last executing test programs:

26m46.336586602s ago: executing program 2 (id=1029):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000005c0)=ANY=[@ANYBLOB="1201500000000010d90481a000000000000109022400010000"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
chroot(&(0x7f0000000040)='./cgroup\x00')
syz_usb_control_io$hid(r0, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x22, 0xa, {[@global=@item_4={0x3, 0x1, 0x5, "699ea935"}, @main=@item_4={0x3, 0x0, 0x8, "069011aa"}]}}, 0x0}, 0xfffffffffffffffc)

26m42.377060853s ago: executing program 2 (id=1044):
r0 = socket$nl_route(0x10, 0x3, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1000008, 0x810, 0xffffffffffffffff, 0x0)
r1 = socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x3)
madvise(&(0x7f0000fb8000/0x4000)=nil, 0x4000, 0x13)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x8, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15}, 0x94)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0)
madvise(&(0x7f000083b000/0x1000)=nil, 0x1000, 0x0)
r4 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$MRT6_INIT(r4, 0x29, 0xc8, 0x0, 0x0)
setsockopt$MRT6_ADD_MIF(r1, 0x29, 0xca, &(0x7f0000000040)={0x0, 0x1, 0x0, 0x0, 0x2}, 0xc)
r5 = openat$vnet(0xffffffffffffff9c, &(0x7f00000038c0), 0x2, 0x0)
r6 = socket(0x29, 0x2, 0xff)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r7=>0x0})
setsockopt$MRT6_DEL_MIF(r6, 0x29, 0xcb, &(0x7f0000000240)={0xffffffffffffffff, 0x0, 0x40, r7, 0x7fff}, 0xc)
ioctl$VHOST_SET_OWNER(r5, 0xaf01, 0x0)
r8 = eventfd(0x80000001)
ioctl$VHOST_SET_VRING_KICK(r5, 0x4008af20, &(0x7f0000000040)={0x0, r8})
r9 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x602100, 0x0)
ioctl$FBIOGETCMAP(r9, 0x4604, &(0x7f00000001c0)={0x1, 0x0, 0x0, &(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0]})
ioctl$VHOST_RESET_OWNER(r5, 0xaf02, 0x0)

26m39.41127122s ago: executing program 2 (id=1055):
r0 = socket$alg(0x26, 0x5, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000004c0)="fb", 0x55)
r1 = accept(r0, 0x0, 0x0)
sendmsg$NFNL_MSG_ACCT_GET_CTRZERO(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)={0x14, 0x2, 0x7, 0x201, 0x0, 0x0, {0xa, 0x0, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x819)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e21, @local}, 0x10)
connect$inet(r2, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'lo\x00', <r4=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x40000, 0x25dfdbfb, {0x0, 0x0, 0x0, r4, {0x0, 0xb}, {0xffff, 0xffff}, {0x3, 0xfff3}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x6, 0x6b7, 0x80, 0x0, 0x1, 0x91b1}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000400}, 0x24000000)
sendto$inet(r2, &(0x7f0000000900)="2e552f5d9fd8b0d9627c4980f0d1ea2bf8f617a682acd2841acd878bd68344d4f50f83b0c51fa9135a01c95d4a068ec8b12d01010000a44c4505ba9a36f2cf4cc5e8308126d0a2c3b9d24e57c5011376b6263e2a1258eec1eb72bedea3eb5ccf73eb081b4c6d5faa998d7b795c057dd757d14200a8a6dbb3e59df96b77d16753ac4b32b94ffe6b5ee304d0428eb18056657c8c5c71c632be66cb26fe5c9abec7591ef3cb9b2a1133e9fa9bf0de6c378bed7b51cb8a07c343aabfda193349b91a5dc81a658cb61fbbfa51ef95abe03381ee2cb8d41da19ea8b96ec68ce17cf57da60f1d04acaf34a643db8d2d5ad2991f306b42744347a0c9e1fe2136b2b3da49032d3a57df1e236222cf6d6fe396aff8e5fe7fff5baa88789b783c12045e2c904a5d118369fdddc3e6e2f24bdbb26df92ac9bf4751c897a87c0223888e36ad14ba6e4d879ff464cac6f13a3a543e067d922e99c50f2fc6391e9c1c82b7195005eafdbb3374200c134cbd0f11739e8c19dd07140686242fea48caf3a1a93b86f35d77f258a2c9ce24cf321068551a584262d7a74a344e428c77c8af755e72904b0ca8a0bb359fb0", 0xffffff5d, 0x12, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
recvfrom$inet(r2, &(0x7f0000000080), 0xffffffffffffffa9, 0xc9100120, 0x0, 0x1500)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000000000000000002000000851000000600000018020000", @ANYRES32, @ANYBLOB="00000000000000006600020000000000180000000000000000000000000000009500040000000000360a020000000000180100002020782500000000002020207b1a00fe00000000bfa100000000000007010000f8ffffffb702000008000000b50a00000000000085000000060000009500000000000000"], 0x0, 0x2, 0xde, &(0x7f0000000340)=""/222}, 0x94)
recvmmsg$unix(r1, &(0x7f0000006580), 0x0, 0x40000142, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
ioctl$KVM_GET_CPUID2(0xffffffffffffffff, 0xc008ae91, &(0x7f0000000000))

26m38.334063241s ago: executing program 2 (id=1057):
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000700)='mountinfo\x00')
r1 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040))
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
r4 = openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
move_mount(r3, &(0x7f0000000140)='.\x00', r2, &(0x7f0000000300)='./file0\x00', 0x41)
move_mount(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', r3, &(0x7f0000000100)='./file0\x00', 0x220)

26m38.159131774s ago: executing program 2 (id=1058):
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x8)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
syz_io_uring_setup(0x49a, &(0x7f00000000c0)={0x0, 0x49f0, 0x20, 0x8001, 0x48024e}, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, 0x0, 0x4)
pread64(0xffffffffffffffff, 0x0, 0x0, 0x0)
r4 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x60, 0x1403, 0xc23, 0x70bd2a, 0x25dfdbfb, "", [{{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'virt_wifi0\x00'}}, {{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'vxcan1\x00'}}]}, 0x60}, 0x1, 0x0, 0x0, 0x400c080}, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000380)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0)
utimes(&(0x7f0000000100)='./file0\x00', 0x0)
writev(r0, &(0x7f0000000680)=[{&(0x7f0000000000)="abece2d4d226b486b0a1f9a926c03ad36cb13c094188a732bb73fce5f8dc9af0", 0x20}, {&(0x7f0000000240)="919f8d5bc6d82af9278cf76cbb8e73729643f3fdebd0c73e9618882cad8e0244e349719c0e4c3b5e6d76d3ea4a9c6e7008ed89ea6ff5007161c80b9ee8ddaa905c76ef93dc93e77c1a01a6418ffdd2f58ff0a151571c5b13982d1929ca1ff45ad66681c0698116c352112395456180e7450b32e54810ba1ac949cdb928e2b63233cfd30078848ed30958e2d2e396a1673858", 0x92}, {&(0x7f0000000300)="900a3e8bb88475e76452c3a89000947c727ccf23b02c19c60472da326881b7603f0349c41da8fe68b2a95d4ce55ac51d326eb2c27813e189f3e16a5b950ee7e7f9090138db02dabe29d8d2a13bb0a41b79dd09deac2f3da8fe2d416d8179bd700680954bf641268d635d66a3cd93f806728228478f0fcc0b25a39cc0cf6f784567a6a5e466cc8a3089dfc1bc1a9a4293295a2a1a106df2fb4f2480163cbb97fab5e5c51b9fb1ff8ad292f054790e", 0xae}, {&(0x7f00000003c0)="cc80bb79df7b7188f71af838375da17f333f3f1b5ef328d954f64da2b848f0445e22357995f8d6f01e34e30286c8a89f6c9d8824e4eca10954ceb490efed0c072aba4db754d6fc84e82b3f3c91a33ef52c0bf6c361467043b28316475a0f925ff314ffb10c027746fcc0d54d637c27f908ce9653ea5d7bf9f0c681ab60972ee153d2dc8075849330ac6f6dbe898337e36b9615cb2ba2cb963a138737b3d17c36613d51e93e3ce7fab2b169fe6bb938ca04e0af4cecf6018bea", 0xb9}, {&(0x7f0000000480)="c7e15b2bc70647e69c36be04fe2df8d561734dd3f9f720bb4a9da02c15f40aab2709a36c3773cf2721272ee04d8d84cf54b4fbf4637ad607f341c42203ab30b83664bdbbf0b931ccdcbb41127ac4acc875f312c853bce4130f701bffe4bef222315eea99ebeeceb38df5361cd73fc615e14f6179710cb137be7941478d2c801e61f33e7c89b73af695ecda2bf4c4c4b40151b518a51397f747b14dec18c5bf26b8aba4e536bb08c9b9f1361295099f715bf23dac89be34f40be2", 0xba}, {&(0x7f0000000140)="6641ec11b58d", 0x6}, {&(0x7f0000000540)="2f163a2f68addf39d73cc629e0fb9a7bb592b2a853673124f4fb9293dc1ab64f2cb73364faece42f0d368c62618774edf6d55f26a139be5a426a93e82bb49a2790db66b2fa74661dfeec722721", 0x4d}, {&(0x7f00000005c0)="23efe404e968624b13539b7fa5bc86bb70339cd3918296718a19920f02ac6e6f4ed102e05106b2eec934746f2ed8fe422705449b3ff263712daa75a76a3e513caf72f36a1e9f781d923fc07b6694f09b4bf4df1a96bf9ca48d619b76c6903ecf549a3ebe7e16dd935960577479bba38b1c1e29bac866c7a3693bb55ca92441a457ebf61fbf6c1c483dd2ceed", 0x8c}], 0x8)
r5 = openat$vimc2(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$VIDIOC_CREATE_BUFS(r5, 0xc100565c, &(0x7f0000000040)={0xfffffffc, 0x1003, 0x4, {0x6, @pix_mp={0x12, 0x5be7, 0xb5315258, 0x6, 0xb, [{0x80000004, 0x7}, {0x7ff, 0x5}, {0x10000001, 0x9}, {0x63d, 0x7fd}, {0x1, 0xb}, {0x7, 0x489aa92e}, {0x5}, {0xff, 0x7}], 0x1, 0xc, 0x2, 0x0, 0x3}}, 0xfffffffd})

26m37.414461088s ago: executing program 2 (id=1061):
r0 = inotify_init()
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
openat$vimc2(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r3 = socket(0x1, 0x800, 0x2)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000480)=ANY=[], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r4, 0x0, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a3200000000140000001100"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x5000, 0x1, @remote, 0x5}, 0x1c)
writev(r1, &(0x7f00000000c0), 0x0)
r6 = socket$inet6(0xa, 0x80002, 0x0)
getsockopt$inet_IP_IPSEC_POLICY(r3, 0x0, 0x10, &(0x7f0000000580)={{{@in6, @in6=@loopback}}, {{@in6=@local}, 0x0, @in6=@initdev}}, 0x0)
connect$inet6(r6, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback={0xff00000000000000}, 0x2000400}, 0x1c)
bind$can_raw(0xffffffffffffffff, 0x0, 0x0)
socket$can_raw(0x1d, 0x3, 0x1)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0100000004000000cffd3f00ff07000000000000", @ANYRES32=0x1, @ANYBLOB="00000000000000000100"/20, @ANYRES32=0x0, @ANYRES32], 0x48)
sendmmsg$inet6(r6, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x176}}], 0x400000000000172, 0x4000000)
inotify_add_watch(r0, &(0x7f0000000000)='.\x00', 0x400017e)
unlink(0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0xdafbe5d6891b6e4)

26m37.085293964s ago: executing program 32 (id=1061):
r0 = inotify_init()
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
openat$vimc2(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r3 = socket(0x1, 0x800, 0x2)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000480)=ANY=[], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r4, 0x0, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a3200000000140000001100"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x5000, 0x1, @remote, 0x5}, 0x1c)
writev(r1, &(0x7f00000000c0), 0x0)
r6 = socket$inet6(0xa, 0x80002, 0x0)
getsockopt$inet_IP_IPSEC_POLICY(r3, 0x0, 0x10, &(0x7f0000000580)={{{@in6, @in6=@loopback}}, {{@in6=@local}, 0x0, @in6=@initdev}}, 0x0)
connect$inet6(r6, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback={0xff00000000000000}, 0x2000400}, 0x1c)
bind$can_raw(0xffffffffffffffff, 0x0, 0x0)
socket$can_raw(0x1d, 0x3, 0x1)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0100000004000000cffd3f00ff07000000000000", @ANYRES32=0x1, @ANYBLOB="00000000000000000100"/20, @ANYRES32=0x0, @ANYRES32], 0x48)
sendmmsg$inet6(r6, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x176}}], 0x400000000000172, 0x4000000)
inotify_add_watch(r0, &(0x7f0000000000)='.\x00', 0x400017e)
unlink(0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0xdafbe5d6891b6e4)

9m30.025092679s ago: executing program 4 (id=3690):
r0 = syz_open_dev$video(&(0x7f0000000440), 0x8, 0x0)
ioctl$VIDIOC_S_SELECTION(r0, 0xc040565f, &(0x7f0000000940)={0xa, 0x100, 0x3, {0x8000, 0x1000, 0x4, 0x2}})

9m29.866575138s ago: executing program 4 (id=3692):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4)
setsockopt$inet6_udp_encap(r0, 0x11, 0x68, &(0x7f0000000000)=0x5, 0x4)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='.\x00', 0x0, 0x0)
close(0x3)
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x12)
ioctl$KVM_CAP_MEMORY_FAULT_INFO(r2, 0x4068aea3, &(0x7f0000000000))
r3 = socket$inet6(0xa, 0x1, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_RECVMSG={0xa, 0x34, 0x3, 0xffffffffffffffff, 0x0, &(0x7f00000010c0)={0x0, 0x0, &(0x7f0000000240)=[{0x0}], 0x1}, 0x0, 0x40000000})
r4 = syz_io_uring_setup(0x487, &(0x7f0000000100)={0x0, 0x59c4, 0x800, 0x1000, 0x5cc}, &(0x7f0000000300)=<r5=>0x0, &(0x7f0000000080)=<r6=>0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
io_uring_register$IORING_REGISTER_BUFFERS(r4, 0x0, &(0x7f0000000740)=[{&(0x7f00000003c0)=""/201, 0xc9}], 0x1)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000000200)=[{0x30, 0x4, 0x0, 0x2}]}, 0x8)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_EPOLL_CTL=@add={0x1d, 0x0, 0x0, 0xffffffffffffffff, 0x0, r4})
io_uring_enter(r4, 0x749f, 0x4, 0x0, 0x0, 0xfffffffffffffef5)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, &(0x7f0000000080)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x7, 0x0, 0x2, 0x7, 0x0, 0x800}, 0x20)
r7 = timerfd_create(0x0, 0x0)
ioctl$TFD_IOC_SET_TICKS(r7, 0x40085400, &(0x7f0000000140)=0x61)
socket$netlink(0x10, 0x3, 0xf)
syz_usb_connect(0x2, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="120100006e38f110d00701415cec01020301090224000100000000090423020070400009058a03080004030e09050e03c5fc4cc6e055"], 0x0)
r8 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r1, &(0x7f0000000200)={0xa0000019})
r9 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000005c00)={&(0x7f0000000000)=@newtclass={0x58, 0x28, 0x200, 0x70bd2c, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x4, 0xfff3}, {0xe, 0xb}, {0x2, 0xb}}, [@TCA_RATE={0x6, 0x5, {0x8, 0xc4}}, @tclass_kind_options=@c_red={0x8}, @tclass_kind_options=@c_clsact={0xb}, @TCA_RATE={0x6, 0x5, {0x9, 0xfa}}, @TCA_RATE={0x6, 0x5, {0xb, 0x9}}, @TCA_RATE={0x6, 0x5, {0x9, 0x45}}]}, 0x58}}, 0x0)
r10 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000413f5f201d0650c16fce0102030109021b00010000100009043300011870f500090582020002"], 0x0)
syz_usb_control_io$hid(r10, 0x0, 0x0)
syz_io_uring_setup(0x49e, &(0x7f00000000c0)={0x0, 0x7baf, 0x20000, 0x8000, 0x40024e}, &(0x7f0000000340), &(0x7f0000000040))
syz_usb_ep_write$ath9k_ep1(r10, 0x82, 0xa8, &(0x7f0000000040)=ANY=[@ANYBLOB="6b0ee0b3d41b1b"])

9m26.211774183s ago: executing program 4 (id=3698):
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
setns(r1, 0x24020000)
r2 = syz_clone(0xb21e0000, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = syz_pidfd_open(r2, 0x0)
setns(r3, 0x24020000)
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)={0x0, 0x6, 0xa, 0x0, 0x9})
mount$cgroup(0x0, &(0x7f00000008c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000140)={[{@release_agent={'release_agent', 0x3d, './file0'}}]})

9m25.844803162s ago: executing program 4 (id=3704):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=ANY=[@ANYBLOB="780000000001010400000000141a000002000010240001801400018008000100e000000108000200e00000010c0002800500010000000000240002801400018008000100ac1414aa08000200ac1414bb0c00028005000100000000000800074000000001"], 0x78}}, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/snmp\x00')
pread64(r1, &(0x7f0000000600)=""/92, 0x5c, 0xf7)
r2 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6_vti0\x00', &(0x7f0000000340)={'ip6_vti0\x00', <r3=>0x0, 0x2f, 0x8, 0x3, 0x7, 0x30d3224c896ecf2f, @mcast1, @remote, 0x767, 0x40, 0x4, 0x1}})
sendmsg$WG_CMD_SET_DEVICE(r1, &(0x7f0000000740)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000500)={&(0x7f0000000600)={0x12c, r2, 0x400, 0x70bd2b, 0x25dfdbff, {}, [@WGDEVICE_A_PRIVATE_KEY={0x24, 0x3, @a}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg2\x00'}, @WGDEVICE_A_PEERS={0xb0, 0x8, 0x0, 0x1, [{0x30, 0x0, 0x0, 0x1, [@WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x3259}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "3569f8de427e6ee170b771b9e03aa0b77321b1c9505983e1f118bfdb5eaab871"}]}, {0x54, 0x0, 0x0, 0x1, [@WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x6}, @WGPEER_A_PUBLIC_KEY={0x24}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "42bfeaca09252c40e2de9ea2619739a9b5b427ae847d8ea8f75f3fcb746f4418"}]}, {0x28, 0x0, 0x0, 0x1, [@WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e20, @remote}}, @WGPEER_A_PROTOCOL_VERSION={0x8}]}]}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg1\x00'}, @WGDEVICE_A_IFINDEX={0x8, 0x1, r3}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg2\x00'}]}, 0x12c}, 0x1, 0x0, 0x0, 0x20008800}, 0x45)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_emit_ethernet(0x86, &(0x7f0000000440)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaabb080045fc0078000000000001907864010102ac1414aa05009078e00000e047000000000000007f110002ffffffffac1414aa07030089079de0000001443c00030a01012f00000000ac1e0101000000000000000000000000ac1414aa00000000ac1e0001000000003cdcc39eac14140000000000ac1414aa000000000000"], 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="7000000000010104000000000000000002000006240001801400018008000100e000000108000200ac1414000c00028005000100000000002c0002801400018008000100e000000108000200e00000010c000280050001000000000006000340000000000800074000000000040006"], 0x70}}, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_TIOCINQ(r5, 0x541b, &(0x7f00000000c0))
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000100)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000280)='./file0/file0\x00', &(0x7f00000002c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
mount$bind(&(0x7f0000000180)='./file0/file0\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x2243005, 0x0)
umount2(&(0x7f00000001c0)='./file0\x00', 0x0)
r6 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
syz_usb_connect$rtl8150(0x5, 0x3f, &(0x7f00000003c0)={{0x12, 0x1, 0x110, 0xff, 0xff, 0x0, 0x40, 0xbda, 0x8150, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x18, 0x1, 0x1, 0x5, 0x80, 0x0, "", {{0x9, 0x4, 0x0, 0x7f, 0x3, 0xff, 0x11, 0x1, 0x5, "", {{0x9, 0x5, 0x81, 0x2, 0x40, 0x6, 0x9, 0x4}, {0x9, 0x5, 0x2, 0x2, 0x20, 0x2, 0x57, 0x6e}, {0x9, 0x5, 0x83, 0x3, 0x240, 0x3, 0x82, 0x8}}}}}}]}}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0xc0686611, &(0x7f0000000180)={0x1, 0x2, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

9m20.230381456s ago: executing program 4 (id=3715):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x0, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, 0x0)
r4 = epoll_create(0x7)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f0000000080)={0x10000000})
bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYRESHEX=r1, @ANYRES8=r3, @ANYRES64=r2], 0x48)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="85100000010000009500000000000000"], &(0x7f0000000040)='syzkaller\x00', 0x4, 0xa6, &(0x7f0000000340)=""/166}, 0x94)
getsockopt$inet_IP_IPSEC_POLICY(r5, 0x0, 0x10, 0x0, &(0x7f00000000c0))
r6 = syz_io_uring_setup(0x151, &(0x7f0000000240)={0x0, 0xa9fd}, &(0x7f0000000140)=<r7=>0x0, &(0x7f0000000400))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x40, 0x0, 0x0, 0x4)
io_uring_register$IORING_REGISTER_EVENTFD(r6, 0x4, &(0x7f0000000000), 0x1)
readv(0xffffffffffffffff, 0x0, 0x0)
io_uring_enter(r6, 0x47fa, 0x0, 0x0, 0x0, 0xff0b)
io_setup(0x2278, &(0x7f0000000180))
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000000c0)=@newlink={0x54, 0x10, 0x1, 0x170bd27, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2500}, [@IFLA_GROUP={0x8}, @IFLA_AF_SPEC={0x2c, 0x1a, 0x0, 0x1, [@AF_INET={0x10, 0x2, 0x0, 0x1, {0xc, 0x1, 0x0, 0x1, [{0x8, 0x1d, 0x0, 0x0, 0x10001}]}}, @AF_INET={0x18, 0x2, 0x0, 0x1, {0x14, 0x1, 0x0, 0x1, [{0x68, 0x12, 0x0, 0x0, 0x7}, {0x8, 0x16, 0x0, 0x0, 0x7cc6}]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0xc0}, 0x40)

9m15.973862762s ago: executing program 4 (id=3728):
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x2, 0x4)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000500)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes128\x00'}, 0x27)
accept4(r0, 0x0, 0x0, 0x800)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x16, 0x13, &(0x7f0000000780)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r3, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b800000500000000", &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
fanotify_init(0x20, 0x181000)
openat$comedi(0xffffff9c, &(0x7f0000000100)='/dev/comedi0\x00', 0x101001, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r4 = getpid()
r5 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r5, &(0x7f0000000000)={0x9, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[], 0x10}}, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000240)={@in={{0x2, 0x4e22, @local}}, 0x0, 0x0, 0x17, 0x0, "76f0920800ea3b6747b73ebc6dce57d13516585de1e4d69b3e14dfc55d04ecedf16bf3987c10a810decdd84456613da6aeb323debcc8f4859eda2cccedc51f19cd8013df4729a4ed10eeaf6eff302443"}, 0xd8)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f000003e000/0x3000)=nil, 0x3000, 0x200000f, 0x8031, r1, 0x5c0e000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r8 = socket(0xa, 0x3, 0x4)
setsockopt$MRT6_DEL_MIF(r8, 0x29, 0xc8, 0x0, 0xc000000)
getsockname$packet(0xffffffffffffffff, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000440)=0x14)
r9 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r10 = syz_open_dev$midi(&(0x7f00000001c0), 0x6, 0x42)
ioctl$AUTOFS_IOC_EXPIRE_MULTI(r10, 0x40049366, &(0x7f0000000340)=0x4)
ioctl$sock_bt_hci(r9, 0x800448d2, &(0x7f0000000440))

9m15.329548764s ago: executing program 33 (id=3728):
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x2, 0x4)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000500)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes128\x00'}, 0x27)
accept4(r0, 0x0, 0x0, 0x800)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x16, 0x13, &(0x7f0000000780)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r3, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b800000500000000", &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
fanotify_init(0x20, 0x181000)
openat$comedi(0xffffff9c, &(0x7f0000000100)='/dev/comedi0\x00', 0x101001, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r4 = getpid()
r5 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r5, &(0x7f0000000000)={0x9, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[], 0x10}}, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000240)={@in={{0x2, 0x4e22, @local}}, 0x0, 0x0, 0x17, 0x0, "76f0920800ea3b6747b73ebc6dce57d13516585de1e4d69b3e14dfc55d04ecedf16bf3987c10a810decdd84456613da6aeb323debcc8f4859eda2cccedc51f19cd8013df4729a4ed10eeaf6eff302443"}, 0xd8)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f000003e000/0x3000)=nil, 0x3000, 0x200000f, 0x8031, r1, 0x5c0e000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r8 = socket(0xa, 0x3, 0x4)
setsockopt$MRT6_DEL_MIF(r8, 0x29, 0xc8, 0x0, 0xc000000)
getsockname$packet(0xffffffffffffffff, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000440)=0x14)
r9 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r10 = syz_open_dev$midi(&(0x7f00000001c0), 0x6, 0x42)
ioctl$AUTOFS_IOC_EXPIRE_MULTI(r10, 0x40049366, &(0x7f0000000340)=0x4)
ioctl$sock_bt_hci(r9, 0x800448d2, &(0x7f0000000440))

15.394707981s ago: executing program 6 (id=5628):
r0 = syz_usb_connect(0x5, 0x207, &(0x7f0000009a00)=ANY=[@ANYBLOB="12011003a9372540f30c1010db26010203010902f50101030250070904"], &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0})
syz_usb_disconnect(r0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000001040)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r1, 0x89fc, &(0x7f0000000900)={'bond0\x00', @random="0000330c1100"})
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYRESHEX=r0, @ANYRES32=r1, @ANYRES16=r0, @ANYRESHEX=r0, @ANYRESDEC=r0, @ANYRESDEC=r1], &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0})

13.277705758s ago: executing program 5 (id=5635):
syz_open_dev$sg(&(0x7f0000000040), 0xa, 0x800)
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/crypto\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x400c8c0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001500"], 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
writev(0xffffffffffffffff, &(0x7f00000005c0)=[{&(0x7f0000000480)}], 0x1)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0xc000)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
setitimer(0x0, &(0x7f0000000580)={{0x0, 0x2710}, {0x0, 0x2710}}, 0x0)
r5 = signalfd(0xffffffffffffffff, &(0x7f00000001c0), 0x8)
mkdir(&(0x7f0000000140)='./control\x00', 0x111)
close(r5)
inotify_init1(0x800)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="60000000020601046c0001000000000000000000050005000a000000050001000600000005000400000000000900020073797a300000000014000300686173683a69702c706f72742c697000140007800800084000002f5408000640"], 0x60}}, 0x0)
sendmsg$IPSET_CMD_DESTROY(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="280000000306050000000000000000000200000505000100070000000900020073797a30"], 0x28}, 0x1, 0x0, 0x0, 0x8040}, 0x20008000)
sendfile(r0, r1, 0x0, 0x20000023896)

12.433529222s ago: executing program 5 (id=5637):
syz_open_dev$sg(&(0x7f0000000040), 0xa, 0x800)
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/crypto\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16, @ANYRES16=0x0], 0x6c}}, 0x400c8c0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001500"], 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
writev(0xffffffffffffffff, &(0x7f00000005c0)=[{&(0x7f0000000480)}], 0x1)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0xc000)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
setitimer(0x0, &(0x7f0000000580)={{0x0, 0x2710}, {0x0, 0x2710}}, 0x0)
close(0xffffffffffffffff)
inotify_init1(0x800)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_DESTROY(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="280000000306050000000000000000000200000505000100070000000900020073797a30"], 0x28}, 0x1, 0x0, 0x0, 0x8040}, 0x20008000)
sendfile(r0, r1, 0x0, 0x20000023896)

12.332610395s ago: executing program 6 (id=5638):
r0 = signalfd(0xffffffffffffffff, &(0x7f00000003c0)={[0x2]}, 0x8)
openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_attach_bpf(r1, 0x1, 0x32, 0x0, 0x0)
syz_usb_connect(0x0, 0x3f, 0x0, 0x0)
ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000280)={'\x00', 0x75e, 0x6, 0x7, 0x7b790c9d, 0x100010004, <r2=>0xffffffffffffffff})
sched_setaffinity(r2, 0x8, &(0x7f0000000580)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000000a00)=""/102400, 0x19000)
fsopen(0x0, 0x1)
getrlimit(0x5, &(0x7f0000000340))
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000400)={0x0, &(0x7f0000000140)=[0x0], &(0x7f0000000180)=[0x0], 0x0, 0x0, 0x1, 0x4000000000000291})
ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000000)={0x200401, 0x0, 0x30000, 0xb998, 0x0, "194f2f83c2e798c3584770116cddc8819592b1"})
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xff2e)
ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0xa04c, 0x53b3, 0xfffffffd, 0x8, 0x1b, "53af0f0b4ecf6c29bf81c173f4a8f5f73eb62f"})

10.917336588s ago: executing program 5 (id=5642):
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000000)=0x9, 0x8, 0x2)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0)
ioctl$PPPIOCNEWUNIT(r2, 0xc004743e, &(0x7f0000000140)=0x1)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000680)={'bridge0\x00', <r3=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="5800000055003d07000000000001000007000000", @ANYRES32=r3, @ANYBLOB="20000280", @ANYRES32, @ANYBLOB="0000000000000000000000000a0000000000000000000014200001"], 0x58}}, 0x0)
ioctl$PPPIOCSPASS(r2, 0x40107447, &(0x7f0000000100)={0x2, &(0x7f0000000000)=[{0x40, 0xff, 0xfd, 0x16}, {0x6, 0x60}]})
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
write$FUSE_INIT(r4, &(0x7f0000000040)={0x50, 0x0, 0x0, {0x7, 0x1f, 0x0, 0x34031c42, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}}, 0x50)
ioctl$FIBMAP(0xffffffffffffffff, 0x1, &(0x7f00000000c0)=0x5e6)
write$ppp(r2, &(0x7f0000000340)='\x00G', 0x2)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x3)

10.712202825s ago: executing program 3 (id=5644):
r0 = syz_usb_connect$lan78xx(0x0, 0x3f, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0x424, 0x7850, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d}}]}}, 0x0)
syz_usb_control_io$lan78xx(r0, &(0x7f0000000440)={0x14, &(0x7f0000000240)={0x20, 0x1, 0x4a, {0x4a, 0xc, "ead99f59124972516ce7341622736f2d37fbbdf568e7a96c1a63ca5c8f176fd67b1063517fb4eefea10990f86b52eb80eefac7606f32b20025022a8982938b3b05503ad204f47028"}}, &(0x7f0000000340)={0x0, 0x3, 0x8, @string={0x8, 0x3, "ab392e04c618"}}}, &(0x7f00000008c0)={0x34, &(0x7f0000000480)={0x40, 0x15, 0xd1, "cc803987f849458153c0f79a0b91258353a8e910c35259300566edd022726703e9bc1702eb49b517c3e8713915f95ad69404de932d15f9acfae4563eb0e16ec3b687bbfffd13ece069959d280341cac5d02d8ac35779efe1bc0ef79971f52eeea561f8b7ba64b7125fbeee0172013b6b8edde8d27a3a848d1e8c40e9362d32a7a751750ed469bd22ebfb887e197de6afb3671517c2f0e65696881225528b2b8a0638364e0a131f58349cc63f031775a3969f7893b0013efed2acb145d24c7c33f79a685aa3b641c0b3f50289ae6cca2718"}, &(0x7f0000000580)={0x0, 0xa, 0x1, 0x12}, &(0x7f00000007c0)={0x0, 0x8, 0x1, 0x3}, &(0x7f0000000800)={0xc0, 0xa1, 0x4, 0x2}, &(0x7f0000000840)={0x40, 0xa0, 0x4, 0x3}, &(0x7f0000000880)={0xc0, 0xa2, 0x2f, "7e4215ea2412f7f696f607e4bff04153d4487c88cf250c0502e72c4804521161af5148efe4428b529ffd85fbf6cd3b"}})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_HOPOPTS(r1, 0x29, 0x48, 0x0, 0x8)
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000001140)={0x34, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r3 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r3, 0x0)
writev(r2, &(0x7f0000000100)=[{&(0x7f0000000180)="a1", 0x1}], 0x1)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x74, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
writev(r5, &(0x7f0000000100)=[{&(0x7f0000000300)="644ee8", 0x3}], 0x1)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r6, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000700)=[0x1], 0x0, 0x0, 0x1}}, 0x40)
write$char_usb(r2, &(0x7f00000001c0)="64e9", 0x2)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r4, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000740)=[0x2], 0x0, 0x0, 0x1}}, 0x40)
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0900000005000000080000000f"], 0x50)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e00000004"], 0x48)
bpf$PROG_LOAD(0x2, &(0x7f0000000680)={0x3, 0x3, &(0x7f0000000740)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000640)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a44000000060a0b0400000000000000000200000018000480140001800b000100736f636b65740000040002800900010073797a30000000000900020073797a3200000000140000001100010000000000000000000000000a85c4a840df61ce19fbeb6c47170446fd82928ab6080a4802fb3a715594477873e3eab54c56ea4bf58fbf3d0b474252e0681e"], 0x6c}}, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000003f00)={0x84, &(0x7f0000003b00)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))

10.665504875s ago: executing program 1 (id=5645):
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000080), 0x109282, 0x0)
ioctl$RNDADDTOENTCNT(r0, 0x40045201, 0x0)
socket$inet6_icmp(0xa, 0x2, 0x3a)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x48241, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r3, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r7, 0x4048aecb, &(0x7f0000000340)={0x8, 0x0, [{0x3, 0x9, 0x0, 0x8, 0x240000, 0xfffffffb, 0x1}, {0x40000001, 0x6, 0x6, 0x0, 0x7, 0xfffffffd, 0x7b87a9e3}, {0x6, 0xffffffff, 0x0, 0x337, 0x4, 0x80000001, 0x8}, {0xd, 0xffffffff, 0x7, 0x1008, 0x4, 0x2000110, 0x4}, {0xb, 0x5dd3, 0x6, 0x6, 0x1000e231, 0x1, 0x1ff}, {0x1, 0x4, 0x0, 0x3, 0x6, 0x3, 0x9}, {0x40000001, 0x3, 0x0, 0xb6, 0x9, 0xa, 0x5}, {0xc0000000, 0x7, 0x4, 0x2, 0x0, 0x7c0, 0x800}]})
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
r9 = dup(r8)
mount$bind(0x0, 0x0, 0x0, 0x2102404, 0xfeffffffffffffff)
ioctl$SIOCSIFHWADDR(r9, 0x8914, &(0x7f0000000040)={'rose0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r10, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYBLOB="a00000001800090000000000000000001c140000fe00000100000000840013000000000000000a00000000000000000000000000000000000000030000000000000000000000070000000000000007000000"], 0xa0}}, 0x0)
write$tun(r1, &(0x7f0000000240)=ANY=[@ANYBLOB="7000dadaffffffffffffaaaaaaaaaabb08004500007800004000002f9078e0000001ac1414aa000065580064907802000000010000000300000081c1c4b4ed16025799e3665b04bade0524def2e606baa31ea166548da743000000000000736e812d5317795a7bf1324970f55131f837ca9e7d5f2935fef97a6124e3fff924e7f188f9794879d2c22067"], 0x8a)
r11 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
ioctl(r11, 0x8b1a, &(0x7f0000000040))

8.199426262s ago: executing program 6 (id=5646):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_UPDATE_CONNECT_PARAMS(r0, &(0x7f0000000600)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000005c0)={&(0x7f0000001040)={0x424, r1, 0x0, 0x70bd29, 0x25dfdbfb, {{}, {@val={0x8}, @val={0xc, 0x99, {0x1, 0x10}}}}, [@fils_params=[@NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM={0x6, 0xfb, 0x4a23}, @NL80211_ATTR_FILS_ERP_USERNAME={0xc, 0xf9, "6a3a82451a95fdc2"}, @NL80211_ATTR_FILS_ERP_REALM={0x40, 0xfa, "5f79da7c852edc7523076ad84989bfeca680c9ab408a264e1e547e34184a5ad2a5473099f191c604ed0296e19f8f151af40df91655a019d6981fe05a"}, @NL80211_ATTR_FILS_ERP_RRK={0xff, 0xfc, "1e359d78bf8fd2dbcdef1a62cb4f0042969f170b5b1c6e84b274dd6206d0e4c4fe81e71cc1eb7723ff3648555e27d0172ed27d7755ac62f28eee4b95da3b26e4ff269cc830c56edecedf2a834897824c3b5734b24b27ff468d3b77e635e3779d1525dca4b45011d56eca08b15904e3618cc563347494ff39bb26fc97cf755e300da6155ccae05ea94060d9cb8737d503fed28396828dc1d61205e44c485d156d7ec9a19e67fe6a638872c7115c4923f9988922c5ed526d5d5b7fb0ba4ba66d164cb578ebec62bdb1aaaf1a3551168ab7eef830665d925f753a2398fa274a84ca1a541b3b466e95c52828050cb55cbe336a8f6b8046ed1ff6c7ce5c"}, @NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM={0x6, 0xfb, 0x2}, @NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM={0x6, 0xfb, 0x1b}, @NL80211_ATTR_FILS_ERP_REALM={0xeb, 0xfa, "58ae84c5afc6fbba85bace5a44bc8c4546c9ca8d898df37336ff5861104dbb144a5d23bf31e352770bf0c06bba23d64211597329fc62f5785fdd982ec3a8b69c5538058c5bbcf28fcc6a3948866ec74c2b40fb44db9dce9539e95a33021e88960d20cff6d6d2c23bdfb2c101128f6f5d4784c71049d4b955a964deb096d22435cf5c3f56d24ae05b80051fb5d7574bb33b9567b5019d4913c5385cce8744a51774251c4f25586db119d8dd840ab9c0b5a1242fa861ccbfe1e9e71bb0389dd7abceea414f2d2a70c8f46a2409ecb80293f6a4f1a68ce92544b151a4b0e844115f9a8b08ffc0b435"}], @NL80211_ATTR_IE={0x129, 0x2a, [@tim={0x5, 0xd1, {0x1, 0x4, 0x0, "2a485c7ca57817723db72cc0dbe3fdc4ced18c308810847971614f24f0fc166c95e81e0cbda63ecd08a49f91a93e4cdb4f4a25561283e28c25e4cd65d078765ce7f2920a5782f41a02a8934cf8462e5ce50be05a4bd6555a1b6a7bdf2685d3a747af80f74f7a309c0acd1e318305a558f897f3f50c1b179a0783d830e50de7b2f3e7ba9e371f4e2fe58bc2b0bd6fec6694ca1d25b27564a317886cf02e8cfdfe6294ae433d153048a8b0f9e3ac2049cbc436f2bdef611e0a1ebb3e11cf1df42a3523696387c957b05e464bbddfb2"}}, @peer_mgmt={0x75, 0x6, {0x0, 0x8001, @val=0x57, @void, @void}}, @random_vendor={0xdd, 0x40, "afc798f56b87337c46124ff97fe0316fa446f7a7623d69cc0cfa6bd8ebbdbd8fef2399e8fa072cbfad6889c86e1ab80c495b562e47c753200aacc3f62b69780b"}, @peer_mgmt={0x75, 0x6, {0x0, 0x8, @void, @val=0x42, @void}}]}, @NL80211_ATTR_IE={0x7e, 0x2a, [@link_id={0x65, 0x12, {@from_mac=@device_b, @device_a, @broadcast}}, @ssid={0x0, 0x2, @random="1be0"}, @random_vendor={0xdd, 0x60, "baa655055b102976af376b6bcc9c72d5380eeac2b02ff46cdd6cec9850027bb8c8d6488326085a733dfb06271f41261ce31c94af7e2bc8134e6a665ac4246b2026d9184141cedd600fdab87bb73efaa7704b11d34e1aa3dcb2186c422d6a9bbb"}]}]}, 0x424}, 0x1, 0x0, 0x0, 0x40001}, 0x20040850)
r3 = eventfd2(0x8, 0x2)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000180)={{0x1, 0x1, 0x18, <r4=>r2, {0x7ff}}, './file0\x00'})
r5 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x1)
r6 = bpf$TOKEN_CREATE(0x24, &(0x7f00000001c0), 0x8)
bpf$LINK_DETACH(0x22, &(0x7f0000000180), 0x5f)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
r7 = fsmount(r5, 0x1, 0x80)
fchdir(r7)
r8 = socket$netlink(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_GET_DEV_STATS(r6, 0xc4089434, &(0x7f0000000800)={<r9=>0x0, 0x8000, 0xe984c13d53ef5034, [0x7, 0x8, 0x4, 0x8, 0x3], [0x74, 0x1ae8, 0x7, 0x0, 0x2, 0x4000000000000000, 0x1, 0xc000, 0x9, 0x6, 0x0, 0xfff, 0xffffffff, 0x5, 0x7, 0x7, 0xc, 0x4, 0x3, 0x80000001, 0x3a, 0x6, 0x1, 0x2, 0x41, 0x9, 0x100, 0x3, 0x6, 0x9, 0x6, 0xcbdd, 0x1, 0x3, 0x80, 0x2000000000000000, 0xd, 0x10001, 0x8, 0xa96a, 0x8000000000000001, 0x100000000, 0xff, 0x8000000000000000, 0x9, 0x9, 0x9, 0x5, 0x10, 0x0, 0x3, 0x5, 0x8, 0x9, 0x8, 0x25cd0b85, 0x10001, 0x8, 0x3, 0x0, 0x0, 0x100000000, 0x0, 0x9, 0xe5a2, 0x8001, 0x2, 0x1000, 0x10000, 0xfffffffffffffff7, 0x7, 0x5e, 0x8001, 0x0, 0x7, 0x36, 0x4, 0xae1, 0x541, 0x8, 0xffffffff00000000, 0x5, 0x6755, 0x0, 0x3, 0xffffffffffff0001, 0xd, 0x2, 0x4, 0x2, 0x2, 0xbd1, 0x7ff, 0x0, 0x1, 0x9, 0x9, 0x7fffffffffffffff, 0xce3c0, 0x6, 0x0, 0x7, 0x0, 0x3, 0xffffffffffffff81, 0x8, 0x8000000000000001, 0xf, 0x7, 0x3, 0x3, 0x0, 0x8, 0x1, 0x0, 0x4, 0x4, 0x4, 0x1, 0x6, 0xfff]})
ioctl$BTRFS_IOC_SCRUB(r0, 0xc400941b, &(0x7f0000000c40)={r9, 0x3, 0x21, 0x1})
sendmsg$nl_route_sched(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001640)=@newtaction={0x94, 0x30, 0x1, 0x0, 0x0, {}, [{0x80, 0x1, [@m_mpls={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_MPLS_PARMS={0x1c, 0x2, {{}, 0x4}}]}, {0x4}, {0xc}, {0xc}}}, @m_pedit={0x30, 0x2, 0x0, 0x0, {{0xa}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x94}}, 0x0)
r10 = syz_open_dev$hiddev(&(0x7f00000002c0), 0x74, 0x8187444cd26c42a0)
r11 = syz_open_procfs(0x0, &(0x7f0000000080)='net/anycast6\x00')
preadv(r11, &(0x7f0000000140)=[{&(0x7f00000002c0)=""/31, 0x1f}], 0x1, 0x7ff, 0x4)
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(0xffffffffffffffff, 0xc01864c1, &(0x7f0000000400)={0x0, 0x0, <r12=>0xffffffffffffffff})
io_submit(0x0, 0x4, &(0x7f0000000500)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x3, 0x3, r0, &(0x7f0000000000)="35fb829fa512cf947fe10e", 0xb, 0x1, 0x0, 0x3, r3}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x6, 0xfffb, r4, &(0x7f00000001c0)="8fad1fe83285425582d9285762ec1a67da6d38b7b1b7d472c8e641a94a6b11818be14f63b7acb051cdd5a78ff72b31254678522b7ba53fe8b0703a2b7a7c3f352e3e87fa59b7bd562c2edff358533b2221a419680da450fe7f6f4f7ab8f45afdfbae603cd5f34ca94baebf6a964f119294fc2e1726c7c7af5c771d816fd94db51e5774010772a8eb74d23b94e8b5e1090885c68302b404d0e56c0344b439", 0x9e, 0xfffffffffffffff8, 0x0, 0x2, r7}, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x5, 0x6, r10, &(0x7f0000000300)="3d8edb0dade6e97745165fc8c6f7c40d6dd15e7e39961d3a978e6fd5de4c4a9814744fa614ded7015f5af5142f52eedefa1390f27619f37d4085c3ec2ab22ea538526271c4a64d42ddf180788e8bb7f9c517cfca2b9883b16c0a321c9d053d70564a4c0a7b65108c596b133d780bc1852917b703b5be9f9768d97a809425b0f1d8e124213f7c3b0e71779a39f3e62d62da2afca1efb75513080b5ad20d7c23154907a9456851c80d", 0xa8, 0x0, 0x0, 0x1, r11}, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x5, 0x6, r12, &(0x7f0000000440)="c368cef888ec6a4127652c138c65db7def0cc03a6548cecee6164432c0c23b2288d82aee1adea45961dcfaa1b265379f1858c4fc7d09a887f60f2ce6f8df5aa90a9c0dc128bd57d6d383c180d05ec3", 0x4f, 0x8001, 0x0, 0x2}])
r13 = socket$inet_tcp(0x2, 0x1, 0x0)
r14 = syz_usb_connect$hid(0x0, 0x90, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000000000105804165000000000000109022400010000c04009040000010300000009210900000122a00009058103"], 0x0)
syz_usb_control_io(r14, 0x0, 0x0)
syz_usb_control_io(r14, &(0x7f0000000000)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="0000d2"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io(r14, 0x0, 0x0)
r15 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x80)
ioctl$HIDIOCSUSAGES(r15, 0x501c4814, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r13, 0x8933, &(0x7f0000000580)={'wlan0\x00'})

7.983435342s ago: executing program 1 (id=5647):
syz_usb_connect(0x0, 0x2d, &(0x7f0000000200)=ANY=[@ANYBLOB="120100007516b7108c0d0e008f8e0018030109021b0001000000000904080001030000000905", @ANYBLOB="8fcf"], 0x0)
syz_open_dev$evdev(&(0x7f0000000000), 0x4, 0x20000)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYRES16], 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000380)={0x50, 0x2, 0x6, 0x801, 0xe4340000, 0x0, {0x0, 0x0, 0x8}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x50}, 0x1, 0x0, 0x0, 0x20044000}, 0x8042)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)={0x60, 0x9, 0x6, 0x3, 0x0, 0x0, {0x5}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x38, 0x7, 0x0, 0x1, [@IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e21}, @IPSET_ATTR_PROTO={0x5, 0x7, 0xff}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @private=0xa010101}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}, @IPSET_ATTR_IP2={0xc, 0x14, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x10004893}, 0x80)

7.907472021s ago: executing program 0 (id=5648):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
socket$inet6_tcp(0xa, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2, 0xfffffffffffffffc, 0x0, 0x0, 0x8, 0x0, 0xffffffffffffffc0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x0, 0x0}}, 0x10)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x8a301, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
ioctl$KDGKBDIACR(0xffffffffffffffff, 0x4b4a, 0xffffffffffffffff)
ioctl$TCSETAW(0xffffffffffffffff, 0x5407, &(0x7f00000000c0)={0x101, 0x4, 0x800, 0x3ff, 0x5, "9fb1314a32454691"})
sendmsg$NFT_BATCH(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000780)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_NEWRULE={0x190, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x164, 0x4, 0x0, 0x1, [{0x160, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x150, 0x2, 0x0, 0x1, [@NFTA_MATCH_REV={0x8}, @NFTA_MATCH_NAME={0xb, 0x1, 'policy\x00'}, @NFTA_MATCH_INFO={0x138, 0x3, "ebae551382395afa4d23edfcbe6d55b57cb15e63c15c46395916e2b388abc3d6ce2316334e8278ad51f6d123a616cfb40300005fe6bc6bf402a3f9335458bb7a92f23fc0aa88f2495ff70157ea6b29f7fab11ec362920cab3350208c749f342b38e0df9334cea6fe1e331602beb7094102d5d409992dcd236e3fd742785f97ae9d01b0822c161a491bef0501f8e81ddd66d1b676e8c9f0b2159c2cc0b069669b5af546f644c39bedd627181d27d9c185aae5d910550f08822c6fec60302779b9e812403a2ff826781b4c761bd14eb70100000001000000891afdd05d18b2ffe91f4052766a0b9fe3955bfb1866142e7c1caceb88de7d6e8a5c08ce052bb461f0c7ee914ca5c98c19442d0262a6d04a8e3e29360a9b5871812e08542d54775f5843d70b15871bc247e30d66b8356020c014f50000"}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x20}}, 0x1b8}, 0x1, 0x0, 0x0, 0x8010}, 0x4000800)

6.524178614s ago: executing program 0 (id=5649):
syz_open_dev$sg(0x0, 0xa, 0x800)
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/crypto\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16, @ANYRES16=0x0], 0x6c}}, 0x400c8c0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001500"], 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
writev(0xffffffffffffffff, &(0x7f00000005c0)=[{&(0x7f0000000480)}], 0x1)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0xc000)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
setitimer(0x0, &(0x7f0000000580)={{0x0, 0x2710}, {0x0, 0x2710}}, 0x0)
mkdir(&(0x7f0000000140)='./control\x00', 0x111)
close(0xffffffffffffffff)
inotify_init1(0x800)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="60000000020601046c0001000000000000000000050005000a000000050001000600000005000400000000000900020073797a300000000014000300686173683a69702c706f72742c697000140007800800084000002f5408000640"], 0x60}}, 0x0)
sendmsg$IPSET_CMD_DESTROY(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="280000000306050000000000000000000200000505000100070000000900020073797a30"], 0x28}, 0x1, 0x0, 0x0, 0x8040}, 0x20008000)
sendfile(r0, r1, 0x0, 0x20000023896)

5.628191642s ago: executing program 0 (id=5650):
ioctl$KVM_GET_MSRS_sys(0xffffffffffffffff, 0xc008ae88, 0x0)
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
sendmsg$NL80211_CMD_SET_BSS(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000)
r3 = syz_open_dev$video(0x0, 0xa7, 0x0)
ioctl$VIDIOC_S_FMT(r3, 0xc0d05605, 0x0)
write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24040811}, 0x8410)
fanotify_init(0x40, 0x800)
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x200)
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(0xffffffffffffffff, 0xc0a85320, &(0x7f0000000340)={{0x80, 0xfc}, 'port0\x00', 0x0, 0x60000, 0x0, 0xfffffffb, 0x6, 0xfffffffc, 0x10000000, 0x0, 0x1})
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r5, 0xc0a85352, &(0x7f0000000200)={{0x5, 0x7f}, 'port1\x00', 0x80, 0x14, 0x7ff, 0xfffffeff, 0x0, 0xc, 0x200000, 0x0, 0x4875c99660ff2b2d, 0x9})
ioctl$TCXONC(r1, 0x540a, 0x3)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000740)={0x0, 0x0, 0x35, 0x0, 0x1}, 0x28)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000000)={&(0x7f00002b9000/0x400000)=nil, &(0x7f0000779000/0x1000)=nil, 0x400000, 0x3, 0x2})
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
syz_kvm_setup_syzos_vm$x86(0xffffffffffffffff, &(0x7f00005cf000/0x400000)=nil)
r6 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r6, 0xc4c85513, &(0x7f0000000540)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, [0x7, 0x0, 0xfffffffffffff58f, 0x6c4ba42, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0xfffffffffffffffe, 0x0, 0x9, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0xcd, 0x1, 0x0, 0x0, 0x0, 0x4, 0x3, 0x0, 0xffffffffffffffff, 0x10000000000000, 0x4, 0x3, 0x7fffffffffffffff, 0x2, 0x0, 0x0, 0x0, 0x92c, 0x3, 0x7b, 0x0, 0x0, 0x4, 0x0, 0x0, 0x3, 0x100, 0x4, 0x0, 0x0, 0xfffffffffffffffc, 0x800, 0x3f, 0xfffffffffffffff9, 0x4b00, 0x8000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0xfffffffffffffffd, 0x9, 0x0, 0x3000000000000, 0xfffffffffffffffd, 0x2, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80003, 0x0, 0x0, 0x400000, 0x200, 0x10000000000, 0x40000000000, 0x801, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x20000000000000, 0x0, 0x0, 0x1000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000, 0x6, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x2, 0x0, 0x2, 0x0, 0x1, 0x10, 0x4000100000002]})

5.16854838s ago: executing program 5 (id=5651):
r0 = signalfd(0xffffffffffffffff, &(0x7f00000003c0)={[0x2]}, 0x8)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
socket$packet(0x11, 0x2, 0x300)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_usb_connect(0x0, 0x3f, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0)
ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000280)={'\x00', 0x75e, 0x6, 0x7, 0x7b790c9d, 0x100010004, <r2=>0xffffffffffffffff})
sched_setaffinity(r2, 0x8, &(0x7f0000000580)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000000a00)=""/102400, 0x19000)
getrlimit(0x5, &(0x7f0000000340))
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000400)={0x0, &(0x7f0000000140)=[0x0], &(0x7f0000000180)=[0x0], 0x0, 0x0, 0x1, 0x4000000000000291})
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
ioctl$TCSETS(r4, 0x5402, &(0x7f0000000000)={0x200401, 0x0, 0x30000, 0xb998, 0x0, "194f2f83c2e798c3584770116cddc8819592b1"})
write$binfmt_aout(r4, &(0x7f0000000000)=ANY=[], 0xff2e)
ioctl$TCSETS(r4, 0x5402, &(0x7f0000000100)={0xa04c, 0x53b3, 0xfffffffd, 0x8, 0x1b, "53af0f0b4ecf6c29bf81c173f4a8f5f73eb62f"})

5.111203401s ago: executing program 3 (id=5652):
openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi4\x00', 0x20002, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0))
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000140)=@newlink={0x4c, 0x10, 0x1, 0x70bd2b, 0x4, {0x0, 0x0, 0x0, 0x0, 0x123a4, 0x4484}, [@IFLA_IFNAME={0x14, 0x3, 'veth1_to_hsr\x00'}, @IFLA_VFINFO_LIST={0x18, 0x16, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@IFLA_VF_RATE={0x10, 0x6, {0xffffffff, 0x88, 0x80}}]}]}]}, 0x4c}}, 0x0)
r1 = socket$can_bcm(0x1d, 0x2, 0x2)
fstat(r1, &(0x7f0000000700))
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000300), 0x40a00, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000140)={0xc, 0x0, <r4=>0x0})
ioctl$IOMMU_IOAS_MAP(r3, 0x3b85, &(0x7f0000000100)={0x28, 0x3, r4, 0x0, &(0x7f0000000080)='\x00', 0x1, 0xfffffffffffffffd})
ioctl$IOMMU_IOAS_MAP$PAGES(r3, 0x3b85, &(0x7f0000000040)={0x28, 0x4, r4, 0x0, &(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2})
r5 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000001b80), r2)
sendmsg$IEEE802154_LIST_IFACE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000280)={0x14, r5, 0x50be6fea6f3bdfbb, 0x72bd26, 0x25dfcbff}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), r2)
socket$packet(0x11, 0x3, 0x300)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000000c0), 0x111, 0x6}}, 0x20)
r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000940), 0x2, 0x0)
openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r7, 0xc0505350, &(0x7f0000000700)={{0x0, 0x1}, {0xf, 0x2f}, 0x40, 0x4})
r8 = socket$unix(0x1, 0x2, 0x0)
ppoll(&(0x7f0000000300)=[{r8, 0x6036}], 0x1, 0x0, 0x0, 0xfffffffffffffc92)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300), 0x2, 0x4}}, 0x20)
writev(r6, &(0x7f0000000040)=[{&(0x7f0000000100), 0x86}], 0x2)

4.75414506s ago: executing program 3 (id=5653):
openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
r0 = syz_open_dev$I2C(&(0x7f0000000040), 0x0, 0x80)
ioctl$I2C_PEC(r0, 0x708, 0xb8f7)
ioctl$I2C_SMBUS(r0, 0x720, &(0x7f0000000100)={0x1, 0x4, 0x3, &(0x7f0000000080)={0x10, "14a6c62707dab7299602abd83463604d70b41d4008e300"}})
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)}, {0x0}], 0x2)
symlinkat(&(0x7f0000000080)='.\x00', 0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00')
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(r3, r4, &(0x7f0000fd6000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x4, 0x0, 0x0)
ioctl$KVM_CAP_DISABLE_QUIRKS(r3, 0x4068aea3, &(0x7f0000000040)={0x74, 0x0, 0x54})
ioctl$KVM_SET_CPUID2(r4, 0x4008ae90, &(0x7f0000000240))
ioctl$KVM_RUN(r4, 0xae80, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0x635c, 0x1f480, 0x0, 0x399})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x500, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000006080)=@newtfilter={0x1210, 0x2c, 0xd27, 0x8030bd29, 0x2, {0x0, 0x0, 0x0, 0x0, {0xfff1, 0xa}, {}, {0x9}}, [@filter_kind_options=@f_route={{0xa}, {0x11e0, 0x2, [@TCA_ROUTE4_CLASSID={0x8, 0x1, {0xe, 0x2}}, @TCA_ROUTE4_ACT={0x260, 0x6, [@m_sample={0x90, 0x3, 0x0, 0x0, {{0xb}, {0x64, 0x2, 0x0, 0x1, [@TCA_SAMPLE_RATE={0x8, 0x3, 0x9}, @TCA_SAMPLE_TRUNC_SIZE={0x8, 0x4, 0x5}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x7, 0x7fffffff, 0x0, 0x9, 0x6}}, @TCA_SAMPLE_RATE={0x8, 0x3, 0x76ee3561}, @TCA_SAMPLE_RATE={0x8, 0x3, 0xfffff229}, @TCA_SAMPLE_PSAMPLE_GROUP={0x8, 0x5, 0x37c5}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x3, 0x100, 0x0, 0xc98, 0x3}}, @TCA_SAMPLE_RATE={0x8, 0x3, 0x81}]}, {0x4}, {0xc}, {0xc, 0x8, {0x1, 0x2}}}}, @m_mpls={0x98, 0x11, 0x0, 0x0, {{0x9}, {0x34, 0x2, 0x0, 0x1, [@TCA_MPLS_TTL={0x5, 0x7, 0x1}, @TCA_MPLS_BOS={0x5, 0x8, 0x1}, @TCA_MPLS_LABEL={0x8, 0x5, 0x4684c}, @TCA_MPLS_LABEL={0x8, 0x5, 0x44c42}, @TCA_MPLS_TC={0x5, 0x6, 0x7}, @TCA_MPLS_BOS={0x5, 0x8, 0x1}]}, {0x3a, 0x6, "35009eea5728e1ccc62684cd190ad09e3e022f90412955acd3c0dbd581b8004eaa8180600f4a1565ea8151366e61c730a9c078c241e6"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x3, 0x4}}}}, @m_gact={0x134, 0x6, 0x0, 0x0, {{0x9}, {0x94, 0x2, 0x0, 0x1, [@TCA_GACT_PROB={0xc, 0x3, {0x2, 0xb03, 0x5}}, @TCA_GACT_PROB={0xc, 0x3, {0x1, 0x186}}, @TCA_GACT_PARMS={0x18, 0x2, {0x80000, 0x0, 0x0, 0x0, 0x4}}, @TCA_GACT_PROB={0xc, 0x3, {0x0, 0x237f, 0x7}}, @TCA_GACT_PROB={0xc, 0x3, {0x0, 0x1c73, 0x10000000}}, @TCA_GACT_PARMS={0x18, 0x2, {0x10001, 0x4, 0x8, 0x81, 0xfffffffc}}, @TCA_GACT_PARMS={0x18, 0x2, {0x5, 0x2, 0x10000000, 0x7, 0x1}}, @TCA_GACT_PARMS={0x18, 0x2, {0x7, 0x101, 0x10000000, 0x1f, 0xc6f}}]}, {0x75, 0x6, "2ccc6282bc8bac4447822da0d0531178774955f84bab8b87e551656def4084ba2ddad9a23a23028f3236b0f0b7d5e85b61e9ca14cb39f2b5a8d7e31217917e97b71587a9c53555a9bd7c79a550cf0053b56cb8554eb9da1defa7e337a4db48379019a8e0be89e81bee4e0f87c397b82512"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x0, 0x2}}}}]}, @TCA_ROUTE4_ACT={0xf74, 0x6, [@m_pedit={0xf40, 0x4, 0x0, 0x0, {{0xa}, {0xf14, 0x2, 0x0, 0x1, [@TCA_PEDIT_KEYS_EX={0x90, 0x5, 0x0, 0x1, [{0x34, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x2}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x2}, @TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x5}, @TCA_PEDIT_KEY_EX_HTYPE={0x6}]}, {0xc, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x3}]}, {0x1c, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}]}, {0x14, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6}]}, {0x1c, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x5}, @TCA_PEDIT_KEY_EX_CMD={0x6}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}]}]}, @TCA_PEDIT_PARMS={0xe80, 0x2, {{{0x1000, 0x0, 0x2, 0x2, 0x6}, 0x2, 0x4, [{0x9, 0x6, 0x0, 0x401, 0x401, 0x8000}, {0x8000, 0x1006, 0x800, 0x8, 0x0, 0x5}, {0x5, 0x5, 0xc6d4, 0xf093, 0x200, 0x4}, {0xc0000, 0x1, 0x8, 0x6, 0xdc, 0xd4bb}]}, [{0x80000000, 0x1, 0xe, 0x3, 0x2d9, 0x100}, {0x3da, 0x3, 0x0, 0x3, 0x6, 0x1}, {0x8, 0x50f9, 0x1, 0x7e9, 0xfffffffa, 0x4}, {0x9, 0x80000001, 0x4, 0x3, 0x6, 0xd1}, {0xf15, 0x8, 0x7fdb84d6, 0x4, 0x2, 0x3}, {0x9, 0x2, 0x995, 0x9, 0x2fe8, 0xbe}, {0x3, 0x1d, 0x76e, 0x1, 0x2, 0x3}, {0xffff, 0x6, 0x0, 0xb, 0x7fff, 0x7ff}, {0x2, 0x4, 0xc02, 0x3ff}, {0x4, 0x401, 0x1, 0x3c, 0x5e0}, {0xfffffff7, 0x9, 0x4b37, 0x5, 0x2, 0x784}, {0x4, 0x400, 0x6, 0x24, 0x7, 0xc}, {0xc39, 0x9, 0x94c, 0x4, 0xfffffff8, 0x9}, {0x9, 0x4, 0x91d, 0x2eb, 0xb, 0xff}, {0x5c, 0x8, 0x0, 0x6e46, 0x200, 0x8}, {0xe59b, 0xfff, 0x8, 0xd, 0x1, 0x100}, {0x3, 0xc, 0x401, 0x79, 0x7, 0xffff687e}, {0x9, 0x9, 0xaa, 0x1, 0x3, 0x2}, {0x1, 0xf2, 0xff, 0x1, 0x0, 0x5}, {0x6f7bbc65, 0x6, 0x1000, 0x4, 0x8, 0x6}, {0x0, 0xfffffffc, 0x2a, 0x400, 0x7, 0x1}, {0x3, 0xa26, 0x64, 0x9, 0x9, 0xf}, {0xa976, 0x2ab, 0x8, 0x5, 0x5, 0x8}, {0x8, 0x1, 0x2c000, 0x3, 0x3, 0xa56f}, {0x8, 0xcdd, 0xc223, 0x4, 0x10, 0x8000}, {0x1, 0xc171, 0x1, 0x536, 0x800, 0x1}, {0xffffffff, 0x8, 0x0, 0x7, 0x3, 0xb}, {0x6, 0x0, 0x2, 0xffffff0f, 0x8, 0x2}, {0x9, 0x80000000, 0x9, 0x81, 0x5, 0x10000}, {0xfff, 0x75b7, 0x5, 0x6, 0xffffff5f, 0x4}, {0x5, 0x2, 0x4, 0xa, 0x0, 0x3b}, {0x0, 0x9, 0x9, 0x10, 0x0, 0x1d}, {0x6, 0xb, 0x3, 0x5, 0xfffffffc, 0x9}, {0x5, 0xfffffffc, 0x464e, 0x10, 0x3, 0x401}, {0x7ff, 0x80000000, 0x1000, 0x5, 0x64a, 0x5}, {0x6, 0x6, 0x4, 0x3d3a, 0xffffffff, 0xa}, {0xbcb93609, 0x4, 0x752b, 0xfffffbff, 0x5, 0x31e}, {0x6, 0x8, 0x6, 0xd131, 0x0, 0x1ff}, {0x5, 0x200, 0x7fffffff, 0x9, 0x401, 0xfffffffa}, {0x3, 0x45e0, 0x4d6, 0xf, 0x5, 0x5}, {0x3, 0x6, 0x9, 0x0, 0x40, 0x2}, {0x9, 0xe, 0xac, 0x4, 0x200, 0x4}, {0x6, 0x4ae25296, 0x7fff, 0x8, 0x2, 0x3}, {0x6, 0x4, 0xb7a5, 0x401, 0x0, 0x7}, {0x0, 0xfffffffd, 0x3, 0x4d, 0x4, 0x8}, {0x6, 0xe38c, 0x200, 0xfffffffd, 0x1}, {0x4, 0x86, 0x1000, 0x9, 0xfffffffa, 0x9}, {0x7, 0x0, 0x6, 0x7, 0x4, 0x2}, {0x6, 0x7, 0x8001, 0xc, 0x9, 0x10}, {0x3, 0x1, 0x6, 0x0, 0xf61b, 0x3413}, {0xa5, 0x6, 0xc3, 0xea, 0x5, 0x3}, {0xfffffff7, 0x9, 0x3, 0x4, 0x0, 0x8}, {0x80, 0x800, 0x3b, 0x6, 0x8, 0x6}, {0x2, 0x7, 0x80, 0x3, 0xfffffdc6, 0xc}, {0x5, 0x1, 0x3, 0x2, 0x100, 0x3}, {0xfffffc00, 0x112f, 0x2, 0xfa000000, 0xfffffffd, 0x8}, {0x1, 0x18d21c25, 0xc6, 0x2fc, 0x80, 0xe}, {0x3, 0x1, 0x3, 0x6386, 0x0, 0xff}, {0x1ff, 0x55c1, 0x0, 0x2, 0x0, 0x1}, {0x3, 0x6, 0x6, 0x3, 0x0, 0x3}, {0x63d7, 0x1, 0xcaa, 0x3, 0x7, 0x8}, {0x4, 0x6, 0x1fc0a445, 0xe3e, 0x7, 0x20}, {0x519, 0xe9, 0x5, 0x81, 0x7, 0x3}, {0x9, 0x0, 0x3, 0x5e, 0x5, 0x3}, {0x3793, 0x4, 0x4, 0x8, 0x3, 0x4}, {0x35c6, 0x7, 0x3, 0x4, 0x3, 0x8}, {0x6, 0x9, 0x2, 0xe, 0x1340, 0xc726}, {0xe98, 0x93e, 0x5, 0x9, 0x7, 0xe}, {0x4, 0xa878, 0x1, 0x8, 0x5, 0x1}, {0xfff, 0x4, 0x1, 0x3, 0x4, 0xfffffff8}, {0xfffffffb, 0x80, 0x75, 0x9, 0x9, 0x6}, {0x0, 0xffffffff, 0x3, 0x0, 0x9f, 0xe}, {0xb613, 0x7, 0x8001, 0xd625, 0x0, 0x4}, {0xfffffff9, 0x10000, 0x1, 0xe2, 0x10, 0x9}, {0x7f, 0x7, 0x2, 0x6, 0x1, 0x5}, {0x7fffffff, 0x9, 0x9, 0x72, 0x6, 0x401}, {0x1, 0x8000, 0xa0a, 0x400, 0xfffffff9, 0xc11e}, {0x9, 0x2, 0x40000, 0x101, 0x10000, 0x5}, {0xfffffff8, 0x81, 0x80c1, 0xffff25a7, 0x9, 0x10}, {0x7fff, 0x2, 0x3, 0x9, 0x101, 0x9}, {0xfffffbff, 0x5, 0x6, 0x1, 0x7, 0x6}, {0x5, 0x6, 0x7, 0x3, 0x0, 0xa6c}, {0x200, 0x4, 0x3, 0x10, 0x3, 0xfffffff8}, {0x8, 0x6, 0xedd5, 0x0, 0x10, 0x80000000}, {0x80, 0x9, 0x3, 0x9, 0x3ec1, 0x8}, {0x3, 0x8000, 0x6, 0x101, 0x7d3}, {0x1, 0xfffffffd, 0x2, 0x3, 0x7, 0x2}, {0x10000, 0x8000, 0x5, 0x3, 0x7194, 0x8}, {0x6, 0x3, 0x764fd9bf, 0x66d6, 0x0, 0x7}, {0x8, 0x0, 0x0, 0x101, 0x9, 0x1}, {0x0, 0x41, 0x1f2, 0x100, 0x1, 0x8}, {0x100, 0x6, 0x6, 0x9, 0xfffffffc, 0x8}, {0x9, 0x1, 0x7, 0x4, 0x2000000, 0x2}, {0xb4, 0xfffffffb, 0x13, 0x8, 0x61, 0x94}, {0x0, 0x6, 0x7ff, 0xffffffff, 0x635, 0x5e}, {0x9, 0x1, 0xf, 0x5, 0x4aed91b3, 0xfffffffd}, {0x7ff, 0x2, 0xf8, 0x8, 0xacbc, 0x2}, {0xff, 0x3, 0x1, 0x48000000, 0xa9, 0xcfa6}, {0x4, 0x10000, 0x297, 0x8, 0xf0000000, 0xca}, {0x4, 0x1, 0x7, 0x4, 0x3, 0x7c}, {0xe146, 0x6, 0x5, 0x81, 0xec72}, {0x3, 0x80000000, 0x2, 0x2, 0x8, 0x4}, {0x56, 0x4, 0x80000001, 0x1ca, 0xa8, 0x10000}, {0x8001, 0x7, 0x6, 0xfffffffe, 0x3ff, 0xffff}, {0x5, 0x4, 0x3, 0x5, 0xbc, 0xd951}, {0x40, 0x6, 0x1, 0xfffff3e1, 0x895c, 0x1000}, {0xe, 0x8, 0x400, 0x5, 0x2c00}, {0x1, 0x7fff, 0x95, 0x7, 0x38a}, {0x62686865, 0x5e1, 0x6, 0x0, 0xd309, 0x7}, {0x7a, 0x3, 0x101, 0x3, 0x6, 0x1000}, {0x0, 0x0, 0x6, 0x7, 0x5, 0x4}, {0x1, 0x4, 0x800, 0x9e28, 0x2, 0xffff0000}, {0x7, 0x9, 0x0, 0x6, 0x5, 0x7fff}, {0x7, 0xb, 0x44a42eb6, 0xffffff0d, 0xfffffffc, 0x1}, {0xffff, 0xfffffbff, 0x5, 0x6, 0x5, 0x10100000}, {0x7, 0x8, 0x4, 0xf0e, 0xffff, 0x8}, {0xffffffff, 0x7, 0x2, 0x7, 0x8, 0x8327}, {0x9, 0x4, 0x6, 0x6, 0x3bc, 0x5950ccd}, {0x9, 0x4, 0x9, 0x2, 0x0, 0xdc4}, {0x5, 0x9, 0x6, 0x7, 0x9, 0x2}, {0x1f25, 0xb, 0xffff1d0c, 0x7, 0x2f, 0x1c0000}, {0x80, 0x9, 0xf, 0x9}, {0xe2c, 0x8000, 0x7, 0x2, 0x4, 0x1}, {0x5, 0xccb8, 0x5, 0xb, 0x5, 0x8}, {0x5, 0x4e7, 0x8, 0x6, 0x2, 0x9}, {0x100, 0x3, 0xffffffff, 0x0, 0x5}, {0x6, 0x7, 0x80, 0x6, 0x5, 0x4}, {0x6, 0x8, 0x0, 0x101, 0x2, 0x9}], [{0x5, 0x1}, {0x2, 0x1}, {}, {0x0, 0x1}, {0x5, 0x1}, {0x3, 0x1}, {0x5, 0x1}, {0x5}, {0x5}, {0x5}, {0x0, 0x1}, {0x1, 0x1}, {0x5}, {0x5}, {0x1}, {0x2, 0x1}, {0x2}, {0x0, 0x1}, {0x1}, {0x1}, {0x0, 0x1}, {0x4, 0x1}, {0x0, 0x1}, {0x0, 0x1}, {}, {0x3, 0x1}, {0x5}, {0x2, 0x1}, {0x4}, {0x5}, {0x4, 0x1}, {0x5, 0x1}, {0x4, 0x1}, {}, {0x3}, {0x5, 0x1}, {0x5, 0x1}, {0x2}, {0x4, 0x1}, {0x2}, {}, {0x4, 0x1}, {0x3}, {0x3, 0x1}, {0x3, 0x1}, {0x5, 0x62222125a2c20c84}, {0x4, 0x1}, {}, {0x1}, {0x3, 0x1}, {0x5, 0x1}, {0x2}, {0x3, 0x1}, {0x0, 0x1}, {0x6c295710423417d6}, {0x0, 0x1}, {0x3}, {0x2, 0x1}, {0xa}, {}, {0x2, 0x1}, {0x2, 0x1}, {0x2}, {0x4, 0x1}, {}, {0x5, 0x1}, {0x2}, {0x2, 0x1}, {0x4, 0x1}, {0x0, 0x1}, {0x3, 0x1}, {0x2, 0x1}, {0x0, 0x1}, {0x5}, {0x5}, {0x3}, {0x3, 0x1}, {0x1, 0x1}, {0x5}, {0x4}, {0x1}, {0x4}, {}, {0x4}, {0x5, 0x1}, {0x3}, {0x3, 0x1}, {0x1, 0x1}, {0x4, 0x1}, {0x5}, {}, {0x0, 0x1}, {0x1}, {0x3}, {0x1, 0xa508f9b45da4e087}, {0x0, 0x1}, {0x4}, {0x5, 0x1}, {0x5}, {0x3, 0x1}, {0x3, 0x2}, {0x3, 0x1}, {0x2, 0x1}, {0x1}, {0x5, 0x1}, {0x4, 0x1}, {0x0, 0x1}, {0x2}, {0x4}, {0x0, 0x1}, {}, {0x1}, {0x1}, {0x1, 0x1}, {0x5}, {0x1, 0x1}, {0x5, 0x1}, {0x4}, {0x4}, {0x4}, {0x2, 0x1}, {0x3, 0x1}, {0x0, 0x1}, {}, {0x5}, {0x3}, {}, {0x481deeb6fe26e12c, 0x1}]}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_police={0x30, 0x19, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc, 0x7, {0x1}}, {0xc}}}]}]}}]}, 0x1210}}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000540)='./file7\x00', 0x1c0)
renameat2(0xffffffffffffff9c, &(0x7f0000000780)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file7/file0\x00', 0x0)

4.54686387s ago: executing program 6 (id=5654):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000004600)=""/102400, 0x19000)
ioctl$SNDCTL_SEQ_OUTOFBAND(0xffffffffffffffff, 0x40085112, 0x0)
creat(0x0, 0x350)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040))
r3 = socket$nl_generic(0x10, 0x3, 0x10)
pipe(&(0x7f00000001c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
writev(r5, &(0x7f0000000000)=[{&(0x7f0000000140)="580000001400ad", 0x7}], 0x1)
write$binfmt_elf64(r5, &(0x7f00000000c0)=ANY=[@ANYBLOB="080641663151c9e0ad01"], 0x1c)
r6 = socket$netlink(0x10, 0x3, 0x4)
write$binfmt_misc(r5, &(0x7f0000000100), 0xfef0)
splice(r4, 0x0, r6, 0x0, 0x80000001, 0x0)
r7 = syz_genetlink_get_family_id$devlink(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_GET(r3, &(0x7f00000001c0)={0x0, 0x34, &(0x7f00000003c0)={&(0x7f0000000380)={0x34, r7, 0x301, 0x0, 0x0, {0x34}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}}, 0x0)

4.287276262s ago: executing program 1 (id=5655):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r0, 0x0, 0x80)

4.224238101s ago: executing program 0 (id=5656):
syz_open_dev$sg(&(0x7f0000000040), 0xa, 0x800)
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/crypto\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x6c}}, 0x400c8c0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001500"], 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
writev(0xffffffffffffffff, &(0x7f00000005c0)=[{&(0x7f0000000480)}], 0x1)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0xc000)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
setitimer(0x0, &(0x7f0000000580)={{0x0, 0x2710}, {0x0, 0x2710}}, 0x0)
r5 = signalfd(0xffffffffffffffff, &(0x7f00000001c0), 0x8)
mkdir(&(0x7f0000000140)='./control\x00', 0x111)
close(r5)
inotify_init1(0x800)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="60000000020601046c0001000000000000000000050005000a000000050001000600000005000400000000000900020073797a300000000014000300686173683a69702c706f72742c697000140007800800084000002f5408000640"], 0x60}}, 0x0)
sendmsg$IPSET_CMD_DESTROY(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="280000000306050000000000000000000200000505000100070000000900020073797a30"], 0x28}, 0x1, 0x0, 0x0, 0x8040}, 0x20008000)
sendfile(r0, r1, 0x0, 0x20000023896)

4.219300108s ago: executing program 3 (id=5657):
add_key$fscrypt_provisioning(&(0x7f0000000340), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000480)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x1000430, &(0x7f0000000780)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=0x0, @ANYBLOB=',gr', @ANYBLOB="58e1a192964f91b2b2b082e5b2d36bfb79aa692b33c0fe4f45accc6a979fe95b1d5b4e22a06662895c4d17a476b57a481d5cf05900646a29378be685539c12c562299679a0b283bb57257a03de500c90b4f9", @ANYRES8])
r0 = socket$alg(0x26, 0x5, 0x0)
getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f0000000640)=ANY=[@ANYBLOB="736563757216ae2c697479000000000000000000000000000000000000000000000000040000000d"], 0x0)
bind$alg(r0, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="2c235aa9c5", 0x5)
r1 = accept4(r0, 0x0, 0x0, 0x800)
ioctl$OCFS2_IOC_GROUP_EXTEND(r0, 0x40046f01, &(0x7f00000002c0)=0x7)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r2 = syz_usb_connect(0x0, 0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000371055900090582eb10000000010200090502"], 0x0)
syz_usb_control_io$cdc_ecm(r2, &(0x7f0000000140)={0x14, 0x0, &(0x7f0000000100)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write$ath9k_ep1(r2, 0x82, 0xc38, &(0x7f0000000dc0)=ANY=[])

3.536901857s ago: executing program 1 (id=5658):
r0 = socket(0x2, 0x80805, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
getrandom(0x0, 0x0, 0xd86b31f1268e345c)
r3 = syz_open_dev$dri(&(0x7f0000000000), 0x1f, 0x0)
syz_emit_ethernet(0x85, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x2, 0x7}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
setrlimit(0x8, &(0x7f0000000040)={0x80000000, 0x7})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
bpf$OBJ_GET_MAP(0x7, &(0x7f0000000140)=@generic={&(0x7f0000000100)='./file0\x00', 0x0, 0x14}, 0x18)
read$msr(r4, &(0x7f0000005580)=""/102392, 0x18ff8)
r5 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
mmap$dsp(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x3, 0x10, r5, 0x0)
ioctl$SNDCTL_DSP_GETOPTR(r5, 0x5008, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x2000)
ioctl$SNDCTL_DSP_GETOSPACE(r5, 0x8010500c, &(0x7f00000000c0))
timer_settime(0x0, 0x0, 0x0, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x9, &(0x7f00000003c0)=0x246, 0x4)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r3, 0xc02064d2, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000007000000000a88000000060a010400000000000000000a0000010900010073797a31000000005c000480580001800b0001007461726765740000480002802c0003009ac420002e20000000000000009dfb78c7699c74e891a0c70000000000000000000000000000000008000240000000000e00010049444c4554494d45520000000900020073797a32"], 0xb0}, 0x1, 0x0, 0x0, 0x4000850}, 0x20040040)
getsockopt$inet6_int(r1, 0x29, 0x49, 0x0, &(0x7f0000000040))
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x3, 0x0}}]}, &(0x7f0000000180)=0x10)
r6 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r6, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8)

3.316243911s ago: executing program 6 (id=5659):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000004600)=""/102400, 0x19000)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
ioctl$SNDCTL_SEQ_OUTOFBAND(0xffffffffffffffff, 0x40085112, 0x0)
creat(0x0, 0x350)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
pipe(&(0x7f00000001c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
writev(r4, &(0x7f0000000000)=[{&(0x7f0000000140)="580000001400ad", 0x7}], 0x1)
write$binfmt_elf64(r4, &(0x7f00000000c0)=ANY=[@ANYBLOB="080641663151c9e0ad01"], 0x1c)
socket$netlink(0x10, 0x3, 0x4)
write$binfmt_misc(r4, &(0x7f0000000100), 0xfef0)
r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_GET(r3, &(0x7f00000001c0)={0x0, 0x34, &(0x7f00000003c0)={&(0x7f0000000380)={0x34, r5, 0x301, 0x0, 0x0, {0x34}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}}, 0x0)

3.013321347s ago: executing program 0 (id=5660):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
r1 = landlock_create_ruleset(&(0x7f00000003c0)={0x8000, 0x1, 0x3}, 0x18, 0x0)
landlock_restrict_self(r1, 0x3)
syz_usb_control_io$uac2(r0, &(0x7f0000000100)={0x14, &(0x7f0000000000)={0x40, 0x23, 0xa, {0xa, 0x22, "d5f096c54cd53fe2"}}, &(0x7f0000000040)={0x0, 0x3, 0x91, @string={0x91, 0x3, "7a15970837d1859499a43390663178a0a27f45d4aa717a5e73449b206843c0036f3387e071f7dffa919f9805b5460ec0710c08a93c279632329771fa1a739a77bc38daf6a8445e75387d62abf984621984e7504c69143876079f4995784368af2eddc08c346795a2e17d4f8acbc8e794496845ae33a9e5515e87da9517d684a15de989d0f25539ca6ef21913f790ff"}}}, &(0x7f0000000340)={0x44, &(0x7f0000000140)={0x40, 0x12, 0x2b, "5e99197036c64cb2254e1a554377277dcc33c7a06c154250875062581a7b97b8c78559b6149401cae4b74d"}, &(0x7f0000000180)={0x0, 0xa, 0x1}, &(0x7f00000001c0)={0x0, 0x8, 0x1, 0x2}, &(0x7f0000000200)={0x20, 0x81, 0x2, 'lz'}, &(0x7f0000000240)={0x20, 0x82, 0x2, 'iR'}, &(0x7f0000000280)={0x20, 0x83, 0x2, "7da4"}, &(0x7f00000002c0)={0x20, 0x84, 0x2, "f2b4"}, &(0x7f0000000300)={0x20, 0x85, 0x3, "d2aefd"}})

2.826161294s ago: executing program 1 (id=5661):
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000000)=0x9, 0x8, 0x2)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0)
ioctl$PPPIOCNEWUNIT(r2, 0xc004743e, &(0x7f0000000140)=0x1)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000680)={'bridge0\x00', <r3=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="5800000055003d07000000000001000007000000", @ANYRES32=r3, @ANYBLOB="20000280", @ANYRES32, @ANYBLOB="0000000000000000000000000a0000000000000000000014200001"], 0x58}}, 0x0)
ioctl$PPPIOCSPASS(r2, 0x40107447, &(0x7f0000000100)={0x2, &(0x7f0000000000)=[{0x40, 0xff, 0xfd, 0x16}, {0x6, 0x60}]})
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
write$FUSE_INIT(r4, &(0x7f0000000040)={0x50, 0x0, 0x0, {0x7, 0x1f, 0x0, 0x34031c42, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}}, 0x50)
ioctl$FIBMAP(0xffffffffffffffff, 0x1, &(0x7f00000000c0)=0x5e6)
write$ppp(r2, &(0x7f0000000340)='\x00G', 0x2)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x3)

2.251039271s ago: executing program 6 (id=5662):
ioctl$KVM_GET_MSRS_sys(0xffffffffffffffff, 0xc008ae88, 0x0)
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
sendmsg$NL80211_CMD_SET_BSS(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000)
syz_open_dev$video(0x0, 0xa7, 0x0)
preadv2(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x10)
write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24040811}, 0x8410)
fanotify_init(0x40, 0x800)
r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x200)
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(0xffffffffffffffff, 0xc0a85320, &(0x7f0000000340)={{0x80, 0xfc}, 'port0\x00', 0x0, 0x60000, 0x0, 0xfffffffb, 0x6, 0xfffffffc, 0x10000000, 0x0, 0x1})
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r4, 0xc0a85352, &(0x7f0000000200)={{0x5, 0x7f}, 'port1\x00', 0x80, 0x14, 0x7ff, 0xfffffeff, 0x0, 0xc, 0x200000, 0x0, 0x4875c99660ff2b2d, 0x9})
ioctl$TCXONC(r1, 0x540a, 0x3)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000740)={0x0, 0x0, 0x35, 0x0, 0x1}, 0x28)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000000)={&(0x7f00002b9000/0x400000)=nil, &(0x7f0000779000/0x1000)=nil, 0x400000, 0x3, 0x2})
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
syz_kvm_setup_syzos_vm$x86(0xffffffffffffffff, &(0x7f00005cf000/0x400000)=nil)
r5 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r5, 0xc4c85513, &(0x7f0000000540)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, [0x7, 0x0, 0xfffffffffffff58f, 0x6c4ba42, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0xfffffffffffffffe, 0x0, 0x9, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0xcd, 0x1, 0x0, 0x0, 0x0, 0x4, 0x3, 0x0, 0xffffffffffffffff, 0x10000000000000, 0x4, 0x3, 0x7fffffffffffffff, 0x2, 0x0, 0x0, 0x0, 0x92c, 0x3, 0x7b, 0x0, 0x0, 0x4, 0x0, 0x0, 0x3, 0x100, 0x4, 0x0, 0x0, 0xfffffffffffffffc, 0x800, 0x3f, 0xfffffffffffffff9, 0x4b00, 0x8000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0xfffffffffffffffd, 0x9, 0x0, 0x3000000000000, 0xfffffffffffffffd, 0x2, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80003, 0x0, 0x0, 0x400000, 0x200, 0x10000000000, 0x40000000000, 0x801, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x20000000000000, 0x0, 0x0, 0x1000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000, 0x6, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x2, 0x0, 0x2, 0x0, 0x1, 0x10, 0x4000100000002]})

2.00059776s ago: executing program 5 (id=5663):
openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi4\x00', 0x20002, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0))
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000140)=@newlink={0x4c, 0x10, 0x1, 0x70bd2b, 0x4, {0x0, 0x0, 0x0, 0x0, 0x123a4, 0x4484}, [@IFLA_IFNAME={0x14, 0x3, 'veth1_to_hsr\x00'}, @IFLA_VFINFO_LIST={0x18, 0x16, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@IFLA_VF_RATE={0x10, 0x6, {0xffffffff, 0x88, 0x80}}]}]}]}, 0x4c}}, 0x0)
r1 = socket$can_bcm(0x1d, 0x2, 0x2)
fstat(r1, &(0x7f0000000700))
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000300), 0x40a00, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000140)={0xc, 0x0, <r4=>0x0})
ioctl$IOMMU_IOAS_MAP(r3, 0x3b85, &(0x7f0000000100)={0x28, 0x3, r4, 0x0, &(0x7f0000000080)='\x00', 0x1, 0xfffffffffffffffd})
ioctl$IOMMU_IOAS_MAP$PAGES(r3, 0x3b85, &(0x7f0000000040)={0x28, 0x4, r4, 0x0, &(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2})
r5 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000001b80), r2)
sendmsg$IEEE802154_LIST_IFACE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000280)={0x14, r5, 0x50be6fea6f3bdfbb, 0x72bd26, 0x25dfcbff}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), r2)
socket$packet(0x11, 0x3, 0x300)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000000c0), 0x111, 0x6}}, 0x20)
r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000940), 0x2, 0x0)
openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x0)
r7 = socket$unix(0x1, 0x2, 0x0)
ppoll(&(0x7f0000000300)=[{r7, 0x6036}], 0x1, 0x0, 0x0, 0xfffffffffffffc92)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300), 0x2, 0x4}}, 0x20)
writev(r6, &(0x7f0000000040)=[{&(0x7f0000000100), 0x86}], 0x2)

1.654147965s ago: executing program 5 (id=5664):
syz_open_dev$sg(&(0x7f0000000040), 0xa, 0x800)
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/crypto\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16, @ANYRES16=0x0], 0x6c}}, 0x400c8c0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001500"], 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
writev(0xffffffffffffffff, &(0x7f00000005c0)=[{&(0x7f0000000480)}], 0x1)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0xc000)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
setitimer(0x0, &(0x7f0000000580)={{0x0, 0x2710}, {0x0, 0x2710}}, 0x0)
close(0xffffffffffffffff)
inotify_init1(0x800)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_DESTROY(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="280000000306050000000000000000000200000505000100070000000900020073797a30"], 0x28}, 0x1, 0x0, 0x0, 0x8040}, 0x20008000)
sendfile(r0, r1, 0x0, 0x20000023896)

818.260154ms ago: executing program 0 (id=5665):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000772904202404019957c2010203010902240001000010000904430002317d5500090502020002020000090582"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000001c00)={0x2c, &(0x7f0000001a00)=ANY=[@ANYBLOB="ff0000d6a6d59760b33f"], 0x0, 0x0, 0x0, 0x0})

669.136693ms ago: executing program 3 (id=5666):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1400000015000103000000001c0000000a"], 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x0)
recvmsg$unix(r0, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000d40)=[{&(0x7f0000001980)=""/4096, 0x1000}, {&(0x7f0000000880)=""/200, 0xc8}, {&(0x7f00000002c0)=""/161, 0xa1}], 0x3}, 0x2) (fail_nth: 1)

92.90585ms ago: executing program 1 (id=5667):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYRESHEX=r0], 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a030c0000000000000000020000000900010073797a310000000040000000030a01020000000000000000020000000900030073797a320000000014000480080002400000000408000140000000020900010073797a3100000000140000001100010000000000000000000500000adbdee537bfe6e601551365def2ae0f8f9ab0aeb76860be250927f2acd1cee3ec16fa01d32c9160c5f916b978d2f2093097dab2c0712c2c2525709d46da1f2b9ae36062d2fb98f5cf89d9a44d76c4ca4e9d662e09dc"], 0x88}, 0x1, 0x0, 0x0, 0x80}, 0x10)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000680)={{0x14}, [@NFT_MSG_NEWCHAIN={0x48, 0x3, 0xa, 0x3, 0x0, 0x0, {0x2, 0x0, 0x2}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_COUNTERS={0x1c, 0x8, 0x0, 0x1, [@NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x4}, @NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0xf6}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}]}], {0x14}}, 0x70}}, 0x4000)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f00000002c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-sse2\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, 0x0, 0x0)
r4 = accept4(r3, 0x0, 0x0, 0x800)
ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, &(0x7f00000000c0)={0x3, <r5=>r4, 0x1})
ioctl$SNDCTL_TMR_TEMPO(r5, 0xc0045405, &(0x7f0000000100)=0xa2)
sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x8004}], 0x1, 0x40800)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000240)=""/48, 0xe1}], 0x1}, 0x0)
recvmsg$unix(r0, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000d40)=[{&(0x7f0000001980)=""/4096, 0x1000}, {&(0x7f0000000880)=""/200, 0xc8}, {&(0x7f00000002c0)=""/161, 0xa1}], 0x3}, 0x2)

0s ago: executing program 3 (id=5668):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r0, 0x0, 0x80)

kernel console output (not intermixed with test programs):

RIG_RAX: 0000000000000010
[ 1753.484769][T26227] RAX: ffffffffffffffda RBX: 00007f574f415fa0 RCX: 00007f574f19c799
[ 1753.484779][T26227] RDX: 00002000000001c0 RSI: 000000004008af00 RDI: 0000000000000003
[ 1753.484789][T26227] RBP: 00007f574ff75090 R08: 0000000000000000 R09: 0000000000000000
[ 1753.484798][T26227] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1753.484807][T26227] R13: 00007f574f416038 R14: 00007f574f415fa0 R15: 00007ffea4a7c1b8
[ 1753.484829][T26227]  </TASK>
[ 1753.484890][T26227] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1755.082855][T26257] bdev: Unknown parameter '%'
[ 1755.924982][T26268] syzkaller0: entered promiscuous mode
[ 1755.954521][T26268] syzkaller0: entered allmulticast mode
[ 1757.648827][T26288] block device autoloading is deprecated and will be removed.
[ 1757.659134][T26288] ufs: You didn't specify the type of your ufs filesystem
[ 1757.659134][T26288] 
[ 1757.659134][T26288] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ...
[ 1757.659134][T26288] 
[ 1757.659134][T26288] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old
[ 1757.691128][T26288] ufs: ufstype=old is supported read-only
[ 1758.431751][T21639] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[ 1758.490968][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[ 1758.498953][    C1] lec:lec_tx_timeout: lec0
[ 1758.503529][    C1] lec:lec_start_xmit: lec0:No lecd attached
[ 1758.867844][T21639] usb 6-1: New USB device found, idVendor=200c, idProduct=1018, bcdDevice= 0.40
[ 1758.878338][T21639] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1758.887360][T21639] usb 6-1: Product: syz
[ 1758.893247][T21639] usb 6-1: Manufacturer: syz
[ 1758.897897][T21639] usb 6-1: SerialNumber: syz
[ 1759.648161][T21639] usb 6-1: unit 4 not found!
[ 1759.712589][T21639] usb 6-1: USB disconnect, device number 13
[ 1759.845921][T26292] udevd[26292]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1760.755136][T26312] netlink: 36 bytes leftover after parsing attributes in process `syz.5.5192'.
[ 1761.201045][ T5860] usb 7-1: new full-speed USB device number 40 using dummy_hcd
[ 1761.372721][ T5860] usb 7-1: config 0 has an invalid interface number: 31 but max is 0
[ 1761.380797][ T5860] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1761.398531][   T30] audit: type=1400 audit(2000000438.440:821): avc:  denied  { read write } for  pid=18026 comm="syz-executor" name="loop1" dev="devtmpfs" ino=5604 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 1761.431175][ T5860] usb 7-1: config 0 has no interface number 0
[ 1761.499107][   T30] audit: type=1400 audit(2000000438.480:822): avc:  denied  { open } for  pid=18026 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=5604 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 1761.505012][ T5860] usb 7-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[ 1761.561378][   T30] audit: type=1400 audit(2000000438.480:823): avc:  denied  { ioctl } for  pid=18026 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=5604 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 1761.565268][ T5860] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1761.700713][ T5860] usb 7-1: Product: syz
[ 1761.706837][ T5860] usb 7-1: Manufacturer: syz
[ 1761.711934][ T5860] usb 7-1: SerialNumber: syz
[ 1761.731777][ T5860] usb 7-1: config 0 descriptor??
[ 1761.739501][ T5860] hub 7-1:0.31: bad descriptor, ignoring hub
[ 1761.746112][ T5860] hub 7-1:0.31: probe with driver hub failed with error -5
[ 1761.762930][ T5860] uvcvideo 7-1:0.31: Found UVC 0.04 device syz (046d:08c3)
[ 1762.230816][ T5860] uvcvideo 7-1:0.31: No valid video chain found.
[ 1762.283486][ T5860] usb 7-1: USB disconnect, device number 40
[ 1762.688604][T26356] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5202'.
[ 1762.706437][T26356] vlan2: entered allmulticast mode
[ 1762.711790][T26356] team0: entered allmulticast mode
[ 1762.716902][T26356] team_slave_0: entered allmulticast mode
[ 1762.722781][T26356] team_slave_1: entered allmulticast mode
[ 1763.510950][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[ 1763.518971][    C1] lec:lec_tx_timeout: lec0
[ 1763.524530][    C1] lec:lec_start_xmit: lec0:No lecd attached
[ 1766.904314][T26437] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5228'.
[ 1768.006359][   T30] audit: type=1400 audit(2000000445.050:824): avc:  denied  { lock } for  pid=26461 comm="syz.5.5238" path="socket:[114630]" dev="sockfs" ino=114630 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[ 1768.038414][   T30] audit: type=1400 audit(2000000445.080:825): avc:  denied  { relabelfrom } for  pid=26461 comm="syz.5.5238" name="UDP" dev="sockfs" ino=114629 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=udp_socket permissive=1
[ 1768.073422][T26463] SELinux:  Context system_u:object_r:chfn_exec_t:s0 is not valid (left unmapped).
[ 1768.087996][   T30] audit: type=1400 audit(2000000445.130:826): avc:  denied  { relabelto } for  pid=26461 comm="syz.5.5238" name="UDP" dev="sockfs" ino=114629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=udp_socket permissive=1 trawcon="system_u:object_r:chfn_exec_t:s0"
[ 1768.111017][   T29] usb 2-1: new high-speed USB device number 41 using dummy_hcd
[ 1768.530971][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[ 1768.538962][    C1] lec:lec_tx_timeout: lec0
[ 1768.543508][    C1] lec:lec_start_xmit: lec0:No lecd attached
[ 1768.764457][   T29] usb 2-1: device descriptor read/64, error -71
[ 1769.001433][   T29] usb 2-1: new high-speed USB device number 42 using dummy_hcd
[ 1769.554851][   T29] usb 2-1: device descriptor read/64, error -71
[ 1769.671998][   T29] usb usb2-port1: attempt power cycle
[ 1769.779154][T26498] tipc: Enabling of bearer <ud“:s> rejected, media not registered
[ 1769.901370][   T30] audit: type=1400 audit(2000000446.940:827): avc:  denied  { write } for  pid=26505 comm="syz.6.5249" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[ 1769.962489][   T30] audit: type=1400 audit(2000000446.970:828): avc:  denied  { read } for  pid=26505 comm="syz.6.5249" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[ 1770.079347][   T29] usb 2-1: new high-speed USB device number 43 using dummy_hcd
[ 1770.101776][   T29] usb 2-1: device descriptor read/8, error -71
[ 1770.717013][   T30] audit: type=1400 audit(2000000447.230:829): avc:  denied  { bpf } for  pid=26510 comm="syz.0.5253" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 1770.871879][   T29] usb 2-1: new high-speed USB device number 44 using dummy_hcd
[ 1771.005129][   T29] usb 2-1: device descriptor read/8, error -71
[ 1771.052232][T26518] overlayfs: failed to clone upperpath
[ 1771.226505][   T29] usb usb2-port1: unable to enumerate USB device
[ 1771.303813][T26528] FAULT_INJECTION: forcing a failure.
[ 1771.303813][T26528] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1771.364177][T26528] CPU: 1 UID: 0 PID: 26528 Comm: syz.6.5259 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1771.364196][T26528] Tainted: [L]=SOFTLOCKUP
[ 1771.364200][T26528] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1771.364207][T26528] Call Trace:
[ 1771.364211][T26528]  <TASK>
[ 1771.364216][T26528]  dump_stack_lvl+0x100/0x190
[ 1771.364239][T26528]  should_fail_ex.cold+0x5/0xa
[ 1771.364254][T26528]  _copy_from_user+0x2e/0xd0
[ 1771.364267][T26528]  do_sys_poll+0x345/0xeb0
[ 1771.364279][T26528]  ? is_bpf_text_address+0x94/0x1a0
[ 1771.364297][T26528]  ? kernel_text_address+0x8d/0x100
[ 1771.364310][T26528]  ? unwind_get_return_address+0x59/0xa0
[ 1771.364325][T26528]  ? arch_stack_walk+0xa6/0xf0
[ 1771.364340][T26528]  ? __pfx_do_sys_poll+0x10/0x10
[ 1771.364364][T26528]  ? __lock_acquire+0x4a5/0x2630
[ 1771.364398][T26528]  ? ktime_get_ts64+0x2d2/0x3f0
[ 1771.364415][T26528]  ? read_tsc+0x9/0x20
[ 1771.364430][T26528]  ? ktime_get_ts64+0x256/0x3f0
[ 1771.364448][T26528]  ? poll_select_set_timeout+0xcc/0x160
[ 1771.364461][T26528]  __x64_sys_poll+0x1b3/0x420
[ 1771.364473][T26528]  ? __pfx___x64_sys_poll+0x10/0x10
[ 1771.364490][T26528]  do_syscall_64+0x106/0xf80
[ 1771.364505][T26528]  ? clear_bhb_loop+0x40/0x90
[ 1771.364519][T26528]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1771.364531][T26528] RIP: 0033:0x7f3c53f9c799
[ 1771.364542][T26528] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1771.364552][T26528] RSP: 002b:00007f3c54dc0028 EFLAGS: 00000246 ORIG_RAX: 0000000000000007
[ 1771.364563][T26528] RAX: ffffffffffffffda RBX: 00007f3c54215fa0 RCX: 00007f3c53f9c799
[ 1771.364571][T26528] RDX: 0000000000000004 RSI: 0000000000000001 RDI: 00002000000000c0
[ 1771.364577][T26528] RBP: 00007f3c54dc0090 R08: 0000000000000000 R09: 0000000000000000
[ 1771.364584][T26528] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1771.364591][T26528] R13: 00007f3c54216038 R14: 00007f3c54215fa0 R15: 00007ffda735fb38
[ 1771.364604][T26528]  </TASK>
[ 1771.826951][   T30] audit: type=1400 audit(2000000448.870:830): avc:  denied  { perfmon } for  pid=26532 comm="syz.0.5260" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 1772.162411][T26533] tipc: Enabling of bearer <ud“:s> rejected, media not registered
[ 1772.923162][T26541] netlink: 207952 bytes leftover after parsing attributes in process `syz.3.5262'.
[ 1773.492718][T26544] FAULT_INJECTION: forcing a failure.
[ 1773.492718][T26544] name failslab, interval 1, probability 0, space 0, times 0
[ 1773.508135][T26544] CPU: 0 UID: 0 PID: 26544 Comm: syz.5.5264 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1773.508164][T26544] Tainted: [L]=SOFTLOCKUP
[ 1773.508171][T26544] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1773.508182][T26544] Call Trace:
[ 1773.508189][T26544]  <TASK>
[ 1773.508196][T26544]  dump_stack_lvl+0x100/0x190
[ 1773.508229][T26544]  should_fail_ex.cold+0x5/0xa
[ 1773.508253][T26544]  ? tomoyo_realpath_from_path+0xb6/0x690
[ 1773.508279][T26544]  should_failslab+0xc2/0x120
[ 1773.508299][T26544]  __kmalloc_noprof+0xe0/0x850
[ 1773.508331][T26544]  tomoyo_realpath_from_path+0xb6/0x690
[ 1773.508370][T26544]  tomoyo_path_number_perm+0x23c/0x580
[ 1773.508392][T26544]  ? tomoyo_path_number_perm+0x22e/0x580
[ 1773.508416][T26544]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1773.508464][T26544]  ? find_held_lock+0x2b/0x80
[ 1773.508488][T26544]  ? __fget_files+0x215/0x3d0
[ 1773.508507][T26544]  ? hook_file_ioctl_common+0x146/0x410
[ 1773.508531][T26544]  ? __fget_files+0x21f/0x3d0
[ 1773.508555][T26544]  security_file_ioctl+0xd3/0x230
[ 1773.508582][T26544]  __x64_sys_ioctl+0xb7/0x210
[ 1773.508610][T26544]  do_syscall_64+0x106/0xf80
[ 1773.508634][T26544]  ? clear_bhb_loop+0x40/0x90
[ 1773.508656][T26544]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1773.508673][T26544] RIP: 0033:0x7efe7219c799
[ 1773.508689][T26544] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1773.508706][T26544] RSP: 002b:00007efe730f1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1773.508724][T26544] RAX: ffffffffffffffda RBX: 00007efe72415fa0 RCX: 00007efe7219c799
[ 1773.508736][T26544] RDX: 0000200000000140 RSI: 000000004400ae8f RDI: 0000000000000005
[ 1773.508747][T26544] RBP: 00007efe730f1090 R08: 0000000000000000 R09: 0000000000000000
[ 1773.508758][T26544] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1773.508769][T26544] R13: 00007efe72416038 R14: 00007efe72415fa0 R15: 00007fffb6973788
[ 1773.508793][T26544]  </TASK>
[ 1773.508801][T26544] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1773.551001][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[ 1773.722074][    C1] lec:lec_tx_timeout: lec0
[ 1773.728825][    C1] lec:lec_start_xmit: lec0:No lecd attached
[ 1774.206108][T26553] overlayfs: failed to clone upperpath
[ 1774.352925][   T30] audit: type=1400 audit(2000000451.400:831): avc:  denied  { create } for  pid=26563 comm="syz.5.5271" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[ 1774.382831][   T30] audit: type=1400 audit(2000000451.400:832): avc:  denied  { connect } for  pid=26563 comm="syz.5.5271" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[ 1774.565570][   T30] audit: type=1400 audit(2000000451.610:833): avc:  denied  { write } for  pid=26563 comm="syz.5.5271" path="socket:[115526]" dev="sockfs" ino=115526 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[ 1775.601731][T26575] tipc: Enabling of bearer <ud“:s> rejected, media not registered
[ 1775.992127][T26586] Bluetooth: hci0: load_link_keys: expected 3 bytes, got 7 bytes
[ 1776.169165][   T30] audit: type=1400 audit(2000000453.050:834): avc:  denied  { create } for  pid=26582 comm="syz.3.5275" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[ 1776.775724][   T30] audit: type=1400 audit(2000000453.050:835): avc:  denied  { connect } for  pid=26582 comm="syz.3.5275" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[ 1776.809996][T26592] "syz.3.5277" (26592) uses obsolete ecb(arc4) skcipher
[ 1776.842400][T26592] FAULT_INJECTION: forcing a failure.
[ 1776.842400][T26592] name failslab, interval 1, probability 0, space 0, times 0
[ 1776.861977][T26593] xt_time: invalid argument - start or stop time greater than 23:59:59
[ 1776.880427][T26592] CPU: 0 UID: 0 PID: 26592 Comm: syz.3.5277 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1776.880458][T26592] Tainted: [L]=SOFTLOCKUP
[ 1776.880464][T26592] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1776.880473][T26592] Call Trace:
[ 1776.880479][T26592]  <TASK>
[ 1776.880486][T26592]  dump_stack_lvl+0x100/0x190
[ 1776.880520][T26592]  should_fail_ex.cold+0x5/0xa
[ 1776.880543][T26592]  ? sock_kmalloc+0x111/0x170
[ 1776.880569][T26592]  should_failslab+0xc2/0x120
[ 1776.880588][T26592]  __kmalloc_noprof+0xe0/0x850
[ 1776.880615][T26592]  sock_kmalloc+0x111/0x170
[ 1776.880643][T26592]  alg_setsockopt+0x390/0xe90
[ 1776.880672][T26592]  ? __pfx_alg_setsockopt+0x10/0x10
[ 1776.880699][T26592]  ? selinux_socket_setsockopt+0x6a/0x80
[ 1776.880723][T26592]  ? __pfx_alg_setsockopt+0x10/0x10
[ 1776.880749][T26592]  do_sock_setsockopt+0xf3/0x1d0
[ 1776.880779][T26592]  __sys_setsockopt+0x195/0x220
[ 1776.880806][T26592]  __x64_sys_setsockopt+0xbd/0x160
[ 1776.880826][T26592]  ? do_syscall_64+0x95/0xf80
[ 1776.880849][T26592]  ? lockdep_hardirqs_on+0x78/0x100
[ 1776.880871][T26592]  do_syscall_64+0x106/0xf80
[ 1776.880893][T26592]  ? clear_bhb_loop+0x40/0x90
[ 1776.880913][T26592]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1776.880934][T26592] RIP: 0033:0x7ff80ab9c799
[ 1776.880949][T26592] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1776.880965][T26592] RSP: 002b:00007ff808df6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 1776.880983][T26592] RAX: ffffffffffffffda RBX: 00007ff80ae15fa0 RCX: 00007ff80ab9c799
[ 1776.880994][T26592] RDX: 0000000000000001 RSI: 0000000000000117 RDI: 0000000000000003
[ 1776.881004][T26592] RBP: 00007ff808df6090 R08: 0000000000000101 R09: 0000000000000000
[ 1776.881014][T26592] R10: 00002000000016c0 R11: 0000000000000246 R12: 0000000000000001
[ 1776.881024][T26592] R13: 00007ff80ae16038 R14: 00007ff80ae15fa0 R15: 00007ffd7c0a0f88
[ 1776.881048][T26592]  </TASK>
[ 1777.816567][   T30] audit: type=1400 audit(2000000454.850:836): avc:  denied  { read } for  pid=26604 comm="syz.1.5283" name="card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[ 1778.242227][   T30] audit: type=1400 audit(2000000454.890:837): avc:  denied  { open } for  pid=26604 comm="syz.1.5283" path="/dev/dri/card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[ 1778.461007][   T30] audit: type=1400 audit(2000000455.000:838): avc:  denied  { ioctl } for  pid=26604 comm="syz.1.5283" path="/dev/dri/card1" dev="devtmpfs" ino=628 ioctlcmd=0x6434 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[ 1779.391080][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5660 ms
[ 1779.399109][    C1] lec:lec_tx_timeout: lec0
[ 1779.404233][    C1] lec:lec_start_xmit: lec0:No lecd attached
[ 1780.159256][T26637] FAULT_INJECTION: forcing a failure.
[ 1780.159256][T26637] name failslab, interval 1, probability 0, space 0, times 0
[ 1780.611162][T26637] CPU: 1 UID: 0 PID: 26637 Comm: syz.5.5291 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1780.611191][T26637] Tainted: [L]=SOFTLOCKUP
[ 1780.611198][T26637] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1780.611208][T26637] Call Trace:
[ 1780.611214][T26637]  <TASK>
[ 1780.611220][T26637]  dump_stack_lvl+0x100/0x190
[ 1780.611253][T26637]  should_fail_ex.cold+0x5/0xa
[ 1780.611277][T26637]  ? tomoyo_realpath_from_path+0xb6/0x690
[ 1780.611304][T26637]  should_failslab+0xc2/0x120
[ 1780.611323][T26637]  __kmalloc_noprof+0xe0/0x850
[ 1780.611353][T26637]  tomoyo_realpath_from_path+0xb6/0x690
[ 1780.611385][T26637]  tomoyo_path_number_perm+0x23c/0x580
[ 1780.611408][T26637]  ? tomoyo_path_number_perm+0x22e/0x580
[ 1780.611432][T26637]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1780.611480][T26637]  ? find_held_lock+0x2b/0x80
[ 1780.611503][T26637]  ? __fget_files+0x215/0x3d0
[ 1780.611521][T26637]  ? hook_file_ioctl_common+0x146/0x410
[ 1780.611546][T26637]  ? __fget_files+0x21f/0x3d0
[ 1780.611569][T26637]  security_file_ioctl+0xd3/0x230
[ 1780.611602][T26637]  __x64_sys_ioctl+0xb7/0x210
[ 1780.611631][T26637]  do_syscall_64+0x106/0xf80
[ 1780.611656][T26637]  ? clear_bhb_loop+0x40/0x90
[ 1780.611679][T26637]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1780.611698][T26637] RIP: 0033:0x7efe7219c799
[ 1780.611714][T26637] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1780.611731][T26637] RSP: 002b:00007efe730f1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1780.611750][T26637] RAX: ffffffffffffffda RBX: 00007efe72415fa0 RCX: 00007efe7219c799
[ 1780.611762][T26637] RDX: 0000200000000000 RSI: 0000000000008918 RDI: 0000000000000003
[ 1780.611774][T26637] RBP: 00007efe730f1090 R08: 0000000000000000 R09: 0000000000000000
[ 1780.611784][T26637] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1780.611794][T26637] R13: 00007efe72416038 R14: 00007efe72415fa0 R15: 00007fffb6973788
[ 1780.611820][T26637]  </TASK>
[ 1780.611827][T26637] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1782.896074][   T30] audit: type=1400 audit(2000000459.940:839): avc:  denied  { append } for  pid=26683 comm="syz.3.5306" name="usbmon0" dev="devtmpfs" ino=716 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[ 1783.515663][T26689] FAULT_INJECTION: forcing a failure.
[ 1783.515663][T26689] name failslab, interval 1, probability 0, space 0, times 0
[ 1783.534347][T26689] CPU: 1 UID: 0 PID: 26689 Comm: syz.1.5304 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1783.534376][T26689] Tainted: [L]=SOFTLOCKUP
[ 1783.534382][T26689] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1783.534392][T26689] Call Trace:
[ 1783.534398][T26689]  <TASK>
[ 1783.534405][T26689]  dump_stack_lvl+0x100/0x190
[ 1783.534436][T26689]  should_fail_ex.cold+0x5/0xa
[ 1783.534459][T26689]  should_failslab+0xc2/0x120
[ 1783.534477][T26689]  __kvmalloc_node_noprof+0xfa/0xa00
[ 1783.534503][T26689]  ? traverse.part.0.constprop.0+0x397/0x650
[ 1783.534529][T26689]  traverse.part.0.constprop.0+0x397/0x650
[ 1783.534549][T26689]  ? __pfx__kstrtoull+0x10/0x10
[ 1783.534577][T26689]  seq_read_iter+0x93f/0x1270
[ 1783.534597][T26689]  ? __lock_acquire+0x4a5/0x2630
[ 1783.534620][T26689]  seq_read+0x33b/0x4c0
[ 1783.534638][T26689]  ? __pfx_seq_read+0x10/0x10
[ 1783.534666][T26689]  ? selinux_file_permission+0x8f/0x6d0
[ 1783.534695][T26689]  ? __pfx_seq_read+0x10/0x10
[ 1783.534713][T26689]  proc_reg_read+0x240/0x330
[ 1783.534732][T26689]  ? __pfx_proc_reg_read+0x10/0x10
[ 1783.534751][T26689]  vfs_read+0x1e4/0xb30
[ 1783.534781][T26689]  ? __pfx_vfs_read+0x10/0x10
[ 1783.534802][T26689]  ? find_held_lock+0x2b/0x80
[ 1783.534816][T26689]  ? __fget_files+0x215/0x3d0
[ 1783.534828][T26689]  ? __fget_files+0x215/0x3d0
[ 1783.534843][T26689]  ? __fget_files+0x21f/0x3d0
[ 1783.534859][T26689]  __x64_sys_pread64+0x1eb/0x250
[ 1783.534870][T26689]  ? __pfx___x64_sys_pread64+0x10/0x10
[ 1783.534886][T26689]  do_syscall_64+0x106/0xf80
[ 1783.534902][T26689]  ? clear_bhb_loop+0x40/0x90
[ 1783.534916][T26689]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1783.534927][T26689] RIP: 0033:0x7f574f19c799
[ 1783.534938][T26689] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1783.534950][T26689] RSP: 002b:00007f574d3d5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000011
[ 1783.534961][T26689] RAX: ffffffffffffffda RBX: 00007f574f416180 RCX: 00007f574f19c799
[ 1783.534968][T26689] RDX: 00000000000000ae RSI: 00002000000002c0 RDI: 0000000000000005
[ 1783.534975][T26689] RBP: 00007f574d3d5090 R08: 0000000000000000 R09: 0000000000000000
[ 1783.534982][T26689] R10: 00000000000000e0 R11: 0000000000000246 R12: 0000000000000001
[ 1783.534988][T26689] R13: 00007f574f416218 R14: 00007f574f416180 R15: 00007ffea4a7c1b8
[ 1783.535002][T26689]  </TASK>
[ 1784.410956][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[ 1784.419135][    C1] lec:lec_tx_timeout: lec0
[ 1784.423858][    C1] lec:lec_start_xmit: lec0:No lecd attached
[ 1786.873277][   T30] audit: type=1400 audit(2000000463.910:840): avc:  denied  { create } for  pid=26735 comm="syz.1.5318" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[ 1787.351018][   T29] usb 2-1: new high-speed USB device number 45 using dummy_hcd
[ 1787.503556][   T29] usb 2-1: Using ep0 maxpacket: 16
[ 1787.528229][   T29] usb 2-1: config 0 has no interfaces?
[ 1787.574047][   T29] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1787.715638][   T29] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1787.739432][   T29] usb 2-1: Manufacturer: syz
[ 1787.809071][   T29] usb 2-1: config 0 descriptor??
[ 1788.680615][   T29] usb 4-1: new full-speed USB device number 52 using dummy_hcd
[ 1788.962698][   T29] usb 4-1: config 0 has an invalid interface number: 31 but max is 0
[ 1788.970816][   T29] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1789.067001][   T29] usb 4-1: config 0 has no interface number 0
[ 1789.430947][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[ 1789.438983][    C1] lec:lec_tx_timeout: lec0
[ 1789.444553][    C1] lec:lec_start_xmit: lec0:No lecd attached
[ 1789.492406][   T29] usb 4-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[ 1789.516262][   T29] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1789.542099][   T29] usb 4-1: Product: syz
[ 1789.571890][   T29] usb 4-1: Manufacturer: syz
[ 1789.582283][   T29] usb 4-1: SerialNumber: syz
[ 1789.605427][   T29] usb 4-1: config 0 descriptor??
[ 1789.624894][   T29] hub 4-1:0.31: bad descriptor, ignoring hub
[ 1789.638571][   T29] hub 4-1:0.31: probe with driver hub failed with error -5
[ 1789.658031][   T29] uvcvideo 4-1:0.31: Found UVC 0.04 device syz (046d:08c3)
[ 1789.674392][   T29] uvcvideo 4-1:0.31: No valid video chain found.
[ 1790.316394][T22908] usb 2-1: USB disconnect, device number 45
[ 1790.327974][T26793] FAULT_INJECTION: forcing a failure.
[ 1790.327974][T26793] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1790.371738][   T29] usb 4-1: USB disconnect, device number 52
[ 1790.387904][T26793] CPU: 1 UID: 0 PID: 26793 Comm: syz.5.5331 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1790.387932][T26793] Tainted: [L]=SOFTLOCKUP
[ 1790.387938][T26793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1790.387948][T26793] Call Trace:
[ 1790.387954][T26793]  <TASK>
[ 1790.387960][T26793]  dump_stack_lvl+0x100/0x190
[ 1790.387992][T26793]  should_fail_ex.cold+0x5/0xa
[ 1790.388015][T26793]  _copy_from_iter+0x1f4/0x1690
[ 1790.388035][T26793]  ? __lock_acquire+0x4a5/0x2630
[ 1790.388054][T26793]  ? __pfx__copy_from_iter+0x10/0x10
[ 1790.388074][T26793]  ? find_held_lock+0x2b/0x80
[ 1790.388096][T26793]  ? rawv6_sendmsg+0xb3c/0x4420
[ 1790.388118][T26793]  ? rawv6_sendmsg+0xb3c/0x4420
[ 1790.388145][T26793]  rawv6_sendmsg+0x244a/0x4420
[ 1790.388171][T26793]  ? __pfx_find_held_lock+0x10/0x10
[ 1790.388202][T26793]  ? __pfx_rawv6_sendmsg+0x10/0x10
[ 1790.388226][T26793]  ? avc_has_perm_noaudit+0x145/0x3b0
[ 1790.388247][T26793]  ? avc_has_perm+0x135/0x1e0
[ 1790.388264][T26793]  ? __pfx_avc_has_perm+0x10/0x10
[ 1790.388301][T26793]  ? inode_has_perm+0x16d/0x1d0
[ 1790.388319][T26793]  ? __pfx_rawv6_sendmsg+0x10/0x10
[ 1790.388343][T26793]  ? inet_sendmsg+0x11c/0x140
[ 1790.388359][T26793]  inet_sendmsg+0x11c/0x140
[ 1790.388377][T26793]  sock_write_iter+0x4ea/0x5a0
[ 1790.388403][T26793]  ? __pfx_inet_sendmsg+0x10/0x10
[ 1790.388420][T26793]  ? __pfx_sock_write_iter+0x10/0x10
[ 1790.388452][T26793]  ? bpf_lsm_file_permission+0x9/0x10
[ 1790.388477][T26793]  ? security_file_permission+0x76/0x210
[ 1790.388502][T26793]  ? rw_verify_area+0xce/0x6d0
[ 1790.388527][T26793]  vfs_write+0x6ac/0x1070
[ 1790.388543][T26793]  ? __pfx_sock_write_iter+0x10/0x10
[ 1790.388570][T26793]  ? __pfx_vfs_write+0x10/0x10
[ 1790.388584][T26793]  ? find_held_lock+0x2b/0x80
[ 1790.388619][T26793]  ksys_write+0x1f8/0x250
[ 1790.388634][T26793]  ? __pfx_ksys_write+0x10/0x10
[ 1790.388656][T26793]  do_syscall_64+0x106/0xf80
[ 1790.388678][T26793]  ? clear_bhb_loop+0x40/0x90
[ 1790.388699][T26793]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1790.388716][T26793] RIP: 0033:0x7efe7219c799
[ 1790.388731][T26793] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1790.388746][T26793] RSP: 002b:00007efe730f1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1790.388763][T26793] RAX: ffffffffffffffda RBX: 00007efe72415fa0 RCX: 00007efe7219c799
[ 1790.388773][T26793] RDX: 0000000000000008 RSI: 00002000000000c0 RDI: 0000000000000003
[ 1790.388784][T26793] RBP: 00007efe730f1090 R08: 0000000000000000 R09: 0000000000000000
[ 1790.388794][T26793] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1790.388804][T26793] R13: 00007efe72416038 R14: 00007efe72415fa0 R15: 00007fffb6973788
[ 1790.388828][T26793]  </TASK>
[ 1790.757654][T26798] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1790.774638][T26798] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1790.861247][T26798] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1790.892802][T26798] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1790.900816][T26798] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1790.921214][T16783] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1790.929140][T16783] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1790.936534][T16783] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1790.950018][T16783] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1790.970050][T16783] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1791.058796][T26807] x_tables: ip6_tables: mh match: only valid for protocol 135
[ 1791.410084][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[ 1792.320159][T26819] x_tables: duplicate underflow at hook 1
[ 1792.441166][   T30] audit: type=1400 audit(2000000469.480:841): avc:  denied  { lock } for  pid=26818 comm="syz.3.5338" path="socket:[116433]" dev="sockfs" ino=116433 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1
[ 1793.071023][T26798] Bluetooth: hci3: command tx timeout
[ 1793.543340][ T6487] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1793.573603][T26818] mmap: syz.3.5338 (26818): VmData 21086208 exceed data ulimit 8. Update limits or use boot option ignore_rlimit_data.
[ 1793.606979][T26796] chnl_net:caif_netlink_parms(): no params data found
[ 1793.790503][ T6487] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1794.322009][T26847] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5345'.
[ 1794.450004][ T6487] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1794.450999][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[ 1794.468258][    C1] lec:lec_tx_timeout: lec0
[ 1794.472898][    C1] lec:lec_start_xmit: lec0:No lecd attached
[ 1795.431038][T26798] Bluetooth: hci3: command tx timeout
[ 1795.534318][ T6487] netdevsim netdevsim0 netdevsim0 (unregistering): left allmulticast mode
[ 1795.821947][ T6487] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1796.499799][   T30] audit: type=1400 audit(2000000473.540:842): avc:  denied  { mount } for  pid=26867 comm="syz.1.5350" name="/" dev="configfs" ino=1186 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1
[ 1796.552885][T26796] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1796.571500][T26796] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1796.595715][   T30] audit: type=1400 audit(2000000473.570:843): avc:  denied  { search } for  pid=26867 comm="syz.1.5350" name="/" dev="configfs" ino=1186 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[ 1796.595843][T26796] bridge_slave_0: entered allmulticast mode
[ 1796.904450][T26796] bridge_slave_0: entered promiscuous mode
[ 1796.919458][   T30] audit: type=1400 audit(2000000473.570:844): avc:  denied  { audit_write } for  pid=26867 comm="syz.1.5350" capability=29  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[ 1796.980165][T26874] FAULT_INJECTION: forcing a failure.
[ 1796.980165][T26874] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1797.000709][T26796] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1797.015588][   T30] audit: type=1400 audit(2000000473.620:845): avc:  denied  { read open } for  pid=26867 comm="syz.1.5350" path="/" dev="configfs" ino=1186 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[ 1797.020471][T26796] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1797.173230][T26874] CPU: 1 UID: 0 PID: 26874 Comm: syz.1.5352 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1797.173260][T26874] Tainted: [L]=SOFTLOCKUP
[ 1797.173266][T26874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1797.173276][T26874] Call Trace:
[ 1797.173282][T26874]  <TASK>
[ 1797.173289][T26874]  dump_stack_lvl+0x100/0x190
[ 1797.173320][T26874]  should_fail_ex.cold+0x5/0xa
[ 1797.173343][T26874]  _copy_from_user+0x2e/0xd0
[ 1797.173363][T26874]  io_query+0x144/0x6e0
[ 1797.173388][T26874]  ? get_pid_task+0x106/0x250
[ 1797.173407][T26874]  ? __pfx_io_query+0x10/0x10
[ 1797.173448][T26874]  __do_sys_io_uring_register+0xa73/0x1ac0
[ 1797.173473][T26874]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1797.173503][T26874]  ? __pfx___do_sys_io_uring_register+0x10/0x10
[ 1797.173527][T26874]  ? __fget_files+0x21f/0x3d0
[ 1797.173552][T26874]  ? fput+0x79/0x100
[ 1797.173572][T26874]  ? ksys_write+0x1ac/0x250
[ 1797.173588][T26874]  ? __pfx_ksys_write+0x10/0x10
[ 1797.173612][T26874]  do_syscall_64+0x106/0xf80
[ 1797.173635][T26874]  ? clear_bhb_loop+0x40/0x90
[ 1797.173657][T26874]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1797.173676][T26874] RIP: 0033:0x7f574f19c799
[ 1797.173692][T26874] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1797.173709][T26874] RSP: 002b:00007f574ff75028 EFLAGS: 00000246 ORIG_RAX: 00000000000001ab
[ 1797.173727][T26874] RAX: ffffffffffffffda RBX: 00007f574f415fa0 RCX: 00007f574f19c799
[ 1797.173739][T26874] RDX: 0000200000000000 RSI: 0000000000000023 RDI: ffffffffffffffff
[ 1797.173750][T26874] RBP: 00007f574ff75090 R08: 0000000000000000 R09: 0000000000000000
[ 1797.173761][T26874] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1797.173771][T26874] R13: 00007f574f416038 R14: 00007f574f415fa0 R15: 00007ffea4a7c1b8
[ 1797.173795][T26874]  </TASK>
[ 1797.434728][   T30] audit: type=1400 audit(2000000473.620:846): avc:  denied  { watch watch_reads } for  pid=26867 comm="syz.1.5350" path="/" dev="configfs" ino=1186 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[ 1797.485758][T26798] Bluetooth: hci3: command tx timeout
[ 1797.494482][T26796] bridge_slave_1: entered allmulticast mode
[ 1797.517920][T26796] bridge_slave_1: entered promiscuous mode
[ 1797.610777][   T30] audit: type=1400 audit(2000000473.630:847): avc:  denied  { write } for  pid=26867 comm="syz.1.5350" name="renderD128" dev="devtmpfs" ino=626 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[ 1797.716429][   T30] audit: type=1400 audit(2000000474.450:848): avc:  denied  { set_context_mgr } for  pid=26875 comm="syz.1.5354" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[ 1798.260169][T26796] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1798.687135][T26796] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1798.770705][ T6487] bridge0: port 3(batadv0) entered disabled state
[ 1798.881941][ T6487] bridge_slave_1: left allmulticast mode
[ 1798.891069][ T6487] bridge_slave_1: left promiscuous mode
[ 1798.901579][ T6487] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1798.944987][ T6487] bridge_slave_0: left allmulticast mode
[ 1798.951007][ T6487] bridge_slave_0: left promiscuous mode
[ 1798.957157][ T6487] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1799.178834][T26898] netlink: 24 bytes leftover after parsing attributes in process `syz.6.5358'.
[ 1799.480971][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[ 1799.488985][    C1] lec:lec_tx_timeout: lec0
[ 1799.493791][    C1] lec:lec_start_xmit: lec0:No lecd attached
[ 1800.001048][T26798] Bluetooth: hci3: command tx timeout
[ 1801.355095][ T6487] .` (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1801.431572][ T6487] .` (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1801.495660][ T6487] .` (unregistering): Released all slaves
[ 1801.540719][T26898] bond0: ARP target 8.4.0.0 is already present
[ 1801.547003][T26898] bond0: option arp_ip_target: invalid value (1032)
[ 1801.796669][ T6487] : left promiscuous mode
[ 1802.306154][T26796] team0: Port device team_slave_0 added
[ 1802.318853][T26796] team0: Port device team_slave_1 added
[ 1802.496546][T26796] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1802.530342][T26796] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1802.629448][T26796] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1802.688559][T26796] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1802.721187][T26796] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1802.787703][T26796] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1803.680950][T26796] hsr_slave_0: entered promiscuous mode
[ 1803.689420][T26796] hsr_slave_1: entered promiscuous mode
[ 1803.960425][T26796] debugfs: 'hsr0' already exists in 'hsr'
[ 1803.971352][T26796] Cannot create hsr debugfs directory
[ 1804.079663][   T30] audit: type=1400 audit(2000000481.120:849): avc:  denied  { unmount } for  pid=18026 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[ 1804.187786][ T6487] hsr_slave_0: left promiscuous mode
[ 1804.206676][ T6487] hsr_slave_1: left promiscuous mode
[ 1804.221714][ T6487] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1804.248856][ T6487] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1804.302447][ T6487] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1804.318987][ T6487] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1804.416907][ T6487] veth1_macvtap: left promiscuous mode
[ 1804.422668][ T6487] veth0_macvtap: left promiscuous mode
[ 1804.428553][ T6487] veth1_vlan: left promiscuous mode
[ 1804.500965][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[ 1804.508984][    C1] lec:lec_tx_timeout: lec0
[ 1804.513673][    C1] lec:lec_start_xmit: lec0:No lecd attached
[ 1804.692383][ T6487] veth0_vlan: left promiscuous mode
[ 1805.824451][   T30] audit: type=1800 audit(2000000482.540:850): pid=26962 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.5.5371" name="file0" dev="overlay" ino=1486 res=0 errno=0
[ 1806.181046][ T5867] usb 4-1: new high-speed USB device number 53 using dummy_hcd
[ 1806.216515][ T6487] team0 (unregistering): Port device team_slave_1 removed
[ 1806.245054][ T6487] team0 (unregistering): Port device team_slave_0 removed
[ 1806.343838][ T5867] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1806.384044][ T5867] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[ 1806.419360][ T5867] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1806.447899][ T5867] usb 4-1: config 0 descriptor??
[ 1806.478540][ T5867] pwc: Askey VC010 type 2 USB webcam detected.
[ 1807.223999][T26974] F2FS-fs: Value of option "test_dummy_encryption" is unrecognized
[ 1807.533727][ T5867] pwc: recv_control_msg error -71 req 02 val 2700
[ 1807.562260][ T5867] pwc: recv_control_msg error -71 req 02 val 2c00
[ 1807.583276][ T5867] pwc: recv_control_msg error -71 req 04 val 1000
[ 1807.616869][ T5867] pwc: recv_control_msg error -71 req 04 val 1300
[ 1807.641684][ T5867] pwc: recv_control_msg error -71 req 04 val 1400
[ 1807.679417][ T5867] pwc: recv_control_msg error -71 req 02 val 2000
[ 1807.702376][ T5867] pwc: recv_control_msg error -71 req 02 val 2100
[ 1807.712315][T26796] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 1807.741663][ T5867] pwc: recv_control_msg error -71 req 04 val 1500
[ 1807.834598][T26796] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 1807.841029][ T5867] pwc: recv_control_msg error -71 req 02 val 2500
[ 1807.869746][ T5867] pwc: recv_control_msg error -71 req 02 val 2400
[ 1807.871819][T26796] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 1808.326134][ T5867] pwc: recv_control_msg error -71 req 02 val 2600
[ 1808.347351][ T5867] pwc: recv_control_msg error -71 req 02 val 2900
[ 1808.362820][ T5867] pwc: recv_control_msg error -71 req 02 val 2800
[ 1808.603275][T26796] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 1808.666405][ T5867] pwc: recv_control_msg error -71 req 04 val 1100
[ 1808.678331][T26996] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[ 1808.685966][T26996] IPv6: NLM_F_CREATE should be set when creating new route
[ 1808.725168][ T5867] pwc: recv_control_msg error -71 req 04 val 1200
[ 1808.736484][ T5867] pwc: Registered as video103.
[ 1808.742876][ T5867] input: PWC snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/input/input173
[ 1808.821961][ T5867] usb 4-1: USB disconnect, device number 53
[ 1809.520938][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[ 1809.529005][    C1] lec:lec_tx_timeout: lec0
[ 1809.534538][    C1] lec:lec_start_xmit: lec0:No lecd attached
[ 1809.618171][T26796] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1809.745164][T26796] 8021q: adding VLAN 0 to HW filter on device team0
[ 1810.000171][T13488] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1810.007357][T13488] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1810.398344][T24326] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1810.405524][T24326] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1810.555300][T27026] fuse: Bad value for 'fd'
[ 1810.851106][T22908] usb 4-1: new full-speed USB device number 54 using dummy_hcd
[ 1811.014541][T22908] usb 4-1: config 0 interface 0 altsetting 251 has an endpoint descriptor with address 0x93, changing to 0x83
[ 1811.050411][T26796] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1811.065577][T22908] usb 4-1: config 0 interface 0 altsetting 251 endpoint 0x83 has invalid maxpacket 64602, setting to 64
[ 1811.126081][T22908] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1811.157631][T22908] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[ 1811.177974][T22908] usb 4-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[ 1811.212480][T26796] veth0_vlan: entered promiscuous mode
[ 1811.229098][T22908] usb 4-1: Product: syz
[ 1811.251515][T22908] usb 4-1: Manufacturer: syz
[ 1811.272333][T26796] veth1_vlan: entered promiscuous mode
[ 1811.278936][T22908] usb 4-1: SerialNumber: syz
[ 1811.324756][T22908] usb 4-1: config 0 descriptor??
[ 1811.354382][T27026] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 1811.373808][T22908] usb 4-1: selecting invalid altsetting 0
[ 1811.416000][T26796] veth0_macvtap: entered promiscuous mode
[ 1811.487530][T26796] veth1_macvtap: entered promiscuous mode
[ 1811.538858][T26796] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1811.575082][T26796] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1811.793453][ T1334] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1811.841205][ T1334] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1811.899181][ T1334] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1811.950385][ T1334] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1812.028079][T13488] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1812.053535][T13488] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1812.136772][ T6481] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1812.155757][ T6481] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1813.354439][T21639] usb 4-1: USB disconnect, device number 54
[ 1813.488531][T27079] netlink: 68 bytes leftover after parsing attributes in process `syz.6.5385'.
[ 1814.072294][T27082] FAULT_INJECTION: forcing a failure.
[ 1814.072294][T27082] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1814.166750][T27082] CPU: 1 UID: 0 PID: 27082 Comm: syz.3.5387 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1814.166781][T27082] Tainted: [L]=SOFTLOCKUP
[ 1814.166788][T27082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1814.166798][T27082] Call Trace:
[ 1814.166804][T27082]  <TASK>
[ 1814.166811][T27082]  dump_stack_lvl+0x100/0x190
[ 1814.166845][T27082]  should_fail_ex.cold+0x5/0xa
[ 1814.166869][T27082]  copy_fpstate_to_sigframe+0x861/0xb20
[ 1814.166899][T27082]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1814.166921][T27082]  ? __pfx_copy_fpstate_to_sigframe+0x10/0x10
[ 1814.166959][T27082]  ? rcu_is_watching+0x12/0xc0
[ 1814.166981][T27082]  ? irqentry_exit+0x180/0x670
[ 1814.167004][T27082]  ? x86_task_fpu+0x5f/0x90
[ 1814.167027][T27082]  get_sigframe+0x3fb/0x940
[ 1814.167055][T27082]  ? __pfx_get_sigframe+0x10/0x10
[ 1814.167080][T27082]  ? siginfo_layout+0x156/0x290
[ 1814.167107][T27082]  x64_setup_rt_frame+0x12f/0xce0
[ 1814.167136][T27082]  ? __pfx_x64_setup_rt_frame+0x10/0x10
[ 1814.167161][T27082]  ? __mutex_unlock_slowpath+0x15c/0x790
[ 1814.167186][T27082]  ? __fget_files+0x215/0x3d0
[ 1814.167208][T27082]  arch_do_signal_or_restart+0x59e/0x7a0
[ 1814.167234][T27082]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 1814.167264][T27082]  ? ksys_write+0x1ac/0x250
[ 1814.167287][T27082]  exit_to_user_mode_loop+0x86/0x4a0
[ 1814.167309][T27082]  do_syscall_64+0x67c/0xf80
[ 1814.167332][T27082]  ? clear_bhb_loop+0x40/0x90
[ 1814.167355][T27082]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1814.167373][T27082] RIP: 0033:0x7ff80ab5cfce
[ 1814.167388][T27082] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[ 1814.167406][T27082] RSP: 002b:00007ff808df5fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1814.167423][T27082] RAX: 0000000000000001 RBX: 00007ff808df66c0 RCX: 00007ff80ab5cfce
[ 1814.167435][T27082] RDX: 0000000000000001 RSI: 00007ff808df6090 RDI: 0000000000000005
[ 1814.167445][T27082] RBP: 00007ff808df6090 R08: 0000000000000000 R09: 0000000000000000
[ 1814.167455][T27082] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1814.167465][T27082] R13: 00007ff80ae16038 R14: 00007ff80ae15fa0 R15: 00007ffd7c0a0f88
[ 1814.167489][T27082]  </TASK>
[ 1814.540961][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[ 1814.549112][    C1] lec:lec_tx_timeout: lec0
[ 1814.554740][    C1] lec:lec_start_xmit: lec0:No lecd attached
[ 1815.795249][T27120] FAULT_INJECTION: forcing a failure.
[ 1815.795249][T27120] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1816.153925][T27120] CPU: 1 UID: 0 PID: 27120 Comm: syz.5.5399 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1816.153946][T27120] Tainted: [L]=SOFTLOCKUP
[ 1816.153951][T27120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1816.153957][T27120] Call Trace:
[ 1816.153962][T27120]  <TASK>
[ 1816.153967][T27120]  dump_stack_lvl+0x100/0x190
[ 1816.153990][T27120]  should_fail_ex.cold+0x5/0xa
[ 1816.154006][T27120]  _copy_from_user+0x2e/0xd0
[ 1816.154019][T27120]  copy_msghdr_from_user+0x9f/0x4f0
[ 1816.154032][T27120]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 1816.154051][T27120]  ___sys_sendmsg+0x106/0x1e0
[ 1816.154063][T27120]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1816.154091][T27120]  __sys_sendmsg+0x170/0x220
[ 1816.154106][T27120]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1816.154130][T27120]  do_syscall_64+0x106/0xf80
[ 1816.154146][T27120]  ? clear_bhb_loop+0x40/0x90
[ 1816.154160][T27120]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1816.154173][T27120] RIP: 0033:0x7efe7219c799
[ 1816.154183][T27120] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1816.154199][T27120] RSP: 002b:00007efe730f1028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1816.154211][T27120] RAX: ffffffffffffffda RBX: 00007efe72415fa0 RCX: 00007efe7219c799
[ 1816.154218][T27120] RDX: 0000000000000000 RSI: 00002000000003c0 RDI: 0000000000000004
[ 1816.154225][T27120] RBP: 00007efe730f1090 R08: 0000000000000000 R09: 0000000000000000
[ 1816.154231][T27120] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1816.154238][T27120] R13: 00007efe72416038 R14: 00007efe72415fa0 R15: 00007fffb6973788
[ 1816.154252][T27120]  </TASK>
[ 1816.381397][   T29] usb 7-1: new high-speed USB device number 42 using dummy_hcd
[ 1816.531192][   T29] usb 7-1: Using ep0 maxpacket: 16
[ 1816.537695][   T29] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1816.548224][   T29] usb 7-1: config 1 has 0 interfaces, different from the descriptor's value: 3
[ 1816.567997][   T29] usb 7-1: New USB device found, idVendor=0022, idProduct=f2ab, bcdDevice= 2.e6
[ 1816.577328][   T29] usb 7-1: New USB device strings: Mfr=201, Product=53, SerialNumber=3
[ 1816.608749][   T29] usb 7-1: Product: syz
[ 1816.632745][   T29] usb 7-1: Manufacturer: syz
[ 1816.648721][   T29] usb 7-1: SerialNumber: syz
[ 1817.148930][   T29] usb 7-1: USB disconnect, device number 42
[ 1817.680837][T27137] netlink: 'syz.1.5402': attribute type 1 has an invalid length.
[ 1819.571122][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5020 ms
[ 1819.579215][    C1] lec:lec_tx_timeout: lec0
[ 1819.583899][    C1] lec:lec_start_xmit: lec0:No lecd attached
[ 1821.062431][ T5921] usb 4-1: new full-speed USB device number 55 using dummy_hcd
[ 1821.241140][T21639] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[ 1821.262472][ T5921] usb 4-1: config 0 has an invalid interface number: 31 but max is 0
[ 1821.270606][ T5921] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1821.297531][ T5921] usb 4-1: config 0 has no interface number 0
[ 1821.317545][ T5921] usb 4-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[ 1821.342462][ T5921] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1821.363615][ T5921] usb 4-1: Product: syz
[ 1821.374225][ T5921] usb 4-1: Manufacturer: syz
[ 1821.386785][ T5921] usb 4-1: SerialNumber: syz
[ 1821.392605][T21639] usb 6-1: Using ep0 maxpacket: 16
[ 1821.412669][T21639] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1821.428600][ T5921] usb 4-1: config 0 descriptor??
[ 1821.440502][ T5921] hub 4-1:0.31: bad descriptor, ignoring hub
[ 1821.449540][T21639] usb 6-1: config 1 has 0 interfaces, different from the descriptor's value: 3
[ 1821.468680][ T5921] hub 4-1:0.31: probe with driver hub failed with error -5
[ 1821.483539][T21639] usb 6-1: New USB device found, idVendor=0022, idProduct=f2ab, bcdDevice= 2.e6
[ 1821.564485][ T5921] uvcvideo 4-1:0.31: Found UVC 0.04 device syz (046d:08c3)
[ 1821.580576][T21639] usb 6-1: New USB device strings: Mfr=201, Product=53, SerialNumber=3
[ 1821.604326][ T5921] uvcvideo 4-1:0.31: No valid video chain found.
[ 1821.610781][T21639] usb 6-1: Product: syz
[ 1821.641017][T21639] usb 6-1: Manufacturer: syz
[ 1821.702026][ T5921] usb 4-1: USB disconnect, device number 55
[ 1821.708109][T21639] usb 6-1: SerialNumber: syz
[ 1822.053612][T27178] syzkaller0: entered promiscuous mode
[ 1822.072669][T27178] syzkaller0: entered allmulticast mode
[ 1822.123852][ T5921] usb 6-1: USB disconnect, device number 14
[ 1822.862182][T27193] FAULT_INJECTION: forcing a failure.
[ 1822.862182][T27193] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1822.879767][T27195] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1822.953055][T27193] CPU: 1 UID: 0 PID: 27193 Comm: syz.5.5418 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1822.953089][T27193] Tainted: [L]=SOFTLOCKUP
[ 1822.953095][T27193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1822.953106][T27193] Call Trace:
[ 1822.953117][T27193]  <TASK>
[ 1822.953125][T27193]  dump_stack_lvl+0x100/0x190
[ 1822.953159][T27193]  should_fail_ex.cold+0x5/0xa
[ 1822.953183][T27193]  _copy_from_user+0x2e/0xd0
[ 1822.953202][T27193]  copy_msghdr_from_user+0x9f/0x4f0
[ 1822.953223][T27193]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 1822.953246][T27193]  ? __pfx__kstrtoull+0x10/0x10
[ 1822.953274][T27193]  ___sys_sendmsg+0x106/0x1e0
[ 1822.953292][T27193]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1822.953322][T27193]  ? find_held_lock+0x2b/0x80
[ 1822.953359][T27193]  __sys_sendmmsg+0x205/0x430
[ 1822.953385][T27193]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1822.953417][T27193]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1822.953453][T27193]  ? fput+0x79/0x100
[ 1822.953474][T27193]  ? ksys_write+0x1ac/0x250
[ 1822.953490][T27193]  ? __pfx_ksys_write+0x10/0x10
[ 1822.953511][T27193]  __x64_sys_sendmmsg+0x9c/0x100
[ 1822.953534][T27193]  ? lockdep_hardirqs_on+0x78/0x100
[ 1822.953558][T27193]  do_syscall_64+0x106/0xf80
[ 1822.953581][T27193]  ? clear_bhb_loop+0x40/0x90
[ 1822.953604][T27193]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1822.953622][T27193] RIP: 0033:0x7efe7219c799
[ 1822.953638][T27193] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1822.953654][T27193] RSP: 002b:00007efe730f1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1822.953673][T27193] RAX: ffffffffffffffda RBX: 00007efe72415fa0 RCX: 00007efe7219c799
[ 1822.953684][T27193] RDX: 0000000000000001 RSI: 0000200000000200 RDI: 0000000000000003
[ 1822.953695][T27193] RBP: 00007efe730f1090 R08: 0000000000000000 R09: 0000000000000000
[ 1822.953706][T27193] R10: 0000000004000800 R11: 0000000000000246 R12: 0000000000000001
[ 1822.953716][T27193] R13: 00007efe72416038 R14: 00007efe72415fa0 R15: 00007fffb6973788
[ 1822.953741][T27193]  </TASK>
[ 1823.022625][T27199] FAULT_INJECTION: forcing a failure.
[ 1823.022625][T27199] name failslab, interval 1, probability 0, space 0, times 0
[ 1824.086667][T27199] CPU: 0 UID: 0 PID: 27199 Comm: syz.6.5420 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1824.086697][T27199] Tainted: [L]=SOFTLOCKUP
[ 1824.086703][T27199] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1824.086714][T27199] Call Trace:
[ 1824.086719][T27199]  <TASK>
[ 1824.086726][T27199]  dump_stack_lvl+0x100/0x190
[ 1824.086759][T27199]  should_fail_ex.cold+0x5/0xa
[ 1824.086783][T27199]  ? tomoyo_realpath_from_path+0xb6/0x690
[ 1824.086809][T27199]  should_failslab+0xc2/0x120
[ 1824.086828][T27199]  __kmalloc_noprof+0xe0/0x850
[ 1824.086864][T27199]  tomoyo_realpath_from_path+0xb6/0x690
[ 1824.086894][T27199]  tomoyo_path_number_perm+0x23c/0x580
[ 1824.086915][T27199]  ? tomoyo_path_number_perm+0x22e/0x580
[ 1824.086939][T27199]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1824.086987][T27199]  ? find_held_lock+0x2b/0x80
[ 1824.087010][T27199]  ? __fget_files+0x215/0x3d0
[ 1824.087029][T27199]  ? hook_file_ioctl_common+0x146/0x410
[ 1824.087052][T27199]  ? __fget_files+0x21f/0x3d0
[ 1824.087076][T27199]  security_file_ioctl+0xd3/0x230
[ 1824.087101][T27199]  __x64_sys_ioctl+0xb7/0x210
[ 1824.087130][T27199]  do_syscall_64+0x106/0xf80
[ 1824.087153][T27199]  ? clear_bhb_loop+0x40/0x90
[ 1824.087176][T27199]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1824.087194][T27199] RIP: 0033:0x7f3c53f9c799
[ 1824.087209][T27199] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1824.087226][T27199] RSP: 002b:00007f3c54d9f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1824.087244][T27199] RAX: ffffffffffffffda RBX: 00007f3c54216090 RCX: 00007f3c53f9c799
[ 1824.087255][T27199] RDX: 0000200000000000 RSI: 0000000000003b89 RDI: 0000000000000003
[ 1824.087266][T27199] RBP: 00007f3c54d9f090 R08: 0000000000000000 R09: 0000000000000000
[ 1824.087276][T27199] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1824.087286][T27199] R13: 00007f3c54216128 R14: 00007f3c54216090 R15: 00007ffda735fb38
[ 1824.087312][T27199]  </TASK>
[ 1824.087320][T27199] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1824.440212][T27213] input: syz1 as /devices/virtual/input/input175
[ 1825.196661][T27222] xt_policy: neither incoming nor outgoing policy selected
[ 1825.790958][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 6210 ms
[ 1825.798998][    C1] lec:lec_tx_timeout: lec0
[ 1825.804906][    C1] lec:lec_start_xmit: lec0:No lecd attached
[ 1827.021190][ T5860] usb 1-1: new high-speed USB device number 33 using dummy_hcd
[ 1827.271545][ T5860] usb 1-1: Using ep0 maxpacket: 16
[ 1827.780478][T27238] FAULT_INJECTION: forcing a failure.
[ 1827.780478][T27238] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1827.800217][ T5860] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1827.817868][T27238] CPU: 0 UID: 0 PID: 27238 Comm: syz.1.5431 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1827.817899][T27238] Tainted: [L]=SOFTLOCKUP
[ 1827.817905][T27238] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1827.817916][T27238] Call Trace:
[ 1827.817923][T27238]  <TASK>
[ 1827.817930][T27238]  dump_stack_lvl+0x100/0x190
[ 1827.817969][T27238]  should_fail_ex.cold+0x5/0xa
[ 1827.817992][T27238]  strncpy_from_user+0x3b/0x2d0
[ 1827.818019][T27238]  ? find_held_lock+0x2b/0x80
[ 1827.818046][T27238]  path_getxattrat+0x102/0x430
[ 1827.818068][T27238]  ? __pfx_path_getxattrat+0x10/0x10
[ 1827.818088][T27238]  ? ksys_write+0x190/0x250
[ 1827.818107][T27238]  ? __mutex_unlock_slowpath+0x15c/0x790
[ 1827.818146][T27238]  ? __pfx_ksys_write+0x10/0x10
[ 1827.818164][T27238]  do_syscall_64+0x106/0xf80
[ 1827.818184][T27238]  ? clear_bhb_loop+0x40/0x90
[ 1827.818201][T27238]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1827.818216][T27238] RIP: 0033:0x7f574f19c799
[ 1827.818229][T27238] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1827.818243][T27238] RSP: 002b:00007f574d3d5028 EFLAGS: 00000246 ORIG_RAX: 00000000000000c0
[ 1827.818257][T27238] RAX: ffffffffffffffda RBX: 00007f574f416180 RCX: 00007f574f19c799
[ 1827.818267][T27238] RDX: 00002000000002c0 RSI: 0000200000000280 RDI: 0000200000000000
[ 1827.818276][T27238] RBP: 00007f574d3d5090 R08: 0000000000000000 R09: 0000000000000000
[ 1827.818284][T27238] R10: fffffffffffffe5f R11: 0000000000000246 R12: 0000000000000001
[ 1827.818293][T27238] R13: 00007f574f416218 R14: 00007f574f416180 R15: 00007ffea4a7c1b8
[ 1827.818312][T27238]  </TASK>
[ 1828.203634][ T5860] usb 1-1: config 1 has 0 interfaces, different from the descriptor's value: 3
[ 1828.272907][ T5860] usb 1-1: New USB device found, idVendor=0022, idProduct=f2ab, bcdDevice= 2.e6
[ 1828.371073][ T5860] usb 1-1: New USB device strings: Mfr=201, Product=53, SerialNumber=3
[ 1828.806583][ T5860] usb 1-1: Product: syz
[ 1828.827794][ T5860] usb 1-1: Manufacturer: syz
[ 1828.853002][ T5860] usb 1-1: SerialNumber: syz
[ 1829.433451][ T5921] usb 1-1: USB disconnect, device number 33
[ 1829.554314][   T30] audit: type=1400 audit(2000000506.550:851): avc:  denied  { getopt } for  pid=27248 comm="syz.5.5434" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[ 1830.403918][T27251] ecryptfs_validate_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README
[ 1830.427610][T27251] Error validating options; rc = [-22]
[ 1831.550945][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5750 ms
[ 1831.559037][    C1] lec:lec_tx_timeout: lec0
[ 1831.563793][    C1] lec:lec_start_xmit: lec0:No lecd attached
[ 1836.222964][T27305] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1836.570934][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[ 1836.578955][    C1] lec:lec_tx_timeout: lec0
[ 1836.583820][    C1] lec:lec_start_xmit: lec0:No lecd attached
[ 1836.850591][T27311] 9p: Bad value for 'rfdno'
[ 1837.959707][T27326] devpts: Bad value for 'max'
[ 1839.816162][T27345] FAULT_INJECTION: forcing a failure.
[ 1839.816162][T27345] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1839.829414][T27345] CPU: 0 UID: 0 PID: 27345 Comm: syz.1.5456 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1839.829435][T27345] Tainted: [L]=SOFTLOCKUP
[ 1839.829439][T27345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1839.829447][T27345] Call Trace:
[ 1839.829451][T27345]  <TASK>
[ 1839.829456][T27345]  dump_stack_lvl+0x100/0x190
[ 1839.829478][T27345]  should_fail_ex.cold+0x5/0xa
[ 1839.829493][T27345]  _copy_from_user+0x2e/0xd0
[ 1839.829506][T27345]  copy_msghdr_from_user+0x9f/0x4f0
[ 1839.829519][T27345]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 1839.829537][T27345]  ___sys_sendmsg+0x106/0x1e0
[ 1839.829549][T27345]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1839.829581][T27345]  __sys_sendmsg+0x170/0x220
[ 1839.829596][T27345]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1839.829620][T27345]  do_syscall_64+0x106/0xf80
[ 1839.829635][T27345]  ? clear_bhb_loop+0x40/0x90
[ 1839.829649][T27345]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1839.829661][T27345] RIP: 0033:0x7f574f19c799
[ 1839.829671][T27345] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1839.829682][T27345] RSP: 002b:00007f574ff75028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1839.829694][T27345] RAX: ffffffffffffffda RBX: 00007f574f415fa0 RCX: 00007f574f19c799
[ 1839.829701][T27345] RDX: 0000000020000000 RSI: 0000200000000140 RDI: 0000000000000003
[ 1839.829708][T27345] RBP: 00007f574ff75090 R08: 0000000000000000 R09: 0000000000000000
[ 1839.829714][T27345] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1839.829721][T27345] R13: 00007f574f416038 R14: 00007f574f415fa0 R15: 00007ffea4a7c1b8
[ 1839.829735][T27345]  </TASK>
[ 1840.461151][   T30] audit: type=1400 audit(2000000517.480:852): avc:  denied  { listen } for  pid=27349 comm="syz.5.5459" path=0000204E0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1
[ 1841.471136][   T30] audit: type=1400 audit(2000000518.410:853): avc:  denied  { connect } for  pid=27358 comm="syz.5.5461" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[ 1842.431218][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5850 ms
[ 1842.439228][    C1] lec:lec_tx_timeout: lec0
[ 1842.450974][    C1] lec:lec_start_xmit: lec0:No lecd attached
[ 1843.031904][T27372] xt_policy: neither incoming nor outgoing policy selected
[ 1843.605439][T27376] netlink: 36 bytes leftover after parsing attributes in process `syz.3.5465'.
[ 1843.684537][T27379] FAULT_INJECTION: forcing a failure.
[ 1843.684537][T27379] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1843.728542][T27379] CPU: 0 UID: 0 PID: 27379 Comm: syz.6.5466 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1843.728562][T27379] Tainted: [L]=SOFTLOCKUP
[ 1843.728566][T27379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1843.728573][T27379] Call Trace:
[ 1843.728577][T27379]  <TASK>
[ 1843.728583][T27379]  dump_stack_lvl+0x100/0x190
[ 1843.728605][T27379]  should_fail_ex.cold+0x5/0xa
[ 1843.728621][T27379]  _copy_from_user+0x2e/0xd0
[ 1843.728640][T27379]  __sys_bpf+0x243/0x4b90
[ 1843.728655][T27379]  ? __pfx___sys_bpf+0x10/0x10
[ 1843.728666][T27379]  ? proc_fail_nth_write+0x9f/0x220
[ 1843.728683][T27379]  ? find_held_lock+0x2b/0x80
[ 1843.728702][T27379]  ? find_held_lock+0x2b/0x80
[ 1843.728716][T27379]  ? ksys_write+0x190/0x250
[ 1843.728729][T27379]  ? __mutex_unlock_slowpath+0x15c/0x790
[ 1843.728746][T27379]  ? __fget_files+0x215/0x3d0
[ 1843.728764][T27379]  ? fput+0x79/0x100
[ 1843.728777][T27379]  ? ksys_write+0x1ac/0x250
[ 1843.728791][T27379]  ? __pfx_ksys_write+0x10/0x10
[ 1843.728803][T27379]  __x64_sys_bpf+0x7b/0xc0
[ 1843.728816][T27379]  ? lockdep_hardirqs_on+0x78/0x100
[ 1843.728831][T27379]  do_syscall_64+0x106/0xf80
[ 1843.728847][T27379]  ? clear_bhb_loop+0x40/0x90
[ 1843.728861][T27379]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1843.728873][T27379] RIP: 0033:0x7f3c53f9c799
[ 1843.728884][T27379] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1843.728895][T27379] RSP: 002b:00007f3c54dc0028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1843.728906][T27379] RAX: ffffffffffffffda RBX: 00007f3c54215fa0 RCX: 00007f3c53f9c799
[ 1843.728914][T27379] RDX: 0000000000000094 RSI: 0000200000000700 RDI: 0000000000000005
[ 1843.728920][T27379] RBP: 00007f3c54dc0090 R08: 0000000000000000 R09: 0000000000000000
[ 1843.728927][T27379] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1843.728933][T27379] R13: 00007f3c54216038 R14: 00007f3c54215fa0 R15: 00007ffda735fb38
[ 1843.728947][T27379]  </TASK>
[ 1844.688636][T27394] FAULT_INJECTION: forcing a failure.
[ 1844.688636][T27394] name failslab, interval 1, probability 0, space 0, times 0
[ 1844.718891][T27394] CPU: 0 UID: 0 PID: 27394 Comm: syz.0.5470 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1844.718922][T27394] Tainted: [L]=SOFTLOCKUP
[ 1844.718928][T27394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1844.718937][T27394] Call Trace:
[ 1844.718944][T27394]  <TASK>
[ 1844.718951][T27394]  dump_stack_lvl+0x100/0x190
[ 1844.718983][T27394]  should_fail_ex.cold+0x5/0xa
[ 1844.719006][T27394]  ? tomoyo_realpath_from_path+0xb6/0x690
[ 1844.719031][T27394]  should_failslab+0xc2/0x120
[ 1844.719051][T27394]  __kmalloc_noprof+0xe0/0x850
[ 1844.719082][T27394]  tomoyo_realpath_from_path+0xb6/0x690
[ 1844.719115][T27394]  tomoyo_path_number_perm+0x23c/0x580
[ 1844.719137][T27394]  ? tomoyo_path_number_perm+0x22e/0x580
[ 1844.719160][T27394]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1844.719208][T27394]  ? find_held_lock+0x2b/0x80
[ 1844.719231][T27394]  ? __fget_files+0x215/0x3d0
[ 1844.719248][T27394]  ? hook_file_ioctl_common+0x146/0x410
[ 1844.719270][T27394]  ? __fget_files+0x21f/0x3d0
[ 1844.719291][T27394]  security_file_ioctl+0xd3/0x230
[ 1844.719317][T27394]  __x64_sys_ioctl+0xb7/0x210
[ 1844.719344][T27394]  do_syscall_64+0x106/0xf80
[ 1844.719367][T27394]  ? clear_bhb_loop+0x40/0x90
[ 1844.719388][T27394]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1844.719405][T27394] RIP: 0033:0x7f08a239c799
[ 1844.719421][T27394] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1844.719437][T27394] RSP: 002b:00007f08a3232028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1844.719454][T27394] RAX: ffffffffffffffda RBX: 00007f08a2616090 RCX: 00007f08a239c799
[ 1844.719466][T27394] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[ 1844.719475][T27394] RBP: 00007f08a3232090 R08: 0000000000000000 R09: 0000000000000000
[ 1844.719486][T27394] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1844.719495][T27394] R13: 00007f08a2616128 R14: 00007f08a2616090 R15: 00007fffbfd07a28
[ 1844.719518][T27394]  </TASK>
[ 1844.719543][T27394] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1844.721009][   T29] usb 4-1: new high-speed USB device number 56 using dummy_hcd
[ 1845.647410][   T29] usb 4-1: Using ep0 maxpacket: 8
[ 1846.025011][   T29] usb 4-1: config 179 has an invalid interface number: 65 but max is 0
[ 1846.053693][   T29] usb 4-1: config 179 has no interface number 0
[ 1846.113350][   T29] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9
[ 1846.381255][   T29] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024
[ 1846.401146][   T29] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 52, changing to 9
[ 1846.412602][   T29] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid maxpacket 8241, setting to 1024
[ 1846.442890][   T29] usb 4-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1846.531302][   T29] usb 4-1: config 179 interface 65 has no altsetting 0
[ 1846.578694][   T29] usb 4-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[ 1846.624734][   T29] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1846.694972][   T29] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:179.65/input/input176
[ 1846.789577][ T5164] input input176: unable to receive magic message: -110
[ 1846.913781][T27414] ADFS-fs (nbd6): error: unable to read block 3, try 0
[ 1847.058007][T27387] input input176: unable to receive magic message: -32
[ 1847.074003][T27419] netlink: 'syz.1.5477': attribute type 1 has an invalid length.
[ 1847.100420][ T5860] usb 4-1: USB disconnect, device number 56
[ 1847.106401][    C1] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[ 1847.198432][T27419] bond2: entered promiscuous mode
[ 1847.204138][T27419] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1847.257257][T27424] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1847.298697][T27424] bond2: (slave vti0): The slave device specified does not support setting the MAC address
[ 1847.352516][T27424] bond2: (slave vti0): Setting fail_over_mac to active for active-backup mode
[ 1847.460933][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[ 1847.468984][    C1] lec:lec_tx_timeout: lec0
[ 1847.473663][    C1] lec:lec_start_xmit: lec0:No lecd attached
[ 1847.519150][T27424] bond2: (slave vti0): making interface the new active one
[ 1847.545347][T27424] vti0: entered promiscuous mode
[ 1847.576222][T27424] bond2: (slave vti0): Enslaving as an active interface with an up link
[ 1847.732888][T27430] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5480'.
[ 1847.746122][T27430] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5480'.
[ 1847.757229][T13488] netdevsim netdevsim6 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[ 1847.776161][T13488] netdevsim netdevsim6 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[ 1847.806426][T13488] netdevsim netdevsim6 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[ 1847.834880][T13488] netdevsim netdevsim6 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[ 1848.011172][ T5867] usb 7-1: new high-speed USB device number 43 using dummy_hcd
[ 1848.105872][   T30] audit: type=1400 audit(2000000525.150:854): avc:  denied  { write } for  pid=27434 comm="syz.1.5481" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[ 1848.194769][ T5867] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1848.209518][ T5867] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1848.225100][ T5867] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1848.238456][ T5867] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1848.266013][ T5867] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1848.299097][ T5867] usb 7-1: config 0 descriptor??
[ 1848.555849][   T29] usb 2-1: new high-speed USB device number 46 using dummy_hcd
[ 1848.797460][ T5867] plantronics 0003:047F:FFFF.0030: reserved main item tag 0xe
[ 1848.808054][ T5867] hid_parser_main: 193 callbacks suppressed
[ 1848.808067][ T5867] plantronics 0003:047F:FFFF.0030: unknown main item tag 0x0
[ 1848.833313][ T5867] plantronics 0003:047F:FFFF.0030: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0
[ 1848.845768][   T29] usb 2-1: Using ep0 maxpacket: 16
[ 1848.855019][   T29] usb 2-1: config 0 has an invalid interface number: 8 but max is 0
[ 1848.863676][   T29] usb 2-1: config 0 has no interface number 0
[ 1848.869773][   T29] usb 2-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1848.881032][   T29] usb 2-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1848.897707][   T29] usb 2-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[ 1848.907014][   T29] usb 2-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[ 1848.915425][   T29] usb 2-1: Product: syz
[ 1848.919866][   T29] usb 2-1: SerialNumber: syz
[ 1848.928755][   T29] usb 2-1: config 0 descriptor??
[ 1848.936751][   T29] cm109 2-1:0.8: invalid payload size 0, expected 4
[ 1848.952446][   T29] input: CM109 USB driver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.8/input/input177
[ 1848.981179][ T5921] usb 4-1: new high-speed USB device number 57 using dummy_hcd
[ 1849.162630][ T5921] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1849.179893][ T5921] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1849.191698][ T5921] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[ 1849.192339][T27443] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1849.216381][T27443] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1849.245592][ T5921] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[ 1849.248045][   T29] usb 7-1: USB disconnect, device number 43
[ 1849.273267][ T5921] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1849.277135][T27443] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1849.290330][ T5921] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1849.304446][T27443] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1849.339662][ T5921] usb 4-1: Product: syz
[ 1849.344346][ T5921] usb 4-1: Manufacturer: syz
[ 1849.350077][ T5921] usb 4-1: SerialNumber: syz
[ 1849.365446][    C1] cm109_urb_ctl_callback: 282 callbacks suppressed
[ 1849.365467][    C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1849.379072][    C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1849.386155][    C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1849.393404][    C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1849.398124][ T5921] usb 4-1: config 0 descriptor??
[ 1849.400533][    C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1849.412582][    C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1849.419677][    C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1849.426759][    C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1849.433827][    C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1849.440898][    C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1849.449668][ T5867] usb 2-1: USB disconnect, device number 46
[ 1849.455596][    C1] cm109 2-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[ 1849.472708][ T5867] cm109 2-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[ 1849.486377][ T5921] garmin_gps 4-1:0.0: Garmin GPS usb/tty converter detected
[ 1849.504661][ T5921] garmin_gps ttyUSB0: garmin_write_bulk - usb_submit_urb(write bulk) failed with status = -8
[ 1849.524061][ T5921] garmin_gps ttyUSB0: probe with driver garmin_gps failed with error -8
[ 1849.737497][T21639] usb 4-1: USB disconnect, device number 57
[ 1849.744469][T21639] garmin_gps 4-1:0.0: device disconnected
[ 1850.398385][T27466] netlink: 'syz.0.5490': attribute type 1 has an invalid length.
[ 1850.422045][ T5921] usb 2-1: new high-speed USB device number 47 using dummy_hcd
[ 1850.943281][T27467] geneve2: left promiscuous mode
[ 1851.140967][ T5921] usb 2-1: Using ep0 maxpacket: 16
[ 1851.183912][ T5921] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1851.204321][ T5921] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1851.257230][ T5921] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1851.317659][ T5921] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1851.340284][ T5921] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1851.379490][ T5921] usb 2-1: Manufacturer: syz
[ 1851.385199][   T30] audit: type=1400 audit(2000000528.400:855): avc:  denied  { map } for  pid=27470 comm="syz.3.5493" path="/dev/bus/usb/006/001" dev="devtmpfs" ino=736 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[ 1851.440397][ T5921] usb 2-1: config 0 descriptor??
[ 1851.812003][T27483] FAULT_INJECTION: forcing a failure.
[ 1851.812003][T27483] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1851.825322][T27483] CPU: 0 UID: 0 PID: 27483 Comm: syz.0.5496 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1851.825349][T27483] Tainted: [L]=SOFTLOCKUP
[ 1851.825355][T27483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1851.825366][T27483] Call Trace:
[ 1851.825372][T27483]  <TASK>
[ 1851.825379][T27483]  dump_stack_lvl+0x100/0x190
[ 1851.825411][T27483]  should_fail_ex.cold+0x5/0xa
[ 1851.825441][T27483]  _copy_from_user+0x2e/0xd0
[ 1851.825461][T27483]  copy_msghdr_from_user+0x9f/0x4f0
[ 1851.825482][T27483]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 1851.825512][T27483]  ___sys_sendmsg+0x106/0x1e0
[ 1851.825532][T27483]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1851.825580][T27483]  __sys_sendmsg+0x170/0x220
[ 1851.825604][T27483]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1851.825643][T27483]  do_syscall_64+0x106/0xf80
[ 1851.825667][T27483]  ? clear_bhb_loop+0x40/0x90
[ 1851.825688][T27483]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1851.825706][T27483] RIP: 0033:0x7f08a239c799
[ 1851.825721][T27483] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1851.825739][T27483] RSP: 002b:00007f08a3253028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1851.825757][T27483] RAX: ffffffffffffffda RBX: 00007f08a2615fa0 RCX: 00007f08a239c799
[ 1851.825769][T27483] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000003
[ 1851.825780][T27483] RBP: 00007f08a3253090 R08: 0000000000000000 R09: 0000000000000000
[ 1851.825791][T27483] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1851.825801][T27483] R13: 00007f08a2616038 R14: 00007f08a2615fa0 R15: 00007fffbfd07a28
[ 1851.825825][T27483]  </TASK>
[ 1852.480939][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[ 1852.488959][    C1] lec:lec_tx_timeout: lec0
[ 1852.501000][    C1] lec:lec_start_xmit: lec0:No lecd attached
[ 1852.793304][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[ 1853.144829][T27491] FAULT_INJECTION: forcing a failure.
[ 1853.144829][T27491] name failslab, interval 1, probability 0, space 0, times 0
[ 1853.157785][T27491] CPU: 1 UID: 0 PID: 27491 Comm: syz.0.5499 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1853.157812][T27491] Tainted: [L]=SOFTLOCKUP
[ 1853.157818][T27491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1853.157828][T27491] Call Trace:
[ 1853.157836][T27491]  <TASK>
[ 1853.157843][T27491]  dump_stack_lvl+0x100/0x190
[ 1853.157876][T27491]  should_fail_ex.cold+0x5/0xa
[ 1853.157900][T27491]  should_failslab+0xc2/0x120
[ 1853.157919][T27491]  __kvmalloc_node_noprof+0xfa/0xa00
[ 1853.157946][T27491]  ? seq_read_iter+0x819/0x1270
[ 1853.157971][T27491]  seq_read_iter+0x819/0x1270
[ 1853.157987][T27491]  ? register_lock_class+0x40/0x560
[ 1853.158017][T27491]  seq_read+0x33b/0x4c0
[ 1853.158035][T27491]  ? __pfx_seq_read+0x10/0x10
[ 1853.158063][T27491]  ? selinux_file_permission+0x8f/0x6d0
[ 1853.158092][T27491]  ? __pfx_seq_read+0x10/0x10
[ 1853.158110][T27491]  proc_reg_read+0x240/0x330
[ 1853.158129][T27491]  ? __pfx_proc_reg_read+0x10/0x10
[ 1853.158148][T27491]  vfs_read+0x1e4/0xb30
[ 1853.158179][T27491]  ? __pfx_vfs_read+0x10/0x10
[ 1853.158206][T27491]  ? __fget_files+0x215/0x3d0
[ 1853.158231][T27491]  ? __fget_files+0x21f/0x3d0
[ 1853.158258][T27491]  ksys_read+0x12a/0x250
[ 1853.158286][T27491]  ? __pfx_ksys_read+0x10/0x10
[ 1853.158310][T27491]  do_syscall_64+0x106/0xf80
[ 1853.158334][T27491]  ? clear_bhb_loop+0x40/0x90
[ 1853.158356][T27491]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1853.158374][T27491] RIP: 0033:0x7f08a239c799
[ 1853.158390][T27491] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1853.158406][T27491] RSP: 002b:00007f08a3253028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1853.158422][T27491] RAX: ffffffffffffffda RBX: 00007f08a2615fa0 RCX: 00007f08a239c799
[ 1853.158434][T27491] RDX: 0000000000002020 RSI: 00002000000045c0 RDI: 0000000000000005
[ 1853.158445][T27491] RBP: 00007f08a3253090 R08: 0000000000000000 R09: 0000000000000000
[ 1853.158455][T27491] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1853.158465][T27491] R13: 00007f08a2616038 R14: 00007f08a2615fa0 R15: 00007fffbfd07a28
[ 1853.158491][T27491]  </TASK>
[ 1853.469973][   T29] usb 2-1: USB disconnect, device number 47
[ 1853.981084][   T29] usb 2-1: new high-speed USB device number 48 using dummy_hcd
[ 1854.567371][   T29] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1854.583631][   T29] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1854.597213][   T29] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[ 1855.091745][   T29] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[ 1855.191876][   T29] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1855.200986][   T29] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1855.219616][   T29] usb 2-1: Product: syz
[ 1855.234295][   T29] usb 2-1: Manufacturer: syz
[ 1855.239000][   T29] usb 2-1: SerialNumber: syz
[ 1855.259029][   T29] usb 2-1: config 0 descriptor??
[ 1855.320807][   T29] garmin_gps 2-1:0.0: Garmin GPS usb/tty converter detected
[ 1856.079978][   T29] garmin_gps ttyUSB0: garmin_write_bulk - usb_submit_urb(write bulk) failed with status = -8
[ 1856.090705][   T29] garmin_gps ttyUSB0: probe with driver garmin_gps failed with error -8
[ 1856.118567][   T29] usb 2-1: USB disconnect, device number 48
[ 1856.202251][   T29] garmin_gps 2-1:0.0: device disconnected
[ 1856.870990][   T29] usb 2-1: new high-speed USB device number 49 using dummy_hcd
[ 1857.031893][   T29] usb 2-1: Using ep0 maxpacket: 16
[ 1857.044129][   T29] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1857.060982][   T29] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1857.104939][   T29] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1857.152816][   T29] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1857.177812][   T29] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1857.208303][   T29] usb 2-1: Manufacturer: syz
[ 1857.232021][   T29] usb 2-1: config 0 descriptor??
[ 1857.510931][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[ 1857.518930][    C1] lec:lec_tx_timeout: lec0
[ 1857.523435][    C1] lec:lec_start_xmit: lec0:No lecd attached
[ 1859.626528][ T5887] usb 2-1: USB disconnect, device number 49
[ 1860.823192][ T5921] usb 7-1: new high-speed USB device number 44 using dummy_hcd
[ 1861.068136][ T5921] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1861.371030][ T5921] usb 7-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1861.382572][ T5921] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[ 1861.396307][ T5921] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[ 1861.455363][ T5921] usb 7-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1861.472740][ T5921] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1861.504980][ T5921] usb 7-1: Product: syz
[ 1861.535343][ T5921] usb 7-1: Manufacturer: syz
[ 1861.550809][ T5921] usb 7-1: SerialNumber: syz
[ 1861.564533][ T5921] usb 7-1: config 0 descriptor??
[ 1861.574356][ T5921] garmin_gps 7-1:0.0: Garmin GPS usb/tty converter detected
[ 1861.618086][ T5921] garmin_gps ttyUSB0: garmin_write_bulk - usb_submit_urb(write bulk) failed with status = -8
[ 1861.639143][ T5921] garmin_gps ttyUSB0: probe with driver garmin_gps failed with error -8
[ 1861.797118][T22908] usb 7-1: USB disconnect, device number 44
[ 1861.856970][T22908] garmin_gps 7-1:0.0: device disconnected
[ 1862.080216][T27597] FAULT_INJECTION: forcing a failure.
[ 1862.080216][T27597] name failslab, interval 1, probability 0, space 0, times 0
[ 1862.093625][T27597] CPU: 0 UID: 0 PID: 27597 Comm: syz.0.5527 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1862.093652][T27597] Tainted: [L]=SOFTLOCKUP
[ 1862.093657][T27597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1862.093673][T27597] Call Trace:
[ 1862.093678][T27597]  <TASK>
[ 1862.093683][T27597]  dump_stack_lvl+0x100/0x190
[ 1862.093706][T27597]  should_fail_ex.cold+0x5/0xa
[ 1862.093721][T27597]  ? tomoyo_realpath_from_path+0xb6/0x690
[ 1862.093739][T27597]  should_failslab+0xc2/0x120
[ 1862.093751][T27597]  __kmalloc_noprof+0xe0/0x850
[ 1862.093771][T27597]  tomoyo_realpath_from_path+0xb6/0x690
[ 1862.093791][T27597]  tomoyo_path_number_perm+0x23c/0x580
[ 1862.093805][T27597]  ? tomoyo_path_number_perm+0x22e/0x580
[ 1862.093821][T27597]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1862.093849][T27597]  ? find_held_lock+0x2b/0x80
[ 1862.093865][T27597]  ? __fget_files+0x215/0x3d0
[ 1862.093876][T27597]  ? hook_file_ioctl_common+0x146/0x410
[ 1862.093901][T27597]  ? __fget_files+0x21f/0x3d0
[ 1862.093915][T27597]  security_file_ioctl+0xd3/0x230
[ 1862.093932][T27597]  __x64_sys_ioctl+0xb7/0x210
[ 1862.093950][T27597]  do_syscall_64+0x106/0xf80
[ 1862.093966][T27597]  ? clear_bhb_loop+0x40/0x90
[ 1862.093980][T27597]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1862.093992][T27597] RIP: 0033:0x7f08a239c799
[ 1862.094003][T27597] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1862.094014][T27597] RSP: 002b:00007f08a3232028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1862.094025][T27597] RAX: ffffffffffffffda RBX: 00007f08a2616090 RCX: 00007f08a239c799
[ 1862.094032][T27597] RDX: 0000200000000040 RSI: 000000004008af04 RDI: 0000000000000003
[ 1862.094039][T27597] RBP: 00007f08a3232090 R08: 0000000000000000 R09: 0000000000000000
[ 1862.094046][T27597] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1862.094053][T27597] R13: 00007f08a2616128 R14: 00007f08a2616090 R15: 00007fffbfd07a28
[ 1862.094067][T27597]  </TASK>
[ 1862.094086][T27597] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1862.540957][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5020 ms
[ 1862.548999][    C1] lec:lec_tx_timeout: lec0
[ 1862.553574][    C1] lec:lec_start_xmit: lec0:No lecd attached
[ 1864.101195][T22908] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[ 1864.590184][T22908] usb 6-1: Using ep0 maxpacket: 16
[ 1864.602550][T22908] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1864.613300][T22908] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1864.631373][T22908] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1864.678915][T22908] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1864.973498][T22908] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1864.982579][T22908] usb 6-1: Manufacturer: syz
[ 1865.112217][T22908] usb 6-1: config 0 descriptor??
[ 1865.641038][   T30] audit: type=1400 audit(2000000542.610:856): avc:  denied  { accept } for  pid=27632 comm="syz.0.5536" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[ 1866.555238][ T5860] usb 6-1: USB disconnect, device number 15
[ 1867.476603][T27656] binder: 27652:27656 ioctl 4018620d 0 returned -22
[ 1867.491135][ T5921] usb 7-1: new high-speed USB device number 45 using dummy_hcd
[ 1867.560949][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[ 1867.568947][    C1] lec:lec_tx_timeout: lec0
[ 1867.573449][    C1] lec:lec_start_xmit: lec0:No lecd attached
[ 1867.752281][ T5921] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1867.763100][ T5921] usb 7-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1867.931131][ T5921] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[ 1868.092088][ T5921] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[ 1868.711176][ T5921] usb 7-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1868.728066][ T5921] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1868.833218][ T5921] usb 7-1: Product: syz
[ 1868.945524][ T5921] usb 7-1: Manufacturer: syz
[ 1869.110971][ T5921] usb 7-1: SerialNumber: syz
[ 1869.173445][ T5921] usb 7-1: config 0 descriptor??
[ 1869.194416][ T5921] garmin_gps 7-1:0.0: Garmin GPS usb/tty converter detected
[ 1869.210878][ T5921] garmin_gps ttyUSB0: garmin_write_bulk - usb_submit_urb(write bulk) failed with status = -8
[ 1869.229617][ T5921] garmin_gps ttyUSB0: probe with driver garmin_gps failed with error -8
[ 1869.275844][ T5860] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[ 1869.412035][ T5921] usb 7-1: USB disconnect, device number 45
[ 1869.435424][ T5921] garmin_gps 7-1:0.0: device disconnected
[ 1869.440960][ T5860] usb 6-1: Using ep0 maxpacket: 16
[ 1869.457729][ T5860] usb 6-1: unable to get BOS descriptor or descriptor too short
[ 1869.469208][ T5860] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1869.490471][ T5860] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1869.522763][ T5860] usb 6-1: New USB device found, idVendor=08e4, idProduct=0163, bcdDevice= 0.40
[ 1869.532008][ T5860] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1869.549758][ T5860] usb 6-1: Product: syz
[ 1869.566662][ T5860] usb 6-1: Manufacturer: syz
[ 1869.585886][ T5860] usb 6-1: SerialNumber: syz
[ 1869.822197][ T5860] usb 6-1: USB disconnect, device number 16
[ 1870.277961][T27691] netlink: 20 bytes leftover after parsing attributes in process `syz.6.5554'.
[ 1870.831566][T27699] Invalid source name
[ 1871.530982][ T5921] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[ 1871.722570][ T5921] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16
[ 1871.738124][T27704] syzkaller0: entered promiscuous mode
[ 1871.747034][ T5921] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64
[ 1871.769587][T27704] syzkaller0: entered allmulticast mode
[ 1871.778046][ T5921] usb 6-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32
[ 1871.793778][ T5921] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1871.808178][ T5921] usb 6-1: Product: syz
[ 1871.812865][ T5921] usb 6-1: Manufacturer: syz
[ 1871.817707][ T5921] usb 6-1: SerialNumber: syz
[ 1871.888276][ T5921] usb 6-1: config 0 descriptor??
[ 1871.926814][T27699] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 1871.939240][T27699] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 1872.119447][T27719] netlink: 256 bytes leftover after parsing attributes in process `syz.0.5563'.
[ 1872.128719][T27719] netlink: 256 bytes leftover after parsing attributes in process `syz.0.5563'.
[ 1872.719935][T27699] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 1872.727250][T27699] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 1873.031076][ T5867] usb 7-1: new high-speed USB device number 46 using dummy_hcd
[ 1873.143677][T27699] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1873.183098][T27699] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1873.202449][ T5867] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1873.212932][ T5867] usb 7-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1873.218820][ T5921] dm9601: No valid MAC address in EEPROM, using 00:00:00:00:00:00
[ 1873.224812][ T5867] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[ 1873.242991][ T5867] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[ 1873.268481][ T5867] usb 7-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1873.280995][ T5867] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1873.289108][ T5867] usb 7-1: Product: syz
[ 1873.299727][ T5867] usb 7-1: Manufacturer: syz
[ 1873.304562][ T5867] usb 7-1: SerialNumber: syz
[ 1873.312301][ T5867] usb 7-1: config 0 descriptor??
[ 1873.319564][ T5867] garmin_gps 7-1:0.0: Garmin GPS usb/tty converter detected
[ 1873.328183][ T5867] garmin_gps ttyUSB0: garmin_write_bulk - usb_submit_urb(write bulk) failed with status = -8
[ 1873.339028][ T5867] garmin_gps ttyUSB0: probe with driver garmin_gps failed with error -8
[ 1873.390919][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5820 ms
[ 1873.398950][    C1] lec:lec_tx_timeout: lec0
[ 1873.403594][    C1] lec:lec_start_xmit: lec0:No lecd attached
[ 1873.542605][T19888] usb 7-1: USB disconnect, device number 46
[ 1873.551448][T19888] garmin_gps 7-1:0.0: device disconnected
[ 1874.061909][ T5921] dm9601 6-1:0.0 (unnamed net_device) (uninitialized): MDIO read error: -71
[ 1874.505724][T27734] xt_policy: neither incoming nor outgoing policy selected
[ 1875.248751][T27739] netlink: 312 bytes leftover after parsing attributes in process `syz.5.5567'.
[ 1875.973269][ T5921] dm9601 6-1:0.0 eth9: register 'dm9601' at usb-dummy_hcd.5-1, Davicom DM96xx USB 10/100 Ethernet, 9a:6a:5e:d4:63:c6
[ 1876.016819][ T5921] usb 6-1: USB disconnect, device number 17
[ 1876.029407][ T5921] dm9601 6-1:0.0 eth9: unregister 'dm9601' usb-dummy_hcd.5-1, Davicom DM96xx USB 10/100 Ethernet
[ 1876.048529][T27744] fuse: Bad value for 'rootmode'
[ 1876.124069][   T30] audit: type=1400 audit(2000000553.170:857): avc:  denied  { mounton } for  pid=27745 comm="syz.3.5570" path="/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="ramfs" ino=122234 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=dir permissive=1
[ 1877.659817][T27746] netlink: 'syz.3.5570': attribute type 30 has an invalid length.
[ 1878.212887][T27786] netlink: 36 bytes leftover after parsing attributes in process `syz.0.5576'.
[ 1878.410924][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[ 1878.418962][    C1] lec:lec_tx_timeout: lec0
[ 1878.423736][    C1] lec:lec_start_xmit: lec0:No lecd attached
[ 1878.861790][T27798] syzkaller0: entered promiscuous mode
[ 1878.901972][T27798] syzkaller0: entered allmulticast mode
[ 1878.991144][ T5860] usb 7-1: new high-speed USB device number 47 using dummy_hcd
[ 1879.213249][ T5860] usb 7-1: Using ep0 maxpacket: 32
[ 1879.227622][ T5860] usb 7-1: config index 0 descriptor too short (expected 35577, got 27)
[ 1879.237828][ T5860] usb 7-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[ 1879.257129][ T5860] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 92
[ 1879.266459][ T5860] usb 7-1: config 1 has no interface number 0
[ 1879.273347][ T5860] usb 7-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1879.284745][ T5860] usb 7-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[ 1879.304264][ T5860] usb 7-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[ 1879.314685][ T5860] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1879.356621][ T5860] snd_usb_pod 7-1:1.1: Line 6 Pocket POD found
[ 1879.556943][ T5860] snd_usb_pod 7-1:1.1: Line 6 Pocket POD now attached
[ 1880.332583][ T5860] usb 7-1: USB disconnect, device number 47
[ 1880.393756][ T5860] snd_usb_pod 7-1:1.1: Line 6 Pocket POD now disconnected
[ 1882.247792][T27839] FAULT_INJECTION: forcing a failure.
[ 1882.247792][T27839] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1882.308293][T27839] CPU: 1 UID: 0 PID: 27839 Comm: syz.0.5589 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1882.308322][T27839] Tainted: [L]=SOFTLOCKUP
[ 1882.308329][T27839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1882.308340][T27839] Call Trace:
[ 1882.308346][T27839]  <TASK>
[ 1882.308353][T27839]  dump_stack_lvl+0x100/0x190
[ 1882.308394][T27839]  should_fail_ex.cold+0x5/0xa
[ 1882.308418][T27839]  strncpy_from_user+0x3b/0x2d0
[ 1882.308450][T27839]  keyctl_restrict_keyring+0xeb/0x250
[ 1882.308474][T27839]  ? __pfx_keyctl_restrict_keyring+0x10/0x10
[ 1882.308499][T27839]  ? ksys_write+0x1ac/0x250
[ 1882.308515][T27839]  ? __pfx_ksys_write+0x10/0x10
[ 1882.308535][T27839]  __do_sys_keyctl+0x2e8/0x5a0
[ 1882.308559][T27839]  do_syscall_64+0x106/0xf80
[ 1882.308582][T27839]  ? clear_bhb_loop+0x40/0x90
[ 1882.308604][T27839]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1882.308623][T27839] RIP: 0033:0x7f08a239c799
[ 1882.308638][T27839] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1882.308655][T27839] RSP: 002b:00007f08a3253028 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa
[ 1882.308672][T27839] RAX: ffffffffffffffda RBX: 00007f08a2615fa0 RCX: 00007f08a239c799
[ 1882.308684][T27839] RDX: 9999999999999999 RSI: 0000000002f3f46c RDI: 000000000000001d
[ 1882.308694][T27839] RBP: 00007f08a3253090 R08: 0000000000000000 R09: 0000000000000000
[ 1882.308705][T27839] R10: 0000200000000200 R11: 0000000000000246 R12: 0000000000000001
[ 1882.308715][T27839] R13: 00007f08a2616038 R14: 00007f08a2615fa0 R15: 00007fffbfd07a28
[ 1882.308740][T27839]  </TASK>
[ 1882.660992][ T5887] usb 4-1: new high-speed USB device number 58 using dummy_hcd
[ 1882.841116][ T5887] usb 4-1: Using ep0 maxpacket: 8
[ 1882.879498][ T5887] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[ 1882.888856][ T5887] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1883.050509][T27853] xt_policy: neither incoming nor outgoing policy selected
[ 1883.348249][ T5887] pvrusb2: Hardware description: Terratec Grabster AV400
[ 1883.355431][ T5887] pvrusb2: **********
[ 1883.364349][ T5887] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[ 1883.404703][T21639] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[ 1883.413330][ T5887] pvrusb2: Important functionality might not be entirely working.
[ 1883.421679][ T5887] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[ 1883.430932][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[ 1883.440945][    C1] lec:lec_tx_timeout: lec0
[ 1883.447340][ T5887] pvrusb2: **********
[ 1883.447380][    C1] lec:lec_start_xmit: lec0:No lecd attached
[ 1883.464468][ T2337] pvrusb2: Invalid write control endpoint
[ 1883.555757][ T2337] pvrusb2: Invalid write control endpoint
[ 1883.569489][ T2337] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[ 1883.581014][T21639] usb 6-1: Using ep0 maxpacket: 16
[ 1883.598576][T21639] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1883.609236][ T2337] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[ 1883.609370][T21639] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1883.664541][T21639] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1883.671462][ T2337] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[ 1883.778275][ T2337] pvrusb2: Device being rendered inoperable
[ 1883.797050][T21639] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1883.806583][T27841] netlink: 'syz.3.5588': attribute type 21 has an invalid length.
[ 1883.814758][T21639] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1883.823758][T27841] netlink: 156 bytes leftover after parsing attributes in process `syz.3.5588'.
[ 1883.844389][T21639] usb 6-1: Manufacturer: syz
[ 1883.850724][ T2337] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[ 1883.869469][ T2337] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[ 1883.882614][T21639] usb 6-1: config 0 descriptor??
[ 1883.924307][ T2337] pvrusb2: Attached sub-driver cx25840
[ 1883.926424][ T5887] usb 4-1: USB disconnect, device number 58
[ 1883.966521][ T2337] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[ 1883.985616][ T2337] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[ 1884.804454][T27876] FAULT_INJECTION: forcing a failure.
[ 1884.804454][T27876] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1884.819076][T27876] CPU: 1 UID: 0 PID: 27876 Comm: syz.3.5599 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1884.819103][T27876] Tainted: [L]=SOFTLOCKUP
[ 1884.819110][T27876] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1884.819120][T27876] Call Trace:
[ 1884.819127][T27876]  <TASK>
[ 1884.819133][T27876]  dump_stack_lvl+0x100/0x190
[ 1884.819172][T27876]  should_fail_ex.cold+0x5/0xa
[ 1884.819197][T27876]  _copy_from_user+0x2e/0xd0
[ 1884.819218][T27876]  fanotify_write+0xde/0x770
[ 1884.819238][T27876]  ? __pfx_fanotify_write+0x10/0x10
[ 1884.819258][T27876]  ? bpf_lsm_file_permission+0x9/0x10
[ 1884.819284][T27876]  ? security_file_permission+0x76/0x210
[ 1884.819316][T27876]  ? rw_verify_area+0xce/0x6d0
[ 1884.819344][T27876]  vfs_write+0x2aa/0x1070
[ 1884.819361][T27876]  ? __pfx_fanotify_write+0x10/0x10
[ 1884.819381][T27876]  ? __pfx_vfs_write+0x10/0x10
[ 1884.819395][T27876]  ? find_held_lock+0x2b/0x80
[ 1884.819418][T27876]  ? __fget_files+0x215/0x3d0
[ 1884.819440][T27876]  ? __fget_files+0x215/0x3d0
[ 1884.819463][T27876]  ? __fget_files+0x21f/0x3d0
[ 1884.819492][T27876]  ksys_write+0x12a/0x250
[ 1884.819508][T27876]  ? __pfx_ksys_write+0x10/0x10
[ 1884.819531][T27876]  do_syscall_64+0x106/0xf80
[ 1884.819554][T27876]  ? clear_bhb_loop+0x40/0x90
[ 1884.819577][T27876]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1884.819594][T27876] RIP: 0033:0x7ff80ab9c799
[ 1884.819610][T27876] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1884.819627][T27876] RSP: 002b:00007ff808df6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1884.819644][T27876] RAX: ffffffffffffffda RBX: 00007ff80ae15fa0 RCX: 00007ff80ab9c799
[ 1884.819655][T27876] RDX: 0000000000000020 RSI: 00002000000011c0 RDI: 0000000000000003
[ 1884.819665][T27876] RBP: 00007ff808df6090 R08: 0000000000000000 R09: 0000000000000000
[ 1884.819675][T27876] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1884.819685][T27876] R13: 00007ff80ae16038 R14: 00007ff80ae15fa0 R15: 00007ffd7c0a0f88
[ 1884.819708][T27876]  </TASK>
[ 1885.180967][T22908] usb 7-1: new high-speed USB device number 48 using dummy_hcd
[ 1885.340957][ T5887] usb 2-1: new high-speed USB device number 50 using dummy_hcd
[ 1885.351173][T22908] usb 7-1: Using ep0 maxpacket: 32
[ 1885.357794][T22908] usb 7-1: config 0 has an invalid interface number: 67 but max is 0
[ 1885.368524][T22908] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1885.383665][T22908] usb 7-1: config 0 has no interface number 0
[ 1885.392124][T22908] usb 7-1: config 0 interface 67 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1885.409376][T22908] usb 7-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[ 1885.419596][T22908] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1885.429935][T22908] usb 7-1: Product: syz
[ 1885.434440][T22908] usb 7-1: Manufacturer: syz
[ 1885.440245][T22908] usb 7-1: SerialNumber: syz
[ 1885.447723][T22908] usb 7-1: config 0 descriptor??
[ 1885.459652][T22908] smsc95xx 7-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[ 1885.471173][T22908] smsc95xx 7-1:0.67: probe with driver smsc95xx failed with error -22
[ 1885.493412][ T5887] usb 2-1: Using ep0 maxpacket: 16
[ 1885.507694][ T5887] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 23, changing to 8
[ 1885.526608][ T5887] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 9980, setting to 1024
[ 1885.541938][ T5887] usb 2-1: New USB device found, idVendor=0458, idProduct=5016, bcdDevice= 0.00
[ 1885.551249][ T5887] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1885.561461][ T5887] usb 2-1: config 0 descriptor??
[ 1885.566967][T27880] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22
[ 1885.742421][T22908] usb 6-1: USB disconnect, device number 18
[ 1885.803589][   T30] audit: type=1400 audit(2000000562.850:858): avc:  denied  { write } for  pid=27883 comm="syz.5.5603" name="usbmon6" dev="devtmpfs" ino=734 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[ 1885.985388][ T5887] kye 0003:0458:5016.0031: control desc unexpectedly large
[ 1885.998923][ T5887] input: HID 0458:5016 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0458:5016.0031/input/input180
[ 1886.086427][ T5887] input: HID 0458:5016 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0458:5016.0031/input/input181
[ 1886.415114][ T5887] kye 0003:0458:5016.0031: input,hiddev0,hidraw0: USB HID v0.09 Device [HID 0458:5016] on usb-dummy_hcd.1-1/input0
[ 1887.093207][    C0] kye 0003:0458:5016.0031: usb_submit_urb(ctrl) failed: -1
[ 1887.457765][ T5867] hid-generic 0000:0000:0000.0032: unknown main item tag 0x0
[ 1887.483159][ T5867] hid-generic 0000:0000:0000.0032: hidraw1: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[ 1887.521278][T27918] kye 0003:0458:5016.0031: pid 27918 passed too short report
[ 1887.843923][T21639] usb 7-1: USB disconnect, device number 48
[ 1887.901335][T22908] usb 2-1: USB disconnect, device number 50
[ 1887.985224][T27917] fido_id[27917]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[ 1888.460921][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[ 1888.468916][    C1] lec:lec_tx_timeout: lec0
[ 1888.473500][    C1] lec:lec_start_xmit: lec0:No lecd attached
[ 1889.249977][T27949] xt_policy: neither incoming nor outgoing policy selected
[ 1891.966394][T27961] binder: 27960:27961 ioctl c0306201 200000000640 returned -22
[ 1892.161185][ T5867] usb 1-1: new high-speed USB device number 34 using dummy_hcd
[ 1892.421143][ T5867] usb 1-1: Using ep0 maxpacket: 16
[ 1892.429368][ T5867] usb 1-1: unable to get BOS descriptor or descriptor too short
[ 1892.446860][ T5867] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1892.467887][ T5867] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1892.503219][ T5867] usb 1-1: New USB device found, idVendor=08e4, idProduct=0163, bcdDevice= 0.40
[ 1892.525053][ T5867] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1892.548689][ T5867] usb 1-1: Product: syz
[ 1892.553110][ T5867] usb 1-1: Manufacturer: syz
[ 1892.557871][ T5867] usb 1-1: SerialNumber: syz
[ 1892.769322][T27981] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3343437945 (53495007120 ns) > initial count (52285443328 ns). Using initial count to start timer.
[ 1892.810386][ T5867] usb 1-1: USB disconnect, device number 34
[ 1892.850993][ T5860] usb 7-1: new high-speed USB device number 49 using dummy_hcd
[ 1893.013275][ T5860] usb 7-1: unable to get BOS descriptor or descriptor too short
[ 1893.034871][ T5860] usb 7-1: config 3 has an invalid descriptor of length 0, skipping remainder of the config
[ 1893.050192][ T5860] usb 7-1: New USB device found, idVendor=0cf3, idProduct=1010, bcdDevice=26.db
[ 1893.059593][ T5860] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1893.072244][ T5860] usb 7-1: Product: syz
[ 1893.079543][ T5860] usb 7-1: Manufacturer: syz
[ 1893.091091][ T5860] usb 7-1: SerialNumber: syz
[ 1893.480924][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[ 1893.489015][    C1] lec:lec_tx_timeout: lec0
[ 1893.493808][    C1] lec:lec_start_xmit: lec0:No lecd attached
[ 1893.746266][T27988] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3343437945 (53495007120 ns) > initial count (52285443328 ns). Using initial count to start timer.
[ 1893.764521][T27988] FAULT_INJECTION: forcing a failure.
[ 1893.764521][T27988] name failslab, interval 1, probability 0, space 0, times 0
[ 1893.777251][T27988] CPU: 1 UID: 0 PID: 27988 Comm: syz.5.5631 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1893.777274][T27988] Tainted: [L]=SOFTLOCKUP
[ 1893.777281][T27988] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1893.777291][T27988] Call Trace:
[ 1893.777297][T27988]  <TASK>
[ 1893.777303][T27988]  dump_stack_lvl+0x100/0x190
[ 1893.777334][T27988]  should_fail_ex.cold+0x5/0xa
[ 1893.777356][T27988]  ? tomoyo_realpath_from_path+0xb6/0x690
[ 1893.777381][T27988]  should_failslab+0xc2/0x120
[ 1893.777401][T27988]  __kmalloc_noprof+0xe0/0x850
[ 1893.777432][T27988]  tomoyo_realpath_from_path+0xb6/0x690
[ 1893.777463][T27988]  tomoyo_path_number_perm+0x23c/0x580
[ 1893.777485][T27988]  ? tomoyo_path_number_perm+0x22e/0x580
[ 1893.777510][T27988]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1893.777556][T27988]  ? find_held_lock+0x2b/0x80
[ 1893.777581][T27988]  ? __fget_files+0x215/0x3d0
[ 1893.777600][T27988]  ? hook_file_ioctl_common+0x146/0x410
[ 1893.777625][T27988]  ? __fget_files+0x21f/0x3d0
[ 1893.777649][T27988]  security_file_ioctl+0xd3/0x230
[ 1893.777676][T27988]  __x64_sys_ioctl+0xb7/0x210
[ 1893.777704][T27988]  do_syscall_64+0x106/0xf80
[ 1893.777729][T27988]  ? clear_bhb_loop+0x40/0x90
[ 1893.777752][T27988]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1893.777770][T27988] RIP: 0033:0x7efe7219c799
[ 1893.777786][T27988] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1893.777814][T27988] RSP: 002b:00007efe730f1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1893.777832][T27988] RAX: ffffffffffffffda RBX: 00007efe72415fa0 RCX: 00007efe7219c799
[ 1893.777844][T27988] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000008
[ 1893.777855][T27988] RBP: 00007efe730f1090 R08: 0000000000000000 R09: 0000000000000000
[ 1893.777865][T27988] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1893.777876][T27988] R13: 00007efe72416038 R14: 00007efe72415fa0 R15: 00007fffb6973788
[ 1893.777900][T27988]  </TASK>
[ 1893.777908][T27988] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1894.042544][ T5860] usb 7-1: reset high-speed USB device number 49 using dummy_hcd
[ 1894.080135][T27991] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1894.081332][T27993] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=15 sclass=netlink_route_socket pid=27993 comm=syz.1.5632
[ 1894.182898][ T5860] usb 7-1: device descriptor read/64, error -71
[ 1894.431657][ T5860] usb 7-1: reset high-speed USB device number 49 using dummy_hcd
[ 1894.490964][T22908] usb 1-1: new high-speed USB device number 35 using dummy_hcd
[ 1894.511676][ T5887] usb 2-1: new high-speed USB device number 51 using dummy_hcd
[ 1894.561328][ T5860] usb 7-1: device descriptor read/64, error -71
[ 1894.641050][T22908] usb 1-1: Using ep0 maxpacket: 32
[ 1894.647748][T22908] usb 1-1: config 0 has an invalid interface number: 250 but max is 1
[ 1894.656705][T22908] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1894.668135][T22908] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2
[ 1894.679726][T22908] usb 1-1: config 0 has no interface number 0
[ 1894.681877][ T5887] usb 2-1: Using ep0 maxpacket: 32
[ 1894.689279][T22908] usb 1-1: New USB device found, idVendor=0408, idProduct=3090, bcdDevice=a6.3f
[ 1894.700337][T22908] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1894.701467][ T5887] usb 2-1: config 0 has an invalid interface number: 250 but max is 1
[ 1894.708491][T22908] usb 1-1: Product: syz
[ 1894.717853][ T5887] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1894.721441][T22908] usb 1-1: Manufacturer: syz
[ 1894.731302][ T5887] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2
[ 1894.735706][T22908] usb 1-1: SerialNumber: syz
[ 1894.766366][ T5887] usb 2-1: config 0 has no interface number 0
[ 1894.822159][ T5860] usb 7-1: reset high-speed USB device number 49 using dummy_hcd
[ 1894.846521][ T5887] usb 2-1: New USB device found, idVendor=0408, idProduct=3090, bcdDevice=a6.3f
[ 1894.849826][T22908] usb 1-1: config 0 descriptor??
[ 1894.861133][ T5887] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1894.870733][ T5887] usb 2-1: Product: syz
[ 1894.870870][ T5860] usb 7-1: device descriptor read/8, error -71
[ 1894.882536][ T5887] usb 2-1: Manufacturer: syz
[ 1894.887554][ T5887] usb 2-1: SerialNumber: syz
[ 1895.081948][T27997] FAULT_INJECTION: forcing a failure.
[ 1895.081948][T27997] name failslab, interval 1, probability 0, space 0, times 0
[ 1895.129154][ T5887] usb 2-1: config 0 descriptor??
[ 1895.161703][T27997] CPU: 0 UID: 0 PID: 27997 Comm: syz.0.5634 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1895.161722][T27997] Tainted: [L]=SOFTLOCKUP
[ 1895.161727][T27997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1895.161733][T27997] Call Trace:
[ 1895.161737][T27997]  <TASK>
[ 1895.161742][T27997]  dump_stack_lvl+0x100/0x190
[ 1895.161764][T27997]  should_fail_ex.cold+0x5/0xa
[ 1895.161779][T27997]  ? tomoyo_realpath_from_path+0xb6/0x690
[ 1895.161797][T27997]  should_failslab+0xc2/0x120
[ 1895.161809][T27997]  __kmalloc_noprof+0xe0/0x850
[ 1895.161828][T27997]  tomoyo_realpath_from_path+0xb6/0x690
[ 1895.161849][T27997]  tomoyo_path_number_perm+0x23c/0x580
[ 1895.161863][T27997]  ? tomoyo_path_number_perm+0x22e/0x580
[ 1895.161882][T27997]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1895.161924][T27997]  ? find_held_lock+0x2b/0x80
[ 1895.161947][T27997]  ? __fget_files+0x215/0x3d0
[ 1895.161964][T27997]  ? hook_file_ioctl_common+0x146/0x410
[ 1895.161987][T27997]  ? __fget_files+0x21f/0x3d0
[ 1895.162010][T27997]  security_file_ioctl+0xd3/0x230
[ 1895.162035][T27997]  __x64_sys_ioctl+0xb7/0x210
[ 1895.162062][T27997]  do_syscall_64+0x106/0xf80
[ 1895.162085][T27997]  ? clear_bhb_loop+0x40/0x90
[ 1895.162107][T27997]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1895.162124][T27997] RIP: 0033:0x7f08a239c799
[ 1895.162140][T27997] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1895.162156][T27997] RSP: 002b:00007f08a3253028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1895.162179][T27997] RAX: ffffffffffffffda RBX: 00007f08a2615fa0 RCX: 00007f08a239c799
[ 1895.162191][T27997] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006
[ 1895.162201][T27997] RBP: 00007f08a3253090 R08: 0000000000000000 R09: 0000000000000000
[ 1895.162212][T27997] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1895.162222][T27997] R13: 00007f08a2616038 R14: 00007f08a2615fa0 R15: 00007fffbfd07a28
[ 1895.162246][T27997]  </TASK>
[ 1895.162386][T27997] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1895.201034][ T5860] usb 7-1: reset high-speed USB device number 49 using dummy_hcd
[ 1895.383486][ T5887] usb 2-1: USB disconnect, device number 51
[ 1895.404669][ T5860] usb 7-1: device descriptor read/8, error -71
[ 1895.404725][T21639] usb 1-1: USB disconnect, device number 35
[ 1895.531294][ T5860] usb 7-1: USB disconnect, device number 49
[ 1897.781112][T22908] usb 4-1: new high-speed USB device number 59 using dummy_hcd
[ 1898.500931][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[ 1898.508937][    C1] lec:lec_tx_timeout: lec0
[ 1898.520986][    C1] lec:lec_start_xmit: lec0:No lecd attached
[ 1899.745659][T22908] usb 4-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[ 1899.759577][T22908] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1899.810655][T22908] usb 4-1: Product: syz
[ 1899.838580][T22908] usb 4-1: Manufacturer: syz
[ 1899.858753][T22908] usb 4-1: SerialNumber: syz
[ 1900.071010][   T29] usb 7-1: new high-speed USB device number 51 using dummy_hcd
[ 1900.276713][   T29] usb 7-1: Using ep0 maxpacket: 16
[ 1900.401630][T21639] usb 2-1: new high-speed USB device number 52 using dummy_hcd
[ 1900.420288][   T29] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 23, changing to 8
[ 1900.630081][T28050] xt_policy: neither incoming nor outgoing policy selected
[ 1900.907594][   T29] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 9980, setting to 1024
[ 1900.936740][   T29] usb 7-1: New USB device found, idVendor=0458, idProduct=5016, bcdDevice= 0.00
[ 1900.957299][   T29] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1900.993766][   T29] usb 7-1: config 0 descriptor??
[ 1901.001209][T21639] usb 2-1: Using ep0 maxpacket: 16
[ 1901.008375][T21639] usb 2-1: config 0 has an invalid interface number: 8 but max is 0
[ 1901.031443][T28042] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[ 1901.043802][T21639] usb 2-1: config 0 has no interface number 0
[ 1901.067724][T21639] usb 2-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1901.223935][T21639] usb 2-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1901.282168][T21639] usb 2-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[ 1901.319765][T21639] usb 2-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[ 1901.370993][T21639] usb 2-1: Product: syz
[ 1901.375319][T21639] usb 2-1: SerialNumber: syz
[ 1901.615952][T22908] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPROTO
[ 1901.736190][   T29] kye 0003:0458:5016.0033: control desc unexpectedly large
[ 1901.746111][T21639] usb 2-1: config 0 descriptor??
[ 1901.762237][T21639] cm109 2-1:0.8: invalid payload size 0, expected 4
[ 1901.776915][T21639] input: CM109 USB driver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.8/input/input182
[ 1901.801156][T22908] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[ 1901.861288][   T29] input: HID 0458:5016 as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/0003:0458:5016.0033/input/input183
[ 1901.875872][T22908] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[ 1901.901085][T22908] lan78xx 4-1:1.0: probe with driver lan78xx failed with error -71
[ 1901.991160][T22908] usb 4-1: USB disconnect, device number 59
[ 1902.044551][   T29] input: HID 0458:5016 as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/0003:0458:5016.0033/input/input184
[ 1902.135003][   T29] kye 0003:0458:5016.0033: input,hiddev0,hidraw0: USB HID v0.09 Device [HID 0458:5016] on usb-dummy_hcd.6-1/input0
[ 1902.362419][T28045] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1902.423318][T28045] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1902.747829][ T5921] usb 7-1: USB disconnect, device number 51
[ 1902.838599][    C0] cm109_urb_ctl_callback: 12 callbacks suppressed
[ 1902.838620][    C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1902.840957][   T29] usb 2-1: USB disconnect, device number 52
[ 1902.845068][    C0] cm109 2-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[ 1902.939873][   T29] cm109 2-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[ 1903.540943][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5020 ms
[ 1903.548959][    C1] lec:lec_tx_timeout: lec0
[ 1903.557109][    C1] lec:lec_start_xmit: lec0:No lecd attached
[ 1904.651912][ T5853] usb 4-1: new high-speed USB device number 60 using dummy_hcd
[ 1904.951106][ T5853] usb 4-1: Using ep0 maxpacket: 16
[ 1904.976142][ T5853] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1905.011864][ T5853] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1905.053589][ T5853] usb 4-1: config 0 interface 0 altsetting 0 has a duplicate endpoint with address 0x2, skipping
[ 1905.098571][ T5853] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1905.413266][ T5853] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1905.425035][ T5853] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1905.449696][ T5853] usb 4-1: Manufacturer: syz
[ 1905.461012][ T5921] usb 1-1: new high-speed USB device number 36 using dummy_hcd
[ 1905.471999][ T5853] usb 4-1: config 0 descriptor??
[ 1905.611170][ T5921] usb 1-1: Using ep0 maxpacket: 32
[ 1905.634126][ T5921] usb 1-1: config 0 has an invalid interface number: 132 but max is 0
[ 1905.671872][ T5921] usb 1-1: config 0 has no interface number 0
[ 1905.695871][ T5921] usb 1-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1905.738795][ T5921] usb 1-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[ 1905.759374][ T5921] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1905.783220][ T5921] usb 1-1: Product: syz
[ 1905.787526][ T5921] usb 1-1: Manufacturer: syz
[ 1905.792559][ T5921] usb 1-1: SerialNumber: syz
[ 1905.804058][ T5921] usb 1-1: config 0 descriptor??
[ 1905.831751][ T5921] em28xx 1-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[ 1905.873830][ T5921] em28xx 1-1:0.132: Video interface 132 found:
[ 1906.409793][ T5921] em28xx 1-1:0.132: unknown em28xx chip ID (0)
[ 1906.477003][ T5921] em28xx 1-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[ 1906.487055][ T5921] em28xx 1-1:0.132: board has no eeprom
[ 1906.552915][ T5921] em28xx 1-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[ 1906.624945][ T5921] em28xx 1-1:0.132: analog set to bulk mode.
[ 1906.641094][T21639] em28xx 1-1:0.132: Registering V4L2 extension
[ 1906.716884][T21639] em28xx 1-1:0.132: failed to trigger read from i2c address 0x4a (error=-5)
[ 1906.744420][ T5921] usb 1-1: USB disconnect, device number 36
[ 1907.011235][ T5921] em28xx 1-1:0.132: Disconnecting em28xx
[ 1907.130191][T21639] em28xx 1-1:0.132: Config register raw data: 0xffffffed
[ 1907.168718][T21639] em28xx 1-1:0.132: AC97 chip type couldn't be determined
[ 1907.189136][T21639] em28xx 1-1:0.132: No AC97 audio processor
[ 1907.198166][ T5860] usb 4-1: USB disconnect, device number 60
[ 1907.286985][T28114] FAULT_INJECTION: forcing a failure.
[ 1907.286985][T28114] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1907.311824][T21639] usb 1-1: Decoder not found
[ 1907.339129][T21639] em28xx 1-1:0.132: failed to create media graph
[ 1907.531441][T28114] CPU: 0 UID: 0 PID: 28114 Comm: syz.3.5666 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1907.531467][T28114] Tainted: [L]=SOFTLOCKUP
[ 1907.531472][T28114] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1907.531481][T28114] Call Trace:
[ 1907.531487][T28114]  <TASK>
[ 1907.531492][T28114]  dump_stack_lvl+0x100/0x190
[ 1907.531520][T28114]  should_fail_ex.cold+0x5/0xa
[ 1907.531541][T28114]  _copy_from_user+0x2e/0xd0
[ 1907.531557][T28114]  copy_msghdr_from_user+0x9f/0x4f0
[ 1907.531573][T28114]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 1907.531592][T28114]  ? __lock_acquire+0x4a5/0x2630
[ 1907.531610][T28114]  ___sys_recvmsg+0xdd/0x1a0
[ 1907.531624][T28114]  ? __pfx____sys_recvmsg+0x10/0x10
[ 1907.531654][T28114]  __sys_recvmsg+0x16d/0x220
[ 1907.531673][T28114]  ? __pfx___sys_recvmsg+0x10/0x10
[ 1907.531704][T28114]  do_syscall_64+0x106/0xf80
[ 1907.531723][T28114]  ? clear_bhb_loop+0x40/0x90
[ 1907.531741][T28114]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1907.531755][T28114] RIP: 0033:0x7ff80ab9c799
[ 1907.531767][T28114] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1907.531780][T28114] RSP: 002b:00007ff808df6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[ 1907.531802][T28114] RAX: ffffffffffffffda RBX: 00007ff80ae15fa0 RCX: 00007ff80ab9c799
[ 1907.531811][T28114] RDX: 0000000000000002 RSI: 0000200000000f00 RDI: 0000000000000003
[ 1907.531819][T28114] RBP: 00007ff808df6090 R08: 0000000000000000 R09: 0000000000000000
[ 1907.531828][T28114] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1907.531836][T28114] R13: 00007ff80ae16038 R14: 00007ff80ae15fa0 R15: 00007ffd7c0a0f88
[ 1907.531855][T28114]  </TASK>
[ 1907.819920][T21639] em28xx 1-1:0.132: V4L2 device video103 deregistered
[ 1907.868075][T28115] ==================================================================
[ 1907.876149][T28115] BUG: KASAN: slab-use-after-free in v4l2_fh_init+0x27d/0x2c0
[ 1907.883585][T28115] Read of size 8 at addr ffff888040784790 by task v4l_id/28115
[ 1907.891094][T28115] 
[ 1907.893400][T28115] CPU: 0 UID: 0 PID: 28115 Comm: v4l_id Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1907.893419][T28115] Tainted: [L]=SOFTLOCKUP
[ 1907.893423][T28115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1907.893430][T28115] Call Trace:
[ 1907.893435][T28115]  <TASK>
[ 1907.893440][T28115]  dump_stack_lvl+0x100/0x190
[ 1907.893461][T28115]  print_report+0x156/0x4c9
[ 1907.893477][T28115]  ? __virt_addr_valid+0x81/0x620
[ 1907.893494][T28115]  ? __phys_addr+0xe8/0x180
[ 1907.893511][T28115]  ? v4l2_fh_init+0x27d/0x2c0
[ 1907.893526][T28115]  kasan_report+0xdf/0x1e0
[ 1907.893537][T28115]  ? v4l2_fh_init+0x27d/0x2c0
[ 1907.893554][T28115]  v4l2_fh_init+0x27d/0x2c0
[ 1907.893570][T28115]  v4l2_fh_open+0x64/0xa0
[ 1907.893586][T28115]  em28xx_v4l2_open+0x11e/0x570
[ 1907.893601][T28115]  v4l2_open+0x1d2/0x490
[ 1907.893617][T28115]  ? __pfx_v4l2_open+0x10/0x10
[ 1907.893633][T28115]  chrdev_open+0x234/0x6a0
[ 1907.893645][T28115]  ? __pfx_chrdev_open+0x10/0x10
[ 1907.893657][T28115]  ? fsnotify_open_perm_and_set_mode+0x17a/0xa80
[ 1907.893672][T28115]  do_dentry_open+0x6d8/0x1660
[ 1907.893687][T28115]  ? __pfx_chrdev_open+0x10/0x10
[ 1907.893700][T28115]  vfs_open+0x82/0x3f0
[ 1907.893715][T28115]  path_openat+0x208c/0x31a0
[ 1907.893729][T28115]  ? __pfx_path_openat+0x10/0x10
[ 1907.893743][T28115]  do_file_open+0x20e/0x430
[ 1907.893755][T28115]  ? __pfx_do_file_open+0x10/0x10
[ 1907.893772][T28115]  ? alloc_fd+0x476/0x790
[ 1907.893785][T28115]  ? do_getname+0x191/0x390
[ 1907.893800][T28115]  do_sys_openat2+0x10d/0x1e0
[ 1907.893894][T28115]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1907.893911][T28115]  __x64_sys_openat+0x12d/0x210
[ 1907.893926][T28115]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1907.893941][T28115]  ? do_user_addr_fault+0x8d6/0x12f0
[ 1907.893956][T28115]  do_syscall_64+0x106/0xf80
[ 1907.893972][T28115]  ? clear_bhb_loop+0x40/0x90
[ 1907.893985][T28115]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1907.893997][T28115] RIP: 0033:0x7f4da0ea7407
[ 1907.894007][T28115] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[ 1907.894018][T28115] RSP: 002b:00007ffdde5984c0 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[ 1907.894029][T28115] RAX: ffffffffffffffda RBX: 00007f4da160f880 RCX: 00007f4da0ea7407
[ 1907.894037][T28115] RDX: 0000000000000000 RSI: 00007ffdde598f1b RDI: ffffffffffffff9c
[ 1907.894044][T28115] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[ 1907.894051][T28115] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[ 1907.894057][T28115] R13: 00007ffdde598710 R14: 00007f4da1776000 R15: 0000564c8a79f4d8
[ 1907.894068][T28115]  </TASK>
[ 1907.894072][T28115] 
[ 1908.154183][T28115] Allocated by task 21639:
[ 1908.158570][T28115]  kasan_save_stack+0x30/0x50
[ 1908.163235][T28115]  kasan_save_track+0x14/0x30
[ 1908.167895][T28115]  __kasan_kmalloc+0xaa/0xb0
[ 1908.172466][T28115]  em28xx_v4l2_init.cold+0x94/0x3503
[ 1908.177726][T28115]  em28xx_init_extension+0x13a/0x200
[ 1908.182993][T28115]  request_module_async+0x61/0x80
[ 1908.187990][T28115]  process_one_work+0xa23/0x19a0
[ 1908.192902][T28115]  worker_thread+0x5ef/0xe50
[ 1908.197468][T28115]  kthread+0x370/0x450
[ 1908.201515][T28115]  ret_from_fork+0x754/0xd80
[ 1908.206083][T28115]  ret_from_fork_asm+0x1a/0x30
[ 1908.210823][T28115] 
[ 1908.213124][T28115] Freed by task 21639:
[ 1908.217167][T28115]  kasan_save_stack+0x30/0x50
[ 1908.221827][T28115]  kasan_save_track+0x14/0x30
[ 1908.226486][T28115]  kasan_save_free_info+0x3b/0x70
[ 1908.231489][T28115]  __kasan_slab_free+0x5f/0x80
[ 1908.236235][T28115]  kfree+0x1f6/0x6b0
[ 1908.240106][T28115]  kref_put.isra.0+0x56/0x90
[ 1908.244675][T28115]  em28xx_v4l2_init.cold+0x280/0x3503
[ 1908.250020][T28115]  em28xx_init_extension+0x13a/0x200
[ 1908.255290][T28115]  request_module_async+0x61/0x80
[ 1908.260288][T28115]  process_one_work+0xa23/0x19a0
[ 1908.265200][T28115]  worker_thread+0x5ef/0xe50
[ 1908.269767][T28115]  kthread+0x370/0x450
[ 1908.273814][T28115]  ret_from_fork+0x754/0xd80
[ 1908.278380][T28115]  ret_from_fork_asm+0x1a/0x30
[ 1908.283128][T28115] 
[ 1908.285427][T28115] The buggy address belongs to the object at ffff888040784000
[ 1908.285427][T28115]  which belongs to the cache kmalloc-8k of size 8192
[ 1908.299540][T28115] The buggy address is located 1936 bytes inside of
[ 1908.299540][T28115]  freed 8192-byte region [ffff888040784000, ffff888040786000)
[ 1908.313483][T28115] 
[ 1908.315785][T28115] The buggy address belongs to the physical page:
[ 1908.322169][T28115] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x40780
[ 1908.330904][T28115] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 1908.339381][T28115] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 1908.346901][T28115] page_type: f5(slab)
[ 1908.350857][T28115] raw: 00fff00000000040 ffff88813fe40280 dead000000000100 dead000000000122
[ 1908.359419][T28115] raw: 0000000000000000 0000000800020002 00000000f5000000 0000000000000000
[ 1908.367982][T28115] head: 00fff00000000040 ffff88813fe40280 dead000000000100 dead000000000122
[ 1908.376626][T28115] head: 0000000000000000 0000000800020002 00000000f5000000 0000000000000000
[ 1908.385273][T28115] head: 00fff00000000003 ffffea000101e001 00000000ffffffff 00000000ffffffff
[ 1908.393919][T28115] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[ 1908.402557][T28115] page dumped because: kasan: bad access detected
[ 1908.408939][T28115] page_owner tracks the page as allocated
[ 1908.414681][T28115] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 8453, tgid 8452 (syz.4.794), ts 223760440969, free_ts 221218185681
[ 1908.435928][T28115]  post_alloc_hook+0x153/0x170
[ 1908.440672][T28115]  get_page_from_freelist+0x111d/0x3140
[ 1908.446216][T28115]  __alloc_frozen_pages_noprof+0x27c/0x2ba0
[ 1908.452096][T28115]  new_slab+0xa6/0x6b0
[ 1908.456144][T28115]  refill_objects+0x26b/0x400
[ 1908.460800][T28115]  __pcs_replace_empty_main+0x1ab/0x660
[ 1908.466327][T28115]  __kmalloc_noprof+0x688/0x850
[ 1908.471164][T28115]  snd_seq_oss_readq_new+0x9b/0x290
[ 1908.476341][T28115]  snd_seq_oss_open+0x476/0xa10
[ 1908.481167][T28115]  odev_open+0x79/0xc0
[ 1908.485220][T28115]  soundcore_open+0x2e3/0x5a0
[ 1908.489881][T28115]  chrdev_open+0x234/0x6a0
[ 1908.494275][T28115]  do_dentry_open+0x6d8/0x1660
[ 1908.499015][T28115]  vfs_open+0x82/0x3f0
[ 1908.503059][T28115]  path_openat+0x208c/0x31a0
[ 1908.507627][T28115]  do_file_open+0x20e/0x430
[ 1908.512104][T28115] page last free pid 8420 tgid 8418 stack trace:
[ 1908.518403][T28115]  __free_frozen_pages+0x7e1/0x10d0
[ 1908.523577][T28115]  qlist_free_all+0x47/0xe0
[ 1908.528062][T28115]  kasan_quarantine_reduce+0x1a0/0x1f0
[ 1908.533500][T28115]  __kasan_slab_alloc+0x69/0x90
[ 1908.538326][T28115]  kmem_cache_alloc_noprof+0x241/0x6e0
[ 1908.543763][T28115]  alloc_empty_file+0x55/0x1c0
[ 1908.548506][T28115]  path_openat+0xe8/0x31a0
[ 1908.552901][T28115]  do_file_open+0x20e/0x430
[ 1908.557387][T28115]  do_sys_openat2+0x10d/0x1e0
[ 1908.562040][T28115]  __x64_sys_openat+0x12d/0x210
[ 1908.566873][T28115]  do_syscall_64+0x106/0xf80
[ 1908.570903][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[ 1908.571443][T28115]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1908.579404][    C1] lec:lec_tx_timeout: lec0
[ 1908.585252][T28115] 
[ 1908.585259][T28115] Memory state around the buggy address:
[ 1908.585268][T28115]  ffff888040784680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1908.585279][T28115]  ffff888040784700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1908.585291][T28115] >ffff888040784780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1908.585302][T28115]                          ^
[ 1908.589902][    C1] lec:lec_start_xmit: lec0:No lecd attached
[ 1908.591978][T28115]  ffff888040784800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1908.591993][T28115]  ffff888040784880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1908.592004][T28115] ==================================================================
[ 1908.656865][T21639] em28xx 1-1:0.132: Remote control support is not available for this card.
[ 1908.676213][T28115] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 1908.683414][T28115] CPU: 1 UID: 0 PID: 28115 Comm: v4l_id Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1908.693987][T28115] Tainted: [L]=SOFTLOCKUP
[ 1908.698279][T28115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1908.708303][T28115] Call Trace:
[ 1908.711561][T28115]  <TASK>
[ 1908.714468][T28115]  dump_stack_lvl+0x100/0x190
[ 1908.719125][T28115]  vpanic+0x552/0x970
[ 1908.723092][T28115]  ? __pfx_vpanic+0x10/0x10
[ 1908.727565][T28115]  ? v4l2_fh_init+0x27d/0x2c0
[ 1908.732226][T28115]  panic+0xd1/0xe0
[ 1908.735916][T28115]  ? __pfx_panic+0x10/0x10
[ 1908.740301][T28115]  ? v4l2_fh_init+0x27d/0x2c0
[ 1908.744951][T28115]  ? preempt_schedule_common+0x42/0xc0
[ 1908.750382][T28115]  ? check_panic_on_warn+0x1f/0x90
[ 1908.755464][T28115]  check_panic_on_warn.cold+0x19/0x34
[ 1908.760823][T28115]  end_report.part.0+0x3a/0x90
[ 1908.765560][T28115]  kasan_report.cold+0xe/0x18
[ 1908.770222][T28115]  ? v4l2_fh_init+0x27d/0x2c0
[ 1908.775312][T28115]  v4l2_fh_init+0x27d/0x2c0
[ 1908.779807][T28115]  v4l2_fh_open+0x64/0xa0
[ 1908.784112][T28115]  em28xx_v4l2_open+0x11e/0x570
[ 1908.788939][T28115]  v4l2_open+0x1d2/0x490
[ 1908.793159][T28115]  ? __pfx_v4l2_open+0x10/0x10
[ 1908.797907][T28115]  chrdev_open+0x234/0x6a0
[ 1908.802297][T28115]  ? __pfx_chrdev_open+0x10/0x10
[ 1908.807207][T28115]  ? fsnotify_open_perm_and_set_mode+0x17a/0xa80
[ 1908.813507][T28115]  do_dentry_open+0x6d8/0x1660
[ 1908.818249][T28115]  ? __pfx_chrdev_open+0x10/0x10
[ 1908.823160][T28115]  vfs_open+0x82/0x3f0
[ 1908.827214][T28115]  path_openat+0x208c/0x31a0
[ 1908.831793][T28115]  ? __pfx_path_openat+0x10/0x10
[ 1908.836725][T28115]  do_file_open+0x20e/0x430
[ 1908.841209][T28115]  ? __pfx_do_file_open+0x10/0x10
[ 1908.846217][T28115]  ? alloc_fd+0x476/0x790
[ 1908.850526][T28115]  ? do_getname+0x191/0x390
[ 1908.855010][T28115]  do_sys_openat2+0x10d/0x1e0
[ 1908.859672][T28115]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1908.864854][T28115]  __x64_sys_openat+0x12d/0x210
[ 1908.869686][T28115]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1908.875041][T28115]  ? do_user_addr_fault+0x8d6/0x12f0
[ 1908.880310][T28115]  do_syscall_64+0x106/0xf80
[ 1908.884883][T28115]  ? clear_bhb_loop+0x40/0x90
[ 1908.889539][T28115]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1908.895419][T28115] RIP: 0033:0x7f4da0ea7407
[ 1908.899813][T28115] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[ 1908.919408][T28115] RSP: 002b:00007ffdde5984c0 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[ 1908.927814][T28115] RAX: ffffffffffffffda RBX: 00007f4da160f880 RCX: 00007f4da0ea7407
[ 1908.935768][T28115] RDX: 0000000000000000 RSI: 00007ffdde598f1b RDI: ffffffffffffff9c
[ 1908.943724][T28115] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[ 1908.951675][T28115] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[ 1908.959628][T28115] R13: 00007ffdde598710 R14: 00007f4da1776000 R15: 0000564c8a79f4d8
[ 1908.967589][T28115]  </TASK>
[ 1908.970869][T28115] Kernel Offset: disabled
[ 1908.975167][T28115] Rebooting in 86400 seconds..