last executing test programs:

5m45.881484648s ago: executing program 4 (id=319):
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000240)=@framed, &(0x7f00000001c0)='syzkaller\x00'}, 0x80)
socket$packet(0x11, 0x3, 0x300)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r0, 0x0, 0x25, 0x0, @val=@iter={0x0}}, 0x40)

5m45.090665983s ago: executing program 4 (id=322):
readahead(0xffffffffffffffff, 0x7, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000380), 0x0, 0x0)
syz_open_dev$media(0x0, 0x1004007, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r3, 0xc0045005, &(0x7f00000000c0)=0x10000)
capset(0x0, 0x0)
write$binfmt_elf32(r3, 0x0, 0x4cd)
ioctl$SNDCTL_DSP_SETFMT(r3, 0xc0045005, &(0x7f0000000100)=0x1)
write$dsp(r3, &(0x7f0000000140)="755a5398d512d39077459e67ee110daaf0413bc745ef85b89f2141d513969bd8", 0xffaa)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000001280)="b7f2288a9119", 0x6)
r5 = accept$alg(r4, 0x0, 0x0)
sendmmsg$alg(r5, &(0x7f0000001900)=[{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f00000000c0)="5bdbd57a0e656889964df9937f561de9b944d1e381fed329742e239cb13cf2af711d48d2f15b3118abd8fd087f117830209a631f9dfbec5cbbbb2216a2d87dfb0d7dd906c594125a10053c8e288ac4445ff0e999d423cc250e31e8650d248e49ba5fb3be8db01db38acf5a4455630ecb10f753530ada6598a1ff4805370a5cebf05e199368871b2751c242633419d13a6b05a390d21ab1d44be1254385b3d882c646f9762bf3480e05e98c9cc655adb7caa279e66709794e3b93cda0b9a14794e6d020cc68ea70e71a083e1a2b375591203ce218e8d244cf32f5dd7af0ee1ed032d3b59e4d57136639d68b757755", 0xee}, {&(0x7f0000000000)="ef7791000dc7777cb951", 0xa}], 0x2, &(0x7f00000006c0)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x2}], 0x1, 0x0)

5m41.878005528s ago: executing program 4 (id=338):
openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0xee00, 0xee01, 0x0)
syz_pidfd_open(0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="180100"/16], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
syz_io_uring_submit(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000003c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000000000000a00008908c9ab482c577e9e84dd957692bfd76cf71bce78681b6ec57f832fd152a821504e23f22088733749dfc4cc65bc110000000000000000000000000000aa65983f62dc8600abd388150a599434115b2df98b34aac9a131f4ab58ae6034a5c5164f5f630ac1ebcda60b617a50413c8256c6fdc87e7f808ca2841fec44cd132432158db71f5b771cb236590d9131d596c33bc619b0a4c3a85b4d396d3e0cccee4cf74faff914509732bea02fbd6ea6c876146178be1a94c10ac3522737b68f56dbe49f85bc310ae3ae38933534d10e3bd94a2f73387e43c8ff7468dc0cbfb1"], 0x14}}, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000002c0), 0x0, 0x2082)
r5 = fcntl$dupfd(r4, 0x0, r4)
ioctl$SG_IO(r5, 0x2285, &(0x7f0000000040)={0x53, 0xfffffffe, 0x6, 0x0, @buffer={0x2, 0x41001, &(0x7f00000000c0)=""/81}, &(0x7f0000000380)="259374c96ee3", 0x0, 0x300, 0x0, 0x0, 0x0})

5m40.71743659s ago: executing program 4 (id=342):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00')
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
pivot_root(&(0x7f00000000c0)='./file0/../file0/../file0/../file0\x00', &(0x7f0000000080)='./file0/../file0/../file0/../file0/file0\x00')
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
setsockopt$bt_BT_VOICE(r2, 0x112, 0xb, 0x0, 0x0)

5m40.499285933s ago: executing program 4 (id=343):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x6fe9}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0)
setgroups(0x400000000000026f, &(0x7f0000000080)=[0x0, 0xee00])

5m40.067929805s ago: executing program 4 (id=347):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000140)={{0x12, 0x1, 0x0, 0x2, 0xff, 0x71, 0x20, 0x9c4, 0x11, 0xb01c, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x4, 0x10, 0x0, [{{0x9, 0x4, 0x7e, 0x10, 0x2, 0x26, 0xd5, 0x18, 0x8, [], [{{0x9, 0x5, 0x6, 0x2, 0x3ff}}, {{0x9, 0x5, 0x82, 0x2, 0x8}}]}}]}}]}}, 0x0)
syz_usb_control_io$cdc_ecm(r0, &(0x7f00000004c0)={0x14, 0x0, &(0x7f0000000e00)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000200)={0x24, 0x0, 0x0, &(0x7f0000000500)={0x0, 0x22, 0x8, {[@main=@item_012={0x2, 0x0, 0xc, "9734"}, @global=@item_4={0x3, 0x1, 0x6, "d96e2e48"}]}}, &(0x7f00000001c0)={0x0, 0x21, 0x9, {0x9, 0x21, 0x1, 0x7, 0x1, {0x22, 0xb6d}}}}, &(0x7f0000000480)={0x2c, &(0x7f0000000540)={0x40, 0x16, 0xf4, "92bb9b5e7aba7a6d85a6fbd9c740b30ba439cb0e46fd99875b19feff5e1c8f2f4beae13771c75734bfd2d5a85be4c1a8af767ec65dc619748ef0e54673425938f9cc2ab762f4844ac9e61c269d28754e943485e1a376054fb317556c3350458b737a3d885389e928e9399415d39a1226510b7c825754eacc1b2dde6282b956db61f42913b8dd7265e185085f41d62706c6511a61ce7b7170e0de3564be682bf5a55db46177c19abef4168d4f153ad4317f29e82307d8198d83db7e19c7b4762e8ee816a28f7daf29e0a2534a20368fc3ff0084cee7640baeed3de257dc78382b27a6ab3ad5d18aa8febe7a8ec43fa3458f679896"}, &(0x7f0000000340)={0x0, 0xa, 0x1, 0x5}, &(0x7f0000000380)={0x0, 0x8, 0x1, 0xf7}, &(0x7f00000003c0)={0x20, 0x1, 0x66, "d7bdb9769a5131f8685cc37adba220f65dfa3ffa0dc2f4a1e4fd1474e9b6f287be6a6fd6e096b453117498e295a6ba41b7141107dde8d811444fe0dc550a02f381c8bb7445bc69f611dec36f8b7b7ef92aa89a891a6db8021e0445efde56ff695107823153ef"}, &(0x7f0000000440)={0x20, 0x3, 0x1, 0xa}})
syz_usb_control_io$printer(r0, &(0x7f00000000c0)={0x14, &(0x7f0000000000)=ANY=[@ANYBLOB='@!\f\x00\x00\x00\f!'], 0x0}, 0x0)

5m39.336166706s ago: executing program 32 (id=347):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000140)={{0x12, 0x1, 0x0, 0x2, 0xff, 0x71, 0x20, 0x9c4, 0x11, 0xb01c, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x4, 0x10, 0x0, [{{0x9, 0x4, 0x7e, 0x10, 0x2, 0x26, 0xd5, 0x18, 0x8, [], [{{0x9, 0x5, 0x6, 0x2, 0x3ff}}, {{0x9, 0x5, 0x82, 0x2, 0x8}}]}}]}}]}}, 0x0)
syz_usb_control_io$cdc_ecm(r0, &(0x7f00000004c0)={0x14, 0x0, &(0x7f0000000e00)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000200)={0x24, 0x0, 0x0, &(0x7f0000000500)={0x0, 0x22, 0x8, {[@main=@item_012={0x2, 0x0, 0xc, "9734"}, @global=@item_4={0x3, 0x1, 0x6, "d96e2e48"}]}}, &(0x7f00000001c0)={0x0, 0x21, 0x9, {0x9, 0x21, 0x1, 0x7, 0x1, {0x22, 0xb6d}}}}, &(0x7f0000000480)={0x2c, &(0x7f0000000540)={0x40, 0x16, 0xf4, "92bb9b5e7aba7a6d85a6fbd9c740b30ba439cb0e46fd99875b19feff5e1c8f2f4beae13771c75734bfd2d5a85be4c1a8af767ec65dc619748ef0e54673425938f9cc2ab762f4844ac9e61c269d28754e943485e1a376054fb317556c3350458b737a3d885389e928e9399415d39a1226510b7c825754eacc1b2dde6282b956db61f42913b8dd7265e185085f41d62706c6511a61ce7b7170e0de3564be682bf5a55db46177c19abef4168d4f153ad4317f29e82307d8198d83db7e19c7b4762e8ee816a28f7daf29e0a2534a20368fc3ff0084cee7640baeed3de257dc78382b27a6ab3ad5d18aa8febe7a8ec43fa3458f679896"}, &(0x7f0000000340)={0x0, 0xa, 0x1, 0x5}, &(0x7f0000000380)={0x0, 0x8, 0x1, 0xf7}, &(0x7f00000003c0)={0x20, 0x1, 0x66, "d7bdb9769a5131f8685cc37adba220f65dfa3ffa0dc2f4a1e4fd1474e9b6f287be6a6fd6e096b453117498e295a6ba41b7141107dde8d811444fe0dc550a02f381c8bb7445bc69f611dec36f8b7b7ef92aa89a891a6db8021e0445efde56ff695107823153ef"}, &(0x7f0000000440)={0x20, 0x3, 0x1, 0xa}})
syz_usb_control_io$printer(r0, &(0x7f00000000c0)={0x14, &(0x7f0000000000)=ANY=[@ANYBLOB='@!\f\x00\x00\x00\f!'], 0x0}, 0x0)

11.940033926s ago: executing program 3 (id=1443):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010029bd7000fcdbdf250900000008000300", @ANYRES32=r1, @ANYBLOB="0a0006"], 0x28}, 0x1, 0x0, 0x0, 0x48019}, 0x20000000) (fail_nth: 8)

11.148009041s ago: executing program 3 (id=1444):
openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x401c2, 0x0)
inotify_add_watch(0xffffffffffffffff, 0x0, 0x2800047e)
socket$kcm(0x10, 0x7, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000004c0)={&(0x7f0000000440)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x4, [@enum={0x3, 0x300, 0x0, 0x6, 0xa00}]}, {0x0, [0x30, 0x2e]}}, 0x0, 0x28, 0x0, 0x1}, 0x28)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$inet_mptcp(0x2, 0x1, 0x106)
mount(0x0, 0x0, &(0x7f0000000040)='autofs\x00', 0x0, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000002040)='oom_score_adj\x00')
write$FUSE_NOTIFY_RETRIEVE(r1, &(0x7f00000010c0)={0x30, 0x5, 0x0, {0x0, 0x2, 0x5, 0x6}}, 0x30)
syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121)
syz_usb_connect$cdc_ncm(0x1, 0x0, 0x0, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_NEW(r2, &(0x7f0000000080)={0x0, 0x3f00, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r3, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0)

9.485639512s ago: executing program 3 (id=1453):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000580)=ANY=[@ANYBLOB="000000df4e1cd24dfe0f042d3f47fd96856ce68336197114520b58d6569434f1e0caffa4132eacbf7469000603d84aebe37ec23a5641fc1809", @ANYRES16=r1, @ANYBLOB="01000000"], 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB='\a\x00', @ANYRES32, @ANYRES32], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0xa7)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
r3 = openat$ttyprintk(0xffffffffffffff9c, 0x0, 0x8801, 0x0)
writev(r3, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000001540)=ANY=[@ANYBLOB], 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mount$9p_rdma(&(0x7f00000013c0), &(0x7f0000001400)='.\x00', &(0x7f0000001440), 0x800, &(0x7f0000000180)=ANY=[@ANYBLOB="7472616e733d72646d612c706f72743d307856a030352181397341eef099fd321757501e22303030"])

9.277221838s ago: executing program 0 (id=1454):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x40, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000280)=[@text16={0x10, &(0x7f0000000180)="baf80c66b82cc5ff8b66efbafc0cb800e0ef66b80e0000000f23c00f21f8663500000a000f23f866b80500000066b9000000000f01d9baf80c66b898d50e8566efbafc0c66b80800000066ef9a000009010fc72eb100440f20c066350b000000440f22c00f01190f406b1b260fc76eb1"}], 0x1, 0x90, 0x0, 0x4)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
syz_usb_connect(0x1, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000014da2108ab120000eb1e000000010902240001b30000040904410017ff5d81000905f7ffffff004000090586"], 0x0)
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000200)={0x0, <r5=>0x0})
sched_setattr(r5, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0x6, 0xffffffff}, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x50, 0x0, &(0x7f0000000040)=0x54)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1}, 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r6, @ANYBLOB="0000000000000000b703000000e00000850000001b000000b700000000fa000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x18)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_GET(r8, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="4400000001090104000000000000000005000004080005400000000808002340000000000900010073797a31000000000c00048008000140000000770800054000000002"], 0x44}}, 0x400d0)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_DYING(r9, &(0x7f0000000440)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x34, 0x6, 0x1, 0x5, 0x0, 0x0, {0xe, 0x0, 0xa}, ["", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x80}, 0x4000800)
sendmsg$NFT_BATCH(r9, 0x0, 0x0)
sendmsg$NFT_BATCH(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000180a0500000000000000000002000000300003802c00038014000100776732000000000000000000000000000400010076657468315f746f5f627269646765000900020073797a30000000000900010073"], 0x84}, 0x1, 0x0, 0x0, 0x4d008}, 0x2000c000)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r10, &(0x7f0000002bc0)={0x0, 0x0, &(0x7f0000002b80)={&(0x7f0000002980)=@dellink={0x34, 0x11, 0x1, 0x70bd27, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0xc0, 0x1400}, [@IFLA_ALT_IFNAME={0x14, 0x35, 'wg2\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x40000100}, 0x40004)

8.658803659s ago: executing program 1 (id=1455):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000f80)={0x20, 0x1402, 0x1, 0x70bd28, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_DIM={0x5, 0x54, 0xfc}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000050}, 0x80d0) (fail_nth: 3)

8.512087431s ago: executing program 1 (id=1457):
r0 = syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x0, 0x8000, 0x40024e}, &(0x7f0000000340)=<r1=>0x0, &(0x7f0000000300)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd_index=0x4})
io_uring_enter(r0, 0x627, 0x4c1, 0x9, 0x0, 0x0)
r3 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r3, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000f80)={0x20, 0x1402, 0x1, 0x70bd28, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_DIM={0x5, 0x54, 0xfc}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000050}, 0x80d0)

8.468427676s ago: executing program 3 (id=1458):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000000c0)=ANY=[@ANYRES32], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
socket$inet6_udp(0xa, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
ioctl$FS_IOC_FSSETXATTR(r2, 0x401c5820, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
timerfd_create(0x9, 0x0)
socket$nl_rdma(0x10, 0x3, 0x14)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_CHANNELS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$igmp(0x2, 0x3, 0x2)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000200)={'netdevsim0\x00', <r7=>0x0})
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x6, 0x4, &(0x7f0000000000)=@framed={{}, [@jmp]}, &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r7}, 0x90)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r8=>0xffffffffffffffff})
connect$unix(r8, &(0x7f000057eff8)=@abs, 0x6e)

8.372288088s ago: executing program 1 (id=1459):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
setsockopt$sock_int(r1, 0x1, 0xa, 0x0, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
close(0xffffffffffffffff)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r3 = socket$kcm(0x2d, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x89e0, 0x0)
r4 = fsopen(&(0x7f00000000c0)='jffs2\x00', 0x1)
r5 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r5, 0xc0045005, &(0x7f0000000000)=0x1000)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x2000c000)
ppoll(&(0x7f0000000040)=[{r5, 0x9620}], 0x1, 0x0, 0x0, 0x0)
close_range(r4, 0xffffffffffffffff, 0x0)
r6 = syz_open_dev$sndctrl(&(0x7f0000000440), 0x7, 0x58401)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r6, 0x40045532, &(0x7f0000000100))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r7=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@abs={0x1}, 0x6e)
r8 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r8, &(0x7f0000000040)={0x2, 0x4e22, @empty}, 0xd)
sendmsg$rds(r8, &(0x7f0000000080)={&(0x7f0000000180)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}, 0x0)
setsockopt$RDS_CANCEL_SENT_TO(r8, 0x114, 0x1, &(0x7f0000000100), 0x10)

7.679604153s ago: executing program 5 (id=1461):
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff)
socket$kcm(0x10, 0x2, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)={{0x14}, [@NFT_MSG_NEWCHAIN={0x24, 0x3, 0xa, 0x801, 0x0, 0x0, {0x5, 0x0, 0x1}, [@NFTA_CHAIN_FLAGS={0x8, 0xa, 0x1, 0x0, 0x4}, @NFTA_CHAIN_POLICY={0x8, 0x5, 0x1, 0x0, 0xfffffffffffffffd}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x4c}, 0x1, 0x0, 0x0, 0x8008080}, 0x44881)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(0x0, r1)
sendmsg$IEEE802154_LIST_PHY(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000340)={0x0}, 0x1, 0x0, 0x0, 0x44}, 0x20000004)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x4fed0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0xc000)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='\a\x00\x00'], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYBLOB], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$LOOP_CTL_GET_FREE(r4, 0x4c82)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
eventfd(0xffffffff)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r5)
socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x2c}, 0x1, 0x0, 0x0, 0x100}, 0x40000)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x200006, 0x7, &(0x7f0000006680))

7.407178433s ago: executing program 3 (id=1462):
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000100))
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x11, 0x80a, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000300)={'bond0\x00', <r3=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=r3, @ANYBLOB="00000000000000001c00128009000100626f6e64000000000c0002800800070003"], 0x3c}}, 0x0)
r4 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073797a3100000000080041007369770014003300626f6e6430"], 0x38}, 0x1, 0x0, 0x0, 0x8801}, 0x20000000)
syz_clone(0x42000000, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5})
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn'])
chdir(&(0x7f0000000340)='./file0\x00')
mount$nfs(&(0x7f0000000540)='\xb2\x83\x87J9I\xc3i\xe4\x81\xc5:\xccLD\x9d\xd8\xc7\x90v\x8b\x82\x90\xa4\xdd\x98\xb8\rQh#\xfacl\x01\x8cC\x1f|\xa5\xcb\x8f\xe5WJ\x00>\xf2\xd6\t\xf4IE\xcb\x15A\xb5\xbbG\xa0\xea\xc4\x03\xf2\xf5\xf4\xa1\x98', &(0x7f0000000240)='./file0\x00', 0x0, 0x201008, 0x0)
ioctl$UFFDIO_CONTINUE(r0, 0xc020aa07, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})

5.680265347s ago: executing program 5 (id=1463):
openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x401c2, 0x0)
inotify_add_watch(0xffffffffffffffff, 0x0, 0x2800047e)
socket$kcm(0x10, 0x7, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000004c0)={&(0x7f0000000440)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x4, [@enum={0x3, 0x300, 0x0, 0x6, 0xa00}]}, {0x0, [0x30, 0x2e]}}, 0x0, 0x28, 0x0, 0x1}, 0x28)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$inet_mptcp(0x2, 0x1, 0x106)
mount(0x0, 0x0, &(0x7f0000000040)='autofs\x00', 0x0, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000002040)='oom_score_adj\x00')
write$FUSE_NOTIFY_RETRIEVE(r1, &(0x7f00000010c0)={0x30, 0x5, 0x0, {0x0, 0x2, 0x5, 0x6}}, 0x30)
syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121)
syz_usb_connect$cdc_ncm(0x1, 0x0, 0x0, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_NEW(r2, &(0x7f0000000080)={0x0, 0x3f00, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r3, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0)

5.204793451s ago: executing program 0 (id=1464):
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
fspick(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x1)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x2)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000200)="ad56b6cc0400aeb995298992ea5400c2", 0x10)
write$binfmt_register(0xffffffffffffffff, &(0x7f0000000240)={0x3a, 'syz1', 0x3a, 'M', 0x3a, 0x100, 0x3a, '\x98Y\xff\x03\x00\x00v/\xff\xefp\xf2\xb5`\xe3\xb6G\x17\xd9\x8e\xd1\x83\x1eu\\\xd4\xfd\n\xe5\t\x9e\x97N\x15\xbc\x9f\xdc\"v?>(LB\xf5+\xb7g\xde\xff\t\x00\x00\x00\x91x\xe0\x06\xe7\xce\xa9\x17\x05*\xb4\x82\x99\x83\x90bIG/\xe7\x0e)\xe0\x9d\x80J\xea\xa7)\t\xdb\x9f\x81\xe8\x18\x92\xe6\'\xf6a\x81\x9dc\x93\xf7\xd17C\xfa\xb1\x8a\xd4\x05\x1a\t\x8fS\x9c3h-A\xc0$\xcc\xf5c?$\xbe/\xcd\xfcO', 0x3a, '#/\xa5\x9fh.$)$.#-\x10h\x7f\x7f@CV\xbc', 0x3a, './file0', 0x3a, [0x50]}, 0xbc)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000000), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
openat2(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', &(0x7f0000000180)={0x20000, 0x4, 0x10}, 0x18)
sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000001b00)={0x1c, 0x2d, 0x1, 0x70bd27, 0x25dfdbfc, {0x4}, [@typed={0x8, 0xc, 0x0, 0x0, @u32=0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4c00d}, 0x20000000)

4.343877955s ago: executing program 1 (id=1465):
r0 = socket$inet(0xa, 0x801, 0x84)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCSSOFTCAR(r1, 0x5453, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x121202, 0x0)
getsockopt$EBT_SO_GET_ENTRIES(r0, 0x0, 0x81, &(0x7f00000001c0)={'filter\x00', 0x0, 0x4, 0xa2, [0x800, 0x14, 0x9, 0x80, 0xfff, 0x9], 0x0, &(0x7f0000000040), &(0x7f0000000080)=""/162}, &(0x7f0000000240)=0x78)
listen(r0, 0x4)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000300)={'syztnl0\x00', <r2=>0x0, 0x29, 0x9, 0x24, 0x4, 0x1, @private0={0xfc, 0x0, '\x00', 0x1}, @ipv4={'\x00', '\xff\xff', @loopback}, 0x80, 0x20, 0xffff, 0x6}})
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0x5, &(0x7f0000000600)=ANY=[@ANYRESHEX=r0, @ANYRESHEX=r0], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', r2, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x54b8}, 0x94)
bpf$ITER_CREATE(0x21, &(0x7f00000001c0), 0x8)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'wg2\x00', <r4=>0x0})
r5 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={<r6=>0xffffffffffffffff})
getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r7=>0x0}, &(0x7f0000cab000)=0xc)
setresuid(0x0, 0x0, r7)
setreuid(r7, r7)
sendmsg$nl_route(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000003c0)=ANY=[@ANYBLOB="e00000001a00e20357d6cd7c25e1ece00edbdb6627001797ce30e671ee55250a0100907e", @ANYRES32=r7, @ANYBLOB="0c00090009000209", @ANYRES32=r4, @ANYBLOB="0800060000080000500008802a4a747c1bcf622620a0443fca2586e2e6ec48e1c25ffa9966b5b6158238b49356ce924de17b0b51bfd7ed6dd0f5ea628b448e86771144afc20a544a5a5e1d201e5bdfe21b8e6ed9c3c9f359210008803027e8cff5ff8d4420f23af25d86507e1388a0fe3d9fdd985d6a92283900000008000400", @ANYRES32=r4, @ANYBLOB="08000400", @ANYRES32=r4, @ANYBLOB="100016800c0001800800020047504c00"], 0xe0}, 0x1, 0x0, 0x0, 0x4008840}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000500)='sys_exit\x00', r3, 0x0, 0xffffffffffffffff}, 0x18)
r8 = socket$rxrpc(0x21, 0x2, 0xa)
pause()
r9 = socket$netlink(0x10, 0x3, 0x4)
bind$inet(r0, &(0x7f00000002c0)={0x2, 0x4e22, @multicast1}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280))
writev(r9, &(0x7f0000000000)=[{&(0x7f0000000140)="480000001400190d09004beafd0d8c560a84476080ffe00600000001590000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed5e00000000000000", 0x40b}], 0x1)
accept$inet6(0xffffffffffffffff, &(0x7f0000000640), &(0x7f0000000680)=0x1c)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r8, 0x8933, &(0x7f0000000040))

4.33684234s ago: executing program 0 (id=1467):
r0 = syz_clone(0x36190500, 0x0, 0x0, 0x0, 0x0, 0x0)
io_uring_setup(0x5a90, &(0x7f00000001c0)={0x0, 0x4a53, 0x1044, 0x1, 0x2f1})
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$sock_linger(r2, 0x1, 0xd, &(0x7f0000000340)={0x1, 0x3}, 0x8)
listen(r2, 0x0)
fchdir(r1)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
r3 = syz_open_dev$vcsu(&(0x7f0000000040), 0x33d7, 0x80002)
r4 = syz_io_uring_setup(0x79be, &(0x7f0000000240)={0x0, 0x2803, 0x2, 0x0, 0x203, 0x0, r3}, &(0x7f00000002c0)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300))
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x1, 0x4370, 0x6})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x3938700}}, 0x0)
fanotify_init(0x200, 0x2)
syz_io_uring_submit(r5, r6, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffff56})
io_uring_enter(r4, 0x7a98, 0x8202, 0x0, 0x0, 0x0)
syz_usb_disconnect(0xffffffffffffffff)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0x2, 0x1c, 0x17}, 0x18)
syz_open_procfs$namespace(r0, &(0x7f0000000040)='ns/net\x00')

3.927272243s ago: executing program 5 (id=1468):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r5, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r6=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r5, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r6})
close_range(r4, 0xffffffffffffffff, 0x3e00)

3.726240042s ago: executing program 2 (id=1469):
r0 = fsopen(&(0x7f0000000200)='mqueue\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x18, 0x1404, 0x200, 0x70bd2a, 0x25dfdbff, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}]}, 0x18}, 0x1, 0x0, 0x0, 0x40800}, 0x20000000)
mknodat(r1, &(0x7f0000000240)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x200, 0x0)

3.28604644s ago: executing program 3 (id=1470):
r0 = socket(0x22, 0x5, 0x6)
syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1a0100005c6b5108070a64006e400102030309022400019d2300000904000002ca744d000905030001000099090805", @ANYRES32], &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_HOPOPTS(r2, 0x29, 0x36, &(0x7f0000000300)=ANY=[@ANYBLOB="3c34000000000000040100c910fc02000000000000000000000000000107"], 0x1b0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2002, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r4, r5, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x7c, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f0000000000)={<r6=>0x0, 0x5, 0x30, 0x9, 0x2}, &(0x7f0000000080)=0x18)
setsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f0000000100)={r6, 0x9}, 0x8)
ioctl$KVM_SET_SREGS(r5, 0x4138ae84, &(0x7f00000001c0)={{0x2000, 0x2, 0x8, 0x9, 0xfb, 0x3, 0x50, 0x9, 0x0, 0x2e, 0x19}, {0x5000, 0x6000, 0x3, 0x0, 0x40, 0x5, 0x7f, 0x6, 0x5, 0xff, 0xb, 0x3}, {0xeeef0000, 0xf000, 0xe, 0x5, 0x3, 0x7, 0x0, 0x9, 0x1, 0xa7, 0x5, 0x81}, {0x3000, 0x1, 0x9, 0x3, 0x4, 0x41, 0xb, 0x2, 0xa, 0x9, 0xe}, {0x8080000, 0xd000, 0x8, 0x3, 0x15, 0x7, 0x0, 0x7f, 0x7, 0x83, 0xf7, 0x83}, {0xd000, 0x0, 0x10, 0xa0, 0xb1, 0x8, 0x5, 0xa0, 0xfc, 0xf, 0x1, 0x4}, {0x5000, 0x100000, 0x4, 0x0, 0x7, 0x5, 0x7, 0x3, 0x6, 0x81, 0xff, 0x70}, {0xf000, 0x1000, 0xe, 0x5, 0x80, 0x7, 0x1, 0x34, 0x2, 0xb, 0xb0, 0x9}, {0xeeef0000, 0x7}, {0x6000, 0x7}, 0x80030031, 0x0, 0x8000000, 0x2024, 0x2, 0x0, 0x3000, [0x6800000000000000, 0x4, 0x5d, 0xff]})
syz_kvm_setup_cpu$x86(r4, r5, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, 0x0}], 0x1, 0x40, 0x0, 0x0)
ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, 0x0)
ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f0000000000)={0x8, 0x1, 0x4, 0x0, 0xb})
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x8000000)
creat(0x0, 0x24)
bind$netlink(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x80000000005, 0x100000001000087}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x14, &(0x7f0000000040)=0x6)
r9 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r9, &(0x7f0000019680)=""/102392, 0x18ff8)
fsopen(&(0x7f0000000140)='erofs\x00', 0x0)

3.212009609s ago: executing program 1 (id=1471):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
mkdir(0x0, 0x21)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
write(r0, &(0x7f0000000000)="0a0000000100", 0x6)
mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x184)
mkdir(0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
close(r1)
close(0xffffffffffffffff)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000007c0))
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{}, &(0x7f0000000000), 0x0}, 0x20)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002700000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x5d}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000cc0)={{r2}, &(0x7f0000000c40), &(0x7f0000000c80)=r1}, 0x20)
mount$overlay(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@uuid_off}, {@userxattr}], [{@smackfsfloor={'smackfsfloor', 0x3d, '}.\xd1&}'}}, {@seclabel}, {@permit_directio}, {@dont_appraise}]})
syz_open_dev$loop(&(0x7f00000002c0), 0x0, 0x0)
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/profiling', 0x149b82, 0x240)
write$cgroup_int(r3, &(0x7f0000000000)=0xfe8e, 0x12)
getdents64(r3, &(0x7f00000001c0)=""/194, 0xc2)
r4 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x80000, 0x0)
pread64(r4, &(0x7f00000000c0)=""/124, 0x7c, 0xb)

3.211732224s ago: executing program 2 (id=1472):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
connect$inet(r0, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10)
writev(r0, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x1)
shutdown(r0, 0x1)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r1, 0xffffffffffffffff, 0xfffe)

3.143178283s ago: executing program 1 (id=1473):
socket$nl_netfilter(0x10, 0x3, 0xc)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
pipe2(&(0x7f0000000000)={<r0=>0xffffffffffffffff}, 0x4800)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000002740)=ANY=[@ANYBLOB="140000001300015b993dde440113e90006"], 0x14}], 0x1}, 0x0)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = io_uring_setup(0x773c, &(0x7f0000000a40)={0x0, 0x0, 0x0, 0x2, 0x3b8})
r5 = socket$rxrpc(0x21, 0x2, 0x2)
bind$rxrpc(r5, &(0x7f0000000000)=@in4={0x21, 0x4, 0x2, 0x10, {0x2, 0x0, @empty}}, 0x24)
close_range(r4, r5, 0x0)
r6 = syz_io_uring_setup(0x37c2, &(0x7f00000000c0)={0x0, 0xc731, 0x80, 0x3, 0x319}, &(0x7f0000000140)=<r7=>0x0, &(0x7f0000000400)=<r8=>0x0)
r9 = socket$inet(0x2, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
setsockopt$inet_mreqn(r9, 0x0, 0x23, &(0x7f0000000100)={@multicast2, @remote}, 0xc)
r10 = socket$netlink(0x10, 0x3, 0x0)
io_setup(0x7f, 0x0)
writev(r10, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
writev(r10, &(0x7f0000000400)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}, {0x0}], 0x2)
r11 = socket(0x1d, 0x2, 0x6)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r7, r8, &(0x7f0000000340)=@IORING_OP_ACCEPT={0xd, 0x40, 0x4, r11, 0x0, 0x0, 0x0, 0x80800})
sendmsg$AUDIT_ADD_RULE(r10, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000040)={&(0x7f00000008c0)=ANY=[], 0x42c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
io_uring_enter(r6, 0x3516, 0x0, 0x0, 0x0, 0xfffffdcf)
sendto$inet(r0, &(0x7f0000000040)="537d388e2ef3a7080d6b42e05294d8977e4e92a930e71d7b2f83966932f73190087d66e1bad26bbf3e7d256bf952a0bd780bb4c03daa4faea540d7fc3026fc112824f2d285f17dd248fdc59cd001d063664d0ea96a1e04b8c0047d813842d4336aaaf63b50707e9d7b7ad7230b30a0b9c361d236b5a61f2c670c0e499e9d6d77852a22bcc92231e57a416f9cc10b35c6cd696b8b4d377485a25984093d7429cdb8fb332786b6c6d6f4e36964756b67c7cc1518dff46fecec874c0f8429d5d60bde522dcba0257ca6567564e9ec3ed743f6e66e11d8bf61dea71d1252897a8a7a054ff1b55b0fde758880218b799f3d90246d0d2840e6b8213c8b579efc5d1e4754cf475c76d7b95dd96587215bfb29c9406b7a2cc8a3fa6976ea6111383f38c68b304556930e3fa3dff63729482714ed22a5cfd2a3220030f3c38bf8fff05fd85ecc88dfc4e94bbf9ea72f98ee0139cc7c75fbbc74056adf795b1497b8fa310bb0875de7445492bf7e398092539f59a1bab5746e69202b100e9da2a903ed01b083814377b1d4cb8bc0743ee40105b3b62abf48c39c16bebf69996421cd6e87724c1234a69311f3758a7b62fe4140fea09948893abbc1bb7f63c69e29cfbb5ebd6613ae51a7817fb1258e9d75e295bff8612b25b6e685ee22447e629190bcdee32a950a3c384555a277d2d3e7a7c2c16578a380445cae71cb945cea55770c6d73e69455dce377275a01cc292d59e6b6733c6fbf7e502c21ee968e1ec6d2fd53fec686ce9187e2815c00655738102a195623097746610adffddaf1d54ccc74d9fd16f407fef155364a4a0f2a9be7592f36a2f323edbbedb17d64f7246284a2f68c4ab4042ab01b0e784bbb3b672c9092b05942308dcf62d0c24314a2b3898430611f21962e40d5df698d34099bfca3aa7abb38428122008370cb97716f0afe16dcda1d92cdb519e807bc2e3535239ed1eebf5abc9ec498cab47a08fd9b411573684a9084daab3a5e36f93be9aa597074221f394a63f7c6ade7bd34d83c124f0c442383e7efd9176a6863b41b239dc683ac4d96215773accaf8fbfcdb115bd18f7960accb07fb228466aefdc15fc1ded33989ff74494bd064afa6105052022ff295c66a3b60a4cdd37763fb770a04aa4049e43598a651e8c0287912b7e0b29ba51ea615bed255407f687efc7d4feb0a04fe6b241c48e4a97672d6a1ae27f806a08305e94f99c5744a8ae2ec18805dae6b37f7c4e1ccceaa858463adcc73a764571ee09f99c39b0e05afb97b3debda9d725206eef43a514105d32c192c088b5c7b09474417066b6dbf2118fb30607143cb9351d6d906d31ff96263d1c6ed2f55a982751c4101f3575748edfa9a503a9ab72e1dbfffeefad74a6dd49be4ec985b20f8a362b0fb38c2526e5bfc18da41c60637046b47830597d6d402c8d6e9922438cfbe813db569672255735efa1d51597129c1e9e786c8b6a2e72c4d26911a1f9b3a4d38501bcbcb82893e448632e8c12853c0eb2021e592f017f6c58d08c7e38e6bdfee72d1eca78b38fa4cf95fa373001ec2275a1b80c70c14c56852f45b587eeb92c00000bf0c04783effcf070eaf7addf3c568a0c6e662e11901b2eb7db1ac32bec55668af4f0785eabae5dd9ec0bb7b2758e6face7b0ce0a18fc70a5fb39b89460eece68f888b4fe257b41462ba921efc6b31d3f41cea24183c5db50267d0154856018a22e198451d9e38f27ec20503c5a6aa1063c3199a5c90ad23d46afbd64fb4ed40c3da40d8a1dd36e08f43d6dc31e5e4d2fbbb331d06cd6c23d858a2e1549639fc9dee9f930337fdf9876413f7297b20014d331b9c5d70f93c32c4c2bcba46c493c027ed9b2316f880018f41ba73979c48e278b23fbd16809982f4064cd7a7daf9394ffb53cb12e82ace4a8fdb020045e67eb69f8634d65e553032ec60cb8d2e553e052dbb1286c813d32f9207ea060a4bd123bbab898f51d137004441472f250c6d995ec6dd910cb696befb9067566ca85070778098a29b987944df6290e62a3b3b4ee38bdd1edeb31564b207ad6356d18f06fa61f1907ead1a023e97074b05f6473fa6cd1031bdbb636d9fc7da2a23cf34a766fbf2ea12df57d6e0e6a25e6a451f6873d3159a7b87c147bd01c444ee3f81c8ad6df2cde6c13c0b4c1d2048ec4f3fbadc4b19372ddd67a3ecf4b82e9d0c1c96500264c9252d4e30e689146a7c1358a47c0897f7c134d6e9f2e07bb934be6a0b95c137070390dc2288e41d2493d40a34e70d3cd6f1c25f892b0ab71f2bdf911024fd1ba1fb7b4f07194e5d3fb5ae4da00c12e52ef3afafa25bae4ab314f70ce0ed5a083917e3326f69df403a22d51653adf9ef0fc239936054042c68500a9f5db1548b6a99d399242adb7fd928584fdba872cd92013e0b7a63a189eb01ab034762a9f32f133a0c934f45c8ad6416dd947e3960c1988d5c95e0325d70ebcbddaa21bfcec21d3a6d10a05d8d3192d21f3b2d50b5d8c8b1a01351083e885938c12c491462dda5db3b5dd00310b12a7ec70d1890c5a6e2497ccf294889521be06c2adff58876ec2f4537b9344ab9b8c0edb5dc6ea19dbca4ef5333ab2fbe7bdfd7723fd999441b969fd1c0429569f9f899aae3369f6de893d3b3feb9ca02f78f8f3e52eedba8f9ca1b016a80a1f11cc8cd31a32735199b82df62ff43c97d4102e2683d6a83df6b2674715e15f40f46d41ff97b107000ba1972742add77dc83044ec9926a1070a9452e99ac2cac07618a5a9bb17d677495681e29ff2ddbc4c0a60fee62dc482be73270f8db2e2fb8403fb13002742fbc42e66a9e9b3a4bd3f93539983f07c9b292d08ea1d62761827d59653b70fe51da79b3f968a107b4f9dae34297bcc6f2507042f67f75e2ee69c49487a5b726324190ba40ed657d676683ba84c26e0a214454fc4bbb6631948e48632012f7ef274532509de4ff945e6d89ed6753b0ce58b47d137ad039d60a99049b484a46557315ccdddd5cd3848684a87bc14618d504862f259e1fd11e01b652364a6c896b250886606e07f522ae3efd395f1e3308f05b46e9b3c6ec13ad45919aa75e71d462441441106752dacf29cdb0dfb4bbb2187490963bfb5847010ab18d3836d6cf41013308ce5aa4644bd7e7f39a7f98cd1f62efe46f38775c6c91730d461b01480b3cdb96d4cca626e243af4d1f9e8b0bad479f7555d37edb756da91088e6922f178bec2630e2a6038fb28d1db71690fb68eaae13d7244320e1dc512abfea098958f48f7cbc5920ffcdf014c7dbea4eab55457c9d4e90322d2bcb7c604e03fbcfcbb9d1b1922cedc4a27f59260d41d2c6b244809f603d428cc6f140a82995a466a621661d26cbd9785e63d2c5c8915ea93219f1073aae60e335b0027088d9d6dd7ce6cfacf4c7675a701d97be61296211e11137cb97273b40db67feebee3b8cd5a5acff363de7721bd12925680de7370a187ddab413d0a9e744c922665bc3ea5b200007634a39b4234af89941cc8a24b2783acb4e0a39da455567a0b5243ea6cee6bae5cf476e7b40d9ae9355758385852876624f0833e29b352818ce469baffc0b676012e97fb1f5b8f872f8d91b51a29fc0d11bc0dd0e520af13ce8b86893f770fe53cc3cd6511fe4a183611822c652b44026ff7498884fb70e30c6f8de5f7d67972ce63be9ca7e002501b6f98d0ac5825e895f5268534f461fd9be617d3f23a12bf779070145f786a0d4823fe55c96b717635c9c9cadc8e123f85a6a7fb791eac3d431f59f2cc84ab96a8732f7e4f721d0e31b675bf9fbe8b981b7d1591889571461d5b097bc9aae6554663f9f0ae58a23c0790777be7cb5d6c56db3533cab1fe55ab810e755306bec44e3ad7399efe15026a5831b58b6d99d2fe3ad55f549bafe9a3955005b888453a000d3584697292ca39995348229856b483bb3e758e8c93cb773b65a0db2c503d8f783024ec8709cfe9b0d42c7b2ff6986aa2eb0ea92a3d2c89f7564415a2af1e4d7675135b25a5fe3c304b333beb058aec97c1a6bd18e8fd7facc1bbe6a93675b506583e90dc5070d81bab9c540eca935899d8bbc21516f84ba41f86ce301d33c90d5f279a80e4f3ece9d4b2126d4d8ca946d496eb58b469320b5bd9b7bb8f6ebd344b92b0cd7676022c128cd5793c719b98a2ec7b0b1f2817647551f9b7b42df8ef9a41fcbcdd7b3c212f324838bee0d7dfce306b106f040e745e0ef1de0889b8dfe12fc6fc410ec956671cb8be16e5dccbd845015d6b1fc1b6dea76c8d4715b900c1067d75bf2ca3261914037ef823f8f3c5f2dec442863e181074f5452aad45522eaf17065a4f0ca436042517be76933bb6e5d6ec9770049d5c16512aa99aa5235536262cd6f20d3d84faa97c2caa708150d1f1c6d3f2f2b3280f40d6c44ad244d029f9348f1dfdf2eafb6f392ab36a2eb147ff4752519f6016baf7d385ea20fa4ef2e5ce1228a4497504a76d53ebbf5f869e9e9a6621b7ba5ef6b06c85739e3b6339b23f6b14607b83e0d5289e9bce3b1a43692a4034d9c0c8ca7cd7d947d134694f34a0e3b51d4df9ba466ba5401410c38c8c0f6c451bbc357eaaa2360704d63587abdc86a4cdd83f2a8d040d8e2060cb6a3e7339942e235923915444cf58fc3a17c71e6bacc637766e65e8255292dea2599bfebbcc77bca1e2bee9c44e97e2f4644b80f04a26a583f83052a181887a85e961155c05c01b29891ad3ebfcb17a7545d3fbfef1c83642d783fafd97c58a82a9c1c6168a976d334d82fea62cb7a615ca4494911d9c45fb4a97978b47f610ba5ea69d0ff64953a3b617cf66ba3b9a43adcf09174c12638c81daee7be09d0bf8f82d12eaac100a9d8aa7468b91522462e1c43498a25202fd8ad1b5f7721b6fe22052ab2cdac132276a8a0b9e53921679bb1fc9ab2850856d1cc9377b21e1b9f03b645b993f593cc4b7fa63af7e5d63386e1d7103592ef07e57ebf83eef4de96d10e05045b8a029b1e6d61c62bac27bf38c37b4e94bc030b02eacddd5e057fbe8a512e64683014b9960162a161e322d10af066969f7ed96eeea1b7ddaac2e56135f74ba850ebe74a475c638dc6a5169aa5ce5a224256c2727d23721c9b8b889bf76a34f0bb0a8a6edaf54cb00b6a89681002f70e2c9a0b07146cc8b229f207da8e48e972acf25acbaf08fc244c09a14bfd16500dc1caa7f67d8ddc64609f5e2702a8a56792bd96e89ddbc84791113e2322f14f414f7d9a50546f6c3f0fc22b30664a898378b558a023e5195f0c9b6fb89eb54e1b91addac2d96a3b4bef872435e78f2621b3a88773054f04f219c2c20acd5f986744d78de417c254e4f5ecdd401c7088392cb138de72ec4616bdd2ab1231f504b64b624341a871f74b820e5dcbf6cb687e9c30c890b2d067615a714c14b2d46069b63c0faf5dfdbcb7a2a3f05b99cbe72be75a42315999c5174ef7253edcf3bfb6f52e6fdaf3179c3c6fccb2cd3d8c01f464258b55ac9267be112b4f29186950eebd1f82f0553977a1d93854ae01cfeeb4d6a7652a3303080d9ba8214e1e4658ed14164a9a4fb433143dd4b200e10e6c116ac27c40872bcb9b2f7746b385416895831522c360dd8aa2c4eab969c03f53b7ebc551ce29835acf0a8a2387d5af939a5d3d140c4a9d5ecddf6da715a207854d7f27e816235560a7efa92c5f12d7219ae3d9e05091b436c3fcea82518c9f8e43294581668f8c2b0efa18330b5c60b9125f4ce0108b8e4bbd3873d0cd185ca8d1635f84b9ea492bdc84a376f87cf2651a04a4879a5c4648", 0x1000, 0x40004, 0x0, 0x0)
openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)

3.110447813s ago: executing program 0 (id=1474):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
openat$fb0(0xffffffffffffff9c, 0x0, 0x101, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x20000000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
write$P9_RGETLOCK(0xffffffffffffffff, &(0x7f0000001440)=ANY=[], 0xffffff6a)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0e000000"], 0x48)
r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x44003)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r3, 0xc0a85320, &(0x7f0000001400)={{0x80}, 'port1\x00', 0xe3, 0x1b1c07, 0x0, 0x0, 0x0, 0x2000})
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@base={0x7, 0x4, 0x8, 0x1}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0)
r6 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$SNDCTL_DSP_SPEED(r6, 0xc0045002, &(0x7f0000000080)=0xf7e)
read$dsp(r6, &(0x7f00000002c0)=""/4096, 0x1000)
write$dsp(r5, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)

2.907936372s ago: executing program 2 (id=1475):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000001a40)=""/102392, 0x18ff8)
r2 = syz_open_dev$sndctrl(0x0, 0x7fffffff8000, 0x40000)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r2, 0xc1105517, &(0x7f0000000140)={{0x4, 0x4, 0x4, 0x4, 'syz0\x00', 0x1000}, 0x3, 0x30, 0x4, 0x0, 0x3, 0x1ff, 'syz0\x00', &(0x7f0000000080)=['iso9660\x00', '\\\x00', 'unhide'], 0x10})
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_wakeup_irq', 0x0, 0xb)
r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000400), 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_INFO(r4, 0x40505331, &(0x7f0000000180)={0xf, 0x0, 0x0, 'queue1\x00'})
ioctl$F2FS_IOC_GET_COMPRESS_OPTION(r0, 0x8002f515, &(0x7f0000000040))
r5 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x2a82)
ioctl$LOOP_CONFIGURE(r5, 0x4c0a, &(0x7f0000000140)={r3, 0x800, {0x2a00, 0x80010000, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd6447a4b4e00d9683dda1af1ea09de2b7fb0a0100000000000000000300", "2809e8dbe108598927875397bab22d0000b420a9c81f40f05f819e01177d3d458dac00000000000000000000003b00000000000000000200", "90be8b1c5512406c7f00", [0x4, 0x40000000000000]}})

2.907655332s ago: executing program 5 (id=1476):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
ioctl$sock_SIOCETHTOOL(r0, 0x89f1, &(0x7f00000002c0)={'ip6_vti0\x00', &(0x7f0000000000)=@ethtool_rxnfc={0x2f, 0x2, 0x6, {0xc, @usr_ip6_spec={@empty, @dev={0xfe, 0x80, '\x00', 0x24}, 0xfffffff8, 0x7}, {0x0, @remote, 0xe, 0x0, [0x7, 0x6]}, @ah_ip4_spec={@rand_addr=0x64010101, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x5}, {0x0, @remote, 0x8, 0x5, [0x90001, 0x9]}, 0xff, 0x3}, 0x8, [0x8000, 0x0, 0x7fffffff, 0x1, 0xa00000, 0x6, 0x3, 0x3ff]}})

2.297375838s ago: executing program 5 (id=1477):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
ppoll(&(0x7f0000000500)=[{r0}], 0x1, 0x0, 0x0, 0x0)
setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, &(0x7f0000000040)="5766b1b827f600333b09d3748ee7d700", 0x10)
listen(r0, 0x0)
shutdown(r0, 0x200000000000000)

1.915149856s ago: executing program 5 (id=1478):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x79, 0x1846, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x64, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x3, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}, {{{0x9, 0x5, 0x81, 0x3, 0x400, 0x0, 0x0, 0x4}}}}}]}}]}}, 0x0)
syz_usb_connect(0x3, 0x611, &(0x7f0000000100)={{0x12, 0x1, 0x200, 0x3, 0x94, 0x4a, 0xff, 0x46d, 0x8b1, 0x554c, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5ff, 0x4, 0x8, 0x3, 0x60, 0x9, [{{0x9, 0x4, 0x5c, 0x4, 0xf, 0x1c, 0xb5, 0xb5, 0x7, [], [{{0x9, 0x5, 0x5, 0x10, 0x200, 0x5, 0x7f, 0x1}}, {{0x9, 0x5, 0x2, 0x10, 0x8, 0x1, 0x6, 0x8b}}, {{0x9, 0x5, 0xc, 0x0, 0x20, 0x10, 0x5, 0x8}}, {{0x9, 0x5, 0xf, 0x1, 0x40, 0xff, 0x91, 0xf}}, {{0x9, 0x5, 0x9, 0x0, 0x400, 0x6, 0xb, 0x9, [@generic={0x8f, 0xe, "87ffb22540c696e4f933149c752b2397827448c030a05643f6832f47c3e93bf99c58ac1f7fbdb15349075d6845ea8617e7f5bf72b51a93862c94b7144a5e32d5e3ee1c53bf1d7cf6cc645ac49addfafda6fc5e230619627546de2bb86dec7f45d05be2c434b20f952c28c409fad9fd964de6d45afd757b07347835d39c10a28557925be6e8216233d1dbf9e0e9"}, @generic={0xc, 0xa, "c0fbf4b8b382f602cfd8"}]}}, {{0x9, 0x5, 0x7, 0xc, 0x20, 0x4, 0xe, 0xc, [@generic={0xfc, 0x22, "2d6850f4b66293892fad0abce72bdb29ee54e45e0a411bb7b866ca5d4f107740e026bdae8bccd127b2d57836ef16d692c95cb0c2af1e202578ad6818fd3e3c9038be8d5a24ee9a60d39358c2fedb6d85cf7fe2ab85bf900409a07eb7db9d01fc6ab672dc9dc16b10b14fba53c146839716f5becc13f66684cb09d12da81755cc2f2c1924dd3e9d97a1d1c3b9837a9a1cc493daa192a25d8ee067b30be110ab84f6e5d90ca4a03fa98fa0b9c7fa7371f4f447441030a73e90a9bc568ed8555eb809546cb847b4ee852ed05cd7d85fc4655af4f9ea545aea9604b92ae5577495ac2baa5619a30f5407fad3f25fdb29ab817cd737b2928ecfd17e4f"}, @generic={0x31, 0xe, "8ed47539abf727b4acfbb299d6c4a4632579e43b0764145145b20cb552749c7e90a25f50ac99782d36dcbbd23d0776"}]}}, {{0x9, 0x5, 0xe, 0x10, 0x40, 0x52, 0x45, 0x4, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x67, 0x8}, @generic={0x4f, 0x22, "60215120a25b2874e3b5050e3d5bbd0ee95c10b09dc3734a6361fb938a32eb48faae3d64204d6a35bb8080594ab9369fdae35b77d4d5a63fd3ba04ff358029d1db254d28d08fd3e70392cb9956"}]}}, {{0x9, 0x5, 0x5, 0x1, 0x200, 0x0, 0x76, 0xb, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0xc4, 0x2}]}}, {{0x9, 0x5, 0x8, 0x10, 0x7cf, 0x7, 0x1, 0x5, [@uac_iso={0x7, 0x25, 0x1, 0x42, 0x9, 0x7}]}}, {{0x9, 0x5, 0xe, 0x10, 0x20, 0x0, 0x6, 0x4, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x5b, 0x401}]}}, {{0x9, 0x5, 0x9, 0x2, 0x400, 0x8, 0x7, 0x9, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x74, 0x7}]}}, {{0x9, 0x5, 0x7, 0x8, 0x10, 0x4, 0x40, 0x9, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x80, 0x9}]}}, {{0x9, 0x5, 0x7, 0x0, 0x40, 0xfd, 0xcf, 0xfa, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0xd}]}}, {{0x9, 0x5, 0xe, 0x0, 0x200, 0x3, 0x4, 0x9, [@generic={0xf7, 0x3f, "e48957686f0c8bb11558aae940835cb0ee25e4f9042967db32fc29853057852c7d68e9a72800cdef4e08a8f1f003be969e2a63ff7d38f646836419cd9b59cd2edf0f42c8958274bdf87b8a7840631272d2966a3b3cd55e289c47b5a62728be74f2092bc891b4fbff6fb4dbd4bbfd4a0d1c0f6ed7f72c2beb6d85e7c13b1ec09ebc273bb5f2aa7a61ca0e12dc7701e85578609fe1478cb33984ee06de999e628b7a18aa8d9ab8960c3521cfe173d720d690679dd41334a40e0f220da517eb63f2d460593af4d28f324e24a77ff703eb5c8ac2b2685fdba96f2a97243b0b23fc0463bac81d6487c205b42a1b9d62705a3f8e56fe79bf"}]}}, {{0x9, 0x5, 0x4, 0x10, 0x20, 0x9, 0x5, 0x9, [@uac_iso={0x7, 0x25, 0x1, 0x83, 0x4, 0xffff}, @generic={0x71, 0x7, "8f3bf915f1f9bb3dc224aca923e585cfed9b61800a9a32e6e1f19b52a5fd2df4bd13dac13ae291760fab4a1ebd6b6575cc824ff9bd97334798ea2ed6b707ac8ccafc697d2be656e9db9957e943a8c4cb54fdd60bef49b7f11a8e102040990e42a540a8d648b90e18ad83ac274c6826"}]}}]}}, {{0x9, 0x4, 0xe4, 0xfc, 0x3, 0xa, 0x89, 0x8, 0x7, [], [{{0x9, 0x5, 0x1f, 0x10, 0x10, 0xb, 0xd, 0xc}}, {{0x9, 0x5, 0xc, 0x10, 0x3ff, 0x81, 0x87, 0xf, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x2, 0xfffe}]}}, {{0x9, 0x5, 0xa, 0x0, 0x40, 0x4, 0x3, 0xb7}}]}}, {{0x9, 0x4, 0x3b, 0x1, 0x1, 0x7, 0xc, 0xda, 0x7, [@generic={0x52, 0x11, "5d5e5026762083d7c576ba3edad4a0b492aeca6b4903c1b289df0a16bdc402bd3e4265348f4423e7d240a7c8acd529151c60c400d3d6feb8d59bdad3a55a6e2fa5ed8805fc57677b9f0a4fb816a3a648"}], [{{0x9, 0x5, 0xa, 0x0, 0x8, 0x40, 0x1, 0x8, [@generic={0x49, 0xe, "0b75f937cfa7faaaa4ed768f3d4a08c10ed7db4bba3a39b204b82934b48eeae354b10e73101ba49ada9248f1dc853726d0ee307aad318a5d0703155cf0e4bd704b95942999e12f"}, @generic={0xce, 0xe, "3e323ccd2a5dbb5e7bc96b7094e2ad8c48b7030d607c867742b46cce719b6bb6bb5c53338d1e3dc188891d689bcc8f606a1eb6c57daea9e25df26ed346d57144529c125ccec0b96a0445ea3eedc902c6573c4c1633776ab753ad9dbcc1155b0c648d3d32bfdeb089ef362ba1bd5a5eae12485470b57d9df7305d9f05d553839475502d5efd3565d6d4e896542a6c681235ae1f3dec4a8ca5b038213ed82ef8d76b7c76d7e3b7cbdf16e20503a823da2d3562ab54c99692d1789f1bef999dee25fb40c37da5c399a36328cfd4"}]}}]}}, {{0x9, 0x4, 0x6a, 0x2, 0x0, 0x36, 0x51, 0xc5, 0x6}}]}}]}}, &(0x7f0000000b80)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x250, 0x9, 0x15, 0x2, 0x40, 0x6}, 0x34, &(0x7f0000000080)={0x5, 0xf, 0x34, 0x3, [@wireless={0xb, 0x10, 0x1, 0xc, 0x82, 0x4, 0x8, 0x7f, 0x3}, @ssp_cap={0x10, 0x10, 0xa, 0x6, 0x1, 0x0, 0x0, 0x7, [0xf]}, @ssp_cap={0x14, 0x10, 0xa, 0x6, 0x2, 0x6, 0x0, 0x3, [0x0, 0x1f93643eff227431]}]}, 0x9, [{0x75, &(0x7f0000000740)=@string={0x75, 0x3, "affa2dba0ab447733d4014e3b074c7a1321a378c4e202d11914d328b766b4dfd39a0b288bd8f895631f7026304ca7f85d9d5d187f963216f3e2960c3c2e19ddae4c341ea880fbd798692270a3e5b7d4dc9310bf961eff9d23e7b52409e6c49be97fe7aba021de1b712cc1fa966c64fb4643b18"}}, {0x4, &(0x7f00000007c0)=@lang_id={0x4, 0x3, 0x46e}}, {0xde, &(0x7f00000008c0)=@string={0xde, 0x3, "cdb23e1da52fb23893018bf01902bbd1e0d20538e3af3a4e37c47b4437c3c03335fd9d8557303ddd0f921413efad821a3a72f4a8e2dda328bf5c963c8368876cb1d5c5fb5c1ceb46ea1aa39ca69b947cfdf8b9537ba7b18c2947b9e50871eb38e9dbbc29c57c953f9bcf844ba732fa18917d2ab6f1d5d82c0ff88de935a2ca604a6cccd03e19589f89b44ac7bc1b75d2fe38baefbec50e66367478efa9d0a1bd3f6d5f0debf67bb1373c266ab44e14cbd66d656e6d1a58771d419aeb2c935df15ea1fd08114cb118c87ca11ea0999b5711ea3b10c4016fb81d529f84"}}, {0x12, &(0x7f0000000800)=@string={0x12, 0x3, "303cb1b7177255df13c16be2cc37cc01"}}, {0x4, &(0x7f0000000840)=@lang_id={0x4, 0x3, 0x2c0a}}, {0x4, &(0x7f00000009c0)=@lang_id={0x4, 0x3, 0x860}}, {0xd6, &(0x7f0000000a00)=@string={0xd6, 0x3, "9d0e23c707b82d7030f1f1062a2fa1217cd5af76a75253839b28df3ffefc945d78c9d28713631d0b91f55c1b246b85b59db4949040fbd111733ae20ba985ae848faa5e3f2a144a0ab3a0c58c4dd689072bcc083758877b85f8d9ed6b066c4b66346ee325f0ff78303375e32dcf0d8ab5f8b3b49ed2fe1ffa3047e96dbb5e992a4564bf4002ebd06ff6bf4ad1656fab97975e5d7d005de6347629eaed83d962b7d3320ef1daa751cff78c9baf7dae4f0a777d266126d9a1a036cc1b15dd859610d8c304e5be83946a0c87fa318a96300fa255d726"}}, {0x4, &(0x7f0000000b00)=@lang_id={0x4, 0x3, 0x80c}}, {0x4, &(0x7f0000000b40)=@lang_id={0x4}}]})
syz_usb_control_io$hid(r0, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$int_in(r2, 0x5452, &(0x7f0000000040)=0x8001)
r3 = getpgid(0x0)
fcntl$setownex(r2, 0xf, &(0x7f0000000140)={0x2, r3})
fcntl$setsig(r2, 0xa, 0x1c)
sendmmsg$unix(r1, &(0x7f0000006c40)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000300)="11", 0x1}], 0x1}}], 0x1, 0x40015)
syz_usb_control_io(r0, &(0x7f00000000c0)={0x2c, &(0x7f0000000880)={0x0, 0x10, 0x10, {0x10, 0x9, "3d91419da546052dcdcf01abdc14"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)

1.827370167s ago: executing program 2 (id=1479):
r0 = socket$rxrpc(0x21, 0x2, 0x2)
r1 = syz_io_uring_setup(0x893, &(0x7f0000000000)={0x0, 0x5218, 0x0, 0x0, 0x1a1}, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r0, 0x0, &(0x7f0000001400)={0x0, 0x0, 0x0}, 0x0, 0x40010041})
io_uring_enter(r1, 0x5361, 0x97bc, 0x2, 0x0, 0x0)

1.488066997s ago: executing program 2 (id=1480):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000580)=ANY=[@ANYBLOB="000000df4e1cd24dfe0f042d3f47fd96856ce68336197114520b58d6569434f1e0caffa4132eacbf7469000603d84aebe37ec23a5641fc1809", @ANYRES16=r1, @ANYBLOB="01000000"], 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB='\a\x00', @ANYRES32, @ANYRES32], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0xa7)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
r3 = openat$ttyprintk(0xffffffffffffff9c, 0x0, 0x8801, 0x0)
writev(r3, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000001540)=ANY=[@ANYBLOB], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, 0x0, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x36, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mount$9p_rdma(&(0x7f00000013c0), &(0x7f0000001400)='.\x00', &(0x7f0000001440), 0x800, &(0x7f0000000180)=ANY=[@ANYBLOB="7472616e733d72646d612c706f72743d307856a030352181397341eef099fd321757501e22303030"])

596.126332ms ago: executing program 2 (id=1481):
socket(0x2, 0x80805, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x1c, 0x2, 0x3, 0x5, 0x0, 0x0, {}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0)
sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x1c, 0x2, 0x3, 0x401, 0x0, 0x0, {0x0, 0x0, 0x10}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0026}]})
syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r2, &(0x7f0000000440), 0x10)
listen(r2, 0xfffffffe)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r6 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r6, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10)
writev(r6, &(0x7f00000003c0)=[{&(0x7f0000000680)='h', 0x1}], 0x1)
r7 = accept4$unix(r2, 0x0, 0x0, 0x0)
recvmmsg(r7, &(0x7f0000001680)=[{{0x0, 0x0, &(0x7f0000003380)=[{&(0x7f0000000140)=""/120, 0x78}, {&(0x7f0000000040)=""/40, 0x28}, {&(0x7f0000003300)=""/107, 0x6b}], 0x3}}], 0x4000000000000a1, 0x2, 0x0)
recvfrom$unix(r7, &(0x7f00000001c0)=""/232, 0x1b, 0x10120, 0x0, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000010000000c0000000900000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000040080000000000c00"/28], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18eb00000000000000000000000000000f000000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

255.094415ms ago: executing program 0 (id=1482):
socketpair$unix(0x1, 0x3, 0x0, 0x0) (async)
r0 = accept(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000000c0), 0x4) (async, rerun: 32)
sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000340)={0x0}, 0x1, 0x0, 0x0, 0x40801}, 0x4000054) (async, rerun: 32)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0xc845}, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x1}, 0x6e) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x5d032, 0xffffffffffffffff, 0x0) (async, rerun: 32)
r1 = userfaultfd(0x80001) (rerun: 32)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000100)) (async, rerun: 64)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5}) (async, rerun: 64)
ioctl$UFFDIO_CONTINUE(r1, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})
mincore(&(0x7f0000ffa000/0x3000)=nil, 0x3000, &(0x7f0000000000))
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3) (async)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async, rerun: 64)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) (rerun: 64)
read$msr(r2, &(0x7f000001aa40)=""/102392, 0x18ff8) (async, rerun: 32)
ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, 0x0) (async, rerun: 32)
socket$nl_generic(0x10, 0x3, 0x10) (async)
ioctl$IOMMU_VFIO_SET_IOMMU(0xffffffffffffffff, 0x3b66, 0x1) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0x0)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r3, 0x400448cc, 0x0) (async, rerun: 64)
mount(0x0, 0x0, &(0x7f0000000040)='jffs2\x00', 0x421, 0x0) (rerun: 64)
mount$overlay(0x0, &(0x7f0000000240)='./file0/file0\x00', &(0x7f0000000080), 0x0, 0x0)
chdir(0x0) (async)
openat$autofs(0xffffffffffffff9c, &(0x7f0000000200), 0x200, 0x0)
r4 = openat$binfmt_register(0xffffff9c, &(0x7f0000000000), 0x1, 0x0)
write$binfmt_register(r4, 0x0, 0x0)

0s ago: executing program 0 (id=1483):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
mkdir(0x0, 0x21)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
write(r0, &(0x7f0000000000)="0a0000000100", 0x6)
mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x184)
mkdir(0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
close(r1)
close(0xffffffffffffffff)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000007c0))
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{}, &(0x7f0000000000), 0x0}, 0x20)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002700000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x5d}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000cc0)={{r2}, &(0x7f0000000c40), &(0x7f0000000c80)=r1}, 0x20)
mount$overlay(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@uuid_off}, {@userxattr}], [{@smackfsfloor={'smackfsfloor', 0x3d, '}.\xd1&}'}}, {@seclabel}, {@permit_directio}, {@dont_appraise}]})
syz_open_dev$loop(&(0x7f00000002c0), 0x0, 0x0)
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/profiling', 0x149b82, 0x240)
write$cgroup_int(r3, &(0x7f0000000000)=0xfe8e, 0x12)
getdents64(r3, &(0x7f00000001c0)=""/194, 0xc2)
r4 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x80000, 0x0)
pread64(r4, &(0x7f00000000c0)=""/124, 0x7c, 0xb)

kernel console output (not intermixed with test programs):

241][  T878] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  397.856157][  T878] usb 3-1: config 0 has no interface number 0
[  397.862660][  T878] usb 3-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  397.872174][  T878] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  397.891435][  T878] usb 3-1: config 0 descriptor??
[  397.904626][  T878] usb 3-1: selecting invalid altsetting 1
[  397.910645][  T878] dvb_ttusb_budget: ttusb_init_controller: error
[  397.917652][  T878] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  397.968276][  T878] DVB: Unable to find symbol cx22700_attach()
[  398.035332][  T878] DVB: Unable to find symbol tda10046_attach()
[  398.041542][  T878] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  398.225556][   T57] usbhid 1-1:0.1: can't add hid device: -71
[  398.231559][   T57] usbhid 1-1:0.1: probe with driver usbhid failed with error -71
[  398.242002][   T57] usb 1-1: USB disconnect, device number 36
[  399.290170][   T30] audit: type=1400 audit(1757286023.884:492): avc:  denied  { shutdown } for  pid=10531 comm="syz.3.1099" lport=9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  399.766780][   T30] audit: type=1400 audit(1757286024.154:493): avc:  denied  { execute } for  pid=10531 comm="syz.3.1099" path="/dev/audio1" dev="devtmpfs" ino=1297 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sound_device_t tclass=chr_file permissive=1
[  400.378880][ T5926] usb 2-1: USB disconnect, device number 38
[  400.650032][    T9] usb 3-1: USB disconnect, device number 40
[  400.762340][   T57] usb 1-1: new high-speed USB device number 37 using dummy_hcd
[  401.052302][   T57] usb 1-1: Using ep0 maxpacket: 8
[  401.059171][   T57] usb 1-1: unable to get BOS descriptor or descriptor too short
[  401.067816][   T57] usb 1-1: config 4 interface 0 has no altsetting 0
[  401.076853][   T57] usb 1-1: string descriptor 0 read error: -22
[  401.083211][   T57] usb 1-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[  401.092498][   T57] usb 1-1: New USB device strings: Mfr=2, Product=0, SerialNumber=3
[  401.107341][   T57] usb 1-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[  401.117743][   T57] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  401.129708][   T57] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[  401.137091][   T57] usb 1-1: media controller created
[  401.150791][   T57] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  402.678530][T10559] comedi comedi2: reset error (fatal)
[  402.687478][   T57] zl10353_read_register: readreg error (reg=127, ret==0)
[  402.857943][   T57] usb 1-1: USB disconnect, device number 37
[  403.638979][T10579] netdevsim netdevsim5 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  403.924733][T10579] netdevsim netdevsim5 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  403.969625][T10579] netdevsim netdevsim5 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  404.015739][T10579] netdevsim netdevsim5 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  404.115059][   T36] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  404.125275][ T7505] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  404.136755][ T7505] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  404.147101][ T7505] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  404.492860][T10586] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1112'.
[  404.659361][T10590] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(0)
[  404.665891][T10590] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  404.675274][T10590] vhci_hcd vhci_hcd.0: Device attached
[  404.932389][ T5906] usb 33-1: new high-speed USB device number 6 using vhci_hcd
[  405.253840][T10597] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  405.306575][T10592] vhci_hcd: connection reset by peer
[  405.325440][ T6702] vhci_hcd: stop threads
[  405.337458][T10597] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  405.412124][ T6702] vhci_hcd: release socket
[  405.416781][ T6702] vhci_hcd: disconnect device
[  405.425128][T10597] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  405.556742][T10597] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  405.730232][    C0] hrtimer: interrupt took 35379 ns
[  405.768212][   T36] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  405.797679][   T36] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  405.806022][   T36] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  405.816556][   T36] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  406.454202][T10615] bridge_slave_0: left allmulticast mode
[  406.460129][T10615] bridge_slave_0: left promiscuous mode
[  406.467133][T10615] bridge0: port 1(bridge_slave_0) entered disabled state
[  406.490572][T10615] bridge_slave_1: left allmulticast mode
[  406.505520][T10615] bridge_slave_1: left promiscuous mode
[  406.511462][T10615] bridge0: port 2(bridge_slave_1) entered disabled state
[  406.727945][T10619] block nbd5: Attempted send on invalid socket
[  406.734267][T10619] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[  406.744390][T10619] SQUASHFS error: Failed to read block 0x0: -5
[  406.750727][T10619] unable to read squashfs_super_block
[  406.899832][ T8676] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[  406.917017][T10623] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1123'.
[  406.930753][T10615] bond0: (slave bond_slave_0): Releasing backup interface
[  406.961134][T10615] bond0: (slave bond_slave_1): Releasing backup interface
[  407.065518][T10615] team0: Port device team_slave_0 removed
[  407.072617][ T8676] usb 2-1: Using ep0 maxpacket: 32
[  407.099672][ T8676] usb 2-1: config 0 interface 0 altsetting 128 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  407.100642][T10615] team0: Port device team_slave_1 removed
[  407.125650][ T8676] usb 2-1: config 0 interface 0 altsetting 128 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  407.133040][T10615] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  407.172133][ T8676] usb 2-1: config 0 interface 0 has no altsetting 0
[  407.207945][T10615] batman_adv: batadv0: Removing interface: batadv_slave_0
[  407.210824][ T8676] usb 2-1: New USB device found, idVendor=056a, idProduct=0094, bcdDevice= 0.00
[  407.230215][ T8676] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  407.301558][ T8676] usb 2-1: config 0 descriptor??
[  407.315423][T10615] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  407.360969][T10615] batman_adv: batadv0: Removing interface: batadv_slave_1
[  407.757372][T10617] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  407.772788][T10617] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  407.799158][ T8676] usbhid 2-1:0.0: can't add hid device: -71
[  407.815077][ T8676] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  407.861202][ T8676] usb 2-1: USB disconnect, device number 39
[  409.958935][T10677] loop2: detected capacity change from 0 to 7
[  410.042502][T10677] Dev loop2: unable to read RDB block 7
[  410.052403][ T5906] vhci_hcd: vhci_device speed not set
[  410.269035][T10679] block nbd2: Attempted send on invalid socket
[  410.275483][T10679] I/O error, dev nbd2, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  410.312932][T10677]  loop2: unable to read partition table
[  410.313379][T10679] isofs_fill_super: bread failed, dev=nbd2, iso_blknum=16, block=32
[  410.400818][T10677] loop2: partition table beyond EOD, truncated
[  410.828803][T10677] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[  411.069794][    T9] usb 1-1: new high-speed USB device number 38 using dummy_hcd
[  411.222685][    T9] usb 1-1: Using ep0 maxpacket: 16
[  411.231707][    T9] usb 1-1: config 1 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 247, changing to 11
[  411.259729][    T9] usb 1-1: config 1 interface 0 altsetting 5 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  411.346591][    T9] usb 1-1: config 1 interface 0 has no altsetting 0
[  411.397988][    T9] usb 1-1: New USB device found, idVendor=05ac, idProduct=021e, bcdDevice= 0.40
[  411.407379][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  411.420755][    T9] usb 1-1: Product: syz
[  411.430488][    T9] usb 1-1: Manufacturer: Ⰱ
[  411.443660][    T9] usb 1-1: SerialNumber: syz
[  411.498442][   T30] audit: type=1400 audit(1757286036.154:494): avc:  denied  { wake_alarm } for  pid=10701 comm="syz.1.1146" capability=35  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  411.755814][T10709] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1149'.
[  411.816750][  T878] usb 2-1: new high-speed USB device number 40 using dummy_hcd
[  412.203100][    T9] usbhid 1-1:1.0: can't add hid device: -71
[  412.209209][    T9] usbhid 1-1:1.0: probe with driver usbhid failed with error -71
[  412.213458][T10715] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  412.222874][    T9] usb 1-1: USB disconnect, device number 38
[  412.342271][  T878] usb 2-1: Using ep0 maxpacket: 32
[  412.348703][  T878] usb 2-1: config 0 interface 0 altsetting 128 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  412.361262][  T878] usb 2-1: config 0 interface 0 altsetting 128 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  412.375767][  T878] usb 2-1: config 0 interface 0 has no altsetting 0
[  412.383169][  T878] usb 2-1: New USB device found, idVendor=056a, idProduct=0094, bcdDevice= 0.00
[  412.392195][  T878] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  412.403424][  T878] usb 2-1: config 0 descriptor??
[  412.751336][T10717] xt_l2tp: unknown flags: 51
[  412.830681][T10704] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  412.846264][T10704] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  412.889055][  T878] usbhid 2-1:0.0: can't add hid device: -71
[  412.903743][  T878] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  412.920883][  T878] usb 2-1: USB disconnect, device number 40
[  416.102371][ T8182] usb 6-1: new high-speed USB device number 45 using dummy_hcd
[  416.151695][T10764] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1163'.
[  416.332919][T10764] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1163'.
[  416.395797][ T8182] usb 6-1: Using ep0 maxpacket: 32
[  416.411209][ T8182] usb 6-1: config 0 interface 0 altsetting 128 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  416.471310][   T30] audit: type=1400 audit(1757286041.114:495): avc:  denied  { ioctl } for  pid=10769 comm="syz.1.1165" path="pid:[4026532783]" dev="nsfs" ino=4026532783 ioctlcmd=0xb704 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  416.592155][ T8182] usb 6-1: config 0 interface 0 altsetting 128 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  416.668905][ T8182] usb 6-1: config 0 interface 0 has no altsetting 0
[  416.705324][ T8182] usb 6-1: New USB device found, idVendor=056a, idProduct=0094, bcdDevice= 0.00
[  416.722898][T10770] bridge0: port 2(bridge_slave_1) entered disabled state
[  416.731357][T10770] bridge0: port 1(bridge_slave_0) entered disabled state
[  416.751934][ T8182] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  416.861676][ T8182] usb 6-1: config 0 descriptor??
[  417.447387][T10777] FAULT_INJECTION: forcing a failure.
[  417.447387][T10777] name failslab, interval 1, probability 0, space 0, times 0
[  417.458584][T10770] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  417.468493][T10777] CPU: 0 UID: 0 PID: 10777 Comm: syz.0.1167 Not tainted syzkaller #0 PREEMPT(full) 
[  417.468519][T10777] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  417.468530][T10777] Call Trace:
[  417.468536][T10777]  <TASK>
[  417.468543][T10777]  dump_stack_lvl+0x16c/0x1f0
[  417.468570][T10777]  should_fail_ex+0x512/0x640
[  417.468595][T10777]  ? fs_reclaim_acquire+0xae/0x150
[  417.468619][T10777]  ? tomoyo_encode2+0x100/0x3e0
[  417.468643][T10777]  should_failslab+0xc2/0x120
[  417.468663][T10777]  __kmalloc_noprof+0xd2/0x510
[  417.468680][T10777]  ? d_absolute_path+0x136/0x1a0
[  417.468714][T10777]  tomoyo_encode2+0x100/0x3e0
[  417.468743][T10777]  tomoyo_encode+0x29/0x50
[  417.468766][T10777]  tomoyo_realpath_from_path+0x18f/0x6e0
[  417.468798][T10777]  tomoyo_path_number_perm+0x245/0x580
[  417.468819][T10777]  ? tomoyo_path_number_perm+0x237/0x580
[  417.468842][T10777]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  417.468866][T10777]  ? find_held_lock+0x2b/0x80
[  417.468909][T10777]  ? find_held_lock+0x2b/0x80
[  417.468929][T10777]  ? hook_file_ioctl_common+0x145/0x410
[  417.468953][T10777]  ? __fget_files+0x20e/0x3c0
[  417.468975][T10777]  security_file_ioctl+0x9b/0x240
[  417.469001][T10777]  __x64_sys_ioctl+0xb7/0x210
[  417.469029][T10777]  do_syscall_64+0xcd/0x4c0
[  417.469054][T10777]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  417.469071][T10777] RIP: 0033:0x7fa66838ebe9
[  417.469084][T10777] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  417.469100][T10777] RSP: 002b:00007fa6665f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  417.469116][T10777] RAX: ffffffffffffffda RBX: 00007fa6685c5fa0 RCX: 00007fa66838ebe9
[  417.469127][T10777] RDX: 0000200000000040 RSI: 0000000040046109 RDI: 0000000000000003
[  417.469136][T10777] RBP: 00007fa6665f6090 R08: 0000000000000000 R09: 0000000000000000
[  417.469145][T10777] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  417.469155][T10777] R13: 00007fa6685c6038 R14: 00007fa6685c5fa0 R15: 00007ffdb432bc48
[  417.469179][T10777]  </TASK>
[  417.469213][T10777] ERROR: Out of memory at tomoyo_realpath_from_path.
[  417.475393][T10770] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  417.621167][T10781] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  417.707727][T10781] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  417.758938][ T7067] netdevsim netdevsim1 eth0: unset [1, 0] type 2 family 0 port 18979 - 0
[  417.767648][ T7067] netdevsim netdevsim1 eth0: unset [1, 1] type 2 family 0 port 6081 - 0
[  417.768725][ T8182] usbhid 6-1:0.0: can't add hid device: -71
[  417.781120][ T7067] netdevsim netdevsim1 eth1: unset [1, 0] type 2 family 0 port 18979 - 0
[  417.790953][ T8182] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  417.811342][ T8182] usb 6-1: USB disconnect, device number 45
[  417.819077][ T7067] netdevsim netdevsim1 eth1: unset [1, 1] type 2 family 0 port 6081 - 0
[  417.837730][ T7067] netdevsim netdevsim1 eth2: unset [1, 0] type 2 family 0 port 18979 - 0
[  417.858051][ T7067] netdevsim netdevsim1 eth2: unset [1, 1] type 2 family 0 port 6081 - 0
[  417.875719][ T7067] netdevsim netdevsim1 eth3: unset [1, 0] type 2 family 0 port 18979 - 0
[  417.905818][ T7067] netdevsim netdevsim1 eth3: unset [1, 1] type 2 family 0 port 6081 - 0
[  418.105213][T10794] 9pnet_fd: Insufficient options for proto=fd
[  419.347326][T10789] block nbd3: Attempted send on invalid socket
[  419.353642][T10789] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 1
[  419.362972][T10789] SQUASHFS error: Failed to read block 0x0: -5
[  419.369156][T10789] unable to read squashfs_super_block
[  419.695843][ T5906] usb 6-1: new high-speed USB device number 46 using dummy_hcd
[  419.841285][T10820] block nbd0: shutting down sockets
[  419.867556][ T5906] usb 6-1: device descriptor read/64, error -71
[  420.152483][ T5906] usb 6-1: new high-speed USB device number 47 using dummy_hcd
[  420.292428][ T5906] usb 6-1: device descriptor read/64, error -71
[  420.605572][ T5906] usb usb6-port1: attempt power cycle
[  420.708734][T10832] FAULT_INJECTION: forcing a failure.
[  420.708734][T10832] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  420.722005][T10832] CPU: 0 UID: 0 PID: 10832 Comm: syz.1.1179 Not tainted syzkaller #0 PREEMPT(full) 
[  420.722029][T10832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  420.722038][T10832] Call Trace:
[  420.722044][T10832]  <TASK>
[  420.722051][T10832]  dump_stack_lvl+0x16c/0x1f0
[  420.722077][T10832]  should_fail_ex+0x512/0x640
[  420.722098][T10832]  _copy_from_user+0x2e/0xd0
[  420.722121][T10832]  copy_msghdr_from_user+0x98/0x160
[  420.722140][T10832]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  420.722159][T10832]  ? kfree+0x24f/0x4d0
[  420.722182][T10832]  ? __pfx___schedule+0x10/0x10
[  420.722206][T10832]  ___sys_recvmsg+0xdb/0x1a0
[  420.722226][T10832]  ? __pfx____sys_recvmsg+0x10/0x10
[  420.722245][T10832]  ? trace_irq_enable.constprop.0+0x2f/0x120
[  420.722275][T10832]  ? __pfx___might_resched+0x10/0x10
[  420.722302][T10832]  do_recvmmsg+0x2fe/0x750
[  420.722326][T10832]  ? __pfx_do_recvmmsg+0x10/0x10
[  420.722350][T10832]  ? __mutex_unlock_slowpath+0x161/0x7b0
[  420.722375][T10832]  ? __fget_files+0x20e/0x3c0
[  420.722390][T10832]  ? __x64_sys_openat+0x100/0x210
[  420.722417][T10832]  __x64_sys_recvmmsg+0x22a/0x280
[  420.722438][T10832]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  420.722465][T10832]  do_syscall_64+0xcd/0x4c0
[  420.722488][T10832]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  420.722507][T10832] RIP: 0033:0x7ff04818ebe9
[  420.722519][T10832] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  420.722533][T10832] RSP: 002b:00007ff049014038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  420.722546][T10832] RAX: ffffffffffffffda RBX: 00007ff0483c6090 RCX: 00007ff04818ebe9
[  420.722555][T10832] RDX: 0000000000000f02 RSI: 00002000000004c0 RDI: 0000000000000006
[  420.722563][T10832] RBP: 00007ff049014090 R08: 0000000000000000 R09: 0000000000000000
[  420.722571][T10832] R10: 00000000000000f0 R11: 0000000000000246 R12: 0000000000000001
[  420.722578][T10832] R13: 00007ff0483c6128 R14: 00007ff0483c6090 R15: 00007ffc76167df8
[  420.722595][T10832]  </TASK>
[  421.287852][   T30] audit: type=1400 audit(1757286045.964:496): avc:  denied  { getopt } for  pid=10837 comm="syz.1.1180" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  421.522460][ T5906] usb 6-1: new high-speed USB device number 48 using dummy_hcd
[  421.666910][ T5906] usb 6-1: device descriptor read/8, error -71
[  422.034647][   T30] audit: type=1400 audit(1757286046.574:497): avc:  denied  { create } for  pid=10835 comm="syz.0.1181" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmpvc_socket permissive=1
[  422.074241][ T5906] usb 6-1: new high-speed USB device number 49 using dummy_hcd
[  422.332613][ T5906] usb 6-1: device not accepting address 49, error -71
[  422.455192][T10869] 9pnet_fd: Insufficient options for proto=fd
[  422.866419][ T5906] usb usb6-port1: unable to enumerate USB device
[  423.064119][T10874] 9pnet_fd: Insufficient options for proto=fd
[  423.580887][T10877] FAULT_INJECTION: forcing a failure.
[  423.580887][T10877] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  423.595885][T10877] CPU: 0 UID: 0 PID: 10877 Comm: syz.1.1188 Not tainted syzkaller #0 PREEMPT(full) 
[  423.595909][T10877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  423.595919][T10877] Call Trace:
[  423.595925][T10877]  <TASK>
[  423.595931][T10877]  dump_stack_lvl+0x16c/0x1f0
[  423.595965][T10877]  should_fail_ex+0x512/0x640
[  423.595990][T10877]  _copy_from_user+0x2e/0xd0
[  423.596015][T10877]  io_submit_one+0xbb/0x1df0
[  423.596038][T10877]  ? __lock_acquire+0xb97/0x1ce0
[  423.596068][T10877]  ? __pfx_io_submit_one+0x10/0x10
[  423.596096][T10877]  ? __might_fault+0xe3/0x190
[  423.596113][T10877]  ? __might_fault+0x13b/0x190
[  423.596135][T10877]  ? __x64_sys_io_submit+0x1a9/0x350
[  423.596155][T10877]  __x64_sys_io_submit+0x1a9/0x350
[  423.596178][T10877]  ? __pfx___x64_sys_io_submit+0x10/0x10
[  423.596212][T10877]  do_syscall_64+0xcd/0x4c0
[  423.596237][T10877]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  423.596254][T10877] RIP: 0033:0x7ff04818ebe9
[  423.596269][T10877] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  423.596285][T10877] RSP: 002b:00007ff049035038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  423.596303][T10877] RAX: ffffffffffffffda RBX: 00007ff0483c5fa0 RCX: 00007ff04818ebe9
[  423.596314][T10877] RDX: 00002000000000c0 RSI: 00000000000000f3 RDI: 00007ff049014000
[  423.596324][T10877] RBP: 00007ff049035090 R08: 0000000000000000 R09: 0000000000000000
[  423.596334][T10877] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  423.596344][T10877] R13: 00007ff0483c6038 R14: 00007ff0483c5fa0 R15: 00007ffc76167df8
[  423.596367][T10877]  </TASK>
[  423.879093][T10883] netlink: 48 bytes leftover after parsing attributes in process `syz.5.1192'.
[  423.929794][T10887] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(4)
[  423.936315][T10887] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  423.944512][T10887] vhci_hcd vhci_hcd.0: Device attached
[  424.018170][T10893] netlink: 'syz.5.1194': attribute type 4 has an invalid length.
[  424.035671][T10893] netlink: 'syz.5.1194': attribute type 4 has an invalid length.
[  424.165875][T10888] vhci_hcd: connection closed
[  424.170457][ T7505] vhci_hcd: stop threads
[  424.192321][ T5926] usb 35-1: new low-speed USB device number 4 using vhci_hcd
[  424.263225][ T7505] vhci_hcd: release socket
[  424.267769][ T7505] vhci_hcd: disconnect device
[  424.292392][   T57] usb 3-1: new high-speed USB device number 41 using dummy_hcd
[  425.219442][   T57] usb 3-1: config 1 has an invalid descriptor of length 32, skipping remainder of the config
[  425.251933][   T57] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  425.330053][   T57] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  425.341589][   T57] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  425.390237][   T57] usb 3-1: SerialNumber: syz
[  425.758528][T10910] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1199'.
[  426.216856][   T57] usb 3-1: 0:2 : does not exist
[  426.224341][   T57] usb 3-1: unit 5: unexpected type 0x09
[  426.389790][   T57] usb 3-1: USB disconnect, device number 41
[  426.412642][ T5906] usb 4-1: new high-speed USB device number 49 using dummy_hcd
[  426.450669][T10922] FAULT_INJECTION: forcing a failure.
[  426.450669][T10922] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  426.463872][T10922] CPU: 0 UID: 0 PID: 10922 Comm: syz.5.1203 Not tainted syzkaller #0 PREEMPT(full) 
[  426.463887][T10922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  426.463894][T10922] Call Trace:
[  426.463897][T10922]  <TASK>
[  426.463902][T10922]  dump_stack_lvl+0x16c/0x1f0
[  426.463920][T10922]  should_fail_ex+0x512/0x640
[  426.463936][T10922]  _copy_to_user+0x32/0xd0
[  426.463952][T10922]  simple_read_from_buffer+0xcb/0x170
[  426.463965][T10922]  proc_fail_nth_read+0x197/0x240
[  426.463977][T10922]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  426.463990][T10922]  ? rw_verify_area+0xcf/0x6c0
[  426.464006][T10922]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  426.464017][T10922]  vfs_read+0x1e1/0xcf0
[  426.464029][T10922]  ? __pfx___mutex_lock+0x10/0x10
[  426.464043][T10922]  ? __pfx_vfs_read+0x10/0x10
[  426.464057][T10922]  ? __fget_files+0x20e/0x3c0
[  426.464072][T10922]  ksys_read+0x12a/0x250
[  426.464082][T10922]  ? __pfx_ksys_read+0x10/0x10
[  426.464096][T10922]  do_syscall_64+0xcd/0x4c0
[  426.464111][T10922]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  426.464122][T10922] RIP: 0033:0x7fc93718d5fc
[  426.464131][T10922] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  426.464141][T10922] RSP: 002b:00007fc938034030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  426.464152][T10922] RAX: ffffffffffffffda RBX: 00007fc9373c6090 RCX: 00007fc93718d5fc
[  426.464158][T10922] RDX: 000000000000000f RSI: 00007fc9380340a0 RDI: 0000000000000008
[  426.464164][T10922] RBP: 00007fc938034090 R08: 0000000000000000 R09: 0000000000000000
[  426.464170][T10922] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  426.464176][T10922] R13: 00007fc9373c6128 R14: 00007fc9373c6090 R15: 00007fffd685f228
[  426.464189][T10922]  </TASK>
[  426.700810][ T6069] udevd[6069]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  426.764745][ T5906] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  426.787602][   T30] audit: type=1400 audit(1757286051.464:498): avc:  denied  { ioctl } for  pid=10930 comm="syz.5.1207" path="socket:[31834]" dev="sockfs" ino=31834 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  426.893784][ T5906] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  426.903605][ T5906] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  426.922362][ T5906] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  426.931446][ T5906] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  426.942551][ T5906] usb 4-1: config 0 descriptor??
[  427.263492][   T57] usb 2-1: new high-speed USB device number 41 using dummy_hcd
[  427.451607][ T5906] plantronics 0003:047F:FFFF.0004: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  427.477243][   T57] usb 2-1: config 0 has an invalid interface number: 199 but max is 1
[  427.497085][   T57] usb 2-1: config 0 has no interface number 1
[  427.516389][   T57] usb 2-1: config 0 interface 199 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  427.631857][   T57] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  427.684188][   T57] usb 2-1: New USB device found, idVendor=0002, idProduct=0000, bcdDevice= 0.00
[  427.713514][ T8676] usb 4-1: USB disconnect, device number 49
[  427.721677][T10942] fido_id[10942]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/4-1/report_descriptor': No such file or directory
[  427.742437][   T57] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  427.783708][   T57] usb 2-1: SerialNumber: syz
[  427.805979][   T57] usb 2-1: config 0 descriptor??
[  427.819978][   T57] usb 2-1: Found UVC 0.00 device <unnamed> (0002:0000)
[  427.827275][   T57] usb 2-1: No valid video chain found.
[  428.102382][   T30] audit: type=1400 audit(1757286052.774:499): avc:  denied  { connect } for  pid=10949 comm="syz.2.1212" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  428.502396][ T8182] usb 1-1: new full-speed USB device number 39 using dummy_hcd
[  429.434087][ T8182] usb 1-1: New USB device found, idVendor=07c9, idProduct=0012, bcdDevice=c2.f4
[  429.456204][   T30] audit: type=1400 audit(1757286054.134:500): avc:  denied  { setopt } for  pid=10983 comm="syz.2.1216" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  429.475790][   T30] audit: type=1400 audit(1757286054.134:501): avc:  denied  { write } for  pid=10983 comm="syz.2.1216" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  429.476978][ T8182] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  429.526439][    T9] usb 2-1: USB disconnect, device number 41
[  429.532604][ T5926] vhci_hcd: vhci_device speed not set
[  429.604882][ T8182] usb 1-1: Product: syz
[  429.848012][   T30] audit: type=1400 audit(1757286054.504:502): avc:  denied  { ioctl } for  pid=10983 comm="syz.2.1216" path="socket:[32034]" dev="sockfs" ino=32034 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  430.061898][T10996] input: syz0 as /devices/virtual/input/input13
[  430.225053][   T30] audit: type=1400 audit(1757286054.894:503): avc:  denied  { ioctl } for  pid=10983 comm="syz.2.1216" path="socket:[32016]" dev="sockfs" ino=32016 ioctlcmd=0x891c scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  430.594918][ T8182] usb 1-1: Manufacturer: syz
[  430.599524][ T8182] usb 1-1: SerialNumber: syz
[  430.773053][ T8182] usb 1-1: config 0 descriptor??
[  430.780798][    T9] usb 2-1: new high-speed USB device number 42 using dummy_hcd
[  431.166948][    T9] usb 2-1: Using ep0 maxpacket: 8
[  431.194284][ T8182] usb 1-1: USB disconnect, device number 39
[  431.210446][    T9] usb 2-1: config 0 has an invalid interface number: 186 but max is 0
[  431.275503][    T9] usb 2-1: config 0 has no interface number 0
[  431.313534][    T9] usb 2-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  431.325414][    T9] usb 2-1: config 0 interface 186 altsetting 0 has an endpoint descriptor with address 0x9A, changing to 0x8A
[  431.339681][    T9] usb 2-1: config 0 interface 186 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  431.350790][    T9] usb 2-1: config 0 interface 186 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[  431.370245][    T9] usb 2-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5
[  431.380482][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  431.411070][    T9] usb 2-1: Product: syz
[  431.472701][    T9] usb 2-1: Manufacturer: syz
[  431.477351][    T9] usb 2-1: SerialNumber: syz
[  431.513226][    T9] usb 2-1: config 0 descriptor??
[  431.535142][T11007] FAULT_INJECTION: forcing a failure.
[  431.535142][T11007] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  431.551518][T11007] CPU: 0 UID: 0 PID: 11007 Comm: syz.0.1223 Not tainted syzkaller #0 PREEMPT(full) 
[  431.551540][T11007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  431.551549][T11007] Call Trace:
[  431.551554][T11007]  <TASK>
[  431.551560][T11007]  dump_stack_lvl+0x16c/0x1f0
[  431.551586][T11007]  should_fail_ex+0x512/0x640
[  431.551612][T11007]  _copy_from_user+0x2e/0xd0
[  431.551639][T11007]  copy_msghdr_from_user+0x98/0x160
[  431.551658][T11007]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  431.551691][T11007]  ___sys_sendmsg+0xfe/0x1d0
[  431.551713][T11007]  ? __pfx____sys_sendmsg+0x10/0x10
[  431.551761][T11007]  __sys_sendmsg+0x16d/0x220
[  431.551782][T11007]  ? __pfx___sys_sendmsg+0x10/0x10
[  431.551818][T11007]  do_syscall_64+0xcd/0x4c0
[  431.551842][T11007]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  431.551866][T11007] RIP: 0033:0x7fa66838ebe9
[  431.551880][T11007] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  431.551896][T11007] RSP: 002b:00007fa6665f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  431.551912][T11007] RAX: ffffffffffffffda RBX: 00007fa6685c5fa0 RCX: 00007fa66838ebe9
[  431.551922][T11007] RDX: 0000000000000040 RSI: 0000200000009b40 RDI: 0000000000000003
[  431.551931][T11007] RBP: 00007fa6665f6090 R08: 0000000000000000 R09: 0000000000000000
[  431.551940][T11007] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  431.551949][T11007] R13: 00007fa6685c6038 R14: 00007fa6685c5fa0 R15: 00007ffdb432bc48
[  431.551971][T11007]  </TASK>
[  431.902622][    T9] iowarrior 2-1:0.186: IOWarrior product=0x1505, serial= interface=186 now attached to iowarrior0
[  431.928738][T11010] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1222'.
[  432.091145][T11017] vivid-001: disconnect
[  432.101182][T11017] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1224'.
[  432.141125][   T30] audit: type=1400 audit(1757286056.794:504): avc:  denied  { create } for  pid=11013 comm="syz.0.1225" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  432.181138][ T5906] usb 2-1: USB disconnect, device number 42
[  432.194964][T11011] vivid-001: reconnect
[  432.202837][   T30] audit: type=1400 audit(1757286056.814:505): avc:  denied  { unlink } for  pid=11013 comm="syz.0.1225" name="file0" dev="tmpfs" ino=1425 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  432.532277][    T9] usb 1-1: new full-speed USB device number 40 using dummy_hcd
[  432.541821][T11029] FAULT_INJECTION: forcing a failure.
[  432.541821][T11029] name failslab, interval 1, probability 0, space 0, times 0
[  432.554592][T11029] CPU: 1 UID: 0 PID: 11029 Comm: syz.2.1230 Not tainted syzkaller #0 PREEMPT(full) 
[  432.554615][T11029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  432.554626][T11029] Call Trace:
[  432.554632][T11029]  <TASK>
[  432.554639][T11029]  dump_stack_lvl+0x16c/0x1f0
[  432.554667][T11029]  should_fail_ex+0x512/0x640
[  432.554689][T11029]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  432.554710][T11029]  should_failslab+0xc2/0x120
[  432.554730][T11029]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  432.554754][T11029]  ? __proc_create+0xc3/0x8e0
[  432.554779][T11029]  ? __proc_create+0x2ce/0x8e0
[  432.554809][T11029]  __proc_create+0x2ce/0x8e0
[  432.554835][T11029]  ? __pfx___proc_create+0x10/0x10
[  432.554863][T11029]  ? snprintf+0xc7/0x100
[  432.554884][T11029]  ? __pfx_snprintf+0x10/0x10
[  432.554906][T11029]  proc_mkdir+0x81/0x170
[  432.554931][T11029]  ? __pfx_proc_mkdir+0x10/0x10
[  432.554957][T11029]  ? mark_held_locks+0x49/0x80
[  432.554988][T11029]  register_handler_proc+0x2fa/0x450
[  432.555011][T11029]  ? __pfx_register_handler_proc+0x10/0x10
[  432.555042][T11029]  ? mark_held_locks+0x49/0x80
[  432.555066][T11029]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  432.555090][T11029]  __setup_irq+0x1197/0x1f30
[  432.555121][T11029]  ? kasan_save_track+0x14/0x30
[  432.555140][T11029]  request_threaded_irq+0x2b4/0x3e0
[  432.555171][T11029]  pcl812_attach+0x1b3e/0x2110
[  432.555200][T11029]  comedi_device_attach+0x3b3/0x900
[  432.555229][T11029]  do_devconfig_ioctl+0x1b1/0x710
[  432.555254][T11029]  ? __mutex_lock+0x1c5/0x1060
[  432.555279][T11029]  ? __pfx_do_devconfig_ioctl+0x10/0x10
[  432.555321][T11029]  ? find_held_lock+0x2b/0x80
[  432.555347][T11029]  comedi_unlocked_ioctl+0x165d/0x2f00
[  432.555373][T11029]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[  432.555398][T11029]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  432.555420][T11029]  ? do_vfs_ioctl+0x128/0x14f0
[  432.555447][T11029]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  432.555473][T11029]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  432.555507][T11029]  ? hook_file_ioctl_common+0x145/0x410
[  432.555533][T11029]  ? selinux_file_ioctl+0x180/0x270
[  432.555556][T11029]  ? selinux_file_ioctl+0xb4/0x270
[  432.555582][T11029]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[  432.555602][T11029]  __x64_sys_ioctl+0x18b/0x210
[  432.555630][T11029]  do_syscall_64+0xcd/0x4c0
[  432.555654][T11029]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  432.555671][T11029] RIP: 0033:0x7fb008b8ebe9
[  432.555686][T11029] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  432.555702][T11029] RSP: 002b:00007fb0099bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  432.555718][T11029] RAX: ffffffffffffffda RBX: 00007fb008dc6090 RCX: 00007fb008b8ebe9
[  432.555728][T11029] RDX: 00002000000000c0 RSI: 0000000040946400 RDI: 0000000000000003
[  432.555744][T11029] RBP: 00007fb0099bb090 R08: 0000000000000000 R09: 0000000000000000
[  432.555754][T11029] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  432.555763][T11029] R13: 00007fb008dc6128 R14: 00007fb008dc6090 R15: 00007ffd1dfce078
[  432.555788][T11029]  </TASK>
[  432.865787][    C1] vkms_vblank_simulate: vblank timer overrun
[  433.324022][    T9] usb 1-1: config 0 has an invalid interface number: 20 but max is 0
[  433.577875][    T9] usb 1-1: config 0 has no interface number 0
[  433.584485][    T9] usb 1-1: config 0 interface 20 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64
[  433.604688][    T9] usb 1-1: New USB device found, idVendor=04e6, idProduct=000b, bcdDevice= 1.00
[  433.614178][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  433.622183][    T9] usb 1-1: Product: syz
[  433.642331][    T9] usb 1-1: Manufacturer: syz
[  433.688694][    T9] usb 1-1: SerialNumber: syz
[  433.712650][    T9] usb 1-1: config 0 descriptor??
[  433.719895][T11019] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  433.853679][T11037] 9pnet_fd: Insufficient options for proto=fd
[  434.191157][    T9] usb-storage 1-1:0.20: USB Mass Storage device detected
[  434.230413][    T9] usb-storage 1-1:0.20: Quirks match for vid 04e6 pid 000b: 4
[  434.344929][   T30] audit: type=1400 audit(1757286059.024:506): avc:  denied  { append } for  pid=11043 comm="syz.3.1234" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  434.404084][    T9] scsi host1: usb-storage 1-1:0.20
[  434.424366][ T8182] libceph: connect (1)[c::]:6789 error -101
[  434.440147][    T9] usb 1-1: USB disconnect, device number 40
[  434.446651][ T8182] libceph: mon0 (1)[c::]:6789 connect error
[  434.463699][ T8182] libceph: connect (1)[c::]:6789 error -101
[  434.475905][ T8182] libceph: mon0 (1)[c::]:6789 connect error
[  434.854227][T11050] virtio-fs: tag <> not found
[  434.862940][ T8182] libceph: connect (1)[c::]:6789 error -101
[  434.869103][ T8182] libceph: mon0 (1)[c::]:6789 connect error
[  434.986719][   T30] audit: type=1400 audit(1757286059.654:507): avc:  denied  { bind } for  pid=11056 comm="syz.2.1236" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  435.413857][ T8182] libceph: connect (1)[c::]:6789 error -101
[  435.440307][ T8182] libceph: mon0 (1)[c::]:6789 connect error
[  435.446958][T11044] ceph: No mds server is up or the cluster is laggy
[  435.731675][T11070] bond0: entered promiscuous mode
[  435.738270][T11070] bond_slave_0: entered promiscuous mode
[  435.744418][T11070] bond_slave_1: entered promiscuous mode
[  435.761129][T11070] dummy0: entered promiscuous mode
[  435.772503][T11070] hsr1: entered promiscuous mode
[  435.777712][T11070] hsr1: entered allmulticast mode
[  435.787981][T11070] bond0: entered allmulticast mode
[  435.793478][T11070] bond_slave_0: entered allmulticast mode
[  435.799538][T11070] bond_slave_1: entered allmulticast mode
[  435.806206][T11070] dummy0: entered allmulticast mode
[  436.816453][T11084] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1243'.
[  437.900781][   T30] audit: type=1400 audit(1757286062.574:508): avc:  denied  { write } for  pid=11097 comm="syz.1.1247" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  437.920889][    C1] vkms_vblank_simulate: vblank timer overrun
[  437.944483][T11103] FAULT_INJECTION: forcing a failure.
[  437.944483][T11103] name failslab, interval 1, probability 0, space 0, times 0
[  438.427336][T11103] CPU: 0 UID: 0 PID: 11103 Comm: syz.5.1249 Not tainted syzkaller #0 PREEMPT(full) 
[  438.427361][T11103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  438.427372][T11103] Call Trace:
[  438.427378][T11103]  <TASK>
[  438.427385][T11103]  dump_stack_lvl+0x16c/0x1f0
[  438.427412][T11103]  should_fail_ex+0x512/0x640
[  438.427434][T11103]  ? __kmalloc_noprof+0xbf/0x510
[  438.427453][T11103]  ? lsm_blob_alloc+0x68/0x90
[  438.427470][T11103]  should_failslab+0xc2/0x120
[  438.427490][T11103]  __kmalloc_noprof+0xd2/0x510
[  438.427514][T11103]  lsm_blob_alloc+0x68/0x90
[  438.427531][T11103]  security_sk_alloc+0x30/0x270
[  438.427554][T11103]  sk_prot_alloc+0x1c7/0x2a0
[  438.427582][T11103]  sk_alloc+0x36/0xc20
[  438.427602][T11103]  tun_chr_open+0x80/0x5e0
[  438.427626][T11103]  ? __pfx_tun_chr_open+0x10/0x10
[  438.427648][T11103]  misc_open+0x35d/0x420
[  438.427666][T11103]  ? __pfx_misc_open+0x10/0x10
[  438.427682][T11103]  chrdev_open+0x231/0x6a0
[  438.427705][T11103]  ? __pfx_chrdev_open+0x10/0x10
[  438.427727][T11103]  ? fsnotify_open_perm_and_set_mode+0x17c/0xa60
[  438.427753][T11103]  do_dentry_open+0x982/0x1530
[  438.427780][T11103]  ? __pfx_chrdev_open+0x10/0x10
[  438.427806][T11103]  vfs_open+0x82/0x3f0
[  438.427831][T11103]  path_openat+0x1de4/0x2cb0
[  438.427860][T11103]  ? __pfx_path_openat+0x10/0x10
[  438.427887][T11103]  do_filp_open+0x20b/0x470
[  438.427907][T11103]  ? __pfx_do_filp_open+0x10/0x10
[  438.427946][T11103]  ? alloc_fd+0x471/0x7d0
[  438.427972][T11103]  do_sys_openat2+0x11b/0x1d0
[  438.427995][T11103]  ? __pfx_do_sys_openat2+0x10/0x10
[  438.428021][T11103]  ? bpf_trace_run2+0x2ab/0x590
[  438.428044][T11103]  __x64_sys_openat+0x174/0x210
[  438.428067][T11103]  ? __pfx___x64_sys_openat+0x10/0x10
[  438.428092][T11103]  ? syscall_trace_enter+0x1cb/0x240
[  438.428114][T11103]  ? rcu_is_watching+0x12/0xc0
[  438.428137][T11103]  do_syscall_64+0xcd/0x4c0
[  438.428163][T11103]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  438.428180][T11103] RIP: 0033:0x7fc93718ebe9
[  438.428194][T11103] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  438.428210][T11103] RSP: 002b:00007fc938055038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  438.428227][T11103] RAX: ffffffffffffffda RBX: 00007fc9373c5fa0 RCX: 00007fc93718ebe9
[  438.428238][T11103] RDX: 0000000000000000 RSI: 0000200000000080 RDI: ffffffffffffff9c
[  438.428248][T11103] RBP: 00007fc938055090 R08: 0000000000000000 R09: 0000000000000000
[  438.428258][T11103] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  438.428267][T11103] R13: 00007fc9373c6038 R14: 00007fc9373c5fa0 R15: 00007fffd685f228
[  438.428291][T11103]  </TASK>
[  438.860559][   T30] audit: type=1400 audit(1757286063.534:509): avc:  denied  { ioctl } for  pid=11099 comm="syz.3.1248" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 ioctlcmd=0x550c scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  438.885640][    C1] vkms_vblank_simulate: vblank timer overrun
[  438.994840][T11100] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  439.102764][   T24] usb 6-1: new high-speed USB device number 50 using dummy_hcd
[  439.585886][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  439.592766][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  439.642377][   T24] usb 6-1: Using ep0 maxpacket: 8
[  439.653645][   T24] usb 6-1: unable to get BOS descriptor or descriptor too short
[  439.664077][   T24] usb 6-1: config 4 interface 0 has no altsetting 0
[  439.735510][   T24] usb 6-1: string descriptor 0 read error: -22
[  439.741752][   T24] usb 6-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[  440.063880][T11124] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1255'.
[  440.132431][   T24] usb 6-1: New USB device strings: Mfr=2, Product=0, SerialNumber=3
[  440.151776][   T24] usb 6-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[  440.173490][   T24] usb 6-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  440.194280][   T24] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[  440.207190][   T24] usb 6-1: media controller created
[  440.220096][   T24] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  440.465744][   T10] usb 1-1: new high-speed USB device number 41 using dummy_hcd
[  440.792355][   T10] usb 1-1: Using ep0 maxpacket: 8
[  440.798753][   T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  440.820851][   T10] usb 1-1: New USB device found, idVendor=17ef, idProduct=6062, bcdDevice= 0.00
[  440.840583][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  440.858139][   T10] usb 1-1: config 0 descriptor??
[  441.062339][   T57] usb 3-1: new high-speed USB device number 42 using dummy_hcd
[  441.222504][   T57] usb 3-1: Using ep0 maxpacket: 32
[  441.237214][   T57] usb 3-1: unable to get BOS descriptor or descriptor too short
[  441.249237][   T57] usb 3-1: config 128 has an invalid interface number: 127 but max is 3
[  441.260149][   T57] usb 3-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config
[  441.272140][   T24] zl10353_read_register: readreg error (reg=127, ret==0)
[  441.280801][   T57] usb 3-1: config 128 has 1 interface, different from the descriptor's value: 4
[  441.301345][   T10] lenovo 0003:17EF:6062.0005: hidraw0: USB HID v0.00 Device [HID 17ef:6062] on usb-dummy_hcd.0-1/input0
[  441.328967][   T57] usb 3-1: config 128 has no interface number 0
[  441.345327][   T57] usb 3-1: config 128 interface 127 altsetting 14 endpoint 0x5 has an invalid bInterval 0, changing to 7
[  441.357738][   T57] usb 3-1: config 128 interface 127 altsetting 14 endpoint 0x5 has invalid wMaxPacketSize 0
[  441.391355][   T57] usb 3-1: config 128 interface 127 has no altsetting 0
[  441.409673][   T57] usb 3-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55
[  441.431708][   T57] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  441.450249][   T57] usb 3-1: Product: syz
[  441.460342][   T57] usb 3-1: Manufacturer: syz
[  441.466446][   T57] usb 3-1: SerialNumber: syz
[  441.472269][T11133] comedi comedi2: reset error (fatal)
[  441.562108][T11130] netlink: 'syz.0.1256': attribute type 10 has an invalid length.
[  441.590443][T11130] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1256'.
[  441.612638][T11130] dummy0: entered promiscuous mode
[  441.626806][   T10] usb 6-1: USB disconnect, device number 50
[  441.640664][T11130] bridge0: port 3(dummy0) entered blocking state
[  441.650358][T11130] bridge0: port 3(dummy0) entered disabled state
[  441.658737][T11130] dummy0: entered allmulticast mode
[  441.675461][   T24] usb 1-1: USB disconnect, device number 41
[  441.799025][   T57] usb 3-1: USB disconnect, device number 42
[  442.132029][ T6069] udevd[6069]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:128.127/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  442.601170][T11156] netlink: 'syz.2.1264': attribute type 1 has an invalid length.
[  442.630691][T11156] bond1: entered promiscuous mode
[  442.637757][T11156] 8021q: adding VLAN 0 to HW filter on device bond1
[  442.699226][  T878] usb 2-1: new high-speed USB device number 43 using dummy_hcd
[  442.749550][T11156] 8021q: adding VLAN 0 to HW filter on device bond1
[  442.758970][T11156] bond1: (slave vcan1): The slave device specified does not support setting the MAC address
[  442.769299][T11156] bond1: (slave vcan1): Setting fail_over_mac to active for active-backup mode
[  442.788706][   T10] usb 6-1: new high-speed USB device number 51 using dummy_hcd
[  442.856389][T11156] bond1: (slave vcan1): making interface the new active one
[  442.872541][  T878] usb 2-1: Using ep0 maxpacket: 16
[  442.883222][  T878] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  442.897047][  T878] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  442.898004][T11161] overlayfs: failed lookup in lower (newroot/252, name='bus', err=-40): overlapping layers
[  443.017693][T11156] vcan1: entered promiscuous mode
[  443.036263][T11156] bond1: (slave vcan1): Enslaving as an active interface with an up link
[  443.239591][   T10] usb 6-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  443.249600][   T10] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  443.260574][   T10] usb 6-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  443.278106][   T10] usb 6-1: config 1 has no interface number 1
[  443.280300][  T878] usb 2-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00
[  443.284693][   T10] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  443.442340][  T878] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  443.455626][  T878] usb 2-1: config 0 descriptor??
[  443.483235][   T10] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  443.493959][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  443.501962][   T10] usb 6-1: Product: syz
[  443.507946][   T10] usb 6-1: Manufacturer: syz
[  443.512690][   T10] usb 6-1: SerialNumber: syz
[  443.967093][   T10] usb 6-1: No MIDI 2.0 at altset 1, falling back to MIDI 1.0
[  444.042261][T11168] FAULT_INJECTION: forcing a failure.
[  444.042261][T11168] name failslab, interval 1, probability 0, space 0, times 0
[  444.077038][   T10] usb 6-1: MIDIStreaming interface descriptor not found
[  444.177503][T11168] CPU: 0 UID: 0 PID: 11168 Comm: syz.3.1266 Not tainted syzkaller #0 PREEMPT(full) 
[  444.177530][T11168] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  444.177542][T11168] Call Trace:
[  444.177548][T11168]  <TASK>
[  444.177554][T11168]  dump_stack_lvl+0x16c/0x1f0
[  444.177581][T11168]  should_fail_ex+0x512/0x640
[  444.177603][T11168]  ? __kmalloc_noprof+0xbf/0x510
[  444.177623][T11168]  ? iter_file_splice_write+0x1cc/0x12e0
[  444.177642][T11168]  should_failslab+0xc2/0x120
[  444.177662][T11168]  __kmalloc_noprof+0xd2/0x510
[  444.177685][T11168]  iter_file_splice_write+0x1cc/0x12e0
[  444.177706][T11168]  ? find_held_lock+0x2b/0x80
[  444.177731][T11168]  ? find_held_lock+0x2b/0x80
[  444.177757][T11168]  ? __pfx_iter_file_splice_write+0x10/0x10
[  444.177777][T11168]  ? __lock_acquire+0xb97/0x1ce0
[  444.177822][T11168]  ? __pfx_iter_file_splice_write+0x10/0x10
[  444.177843][T11168]  direct_splice_actor+0x192/0x6c0
[  444.177865][T11168]  splice_direct_to_actor+0x345/0xa30
[  444.177886][T11168]  ? __pfx_direct_splice_actor+0x10/0x10
[  444.177909][T11168]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  444.177935][T11168]  do_splice_direct+0x174/0x240
[  444.177955][T11168]  ? __pfx_do_splice_direct+0x10/0x10
[  444.177974][T11168]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  444.177997][T11168]  ? rw_verify_area+0xcf/0x6c0
[  444.178029][T11168]  do_sendfile+0xb06/0xe50
[  444.178051][T11168]  ? __pfx_do_sendfile+0x10/0x10
[  444.178077][T11168]  __x64_sys_sendfile64+0x154/0x220
[  444.178101][T11168]  ? __pfx___x64_sys_sendfile64+0x10/0x10
[  444.178131][T11168]  do_syscall_64+0xcd/0x4c0
[  444.178156][T11168]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  444.178171][T11168] RIP: 0033:0x7f5a1218ebe9
[  444.178185][T11168] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  444.178201][T11168] RSP: 002b:00007f5a13091038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  444.178218][T11168] RAX: ffffffffffffffda RBX: 00007f5a123c6090 RCX: 00007f5a1218ebe9
[  444.178229][T11168] RDX: 0000200000000080 RSI: 0000000000000003 RDI: 0000000000000003
[  444.178239][T11168] RBP: 00007f5a13091090 R08: 0000000000000000 R09: 0000000000000000
[  444.178249][T11168] R10: 0000000000007f03 R11: 0000000000000246 R12: 0000000000000001
[  444.178258][T11168] R13: 00007f5a123c6128 R14: 00007f5a123c6090 R15: 00007ffcd2d39f28
[  444.178282][T11168]  </TASK>
[  444.546551][  T878] usbhid 2-1:0.0: can't add hid device: -71
[  444.552832][  T878] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  444.563542][  T878] usb 2-1: USB disconnect, device number 43
[  444.621117][   T30] audit: type=1400 audit(1757286069.274:510): avc:  denied  { override_creds } for  pid=11170 comm="syz.5.1267" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  444.697093][   T10] usb 6-1: USB disconnect, device number 51
[  444.803997][ T6074] udevd[6074]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  445.133861][   T50] Bluetooth: hci4: unexpected event for opcode 0x1001
[  445.189652][T11179] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1269'.
[  446.187341][   T57] usb 3-1: new high-speed USB device number 43 using dummy_hcd
[  446.342608][   T10] usb 1-1: new full-speed USB device number 42 using dummy_hcd
[  446.362277][   T57] usb 3-1: Using ep0 maxpacket: 32
[  446.380886][   T57] usb 3-1: config 0 interface 0 altsetting 9 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  446.422983][   T57] usb 3-1: config 0 interface 0 has no altsetting 0
[  446.461989][   T57] usb 3-1: New USB device found, idVendor=0c70, idProduct=f00e, bcdDevice= 0.00
[  446.501659][   T57] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  446.503720][   T10] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  446.523315][   T57] usb 3-1: config 0 descriptor??
[  446.539036][   T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  446.666431][   T30] audit: type=1400 audit(1757286071.344:511): avc:  denied  { getopt } for  pid=11197 comm="syz.5.1277" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  446.673975][   T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  446.696558][   T10] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  446.714135][   T10] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  446.738126][   T10] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  446.802008][T11186] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  446.824051][   T10] usb 1-1: Manufacturer: syz
[  446.835265][T11186] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  446.845823][   T10] usb 1-1: config 0 descriptor??
[  447.313298][   T30] audit: type=1400 audit(1757286071.974:512): avc:  denied  { read } for  pid=11185 comm="syz.2.1272" lport=54056 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  448.049508][   T57] aquacomputer_d5next 0003:0C70:F00E.0006: hidraw0: USB HID v4.06 Device [HID 0c70:f00e] on usb-dummy_hcd.2-1/input0
[  448.073342][   T10] rc_core: IR keymap rc-hauppauge not found
[  448.079275][   T10] Registered IR keymap rc-empty
[  448.877772][T11216] 9pnet_fd: Insufficient options for proto=fd
[  449.429811][   T10] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  449.458260][   T10] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  449.494279][   T10] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0
[  449.513567][   T10] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input14
[  449.534846][   T10] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  449.549839][   T57] usb 3-1: USB disconnect, device number 43
[  449.582642][   T10] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  449.646644][   T10] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  449.751622][T11217] fido_id[11217]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory
[  449.782716][   T10] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  449.894043][   T10] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  449.962575][   T10] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  450.022241][   T10] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  450.036118][T11233] FAULT_INJECTION: forcing a failure.
[  450.036118][T11233] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  450.278218][   T10] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  450.303325][T11233] CPU: 0 UID: 0 PID: 11233 Comm: syz.1.1284 Not tainted syzkaller #0 PREEMPT(full) 
[  450.303342][T11233] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  450.303348][T11233] Call Trace:
[  450.303353][T11233]  <TASK>
[  450.303358][T11233]  dump_stack_lvl+0x16c/0x1f0
[  450.303377][T11233]  should_fail_ex+0x512/0x640
[  450.303393][T11233]  _copy_from_user+0x2e/0xd0
[  450.303412][T11233]  kstrtouint_from_user+0xd6/0x1d0
[  450.303424][T11233]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  450.303435][T11233]  ? __lock_acquire+0xb97/0x1ce0
[  450.303460][T11233]  proc_fail_nth_write+0x83/0x220
[  450.303473][T11233]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  450.303489][T11233]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  450.303500][T11233]  vfs_write+0x29d/0x11d0
[  450.303513][T11233]  ? __pfx___mutex_lock+0x10/0x10
[  450.303527][T11233]  ? __pfx_vfs_write+0x10/0x10
[  450.303541][T11233]  ? __fget_files+0x20e/0x3c0
[  450.303557][T11233]  ksys_write+0x12a/0x250
[  450.303567][T11233]  ? __pfx_ksys_write+0x10/0x10
[  450.303581][T11233]  do_syscall_64+0xcd/0x4c0
[  450.303596][T11233]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  450.303607][T11233] RIP: 0033:0x7ff04818d69f
[  450.303616][T11233] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  450.303626][T11233] RSP: 002b:00007ff049014030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  450.303637][T11233] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ff04818d69f
[  450.303643][T11233] RDX: 0000000000000001 RSI: 00007ff0490140a0 RDI: 0000000000000008
[  450.303650][T11233] RBP: 00007ff049014090 R08: 0000000000000000 R09: 0000000000000000
[  450.303655][T11233] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  450.303661][T11233] R13: 00007ff0483c6128 R14: 00007ff0483c6090 R15: 00007ffc76167df8
[  450.303674][T11233]  </TASK>
[  450.542412][   T10] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  450.562357][   T10] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  450.632891][   T10] mceusb 1-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  450.651549][   T10] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  450.707883][   T10] usb 1-1: USB disconnect, device number 42
[  450.761744][T11242] FAULT_INJECTION: forcing a failure.
[  450.761744][T11242] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  450.774965][ T8182] usb 6-1: new high-speed USB device number 52 using dummy_hcd
[  451.027748][   T50] Bluetooth: hci4: unexpected event for opcode 0x1001
[  451.035058][T11242] CPU: 1 UID: 0 PID: 11242 Comm: syz.1.1288 Not tainted syzkaller #0 PREEMPT(full) 
[  451.035081][T11242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  451.035092][T11242] Call Trace:
[  451.035097][T11242]  <TASK>
[  451.035104][T11242]  dump_stack_lvl+0x16c/0x1f0
[  451.035130][T11242]  should_fail_ex+0x512/0x640
[  451.035156][T11242]  _copy_to_user+0x32/0xd0
[  451.035182][T11242]  simple_read_from_buffer+0xcb/0x170
[  451.035203][T11242]  proc_fail_nth_read+0x197/0x240
[  451.035224][T11242]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  451.035246][T11242]  ? rw_verify_area+0xcf/0x6c0
[  451.035278][T11242]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  451.035297][T11242]  vfs_read+0x1e1/0xcf0
[  451.035318][T11242]  ? __pfx___mutex_lock+0x10/0x10
[  451.035341][T11242]  ? __pfx_vfs_read+0x10/0x10
[  451.035365][T11242]  ? __fget_files+0x20e/0x3c0
[  451.035392][T11242]  ksys_read+0x12a/0x250
[  451.035409][T11242]  ? __pfx_ksys_read+0x10/0x10
[  451.035433][T11242]  do_syscall_64+0xcd/0x4c0
[  451.035457][T11242]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  451.035474][T11242] RIP: 0033:0x7ff04818d5fc
[  451.035488][T11242] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  451.035504][T11242] RSP: 002b:00007ff049035030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  451.035521][T11242] RAX: ffffffffffffffda RBX: 00007ff0483c5fa0 RCX: 00007ff04818d5fc
[  451.035532][T11242] RDX: 000000000000000f RSI: 00007ff0490350a0 RDI: 0000000000000004
[  451.035542][T11242] RBP: 00007ff049035090 R08: 0000000000000000 R09: 0000000000000000
[  451.035552][T11242] R10: 000000000000003e R11: 0000000000000246 R12: 0000000000000001
[  451.035562][T11242] R13: 00007ff0483c6038 R14: 00007ff0483c5fa0 R15: 00007ffc76167df8
[  451.035586][T11242]  </TASK>
[  451.372908][ T8182] usb 6-1: config index 0 descriptor too short (expected 23569, got 27)
[  451.671177][ T8182] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  451.700408][   T50] Bluetooth: hci2: unexpected event for opcode 0x1001
[  451.720635][ T8182] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  452.811786][ T8182] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  452.822349][ T8182] usb 6-1: string descriptor 0 read error: -71
[  452.833069][ T8182] usb 6-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  452.842144][ T8182] usb 6-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  452.918381][ T8182] usb 6-1: config 0 descriptor??
[  452.931991][ T8182] usb 6-1: can't set config #0, error -71
[  452.948906][ T8182] usb 6-1: USB disconnect, device number 52
[  452.982837][   T30] audit: type=1400 audit(1757286077.554:513): avc:  denied  { append } for  pid=11250 comm="syz.0.1291" name="sg0" dev="devtmpfs" ino=759 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  453.107225][T11260] fuse: Bad value for 'fd'
[  453.113904][T11260] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1295'.
[  453.141381][T11260] 8021q: adding VLAN 0 to HW filter on device bond1
[  453.178945][T11260] 8021q: adding VLAN 0 to HW filter on device bond1
[  453.187951][T11260] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address
[  453.198900][T11260] bond1: (slave vxcan3): Error -95 calling set_mac_address
[  453.272525][T11267] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(4)
[  453.279061][T11267] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  453.418509][T11267] vhci_hcd vhci_hcd.0: Device attached
[  453.477336][T11269] vhci_hcd: connection closed
[  453.478124][T10981] vhci_hcd: stop threads
[  453.482326][   T30] audit: type=1400 audit(1757286077.974:514): avc:  denied  { create } for  pid=11257 comm="syz.0.1295" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  453.510459][T10981] vhci_hcd: release socket
[  453.523639][T11272] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1296'.
[  453.569486][T10981] vhci_hcd: disconnect device
[  453.702741][T11272] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1296'.
[  454.001522][T11282] netlink: 36 bytes leftover after parsing attributes in process `syz.5.1299'.
[  454.878020][T11296] 9pnet_fd: Insufficient options for proto=fd
[  455.288183][T11293] tipc: Cannot configure node identity twice
[  456.899123][T11318] comedi comedi3: 8255: I/O port conflict (0x5,4)
[  456.905830][T11318] comedi comedi3: 8255: I/O port conflict (0x2,4)
[  456.912590][T11318] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  456.919300][T11318] comedi comedi3: 8255: I/O port conflict (0x5c952399,4)
[  456.926555][T11318] comedi comedi3: 8255: I/O port conflict (0x5,4)
[  456.933201][T11318] comedi comedi3: 8255: I/O port conflict (0x3ff,4)
[  456.940173][T11318] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  456.946782][T11318] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  456.953676][T11318] comedi comedi3: 8255: I/O port conflict (0x9,4)
[  456.960545][T11318] comedi comedi3: 8255: I/O port conflict (0x6,4)
[  456.968108][T11318] comedi comedi3: 8255: I/O port conflict (0x4,4)
[  456.974843][T11318] comedi comedi3: 8255: I/O port conflict (0x3,4)
[  456.981601][T11318] comedi comedi3: 8255: I/O port conflict (0xffffffff80000089,4)
[  456.989666][T11318] comedi comedi3: 8255: I/O port conflict (0xfffffffffffffffd,4)
[  458.004050][   T30] audit: type=1400 audit(1757286081.464:515): avc:  denied  { mount } for  pid=11315 comm="syz.2.1307" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[  458.303957][T11324] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  458.362693][   T30] audit: type=1400 audit(1757286082.964:516): avc:  denied  { map } for  pid=11309 comm="syz.0.1306" path="/dev/dri/card0" dev="devtmpfs" ino=627 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  458.557555][T11309] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  458.579249][T11327] FAULT_INJECTION: forcing a failure.
[  458.579249][T11327] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  458.592875][   T30] audit: type=1400 audit(1757286082.974:517): avc:  denied  { create } for  pid=11309 comm="syz.0.1306" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_scsitransport_socket permissive=1
[  458.614242][T11327] CPU: 0 UID: 0 PID: 11327 Comm: syz.1.1310 Not tainted syzkaller #0 PREEMPT(full) 
[  458.614259][T11327] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  458.614265][T11327] Call Trace:
[  458.614269][T11327]  <TASK>
[  458.614274][T11327]  dump_stack_lvl+0x16c/0x1f0
[  458.614292][T11327]  should_fail_ex+0x512/0x640
[  458.614307][T11327]  should_fail_alloc_page+0xe7/0x130
[  458.614321][T11327]  prepare_alloc_pages+0x3c2/0x610
[  458.614338][T11327]  __alloc_frozen_pages_noprof+0x18b/0x23f0
[  458.614353][T11327]  ? __alloc_frozen_pages_noprof+0x294/0x23f0
[  458.614368][T11327]  ? find_held_lock+0x2b/0x80
[  458.614382][T11327]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  458.614392][T11327]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  458.614404][T11327]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  458.614419][T11327]  ? is_bpf_text_address+0x94/0x1a0
[  458.614436][T11327]  ? __lock_acquire+0xb97/0x1ce0
[  458.614450][T11327]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  458.614464][T11327]  ? policy_nodemask+0xea/0x4e0
[  458.614477][T11327]  alloc_pages_mpol+0x1fb/0x550
[  458.614489][T11327]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  458.614501][T11327]  ? do_raw_spin_lock+0x12c/0x2b0
[  458.614512][T11327]  ? find_held_lock+0x2b/0x80
[  458.614527][T11327]  alloc_pages_noprof+0x131/0x390
[  458.614539][T11327]  __pmd_alloc+0x3b/0x930
[  458.614552][T11327]  ? __pud_alloc+0x526/0x750
[  458.614567][T11327]  __handle_mm_fault+0xa06/0x2a50
[  458.614584][T11327]  ? mt_find+0x3ef/0xa30
[  458.614599][T11327]  ? __pfx___handle_mm_fault+0x10/0x10
[  458.614614][T11327]  ? __pfx_mt_find+0x10/0x10
[  458.614635][T11327]  ? find_vma+0xbf/0x140
[  458.614646][T11327]  ? __pfx_find_vma+0x10/0x10
[  458.614659][T11327]  handle_mm_fault+0x589/0xd10
[  458.614675][T11327]  ? trace_raw_output_exceptions+0x131/0x150
[  458.614694][T11327]  do_user_addr_fault+0x7a6/0x1370
[  458.614706][T11327]  ? rcu_is_watching+0x12/0xc0
[  458.614721][T11327]  exc_page_fault+0x5c/0xb0
[  458.614734][T11327]  asm_exc_page_fault+0x26/0x30
[  458.614744][T11327] RIP: 0010:__put_user_4+0xd/0x20
[  458.614757][T11327] Code: 66 89 01 31 c9 0f 01 ca c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 89 cb 48 c1 fb 3f 48 09 d9 0f 01 cb <89> 01 31 c9 0f 01 ca e9 47 69 03 00 0f 1f 80 00 00 00 00 90 90 90
[  458.614767][T11327] RSP: 0018:ffffc9000c1f7ee0 EFLAGS: 00050202
[  458.614776][T11327] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000020000000c640
[  458.614783][T11327] RDX: ffff888060638000 RSI: ffffffff8180e8e7 RDI: ffffffff8c162d80
[  458.614789][T11327] RBP: 000020000000c680 R08: a23edf14cf8df726 R09: 0000000000000001
[  458.614795][T11327] R10: 0000000000000000 R11: 0000000000000000 R12: 000020000000c6c0
[  458.614801][T11327] R13: 0000000000000000 R14: 0000000000000000 R15: 000020000000c640
[  458.614811][T11327]  ? __x64_sys_getresgid+0x1b7/0x2a0
[  458.614827][T11327]  __x64_sys_getresgid+0x1c1/0x2a0
[  458.614840][T11327]  ? rcu_is_watching+0x12/0xc0
[  458.614854][T11327]  do_syscall_64+0xcd/0x4c0
[  458.614868][T11327]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  458.614879][T11327] RIP: 0033:0x7ff04818ebe9
[  458.614887][T11327] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  458.614896][T11327] RSP: 002b:00007ff049035038 EFLAGS: 00000246 ORIG_RAX: 0000000000000078
[  458.614905][T11327] RAX: ffffffffffffffda RBX: 00007ff0483c5fa0 RCX: 00007ff04818ebe9
[  458.614911][T11327] RDX: 000020000000c6c0 RSI: 000020000000c680 RDI: 000020000000c640
[  458.614917][T11327] RBP: 00007ff049035090 R08: 0000000000000000 R09: 0000000000000000
[  458.614923][T11327] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  458.614928][T11327] R13: 00007ff0483c6038 R14: 00007ff0483c5fa0 R15: 00007ffc76167df8
[  458.614941][T11327]  </TASK>
[  459.023173][T11329] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(4)
[  459.029715][T11329] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  459.148160][T11329] vhci_hcd vhci_hcd.0: Device attached
[  459.152084][T11333] FAULT_INJECTION: forcing a failure.
[  459.152084][T11333] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  459.171076][T11330] vhci_hcd: connection closed
[  459.181062][T11333] CPU: 0 UID: 0 PID: 11333 Comm: syz.3.1312 Not tainted syzkaller #0 PREEMPT(full) 
[  459.181087][T11333] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  459.181100][T11333] Call Trace:
[  459.181106][T11333]  <TASK>
[  459.181112][T11333]  dump_stack_lvl+0x16c/0x1f0
[  459.181136][T11333]  should_fail_ex+0x512/0x640
[  459.181160][T11333]  _copy_from_iter+0x29f/0x1720
[  459.181191][T11333]  ? __alloc_skb+0x200/0x380
[  459.181212][T11333]  ? __pfx__copy_from_iter+0x10/0x10
[  459.181237][T11333]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  459.181264][T11333]  netlink_sendmsg+0x829/0xdd0
[  459.181291][T11333]  ? __pfx_netlink_sendmsg+0x10/0x10
[  459.181321][T11333]  ____sys_sendmsg+0xa98/0xc70
[  459.181347][T11333]  ? copy_msghdr_from_user+0x10a/0x160
[  459.181367][T11333]  ? __pfx_____sys_sendmsg+0x10/0x10
[  459.181402][T11333]  ___sys_sendmsg+0x134/0x1d0
[  459.181424][T11333]  ? __pfx____sys_sendmsg+0x10/0x10
[  459.181469][T11333]  __sys_sendmsg+0x16d/0x220
[  459.181490][T11333]  ? __pfx___sys_sendmsg+0x10/0x10
[  459.181526][T11333]  do_syscall_64+0xcd/0x4c0
[  459.181550][T11333]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  459.181568][T11333] RIP: 0033:0x7f5a1218ebe9
[  459.181580][T11333] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  459.181595][T11333] RSP: 002b:00007f5a130b2038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  459.181612][T11333] RAX: ffffffffffffffda RBX: 00007f5a123c5fa0 RCX: 00007f5a1218ebe9
[  459.181622][T11333] RDX: 0000000020000000 RSI: 0000200000000140 RDI: 0000000000000003
[  459.181632][T11333] RBP: 00007f5a130b2090 R08: 0000000000000000 R09: 0000000000000000
[  459.181642][T11333] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  459.181651][T11333] R13: 00007f5a123c6038 R14: 00007f5a123c5fa0 R15: 00007ffcd2d39f28
[  459.181674][T11333]  </TASK>
[  459.384103][T10981] vhci_hcd: stop threads
[  459.388374][T10981] vhci_hcd: release socket
[  459.396164][T10981] vhci_hcd: disconnect device
[  459.442321][    T9] vhci_hcd: vhci_device speed not set
[  459.499057][    C1] IPv4: Oversized IP packet from 172.20.20.24
[  459.752315][   T10] usb 3-1: new high-speed USB device number 44 using dummy_hcd
[  460.412082][   T10] usb 3-1: Using ep0 maxpacket: 32
[  460.465768][   T10] usb 3-1: config 0 interface 0 altsetting 128 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  460.477339][   T10] usb 3-1: config 0 interface 0 altsetting 128 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  460.532558][   T10] usb 3-1: config 0 interface 0 has no altsetting 0
[  460.547944][   T10] usb 3-1: New USB device found, idVendor=056a, idProduct=0094, bcdDevice= 0.00
[  460.567294][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  460.590091][   T10] usb 3-1: config 0 descriptor??
[  460.610877][T11359] FAULT_INJECTION: forcing a failure.
[  460.610877][T11359] name failslab, interval 1, probability 0, space 0, times 0
[  460.646021][T11357] batman_adv: batadv0: Adding interface: ip6gretap1
[  460.657689][T11359] CPU: 1 UID: 0 PID: 11359 Comm: syz.0.1320 Not tainted syzkaller #0 PREEMPT(full) 
[  460.657714][T11359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  460.657723][T11359] Call Trace:
[  460.657729][T11359]  <TASK>
[  460.657736][T11359]  dump_stack_lvl+0x16c/0x1f0
[  460.657758][T11359]  should_fail_ex+0x512/0x640
[  460.657772][T11359]  ? fs_reclaim_acquire+0xae/0x150
[  460.657787][T11359]  ? tomoyo_encode2+0x100/0x3e0
[  460.657802][T11359]  should_failslab+0xc2/0x120
[  460.657817][T11359]  __kmalloc_noprof+0xd2/0x510
[  460.657833][T11359]  ? d_absolute_path+0x136/0x1a0
[  460.657859][T11359]  tomoyo_encode2+0x100/0x3e0
[  460.657885][T11359]  tomoyo_encode+0x29/0x50
[  460.657904][T11359]  tomoyo_realpath_from_path+0x18f/0x6e0
[  460.657924][T11359]  tomoyo_path_perm+0x274/0x460
[  460.657936][T11359]  ? tomoyo_path_perm+0x260/0x460
[  460.657950][T11359]  ? __pfx_tomoyo_path_perm+0x10/0x10
[  460.657975][T11359]  ? get_pid_task+0xfc/0x250
[  460.658005][T11359]  ? __fget_files+0x20e/0x3c0
[  460.658021][T11359]  ? __print_lock_name+0xc0/0xe0
[  460.658045][T11359]  security_inode_getattr+0x116/0x290
[  460.658061][T11359]  vfs_fstat+0x4b/0xe0
[  460.658076][T11359]  __do_sys_newfstat+0x87/0x100
[  460.658090][T11359]  ? __pfx___do_sys_newfstat+0x10/0x10
[  460.658116][T11359]  ? __pfx_ksys_write+0x10/0x10
[  460.658137][T11359]  ? rcu_is_watching+0x12/0xc0
[  460.658159][T11359]  do_syscall_64+0xcd/0x4c0
[  460.658181][T11359]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  460.658195][T11359] RIP: 0033:0x7fa66838ebe9
[  460.658204][T11359] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  460.658214][T11359] RSP: 002b:00007fa6665f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000005
[  460.658226][T11359] RAX: ffffffffffffffda RBX: 00007fa6685c5fa0 RCX: 00007fa66838ebe9
[  460.658232][T11359] RDX: 0000000000000000 RSI: 0000200000004b00 RDI: 0000000000000003
[  460.658238][T11359] RBP: 00007fa6665f6090 R08: 0000000000000000 R09: 0000000000000000
[  460.658244][T11359] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  460.658249][T11359] R13: 00007fa6685c6038 R14: 00007fa6685c5fa0 R15: 00007ffdb432bc48
[  460.658270][T11359]  </TASK>
[  460.658288][T11359] ERROR: Out of memory at tomoyo_realpath_from_path.
[  460.884128][T11357] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  460.932878][T11357] batman_adv: batadv0: Not using interface ip6gretap1 (retrying later): interface not active
[  461.053454][T11340] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  461.114957][T11340] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  461.216908][   T10] usbhid 3-1:0.0: can't add hid device: -71
[  461.222917][   T10] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  461.239546][   T10] usb 3-1: USB disconnect, device number 44
[  461.256153][T11361] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1322'.
[  461.268075][T11363] FAULT_INJECTION: forcing a failure.
[  461.268075][T11363] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  461.304950][T11363] CPU: 1 UID: 0 PID: 11363 Comm: syz.1.1321 Not tainted syzkaller #0 PREEMPT(full) 
[  461.304975][T11363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  461.304983][T11363] Call Trace:
[  461.304988][T11363]  <TASK>
[  461.304993][T11363]  dump_stack_lvl+0x16c/0x1f0
[  461.305012][T11363]  should_fail_ex+0x512/0x640
[  461.305028][T11363]  _copy_to_user+0x32/0xd0
[  461.305044][T11363]  drm_ioctl+0x5eb/0xc30
[  461.305062][T11363]  ? __pfx_drm_mode_getconnector+0x10/0x10
[  461.305076][T11363]  ? __pfx_drm_ioctl+0x10/0x10
[  461.305095][T11363]  ? selinux_file_ioctl+0x180/0x270
[  461.305111][T11363]  ? selinux_file_ioctl+0xb4/0x270
[  461.305126][T11363]  ? __pfx_drm_ioctl+0x10/0x10
[  461.305141][T11363]  __x64_sys_ioctl+0x18b/0x210
[  461.305158][T11363]  do_syscall_64+0xcd/0x4c0
[  461.305175][T11363]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  461.305186][T11363] RIP: 0033:0x7ff04818ebe9
[  461.305195][T11363] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  461.305205][T11363] RSP: 002b:00007ff049035038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  461.305215][T11363] RAX: ffffffffffffffda RBX: 00007ff0483c5fa0 RCX: 00007ff04818ebe9
[  461.305222][T11363] RDX: 0000200000000280 RSI: 00000000c05064a7 RDI: 0000000000000004
[  461.305228][T11363] RBP: 00007ff049035090 R08: 0000000000000000 R09: 0000000000000000
[  461.305234][T11363] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  461.305240][T11363] R13: 00007ff0483c6038 R14: 00007ff0483c5fa0 R15: 00007ffc76167df8
[  461.305252][T11363]  </TASK>
[  462.624307][   T30] audit: type=1400 audit(1757286086.934:518): avc:  denied  { write } for  pid=11382 comm="syz.5.1323" name="nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  462.750603][T11387] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1327'.
[  462.838513][   T30] audit: type=1400 audit(1757286087.514:519): avc:  denied  { accept } for  pid=11388 comm="syz.2.1328" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  463.554546][T11406] FAULT_INJECTION: forcing a failure.
[  463.554546][T11406] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  463.572693][T11406] CPU: 1 UID: 0 PID: 11406 Comm: syz.2.1332 Not tainted syzkaller #0 PREEMPT(full) 
[  463.572710][T11406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  463.572716][T11406] Call Trace:
[  463.572719][T11406]  <TASK>
[  463.572724][T11406]  dump_stack_lvl+0x16c/0x1f0
[  463.572742][T11406]  should_fail_ex+0x512/0x640
[  463.572758][T11406]  _copy_from_user+0x2e/0xd0
[  463.572774][T11406]  get_timespec64+0x8b/0x240
[  463.572789][T11406]  ? __pfx_get_timespec64+0x10/0x10
[  463.572808][T11406]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  463.572825][T11406]  __x64_sys_clock_nanosleep+0x1ce/0x4a0
[  463.572840][T11406]  ? __pfx___x64_sys_clock_nanosleep+0x10/0x10
[  463.572857][T11406]  do_syscall_64+0xcd/0x4c0
[  463.572871][T11406]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  463.572882][T11406] RIP: 0033:0x7fb008b8ebe9
[  463.572892][T11406] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  463.572902][T11406] RSP: 002b:00007fb0099dc038 EFLAGS: 00000246 ORIG_RAX: 00000000000000e6
[  463.572912][T11406] RAX: ffffffffffffffda RBX: 00007fb008dc5fa0 RCX: 00007fb008b8ebe9
[  463.572919][T11406] RDX: 0000200000000000 RSI: 0000000000ca9a3b RDI: 00000000fffffff2
[  463.572925][T11406] RBP: 00007fb0099dc090 R08: 0000000000000000 R09: 0000000000000000
[  463.572931][T11406] R10: 9999999999999999 R11: 0000000000000246 R12: 0000000000000001
[  463.572937][T11406] R13: 00007fb008dc6038 R14: 00007fb008dc5fa0 R15: 00007ffd1dfce078
[  463.572951][T11406]  </TASK>
[  464.385053][   T30] audit: type=1400 audit(1757286089.014:520): avc:  denied  { ioctl } for  pid=11412 comm="syz.0.1334" path="/dev/usbmon3" dev="devtmpfs" ino=725 ioctlcmd=0x9201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  464.633632][T11420] fuse: Bad value for 'group_id'
[  464.638630][T11420] fuse: Bad value for 'group_id'
[  464.729637][T11420] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer.
[  465.692373][  T878] usb 4-1: new high-speed USB device number 50 using dummy_hcd
[  465.841572][T11438] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  465.934510][  T878] usb 4-1: Using ep0 maxpacket: 32
[  465.960706][   T50] Bluetooth: hci2: unexpected event for opcode 0x1001
[  465.962076][  T878] usb 4-1: config 0 interface 0 altsetting 128 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  466.037128][   T57] usb 3-1: new high-speed USB device number 45 using dummy_hcd
[  466.190621][  T878] usb 4-1: config 0 interface 0 altsetting 128 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  466.237133][T11448] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci3/hci3:200/input15
[  466.258779][  T878] usb 4-1: config 0 interface 0 has no altsetting 0
[  466.268560][  T878] usb 4-1: New USB device found, idVendor=056a, idProduct=0094, bcdDevice= 0.00
[  466.279644][   T57] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  466.298308][   T57] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  466.326661][  T878] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  466.335587][   T57] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  466.347458][   T57] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  466.357750][  T878] usb 4-1: config 0 descriptor??
[  466.529450][   T57] usb 3-1: New USB device found, idVendor=0bfd, idProduct=010c, bcdDevice=2d.16
[  466.539722][   T57] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  466.557571][   T57] usb 3-1: Product: syz
[  466.562547][   T57] usb 3-1: Manufacturer: syz
[  466.568224][   T57] usb 3-1: SerialNumber: syz
[  466.575304][   T57] usb 3-1: config 0 descriptor??
[  466.592740][   T57] kvaser_usb 3-1:0.0: CMD_MAP_CHANNEL_REQ failed for CAN0
[  466.599899][   T57] kvaser_usb 3-1:0.0: error -EMSGSIZE: Failed to initialize card
[  466.614666][   T57] kvaser_usb 3-1:0.0: probe with driver kvaser_usb failed with error -90
[  466.652289][   T24] usb 6-1: new high-speed USB device number 53 using dummy_hcd
[  466.790441][T11430] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  466.803873][   T30] audit: type=1400 audit(1757286091.484:521): avc:  denied  { setopt } for  pid=11436 comm="syz.2.1341" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  466.807824][T11430] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  466.832158][   T24] usb 6-1: Using ep0 maxpacket: 32
[  466.835575][    T9] usb 3-1: USB disconnect, device number 45
[  466.839264][   T24] usb 6-1: unable to get BOS descriptor or descriptor too short
[  466.858121][   T24] usb 6-1: config 125 has an invalid interface number: 27 but max is 0
[  466.869864][   T24] usb 6-1: config 125 has no interface number 0
[  466.876336][  T878] usbhid 4-1:0.0: can't add hid device: -71
[  466.882408][  T878] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  466.892303][   T24] usb 6-1: config 125 interface 27 has no altsetting 0
[  466.901045][  T878] usb 4-1: USB disconnect, device number 50
[  466.908231][   T24] usb 6-1: New USB device found, idVendor=1199, idProduct=68aa, bcdDevice=a4.70
[  466.920737][   T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  466.928858][   T24] usb 6-1: Product: syz
[  466.933078][   T24] usb 6-1: Manufacturer: syz
[  466.937662][   T24] usb 6-1: SerialNumber: syz
[  467.176731][   T24] hub 6-1:125.27: bad descriptor, ignoring hub
[  467.183396][   T24] hub 6-1:125.27: probe with driver hub failed with error -5
[  467.194276][   T24] sierra 6-1:125.27: Sierra USB modem converter detected
[  467.207127][   T24] usb 6-1: Sierra USB modem converter now attached to ttyUSB0
[  467.230375][T11459] FAULT_INJECTION: forcing a failure.
[  467.230375][T11459] name failslab, interval 1, probability 0, space 0, times 0
[  467.245030][T11459] CPU: 0 UID: 0 PID: 11459 Comm: syz.1.1346 Not tainted syzkaller #0 PREEMPT(full) 
[  467.245054][T11459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  467.245064][T11459] Call Trace:
[  467.245070][T11459]  <TASK>
[  467.245077][T11459]  dump_stack_lvl+0x16c/0x1f0
[  467.245104][T11459]  should_fail_ex+0x512/0x640
[  467.245125][T11459]  ? fs_reclaim_acquire+0xae/0x150
[  467.245157][T11459]  ? tomoyo_encode2+0x100/0x3e0
[  467.245181][T11459]  should_failslab+0xc2/0x120
[  467.245200][T11459]  __kmalloc_noprof+0xd2/0x510
[  467.245217][T11459]  ? d_absolute_path+0x136/0x1a0
[  467.245248][T11459]  tomoyo_encode2+0x100/0x3e0
[  467.245275][T11459]  tomoyo_encode+0x29/0x50
[  467.245299][T11459]  tomoyo_realpath_from_path+0x18f/0x6e0
[  467.245330][T11459]  tomoyo_path_perm+0x274/0x460
[  467.245350][T11459]  ? tomoyo_path_perm+0x260/0x460
[  467.245373][T11459]  ? __pfx_tomoyo_path_perm+0x10/0x10
[  467.245393][T11459]  ? try_to_unlazy+0x2a9/0x660
[  467.245435][T11459]  ? __d_lookup+0x25c/0x4a0
[  467.245469][T11459]  tomoyo_path_rmdir+0x91/0xe0
[  467.245485][T11459]  ? __pfx_tomoyo_path_rmdir+0x10/0x10
[  467.245504][T11459]  ? lookup_dcache+0x66/0x170
[  467.245531][T11459]  security_path_rmdir+0x145/0x2b0
[  467.245552][T11459]  do_rmdir+0x27b/0x3c0
[  467.245570][T11459]  ? __pfx_do_rmdir+0x10/0x10
[  467.245594][T11459]  ? getname_flags.part.0+0x1c5/0x550
[  467.245618][T11459]  __x64_sys_rmdir+0xc5/0x110
[  467.245636][T11459]  do_syscall_64+0xcd/0x4c0
[  467.245658][T11459]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  467.245674][T11459] RIP: 0033:0x7ff04818ebe9
[  467.245687][T11459] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  467.245702][T11459] RSP: 002b:00007ff049035038 EFLAGS: 00000246 ORIG_RAX: 0000000000000054
[  467.245718][T11459] RAX: ffffffffffffffda RBX: 00007ff0483c5fa0 RCX: 00007ff04818ebe9
[  467.245727][T11459] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000100
[  467.245736][T11459] RBP: 00007ff049035090 R08: 0000000000000000 R09: 0000000000000000
[  467.245746][T11459] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  467.245756][T11459] R13: 00007ff0483c6038 R14: 00007ff0483c5fa0 R15: 00007ffc76167df8
[  467.245780][T11459]  </TASK>
[  467.245795][T11459] ERROR: Out of memory at tomoyo_realpath_from_path.
[  467.265734][   T24] usb 6-1: USB disconnect, device number 53
[  467.636647][   T24] sierra ttyUSB0: Sierra USB modem converter now disconnected from ttyUSB0
[  467.658211][   T24] sierra 6-1:125.27: device disconnected
[  468.702698][   T30] audit: type=1326 audit(1757286093.344:522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11485 comm="syz.3.1353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a1218ebe9 code=0x7ffc0000
[  469.076551][   T30] audit: type=1326 audit(1757286093.344:523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11485 comm="syz.3.1353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a1218ebe9 code=0x7ffc0000
[  469.100316][   T30] audit: type=1326 audit(1757286093.344:524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11485 comm="syz.3.1353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f5a1218ebe9 code=0x7ffc0000
[  469.124108][   T30] audit: type=1326 audit(1757286093.344:525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11485 comm="syz.3.1353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a1218ebe9 code=0x7ffc0000
[  469.147920][   T30] audit: type=1326 audit(1757286093.344:526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11485 comm="syz.3.1353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a1218ebe9 code=0x7ffc0000
[  469.182887][   T30] audit: type=1326 audit(1757286093.354:527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11485 comm="syz.3.1353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7f5a1218ebe9 code=0x7ffc0000
[  469.206563][   T30] audit: type=1326 audit(1757286093.454:528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11485 comm="syz.3.1353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a1218ebe9 code=0x7ffc0000
[  469.332607][   T30] audit: type=1326 audit(1757286093.454:529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11485 comm="syz.3.1353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a1218ebe9 code=0x7ffc0000
[  469.413890][   T30] audit: type=1326 audit(1757286093.454:530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11488 comm="syz.3.1353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f5a121c14a5 code=0x7ffc0000
[  469.510159][   T30] audit: type=1326 audit(1757286093.634:531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11488 comm="syz.3.1353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=60 compat=0 ip=0x7f5a1218ebe9 code=0x7ffc0000
[  469.784565][   T50] Bluetooth: hci4: unexpected event for opcode 0x1001
[  470.863388][T11506] netlink: 132 bytes leftover after parsing attributes in process `syz.5.1358'.
[  471.647536][   T30] audit: type=1400 audit(1757286095.954:532): avc:  denied  { read } for  pid=11512 comm="syz.3.1362" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  472.001219][   T30] audit: type=1400 audit(1757286096.674:533): avc:  denied  { read } for  pid=11526 comm="syz.1.1365" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  472.816156][T11538] FAULT_INJECTION: forcing a failure.
[  472.816156][T11538] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  472.851251][T11538] CPU: 1 UID: 0 PID: 11538 Comm: syz.3.1366 Not tainted syzkaller #0 PREEMPT(full) 
[  472.851276][T11538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  472.851286][T11538] Call Trace:
[  472.851291][T11538]  <TASK>
[  472.851297][T11538]  dump_stack_lvl+0x16c/0x1f0
[  472.851323][T11538]  should_fail_ex+0x512/0x640
[  472.851347][T11538]  _copy_from_user+0x2e/0xd0
[  472.851370][T11538]  memdup_user+0x6b/0xe0
[  472.851388][T11538]  ucma_set_option+0x11f/0x530
[  472.851409][T11538]  ? __might_fault+0xe3/0x190
[  472.851423][T11538]  ? __pfx_ucma_set_option+0x10/0x10
[  472.851451][T11538]  ? __pfx_ucma_set_option+0x10/0x10
[  472.851473][T11538]  ucma_write+0x1f8/0x330
[  472.851494][T11538]  ? __pfx_ucma_write+0x10/0x10
[  472.851512][T11538]  ? bpf_lsm_file_permission+0x9/0x10
[  472.851532][T11538]  ? security_file_permission+0x71/0x210
[  472.851559][T11538]  ? rw_verify_area+0xcf/0x6c0
[  472.851582][T11538]  ? __pfx_ucma_write+0x10/0x10
[  472.851599][T11538]  vfs_write+0x29d/0x11d0
[  472.851621][T11538]  ? __pfx_vfs_write+0x10/0x10
[  472.851634][T11538]  ? find_held_lock+0x2b/0x80
[  472.851654][T11538]  ? __fget_files+0x204/0x3c0
[  472.851676][T11538]  ? __fget_files+0x20e/0x3c0
[  472.851700][T11538]  ksys_write+0x1f8/0x250
[  472.851715][T11538]  ? __pfx_ksys_write+0x10/0x10
[  472.851737][T11538]  do_syscall_64+0xcd/0x4c0
[  472.851758][T11538]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  472.851773][T11538] RIP: 0033:0x7f5a1218ebe9
[  472.851786][T11538] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  472.851800][T11538] RSP: 002b:00007f5a130b2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  472.851817][T11538] RAX: ffffffffffffffda RBX: 00007f5a123c5fa0 RCX: 00007f5a1218ebe9
[  472.851827][T11538] RDX: 0000000000000020 RSI: 0000200000000180 RDI: 0000000000000005
[  472.851836][T11538] RBP: 00007f5a130b2090 R08: 0000000000000000 R09: 0000000000000000
[  472.851845][T11538] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  472.851854][T11538] R13: 00007f5a123c6038 R14: 00007f5a123c5fa0 R15: 00007ffcd2d39f28
[  472.851876][T11538]  </TASK>
[  473.541891][   T30] audit: type=1400 audit(1757286098.094:534): avc:  denied  { mount } for  pid=11541 comm="syz.1.1367" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1
[  473.575918][T11550] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1371'.
[  473.643467][T11558] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1369'.
[  473.654122][T11558] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1369'.
[  473.732727][T11550] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1371'.
[  474.492262][   T30] audit: type=1400 audit(1757286098.094:535): avc:  denied  { remount } for  pid=11541 comm="syz.1.1367" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1
[  474.625435][T11566] FAULT_INJECTION: forcing a failure.
[  474.625435][T11566] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  474.638618][T11566] CPU: 0 UID: 0 PID: 11566 Comm: syz.5.1373 Not tainted syzkaller #0 PREEMPT(full) 
[  474.638639][T11566] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  474.638647][T11566] Call Trace:
[  474.638651][T11566]  <TASK>
[  474.638655][T11566]  dump_stack_lvl+0x16c/0x1f0
[  474.638673][T11566]  should_fail_ex+0x512/0x640
[  474.638688][T11566]  _copy_from_iter+0x29f/0x1720
[  474.638705][T11566]  ? __alloc_skb+0x200/0x380
[  474.638717][T11566]  ? __pfx__copy_from_iter+0x10/0x10
[  474.638734][T11566]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  474.638752][T11566]  netlink_sendmsg+0x829/0xdd0
[  474.638768][T11566]  ? __pfx_netlink_sendmsg+0x10/0x10
[  474.638787][T11566]  ____sys_sendmsg+0xa98/0xc70
[  474.638803][T11566]  ? copy_msghdr_from_user+0x10a/0x160
[  474.638816][T11566]  ? __pfx_____sys_sendmsg+0x10/0x10
[  474.638835][T11566]  ? __pfx_sched_clock_cpu+0x10/0x10
[  474.638852][T11566]  ___sys_sendmsg+0x134/0x1d0
[  474.638865][T11566]  ? __pfx____sys_sendmsg+0x10/0x10
[  474.638890][T11566]  ? lockdep_hardirqs_on+0x50/0x110
[  474.638907][T11566]  __sys_sendmsg+0x16d/0x220
[  474.638919][T11566]  ? __pfx___sys_sendmsg+0x10/0x10
[  474.638931][T11566]  ? rcu_is_watching+0x12/0xc0
[  474.638949][T11566]  ? trace_irq_enable.constprop.0+0x2f/0x120
[  474.638965][T11566]  do_syscall_64+0xcd/0x4c0
[  474.638979][T11566]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  474.638994][T11566] RIP: 0033:0x7fc93718ebe9
[  474.639003][T11566] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  474.639013][T11566] RSP: 002b:00007fc938034038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  474.639023][T11566] RAX: ffffffffffffffda RBX: 00007fc9373c6090 RCX: 00007fc93718ebe9
[  474.639029][T11566] RDX: 0000000004008840 RSI: 0000200000000000 RDI: 0000000000000008
[  474.639035][T11566] RBP: 00007fc938034090 R08: 0000000000000000 R09: 0000000000000000
[  474.639041][T11566] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  474.639046][T11566] R13: 00007fc9373c6128 R14: 00007fc9373c6090 R15: 00007fffd685f228
[  474.639059][T11566]  </TASK>
[  475.190780][   T30] audit: type=1400 audit(1757286099.854:536): avc:  denied  { unmount } for  pid=5841 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1
[  475.256726][T11571] netlink: 'syz.3.1374': attribute type 1 has an invalid length.
[  475.488589][   T30] audit: type=1400 audit(1757286100.154:537): avc:  denied  { read write } for  pid=11579 comm="syz.5.1378" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  475.733288][   T50] Bluetooth: hci4: unexpected event for opcode 0x1001
[  475.986857][   T30] audit: type=1400 audit(1757286100.154:538): avc:  denied  { open } for  pid=11579 comm="syz.5.1378" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  476.102637][ T5926] usb 4-1: new high-speed USB device number 51 using dummy_hcd
[  476.215378][   T30] audit: type=1400 audit(1757286100.194:539): avc:  denied  { map } for  pid=11579 comm="syz.5.1378" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  476.288610][   T30] audit: type=1400 audit(1757286100.194:540): avc:  denied  { execute } for  pid=11579 comm="syz.5.1378" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  476.311995][    C0] vkms_vblank_simulate: vblank timer overrun
[  476.368459][ T5926] usb 4-1: Using ep0 maxpacket: 8
[  476.382064][ T5926] usb 4-1: config 179 has an invalid interface number: 65 but max is 0
[  476.403273][ T5926] usb 4-1: config 179 has no interface number 0
[  476.409592][ T5926] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  476.444499][ T5926] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  476.477848][ T5926] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  476.501443][ T5926] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  476.524875][ T5926] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  476.539179][ T5926] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  476.590260][ T5926] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  476.602074][T11586] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  476.822340][ T5926] usb 6-1: new full-speed USB device number 54 using dummy_hcd
[  476.863758][T11610] FAULT_INJECTION: forcing a failure.
[  476.863758][T11610] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  476.879323][T11610] CPU: 1 UID: 0 PID: 11610 Comm: syz.1.1383 Not tainted syzkaller #0 PREEMPT(full) 
[  476.879345][T11610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  476.879354][T11610] Call Trace:
[  476.879360][T11610]  <TASK>
[  476.879367][T11610]  dump_stack_lvl+0x16c/0x1f0
[  476.879392][T11610]  should_fail_ex+0x512/0x640
[  476.879417][T11610]  _copy_from_iter+0x29f/0x1720
[  476.879444][T11610]  ? __alloc_skb+0x200/0x380
[  476.879464][T11610]  ? __pfx__copy_from_iter+0x10/0x10
[  476.879490][T11610]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  476.879521][T11610]  netlink_sendmsg+0x829/0xdd0
[  476.879547][T11610]  ? __pfx_netlink_sendmsg+0x10/0x10
[  476.879580][T11610]  ____sys_sendmsg+0xa98/0xc70
[  476.879605][T11610]  ? copy_msghdr_from_user+0x10a/0x160
[  476.879626][T11610]  ? __pfx_____sys_sendmsg+0x10/0x10
[  476.879662][T11610]  ___sys_sendmsg+0x134/0x1d0
[  476.879685][T11610]  ? __pfx____sys_sendmsg+0x10/0x10
[  476.879736][T11610]  __sys_sendmsg+0x16d/0x220
[  476.879757][T11610]  ? __pfx___sys_sendmsg+0x10/0x10
[  476.879794][T11610]  do_syscall_64+0xcd/0x4c0
[  476.879818][T11610]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  476.879836][T11610] RIP: 0033:0x7ff04818ebe9
[  476.879849][T11610] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  476.879865][T11610] RSP: 002b:00007ff048ff3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  476.879881][T11610] RAX: ffffffffffffffda RBX: 00007ff0483c6180 RCX: 00007ff04818ebe9
[  476.879892][T11610] RDX: 0000000000040004 RSI: 0000200000002bc0 RDI: 000000000000000d
[  476.879902][T11610] RBP: 00007ff048ff3090 R08: 0000000000000000 R09: 0000000000000000
[  476.879913][T11610] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  476.879922][T11610] R13: 00007ff0483c6218 R14: 00007ff0483c6180 R15: 00007ffc76167df8
[  476.879944][T11610]  </TASK>
[  477.082810][ T5926] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[  477.101995][ T5926] usb 6-1: config 0 has no interface number 0
[  477.118652][ T5926] usb 6-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  477.140697][T11613] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1377'.
[  477.148369][ T5926] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  477.267660][ T5926] usb 6-1: config 0 descriptor??
[  477.378580][ T5926] usb 6-1: selecting invalid altsetting 1
[  477.384893][ T5926] dvb_ttusb_budget: ttusb_init_controller: error
[  477.391747][ T5926] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  477.470464][ T5926] DVB: Unable to find symbol cx22700_attach()
[  477.506842][ T5926] DVB: Unable to find symbol tda10046_attach()
[  477.526164][ T5926] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  477.763490][T11624] binder: 11623:11624 unknown command 0
[  477.771256][T11624] binder: 11623:11624 ioctl c0306201 200000000080 returned -22
[  477.812942][T11626] netlink: 5 bytes leftover after parsing attributes in process `syz.1.1385'.
[  477.822097][T11626] 0�X��D: renamed from macvtap0
[  477.830558][T11626] 0�X��D: entered allmulticast mode
[  477.836981][T11626] veth0_macvtap: entered allmulticast mode
[  477.851054][T11626] A link change request failed with some changes committed already. Interface 
30�X��D may have been left with an inconsistent configuration, please check.
[  478.994081][  T878] usb 4-1: USB disconnect, device number 51
[  478.994155][    C0] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  479.008258][    C0] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  479.188237][T11641] overlayfs: failed to resolve './file0': -2
[  479.263881][   T30] audit: type=1400 audit(1757286103.944:541): avc:  denied  { map } for  pid=11635 comm="syz.3.1389" path="socket:[34912]" dev="sockfs" ino=34912 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  479.453960][T11653] mac80211_hwsim hwsim5 wlan0: entered promiscuous mode
[  479.504339][T11653] batadv_slave_0: entered promiscuous mode
[  479.642535][  T878] usb 6-1: USB disconnect, device number 54
[  479.654933][T11653] debugfs: 'hsr1' already exists in 'hsr'
[  479.717969][T11653] Cannot create hsr debugfs directory
[  479.724179][T11653] hsr1: Slave A (wlan0) is not up; please bring it up to get a fully working HSR network
[  479.734953][T11653] hsr1: Slave B (batadv_slave_0) is not up; please bring it up to get a fully working HSR network
[  479.752475][T11653] hsr1: entered promiscuous mode
[  479.801825][T11663] overlayfs: missing 'workdir'
[  479.982300][ T5926] usb 3-1: new high-speed USB device number 46 using dummy_hcd
[  480.781449][ T5926] usb 3-1: Using ep0 maxpacket: 16
[  480.876420][ T5926] usb 3-1: config index 0 descriptor too short (expected 4495, got 71)
[  481.511426][ T5926] usb 3-1: config 0 has an invalid interface number: 105 but max is 0
[  481.554998][ T5926] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  481.570512][ T5926] usb 3-1: config 0 has no interface number 0
[  481.649712][ T5926] usb 3-1: New USB device found, idVendor=046c, idProduct=14e0, bcdDevice= 0.01
[  481.659837][ T5926] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  481.669290][ T5926] usb 3-1: Product: syz
[  481.673946][ T5926] usb 3-1: Manufacturer: syz
[  481.678528][ T5926] usb 3-1: SerialNumber: syz
[  481.691345][ T5926] usb 3-1: config 0 descriptor??
[  481.704462][ T5926] uvcvideo 3-1:0.105: probe with driver uvcvideo failed with error -22
[  481.738088][T11682] netlink: 'syz.1.1400': attribute type 5 has an invalid length.
[  481.782272][    T9] usb 6-1: new full-speed USB device number 55 using dummy_hcd
[  481.831606][T11686] fuse: Bad value for 'fd'
[  481.935170][    T9] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  482.115839][T11659] fuse: Unknown parameter 'gi`��X5�㎎k�[����8�����u�ߘfQ������;�@@�����& ����p$�n'
[  482.129029][    T9] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  482.169969][    T9] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  482.179483][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  482.375540][   T50] Bluetooth: hci1: unexpected event for opcode 0x1001
[  482.573580][    T9] usb 6-1: usb_control_msg returned -32
[  482.603355][    T9] usbtmc 6-1:16.0: can't read capabilities
[  482.728108][T11694] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[  484.005764][  T878] usb 6-1: USB disconnect, device number 55
[  484.247293][T11705] block nbd0: Attempted send on invalid socket
[  484.253673][T11705] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[  484.263336][T11705] SQUASHFS error: Failed to read block 0x0: -5
[  484.269663][T11705] unable to read squashfs_super_block
[  484.455962][ T5926] usb 3-1: USB disconnect, device number 46
[  484.855632][   T30] audit: type=1400 audit(1757286109.534:542): avc:  denied  { mount } for  pid=11724 comm="syz.2.1411" name="/" dev="configfs" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1
[  484.896281][   T30] audit: type=1400 audit(1757286109.574:543): avc:  denied  { map } for  pid=11724 comm="syz.2.1411" path="/dev/comedi4" dev="devtmpfs" ino=1280 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  485.031240][T11727] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1412'.
[  485.060242][T11727] vlan2: entered allmulticast mode
[  485.065853][T11727] bridge_slave_0: entered allmulticast mode
[  485.221989][   T30] audit: type=1400 audit(1757286109.574:544): avc:  denied  { execute } for  pid=11724 comm="syz.2.1411" path="/dev/comedi4" dev="devtmpfs" ino=1280 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  485.768761][T11737] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[  485.941634][T11743] comedi comedi0: comedi_config --init_data is deprecated
[  486.030754][   T30] audit: type=1400 audit(1757286366.611:545): avc:  denied  { setopt } for  pid=11742 comm="syz.5.1418" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  486.638033][   T30] audit: type=1400 audit(1757286367.312:546): avc:  denied  { bind } for  pid=11751 comm="syz.2.1421" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  486.663535][T11752] binder: 11751:11752 ioctl c0306201 0 returned -14
[  486.876088][   T30] audit: type=1400 audit(1757286367.312:547): avc:  denied  { setopt } for  pid=11751 comm="syz.2.1421" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  487.149761][   T30] audit: type=1400 audit(1757286367.412:548): avc:  denied  { create } for  pid=11753 comm="syz.2.1423" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  487.394432][   T30] audit: type=1400 audit(1757286367.722:549): avc:  denied  { read } for  pid=11754 comm="syz.5.1422" name="btrfs-control" dev="devtmpfs" ino=1316 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1
[  487.823701][   T30] audit: type=1400 audit(1757286368.402:550): avc:  denied  { ioctl } for  pid=11769 comm="syz.5.1426" path="socket:[35327]" dev="sockfs" ino=35327 ioctlcmd=0x4942 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  488.557364][T11778] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[  488.641744][T11782] netlink: 36 bytes leftover after parsing attributes in process `syz.5.1431'.
[  488.690717][ T5926] usb 2-1: new high-speed USB device number 44 using dummy_hcd
[  488.754132][   T30] audit: type=1400 audit(1757286369.433:551): avc:  denied  { map } for  pid=11784 comm="syz.5.1433" path="/proc/683/environ" dev="proc" ino=36131 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=file permissive=1
[  488.800960][   T24] usb 4-1: new high-speed USB device number 52 using dummy_hcd
[  488.811081][T11787] overlay: ./file0 is not a directory
[  488.850634][ T5926] usb 2-1: Using ep0 maxpacket: 32
[  488.857728][ T5926] usb 2-1: config 0 interface 0 altsetting 128 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  488.869473][ T5926] usb 2-1: config 0 interface 0 altsetting 128 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  488.882715][ T5926] usb 2-1: config 0 interface 0 has no altsetting 0
[  488.889331][ T5926] usb 2-1: New USB device found, idVendor=056a, idProduct=0094, bcdDevice= 0.00
[  488.898652][ T5926] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  488.910645][ T5926] usb 2-1: config 0 descriptor??
[  489.021133][   T24] usb 4-1: Using ep0 maxpacket: 32
[  489.184218][   T24] usb 4-1: config 0 interface 0 altsetting 128 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  489.196322][   T24] usb 4-1: config 0 interface 0 altsetting 128 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  489.209816][   T24] usb 4-1: config 0 interface 0 has no altsetting 0
[  489.216614][   T24] usb 4-1: New USB device found, idVendor=056a, idProduct=0094, bcdDevice= 0.00
[  489.226014][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  489.236125][   T24] usb 4-1: config 0 descriptor??
[  489.802823][   T24] usbhid 4-1:0.0: can't add hid device: -71
[  489.867418][   T24] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  490.192505][   T24] usb 4-1: USB disconnect, device number 52
[  490.250513][ T5926] usbhid 2-1:0.0: can't add hid device: -71
[  490.256485][ T5926] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  490.273029][ T5926] usb 2-1: USB disconnect, device number 44
[  490.562533][T11799] 9pnet_fd: Insufficient options for proto=fd
[  491.920881][   T30] audit: type=1400 audit(1757286372.204:552): avc:  denied  { getopt } for  pid=11805 comm="syz.0.1438" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  492.263143][T11819] FAULT_INJECTION: forcing a failure.
[  492.263143][T11819] name failslab, interval 1, probability 0, space 0, times 0
[  492.282938][T11819] CPU: 1 UID: 0 PID: 11819 Comm: syz.5.1440 Not tainted syzkaller #0 PREEMPT(full) 
[  492.282964][T11819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  492.282974][T11819] Call Trace:
[  492.282980][T11819]  <TASK>
[  492.282987][T11819]  dump_stack_lvl+0x16c/0x1f0
[  492.283014][T11819]  should_fail_ex+0x512/0x640
[  492.283041][T11819]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  492.283063][T11819]  should_failslab+0xc2/0x120
[  492.283083][T11819]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  492.283102][T11819]  ? __alloc_skb+0x2b2/0x380
[  492.283125][T11819]  __alloc_skb+0x2b2/0x380
[  492.283145][T11819]  ? __pfx___alloc_skb+0x10/0x10
[  492.283165][T11819]  ? genl_rcv_msg+0x4bb/0x800
[  492.283196][T11819]  netlink_ack+0x15d/0xb80
[  492.283227][T11819]  netlink_rcv_skb+0x332/0x420
[  492.283250][T11819]  ? __pfx_genl_rcv_msg+0x10/0x10
[  492.283276][T11819]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  492.283309][T11819]  ? netlink_deliver_tap+0x1ae/0xd30
[  492.283335][T11819]  genl_rcv+0x28/0x40
[  492.283357][T11819]  netlink_unicast+0x5aa/0x870
[  492.283383][T11819]  ? __pfx_netlink_unicast+0x10/0x10
[  492.283405][T11819]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  492.283434][T11819]  netlink_sendmsg+0x8d1/0xdd0
[  492.283461][T11819]  ? __pfx_netlink_sendmsg+0x10/0x10
[  492.283494][T11819]  ____sys_sendmsg+0xa98/0xc70
[  492.283521][T11819]  ? copy_msghdr_from_user+0x10a/0x160
[  492.283542][T11819]  ? __pfx_____sys_sendmsg+0x10/0x10
[  492.283579][T11819]  ___sys_sendmsg+0x134/0x1d0
[  492.283602][T11819]  ? __pfx____sys_sendmsg+0x10/0x10
[  492.283654][T11819]  __sys_sendmsg+0x16d/0x220
[  492.283676][T11819]  ? __pfx___sys_sendmsg+0x10/0x10
[  492.283715][T11819]  do_syscall_64+0xcd/0x4c0
[  492.283741][T11819]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  492.283758][T11819] RIP: 0033:0x7fc93718ebe9
[  492.283772][T11819] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  492.283789][T11819] RSP: 002b:00007fc938055038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  492.283805][T11819] RAX: ffffffffffffffda RBX: 00007fc9373c5fa0 RCX: 00007fc93718ebe9
[  492.283816][T11819] RDX: 0000000000008000 RSI: 0000200000000140 RDI: 0000000000000003
[  492.283827][T11819] RBP: 00007fc938055090 R08: 0000000000000000 R09: 0000000000000000
[  492.283837][T11819] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  492.283847][T11819] R13: 00007fc9373c6038 R14: 00007fc9373c5fa0 R15: 00007fffd685f228
[  492.283871][T11819]  </TASK>
[  492.888038][T11823] syzkaller0: entered promiscuous mode
[  492.893709][T11823] syzkaller0: entered allmulticast mode
[  493.547037][T11830] FAULT_INJECTION: forcing a failure.
[  493.547037][T11830] name failslab, interval 1, probability 0, space 0, times 0
[  493.561080][T11830] CPU: 0 UID: 0 PID: 11830 Comm: syz.3.1443 Not tainted syzkaller #0 PREEMPT(full) 
[  493.561096][T11830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  493.561102][T11830] Call Trace:
[  493.561106][T11830]  <TASK>
[  493.561110][T11830]  dump_stack_lvl+0x16c/0x1f0
[  493.561127][T11830]  should_fail_ex+0x512/0x640
[  493.561143][T11830]  should_failslab+0xc2/0x120
[  493.561156][T11830]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  493.561168][T11830]  ? skb_clone+0x190/0x3f0
[  493.561183][T11830]  skb_clone+0x190/0x3f0
[  493.561197][T11830]  netlink_deliver_tap+0xabd/0xd30
[  493.561213][T11830]  netlink_unicast+0x71f/0x870
[  493.561229][T11830]  ? __pfx_netlink_unicast+0x10/0x10
[  493.561243][T11830]  ? genl_rcv_msg+0x4bb/0x800
[  493.561257][T11830]  ? __pfx___dev_queue_xmit+0x10/0x10
[  493.561271][T11830]  netlink_ack+0x696/0xb80
[  493.561289][T11830]  netlink_rcv_skb+0x332/0x420
[  493.561302][T11830]  ? __pfx_genl_rcv_msg+0x10/0x10
[  493.561318][T11830]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  493.561338][T11830]  ? netlink_deliver_tap+0x1ae/0xd30
[  493.561352][T11830]  genl_rcv+0x28/0x40
[  493.561366][T11830]  netlink_unicast+0x5aa/0x870
[  493.561381][T11830]  ? __pfx_netlink_unicast+0x10/0x10
[  493.561395][T11830]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  493.561412][T11830]  netlink_sendmsg+0x8d1/0xdd0
[  493.561428][T11830]  ? __pfx_netlink_sendmsg+0x10/0x10
[  493.561447][T11830]  ____sys_sendmsg+0xa98/0xc70
[  493.561463][T11830]  ? copy_msghdr_from_user+0x10a/0x160
[  493.561476][T11830]  ? __pfx_____sys_sendmsg+0x10/0x10
[  493.561499][T11830]  ___sys_sendmsg+0x134/0x1d0
[  493.561512][T11830]  ? __pfx____sys_sendmsg+0x10/0x10
[  493.561541][T11830]  __sys_sendmsg+0x16d/0x220
[  493.561560][T11830]  ? __pfx___sys_sendmsg+0x10/0x10
[  493.561595][T11830]  do_syscall_64+0xcd/0x4c0
[  493.561614][T11830]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  493.561625][T11830] RIP: 0033:0x7f5a1218ebe9
[  493.561634][T11830] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  493.561644][T11830] RSP: 002b:00007f5a13091038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  493.561654][T11830] RAX: ffffffffffffffda RBX: 00007f5a123c6090 RCX: 00007f5a1218ebe9
[  493.561661][T11830] RDX: 0000000020000000 RSI: 0000200000000180 RDI: 0000000000000003
[  493.561667][T11830] RBP: 00007f5a13091090 R08: 0000000000000000 R09: 0000000000000000
[  493.561673][T11830] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  493.561679][T11830] R13: 00007f5a123c6128 R14: 00007f5a123c6090 R15: 00007ffcd2d39f28
[  493.561692][T11830]  </TASK>
[  494.243733][T11834] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  494.313317][T11834] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  494.442800][T11834] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  494.463831][   T30] audit: type=1400 audit(1757286375.146:553): avc:  denied  { getopt } for  pid=11836 comm="syz.1.1446" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  494.510770][T11834] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  494.571137][ T1140] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  494.637490][   T12] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  494.663176][   T12] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  494.714040][   T12] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  494.923102][T11848] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  495.108227][T11860] 9pnet_fd: Insufficient options for proto=fd
[  496.844446][T11886] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[  497.833208][   T30] audit: type=1400 audit(1757286378.357:554): avc:  denied  { setopt } for  pid=11888 comm="syz.1.1459" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  499.514781][T11909] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  499.661480][T11909] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  499.681863][T11911] netdevsim netdevsim5 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  499.769359][T11911] netdevsim netdevsim5 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  499.849417][T11911] netdevsim netdevsim5 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  500.007690][T11911] netdevsim netdevsim5 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  500.413443][   T12] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  500.531129][T10977] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  500.604974][   T12] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  500.743074][   T12] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  501.031479][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  501.043294][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  501.049986][   T30] audit: type=1400 audit(1757286381.469:555): avc:  denied  { listen } for  pid=11921 comm="syz.1.1465" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  501.125900][   T30] audit: type=1400 audit(1757286381.789:556): avc:  denied  { write } for  pid=11919 comm="syz.2.1466" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  501.151126][   T30] audit: type=1400 audit(1757286381.799:557): avc:  denied  { mounton } for  pid=11922 comm="syz.0.1467" path="/proc/1024/task" dev="proc" ino=36882 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[  501.179124][   T30] audit: type=1400 audit(1757286381.869:558): avc:  denied  { ioctl } for  pid=11921 comm="syz.1.1465" path="socket:[36881]" dev="sockfs" ino=36881 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  501.269766][T11919] [U] �
[  501.721762][T11936] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  501.740710][   T30] audit: type=1400 audit(1757286382.429:559): avc:  denied  { unmount } for  pid=5842 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  501.836389][T11943] overlayfs: failed to resolve './file0': -2
[  502.105175][    T9] usb 4-1: new high-speed USB device number 53 using dummy_hcd
[  502.701553][T11958] loop9: detected capacity change from 0 to 7
[  502.714506][T11958] Buffer I/O error on dev loop9, logical block 0, async page read
[  502.725534][T11958] Buffer I/O error on dev loop9, logical block 0, async page read
[  502.739596][T11958] Buffer I/O error on dev loop9, logical block 0, async page read
[  502.754099][T11958] Buffer I/O error on dev loop9, logical block 0, async page read
[  502.767682][T11958] Buffer I/O error on dev loop9, logical block 0, async page read
[  502.777304][T11958] Buffer I/O error on dev loop9, logical block 0, async page read
[  502.787383][T11958] Buffer I/O error on dev loop9, logical block 0, async page read
[  502.796012][T11958] ldm_validate_partition_table(): Disk read failed.
[  502.803881][T11958] Buffer I/O error on dev loop9, logical block 0, async page read
[  502.813063][T11958] Buffer I/O error on dev loop9, logical block 0, async page read
[  502.822399][T11958] Buffer I/O error on dev loop9, logical block 0, async page read
[  502.832502][T11958] Dev loop9: unable to read RDB block 0
[  502.841990][T11958]  loop9: unable to read partition table
[  502.852153][T11958] loop9: partition table beyond EOD, truncated
[  502.858523][T11958] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  502.858523][T11958] 
) failed (rc=-5)
[  503.023548][    T9] usb 4-1: Using ep0 maxpacket: 8
[  503.073561][   T30] audit: type=1400 audit(1757286383.690:560): avc:  denied  { listen } for  pid=11959 comm="syz.5.1477" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  503.110195][    T9] usb 4-1: config 157 descriptor has 1 excess byte, ignoring
[  503.127808][    T9] usb 4-1: config 157 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  503.172713][    T9] usb 4-1: config 157 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  503.201622][    T9] usb 4-1: config 157 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  503.230137][    T9] usb 4-1: config 157 descriptor has 1 excess byte, ignoring
[  503.246495][    T9] usb 4-1: config 157 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  503.258829][    T9] usb 4-1: config 157 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  503.270561][    T9] usb 4-1: config 157 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  503.283156][    T9] usb 4-1: config 157 descriptor has 1 excess byte, ignoring
[  503.302271][    T9] usb 4-1: config 157 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  503.302277][   T30] audit: type=1400 audit(1757286383.970:561): avc:  denied  { read } for  pid=11967 comm="syz.2.1479" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  503.334077][    T9] usb 4-1: config 157 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  503.345394][    T9] usb 4-1: config 157 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  503.360315][    T9] usb 4-1: string descriptor 0 read error: -22
[  503.366764][    T9] usb 4-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  503.378168][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  503.401683][   T30] audit: type=1400 audit(1757286384.080:562): avc:  denied  { bind } for  pid=11946 comm="syz.1.1473" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  503.401693][    T9] adutux 4-1:157.0: interrupt endpoints not found
[  503.440829][T11966] netlink: 'syz.1.1473': attribute type 4 has an invalid length.
[  503.451733][T11966] netlink: 'syz.1.1473': attribute type 4 has an invalid length.
[  503.460359][ T5903] usb 6-1: new high-speed USB device number 56 using dummy_hcd
[  503.684928][ T5903] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  503.708577][ T5903] usb 6-1: New USB device found, idVendor=0079, idProduct=1846, bcdDevice= 0.00
[  504.219771][ T5903] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  504.231308][ T5903] usb 6-1: config 0 descriptor??
[  504.783513][T11965] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  504.835849][T11965] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  505.237952][   T30] audit: type=1400 audit(1757286385.751:563): avc:  denied  { write } for  pid=11976 comm="syz.2.1481" path="socket:[37904]" dev="sockfs" ino=37904 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  505.270511][T11986] 
[  505.272850][T11986] =====================================================
[  505.279764][T11986] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected
[  505.287209][T11986] syzkaller #0 Not tainted
[  505.291609][T11986] -----------------------------------------------------
[  505.298518][T11986] syz.5.1478/11986 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
[  505.306216][T11986] ffffffff8e20c098 (tasklist_lock){.+.+}-{3:3}, at: send_sigurg+0xed/0xc80
[  505.314815][T11986] 
[  505.314815][T11986] and this task is already holding:
[  505.322157][T11986] ffff888066c3bba0 (&f_owner->lock){....}-{3:3}, at: send_sigurg+0x5f/0xc80
[  505.330853][T11986] which would create a new lock dependency:
[  505.336719][T11986]  (&f_owner->lock){....}-{3:3} -> (tasklist_lock){.+.+}-{3:3}
[  505.344269][T11986] 
[  505.344269][T11986] but this new dependency connects a SOFTIRQ-irq-safe lock:
[  505.353695][T11986]  (&dev->event_lock#2){..-.}-{3:3}
[  505.353718][T11986] 
[  505.353718][T11986] ... which became SOFTIRQ-irq-safe at:
[  505.366564][T11986]   lock_acquire+0x179/0x350
[  505.371136][T11986]   _raw_spin_lock_irqsave+0x3a/0x60
[  505.376402][T11986]   input_event+0x74/0xd0
[  505.380709][T11986]   atp_complete_geyser_3_4+0xa2c/0x16f0
[  505.386315][T11986]   __usb_hcd_giveback_urb+0x388/0x610
[  505.391753][T11986]   usb_hcd_giveback_urb+0x39b/0x450
[  505.397004][T11986]   dummy_timer+0x1814/0x3a30
[  505.401650][T11986]   __hrtimer_run_queues+0x1ff/0xad0
[  505.406908][T11986]   hrtimer_run_softirq+0x17d/0x350
[  505.412078][T11986]   handle_softirqs+0x219/0x8e0
[  505.416898][T11986]   __irq_exit_rcu+0x109/0x170
[  505.421631][T11986]   irq_exit_rcu+0x9/0x30
[  505.425944][T11986]   sysvec_apic_timer_interrupt+0xa4/0xc0
[  505.431652][T11986]   asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  505.437696][T11986]   _raw_spin_unlock_irqrestore+0x31/0x80
[  505.443410][T11986]   dummy_urb_enqueue+0x558/0x920
[  505.448420][T11986]   usb_hcd_submit_urb+0x258/0x1c60
[  505.453599][T11986]   usb_submit_urb+0x890/0x1770
[  505.458428][T11986]   atp_open+0x60/0xd0
[  505.462469][T11986]   input_open_device+0x24c/0x3d0
[  505.467471][T11986]   mousedev_open_device+0xe0/0x140
[  505.472646][T11986]   mousedev_open+0x2fa/0x580
[  505.477308][T11986]   chrdev_open+0x231/0x6a0
[  505.481793][T11986]   do_dentry_open+0x982/0x1530
[  505.486626][T11986]   vfs_open+0x82/0x3f0
[  505.490766][T11986]   path_openat+0x1de4/0x2cb0
[  505.495418][T11986]   do_filp_open+0x20b/0x470
[  505.499975][T11986]   do_sys_openat2+0x11b/0x1d0
[  505.504717][T11986]   __x64_sys_openat+0x174/0x210
[  505.509625][T11986]   do_syscall_64+0xcd/0x4c0
[  505.514204][T11986]   entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  505.520156][T11986] 
[  505.520156][T11986] to a SOFTIRQ-irq-unsafe lock:
[  505.527146][T11986]  (tasklist_lock){.+.+}-{3:3}
[  505.527162][T11986] 
[  505.527162][T11986] ... which became SOFTIRQ-irq-unsafe at:
[  505.539746][T11986] ...
[  505.539753][T11986]   lock_acquire+0x179/0x350
[  505.546867][T11986]   _raw_read_lock+0x5f/0x70
[  505.551435][T11986]   __do_wait+0x105/0x890
[  505.555741][T11986]   do_wait+0x21e/0x5a0
[  505.559867][T11986]   kernel_wait+0x9f/0x160
[  505.564268][T11986]   call_usermodehelper_exec_work+0xf1/0x170
[  505.570217][T11986]   process_one_work+0x9cc/0x1b70
[  505.575208][T11986]   worker_thread+0x6c8/0xf10
[  505.579852][T11986]   kthread+0x3c2/0x780
[  505.583983][T11986]   ret_from_fork+0x5d4/0x6f0
[  505.588626][T11986]   ret_from_fork_asm+0x1a/0x30
[  505.593456][T11986] 
[  505.593456][T11986] other info that might help us debug this:
[  505.593456][T11986] 
[  505.603654][T11986] Chain exists of:
[  505.603654][T11986]   &dev->event_lock#2 --> &f_owner->lock --> tasklist_lock
[  505.603654][T11986] 
[  505.616658][T11986]  Possible interrupt unsafe locking scenario:
[  505.616658][T11986] 
[  505.624947][T11986]        CPU0                    CPU1
[  505.630282][T11986]        ----                    ----
[  505.635618][T11986]   lock(tasklist_lock);
[  505.639834][T11986]                                local_irq_disable();
[  505.646555][T11986]                                lock(&dev->event_lock#2);
[  505.653723][T11986]                                lock(&f_owner->lock);
[  505.660539][T11986]   <Interrupt>
[  505.663974][T11986]     lock(&dev->event_lock#2);
[  505.668794][T11986] 
[  505.668794][T11986]  *** DEADLOCK ***
[  505.668794][T11986] 
[  505.676904][T11986] 2 locks held by syz.5.1478/11986:
[  505.682065][T11986]  #0: ffff8880790628c8 (&u->lock){+.+.}-{3:3}, at: unix_stream_sendmsg+0xd35/0x1340
[  505.691597][T11986]  #1: ffff888066c3bba0 (&f_owner->lock){....}-{3:3}, at: send_sigurg+0x5f/0xc80
[  505.700698][T11986] 
[  505.700698][T11986] the dependencies between SOFTIRQ-irq-safe lock and the holding lock:
[  505.711079][T11986]    -> (&dev->event_lock#2){..-.}-{3:3} {
[  505.716864][T11986]       IN-SOFTIRQ-W at:
[  505.721072][T11986]                           lock_acquire+0x179/0x350
[  505.727729][T11986]                           _raw_spin_lock_irqsave+0x3a/0x60
[  505.735065][T11986]                           input_event+0x74/0xd0
[  505.741452][T11986]                           atp_complete_geyser_3_4+0xa2c/0x16f0
[  505.749154][T11986]                           __usb_hcd_giveback_urb+0x388/0x610
[  505.756666][T11986]                           usb_hcd_giveback_urb+0x39b/0x450
[  505.764006][T11986]                           dummy_timer+0x1814/0x3a30
[  505.770759][T11986]                           __hrtimer_run_queues+0x1ff/0xad0
[  505.778155][T11986]                           hrtimer_run_softirq+0x17d/0x350
[  505.785455][T11986]                           handle_softirqs+0x219/0x8e0
[  505.792372][T11986]                           __irq_exit_rcu+0x109/0x170
[  505.799204][T11986]                           irq_exit_rcu+0x9/0x30
[  505.805610][T11986]                           sysvec_apic_timer_interrupt+0xa4/0xc0
[  505.813401][T11986]                           asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  505.821536][T11986]                           _raw_spin_unlock_irqrestore+0x31/0x80
[  505.829310][T11986]                           dummy_urb_enqueue+0x558/0x920
[  505.836414][T11986]                           usb_hcd_submit_urb+0x258/0x1c60
[  505.843678][T11986]                           usb_submit_urb+0x890/0x1770
[  505.850612][T11986]                           atp_open+0x60/0xd0
[  505.856741][T11986]                           input_open_device+0x24c/0x3d0
[  505.863832][T11986]                           mousedev_open_device+0xe0/0x140
[  505.871122][T11986]                           mousedev_open+0x2fa/0x580
[  505.877877][T11986]                           chrdev_open+0x231/0x6a0
[  505.884442][T11986]                           do_dentry_open+0x982/0x1530
[  505.891356][T11986]                           vfs_open+0x82/0x3f0
[  505.897578][T11986]                           path_openat+0x1de4/0x2cb0
[  505.904327][T11986]                           do_filp_open+0x20b/0x470
[  505.911080][T11986]                           do_sys_openat2+0x11b/0x1d0
[  505.917913][T11986]                           __x64_sys_openat+0x174/0x210
[  505.924919][T11986]                           do_syscall_64+0xcd/0x4c0
[  505.931571][T11986]                           entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  505.939628][T11986]       INITIAL USE at:
[  505.943768][T11986]                          lock_acquire+0x179/0x350
[  505.950339][T11986]                          _raw_spin_lock_irqsave+0x3a/0x60
[  505.957598][T11986]                          input_inject_event+0x9f/0x3b0
[  505.964603][T11986]                          led_set_brightness+0x217/0x290
[  505.971694][T11986]                          kbd_led_trigger_activate+0xcb/0x110
[  505.979214][T11986]                          led_trigger_set+0x59a/0xc50
[  505.986036][T11986]                          led_trigger_set_default+0x1e0/0x2e0
[  505.993559][T11986]                          led_classdev_register_ext+0x7b8/0xa10
[  506.001257][T11986]                          input_leds_connect+0x552/0x8e0
[  506.008343][T11986]                          input_attach_handler.isra.0+0x176/0x250
[  506.016215][T11986]                          input_register_device+0xab9/0x1180
[  506.023650][T11986]                          atkbd_connect+0x5f8/0xa40
[  506.030301][T11986]                          serio_driver_probe+0x7c/0xd0
[  506.037212][T11986]                          really_probe+0x241/0xa90
[  506.043775][T11986]                          __driver_probe_device+0x1de/0x440
[  506.051129][T11986]                          driver_probe_device+0x4c/0x1b0
[  506.058233][T11986]                          __driver_attach+0x283/0x580
[  506.065075][T11986]                          bus_for_each_dev+0x13e/0x1d0
[  506.071989][T11986]                          serio_handle_event+0x335/0xc30
[  506.079082][T11986]                          process_one_work+0x9cc/0x1b70
[  506.086079][T11986]                          worker_thread+0x6c8/0xf10
[  506.092731][T11986]                          kthread+0x3c2/0x780
[  506.098860][T11986]                          ret_from_fork+0x5d4/0x6f0
[  506.105507][T11986]                          ret_from_fork_asm+0x1a/0x30
[  506.112333][T11986]     }
[  506.115079][T11986]     ... key      at: [<ffffffff9b162f60>] __key.7+0x0/0x40
[  506.122449][T11986]   -> (&client->buffer_lock){....}-{3:3} {
[  506.128343][T11986]      INITIAL USE at:
[  506.132386][T11986]                        lock_acquire+0x179/0x350
[  506.138797][T11986]                        _raw_spin_lock+0x2e/0x40
[  506.145194][T11986]                        evdev_pass_values+0x10e/0x9b0
[  506.152040][T11986]                        evdev_events+0x1bb/0x390
[  506.158448][T11986]                        input_pass_values+0x74e/0x880
[  506.165288][T11986]                        input_handle_event+0xf00/0x14d0
[  506.172299][T11986]                        input_inject_event+0x1e8/0x3b0
[  506.179221][T11986]                        evdev_write+0x457/0x750
[  506.185522][T11986]                        vfs_write+0x29d/0x11d0
[  506.191740][T11986]                        ksys_write+0x1f8/0x250
[  506.197960][T11986]                        do_syscall_64+0xcd/0x4c0
[  506.204355][T11986]                        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  506.212135][T11986]    }
[  506.214783][T11986]    ... key      at: [<ffffffff9b1633e0>] __key.1+0x0/0x40
[  506.222048][T11986]    ... acquired at:
[  506.225995][T11986]    _raw_spin_lock+0x2e/0x40
[  506.230648][T11986]    evdev_pass_values+0x10e/0x9b0
[  506.235737][T11986]    evdev_events+0x1bb/0x390
[  506.240396][T11986]    input_pass_values+0x74e/0x880
[  506.245487][T11986]    input_handle_event+0xf00/0x14d0
[  506.250771][T11986]    input_inject_event+0x1e8/0x3b0
[  506.255951][T11986]    evdev_write+0x457/0x750
[  506.260598][T11986]    vfs_write+0x29d/0x11d0
[  506.265087][T11986]    ksys_write+0x1f8/0x250
[  506.269563][T11986]    do_syscall_64+0xcd/0x4c0
[  506.274220][T11986]    entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  506.280260][T11986] 
[  506.282558][T11986]  -> (&new->fa_lock){....}-{3:3} {
[  506.287746][T11986]     INITIAL USE at:
[  506.291709][T11986]                      lock_acquire+0x179/0x350
[  506.297930][T11986]                      _raw_write_lock_irq+0x36/0x50
[  506.304582][T11986]                      fasync_remove_entry+0xb2/0x1e0
[  506.311336][T11986]                      fasync_helper+0xaf/0xd0
[  506.317482][T11986]                      lease_modify+0x232/0x500
[  506.323716][T11986]                      locks_remove_file+0x29e/0x5c0
[  506.330385][T11986]                      __fput+0x351/0xb70
[  506.336097][T11986]                      task_work_run+0x150/0x240
[  506.342404][T11986]                      exit_to_user_mode_loop+0xeb/0x110
[  506.349406][T11986]                      do_syscall_64+0x3f6/0x4c0
[  506.355972][T11986]                      entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  506.363577][T11986]     INITIAL READ USE at:
[  506.367972][T11986]                           lock_acquire+0x179/0x350
[  506.374637][T11986]                           _raw_read_lock_irqsave+0x74/0x90
[  506.382001][T11986]                           kill_fasync+0x138/0x510
[  506.388583][T11986]                           lease_break_callback+0x23/0x30
[  506.395784][T11986]                           __break_lease+0x674/0x1810
[  506.402613][T11986]                           vfs_truncate+0x4d3/0x6e0
[  506.409284][T11986]                           __x64_sys_truncate+0x172/0x1e0
[  506.416467][T11986]                           do_syscall_64+0xcd/0x4c0
[  506.423142][T11986]                           entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  506.431193][T11986]   }
[  506.433753][T11986]   ... key      at: [<ffffffff9ae93320>] __key.0+0x0/0x40
[  506.440930][T11986]   ... acquired at:
[  506.444800][T11986]    _raw_read_lock_irqsave+0x74/0x90
[  506.450147][T11986]    kill_fasync+0x138/0x510
[  506.454719][T11986]    evdev_pass_values+0x619/0x9b0
[  506.459814][T11986]    evdev_events+0x1bb/0x390
[  506.464480][T11986]    input_pass_values+0x74e/0x880
[  506.469573][T11986]    input_handle_event+0xf00/0x14d0
[  506.475025][T11986]    input_inject_event+0x1e8/0x3b0
[  506.480208][T11986]    evdev_write+0x457/0x750
[  506.484775][T11986]    vfs_write+0x29d/0x11d0
[  506.489255][T11986]    ksys_write+0x1f8/0x250
[  506.493826][T11986]    do_syscall_64+0xcd/0x4c0
[  506.498480][T11986]    entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  506.504519][T11986] 
[  506.506829][T11986] -> (&f_owner->lock){....}-{3:3} {
[  506.512013][T11986]    INITIAL USE at:
[  506.515882][T11986]                    lock_acquire+0x179/0x350
[  506.521928][T11986]                    _raw_write_lock_irq+0x36/0x50
[  506.528407][T11986]                    __f_setown+0x61/0x3c0
[  506.534190][T11986]                    generic_setlease+0xef2/0x1300
[  506.540678][T11986]                    kernel_setlease+0x106/0x140
[  506.546980][T11986]                    vfs_setlease+0x258/0x2d0
[  506.553121][T11986]                    fcntl_setlease+0x3ed/0x5a0
[  506.559334][T11986]                    do_fcntl+0x751/0x15a0
[  506.565147][T11986]                    __x64_sys_fcntl+0x163/0x200
[  506.571451][T11986]                    do_syscall_64+0xcd/0x4c0
[  506.577502][T11986]                    entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  506.584940][T11986]    INITIAL READ USE at:
[  506.589244][T11986]                         lock_acquire+0x179/0x350
[  506.595726][T11986]                         _raw_read_lock_irqsave+0x74/0x90
[  506.602921][T11986]                         send_sigio+0x31/0x3e0
[  506.609171][T11986]                         kill_fasync+0x214/0x510
[  506.615584][T11986]                         lease_break_callback+0x23/0x30
[  506.622622][T11986]                         __break_lease+0x674/0x1810
[  506.629297][T11986]                         vfs_truncate+0x4d3/0x6e0
[  506.635791][T11986]                         __x64_sys_truncate+0x172/0x1e0
[  506.642789][T11986]                         do_syscall_64+0xcd/0x4c0
[  506.649270][T11986]                         entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  506.657160][T11986]  }
[  506.659638][T11986]  ... key      at: [<ffffffff9ae93360>] __key.1+0x0/0x40
[  506.666735][T11986]  ... acquired at:
[  506.670509][T11986]    _raw_read_lock_irqsave+0x74/0x90
[  506.675857][T11986]    send_sigio+0x31/0x3e0
[  506.680262][T11986]    kill_fasync+0x214/0x510
[  506.684833][T11986]    lease_break_callback+0x23/0x30
[  506.690011][T11986]    __break_lease+0x674/0x1810
[  506.694837][T11986]    vfs_truncate+0x4d3/0x6e0
[  506.699489][T11986]    __x64_sys_truncate+0x172/0x1e0
[  506.704666][T11986]    do_syscall_64+0xcd/0x4c0
[  506.709320][T11986]    entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  506.715370][T11986] 
[  506.717674][T11986] 
[  506.717674][T11986] the dependencies between the lock to be acquired
[  506.717681][T11986]  and SOFTIRQ-irq-unsafe lock:
[  506.731148][T11986] -> (tasklist_lock){.+.+}-{3:3} {
[  506.736247][T11986]    HARDIRQ-ON-R at:
[  506.740203][T11986]                     lock_acquire+0x179/0x350
[  506.746335][T11986]                     _raw_read_lock+0x5f/0x70
[  506.752462][T11986]                     __do_wait+0x105/0x890
[  506.758340][T11986]                     do_wait+0x21e/0x5a0
[  506.764029][T11986]                     kernel_wait+0x9f/0x160
[  506.769981][T11986]                     call_usermodehelper_exec_work+0xf1/0x170
[  506.777507][T11986]                     process_one_work+0x9cc/0x1b70
[  506.784069][T11986]                     worker_thread+0x6c8/0xf10
[  506.790284][T11986]                     kthread+0x3c2/0x780
[  506.795980][T11986]                     ret_from_fork+0x5d4/0x6f0
[  506.802202][T11986]                     ret_from_fork_asm+0x1a/0x30
[  506.808592][T11986]    SOFTIRQ-ON-R at:
[  506.812544][T11986]                     lock_acquire+0x179/0x350
[  506.818678][T11986]                     _raw_read_lock+0x5f/0x70
[  506.824893][T11986]                     __do_wait+0x105/0x890
[  506.830766][T11986]                     do_wait+0x21e/0x5a0
[  506.836457][T11986]                     kernel_wait+0x9f/0x160
[  506.842410][T11986]                     call_usermodehelper_exec_work+0xf1/0x170
[  506.849933][T11986]                     process_one_work+0x9cc/0x1b70
[  506.856495][T11986]                     worker_thread+0x6c8/0xf10
[  506.862710][T11986]                     kthread+0x3c2/0x780
[  506.868403][T11986]                     ret_from_fork+0x5d4/0x6f0
[  506.874616][T11986]                     ret_from_fork_asm+0x1a/0x30
[  506.881012][T11986]    INITIAL USE at:
[  506.884878][T11986]                    lock_acquire+0x179/0x350
[  506.890927][T11986]                    _raw_write_lock_irq+0x36/0x50
[  506.897405][T11986]                    copy_process+0x4caf/0x7690
[  506.903624][T11986]                    kernel_clone+0xfc/0x930
[  506.909595][T11986]                    user_mode_thread+0xc7/0x110
[  506.915901][T11986]                    rest_init+0x23/0x2b0
[  506.921609][T11986]                    start_kernel+0x3ee/0x4d0
[  506.927658][T11986]                    x86_64_start_reservations+0x18/0x30
[  506.934663][T11986]                    x86_64_start_kernel+0x130/0x190
[  506.941322][T11986]                    common_startup_64+0x13e/0x148
[  506.947800][T11986]    INITIAL READ USE at:
[  506.952146][T11986]                         lock_acquire+0x179/0x350
[  506.958630][T11986]                         _raw_read_lock+0x5f/0x70
[  506.965106][T11986]                         __do_wait+0x105/0x890
[  506.971325][T11986]                         do_wait+0x21e/0x5a0
[  506.977363][T11986]                         kernel_wait+0x9f/0x160
[  506.983666][T11986]                         call_usermodehelper_exec_work+0xf1/0x170
[  506.991533][T11986]                         process_one_work+0x9cc/0x1b70
[  506.998615][T11986]                         worker_thread+0x6c8/0xf10
[  507.005177][T11986]                         kthread+0x3c2/0x780
[  507.011226][T11986]                         ret_from_fork+0x5d4/0x6f0
[  507.017789][T11986]                         ret_from_fork_asm+0x1a/0x30
[  507.024527][T11986]  }
[  507.027001][T11986]  ... key      at: [<ffffffff8e20c098>] tasklist_lock+0x18/0x40
[  507.034699][T11986]  ... acquired at:
[  507.038474][T11986]    lock_acquire+0x179/0x350
[  507.043131][T11986]    _raw_read_lock+0x5f/0x70
[  507.047785][T11986]    send_sigurg+0xed/0xc80
[  507.052298][T11986]    sk_send_sigurg+0x76/0x360
[  507.057039][T11986]    unix_stream_sendmsg+0xfa5/0x1340
[  507.062391][T11986]    ____sys_sendmsg+0xa98/0xc70
[  507.067320][T11986]    ___sys_sendmsg+0x134/0x1d0
[  507.072150][T11986]    __sys_sendmmsg+0x200/0x420
[  507.076976][T11986]    __x64_sys_sendmmsg+0x9c/0x100
[  507.082064][T11986]    do_syscall_64+0xcd/0x4c0
[  507.086724][T11986]    entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  507.092769][T11986] 
[  507.095076][T11986] 
[  507.095076][T11986] stack backtrace:
[  507.100943][T11986] CPU: 1 UID: 0 PID: 11986 Comm: syz.5.1478 Not tainted syzkaller #0 PREEMPT(full) 
[  507.100959][T11986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  507.100968][T11986] Call Trace:
[  507.100974][T11986]  <TASK>
[  507.100979][T11986]  dump_stack_lvl+0x116/0x1f0
[  507.100996][T11986]  check_irq_usage+0x7dc/0x920
[  507.101019][T11986]  ? check_path.constprop.0+0x24/0x50
[  507.101040][T11986]  ? __lock_acquire+0x12bc/0x1ce0
[  507.101059][T11986]  __lock_acquire+0x12bc/0x1ce0
[  507.101080][T11986]  ? find_held_lock+0x2b/0x80
[  507.101096][T11986]  lock_acquire+0x179/0x350
[  507.101115][T11986]  ? send_sigurg+0xed/0xc80
[  507.101135][T11986]  _raw_read_lock+0x5f/0x70
[  507.101149][T11986]  ? send_sigurg+0xed/0xc80
[  507.101166][T11986]  send_sigurg+0xed/0xc80
[  507.101183][T11986]  ? find_held_lock+0x2b/0x80
[  507.101200][T11986]  sk_send_sigurg+0x76/0x360
[  507.101214][T11986]  unix_stream_sendmsg+0xfa5/0x1340
[  507.101233][T11986]  ? __pfx_tomoyo_socket_sendmsg_permission+0x10/0x10
[  507.101257][T11986]  ? __pfx_unix_stream_sendmsg+0x10/0x10
[  507.101278][T11986]  ____sys_sendmsg+0xa98/0xc70
[  507.101297][T11986]  ? copy_msghdr_from_user+0x10a/0x160
[  507.101313][T11986]  ? __pfx_____sys_sendmsg+0x10/0x10
[  507.101336][T11986]  ___sys_sendmsg+0x134/0x1d0
[  507.101352][T11986]  ? __pfx____sys_sendmsg+0x10/0x10
[  507.101371][T11986]  ? find_held_lock+0x2b/0x80
[  507.101391][T11986]  __sys_sendmmsg+0x200/0x420
[  507.101408][T11986]  ? __pfx___sys_sendmmsg+0x10/0x10
[  507.101426][T11986]  ? __pfx_do_futex+0x10/0x10
[  507.101454][T11986]  ? xfd_validate_state+0x61/0x180
[  507.101476][T11986]  __x64_sys_sendmmsg+0x9c/0x100
[  507.101492][T11986]  ? lockdep_hardirqs_on+0x7c/0x110
[  507.101508][T11986]  do_syscall_64+0xcd/0x4c0
[  507.101526][T11986]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  507.101539][T11986] RIP: 0033:0x7fc93718ebe9
[  507.101550][T11986] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  507.101564][T11986] RSP: 002b:00007fc938034038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  507.101578][T11986] RAX: ffffffffffffffda RBX: 00007fc9373c6090 RCX: 00007fc93718ebe9
[  507.101593][T11986] RDX: 0000000000000001 RSI: 0000200000006c40 RDI: 0000000000000005
[  507.101601][T11986] RBP: 00007fc937211e19 R08: 0000000000000000 R09: 0000000000000000
[  507.101609][T11986] R10: 0000000000040015 R11: 0000000000000246 R12: 0000000000000000
[  507.101618][T11986] R13: 00007fc9373c6128 R14: 00007fc9373c6090 R15: 00007fffd685f228
[  507.101630][T11986]  </TASK>
[  507.377273][T11988] overlayfs: failed to resolve './file0': -2
[  507.443355][ T5903] hid_mf 0003:0079:1846.0007: unknown main item tag 0x1
[  507.451501][ T5903] hid_mf 0003:0079:1846.0007: hidraw0: USB HID v0.00 Device [HID 0079:1846] on usb-dummy_hcd.5-1/input0
[  507.462665][ T5903] hid_mf 0003:0079:1846.0007: Invalid report, this should never happen!
[  507.470988][ T5903] hid_mf 0003:0079:1846.0007: Force feedback init failed.
[  507.530679][   T10] usb 4-1: USB disconnect, device number 53
[  507.600724][    T9] usb 6-1: USB disconnect, device number 56