][   T30] audit: type=1400 audit(2000000116.517:608): avc:  denied  { audit_read } for  pid=8316 comm="syz.0.586" capability=37  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  283.420638][ T5985] usb 5-1: config 1 has an invalid interface number: 7 but max is 0
[  283.435042][ T8342] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  283.459193][ T5985] usb 5-1: config 1 has no interface number 0
[  283.465709][   T89] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  283.478234][ T5985] usb 5-1: config 1 interface 7 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B
[  283.500998][ T5985] usb 5-1: config 1 interface 7 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64
[  283.520080][ T5985] usb 5-1: config 1 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  283.537483][ T8342] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  283.557218][ T5985] usb 5-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00
[  283.569825][ T5985] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  283.593166][ T8342] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  283.609227][ T5985] usb 5-1: Product: syz
[  283.613743][ T5985] usb 5-1: Manufacturer: syz
[  283.620090][ T5985] usb 5-1: SerialNumber: syz
[  283.636024][   T89] usb 2-1: config 1 has an invalid interface number: 81 but max is 0
[  283.644216][   T89] usb 2-1: config 1 has no interface number 0
[  283.653190][   T89] usb 2-1: New USB device found, idVendor=0b48, idProduct=2003, bcdDevice=78.61
[  283.666539][   T89] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  283.674676][ T8326] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  283.684930][   T89] usb 2-1: Product: syz
[  283.701996][ T8342] bond0: (slave netdevsim0): Releasing backup interface
[  283.713257][ T8342] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  283.731277][   T89] usb 2-1: Manufacturer: syz
[  283.737475][   T89] usb 2-1: SerialNumber: syz
[  283.750134][   T24] usb 4-1: new full-speed USB device number 20 using dummy_hcd
[  283.780168][   T49] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  283.839677][   T89] ttusbir 2-1:1.81: cannot find expected altsetting
[  283.849624][ T3951] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  283.867821][ T3951] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  283.885992][ T3951] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  283.930131][ T8326] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  283.953078][   T30] audit: type=1400 audit(2000000117.415:609): avc:  denied  { setopt } for  pid=8347 comm="syz.2.596" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  283.979681][   T24] usb 4-1: config 0 has an invalid interface number: 8 but max is 0
[  283.987985][   T24] usb 4-1: config 0 has no interface number 0
[  283.994097][   T24] usb 4-1: config 0 interface 8 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  284.005890][   T24] usb 4-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  284.017002][   T24] usb 4-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  284.028489][   T24] usb 4-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.04
[  284.039863][   T24] usb 4-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  284.049043][   T24] usb 4-1: Product: syz
[  284.056600][   T24] usb 4-1: SerialNumber: syz
[  285.300627][   T10] usbhid 1-1:0.0: can't add hid device: -71
[  285.307649][   T10] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  285.335500][   T10] usb 1-1: USB disconnect, device number 14
[  285.340315][ T8355] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  285.351179][ T8355] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  285.374770][   T24] usb 4-1: config 0 descriptor??
[  285.383220][   T24] cm109 4-1:0.8: invalid payload size 0, expected 4
[  285.396166][   T24] input: CM109 USB driver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.8/input/input18
[  285.409620][   T89] usb 2-1: USB disconnect, device number 17
[  285.498231][ T8355] ubi: mtd0 is already attached to ubi31
[  285.506469][ T5985] usb 5-1: Incompatible driver and firmware versions
[  285.644211][   T30] audit: type=1400 audit(2000000119.005:610): avc:  denied  { append } for  pid=8344 comm="syz.3.595" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  286.233320][ T8364] netlink: 35 bytes leftover after parsing attributes in process `syz.2.598'.
[  286.283906][   T30] audit: type=1400 audit(2000000119.585:611): avc:  denied  { write } for  pid=8358 comm="syz.2.598" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  287.205080][    C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[  287.214827][    C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[  287.222152][    C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[  287.229324][    C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[  287.236474][    C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[  287.243575][    C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[  287.250681][    C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[  287.257917][    C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[  287.265218][    C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[  287.272753][    C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[  287.280038][ T6594] usb 4-1: USB disconnect, device number 20
[  287.280075][    C1] cm109 4-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[  287.341853][ T6594] cm109 4-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[  287.722213][ T6594] usb 5-1: USB disconnect, device number 18
[  288.570533][ T8382] netlink: 24 bytes leftover after parsing attributes in process `syz.3.605'.
[  288.643927][ T8382] netlink: 24 bytes leftover after parsing attributes in process `syz.3.605'.
[  289.587005][   T30] audit: type=1326 audit(2000000122.681:612): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8398 comm="syz.0.602" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce4bd8f749 code=0x7ffc0000
[  289.805404][   T30] audit: type=1326 audit(2000000122.681:613): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8398 comm="syz.0.602" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce4bd8f749 code=0x7ffc0000
[  290.103265][   T30] audit: type=1326 audit(2000000122.719:614): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8398 comm="syz.0.602" exe="/root/syz-executor" sig=0 arch=c000003e syscall=439 compat=0 ip=0x7fce4bd8f749 code=0x7ffc0000
[  290.206602][   T30] audit: type=1326 audit(2000000122.719:615): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8398 comm="syz.0.602" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce4bd8f749 code=0x7ffc0000
[  290.264852][   T30] audit: type=1326 audit(2000000122.719:616): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8398 comm="syz.0.602" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce4bd8f749 code=0x7ffc0000
[  290.324881][   T30] audit: type=1326 audit(2000000122.719:617): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8398 comm="syz.0.602" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7fce4bd8f749 code=0x7ffc0000
[  290.972273][   T30] audit: type=1326 audit(2000000122.719:618): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8398 comm="syz.0.602" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce4bd8f749 code=0x7ffc0000
[  291.129138][   T30] audit: type=1326 audit(2000000122.728:619): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8398 comm="syz.0.602" exe="/root/syz-executor" sig=0 arch=c000003e syscall=47 compat=0 ip=0x7fce4bd8f749 code=0x7ffc0000
[  291.207828][   T30] audit: type=1326 audit(2000000122.728:620): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8398 comm="syz.0.602" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce4bd8f749 code=0x7ffc0000
[  291.264446][   T30] audit: type=1326 audit(2000000122.728:621): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8398 comm="syz.0.602" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fce4bd8df90 code=0x7ffc0000
[  292.809005][ T5826] Bluetooth: hci2: ISO packet for unknown connection handle 3539
[  292.830861][ T8446] net_ratelimit: 2 callbacks suppressed
[  292.830889][ T8446] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check.
[  292.967835][ T8451] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[  293.237655][ T4224] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  298.043845][   T30] kauditd_printk_skb: 11 callbacks suppressed
[  298.043885][   T30] audit: type=1400 audit(2000000130.605:633): avc:  denied  { create } for  pid=8490 comm="syz.2.631" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  299.912079][ T8522] netlink: 'syz.3.636': attribute type 1 has an invalid length.
[  299.912201][ T8522] netlink: 24 bytes leftover after parsing attributes in process `syz.3.636'.
[  300.148511][ T8515] netlink: 100 bytes leftover after parsing attributes in process `syz.4.637'.
[  300.292102][ T8533] netlink: 'syz.1.640': attribute type 30 has an invalid length.
[  300.361858][ T8534] netlink: 'syz.0.639': attribute type 30 has an invalid length.
[  300.419687][ T8536] netlink: 'syz.0.639': attribute type 30 has an invalid length.
[  301.681139][   T24] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  301.842747][   T30] audit: type=1400 audit(2000000134.019:634): avc:  denied  { ioctl } for  pid=8543 comm="syz.1.644" path="socket:[19480]" dev="sockfs" ino=19480 ioctlcmd=0x1501 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  302.014443][   T24] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  302.383844][   T24] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  302.415280][   T24] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  302.435744][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  302.455102][   T24] usb 5-1: config 0 descriptor??
[  302.486568][ T8552] SET target dimension over the limit!
[  305.048096][ T8578] netlink: 'syz.1.652': attribute type 30 has an invalid length.
[  305.125495][ T8579] netlink: 'syz.1.652': attribute type 30 has an invalid length.
[  305.351923][   T58] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  305.627550][   T58] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  305.654941][   T58] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  305.689754][ T8580] bridge0: port 3(gretap0) entered blocking state
[  305.733550][   T58] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[  305.815837][   T58] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  305.839898][ T8580] bridge0: port 3(gretap0) entered disabled state
[  305.873727][ T6591] usb 5-1: USB disconnect, device number 19
[  305.916781][   T58] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  306.024856][ T8580] gretap0: entered allmulticast mode
[  306.039973][   T58] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  306.058887][ T8580] gretap0: entered promiscuous mode
[  306.069577][   T58] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  306.125031][   T58] usb 4-1: Product: syz
[  306.137193][   T58] usb 4-1: Manufacturer: syz
[  306.142387][ T8580] bridge0: port 3(gretap0) entered blocking state
[  306.148964][ T8580] bridge0: port 3(gretap0) entered forwarding state
[  306.188362][   T58] cdc_wdm 4-1:1.0: skipping garbage
[  306.210339][   T58] cdc_wdm 4-1:1.0: skipping garbage
[  306.233093][   T58] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device
[  306.241107][   T58] cdc_wdm 4-1:1.0: Unknown control protocol
[  306.411704][   T10] usb 4-1: USB disconnect, device number 21
[  306.727060][   T30] audit: type=1400 audit(2000000003.732:635): avc:  denied  { append } for  pid=8603 comm="syz.0.659" name="rtc0" dev="devtmpfs" ino=921 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  306.916229][   T24] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  307.153431][   T30] audit: type=1400 audit(2000000003.732:636): avc:  denied  { ioctl } for  pid=8603 comm="syz.0.659" path="/dev/rtc0" dev="devtmpfs" ino=921 ioctlcmd=0x7007 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  307.178251][   T30] audit: type=1400 audit(2000000003.797:637): avc:  denied  { connect } for  pid=8599 comm="syz.4.658" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  307.180389][   T24] usb 2-1: config 0 has an invalid interface number: 48 but max is 0
[  307.259390][   T24] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  307.289616][   T24] usb 2-1: config 0 has no interface number 0
[  307.297357][   T24] usb 2-1: too many endpoints for config 0 interface 48 altsetting 48: 48, using maximum allowed: 30
[  307.308566][   T24] usb 2-1: config 0 interface 48 altsetting 48 has 0 endpoint descriptors, different from the interface descriptor's value: 48
[  307.487357][   T24] usb 2-1: config 0 interface 48 has no altsetting 0
[  307.494220][   T24] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  307.503275][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  307.522728][   T24] usb 2-1: config 0 descriptor??
[  307.825077][   T58] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  308.122457][   T58] usb 1-1: New USB device found, idVendor=0572, idProduct=cb01, bcdDevice=26.65
[  308.251634][ T8601] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  308.664204][   T58] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  308.744897][   T58] usb 1-1: Product: syz
[  308.746521][   T30] audit: type=1400 audit(2000000005.565:638): avc:  denied  { bind } for  pid=8612 comm="syz.4.662" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  308.749212][   T58] usb 1-1: Manufacturer: syz
[  308.769191][ T8601] batadv_slave_0: entered promiscuous mode
[  308.774876][   T58] usb 1-1: SerialNumber: syz
[  308.792330][   T58] usb 1-1: config 0 descriptor??
[  308.826774][   T24] usb 2-1: string descriptor 0 read error: -32
[  308.949076][ T8620] syzkaller0: entered promiscuous mode
[  308.965926][ T8620] syzkaller0: entered allmulticast mode
[  308.979933][ T8619] tipc: Started in network mode
[  309.000605][ T8619] tipc: Node identity 0a6a0b81486e, cluster identity 4711
[  309.008073][ T8619] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  309.043761][   T58] usb 1-1: ignoring: probably an ADSL modem
[  309.066722][ T8619] tipc: Resetting bearer <eth:syzkaller0>
[  309.484328][ T8619] tipc: Disabling bearer <eth:syzkaller0>
[  309.693462][ T8601] netlink: 'syz.1.657': attribute type 3 has an invalid length.
[  309.868200][ T8601] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  309.868607][ T8601] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  311.287070][   T24] usb 2-1: USB disconnect, device number 18
[  311.580720][   T58] cxacru 1-1:0.0: usbatm_usb_probe: bind failed: -19!
[  311.640683][   T58] usb 1-1: USB disconnect, device number 15
[  311.776820][ T8652] netlink: 'syz.0.672': attribute type 32 has an invalid length.
[  311.784973][ T8652] netlink: 12 bytes leftover after parsing attributes in process `syz.0.672'.
[  312.036795][   T24] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  313.137785][   T24] usb 2-1: Using ep0 maxpacket: 16
[  313.327362][   T30] audit: type=1326 audit(2000000009.784:639): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8664 comm="syz.3.676" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa075d8f749 code=0x7ffc0000
[  313.412221][   T30] audit: type=1326 audit(2000000009.784:640): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8664 comm="syz.3.676" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa075d8f749 code=0x7ffc0000
[  313.436379][   T30] audit: type=1326 audit(2000000009.803:641): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8664 comm="syz.3.676" exe="/root/syz-executor" sig=0 arch=c000003e syscall=439 compat=0 ip=0x7fa075d8f749 code=0x7ffc0000
[  313.460152][   T24] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  313.469423][   T24] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  313.526002][   T30] audit: type=1326 audit(2000000009.803:642): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8664 comm="syz.3.676" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa075d8f749 code=0x7ffc0000
[  313.551019][   T24] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  313.560496][   T30] audit: type=1326 audit(2000000009.803:643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8664 comm="syz.3.676" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa075d8f749 code=0x7ffc0000
[  313.626964][   T24] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  313.639861][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  313.650464][   T24] usb 2-1: Product: syz
[  313.657391][   T24] usb 2-1: Manufacturer: syz
[  313.662616][   T30] audit: type=1326 audit(2000000009.812:644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8664 comm="syz.3.676" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7fa075d8f749 code=0x7ffc0000
[  313.690892][   T24] usb 2-1: SerialNumber: syz
[  313.808943][   T30] audit: type=1326 audit(2000000009.812:645): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8664 comm="syz.3.676" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa075d8f749 code=0x7ffc0000
[  313.876232][   T30] audit: type=1326 audit(2000000009.812:646): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8664 comm="syz.3.676" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa075d8f749 code=0x7ffc0000
[  314.131889][   T30] audit: type=1326 audit(2000000009.822:647): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8664 comm="syz.3.676" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7fa075d8f749 code=0x7ffc0000
[  314.190277][   T24] usb 2-1: 0:2 : does not exist
[  314.230723][   T30] audit: type=1326 audit(2000000009.822:648): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8664 comm="syz.3.676" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa075d8f749 code=0x7ffc0000
[  314.303676][ T8680] FAULT_INJECTION: forcing a failure.
[  314.303676][ T8680] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  314.321059][ T8680] CPU: 0 UID: 0 PID: 8680 Comm: syz.3.679 Not tainted syzkaller #0 PREEMPT(full) 
[  314.321093][ T8680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  314.321122][ T8680] Call Trace:
[  314.321129][ T8680]  <TASK>
[  314.321137][ T8680]  dump_stack_lvl+0x16c/0x1f0
[  314.321172][ T8680]  should_fail_ex+0x512/0x640
[  314.321222][ T8680]  _copy_from_user+0x2e/0xd0
[  314.321251][ T8680]  memdup_user+0x6b/0xe0
[  314.321275][ T8680]  strndup_user+0x78/0xe0
[  314.321294][ T8680]  __x64_sys_mount+0x17f/0x310
[  314.321315][ T8680]  ? __pfx___x64_sys_mount+0x10/0x10
[  314.321338][ T8680]  do_syscall_64+0xcd/0xf80
[  314.321365][ T8680]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  314.321387][ T8680] RIP: 0033:0x7fa075d8f749
[  314.321402][ T8680] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  314.321421][ T8680] RSP: 002b:00007fa076b95038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  314.321441][ T8680] RAX: ffffffffffffffda RBX: 00007fa075fe5fa0 RCX: 00007fa075d8f749
[  314.321453][ T8680] RDX: 00002000000000c0 RSI: 0000200000000040 RDI: 0000200000000140
[  314.321465][ T8680] RBP: 00007fa076b95090 R08: 0000000000000000 R09: 0000000000000000
[  314.321476][ T8680] R10: 0000000000200000 R11: 0000000000000246 R12: 0000000000000001
[  314.321486][ T8680] R13: 00007fa075fe6038 R14: 00007fa075fe5fa0 R15: 00007fff57064ab8
[  314.321509][ T8680]  </TASK>
[  314.550297][ T8652] netlink: 8 bytes leftover after parsing attributes in process `syz.0.672'.
[  315.197284][ T8701] tmpfs: Unknown parameter 'usrquota_inodeâÚ«¤Ø؃$it'
[  315.713331][ T8650] mmap: syz.1.670 (8650) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  315.762950][ T5880] usb 2-1: USB disconnect, device number 19
[  317.542083][   T24] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  317.607231][ T8729] netlink: 'syz.3.689': attribute type 10 has an invalid length.
[  317.751765][ T8731] SELinux:  policydb version -759146342 does not match my version range 15-35
[  317.755989][ T5826] Bluetooth: hci0: unexpected event for opcode 0x2003
[  317.760924][ T8731] SELinux: failed to load policy
[  317.860057][   T24] usb 5-1: Using ep0 maxpacket: 8
[  317.868597][ T8729] 8021q: adding VLAN 0 to HW filter on device batadv0
[  317.884785][   T24] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  317.897529][ T8729] batadv0: entered promiscuous mode
[  317.905802][   T24] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  317.905886][ T3646] bond0: (slave batadv0): interface is now down
[  317.915817][   T24] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  317.915842][   T24] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  317.915884][   T24] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  317.915903][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  317.963050][ T8729] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  318.055182][ T3646] bond0: (slave batadv0): interface is now down
[  318.062568][ T3646] bond0: now running without any active interface!
[  318.189594][   T24] usb 5-1: GET_CAPABILITIES returned 0
[  318.201910][   T24] usbtmc 5-1:16.0: can't read capabilities
[  318.275791][ T5893] usb 3-1: new full-speed USB device number 18 using dummy_hcd
[  318.601382][ T8743] syzkaller0: entered promiscuous mode
[  318.603427][ T5893] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  318.606888][ T8743] syzkaller0: entered allmulticast mode
[  318.644604][ T5893] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  318.674717][ T5893] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  318.694890][ T5893] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  319.135789][ T8729] syz_tun: entered allmulticast mode
[  319.142971][ T5893] usb 3-1: config 0 descriptor??
[  319.250793][ T5893] hub 3-1:0.0: USB hub found
[  319.465758][ T5893] hub 3-1:0.0: 2 ports detected
[  319.593874][   T30] kauditd_printk_skb: 21 callbacks suppressed
[  319.593889][   T30] audit: type=1400 audit(2000000015.762:670): avc:  denied  { write } for  pid=8744 comm="syz.1.693" name="autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  319.666929][   T30] audit: type=1400 audit(2000000015.790:671): avc:  denied  { ioctl } for  pid=8744 comm="syz.1.693" path="/dev/autofs" dev="devtmpfs" ino=98 ioctlcmd=0x9375 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  321.204119][ T5893] hub 3-1:0.0: hub_ext_port_status failed (err = -32)
[  321.232777][ T5893] usb 5-1: USB disconnect, device number 20
[  323.818823][ T8786] netlink: 'syz.4.701': attribute type 39 has an invalid length.
[  324.332503][ T8788] erspan1: entered allmulticast mode
[  324.557534][ T5893] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  324.834438][ T8802] netlink: 8 bytes leftover after parsing attributes in process `syz.1.705'.
[  324.930236][ T5893] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  324.958088][ T5893] usb 4-1: New USB device found, idVendor=056e, idProduct=00e6, bcdDevice= 0.00
[  324.977411][ T5893] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  325.005794][ T5893] usb 4-1: config 0 descriptor??
[  325.120698][   T10] usb 3-1: USB disconnect, device number 18
[  325.442843][ T8808] netlink: 100 bytes leftover after parsing attributes in process `syz.1.708'.
[  325.504452][ T5893] usbhid 4-1:0.0: can't add hid device: -71
[  325.610402][ T5893] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  325.954054][ T5893] usb 4-1: USB disconnect, device number 22
[  326.726389][ T3806] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  328.721475][   T30] audit: type=1400 audit(2000000024.003:672): avc:  denied  { write } for  pid=8849 comm="syz.0.721" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  328.985912][   T30] audit: type=1400 audit(2000000024.545:673): avc:  denied  { write } for  pid=8861 comm="syz.3.722" path="socket:[20078]" dev="sockfs" ino=20078 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  329.555577][   T30] audit: type=1400 audit(2000000025.078:674): avc:  denied  { write } for  pid=8868 comm="syz.0.723" path="socket:[20761]" dev="sockfs" ino=20761 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  329.717819][ T8874] IPVS: sync thread started: state = BACKUP, mcast_ifn = veth0_to_bond, syncid = 0, id = 0
[  329.719987][ T8875] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  329.760355][   T30] audit: type=1400 audit(2000000025.163:675): avc:  denied  { mounton } for  pid=8865 comm="syz.2.719" path="/136/file0" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  329.910664][   T30] audit: type=1400 audit(2000000025.406:676): avc:  denied  { bind } for  pid=8870 comm="syz.1.724" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  330.054492][   T30] audit: type=1400 audit(2000000025.546:677): avc:  denied  { create } for  pid=8882 comm="syz.3.726" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  330.197205][   T30] audit: type=1400 audit(2000000025.584:678): avc:  denied  { mounton } for  pid=8882 comm="syz.3.726" path="/137/file0" dev="tmpfs" ino=751 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  332.256065][ T8901] netlink: 100 bytes leftover after parsing attributes in process `syz.1.731'.
[  332.354640][ T8916] wireguard0: entered promiscuous mode
[  333.541299][   T30] audit: type=1400 audit(2000000028.811:679): avc:  denied  { ioctl } for  pid=8939 comm="syz.2.741" path="socket:[20393]" dev="sockfs" ino=20393 ioctlcmd=0x6612 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  333.941025][ T5893] usb 3-1: new full-speed USB device number 19 using dummy_hcd
[  333.989116][   T30] audit: type=1400 audit(2000000029.232:680): avc:  denied  { unlink } for  pid=5814 comm="syz-executor" name="file0" dev="tmpfs" ino=751 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  334.135058][ T5893] usb 3-1: config 0 interface 0 altsetting 8 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  334.156430][ T5893] usb 3-1: config 0 interface 0 has no altsetting 0
[  334.163106][ T5893] usb 3-1: New USB device found, idVendor=1e7d, idProduct=3138, bcdDevice= 0.00
[  334.836149][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[  334.850166][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[  335.149205][ T5893] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  335.168009][ T5893] usb 3-1: config 0 descriptor??
[  335.174725][ T8943] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  335.914828][ T5893] ryos 0003:1E7D:3138.0004: hidraw0: USB HID v0.04 Device [HID 1e7d:3138] on usb-dummy_hcd.2-1/input0
[  336.218013][ T5880] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  336.311769][ T8943] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  336.363788][ T8943] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  336.464216][   T24] usb 3-1: USB disconnect, device number 19
[  336.517583][ T5880] usb 4-1: Using ep0 maxpacket: 16
[  336.528514][ T5880] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  336.545031][ T5880] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  336.563483][ T5880] usb 4-1: too many endpoints for config 1 interface 1 altsetting 7: 49, using maximum allowed: 30
[  336.583006][ T5880] usb 4-1: config 1 interface 1 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 49
[  336.609003][ T5880] usb 4-1: config 1 interface 1 has no altsetting 0
[  336.637110][ T5880] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  336.653197][ T5880] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  336.672881][ T5880] usb 4-1: Product: �㦛�뽖䄸�盅홱鿗뱲⠕㋸ዳ씹얥�㨲㼮횳ᷕ㘰ꚇ䣢谧ᶥⲵ姢䌿翱ŋ剈㵶͡휧䬖煟♪�説ꨊ펡�륽Ꙇ�ᒕ蒦㴜
[  336.705069][ T5880] usb 4-1: Manufacturer: ᙟ��姓꣌➂嬖⽃쿆댈䅜�﹫ᯆ왪�箾쓎侼싉葛㟇示ꥤ�鋖瓬䴆跣봿ܨ信ᙷ冇ʢ�േ࿼ㆅ䗧껓Š鯮功��䴴鄡�젠᨟ᕘ
[  336.735932][ T5880] usb 4-1: SerialNumber: syz
[  337.709483][ T5880] usb 4-1: 0:2 : does not exist
[  337.710924][   T30] audit: type=1400 audit(2000000032.702:681): avc:  denied  { shutdown } for  pid=8961 comm="syz.3.748" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  337.794104][   T30] audit: type=1400 audit(2000000032.712:682): avc:  denied  { read } for  pid=8961 comm="syz.3.748" path="socket:[21126]" dev="sockfs" ino=21126 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1
[  337.833320][ T5880] usb 4-1: USB disconnect, device number 23
[  337.901398][   T30] audit: type=1400 audit(2000000032.712:683): avc:  denied  { create } for  pid=8983 comm="syz.1.754" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  337.940344][ T5832] udevd[5832]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  338.037575][ T8995] netlink: 8 bytes leftover after parsing attributes in process `syz.1.756'.
[  338.046551][ T8995] netlink: 4 bytes leftover after parsing attributes in process `syz.1.756'.
[  338.172173][ T8997] netlink: 88 bytes leftover after parsing attributes in process `syz.1.756'.
[  338.750083][   T30] audit: type=1400 audit(2000000032.740:684): avc:  denied  { setopt } for  pid=8983 comm="syz.1.754" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  338.759047][ T8989] netlink: 8 bytes leftover after parsing attributes in process `syz.2.755'.
[  338.779562][   T30] audit: type=1400 audit(2000000032.740:685): avc:  denied  { write } for  pid=8983 comm="syz.1.754" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  340.300870][   T30] audit: type=1400 audit(2000000035.134:686): avc:  denied  { getopt } for  pid=9001 comm="syz.2.760" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  341.525055][   T30] audit: type=1800 audit(2000000036.266:687): pid=9035 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.2.765" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[  343.005442][ T6198] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  344.117963][ T6198] usb 2-1: Using ep0 maxpacket: 32
[  344.152520][ T6198] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  344.162067][ T6198] usb 2-1: config 0 has no interface number 0
[  344.171859][ T6198] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  344.386730][ T6198] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  344.498479][ T9068] netlink: 16 bytes leftover after parsing attributes in process `syz.3.774'.
[  344.509760][ T6198] usb 2-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00
[  344.509891][ T9068] netlink: 4 bytes leftover after parsing attributes in process `syz.3.774'.
[  344.528645][ T9068] netlink: 4 bytes leftover after parsing attributes in process `syz.3.774'.
[  344.546212][ T6198] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  344.569879][ T6198] usb 2-1: config 0 descriptor??
[  344.685933][ T6198] usbhid 2-1:0.1: can't add hid device: -71
[  344.691935][ T6198] usbhid 2-1:0.1: probe with driver usbhid failed with error -71
[  344.717679][ T9068] binder: 9067:9068 ioctl 80089418 200000000040 returned -22
[  344.755325][ T6198] usb 2-1: USB disconnect, device number 20
[  344.786092][   T30] audit: type=1400 audit(2000000039.334:688): avc:  denied  { name_bind } for  pid=9067 comm="syz.3.774" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1
[  344.971821][   T30] audit: type=1400 audit(2000000039.503:689): avc:  denied  { mounton } for  pid=9074 comm="syz.2.778" path="/150/file0" dev="tmpfs" ino=804 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=fifo_file permissive=1
[  347.155412][   T24] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  351.877878][   T30] audit: type=1400 audit(2000000045.695:690): avc:  denied  { watch_sb watch_reads } for  pid=9106 comm="syz.1.784" path="/152/bus/file1" dev="overlay" ino=833 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  352.717491][   T30] audit: type=1400 audit(2000000046.752:691): avc:  denied  { getopt } for  pid=9114 comm="syz.1.786" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  352.929956][ T9121] fuse: Bad value for 'fd'
[  355.182736][ T9159] netlink: 28 bytes leftover after parsing attributes in process `syz.2.797'.
[  356.237603][ T9164] netlink: 20 bytes leftover after parsing attributes in process `syz.3.800'.
[  356.387782][   T30] audit: type=1400 audit(2000000050.176:692): avc:  denied  { ioctl } for  pid=9168 comm="syz.2.803" path="/dev/infiniband/rdma_cm" dev="devtmpfs" ino=1271 ioctlcmd=0xf514 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1
[  356.582894][ T6198] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  357.202858][ T6198] usb 2-1: Using ep0 maxpacket: 16
[  357.215469][ T6198] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  357.230348][ T6198] usb 2-1: config 1 has no interface number 1
[  357.245371][ T6198] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  357.373928][ T6198] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  357.396608][ T6198] usb 2-1: config 1 interface 2 has no altsetting 0
[  357.411866][ T6198] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  357.428069][ T6198] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  357.436098][ T6198] usb 2-1: Product: syz
[  357.454235][ T6198] usb 2-1: Manufacturer: syz
[  357.480998][ T6198] usb 2-1: SerialNumber: syz
[  357.886144][ T9192] netlink: 4 bytes leftover after parsing attributes in process `syz.4.808'.
[  358.704733][ T9191] netlink: 100 bytes leftover after parsing attributes in process `syz.0.806'.
[  359.133031][ T6198] usb 2-1: 2:1 : format type 0 is detected, processed as PCM
[  359.141224][ T6198] usb 2-1: selecting invalid altsetting 0
[  359.158256][ T6198] usb 2-1: 2:1: cannot set freq 9338507 to ep 0x82
[  359.179476][ T6198] usb 2-1: selecting invalid altsetting 0
[  359.295126][ T6198] usb 2-1: USB disconnect, device number 21
[  359.463881][ T6580] udevd[6580]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  360.079736][ T9226] FAULT_INJECTION: forcing a failure.
[  360.079736][ T9226] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  360.093399][ T9226] CPU: 1 UID: 0 PID: 9226 Comm: syz.0.814 Not tainted syzkaller #0 PREEMPT(full) 
[  360.093427][ T9226] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  360.093438][ T9226] Call Trace:
[  360.093445][ T9226]  <TASK>
[  360.093452][ T9226]  dump_stack_lvl+0x16c/0x1f0
[  360.093484][ T9226]  should_fail_ex+0x512/0x640
[  360.093509][ T9226]  _copy_from_user+0x2e/0xd0
[  360.093529][ T9226]  memdup_user+0x6b/0xe0
[  360.093546][ T9226]  strndup_user+0x78/0xe0
[  360.093558][ T9226]  __x64_sys_mount+0x17f/0x310
[  360.093572][ T9226]  ? __pfx___x64_sys_mount+0x10/0x10
[  360.093599][ T9226]  do_syscall_64+0xcd/0xf80
[  360.093617][ T9226]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  360.093631][ T9226] RIP: 0033:0x7fce4bd8f749
[  360.093641][ T9226] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  360.093652][ T9226] RSP: 002b:00007fce4cc57038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  360.093664][ T9226] RAX: ffffffffffffffda RBX: 00007fce4bfe6090 RCX: 00007fce4bd8f749
[  360.093676][ T9226] RDX: 0000200000000100 RSI: 00002000000000c0 RDI: 0000200000000000
[  360.093683][ T9226] RBP: 00007fce4cc57090 R08: 0000000000000000 R09: 0000000000000000
[  360.093689][ T9226] R10: 0000000000210818 R11: 0000000000000246 R12: 0000000000000001
[  360.093696][ T9226] R13: 00007fce4bfe6128 R14: 00007fce4bfe6090 R15: 00007ffe803ae038
[  360.093709][ T9226]  </TASK>
[  361.598507][ T3424] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  363.797389][ T9264] syzkaller0: entered promiscuous mode
[  363.803098][ T9264] syzkaller0: entered allmulticast mode
[  364.019837][   T30] audit: type=1400 audit(2000000057.323:693): avc:  denied  { recv } for  pid=9261 comm="syz.1.822" saddr=10.128.0.169 src=35374 daddr=10.128.1.10 dest=22 netif=eth0 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1
[  364.923351][ T9271] FAULT_INJECTION: forcing a failure.
[  364.923351][ T9271] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  364.936902][ T9271] CPU: 0 UID: 0 PID: 9271 Comm: syz.2.823 Not tainted syzkaller #0 PREEMPT(full) 
[  364.936930][ T9271] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  364.936941][ T9271] Call Trace:
[  364.936945][ T9271]  <TASK>
[  364.936950][ T9271]  dump_stack_lvl+0x16c/0x1f0
[  364.936974][ T9271]  should_fail_ex+0x512/0x640
[  364.936996][ T9271]  strncpy_from_user+0x3b/0x2e0
[  364.937014][ T9271]  getname_flags.part.0+0x8f/0x550
[  364.937029][ T9271]  ? copy_mount_options+0x128/0x190
[  364.937043][ T9271]  getname_flags+0x93/0xf0
[  364.937057][ T9271]  user_path_at+0x24/0x60
[  364.937072][ T9271]  __x64_sys_mount+0x1fb/0x310
[  364.937084][ T9271]  ? __pfx___x64_sys_mount+0x10/0x10
[  364.937096][ T9271]  ? trace_irq_enable.constprop.0+0x2f/0x110
[  364.937116][ T9271]  do_syscall_64+0xcd/0xf80
[  364.937134][ T9271]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  364.937146][ T9271] RIP: 0033:0x7fb19a38f749
[  364.937168][ T9271] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  364.937181][ T9271] RSP: 002b:00007fb19b1a8038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  364.937192][ T9271] RAX: ffffffffffffffda RBX: 00007fb19a5e6090 RCX: 00007fb19a38f749
[  364.937199][ T9271] RDX: 0000200000000ac0 RSI: 0000200000000a80 RDI: 0000200000000040
[  364.937205][ T9271] RBP: 00007fb19b1a8090 R08: 0000000000000000 R09: 0000000000000000
[  364.937212][ T9271] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  364.937219][ T9271] R13: 00007fb19a5e6128 R14: 00007fb19a5e6090 R15: 00007ffef7774538
[  364.937233][ T9271]  </TASK>
[  365.901241][   T30] audit: type=1400 audit(2000000059.081:694): avc:  denied  { write } for  pid=9275 comm="syz.3.826" name="mice" dev="devtmpfs" ino=916 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  365.936803][   T30] audit: type=1400 audit(2000000059.081:695): avc:  denied  { open } for  pid=9275 comm="syz.3.826" path="/dev/input/mice" dev="devtmpfs" ino=916 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  366.429206][ T6595] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  367.696109][ T6595] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  368.134351][ T6595] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  368.166987][ T6595] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  368.220419][ T6595] usb 3-1: config 0 descriptor??
[  368.251146][ T6595] pwc: Askey VC010 type 2 USB webcam detected.
[  368.692550][ T6595] pwc: recv_control_msg error -32 req 02 val 2b00
[  369.229771][ T6595] pwc: recv_control_msg error -71 req 04 val 1000
[  369.247429][ T6595] pwc: recv_control_msg error -71 req 04 val 1300
[  369.276958][ T6595] pwc: recv_control_msg error -71 req 04 val 1400
[  369.983276][ T6595] pwc: recv_control_msg error -71 req 02 val 2000
[  369.990215][ T6595] pwc: recv_control_msg error -71 req 02 val 2100
[  369.997015][ T6595] pwc: recv_control_msg error -71 req 04 val 1500
[  370.003870][ T6595] pwc: recv_control_msg error -71 req 02 val 2500
[  370.010710][ T6595] pwc: recv_control_msg error -71 req 02 val 2400
[  370.017585][ T6595] pwc: recv_control_msg error -71 req 02 val 2600
[  370.024454][ T6595] pwc: recv_control_msg error -71 req 02 val 2900
[  370.031293][ T6595] pwc: recv_control_msg error -71 req 02 val 2800
[  370.038243][ T6595] pwc: recv_control_msg error -71 req 04 val 1100
[  370.045076][ T6595] pwc: recv_control_msg error -71 req 04 val 1200
[  370.056961][ T6595] pwc: Registered as video103.
[  370.063635][ T6595] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input20
[  370.078418][ T6595] usb 3-1: USB disconnect, device number 20
[  371.248760][ T9328] tc_dump_action: action bad kind
[  371.636840][   T30] audit: type=1804 audit(2000000064.432:696): pid=9326 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.1.841" name="/newroot/163/bus/bus" dev="overlay" ino=899 res=1 errno=0
[  376.233792][ T9380] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  376.363593][   T30] audit: type=1400 audit(2000000068.838:697): avc:  denied  { mount } for  pid=9378 comm="syz.2.849" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1
[  377.087556][ T9387] netlink: 100 bytes leftover after parsing attributes in process `syz.4.853'.
[  377.488208][ T9404] netlink: 100 bytes leftover after parsing attributes in process `syz.1.856'.
[  377.589276][   T89] usb 3-1: new low-speed USB device number 21 using dummy_hcd
[  377.678365][ T9413] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[  377.773135][   T89] usb 3-1: config 168 descriptor has 1 excess byte, ignoring
[  377.780773][   T89] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  377.805152][   T89] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  377.907683][   T89] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  377.919605][   T89] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  377.935056][   T89] usb 3-1: config 168 descriptor has 1 excess byte, ignoring
[  377.943285][   T89] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  377.954739][   T89] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  378.434837][   T89] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  378.446942][   T89] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  378.459336][   T89] usb 3-1: config 168 descriptor has 1 excess byte, ignoring
[  378.561514][   T89] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  378.582762][   T89] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  378.636073][   T89] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  378.672694][   T89] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  378.704364][   T89] usb 3-1: string descriptor 0 read error: -22
[  378.761622][   T89] usb 3-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  378.778652][   T89] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  378.909073][   T89] adutux 3-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  381.226696][ T9441] comedi comedi0: Minor 3 specified more than once!
[  381.508400][   T30] audit: type=1400 audit(2000000073.683:698): avc:  denied  { create } for  pid=9434 comm="syz.1.863" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  381.529283][   T30] audit: type=1400 audit(2000000073.683:699): avc:  denied  { write } for  pid=9434 comm="syz.1.863" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  381.554126][   T30] audit: type=1400 audit(2000000073.683:700): avc:  denied  { read } for  pid=9434 comm="syz.1.863" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  382.040360][ T9451] netlink: 8 bytes leftover after parsing attributes in process `syz.3.866'.
[  382.515193][   T30] audit: type=1400 audit(2000000074.619:701): avc:  denied  { getopt } for  pid=9454 comm="syz.3.867" lport=4 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  382.568286][   T30] audit: type=1400 audit(2000000074.619:702): avc:  denied  { bind } for  pid=9454 comm="syz.3.867" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  383.161394][ T5880] usb 3-1: USB disconnect, device number 21
[  383.287683][   T24] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  383.695622][   T24] usb 2-1: Using ep0 maxpacket: 32
[  383.785335][   T24] usb 2-1: New USB device found, idVendor=1039, idProduct=2120, bcdDevice= 2.a7
[  383.802540][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  383.821541][   T24] usb 2-1: Product: syz
[  383.832456][   T24] usb 2-1: Manufacturer: syz
[  383.932642][   T24] usb 2-1: SerialNumber: syz
[  383.941977][   T24] usb 2-1: config 0 descriptor??
[  384.472606][   T24] usb 2-1: [ueagle-atm] ADSL device founded vid (0X1039) pid (0X2120) Rev (0X2A7): Eagle II
[  384.705860][ T9485] fuse: Bad value for 'group_id'
[  384.711266][ T9485] fuse: Bad value for 'group_id'
[  384.822863][ T9488] FAULT_INJECTION: forcing a failure.
[  384.822863][ T9488] name failslab, interval 1, probability 0, space 0, times 0
[  384.839059][ T9488] CPU: 0 UID: 0 PID: 9488 Comm: syz.0.876 Not tainted syzkaller #0 PREEMPT(full) 
[  384.839089][ T9488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  384.839101][ T9488] Call Trace:
[  384.839108][ T9488]  <TASK>
[  384.839117][ T9488]  dump_stack_lvl+0x16c/0x1f0
[  384.839152][ T9488]  should_fail_ex+0x512/0x640
[  384.839182][ T9488]  ? __kmalloc_cache_noprof+0x5f/0x800
[  384.839217][ T9488]  should_failslab+0xc2/0x120
[  384.839246][ T9488]  __kmalloc_cache_noprof+0x80/0x800
[  384.839276][ T9488]  ? genl_start+0x1e8/0x980
[  384.839314][ T9488]  ? genl_start+0x1e8/0x980
[  384.839337][ T9488]  genl_start+0x1e8/0x980
[  384.839366][ T9488]  __netlink_dump_start+0x60e/0x990
[  384.839392][ T9488]  genl_family_rcv_msg_dumpit+0x1e2/0x2e0
[  384.839421][ T9488]  ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10
[  384.839447][ T9488]  ? irqentry_exit+0x1dd/0x8c0
[  384.839477][ T9488]  ? __pfx_genl_get_cmd+0x10/0x10
[  384.839499][ T9488]  ? __pfx_genl_start+0x10/0x10
[  384.839521][ T9488]  ? __pfx_genl_dumpit+0x10/0x10
[  384.839544][ T9488]  ? __pfx_genl_done+0x10/0x10
[  384.839574][ T9488]  ? __radix_tree_lookup+0x1a5/0x2c0
[  384.839598][ T9488]  genl_rcv_msg+0x46e/0x800
[  384.839627][ T9488]  ? __pfx_genl_rcv_msg+0x10/0x10
[  384.839651][ T9488]  ? rcu_is_watching+0x12/0xc0
[  384.839672][ T9488]  ? __pfx_netdev_nl_page_pool_get_dumpit+0x10/0x10
[  384.839715][ T9488]  netlink_rcv_skb+0x158/0x420
[  384.839751][ T9488]  ? __pfx_genl_rcv_msg+0x10/0x10
[  384.839777][ T9488]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  384.839818][ T9488]  genl_rcv+0x28/0x40
[  384.839840][ T9488]  netlink_unicast+0x5aa/0x870
[  384.839867][ T9488]  ? __pfx_netlink_unicast+0x10/0x10
[  384.839899][ T9488]  netlink_sendmsg+0x8c8/0xdd0
[  384.839926][ T9488]  ? __pfx_netlink_sendmsg+0x10/0x10
[  384.839951][ T9488]  ? __pfx_netlink_sendmsg+0x10/0x10
[  384.839979][ T9488]  ____sys_sendmsg+0xa5d/0xc30
[  384.840007][ T9488]  ? copy_msghdr_from_user+0x10a/0x160
[  384.840027][ T9488]  ? __pfx_____sys_sendmsg+0x10/0x10
[  384.840049][ T9488]  ? rcu_is_watching+0x12/0xc0
[  384.840078][ T9488]  ___sys_sendmsg+0x134/0x1d0
[  384.840098][ T9488]  ? __pfx____sys_sendmsg+0x10/0x10
[  384.840117][ T9488]  ? __pfx___schedule+0x10/0x10
[  384.840136][ T9488]  ? lock_acquire+0x179/0x330
[  384.840190][ T9488]  __sys_sendmsg+0x16d/0x220
[  384.840210][ T9488]  ? __pfx___sys_sendmsg+0x10/0x10
[  384.840228][ T9488]  ? __pfx___schedule+0x10/0x10
[  384.840255][ T9488]  ? rcu_is_watching+0x12/0xc0
[  384.840280][ T9488]  do_syscall_64+0xcd/0xf80
[  384.840312][ T9488]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  384.840332][ T9488] RIP: 0033:0x7fce4bd8f749
[  384.840348][ T9488] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  384.840366][ T9488] RSP: 002b:00007fce4cc57038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  384.840388][ T9488] RAX: ffffffffffffffda RBX: 00007fce4bfe6090 RCX: 00007fce4bd8f749
[  384.840401][ T9488] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000007
[  384.840412][ T9488] RBP: 00007fce4cc57090 R08: 0000000000000000 R09: 0000000000000000
[  384.840423][ T9488] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  384.840434][ T9488] R13: 00007fce4bfe6128 R14: 00007fce4bfe6090 R15: 00007ffe803ae038
[  384.840461][ T9488]  </TASK>
[  385.089259][   T24] usb 2-1: reset high-speed USB device number 22 using dummy_hcd
[  385.671061][   T58] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  385.920743][   T24] usb 2-1: [UEAGLE-ATM] interface 1 not found
[  385.929587][   T24] ueagle-atm 2-1:0.0: usbatm_usb_probe: bind failed: -19!
[  385.948544][   T24] usb 2-1: USB disconnect, device number 22
[  386.470995][   T58] usb 3-1: Using ep0 maxpacket: 8
[  386.477928][   T58] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  386.489361][   T58] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  386.504821][   T58] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  386.514764][   T58] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  386.552053][ T9501] FAULT_INJECTION: forcing a failure.
[  386.552053][ T9501] name failslab, interval 1, probability 0, space 0, times 0
[  386.569058][   T58] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  386.581721][   T58] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  386.592783][ T9501] CPU: 1 UID: 0 PID: 9501 Comm: syz.4.879 Not tainted syzkaller #0 PREEMPT(full) 
[  386.592807][ T9501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  386.592832][ T9501] Call Trace:
[  386.592839][ T9501]  <TASK>
[  386.592846][ T9501]  dump_stack_lvl+0x16c/0x1f0
[  386.592876][ T9501]  should_fail_ex+0x512/0x640
[  386.592903][ T9501]  ? fs_reclaim_acquire+0xae/0x150
[  386.592929][ T9501]  should_failslab+0xc2/0x120
[  386.592953][ T9501]  __kmalloc_noprof+0xeb/0x910
[  386.592979][ T9501]  ? __pfx_prepend_path+0x10/0x10
[  386.592999][ T9501]  ? ima_alloc_init_template+0x19d/0x720
[  386.593030][ T9501]  ? ima_alloc_init_template+0x19d/0x720
[  386.593057][ T9501]  ima_alloc_init_template+0x19d/0x720
[  386.593083][ T9501]  ? d_absolute_path+0x136/0x1a0
[  386.593103][ T9501]  ? __pfx_d_absolute_path+0x10/0x10
[  386.593124][ T9501]  ima_store_measurement+0x1eb/0x5c0
[  386.593152][ T9501]  ? __pfx_ima_store_measurement+0x10/0x10
[  386.593177][ T9501]  ? ima_d_path+0x12b/0x2a0
[  386.593205][ T9501]  ? __pfx_ima_get_hash_algo+0x10/0x10
[  386.593241][ T9501]  process_measurement+0x17fa/0x22d0
[  386.593273][ T9501]  ? avc_has_perm_noaudit+0x149/0x3b0
[  386.593303][ T9501]  ? __pfx_process_measurement+0x10/0x10
[  386.593332][ T9501]  ? __pfx_avc_has_perm+0x10/0x10
[  386.593360][ T9501]  ? find_held_lock+0x2b/0x80
[  386.593415][ T9501]  ? file_map_prot_check+0x1eb/0x360
[  386.593436][ T9501]  ima_file_mmap+0x1ad/0x1d0
[  386.593459][ T9501]  ? __pfx_ima_file_mmap+0x10/0x10
[  386.593482][ T9501]  ? find_held_lock+0x2b/0x80
[  386.593509][ T9501]  security_mmap_file+0x88c/0x990
[  386.593534][ T9501]  vm_mmap_pgoff+0xec/0x470
[  386.593557][ T9501]  ? find_held_lock+0x2b/0x80
[  386.593583][ T9501]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  386.593608][ T9501]  ? __fget_files+0x20e/0x3c0
[  386.593639][ T9501]  ksys_mmap_pgoff+0x32c/0x5c0
[  386.593660][ T9501]  ? __pfx_ksys_write+0x10/0x10
[  386.593686][ T9501]  __x64_sys_mmap+0x125/0x190
[  386.593711][ T9501]  do_syscall_64+0xcd/0xf80
[  386.593735][ T9501]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  386.593754][ T9501] RIP: 0033:0x7f0efef8f749
[  386.593769][ T9501] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  386.593786][ T9501] RSP: 002b:00007f0effe48038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  386.593804][ T9501] RAX: ffffffffffffffda RBX: 00007f0eff1e5fa0 RCX: 00007f0efef8f749
[  386.593815][ T9501] RDX: 88fd537e5c114b6e RSI: 0000000000003000 RDI: 0000200000000000
[  386.593826][ T9501] RBP: 00007f0effe48090 R08: 0000000000000006 R09: 0000000000000000
[  386.593836][ T9501] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000001
[  386.593846][ T9501] R13: 00007f0eff1e6038 R14: 00007f0eff1e5fa0 R15: 00007ffd5cf6fd78
[  386.593871][ T9501]  </TASK>
[  386.875879][   T30] audit: type=1804 audit(2000000078.464:703): pid=9501 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=add_template_measure cause=ENOMEM comm="syz.4.879" name="/newroot/178/blkio.bfq.group_wait_time" dev="tmpfs" ino=957 res=0 errno=0
[  387.309374][   T58] usb 3-1: GET_CAPABILITIES returned 0
[  387.323613][   T58] usbtmc 3-1:16.0: can't read capabilities
[  387.802864][    C1] usbtmc 3-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71
[  387.813324][ T9527] usbtmc 3-1:16.0: Unable to send data, error -71
[  389.376946][   T30] audit: type=1400 audit(2000000081.036:704): avc:  denied  { watch } for  pid=9539 comm="syz.4.887" path="/181/file0" dev="tmpfs" ino=975 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  389.804507][ T6589] usb 3-1: USB disconnect, device number 22
[  389.893699][   T30] audit: type=1400 audit(2000000081.522:705): avc:  denied  { map } for  pid=9543 comm="syz.3.889" path="/proc/640/maps" dev="proc" ino=23676 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=file permissive=1
[  391.563129][   T89] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  391.577975][   T89] hid-generic 0000:0000:0000.0005: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  393.323951][   T30] audit: type=1400 audit(2000000084.731:706): avc:  denied  { connect } for  pid=9563 comm="syz.0.896" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  393.644573][   T30] audit: type=1400 audit(2000000085.030:707): avc:  denied  { append } for  pid=9592 comm="syz.1.900" name="nbd1" dev="devtmpfs" ino=680 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  395.693187][   T30] audit: type=1400 audit(2000000086.948:708): avc:  denied  { call } for  pid=9599 comm="syz.3.901" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  395.800884][ T1073] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  396.148354][ T6590] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  396.447142][ T6590] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  396.459571][ T6590] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  396.477416][ T6590] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  396.512665][ T6590] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  396.536377][ T6590] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  396.561928][ T6590] usb 3-1: config 0 descriptor??
[  397.037573][ T5985] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  397.052597][ T6590] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  397.064735][ T6590] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  397.073684][ T6590] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  397.081352][ T6590] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  397.089062][ T6590] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  397.096531][ T6590] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  397.105937][ T6590] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  397.118500][ T6590] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  397.128823][ T6590] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  397.491717][ T9608] xt_l2tp: wrong L2TP version: 0
[  397.497280][ T6590] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  397.540894][ T6590] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw0: USB HID v0.00 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  397.601772][ T5985] usb 4-1: Using ep0 maxpacket: 16
[  397.620886][ T5985] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  397.668847][ T5985] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  397.698530][ T5985] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  397.719810][ T5985] usb 4-1: Product: syz
[  397.728472][ T5985] usb 4-1: Manufacturer: syz
[  397.898035][ T5985] usb 4-1: SerialNumber: syz
[  397.915105][ T5985] usb 4-1: config 0 descriptor??
[  397.930849][ T6590] usb 3-1: USB disconnect, device number 23
[  397.936165][ T5985] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  398.102672][ T5985] em28xx 4-1:0.0: DVB interface 0 found: bulk
[  398.521079][ T5985] em28xx 4-1:0.0: unknown em28xx chip ID (0)
[  399.618857][ T5985] em28xx 4-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  399.643054][ T5985] em28xx 4-1:0.0: board has no eeprom
[  399.932239][ T5985] em28xx 4-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  400.112745][   T30] audit: type=1400 audit(2000000090.923:709): avc:  denied  { bind } for  pid=9641 comm="syz.1.911" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  400.139655][ T5880] IPVS: starting estimator thread 0...
[  400.169792][ T5985] em28xx 4-1:0.0: dvb set to bulk mode.
[  400.185705][   T89] em28xx 4-1:0.0: Binding DVB extension
[  400.211050][ T5985] usb 4-1: USB disconnect, device number 25
[  400.221602][   T30] audit: type=1400 audit(2000000090.923:710): avc:  denied  { setopt } for  pid=9641 comm="syz.1.911" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  400.241931][ T9647] IPVS: using max 53 ests per chain, 127200 per kthread
[  400.255948][ T5985] em28xx 4-1:0.0: Disconnecting em28xx
[  400.272993][ T9652] tipc: Started in network mode
[  400.298601][ T9652] tipc: Node identity 84e, cluster identity 4711
[  400.304988][ T9652] tipc: Node number set to 2126
[  400.362342][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[  400.370536][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[  400.432980][   T89] em28xx 4-1:0.0: Registering input extension
[  400.469275][ T5985] em28xx 4-1:0.0: Closing input extension
[  400.603687][ T5985] em28xx 4-1:0.0: Freeing device
[  400.626578][ T6590] usb 3-1: new full-speed USB device number 24 using dummy_hcd
[  400.819826][ T6590] usb 3-1: device descriptor read/64, error -71
[  400.961866][   T58] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  401.121668][ T6590] usb 3-1: new full-speed USB device number 25 using dummy_hcd
[  401.152338][   T58] usb 5-1: config 1 has an invalid interface number: 7 but max is 0
[  401.168740][   T58] usb 5-1: config 1 has no interface number 0
[  401.182111][   T30] audit: type=1326 audit(2000000092.083:711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9675 comm="syz.1.916" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0412d8f749 code=0x0
[  401.184378][   T58] usb 5-1: config 1 interface 7 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B
[  401.259274][ T9682] netlink: 'syz.1.916': attribute type 1 has an invalid length.
[  401.288358][   T58] usb 5-1: config 1 interface 7 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64
[  401.298929][ T6590] usb 3-1: device descriptor read/64, error -71
[  401.302660][ T9682] 8021q: adding VLAN 0 to HW filter on device bond0
[  401.327471][   T58] usb 5-1: config 1 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  401.341372][ T9682] netlink: 28 bytes leftover after parsing attributes in process `syz.1.916'.
[  401.368174][   T58] usb 5-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00
[  401.380869][   T58] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  401.384041][ T9682] bond0: (slave dummy0): making interface the new active one
[  401.398145][ T9682] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  401.426715][ T9682] netlink: 'syz.1.916': attribute type 10 has an invalid length.
[  401.434667][ T9682] netlink: 40 bytes leftover after parsing attributes in process `syz.1.916'.
[  401.443848][ T9682] dummy0: entered promiscuous mode
[  401.482610][ T9682] bond0: (slave dummy0): Releasing active interface
[  401.540162][ T6590] usb usb3-port1: attempt power cycle
[  401.603046][   T58] usb 5-1: Product: syz
[  401.607250][   T58] usb 5-1: Manufacturer: syz
[  401.612123][   T58] usb 5-1: SerialNumber: syz
[  401.622299][ T9661] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  402.005507][ T9661] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  402.242151][ T6590] usb 3-1: new full-speed USB device number 26 using dummy_hcd
[  403.010047][ T6590] usb 3-1: device descriptor read/8, error -71
[  403.021323][ T9661] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  403.030180][ T9661] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  403.622131][ T9701] ubi: mtd0 is already attached to ubi31
[  403.698340][ T6590] usb 3-1: new full-speed USB device number 27 using dummy_hcd
[  403.971463][   T58] sierra_net 5-1:1.7 wwan0: register 'sierra_net' at usb-dummy_hcd.4-1, Sierra Wireless USB-to-WWAN Modem, 00:00:00:00:0b:07
[  405.283343][   T58] sierra_net 5-1:1.7 wwan0: Submit SYNC failed -71
[  405.290712][ T6590] usb 3-1: device not accepting address 27, error -71
[  405.426575][   T58] sierra_net 5-1:1.7 wwan0: Send SYNC failed, status -71
[  405.434467][   T58] sierra_net 5-1:1.7 wwan0: Submit SYNC failed -71
[  405.441750][ T6590] usb usb3-port1: unable to enumerate USB device
[  405.453987][   T58] sierra_net 5-1:1.7 wwan0: Send SYNC failed, status -71
[  405.929780][   T58] usb 5-1: USB disconnect, device number 21
[  405.941267][   T58] sierra_net 5-1:1.7 wwan0: unregister 'sierra_net' usb-dummy_hcd.4-1, Sierra Wireless USB-to-WWAN Modem
[  406.089843][   T58] sierra_net 5-1:1.7 wwan0 (unregistered): usb_control_msg failed, status -19
[  406.540042][ T5985] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  406.816046][ T5985] usb 2-1: device descriptor read/64, error -71
[  407.417091][ T5985] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[  407.654973][ T5985] usb 2-1: device descriptor read/64, error -71
[  407.806946][ T5985] usb usb2-port1: attempt power cycle
[  407.917963][   T30] audit: type=1400 audit(2000000098.388:712): avc:  denied  { setopt } for  pid=9750 comm="syz.3.934" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  408.349646][   T30] audit: type=1400 audit(2000000098.744:713): avc:  denied  { name_bind } for  pid=9755 comm="syz.4.936" src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  408.746699][ T5985] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[  409.576569][ T5985] usb 2-1: device descriptor read/8, error -71
[  409.708426][ T9771] nvme_fabrics: unknown parameter or missing value '”–¢Cê' in ctrl creation request
[  409.758449][ T9771] smc: ib device syz0 ibport 1 applied user defined pnetid SYZ0
[  409.886093][ T6044] Bluetooth: hci5: Frame reassembly failed (-84)
[  409.929222][ T6044] Bluetooth: hci5: Frame reassembly failed (-84)
[  409.997398][ T9777] team0: Device vxcan3 is of different type
[  410.025201][   T30] audit: type=1400 audit(2000000100.353:714): avc:  denied  { write } for  pid=9778 comm="syz.0.941" name="wireless" dev="proc" ino=4026533363 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1
[  411.901008][   T30] audit: type=1326 audit(2000000102.102:715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9791 comm="syz.1.945" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0412d8f749 code=0x7ffc0000
[  412.161667][ T5826] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  412.168195][ T5834] Bluetooth: hci5: command 0x1003 tx timeout
[  412.184193][   T30] audit: type=1326 audit(2000000102.111:716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9791 comm="syz.1.945" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0412d8f749 code=0x7ffc0000
[  412.212575][   T30] audit: type=1326 audit(2000000102.158:717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9791 comm="syz.1.945" exe="/root/syz-executor" sig=0 arch=c000003e syscall=439 compat=0 ip=0x7f0412d8f749 code=0x7ffc0000
[  412.236667][   T30] audit: type=1326 audit(2000000102.158:718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9791 comm="syz.1.945" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0412d8f749 code=0x7ffc0000
[  412.266792][   T30] audit: type=1326 audit(2000000102.158:719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9791 comm="syz.1.945" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0412d8f749 code=0x7ffc0000
[  412.300499][   T30] audit: type=1326 audit(2000000102.233:720): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9791 comm="syz.1.945" exe="/root/syz-executor" sig=0 arch=c000003e syscall=47 compat=0 ip=0x7f0412d8f749 code=0x7ffc0000
[  412.328841][   T30] audit: type=1326 audit(2000000102.233:721): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9791 comm="syz.1.945" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0412d8f749 code=0x7ffc0000
[  413.888780][ T9809] FAULT_INJECTION: forcing a failure.
[  413.888780][ T9809] name failslab, interval 1, probability 0, space 0, times 0
[  413.927229][ T9809] CPU: 0 UID: 0 PID: 9809 Comm: syz.0.948 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  413.927255][ T9809] Tainted: [L]=SOFTLOCKUP
[  413.927273][ T9809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  413.927285][ T9809] Call Trace:
[  413.927290][ T9809]  <TASK>
[  413.927296][ T9809]  dump_stack_lvl+0x16c/0x1f0
[  413.927320][ T9809]  should_fail_ex+0x512/0x640
[  413.927340][ T9809]  ? fs_reclaim_acquire+0xae/0x150
[  413.927359][ T9809]  should_failslab+0xc2/0x120
[  413.927377][ T9809]  __kmalloc_noprof+0xeb/0x910
[  413.927396][ T9809]  ? tomoyo_encode2+0x100/0x3e0
[  413.927416][ T9809]  ? tomoyo_encode2+0x100/0x3e0
[  413.927430][ T9809]  tomoyo_encode2+0x100/0x3e0
[  413.927448][ T9809]  tomoyo_encode+0x29/0x50
[  413.927462][ T9809]  tomoyo_realpath_from_path+0x18f/0x6e0
[  413.927479][ T9809]  ? tomoyo_profile+0x47/0x60
[  413.927503][ T9809]  tomoyo_path_number_perm+0x245/0x580
[  413.927523][ T9809]  ? tomoyo_path_number_perm+0x237/0x580
[  413.927541][ T9809]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  413.927555][ T9809]  ? find_held_lock+0x2b/0x80
[  413.927587][ T9809]  ? find_held_lock+0x2b/0x80
[  413.927603][ T9809]  ? hook_file_ioctl_common+0x144/0x410
[  413.927624][ T9809]  ? __fget_files+0x20e/0x3c0
[  413.927644][ T9809]  security_file_ioctl+0x9b/0x240
[  413.927665][ T9809]  __x64_sys_ioctl+0xb7/0x210
[  413.927690][ T9809]  do_syscall_64+0xcd/0xf80
[  413.927712][ T9809]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  413.927725][ T9809] RIP: 0033:0x7fce4bd8f749
[  413.927735][ T9809] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  413.927747][ T9809] RSP: 002b:00007fce4cc78038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  413.927759][ T9809] RAX: ffffffffffffffda RBX: 00007fce4bfe5fa0 RCX: 00007fce4bd8f749
[  413.927767][ T9809] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  413.927773][ T9809] RBP: 00007fce4cc78090 R08: 0000000000000000 R09: 0000000000000000
[  413.927780][ T9809] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  413.927786][ T9809] R13: 00007fce4bfe6038 R14: 00007fce4bfe5fa0 R15: 00007ffe803ae038
[  413.927801][ T9809]  </TASK>
[  413.927815][ T9809] ERROR: Out of memory at tomoyo_realpath_from_path.
[  415.651577][   T30] kauditd_printk_skb: 4 callbacks suppressed
[  415.651593][   T30] audit: type=1400 audit(2000000105.619:726): avc:  denied  { ioctl } for  pid=9820 comm="syz.3.952" path="socket:[24388]" dev="sockfs" ino=24388 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  417.603763][ T9838] syzkaller0: entered promiscuous mode
[  417.635148][ T9838] syzkaller0: entered allmulticast mode
[  418.074239][ T9839] tipc: Started in network mode
[  418.103882][ T9839] tipc: Node identity 6640f75112f1, cluster identity 4711
[  418.138010][ T9839] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  418.331742][ T9837] tipc: Resetting bearer <eth:syzkaller0>
[  418.347650][ T9837] tipc: Disabling bearer <eth:syzkaller0>
[  419.334464][   T30] audit: type=1400 audit(2000000108.968:727): avc:  denied  { mount } for  pid=9847 comm="syz.1.958" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  419.374786][ T9856] hsr0: entered allmulticast mode
[  419.380471][ T9856] hsr_slave_0: entered allmulticast mode
[  419.386401][ T9856] hsr_slave_1: entered allmulticast mode
[  419.404469][ T9856] hsr_slave_0: left promiscuous mode
[  419.415842][ T9856] hsr_slave_1: left promiscuous mode
[  419.467823][ T9856] hsr0 (unregistering): left allmulticast mode
[  419.771387][ T9864] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5)
[  419.778317][ T9864] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  419.790386][ T9864] vhci_hcd vhci_hcd.0: Device attached
[  419.836166][   T30] audit: type=1400 audit(2000000109.529:728): avc:  denied  { map } for  pid=9845 comm="syz.2.957" path="/dev/comedi4" dev="devtmpfs" ino=1280 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  420.047397][ T9865] vhci_hcd: connection closed
[  420.054055][ T4224] vhci_hcd vhci_hcd.2: stop threads
[  420.066837][   T30] audit: type=1400 audit(2000000109.754:729): avc:  denied  { unmount } for  pid=5818 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  420.104986][ T6198] usb 37-1: new high-speed USB device number 2 using vhci_hcd
[  420.113220][ T4224] vhci_hcd vhci_hcd.2: release socket
[  420.141863][ T4224] vhci_hcd vhci_hcd.2: disconnect device
[  422.332769][ T9901] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2560 sclass=netlink_route_socket pid=9901 comm=syz.4.967
[  422.346414][ T9901] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2565 sclass=netlink_route_socket pid=9901 comm=syz.4.967
[  422.359192][ T9901] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2574 sclass=netlink_route_socket pid=9901 comm=syz.4.967
[  422.372015][ T9901] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2568 sclass=netlink_route_socket pid=9901 comm=syz.4.967
[  422.416153][   T30] audit: type=1400 audit(2000000111.943:730): avc:  denied  { connect } for  pid=9885 comm="syz.4.967" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  422.464538][ T9899] netlink: 269 bytes leftover after parsing attributes in process `syz.1.970'.
[  422.486095][ T9899] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT
[  422.508459][   T30] audit: type=1400 audit(2000000111.971:731): avc:  denied  { connect } for  pid=9885 comm="syz.4.967" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  422.584671][   T30] audit: type=1400 audit(2000000111.980:732): avc:  denied  { create } for  pid=9896 comm="syz.1.970" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  422.605872][ T5933] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  422.669480][   T30] audit: type=1400 audit(2000000111.980:733): avc:  denied  { ioctl } for  pid=9896 comm="syz.1.970" path="socket:[25637]" dev="sockfs" ino=25637 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  422.764878][   T30] audit: type=1400 audit(2000000111.989:734): avc:  denied  { read } for  pid=9896 comm="syz.1.970" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  422.770036][ T9907] fuse: Bad value for 'fd'
[  422.824187][ T5933] usb 1-1: config 1 has an invalid interface number: 81 but max is 0
[  422.873040][ T5933] usb 1-1: config 1 has no interface number 0
[  422.897601][ T5933] usb 1-1: New USB device found, idVendor=0b48, idProduct=2003, bcdDevice=78.61
[  422.936717][ T5933] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  422.962177][ T5933] usb 1-1: Product: syz
[  422.973011][ T5933] usb 1-1: Manufacturer: syz
[  422.993494][ T5933] usb 1-1: SerialNumber: syz
[  423.025481][ T5933] ttusbir 1-1:1.81: cannot find expected altsetting
[  423.695673][ T9918] FAULT_INJECTION: forcing a failure.
[  423.695673][ T9918] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  423.708911][ T9918] CPU: 0 UID: 0 PID: 9918 Comm: syz.0.969 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  423.708938][ T9918] Tainted: [L]=SOFTLOCKUP
[  423.708942][ T9918] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  423.708950][ T9918] Call Trace:
[  423.708956][ T9918]  <TASK>
[  423.708962][ T9918]  dump_stack_lvl+0x16c/0x1f0
[  423.708985][ T9918]  should_fail_ex+0x512/0x640
[  423.709022][ T9918]  _copy_from_iter+0x2a4/0x16c0
[  423.709043][ T9918]  ? __alloc_skb+0x220/0x410
[  423.709063][ T9918]  ? __alloc_skb+0x35d/0x410
[  423.709080][ T9918]  ? __pfx__copy_from_iter+0x10/0x10
[  423.709102][ T9918]  netlink_sendmsg+0x820/0xdd0
[  423.709120][ T9918]  ? __pfx_netlink_sendmsg+0x10/0x10
[  423.709139][ T9918]  ____sys_sendmsg+0xa5d/0xc30
[  423.709156][ T9918]  ? copy_msghdr_from_user+0x10a/0x160
[  423.709167][ T9918]  ? __pfx_____sys_sendmsg+0x10/0x10
[  423.709184][ T9918]  ? find_held_lock+0x2b/0x80
[  423.709206][ T9918]  ___sys_sendmsg+0x134/0x1d0
[  423.709218][ T9918]  ? __pfx____sys_sendmsg+0x10/0x10
[  423.709246][ T9918]  __sys_sendmsg+0x16d/0x220
[  423.709257][ T9918]  ? __pfx___sys_sendmsg+0x10/0x10
[  423.709267][ T9918]  ? vfs_write+0x454/0x11d0
[  423.709291][ T9918]  do_syscall_64+0xcd/0xf80
[  423.709308][ T9918]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  423.709323][ T9918] RIP: 0033:0x7fce4bd8f749
[  423.709333][ T9918] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  423.709345][ T9918] RSP: 002b:00007fce4cc57038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  423.709357][ T9918] RAX: ffffffffffffffda RBX: 00007fce4bfe6090 RCX: 00007fce4bd8f749
[  423.709364][ T9918] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000007
[  423.709371][ T9918] RBP: 00007fce4cc57090 R08: 0000000000000000 R09: 0000000000000000
[  423.709377][ T9918] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  423.709383][ T9918] R13: 00007fce4bfe6128 R14: 00007fce4bfe6090 R15: 00007ffe803ae038
[  423.709397][ T9918]  </TASK>
[  424.281792][ T5893] usb 1-1: USB disconnect, device number 16
[  425.225140][ T5900] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  425.444910][ T5900] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  425.457824][ T5900] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  425.468959][ T5900] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  425.480449][ T5900] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  425.491194][ T5900] usb 4-1: SerialNumber: syz
[  425.612930][ T6198] vhci_hcd vhci_hcd.2: vhci_device speed not set
[  427.623895][ T5900] usb 4-1: 0:2 : does not exist
[  427.634126][ T5900] usb 4-1: unit 5: unexpected type 0x0a
[  427.680565][ T9956] netlink: 16 bytes leftover after parsing attributes in process `syz.3.986'.
[  428.408224][ T5900] usb 4-1: USB disconnect, device number 26
[  428.649905][ T5832] udevd[5832]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  428.830149][ T9966] openvswitch: netlink: Missing valid actions attribute.
[  428.848956][ T9966] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  428.969358][ T3458] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  429.079109][   T30] audit: type=1400 audit(2000000118.182:735): avc:  denied  { create } for  pid=9967 comm="syz.2.991" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1
[  429.116572][   T30] audit: type=1400 audit(2000000118.201:736): avc:  denied  { sys_admin } for  pid=9967 comm="syz.2.991" capability=21  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1
[  429.869937][ T9981] blkio.reset_stats is deprecated
[  429.882874][ T9982] fuse: Bad value for 'fd'
[  429.891637][ T9982] netlink: 'syz.1.995': attribute type 5 has an invalid length.
[  431.115713][ T5826] Bluetooth: hci1: unexpected event for opcode 0x0405
[  431.764704][   T30] audit: type=1400 audit(2000000120.689:737): avc:  denied  { getopt } for  pid=9992 comm="syz.2.997" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  431.928813][   T30] audit: type=1326 audit(2000000120.848:738): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10014 comm="syz.4.1003" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0efef8f749 code=0x7ffc0000
[  431.934415][   T30] audit: type=1326 audit(2000000120.848:739): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10014 comm="syz.4.1003" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0efef8f749 code=0x7ffc0000
[  432.084430][   T30] audit: type=1326 audit(2000000120.979:740): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10014 comm="syz.4.1003" exe="/root/syz-executor" sig=0 arch=c000003e syscall=439 compat=0 ip=0x7f0efef8f749 code=0x7ffc0000
[  432.116818][   T30] audit: type=1326 audit(2000000120.988:741): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10014 comm="syz.4.1003" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0efef8f749 code=0x7ffc0000
[  432.753100][   T30] audit: type=1326 audit(2000000121.007:742): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10014 comm="syz.4.1003" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0efef8f749 code=0x7ffc0000
[  432.753152][   T30] audit: type=1326 audit(2000000121.016:743): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10014 comm="syz.4.1003" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f0efef8f749 code=0x7ffc0000
[  432.753193][   T30] audit: type=1326 audit(2000000121.016:744): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10014 comm="syz.4.1003" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0efef8f749 code=0x7ffc0000
[  433.288310][ T5900] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  433.531127][ T5900] usb 4-1: Using ep0 maxpacket: 32
[  433.575493][ T5900] usb 4-1: config 0 has an invalid interface number: 51 but max is 0
[  433.583652][ T5900] usb 4-1: config 0 has no interface number 0
[  433.622220][ T5900] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  433.801379][ T5900] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  434.228461][ T5900] usb 4-1: Product: syz
[  434.341695][ T5900] usb 4-1: Manufacturer: syz
[  434.450869][ T5900] usb 4-1: SerialNumber: syz
[  434.487225][ T5900] usb 4-1: config 0 descriptor??
[  434.519173][ T5900] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  434.683161][T10045] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1012'.
[  434.709282][   T12] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  434.717854][   T12] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  434.747215][ T5900] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  434.750374][ T6198] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  434.781006][   T30] kauditd_printk_skb: 15 callbacks suppressed
[  434.781024][   T30] audit: type=1326 audit(2000000123.514:760): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10042 comm="syz.1.1010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0412d8f749 code=0x7ffc0000
[  434.837358][   T30] audit: type=1326 audit(2000000123.514:761): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10042 comm="syz.1.1010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0412d8f749 code=0x7ffc0000
[  435.183850][   T30] audit: type=1326 audit(2000000123.514:762): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10042 comm="syz.1.1010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=439 compat=0 ip=0x7f0412d8f749 code=0x7ffc0000
[  435.200247][T10052] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  435.222691][   T89] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  435.223362][ T5900] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  435.379743][   T30] audit: type=1326 audit(2000000123.514:763): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10042 comm="syz.1.1010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0412d8f749 code=0x7ffc0000
[  435.403552][   T30] audit: type=1326 audit(2000000123.514:764): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10042 comm="syz.1.1010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0412d8f749 code=0x7ffc0000
[  435.428051][   T30] audit: type=1326 audit(2000000123.542:765): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10042 comm="syz.1.1010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f0412d8f749 code=0x7ffc0000
[  435.457409][T10052] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  435.469280][   T30] audit: type=1326 audit(2000000123.542:766): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10042 comm="syz.1.1010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0412d8f749 code=0x7ffc0000
[  435.609436][   T30] audit: type=1326 audit(2000000123.542:767): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10042 comm="syz.1.1010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0412d8f749 code=0x7ffc0000
[  435.646860][T10052] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1007'.
[  435.683901][T10052] netdevsim netdevsim3 netdevsim0: entered allmulticast mode
[  435.737156][   T30] audit: type=1326 audit(2000000123.561:768): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10042 comm="syz.1.1010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=47 compat=0 ip=0x7f0412d8f749 code=0x7ffc0000
[  435.779281][T10052] kvm: requested 5866 ns i8254 timer period limited to 200000 ns
[  435.852637][   T89] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  435.867814][   T30] audit: type=1326 audit(2000000123.561:769): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10042 comm="syz.1.1010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0412d8f749 code=0x7ffc0000
[  436.956409][ T5900] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[  437.144705][ T5900] usb 5-1: Using ep0 maxpacket: 16
[  437.339419][ T5900] usb 5-1: no configurations
[  437.559746][ T5900] usb 5-1: can't read configurations, error -22
[  437.588100][    C1] usb 4-1: qt2_read_bulk_callback - non-zero urb status: -71
[  437.596095][   T58] usb 4-1: USB disconnect, device number 27
[  437.604222][   T58] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  437.632143][   T58] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  437.659662][   T58] quatech2 4-1:0.51: device disconnected
[  437.753839][ T5900] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  437.926275][ T5900] usb 5-1: Using ep0 maxpacket: 16
[  437.932235][ T5900] usb 5-1: no configurations
[  437.937720][ T5900] usb 5-1: can't read configurations, error -22
[  437.950624][ T5900] usb usb5-port1: attempt power cycle
[  438.331211][ T5900] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  438.368435][ T5900] usb 5-1: Using ep0 maxpacket: 16
[  438.404617][ T5900] usb 5-1: no configurations
[  438.412028][ T5900] usb 5-1: can't read configurations, error -22
[  438.566540][ T5900] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  438.634868][ T5900] usb 5-1: Using ep0 maxpacket: 16
[  438.710365][ T5900] usb 5-1: no configurations
[  438.716850][ T5900] usb 5-1: can't read configurations, error -22
[  438.775251][ T5900] usb usb5-port1: unable to enumerate USB device
[  438.844424][    C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  439.398714][T10109] program syz.3.1033 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  439.433108][T10109] program syz.3.1033 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  439.444420][T10109] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  439.468232][T10109] syz.3.1033 (10109): /proc/10109/oom_adj is deprecated, please use /proc/10109/oom_score_adj instead.
[  439.571175][   T89] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  439.591506][T10109] lo: entered allmulticast mode
[  439.600045][T10109] tunl0: entered allmulticast mode
[  439.607341][T10109] gre0: entered allmulticast mode
[  439.622562][T10109] gretap0: entered allmulticast mode
[  439.630614][T10109] erspan0: entered allmulticast mode
[  439.640846][T10109] ip_vti0: entered allmulticast mode
[  439.655757][T10109] ip6_vti0: entered allmulticast mode
[  439.674183][T10109] sit0: entered allmulticast mode
[  439.747819][   T89] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  439.770000][T10109] ip6tnl0: entered allmulticast mode
[  439.784082][   T89] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  439.815499][T10109] ip6gre0: entered allmulticast mode
[  439.831679][   T89] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  439.867636][T10109] ip6gretap0: entered allmulticast mode
[  439.889065][   T89] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  440.006915][T10109] bridge0: port 2(bridge_slave_1) entered disabled state
[  440.014272][T10109] bridge0: port 1(bridge_slave_0) entered disabled state
[  440.031967][T10109] bridge0: entered allmulticast mode
[  440.039754][T10107] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  440.058549][   T89] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  440.080663][T10109] vcan0: entered allmulticast mode
[  440.099329][T10109] bond_slave_0: left promiscuous mode
[  440.113452][T10109] bond_slave_1: left promiscuous mode
[  440.123017][T10109] team_slave_0: left promiscuous mode
[  440.128542][T10109] team_slave_1: left promiscuous mode
[  440.172160][T10109] batadv0: left promiscuous mode
[  440.181744][T10109] bond0: entered allmulticast mode
[  440.205044][T10109] bond_slave_0: entered allmulticast mode
[  440.211328][T10109] bond_slave_1: entered allmulticast mode
[  440.220623][T10109] team0: entered allmulticast mode
[  440.267120][T10109] team_slave_0: entered allmulticast mode
[  440.296128][T10109] team_slave_1: entered allmulticast mode
[  440.300523][   T89] usb 3-1: USB disconnect, device number 28
[  440.319110][T10109] batadv0: entered allmulticast mode
[  440.569162][T10109] dummy0: entered allmulticast mode
[  440.632384][T10109] nlmon0: entered allmulticast mode
[  440.642359][T10109] caif0: entered allmulticast mode
[  440.648959][T10109] vxcan0: entered allmulticast mode
[  440.663125][T10109] vxcan1: entered allmulticast mode
[  440.692049][T10109] veth0: entered allmulticast mode
[  440.713663][T10109] veth1: entered allmulticast mode
[  440.743584][T10109] wg0: entered allmulticast mode
[  440.751766][T10109] wg1: entered allmulticast mode
[  440.769493][T10109] wg2: entered allmulticast mode
[  440.777270][T10109] veth0_to_bridge: entered allmulticast mode
[  440.816480][T10109] veth1_to_bridge: entered allmulticast mode
[  440.849100][T10109] veth0_to_bond: entered allmulticast mode
[  440.863633][T10109] veth1_to_bond: entered allmulticast mode
[  440.889100][T10109] veth0_to_team: entered allmulticast mode
[  440.910769][T10109] veth1_to_team: entered allmulticast mode
[  440.932676][T10109] veth0_to_batadv: entered allmulticast mode
[  440.951883][T10109] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  440.973992][T10109] batadv_slave_0: entered allmulticast mode
[  440.996580][T10109] veth1_to_batadv: entered allmulticast mode
[  441.018487][T10109] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  441.044457][T10109] batadv_slave_1: entered allmulticast mode
[  441.064796][T10109] xfrm0: entered allmulticast mode
[  441.199872][T10109] veth0_to_hsr: entered allmulticast mode
[  441.221792][T10109] hsr_slave_0: entered allmulticast mode
[  441.720482][T10109] veth1_to_hsr: entered allmulticast mode
[  441.732885][T10109] hsr_slave_1: entered allmulticast mode
[  441.743138][T10109] hsr0: entered allmulticast mode
[  441.753502][T10109] veth1_virt_wifi: entered allmulticast mode
[  441.764907][T10109] veth0_virt_wifi: entered allmulticast mode
[  441.776276][T10109] net veth1_virt_wifi virt_wifi0: entered allmulticast mode
[  441.786554][T10109] veth1_vlan: entered allmulticast mode
[  441.805440][T10109] veth0_vlan: entered allmulticast mode
[  441.844906][T10109] vlan0: entered allmulticast mode
[  441.859332][T10109] vlan1: entered allmulticast mode
[  441.877021][T10109] macvlan0: entered allmulticast mode
[  441.893051][T10109] macvlan1: entered allmulticast mode
[  441.905082][T10109] ipvlan0: entered allmulticast mode
[  441.910725][T10109] ipvlan1: entered allmulticast mode
[  441.928999][T10109] veth1_macvtap: entered allmulticast mode
[  441.942758][T10109] veth0_macvtap: entered allmulticast mode
[  441.966316][T10109] macvtap0: entered allmulticast mode
[  441.981737][T10109] macsec0: entered allmulticast mode
[  441.991769][T10109] geneve0: entered allmulticast mode
[  442.012617][T10109] geneve1: entered allmulticast mode
[  442.038120][T10109] netdevsim netdevsim3 netdevsim1: entered allmulticast mode
[  442.056352][T10109] netdevsim netdevsim3 netdevsim2: entered allmulticast mode
[  442.083024][T10109] netdevsim netdevsim3 netdevsim3: entered allmulticast mode
[  442.103854][T10109] mac80211_hwsim hwsim6 wlan0: entered allmulticast mode
[  442.124148][T10109] mac80211_hwsim hwsim8 wlan1: entered allmulticast mode
[  442.135580][T10109] erspan1: entered allmulticast mode
[  442.143756][T10109] bond1: entered allmulticast mode
[  442.153927][T10109] macvlan2: entered allmulticast mode
[  442.166680][T10109] vlan2: left promiscuous mode
[  442.172320][T10109] macvtap0: left promiscuous mode
[  442.187666][T10109] vlan2: entered allmulticast mode
[  442.199931][T10109] bridge1: entered allmulticast mode
[  442.212695][T10109] mac80211_hwsim hwsim14 wlan2: entered allmulticast mode
[  442.224309][T10109] syztnl0: entered allmulticast mode
[  442.296881][ T3888] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  442.333518][ T3888] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  442.375200][ T3888] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  442.418725][ T3888] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  443.787783][   T30] kauditd_printk_skb: 33 callbacks suppressed
[  443.787804][   T30] audit: type=1326 audit(2000000131.942:803): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10153 comm="syz.3.1043" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa075d8f749 code=0x7ffc0000
[  443.871757][   T30] audit: type=1326 audit(2000000131.952:804): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10153 comm="syz.3.1043" exe="/root/syz-executor" sig=0 arch=c000003e syscall=439 compat=0 ip=0x7fa075d8f749 code=0x7ffc0000
[  443.977668][   T30] audit: type=1326 audit(2000000131.952:805): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10153 comm="syz.3.1043" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa075d8f749 code=0x7ffc0000
[  444.095366][   T30] audit: type=1326 audit(2000000131.952:806): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10153 comm="syz.3.1043" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa075d8f749 code=0x7ffc0000
[  444.138308][   T30] audit: type=1326 audit(2000000131.952:807): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10153 comm="syz.3.1043" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7fa075d8f749 code=0x7ffc0000
[  444.173303][   T30] audit: type=1326 audit(2000000131.952:808): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10153 comm="syz.3.1043" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa075d8f749 code=0x7ffc0000
[  444.201951][   T30] audit: type=1326 audit(2000000131.952:809): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10153 comm="syz.3.1043" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa075d8f749 code=0x7ffc0000
[  444.335876][   T30] audit: type=1326 audit(2000000131.952:810): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10153 comm="syz.3.1043" exe="/root/syz-executor" sig=0 arch=c000003e syscall=47 compat=0 ip=0x7fa075d8f749 code=0x7ffc0000
[  444.367457][   T30] audit: type=1326 audit(2000000131.952:811): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10153 comm="syz.3.1043" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa075d8f749 code=0x7ffc0000
[  444.367617][   T30] audit: type=1326 audit(2000000131.952:812): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10153 comm="syz.3.1043" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa075d8df90 code=0x7ffc0000
[  444.660018][ T5893] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  444.937740][ T5893] usb 5-1: Using ep0 maxpacket: 16
[  444.944848][ T5893] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  445.157026][ T5893] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  445.242486][ T5893] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  445.269796][ T5893] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  445.495585][ T5893] usb 5-1: config 0 descriptor??
[  445.877451][T10188] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=14960 sclass=netlink_route_socket pid=10188 comm=syz.4.1045
[  446.904685][ T6198] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  447.089826][ T6198] usb 2-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[  447.158262][ T6198] usb 2-1: New USB device strings: Mfr=241, Product=2, SerialNumber=3
[  447.167083][ T6198] usb 2-1: Product: syz
[  447.172165][ T6198] usb 2-1: Manufacturer: syz
[  447.177297][ T6198] usb 2-1: SerialNumber: syz
[  447.192587][ T6198] usb 2-1: config 0 descriptor??
[  447.205907][ T6198] ch341 2-1:0.0: ch341-uart converter detected
[  447.567577][    C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  447.783445][ T5893] usbhid 5-1:0.0: can't add hid device: -71
[  447.794176][ T5893] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  447.852090][ T5893] usb 5-1: USB disconnect, device number 26
[  448.168738][T10221] overlayfs: overlapping lowerdir path
[  448.420755][T10201] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  448.442120][T10201] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  448.936892][ T6198] usb 2-1: failed to send control message: -110
[  448.944692][ T6198] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -110
[  448.967873][ T5900] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  449.138898][ T5900] usb 1-1: Using ep0 maxpacket: 8
[  449.154879][ T5900] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  449.171215][ T5900] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  449.203666][ T5900] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  449.235693][ T5900] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  449.268399][ T5900] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  449.299608][ T5900] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  449.570080][ T5900] usb 1-1: GET_CAPABILITIES returned 0
[  449.576113][ T5900] usbtmc 1-1:16.0: can't read capabilities
[  450.068827][    C0] usbtmc 1-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71
[  450.078306][T10241] usbtmc 1-1:16.0: Unable to send data, error -71
[  450.246116][ T6198] usb 2-1: USB disconnect, device number 27
[  450.281670][ T6198] ch341 2-1:0.0: device disconnected
[  452.110633][ T5826] Bluetooth: hci0: command 0x0c1a tx timeout
[  452.179034][   T89] usb 1-1: USB disconnect, device number 17
[  452.678779][T10279] syzkaller0: entered promiscuous mode
[  452.684495][T10279] syzkaller0: entered allmulticast mode
[  452.760583][   T30] kauditd_printk_skb: 22 callbacks suppressed
[  452.760626][   T30] audit: type=1400 audit(2000000140.324:835): avc:  denied  { append } for  pid=10281 comm="syz.1.1072" name="card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  452.809366][T10284] binder: Bad value for 'max'
[  453.689693][   T30] audit: type=1400 audit(2000000141.203:836): avc:  denied  { append } for  pid=10265 comm="syz.0.1069" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  454.036321][   T30] audit: type=1400 audit(2000000141.502:837): avc:  denied  { remount } for  pid=10291 comm="syz.2.1075" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:rpc_pipefs_t tclass=filesystem permissive=1
[  454.313027][   T89] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  454.613669][   T89] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  454.624034][   T89] usb 4-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  454.689522][   T89] usb 4-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0
[  454.796960][   T89] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  454.810249][   T89] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  454.826078][   T89] usb 4-1: Product: syz
[  454.832940][   T89] usb 4-1: Manufacturer: syz
[  454.839841][   T89] usb 4-1: SerialNumber: syz
[  454.986496][ T5880] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  454.997564][T10314] tmpfs: Unknown parameter 'usrquota_inodeâÚ«¤Ø؃$it'
[  455.073634][T10279] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  455.092971][T10279] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  455.117274][   T89] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -22
[  455.141823][   T89] usb 4-1: USB disconnect, device number 28
[  455.168318][ T5880] usb 1-1: Using ep0 maxpacket: 8
[  455.181236][ T5880] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  455.200576][ T5880] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  455.215738][ T5880] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  455.227357][ T5880] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  455.242899][ T5880] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  455.270324][ T5880] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  455.484510][T10319] infiniband syz1: set active
[  455.489358][T10319] infiniband syz1: added syz_tun
[  455.528204][T10319] RDS/IB: syz1: added
[  455.532455][T10319] smc: adding ib device syz1 with port count 1
[  455.538655][T10319] smc:    ib device syz1 port 1 has no pnetid
[  455.582472][ T5880] usb 1-1: GET_CAPABILITIES returned 0
[  455.588386][ T5880] usbtmc 1-1:16.0: can't read capabilities
[  455.638928][   T89] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  455.970102][   T89] usb 4-1: Using ep0 maxpacket: 8
[  455.982508][   T89] usb 4-1: config index 0 descriptor too short (expected 301, got 72)
[  456.281428][   T89] usb 4-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  456.398856][   T89] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  456.433704][   T89] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  456.482055][   T89] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  456.494723][   T89] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  456.506290][   T89] usb 4-1: config 16 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  456.947693][   T89] usb 4-1: config 16 interface 0 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[  456.962422][   T89] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  456.973548][   T89] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  457.017416][   T89] usb 4-1: can't set config #16, error -71
[  457.059526][   T89] usb 4-1: USB disconnect, device number 29
[  457.972770][   T58] usb 1-1: USB disconnect, device number 18
[  458.022700][   T89] usb 3-1: new full-speed USB device number 29 using dummy_hcd
[  458.615712][   T89] usb 3-1: device descriptor read/64, error -71
[  458.739082][   T30] audit: type=1400 audit(2000000145.927:838): avc:  denied  { getopt } for  pid=10358 comm="syz.3.1093" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  458.763256][T10359] IPVS: length: 218 != 24
[  458.864871][T10361] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1094'.
[  458.920458][   T89] usb 3-1: new full-speed USB device number 30 using dummy_hcd
[  459.062645][   T89] usb 3-1: device descriptor read/64, error -71
[  459.188091][   T89] usb usb3-port1: attempt power cycle
[  459.494092][   T30] audit: type=1400 audit(2000000146.628:839): avc:  denied  { getopt } for  pid=10370 comm="syz.0.1098" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  459.926449][T10371] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1098'.
[  459.991060][   T89] usb 3-1: new full-speed USB device number 31 using dummy_hcd
[  460.022364][   T89] usb 3-1: device descriptor read/8, error -71
[  460.279460][   T89] usb 3-1: new full-speed USB device number 32 using dummy_hcd
[  460.590699][   T89] usb 3-1: device descriptor read/8, error -71
[  460.704624][   T30] audit: type=1400 audit(2000000147.760:840): avc:  denied  { sys_module } for  pid=10383 comm="syz.4.1101" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  460.706844][   T89] usb usb3-port1: unable to enumerate USB device
[  460.756506][T10386] netlink: 100 bytes leftover after parsing attributes in process `syz.4.1101'.
[  461.532292][T10391] netlink: 100 bytes leftover after parsing attributes in process `syz.1.1103'.
[  461.646208][T10404] Bluetooth: MGMT ver 1.23
[  462.200546][   T30] audit: type=1400 audit(2000000149.163:841): avc:  denied  { read } for  pid=10400 comm="syz.4.1105" dev="sockfs" ino=27699 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  462.357230][ T3646] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  462.457909][T10419] FAULT_INJECTION: forcing a failure.
[  462.457909][T10419] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  462.485125][T10419] CPU: 0 UID: 0 PID: 10419 Comm: syz.2.1109 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  462.485157][T10419] Tainted: [L]=SOFTLOCKUP
[  462.485163][T10419] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  462.485175][T10419] Call Trace:
[  462.485181][T10419]  <TASK>
[  462.485190][T10419]  dump_stack_lvl+0x16c/0x1f0
[  462.485227][T10419]  should_fail_ex+0x512/0x640
[  462.485264][T10419]  _copy_from_user+0x2e/0xd0
[  462.485293][T10419]  ax25_rt_ioctl+0x394/0x1190
[  462.485323][T10419]  ? __pfx_ax25_rt_ioctl+0x10/0x10
[  462.485359][T10419]  ? bpf_lsm_capable+0x9/0x10
[  462.485384][T10419]  ? security_capable+0x7e/0x260
[  462.485409][T10419]  ax25_ioctl+0x970/0xb20
[  462.485426][T10419]  ? __pfx_ax25_ioctl+0x10/0x10
[  462.485443][T10419]  ? find_held_lock+0x2b/0x80
[  462.485479][T10419]  ? tomoyo_path_number_perm+0x18d/0x580
[  462.485508][T10419]  sock_do_ioctl+0x118/0x280
[  462.485537][T10419]  ? __pfx_sock_do_ioctl+0x10/0x10
[  462.485565][T10419]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  462.485588][T10419]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  462.485620][T10419]  sock_ioctl+0x227/0x6b0
[  462.485645][T10419]  ? __pfx_sock_ioctl+0x10/0x10
[  462.485667][T10419]  ? hook_file_ioctl_common+0x144/0x410
[  462.485701][T10419]  ? selinux_file_ioctl+0x180/0x270
[  462.485736][T10419]  ? selinux_file_ioctl+0xb4/0x270
[  462.485761][T10419]  ? __pfx_sock_ioctl+0x10/0x10
[  462.485786][T10419]  __x64_sys_ioctl+0x18e/0x210
[  462.485809][T10419]  do_syscall_64+0xcd/0xf80
[  462.485835][T10419]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  462.485855][T10419] RIP: 0033:0x7fb19a38f749
[  462.485871][T10419] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  462.485890][T10419] RSP: 002b:00007fb19b1c9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  462.485908][T10419] RAX: ffffffffffffffda RBX: 00007fb19a5e5fa0 RCX: 00007fb19a38f749
[  462.485919][T10419] RDX: 00002000000003c0 RSI: 000000000000890b RDI: 000000000000000a
[  462.485937][T10419] RBP: 00007fb19b1c9090 R08: 0000000000000000 R09: 0000000000000000
[  462.485947][T10419] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  462.485957][T10419] R13: 00007fb19a5e6038 R14: 00007fb19a5e5fa0 R15: 00007ffef7774538
[  462.485981][T10419]  </TASK>
[  462.781599][T10421] netlink: 212328 bytes leftover after parsing attributes in process `syz.1.1110'.
[  462.792112][T10421] netlink: Unknown conntrack attr (type=2304, max=9)
[  462.917734][T10424] 9pnet: p9_errstr2errno: server reported unknown error 0x00000000
[  462.923184][T10426] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1111'.
[  463.090617][ T5893] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[  463.303653][ T5893] usb 2-1: Using ep0 maxpacket: 16
[  463.322971][ T5893] usb 2-1: config 254 has an invalid interface number: 235 but max is 0
[  463.342265][ T5893] usb 2-1: config 254 has no interface number 0
[  463.353070][ T5893] usb 2-1: config 254 interface 235 altsetting 2 bulk endpoint 0x6 has invalid maxpacket 32
[  463.842596][ T5893] usb 2-1: config 254 interface 235 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0
[  463.854061][ T5893] usb 2-1: config 254 interface 235 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 0
[  463.864351][ T5893] usb 2-1: config 254 interface 235 has no altsetting 0
[  463.987944][    C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  464.039251][ T5893] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a0, bcdDevice=2b.f1
[  464.048576][ T5893] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=5
[  464.056780][ T5893] usb 2-1: Product: syz
[  464.060941][ T5893] usb 2-1: Manufacturer: syz
[  464.068262][ T5893] usb 2-1: SerialNumber: syz
[  464.085138][T10422] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  464.127992][T10440] netlink: 100 bytes leftover after parsing attributes in process `syz.0.1115'.
[  464.368857][ T5893] usbtest 2-1:254.235: couldn't get endpoints, -71
[  464.376103][ T5893] usbtest 2-1:254.235: probe with driver usbtest failed with error -71
[  464.392471][ T5893] usb 2-1: USB disconnect, device number 28
[  465.265395][T10430] program syz.3.1113 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  465.692169][T10458] sctp: [Deprecated]: syz.1.1120 (pid 10458) Use of struct sctp_assoc_value in delayed_ack socket option.
[  465.692169][T10458] Use struct sctp_sack_info instead
[  465.758971][T10461] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=57 sclass=netlink_route_socket pid=10461 comm=syz.2.1122
[  465.794371][ T5893] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  466.045198][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[  466.052148][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[  466.084525][ T5893] usb 4-1: unable to get BOS descriptor or descriptor too short
[  466.115586][ T5893] usb 4-1: config 1 has an invalid interface number: 193 but max is 1
[  466.157779][ T5893] usb 4-1: config 1 has no interface number 1
[  466.184984][ T5893] usb 4-1: config 1 interface 0 altsetting 247 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  466.508590][ T5893] usb 4-1: config 1 interface 0 has no altsetting 0
[  466.543049][ T5893] usb 4-1: New USB device found, idVendor=2040, idProduct=b990, bcdDevice=f6.75
[  466.584107][ T5893] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  466.598642][ T5893] usb 4-1: Product: syz
[  466.612513][ T5893] usb 4-1: Manufacturer: syz
[  466.643199][ T5893] usb 4-1: SerialNumber: syz
[  466.711946][ T5893] usb 4-1: can't set config #1, error -71
[  466.742614][ T5893] usb 4-1: USB disconnect, device number 30
[  466.811359][T10477] netlink: 'syz.1.1126': attribute type 2 has an invalid length.
[  466.853159][T10477] : entered promiscuous mode
[  467.115838][   T30] audit: type=1400 audit(2000000153.756:842): avc:  denied  { set_context_mgr } for  pid=10484 comm="syz.2.1130" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  467.218367][T10483] ipvlan1: left allmulticast mode
[  468.184684][T10492] tmpfs: Bad value for 'usrquota_inode_hardlimit'
[  468.220124][   T30] audit: type=1400 audit(2000000154.785:843): avc:  denied  { mount } for  pid=10487 comm="syz.3.1131" name="/" dev="autofs" ino=27885 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1
[  468.243688][T10493] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  468.263595][T10493] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type
[  468.273954][T10493] overlayfs: failed to look up (tracing) for ino (-66)
[  468.392158][   T30] audit: type=1326 audit(2000000154.898:844): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10488 comm="syz.4.1121" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0efef8f749 code=0x7ffc0000
[  468.649224][   T30] audit: type=1326 audit(2000000154.898:845): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10488 comm="syz.4.1121" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0efef8f749 code=0x7ffc0000
[  468.880021][   T30] audit: type=1326 audit(2000000154.907:846): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10488 comm="syz.4.1121" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f0efef8f749 code=0x7ffc0000
[  469.785889][   T30] audit: type=1326 audit(2000000154.907:847): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10488 comm="syz.4.1121" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0efef8f749 code=0x7ffc0000
[  469.931716][   T30] audit: type=1326 audit(2000000154.907:848): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10488 comm="syz.4.1121" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0efef8f749 code=0x7ffc0000
[  469.981290][T10511] usb usb8: usbfs: process 10511 (syz.3.1137) did not claim interface 0 before use
[  470.007829][T10512] wireguard0: entered promiscuous mode
[  470.092280][   T30] audit: type=1326 audit(2000000154.907:849): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10488 comm="syz.4.1121" exe="/root/syz-executor" sig=0 arch=c000003e syscall=47 compat=0 ip=0x7f0efef8f749 code=0x7ffc0000
[  470.129713][   T30] audit: type=1326 audit(2000000154.907:850): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10488 comm="syz.4.1121" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0efef8f749 code=0x7ffc0000
[  470.171953][   T30] audit: type=1326 audit(2000000154.907:851): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10488 comm="syz.4.1121" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0efef8f749 code=0x7ffc0000
[  470.672216][ T5826] Bluetooth: hci0: Malformed LE Event: 0x0d
[  471.512874][   T89] syz1: Port: 1 Link DOWN
[  471.513082][ T6044] smc: removing ib device syz1
[  471.531899][T10539] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  471.564002][T10539] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  471.770420][   T58] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  471.962595][   T58] usb 1-1: Using ep0 maxpacket: 8
[  471.997103][   T58] usb 1-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  472.025591][   T58] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  472.265235][   T58] usb 1-1: Product: syz
[  472.273616][   T58] usb 1-1: Manufacturer: syz
[  472.278652][   T58] usb 1-1: SerialNumber: syz
[  472.292021][   T58] usb 1-1: config 0 descriptor??
[  472.311019][   T58] gspca_main: se401-2.14.0 probing 047d:5003
[  472.390539][   T89] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[  472.517670][ T6044] ------------[ cut here ]------------
[  472.523613][ T6044] GID entry ref leak for dev syz1 index 2 ref=1
[  472.530262][ T6044] WARNING: drivers/infiniband/core/cache.c:806 at gid_table_release_one+0x1ad/0x450, CPU#1: kworker/u8:20/6044
[  472.542703][ T6044] Modules linked in:
[  472.547623][ T6044] CPU: 1 UID: 0 PID: 6044 Comm: kworker/u8:20 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  472.559116][ T6044] Tainted: [L]=SOFTLOCKUP
[  472.563856][ T6044] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  472.571911][   T89] usb 3-1: Using ep0 maxpacket: 8
[  472.574256][ T6044] Workqueue: ib-unreg-wq ib_unregister_work
[  472.585505][ T6044] RIP: 0010:gid_table_release_one+0x1b6/0x450
[  472.591595][ T6044] Code: 4c 24 38 48 c1 e8 03 4d 01 fc 48 89 44 24 08 eb 54 48 89 34 24 e8 aa 67 4d f9 48 8d 3d 53 af 23 08 48 8b 34 24 89 e9 44 89 f2 <67> 48 0f b9 3a e8 90 67 4d f9 48 89 d8 41 83 c6 01 48 c1 e8 03 42
[  472.611765][ T6044] RSP: 0018:ffffc900049dfac8 EFLAGS: 00010293
[  472.618321][ T6044] RAX: 0000000000000000 RBX: ffff888074924c00 RCX: 0000000000000001
[  472.626880][ T6044] RDX: 0000000000000002 RSI: ffff8880356cb6c0 RDI: ffffffff90952e20
[  472.635489][ T6044] RBP: 0000000000000001 R08: 0000000000000000 R09: ffffed10286efea0
[  472.644087][ T6044] R10: ffff88814377f503 R11: ffffffff812ba1ca R12: ffffed100e92499b
[  472.652955][ T6044] R13: ffff888034e4c000 R14: 0000000000000002 R15: dffffc0000000000
[  472.661534][ T6044] FS:  0000000000000000(0000) GS:ffff8881249f5000(0000) knlGS:0000000000000000
[  472.670849][ T6044] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  472.677457][ T6044] CR2: 00002000000bd038 CR3: 00000000202b0000 CR4: 00000000003526f0
[  472.685887][ T6044] Call Trace:
[  472.689555][ T6044]  <TASK>
[  472.692492][ T6044]  ib_device_release+0xef/0x1e0
[  472.697361][ T6044]  ? __pfx_ib_device_release+0x10/0x10
[  472.703279][ T6044]  device_release+0xa4/0x240
[  472.708360][ T6044]  kobject_put+0x1ef/0x6f0
[  472.713079][ T6044]  put_device+0x1f/0x30
[  472.717564][ T6044]  process_one_work+0x9ba/0x1b20
[  472.722881][ T6044]  ? __pfx_process_one_work+0x10/0x10
[  472.728806][ T6044]  ? assign_work+0x1a0/0x250
[  472.733830][ T6044]  worker_thread+0x6c8/0xf10
[  472.738981][ T6044]  ? __kthread_parkme+0x19e/0x250
[  472.744551][ T6044]  ? __pfx_worker_thread+0x10/0x10
[  472.749686][ T6044]  kthread+0x3c5/0x780
[  472.754174][ T6044]  ? __pfx_kthread+0x10/0x10
[  472.759392][ T6044]  ? rcu_is_watching+0x12/0xc0
[  472.764535][ T6044]  ? __pfx_kthread+0x10/0x10
[  472.769144][ T6044]  ret_from_fork+0x983/0xb10
[  472.773749][ T6044]  ? __pfx_ret_from_fork+0x10/0x10
[  472.778073][   T89] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  472.778971][ T6044]  ? __switch_to+0x7af/0x10d0
[  472.793371][   T89] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  472.794658][ T6044]  ? __pfx_kthread+0x10/0x10
[  472.809347][ T6044]  ret_from_fork_asm+0x1a/0x30
[  472.814174][ T6044]  </TASK>
[  472.817193][ T6044] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  472.824568][ T6044] CPU: 1 UID: 0 PID: 6044 Comm: kworker/u8:20 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  472.835693][ T6044] Tainted: [L]=SOFTLOCKUP
[  472.840022][ T6044] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  472.850088][ T6044] Workqueue: ib-unreg-wq ib_unregister_work
[  472.856025][ T6044] Call Trace:
[  472.859330][ T6044]  <TASK>
[  472.862270][ T6044]  dump_stack_lvl+0x3d/0x1f0
[  472.866892][ T6044]  vpanic+0x640/0x6f0
[  472.870881][ T6044]  ? gid_table_release_one+0x1ad/0x450
[  472.876336][ T6044]  panic+0xca/0xd0
[  472.880049][ T6044]  ? __pfx_panic+0x10/0x10
[  472.884456][ T6044]  ? check_panic_on_warn+0x1f/0xb0
[  472.889558][ T6044]  check_panic_on_warn+0xab/0xb0
[  472.894498][ T6044]  __warn+0x108/0x3c0
[  472.898497][ T6044]  __report_bug+0x2a0/0x520
[  472.903013][ T6044]  ? gid_table_release_one+0x1ad/0x450
[  472.908484][ T6044]  ? __pfx___report_bug+0x10/0x10
[  472.913516][ T6044]  report_bug_entry+0xe1/0x290
[  472.918264][ T6044]  ? gid_table_release_one+0x1b6/0x450
[  472.923711][ T6044]  handle_bug+0x18a/0x260
[  472.928033][ T6044]  exc_invalid_op+0x17/0x50
[  472.932526][ T6044]  asm_exc_invalid_op+0x1a/0x20
[  472.937363][ T6044] RIP: 0010:gid_table_release_one+0x1b6/0x450
[  472.943416][ T6044] Code: 4c 24 38 48 c1 e8 03 4d 01 fc 48 89 44 24 08 eb 54 48 89 34 24 e8 aa 67 4d f9 48 8d 3d 53 af 23 08 48 8b 34 24 89 e9 44 89 f2 <67> 48 0f b9 3a e8 90 67 4d f9 48 89 d8 41 83 c6 01 48 c1 e8 03 42
[  472.963009][ T6044] RSP: 0018:ffffc900049dfac8 EFLAGS: 00010293
[  472.969063][ T6044] RAX: 0000000000000000 RBX: ffff888074924c00 RCX: 0000000000000001
[  472.977015][ T6044] RDX: 0000000000000002 RSI: ffff8880356cb6c0 RDI: ffffffff90952e20
[  472.984973][ T6044] RBP: 0000000000000001 R08: 0000000000000000 R09: ffffed10286efea0
[  472.992932][ T6044] R10: ffff88814377f503 R11: ffffffff812ba1ca R12: ffffed100e92499b
[  473.000886][ T6044] R13: ffff888034e4c000 R14: 0000000000000002 R15: dffffc0000000000
[  473.008844][ T6044]  ? ret_from_fork_asm+0x1a/0x30
[  473.013791][ T6044]  ? gid_table_release_one+0x1a6/0x450
[  473.019243][ T6044]  ib_device_release+0xef/0x1e0
[  473.024087][ T6044]  ? __pfx_ib_device_release+0x10/0x10
[  473.029534][ T6044]  device_release+0xa4/0x240
[  473.034113][ T6044]  kobject_put+0x1ef/0x6f0
[  473.038531][ T6044]  put_device+0x1f/0x30
[  473.042673][ T6044]  process_one_work+0x9ba/0x1b20
[  473.047608][ T6044]  ? __pfx_process_one_work+0x10/0x10
[  473.052989][ T6044]  ? assign_work+0x1a0/0x250
[  473.057567][ T6044]  worker_thread+0x6c8/0xf10
[  473.062148][ T6044]  ? __kthread_parkme+0x19e/0x250
[  473.067169][ T6044]  ? __pfx_worker_thread+0x10/0x10
[  473.072266][ T6044]  kthread+0x3c5/0x780
[  473.076325][ T6044]  ? __pfx_kthread+0x10/0x10
[  473.080903][ T6044]  ? rcu_is_watching+0x12/0xc0
[  473.085660][ T6044]  ? __pfx_kthread+0x10/0x10
[  473.090240][ T6044]  ret_from_fork+0x983/0xb10
[  473.094815][ T6044]  ? __pfx_ret_from_fork+0x10/0x10
[  473.099910][ T6044]  ? __switch_to+0x7af/0x10d0
[  473.104576][ T6044]  ? __pfx_kthread+0x10/0x10
[  473.109186][ T6044]  ret_from_fork_asm+0x1a/0x30
[  473.113968][ T6044]  </TASK>
[  473.117272][ T6044] Kernel Offset: disabled
[  473.121575][ T6044] Rebooting in 86400 seconds..