last executing test programs:

1m2.122717626s ago: executing program 1 (id=2403):
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000000000040450c0b7600000080000109022400010000000009040000010300020009214e0e10012a050009058103"], 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = syz_usb_connect(0x0, 0x4a, &(0x7f0000000040)=ANY=[@ANYRES64=r0], 0x0)
syz_usb_control_io(r1, &(0x7f0000000140)={0x2c, 0x0, &(0x7f0000000000)=ANY=[], &(0x7f00000002c0)={0x0, 0xf, 0x83, {0x5, 0xf, 0x83, 0x3, [@ext_cap={0x7, 0x10, 0x2, 0x1a, 0x6, 0x7, 0x2}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0xb, 0x1, 0xd8, 0xfff4}, @generic={0x6d, 0x10, 0x1, "288baa2af1283279f2102f96fe5bd2a102e210686284d3ec03d07c5a6c0c715a36e93f82bb1c3533d684a7426a14b40824a084b31760a1a700334fc1a4043dcb04a0cb83ba6e0f5a194d6e88e6f0b9fb1030d1cbd8cf1d920077e88ae2e172ccf1ee1947201fecff110c"}]}}, 0x0, 0x0}, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3)
ioctl$FIONREAD(r2, 0x541b, 0x0)
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0xfffffffffffffffd, &(0x7f0000000600)={<r5=>0xffffffffffffffff}, 0x111, 0x1}}, 0x20)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r6 = getpid()
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x7)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0)
openat$vcs(0xffffffffffffff9c, 0x0, 0x800, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r9 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r9, 0xc0045520, 0xffffffffffffffff)
write$RDMA_USER_CM_CMD_LISTEN(r4, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r5}}, 0x10)
write$RDMA_USER_CM_CMD_DESTROY_ID(r4, &(0x7f0000000080)={0x1, 0x10, 0xfa00, {0x0, r5}}, 0x18)
write$RDMA_USER_CM_CMD_BIND(r3, &(0x7f0000000180)={0x14, 0x88, 0xfa00, {r5, 0x10, 0x0, @in6={0xa, 0x4e23, 0x72, @empty, 0x9}}}, 0x90)
r10 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
syz_usb_ep_write$ath9k_ep1(r1, 0x82, 0xc38, &(0x7f0000000380)=ANY=[@ANYRES16=r8, @ANYRES64=0x0, @ANYRES16=0x0, @ANYRES16=r10, @ANYRES32, @ANYBLOB="03df1619e5576e75d98455ee219f8fa77aeca9765187f9ce117e01fa501ac092265fe9badc811082addb5ce60b63848c8c9c659b0fcff7c015e2533ddb74f49b833db318286ca071757bb98396d11d1a011e98cfff69baaf16e48e3f77d7a4c3c7ed95444b9c6a33175b6eedacc8e4690a", @ANYRES64=r6, @ANYRES8=0x0])

58.502929509s ago: executing program 1 (id=2421):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000400), 0x26743, 0x0)
ioctl$EVIOCGPROP(r0, 0x40047438, &(0x7f0000000180)=""/246)
r1 = dup(r0)
ioctl$PPPIOCCONNECT(r1, 0x40047435, &(0x7f00000002c0)=0x2)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), r1)
r2 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r2, &(0x7f0000000480)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r2, 0x0, 0x0, 0x20000f3d, &(0x7f0000000000)={0x2, 0x24e23, @empty}, 0x10)
sendmsg$inet(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000100)='/', 0x1}], 0x1}, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_open_dev$admmidi(&(0x7f0000000140), 0x20, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x80383, 0x0)
read$midi(r3, 0x0, 0x34)
r4 = syz_open_procfs(0x0, &(0x7f0000000100)='comm\x00')
write$binfmt_script(r4, &(0x7f00000004c0)={'#! ', './file0/file0'}, 0x11)
r5 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$SNDCTL_SEQ_RESET(r5, 0x5100)

57.630766175s ago: executing program 1 (id=2424):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = socket$inet(0x2, 0x2, 0x0)
shutdown(r2, 0x0)
r3 = syz_io_uring_setup(0x239, 0x0, &(0x7f00000002c0)=<r4=>0x0, 0x0)
syz_io_uring_submit(r4, 0x0, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
mount$fuse(0x0, 0x0, &(0x7f0000002100), 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
mlock2(&(0x7f0000018000/0x2000)=nil, 0x2000, 0x0)
pipe2(&(0x7f0000000040)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
sendmsg$nl_route(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000100)=ANY=[], 0x34}}, 0x0)
r7 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', <r8=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="34000000110001000000000000000200000000000cd4e52d7e3ec8a2447e775a498a90dc3ed565ddf7a38d0001", @ANYRES32=r8, @ANYBLOB="000000000000000014001a80100004800c0005"], 0x34}}, 0x240088b0)
socket$nl_route(0x10, 0x3, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
vmsplice(r5, 0x0, 0x0, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
syz_emit_ethernet(0x3e, &(0x7f00000016c0)=ANY=[@ANYBLOB="e33110495bfdaaaaaaaaaa0086dd0000000000000000000000000000fe8000000000000000000000000000aa80009078000000000000000000a65f791b2a"], 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
fanotify_mark(0xffffffffffffffff, 0x0, 0x2, r3, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, 0x0)

55.73566377s ago: executing program 1 (id=2434):
r0 = socket$packet(0x11, 0x2, 0x300)
pipe(&(0x7f0000000280)={<r1=>0xffffffffffffffff})
r2 = socket$nl_route(0x10, 0x3, 0x0)
splice(r1, 0x0, r2, 0x0, 0x725e65a6, 0x0)
r3 = socket$inet6(0x10, 0x3, 0x0)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x20000080, 0x0, 0x0)
mkdir(&(0x7f00000009c0)='./file0\x00', 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
mkdirat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0/file0\x00', 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
mount$overlay(0x0, &(0x7f00000007c0)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000000)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r4 = open(&(0x7f0000000380)='./file0\x00', 0x0, 0x0)
getdents(r4, &(0x7f0000000180)=""/98, 0x62)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r5, &(0x7f00000000c0)="3bc3583fe0d92bf783dfbe87020f", 0xffffffffffffff53, 0xc054, &(0x7f0000000140)={0xa, 0xfffe, 0x0, @local}, 0x1c)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x0, 0x0)
r6 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TCSBRKP(r6, 0x5425, 0x0)
gettid()
dup3(r3, r0, 0x80000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='ext4_fc_cleanup\x00', r1, 0x0, 0x4}, 0x18)
r7 = socket$inet(0x2, 0x2, 0x0)
readv(r7, &(0x7f00000000c0)=[{&(0x7f0000000300)=""/203, 0x3}], 0x300)
timer_create(0x0, &(0x7f0000000100)={0x0, 0x41, 0x800000000004, @thr={&(0x7f0000000200)="4eb23e07958ad7a3fb2bb639577c46a1c45db159b563261a6daea1cb839a0199b6c76e0be540da04b2381f7b40efd496c9d84b5a33916079ffc330a8f5573deceaf7fc316a3bec4e3226a0f65a1a5a79fc5feac7", &(0x7f0000000400)="86dcbe130abb19d6e3e21b3470f01c10254c03c4814c91e76b3feae13bdb9718abfe64613d5452a85afec3a89eb5b69c588b60e86583f36d93aa97b8c3d847757bc2879e726a2ba82fcbc486bf00d721737ff25dede8bfb03e5cf5b1fbb67db8226f9c9033be2dd6ea5901851431c1e3bd360b42f8d2440ed19918691a1627debb6393613b5fe77a071a99b1d3ac5193d3ab9a5dc7639f2762e52bb17ccb38fc4fcec8423438c31fae1a01d76f9c7cd932267e77c29ca11678a69b47619ac93a7d9d463c14deae7d503c5c4153ce84"}}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
msgget$private(0x0, 0x0)
msgsnd(0x0, &(0x7f00000005c0)=ANY=[@ANYRESDEC], 0x401, 0x0)
ioctl$TCSETSW2(r6, 0x402c542c, &(0x7f00000000c0)={0xfffffffc, 0x0, 0x0, 0x1, 0x4, "f996ff109a04000000008000"})

54.715692672s ago: executing program 1 (id=2437):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = gettid()
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff)
io_setup(0x3, &(0x7f0000000180))
ptrace(0x8, r0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff})
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xf, 0x4, 0x4, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_DELETE_ELEM(0x2, &(0x7f00000003c0)={r3, &(0x7f00000000c0)="afbb655bdaa4b991e5933a18e59c39d824a1c6033ad66878e41a0ec3ea6ad16040bc867621b36225", 0x20000000}, 0x20)
recvmsg$unix(r2, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000140)=""/219, 0xdb}], 0x1, 0x0, 0x58}, 0x0)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000007c0)={r3, &(0x7f0000000100)}, 0x36)

54.600829322s ago: executing program 1 (id=2440):
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000000)={0xfffffff8, 0x0, 0x4}, 0x10)
write(0xffffffffffffffff, &(0x7f0000000240)="240000001e005f0214fffffffffffff807200002b800000000000000080005000d000000dbcfb1006b6cccad", 0x2c)
connect$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10)
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000540)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fc"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_disconnect(r0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$sock_int(r2, 0x1, 0x8, 0x0, 0x0)
ioctl$EVIOCGMASK(r1, 0x5b03, 0x0)
read$char_usb(r1, &(0x7f0000000040)=""/33, 0x21)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
lsm_list_modules(&(0x7f0000002600)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000000)=0x38, 0x0)
openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
setreuid(0x0, 0xee00)
keyctl$clear(0x5, 0xffffffffffffffff)

54.392878653s ago: executing program 32 (id=2440):
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000000)={0xfffffff8, 0x0, 0x4}, 0x10)
write(0xffffffffffffffff, &(0x7f0000000240)="240000001e005f0214fffffffffffff807200002b800000000000000080005000d000000dbcfb1006b6cccad", 0x2c)
connect$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10)
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000540)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fc"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_disconnect(r0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$sock_int(r2, 0x1, 0x8, 0x0, 0x0)
ioctl$EVIOCGMASK(r1, 0x5b03, 0x0)
read$char_usb(r1, &(0x7f0000000040)=""/33, 0x21)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
lsm_list_modules(&(0x7f0000002600)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000000)=0x38, 0x0)
openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
setreuid(0x0, 0xee00)
keyctl$clear(0x5, 0xffffffffffffffff)

5.350316384s ago: executing program 2 (id=2739):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x0, 0x12, 0x0, &(0x7f0000000480)='GPL\x00', 0x73, 0x7, &(0x7f00000004c0)=""/7, 0x41000, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x2, 0x1}, 0x8, 0x10, &(0x7f0000000540)={0x3, 0x7, 0x5, 0x4}, 0x10, 0x0, 0x0, 0xa, &(0x7f00000005c0)=[0x1], &(0x7f0000000600)=[{0x2, 0x5, 0x1, 0xb}, {0x1, 0x3, 0xf}, {0x4, 0x2, 0xf, 0xc}, {0x3, 0x2, 0xf, 0x1d}, {0x0, 0x5, 0x10, 0x5}, {0x5, 0x4, 0xc, 0xa}, {0x0, 0x1, 0xc, 0x8}, {0x1, 0x3, 0x7, 0xa}, {0x4, 0x2, 0xf, 0xc}, {0x4, 0x5, 0xc, 0x7}], 0x10, 0x3, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000180)='kmem_cache_free\x00', r0, 0x0, 0x9}, 0x18)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0xffffa888, 0x0, 0x40000}, 0x0)
kexec_load(0x0, 0x10, &(0x7f0000000140)=[{0x0, 0x2, 0x0, 0x3e0000}], 0x5)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', 0xffffffffffffffff, 0x0, 0x1}, 0x18)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
ioctl$SNDCTL_DSP_CHANNELS(0xffffffffffffffff, 0xc0045006, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000900)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000420000000000000000000088000000000000e6b55590adda577e7592fe18a699377832a522119de6d214c66fb1bff4394fc6cd9e37caa5f8d96dc1471ff2bd997b00000000000003ff1d7627c73241721b82a6ac6efbdb0aee3c40535f82b902a4ca573ba4d651e03755f7a73641445b3ffe10e836225a541abb0b46efc360a13ab993b31da01a07bb5da62552f8586de6e0b0bafded65e5283776385eceb326a898969b9cd2ae24eb90cf97c83bc3a7ae9bfb477ce9132431ba7f717347904b16b419f148712ca630da432c39b63ca62c4e1ad46d824d992d8a4705b621adf9fd9318e1764c10f6330bc3d5fc8338b6ee65b4da1aa3d95aabb374fd1266ca6e28e75ce81e91ae50e59a7897f8e04bcb85bd226324ac36f99805b9970a7cbe4e4c03b52ee5ad48"], &(0x7f00000002c0)=""/223, 0x26, 0xdf, 0x1, 0x0, 0x0, @void, @value}, 0x20)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r4 = dup(r3)
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
pipe(&(0x7f0000000240))
r6 = dup(r5)
sendfile(r6, r4, 0x0, 0x89ffc)

5.120659358s ago: executing program 2 (id=2740):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0xe1}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x14, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}}, @NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @rt={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_RT_DREG={0x8, 0x1, 0x1, 0x0, 0x9}, @NFTA_RT_KEY={0x8, 0x2, 0x1, 0x0, 0x3}]}}}]}, @NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xa8}}, 0x0)

4.735663602s ago: executing program 4 (id=2743):
socket$key(0xf, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
prlimit64(r0, 0xa, &(0x7f0000000100)={0xf, 0x3}, &(0x7f00000001c0))
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', 0xffffffffffffffff, 0x0, 0x8}, 0x18)
r3 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
r4 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x180300, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r4, 0x4601, &(0x7f0000000040)={0x191, 0x258, 0x1e0, 0x0, 0x32, 0x1, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4})
ioctl$DRM_IOCTL_MODE_ADDFB2(r3, 0xc06864b8, &(0x7f0000000580)={0x0, 0x2000, 0x80, 0x3231564e, 0x3, [0x2], [0x2000], [], [0x400000000000001]})
syz_open_dev$loop(&(0x7f0000000240), 0x20364, 0x1)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40a01, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc601})
openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000001a00), 0x2, 0x0)

3.734463815s ago: executing program 4 (id=2747):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000440)=ANY=[@ANYBLOB="6800000010001fffe8d004000000000000000000", @ANYRES32=0x0, @ANYBLOB="2085060044000100400012800b000100697036746e6c00003000028008000700008000400500060007"], 0x68}, 0x1, 0x0, 0x0, 0x20040890}, 0x4040)

3.462075454s ago: executing program 0 (id=2749):
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="5c000000020605000000000000000000000000000c00078005001500267d00000500010007000000050005000a000000050004"], 0x5c}}, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=@bridge_getvlan={0x18, 0x72, 0x333, 0x6}, 0x18}}, 0x4)
readv(r0, &(0x7f00000014c0)=[{&(0x7f0000000300)=""/4096, 0x1000}], 0x1)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x4, 0xc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='tlb_flush\x00'}, 0x10)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
io_setup(0x401, &(0x7f0000000000))
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r1)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r1, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000580)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01000000040200f2c8dc1b000000180001801400020073797a5f74756e0000000000000000000c000280"], 0x38}, 0x1, 0x0, 0x0, 0x20000844}, 0x0)

3.442647769s ago: executing program 4 (id=2751):
socket$nl_route(0x10, 0x3, 0x0) (async)
r0 = socket$nl_route(0x10, 0x3, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000440)={0x0, <r1=>0x0}, &(0x7f0000000480)=0x31)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=@can_newroute={0x44, 0x18, 0x1, 0x70bd28, 0x25dfdbfe, {0x1d, 0x1, 0x7}, [@CGW_DST_IF={0x8}, @CGW_SRC_IF={0x8}, @CGW_MOD_XOR={0x15, 0x3, {{{0x1, 0x0, 0x0, 0x1}, 0x7, 0x1, 0x0, 0x0, "d3698ac660061306"}, 0x4}}, @CGW_MOD_UID={0x8, 0xe, r1}]}, 0x44}, 0x1, 0x0, 0x0, 0xde50a9659187563d}, 0x40000c0) (async)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=@can_newroute={0x44, 0x18, 0x1, 0x70bd28, 0x25dfdbfe, {0x1d, 0x1, 0x7}, [@CGW_DST_IF={0x8}, @CGW_SRC_IF={0x8}, @CGW_MOD_XOR={0x15, 0x3, {{{0x1, 0x0, 0x0, 0x1}, 0x7, 0x1, 0x0, 0x0, "d3698ac660061306"}, 0x4}}, @CGW_MOD_UID={0x8, 0xe, r1}]}, 0x44}, 0x1, 0x0, 0x0, 0xde50a9659187563d}, 0x40000c0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) (async)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) (async)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x14, &(0x7f0000000040)={@rand_addr, <r6=>0x0}, &(0x7f0000000080)=0x14)
setsockopt$inet_mreqn(r5, 0x0, 0x24, &(0x7f00000000c0)={@dev={0xac, 0x14, 0x14, 0xd}, @local, r6}, 0xc)
socketpair(0x2c, 0x3, 0x0, &(0x7f0000000580))
ioctl$KVM_RUN(r4, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

3.327120283s ago: executing program 2 (id=2752):
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r1=>0x0})
r2 = socket$can_j1939(0x1d, 0x2, 0x7)
bind$can_j1939(r2, &(0x7f0000000080)={0x1d, r1, 0xffffffffffffffff, {}, 0x1}, 0x18)
sendmsg$can_j1939(r2, &(0x7f00000001c0)={&(0x7f0000000280)={0x1d, r1, 0x1, {0x0, 0xf0, 0x3}}, 0x18, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x400c4}, 0x404c0d5) (fail_nth: 3)

2.948910024s ago: executing program 0 (id=2755):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000040)=@mangle={'mangle\x00', 0x64, 0x6, 0x648, 0x0, 0x3d0, 0xd0, 0xd0, 0xd0, 0x578, 0x578, 0x578, 0x578, 0x578, 0x6, 0x0, {[{{@ipv6={@private0, @private1, [], [], 'veth1\x00', 'veth1_vlan\x00'}, 0x0, 0xa8, 0xd0, 0x0, {0x0, 0x3a010000}}, @HL={0x28}}, {{@ipv6={@private1, @loopback, [], [], 'tunl0\x00', 'bridge_slave_1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x3d0}}, {{@ipv6={@private0, @remote, [], [], 'veth0_to_team\x00', 'tunl0\x00', {}, {}, 0x11, 0x0, 0x3, 0x44}, 0x0, 0x138, 0x160, 0x0, {}, [@common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x0, 0x0, @dev, @private1, @mcast2}}]}, @unspec=@CHECKSUM={0x28}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@inet=@SYNPROXY={0x28}}, {{@ipv6={@loopback, @private2, [], [], 'syzkaller1\x00', 'veth0_to_batadv\x00'}, 0x0, 0x160, 0x1a8, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x0, 0x0, @dev, @private0, @local}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}, 'vlan0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x6a8) (fail_nth: 3)

2.670618964s ago: executing program 2 (id=2756):
socket$inet_mptcp(0x2, 0x1, 0x106)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x3a, 0x40, 0x0, 0x0)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x17, 0x3, &(0x7f0000000300)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
capset(&(0x7f0000000080)={0x20080522}, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_BINDTODEVICE_wg(r2, 0x1, 0x19, &(0x7f00000000c0)='wg0\x00', 0x4)
connect$inet(r2, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10)

2.670135194s ago: executing program 5 (id=2757):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
open$dir(0x0, 0x200040, 0x40)
io_uring_setup(0x1d06, 0x0)
write$evdev(0xffffffffffffffff, &(0x7f00000004c0)=[{{}, 0x11, 0xe, 0x9}], 0x18)
r3 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x862b01)
write$char_usb(r3, &(0x7f0000000040)="e2", 0x2250)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x17, 0x4, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="050004102bac199bd734b9aab34a751e8801000000020000004400000008000300", @ANYRES32=r6, @ANYBLOB="0a001800030303030303000004005a80"], 0x2c}, 0x1, 0x0, 0x0, 0x2000c080}, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, 0x0)
read$eventfd(0xffffffffffffffff, &(0x7f0000004780), 0x8)

2.375574441s ago: executing program 0 (id=2758):
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) (async)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x2, 0xf, &(0x7f0000000880)=@ringbuf={{}, {{}, {}, {}, {0x85, 0x0, 0x0, 0x76}}, {{0x6, 0x0, 0x2, 0x9, 0x0, 0x6, 0xe7030000}, {0x4, 0x0, 0x0, 0x6}}, [], {{0x4, 0x1, 0x5, 0x3}, {0x5, 0x0, 0xb, 0x3, 0x0, 0x2}}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0xd40, 0xd2) (async, rerun: 64)
mkdir(&(0x7f0000000100)='./file0\x00', 0x0) (async, rerun: 64)
r2 = inotify_init()
inotify_add_watch(r2, &(0x7f00000000c0)='./file0\x00', 0x4000001) (async)
inotify_add_watch(r2, &(0x7f0000000000)='./file0\x00', 0xc5000152) (async, rerun: 32)
signalfd4(r0, &(0x7f00000001c0)={[0x8]}, 0x8, 0x80000) (rerun: 32)
close(r1)
socket$inet6_mptcp(0xa, 0x1, 0x106)
r3 = socket$phonet_pipe(0x23, 0x5, 0x2)
mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x200000, &(0x7f0000000000)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r3}}) (async)
sendmsg$nl_route_sched(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x4c0d0}, 0x20044044) (async)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) (async)
r4 = open$dir(&(0x7f0000000000)='./file0\x00', 0x8000, 0x0) (async)
r5 = syz_open_procfs$userns(0xffffffffffffffff, &(0x7f0000000140))
mount_setattr(r4, &(0x7f0000000040)='./file1\x00', 0x8100, &(0x7f0000000180)={0x4, 0x8, 0x60000, {r5}}, 0x20) (async)
chdir(&(0x7f00000003c0)='./bus\x00') (async)
r6 = creat(&(0x7f0000000400)='./bus\x00', 0x8)
write$binfmt_elf64(r6, 0x0, 0x76)

2.124764562s ago: executing program 4 (id=2759):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xc, 0xd, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000000000018150000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b5af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000026000000850000000700000095"], &(0x7f0000000400)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000005c0)={r2, 0x0, 0xe, 0x0, &(0x7f0000000640)="d9b9547ed3c0021a6fd6a67ab922", 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) (async)
openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async)
bpf$PROG_LOAD(0x5, 0x0, 0x0) (async)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xc, 0xd, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000000000018150000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b5af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000026000000850000000700000095"], &(0x7f0000000400)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) (async)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000005c0)={r2, 0x0, 0xe, 0x0, &(0x7f0000000640)="d9b9547ed3c0021a6fd6a67ab922", 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) (async)

2.027221849s ago: executing program 5 (id=2760):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_DEL_KEY(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)={0x34, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_KEY={0xc, 0x50, 0x0, 0x1, [@NL80211_KEY_IDX={0x5, 0x2, 0x1}]}]}, 0x34}}, 0x0)

1.902594371s ago: executing program 5 (id=2761):
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x12, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x1, 0x803, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001900)=@newlink={0x58, 0x10, 0x403, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x19, 0xf}}, @IFLA_VLAN_ID={0x6, 0x1, 0xffe}]}}}, @IFLA_LINK={0x8, 0x5, r2}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x58}}, 0x8000) (fail_nth: 3)

1.807750903s ago: executing program 5 (id=2762):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000014e70095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r1, &(0x7f00000016c0)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000001500)={0x2c, r2, 0x1, 0x0, 0x0, {0x22}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team0\x00'}]}]}, 0x2c}}, 0x0)

1.80679441s ago: executing program 4 (id=2763):
r0 = socket(0x10, 0x3, 0x0)
pipe2$watch_queue(&(0x7f0000000100), 0x80)
write(r0, 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
fcntl$dupfd(r1, 0x0, r1)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
r2 = socket$inet(0x2, 0x4000000805, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000007cd00000000071122a00000000009500000000000000f6a5ca9cf0d71d0e22369caaef00206d4f8568a4131ed1554ce25294a3882836c631614dcd2bcbbba40ceadad624e5dca895062626e61509b47a7b57d1d91c770961222eb675c5a1a380469e4a41ecbc935a6ed912cb66617dbc676d28950c3a62fc49660bef397d96ac7aedfacef7c6179fbb3605a698f68f172aad1c22c32417c4380d6a08e7e0485ed394021568c8d5d42dced27caaf1d86c576828b31fc138674f866dcdaa8dcd78499e"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=@gettclass={0x24, 0x2a, 0x2, 0x70bd2b, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0xffff, 0x6}, {0x8, 0x10}, {0x8, 0x2}}, [""]}, 0x24}}, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x200000a, 0x5d031, 0xffffffffffffffff, 0x0)
r5 = userfaultfd(0x801)
ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4})
ioctl$UFFDIO_COPY(r5, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000199000/0x800000)=nil, 0x800000})
socket$inet_udplite(0x2, 0x2, 0x88)

1.787203623s ago: executing program 5 (id=2764):
r0 = socket(0x10, 0x3, 0x0)
pipe2$watch_queue(&(0x7f0000000100), 0x80)
write(r0, 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
fcntl$dupfd(r1, 0x0, r1)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
r2 = socket$inet(0x2, 0x4000000805, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000007cd00000000071122a00000000009500000000000000f6a5ca9cf0d71d0e22369caaef00206d4f8568a4131ed1554ce25294a3882836c631614dcd2bcbbba40ceadad624e5dca895062626e61509b47a7b57d1d91c770961222eb675c5a1a380469e4a41ecbc935a6ed912cb66617dbc676d28950c3a62fc49660bef397d96ac7aedfacef7c6179fbb3605a698f68f172aad1c22c32417c4380d6a08e7e0485ed394021568c8d5d42dced27caaf1d86c576828b31fc138674f866d"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=@gettclass={0x24, 0x2a, 0x2, 0x70bd2b, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0xffff, 0x6}, {0x8, 0x10}, {0x8, 0x2}}, [""]}, 0x24}}, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x200000a, 0x5d031, 0xffffffffffffffff, 0x0)
r5 = userfaultfd(0x801)
ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4})
ioctl$UFFDIO_COPY(r5, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000199000/0x800000)=nil, 0x800000})
socket$inet_udplite(0x2, 0x2, 0x88)

1.710410888s ago: executing program 0 (id=2765):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000080)='cdg\x00', 0x4)
bind$inet6(r2, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c)
connect$inet6(r2, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r1, &(0x7f00000001c0)=[{{&(0x7f00000000c0)={0xa, 0x4e24, 0x80000000, @empty, 0x6}, 0x1c, &(0x7f0000000140)=[{&(0x7f0000000100)="7997f2a516abe4cd9174ed5c83b047648e78776023302093c5dda182dfde94a632e159750df82360e1fdc0bea4875c14e3b1", 0x32}, {&(0x7f0000000240)="58cdfef53c303d055d00ef7ce71401d5daffeeddad66c841d7b866e37e1fafd8773ff53f4e989947f218e6aadcedff2b123d70287d1b606135586c631f8858de6dbba652f8c29ba80032fe7b950aa75852a94fce516ddc9f001fbdfe7aafaa69e4124ce7882a", 0x66}], 0x2, &(0x7f0000001680)=[@dstopts={{0x48, 0x29, 0x37, {0x3a, 0x5, '\x00', [@padn={0x1, 0x3, [0x0, 0x0, 0x0]}, @generic={0x0, 0x23, "acba6c0be77dc984ec28d91c7f7630d7ebd740fe18c3d06f6a8a491893fa60430f0bbb"}]}}}, @hoplimit={{0x14, 0x29, 0x34, 0x6}}, @flowinfo={{0x14, 0x29, 0xb, 0xd}}, @hopopts_2292={{0x38, 0x29, 0x36, {0x3a, 0x4, '\x00', [@calipso={0x7, 0x10, {0x4, 0x2, 0x1, 0x6, [0x6]}}, @ra={0x5, 0x2, 0x5}, @jumbo={0xc2, 0x4, 0x9}, @ra={0x5, 0x2, 0x5}]}}}, @tclass={{0x14, 0x29, 0x43, 0x43a}}, @dstopts={{0x28, 0x29, 0x37, {0x87, 0x1, '\x00', [@ra, @pad1, @ra={0x5, 0x2, 0x4}, @padn={0x1, 0x1, [0x0]}]}}}, @rthdr_2292={{0x48, 0x29, 0x39, {0x0, 0x6, 0x2, 0xd7, 0x0, [@mcast1, @remote, @private1]}}}, @tclass={{0x14, 0x29, 0x43, 0x10001}}, @dstopts_2292={{0x50, 0x29, 0x4, {0x73, 0x6, '\x00', [@calipso={0x7, 0x30, {0x3, 0xa, 0x7, 0x9, [0xfa7, 0x80000000, 0x6e1, 0x6, 0x2]}}, @ra={0x5, 0x2, 0x8}]}}}], 0x1a0}}], 0x1, 0x0)
syz_usb_disconnect(0xffffffffffffffff)
setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000180)='veno\x00', 0x5)
openat$kvm(0xffffffffffffff9c, 0x0, 0xa0880, 0x0)
shutdown(r2, 0x2)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000340)='net\x00')
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
fchdir(r3)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
ioctl$EVIOCGUNIQ(r1, 0x7b9, 0x0)
bind$bt_hci(r0, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
write(r0, &(0x7f0000000040)="05000000010001", 0x7)
socket$inet_udp(0x2, 0x2, 0x0)

1.5333489s ago: executing program 3 (id=2766):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000280), r0)
sendmsg$NLBL_CALIPSO_C_REMOVE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)={0x1c, r1, 0x1, 0x70bd29, 0x25dfdbfc, {}, [@NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20008851}, 0x0) (fail_nth: 3)

1.411572292s ago: executing program 3 (id=2767):
r0 = socket$netlink(0x10, 0x3, 0x0)
fsopen(&(0x7f00000000c0)='ext4\x00', 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x3, &(0x7f0000000000)=@framed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x19, 0x4, 0x4, 0x9, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r1, &(0x7f00000000c0)='P', &(0x7f0000000000)=""/8, 0x2}, 0x20)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r1, &(0x7f0000000100), &(0x7f0000000000)=""/8, 0x2}, 0x20)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000140)={r1, &(0x7f0000000100)}, 0x20)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={<r2=>0xffffffffffffffff})
bpf$OBJ_GET_MAP(0x7, &(0x7f0000000300)=@o_path={&(0x7f0000000280)='./file0\x00', 0x0, 0x4000, r2}, 0x18)
ioctl$F2FS_IOC_MOVE_RANGE(r2, 0x541b, &(0x7f0000000240)={<r3=>0xffffffffffffffff})
close_range(r3, 0xffffffffffffffff, 0x0)
syz_open_dev$dri(&(0x7f0000000040), 0x0, 0x0)
io_setup(0x6, &(0x7f0000001380)=<r4=>0x0)
r5 = syz_open_procfs(0x0, &(0x7f0000000200)='fd/3\x00')
io_submit(r4, 0x1, &(0x7f00000000c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x0, r5, 0x0}])
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0x503, 0x2, 0x0, {0x0, 0x0, 0x0, 0x0, 0x4000, 0x22900}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macsec={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACSEC_ENCODING_SA={0x5, 0x6, 0x4}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000040}, 0x0)

1.346974271s ago: executing program 3 (id=2768):
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$AUTOFS_IOC_FAIL(r0, 0x4c81, 0xffffffffffffffb6)
socket$inet_smc(0x2b, 0x1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r1, 0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
bind$802154_dgram(r2, &(0x7f0000000040)={0x24, @long={0x3, 0x0, {0xaaaaaaaaaaaa0002}}}, 0x14)

1.319519155s ago: executing program 2 (id=2769):
socket$key(0xf, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
prlimit64(r0, 0xa, &(0x7f0000000100)={0xf, 0x3}, &(0x7f00000001c0))
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', 0xffffffffffffffff, 0x0, 0x8}, 0x18)
r3 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
r4 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x180300, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r4, 0x4601, &(0x7f0000000040)={0x191, 0x258, 0x1e0, 0x0, 0x32, 0x1, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4})
ioctl$DRM_IOCTL_MODE_ADDFB2(r3, 0xc06864b8, &(0x7f0000000580)={0x0, 0x2000, 0x80, 0x3231564e, 0x3, [0x2], [0x2000], [], [0x400000000000001]})
syz_open_dev$loop(&(0x7f0000000240), 0x20364, 0x1)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40a01, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc601})
r6 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000001a00), 0x2, 0x0)
write$6lowpan_control(r6, &(0x7f0000001a40)='connect aa:aa:aa:aa:aa:10 2', 0x1b)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0)
creat(&(0x7f0000000000)='./file0\x00', 0x4)

1.309903186s ago: executing program 3 (id=2770):
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00)
sendmsg$tipc(r1, 0x0, 0x0)
sendmmsg$sock(r1, &(0x7f0000003bc0), 0x4000000000002ca, 0x4040014)

713.783513ms ago: executing program 4 (id=2771):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbee7, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
open(&(0x7f0000000100)='./file0\x00', 0x101bff, 0x0)
r3 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_mreqsrc(r3, 0x0, 0x27, &(0x7f0000000040)={@multicast2, @local, @rand_addr=0x64010102}, 0xc)
setsockopt$inet_msfilter(r3, 0x0, 0x29, &(0x7f0000000280)=ANY=[@ANYBLOB="e0000002ac1414aa"], 0x1c)
syz_emit_ethernet(0x36, &(0x7f0000001800)={@link_local, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @broadcast}, @timestamp_reply={0x11, 0x0, 0x0, 0xe000, 0x2, 0x10001}}}}}, 0x0)
r4 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r4, 0xc018937e, 0x0)
open(&(0x7f0000000200)='./bus\x00', 0x1612c2, 0x0)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r5 = openat(0xffffffffffffff9c, 0x0, 0x42, 0x0)
fcntl$lock(r5, 0x7, 0x0)
fcntl$lock(0xffffffffffffffff, 0x26, &(0x7f00000002c0)={0x1, 0x0, 0xff34})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
fcntl$setsig(r4, 0xa, 0x21)
fcntl$setlease(r4, 0x400, 0x0)
truncate(&(0x7f0000000080)='./file0\x00', 0x0)
fcntl$setlease(r4, 0x400, 0x2)

610.847017ms ago: executing program 5 (id=2772):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYRESHEX=r0, @ANYRES8=r0, @ANYRES64=r0], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000e00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
iopl(0x3)
sync_file_range(0xffffffffffffffff, 0x4, 0x8, 0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, &(0x7f0000000180)=[0xffffffffffffffff], 0x1)
arch_prctl$ARCH_GET_UNTAG_MASK(0x1003, 0xfffffffffffffffc)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
r4 = socket$netlink(0x10, 0x3, 0x14)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, r5)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r6, 0x8933, &(0x7f0000001880)={'wg1\x00', <r7=>0x0})
r8 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000fc0), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r5, &(0x7f0000000b80)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="290a00000000000000000100000008000100", @ANYRES32=r7, @ANYBLOB="2400030000000000"], 0x40}}, 0x0)
sendmsg$WG_CMD_SET_DEVICE(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000018c0)={0xc44, r8, 0x1, 0x0, 0x0, {}, [@WGDEVICE_A_PEERS={0x1d4, 0x8, 0x0, 0x1, [{0x68, 0x0, 0x0, 0x1, [@WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x8001}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @c_g}, @WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e23, @local}}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x8}, @WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e20, @loopback}}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x6}]}, {0x4c, 0x0, 0x0, 0x1, [@WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @neg}, @WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e23, @local}}]}, {0x118, 0x0, 0x0, 0x1, [@WGPEER_A_ALLOWEDIPS={0x114, 0x9, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x5}}]}, {0xf4, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @private=0xa010100}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x34}}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x7f}}, @ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5}}]}]}]}, {0x4}]}, @WGDEVICE_A_IFINDEX={0x8, 0x1, r7}, @WGDEVICE_A_PEERS={0x9f8, 0x8, 0x0, 0x1, [{0x9f4, 0x0, 0x0, 0x1, [@WGPEER_A_PUBLIC_KEY={0x24, 0x1, @a_g}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "c30016f01a8c87ca1816513d4f2b4f6220b44fffbcbbd6c996ecc00914cb4145"}, @WGPEER_A_ALLOWEDIPS={0x514, 0x9, 0x0, 0x1, [{0xd0, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @private0={0xfc, 0x0, '\x00', 0x1}}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @local}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5}}]}, {0xf4, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x42}}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @ipv4={'\x00', '\xff\xff', @multicast2}}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x25}}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5}}]}, {0x64, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @local}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5}}]}, {0x64, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0xd}}, {0x5, 0x3, 0x3}}]}, {0x88, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @private1}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {0x5, 0x3, 0x1}}]}, {0x70, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @private1={0xfc, 0x1, '\x00', 0x1}}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @private1}, {0x5, 0x3, 0x3}}]}, {0x40, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @private1={0xfc, 0x1, '\x00', 0x1}}, {0x5, 0x3, 0x3}}]}, {0x64, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x30}}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {0x5, 0x3, 0x2}}]}, {0xe8, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @private=0xa010100}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @private2={0xfc, 0x2, '\x00', 0x1}}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5}}]}]}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x5}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "540366b32daeb08e342de293f99a2d4768a0f40b6f1005e5c63fa0f4f96ed9ad"}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x9}, @WGPEER_A_ALLOWEDIPS={0x1a8, 0x9, 0x0, 0x1, [{0xdc, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @private0={0xfc, 0x0, '\x00', 0x1}}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @private2}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x5, 0x3, 0x2}}]}, {0x64, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5, 0x3, 0x3}}]}, {0x64, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @private=0xa010101}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5}}]}]}, @WGPEER_A_ALLOWEDIPS={0x2b8, 0x9, 0x0, 0x1, [{0x28, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {0x5, 0x3, 0x3}}]}, {0x7c, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x26}}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0x2}}]}, {0x58, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @ipv4={'\x00', '\xff\xff', @multicast1}}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x2}}]}, {0xe8, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x19}}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @rand_addr=0x64010101}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5}}]}, {0xd0, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @local}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @private2}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @ipv4={'\x00', '\xff\xff', @broadcast}}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @private=0xa010100}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x17}}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @private=0xa010100}, {0x5}}]}]}]}]}, @WGDEVICE_A_FWMARK={0x8, 0x7, 0x7}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}, @WGDEVICE_A_FWMARK={0x8, 0x7, 0xa5d8}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg1\x00'}, @WGDEVICE_A_FLAGS={0x8}, @WGDEVICE_A_FLAGS={0x8, 0x5, 0x1}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}]}, 0xc44}}, 0x0)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000280)=ANY=[@ANYBLOB="380000000314010000000000000000000900020073797a30000000000800410073697700140033006c6f0000000000000000000000000000a9f80049d1da664d922874201956e19b19aeb67a20e81090f466fc95c61436e9"], 0x38}}, 0x0)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000001080)=[{&(0x7f0000000040)="a72d11a15c048c0a7d63aebc5cea1f81510ff6091475aeec600831aa9d3944e60bc2ad06a619c560aa0118b28f68f1eb14549d633b4b23f179fb680716faa43414787559be90843c35ab30acad8a6740140e00721abc2eb362f7bde53b3c992d3e28ccc20ec84fdc569947047f6c09a647ee8c0a747b951e66c068ccf1af93ee9e6f9528ff79e2f989383b05a690a6bec4634b867c9446c1c644b3010e8a3514c6328323b4bbdd602b8f0dace6aea70902c4ddd2a2f2810f1348b0d0df3c1e6a5938fcfdc87e7580c6be0c6a06eca62d6f787dd16add086a21391c4c707d8b61929d1252681b84c245e0efafe2e6e73ad86a3cf59235ab0eacbb414af92ec3cdac420a064a98e8cc18bdf63f8997f96436e0fe6f06fdbf47fff353b01a861babd4a38d126bfe3e29049e6cc883e6efae6e70ef9ed124b1b09887a58c991e223b6420dca5ae238027e91b17b1707dc5c0d5f59f0ca95614f1ea1d263c1ee54dfe31ae35eb3c8e3b931dff7920c57f", 0x16e}], 0x1, 0x0, 0x6b}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000c00), 0xffffffffffffffff)

254.696626ms ago: executing program 2 (id=2773):
socket$inet6_sctp(0xa, 0x801, 0x84)
r0 = socket$inet6(0xa, 0x806, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23}, 0x1c)
listen(r0, 0x3)
r1 = socket$inet_dccp(0x2, 0x6, 0x0)
connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10)

125.028621ms ago: executing program 3 (id=2774):
r0 = socket$inet6(0xa, 0x2, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0x21, &(0x7f0000000200)=0x2010003, 0x4)
sendto$inet6(r0, &(0x7f0000000000)="800037bbfa9ba1ce", 0x8, 0x0, &(0x7f0000001100)={0xa, 0x0, 0x8d4, @loopback}, 0x1c)

89.880829ms ago: executing program 0 (id=2775):
r0 = socket$inet6(0xa, 0x6, 0x0)
bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0)
r1 = socket$inet_dccp(0x2, 0x6, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
r2 = io_uring_setup(0x168e, &(0x7f0000000000))
io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
madvise(&(0x7f0000495000/0x400000)=nil, 0x400000, 0x8)
socket(0x400000000010, 0x3, 0x0)
listen(r0, 0x5)
r3 = openat$sequencer2(0xffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SNDCTL_FM_4OP_ENABLE(r3, 0x4004510f, &(0x7f0000000040)=0x3)
accept4(r0, 0x0, 0x0, 0x80800)
setsockopt$sock_linger(r1, 0x1, 0xd, &(0x7f0000000040)={0x1, 0x1}, 0x8)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @dev}, 0x10)
sendmmsg(r1, &(0x7f0000002980), 0x400000000000239, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

89.098141ms ago: executing program 3 (id=2776):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
write$binfmt_elf64(r0, &(0x7f0000000400)=ANY=[@ANYBLOB="7f454c4600000000000000000000000003003e00000000000000000000000200400000000000"], 0x78)
close(r0)
execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffc}}, &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='sched_process_wait\x00', r1}, 0x10)
bpf$BPF_PROG_DETACH(0x9, &(0x7f00000002c0)={@ifindex, 0xffffffffffffffff, 0x11, 0x0, 0x0, @void, @value}, 0x20)
r2 = io_uring_setup(0x4053, &(0x7f0000000040)={0x0, 0xa557, 0x0, 0x2, 0x94})
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000440), 0x4)
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000780)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESOCT, @ANYRESOCT=r2, @ANYRESDEC=r2], 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f0000000080)=ANY=[], 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
listen(r3, 0x0)
socket$unix(0x1, 0x1, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
connect$unix(r4, &(0x7f00000004c0)=@file={0x1, './file0\x00'}, 0x6e)

0s ago: executing program 0 (id=2777):
socket$inet(0x2, 0x2, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
syz_open_dev$swradio(&(0x7f00000019c0), 0x1, 0x2)
r1 = openat$dlm_plock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
read$FUSE(r1, 0x0, 0x0)
openat$cgroup_ro(r1, &(0x7f0000000180)='blkio.bfq.time\x00', 0x275a, 0x0)
ioctl$BTRFS_IOC_WAIT_SYNC(0xffffffffffffffff, 0x40089416, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x141042, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, 0x0})
sched_getattr(0x0, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0xfffffffffffffffe}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = socket$kcm(0x2, 0x200000000000001, 0x0)
sendmsg$inet(r3, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x300048c1)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.throttle.io_serviced_recursive\x00', 0x26e1, 0x0)
sendmsg$inet(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)="b8bafa76ba6cbc5ccbc898b672b00abdc1166abaf1c8fb3250146c00"/42, 0x2a}], 0x1, 0x0, 0x0, 0x10000000}, 0x52cc)
accept$alg(r0, 0x0, 0x0)
unshare(0x62040200)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)

kernel console output (not intermixed with test programs):

56182][T15609] Call Trace:
[  539.059450][T15609]  <TASK>
[  539.062369][T15609]  dump_stack_lvl+0x16c/0x1f0
[  539.067054][T15609]  should_fail_ex+0x497/0x5b0
[  539.071731][T15609]  _copy_from_user+0x2e/0xd0
[  539.076315][T15609]  copy_msghdr_from_user+0x99/0x160
[  539.081506][T15609]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  539.087302][T15609]  ? trace_lock_acquire+0x14e/0x1f0
[  539.092502][T15609]  ? __perf_event_task_sched_in+0xd2/0x6f0
[  539.098302][T15609]  ___sys_sendmsg+0xff/0x1e0
[  539.102885][T15609]  ? lock_release+0x4e2/0x6f0
[  539.107555][T15609]  ? __pfx____sys_sendmsg+0x10/0x10
[  539.112743][T15609]  ? trace_lock_acquire+0x14e/0x1f0
[  539.117941][T15609]  ? rcu_is_watching+0x12/0xc0
[  539.122705][T15609]  ? __pfx_lock_release+0x10/0x10
[  539.127725][T15609]  ? trace_lock_acquire+0x14e/0x1f0
[  539.132935][T15609]  ? __fget_files+0x206/0x3a0
[  539.137631][T15609]  __sys_sendmsg+0x16e/0x220
[  539.142222][T15609]  ? __pfx___sys_sendmsg+0x10/0x10
[  539.147341][T15609]  ? rcu_is_watching+0x12/0xc0
[  539.152112][T15609]  ? rcu_is_watching+0x12/0xc0
[  539.156882][T15609]  do_syscall_64+0xcd/0x250
[  539.161392][T15609]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  539.167288][T15609] RIP: 0033:0x7f1e57b7ff19
[  539.171695][T15609] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  539.191310][T15609] RSP: 002b:00007f1e589ba058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  539.199812][T15609] RAX: ffffffffffffffda RBX: 00007f1e57d46160 RCX: 00007f1e57b7ff19
[  539.207780][T15609] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 000000000000000d
[  539.215756][T15609] RBP: 00007f1e589ba0a0 R08: 0000000000000000 R09: 0000000000000000
[  539.223727][T15609] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  539.231694][T15609] R13: 0000000000000000 R14: 00007f1e57d46160 R15: 00007ffc1765e548
[  539.239670][T15609]  </TASK>
[  539.268744][T15616] netlink: 68 bytes leftover after parsing attributes in process `syz.3.2367'.
[  539.282715][   T29] audit: type=1400 audit(1733463909.639:439): avc:  denied  { write } for  pid=15617 comm="syz.0.2368" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  540.573358][T15647] FAULT_INJECTION: forcing a failure.
[  540.573358][T15647] name failslab, interval 1, probability 0, space 0, times 0
[  540.586122][T15647] CPU: 1 UID: 0 PID: 15647 Comm: syz.2.2375 Not tainted 6.13.0-rc1-syzkaller-00036-g5076001689e4 #0
[  540.596868][T15647] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  540.606901][T15647] Call Trace:
[  540.610157][T15647]  <TASK>
[  540.613068][T15647]  dump_stack_lvl+0x16c/0x1f0
[  540.617734][T15647]  should_fail_ex+0x497/0x5b0
[  540.622400][T15647]  ? fs_reclaim_acquire+0xae/0x150
[  540.627501][T15647]  should_failslab+0xc2/0x120
[  540.632161][T15647]  __kmalloc_node_noprof+0xd1/0x510
[  540.637363][T15647]  ? finish_task_switch.isra.0+0x217/0xcc0
[  540.643153][T15647]  ? load_msg+0x43/0x470
[  540.647382][T15647]  load_msg+0x43/0x470
[  540.651437][T15647]  do_msgsnd+0x1a8/0x1750
[  540.655747][T15647]  ? lock_release+0x4e2/0x6f0
[  540.660406][T15647]  ? __pfx_do_msgsnd+0x10/0x10
[  540.665149][T15647]  ? trace_lock_acquire+0x14e/0x1f0
[  540.670333][T15647]  ? __might_fault+0xe3/0x190
[  540.675014][T15647]  ? lock_acquire+0x2f/0xb0
[  540.679495][T15647]  ? __might_fault+0xe3/0x190
[  540.684158][T15647]  ? __x64_sys_msgsnd+0xe5/0x130
[  540.689073][T15647]  __x64_sys_msgsnd+0xe5/0x130
[  540.693908][T15647]  do_syscall_64+0xcd/0x250
[  540.698407][T15647]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  540.704285][T15647] RIP: 0033:0x7f1e57b7ff19
[  540.708679][T15647] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  540.728266][T15647] RSP: 002b:00007f1e589ba058 EFLAGS: 00000246 ORIG_RAX: 0000000000000045
[  540.736659][T15647] RAX: ffffffffffffffda RBX: 00007f1e57d46160 RCX: 00007f1e57b7ff19
[  540.744609][T15647] RDX: 0000000000000008 RSI: 00000000200013c0 RDI: 0000000000000000
[  540.752557][T15647] RBP: 00007f1e589ba0a0 R08: 0000000000000000 R09: 0000000000000000
[  540.760507][T15647] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  540.768457][T15647] R13: 0000000000000000 R14: 00007f1e57d46160 R15: 00007ffc1765e548
[  540.776411][T15647]  </TASK>
[  541.056882][ T5836] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  541.154851][T15658] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  541.165483][T15660] ip6t_rpfilter: only valid in 'raw' or 'mangle' table, not ''
[  541.262544][   T29] audit: type=1400 audit(1733463911.609:440): avc:  denied  { mount } for  pid=15659 comm="syz.1.2380" name="/" dev="hugetlbfs" ino=40858 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1
[  541.336539][   T29] audit: type=1400 audit(1733463911.689:441): avc:  denied  { getopt } for  pid=15663 comm="syz.0.2381" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  541.457759][T15666] FAULT_INJECTION: forcing a failure.
[  541.457759][T15666] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  541.514363][T15666] CPU: 0 UID: 0 PID: 15666 Comm: syz.3.2378 Not tainted 6.13.0-rc1-syzkaller-00036-g5076001689e4 #0
[  541.525149][T15666] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  541.535211][T15666] Call Trace:
[  541.538484][T15666]  <TASK>
[  541.541408][T15666]  dump_stack_lvl+0x16c/0x1f0
[  541.546083][T15666]  should_fail_ex+0x497/0x5b0
[  541.550760][T15666]  _copy_from_user+0x2e/0xd0
[  541.555339][T15666]  do_ipt_set_ctl+0x8f2/0xc30
[  541.560018][T15666]  ? __mutex_lock+0x1cc/0xa60
[  541.564692][T15666]  ? __pfx_do_ipt_set_ctl+0x10/0x10
[  541.569906][T15666]  ? __mutex_unlock_slowpath+0x164/0x690
[  541.575543][T15666]  ? sockopt_release_sock+0x52/0x60
[  541.580739][T15666]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  541.586726][T15666]  ? nf_sockopt_find.constprop.0+0x221/0x290
[  541.592703][T15666]  nf_setsockopt+0x8a/0xf0
[  541.597115][T15666]  ip_setsockopt+0xcb/0xf0
[  541.601531][T15666]  tcp_setsockopt+0xa4/0x100
[  541.606151][T15666]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  541.612040][T15666]  do_sock_setsockopt+0x222/0x480
[  541.617062][T15666]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  541.622603][T15666]  ? __fget_files+0x40/0x3a0
[  541.627191][T15666]  ? lock_acquire+0x2f/0xb0
[  541.631692][T15666]  __sys_setsockopt+0x1a0/0x230
[  541.636535][T15666]  __x64_sys_setsockopt+0xbd/0x160
[  541.641636][T15666]  ? trace_irq_enable.constprop.0+0xea/0x140
[  541.647614][T15666]  do_syscall_64+0xcd/0x250
[  541.652130][T15666]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  541.655097][T15667] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2381'.
[  541.658018][T15666] RIP: 0033:0x7f2d3ed7ff19
[  541.671344][T15666] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  541.690957][T15666] RSP: 002b:00007f2d3fb4e058 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  541.699358][T15666] RAX: ffffffffffffffda RBX: 00007f2d3ef46160 RCX: 00007f2d3ed7ff19
[  541.707307][T15666] RDX: 0000000000000040 RSI: 0004000000000000 RDI: 0000000000000005
[  541.715256][T15666] RBP: 00007f2d3fb4e0a0 R08: 00000000000004f8 R09: 0000000000000000
[  541.723207][T15666] R10: 0000000020000180 R11: 0000000000000246 R12: 0000000000000001
[  541.731173][T15666] R13: 0000000000000000 R14: 00007f2d3ef46160 R15: 00007ffcb3921d58
[  541.739128][T15666]  </TASK>
[  541.742218][    C0] vkms_vblank_simulate: vblank timer overrun
[  542.317987][T15685] FAULT_INJECTION: forcing a failure.
[  542.317987][T15685] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  542.331228][T15685] CPU: 0 UID: 0 PID: 15685 Comm: syz.3.2383 Not tainted 6.13.0-rc1-syzkaller-00036-g5076001689e4 #0
[  542.341982][T15685] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  542.352037][T15685] Call Trace:
[  542.355317][T15685]  <TASK>
[  542.358248][T15685]  dump_stack_lvl+0x16c/0x1f0
[  542.362935][T15685]  should_fail_ex+0x497/0x5b0
[  542.367620][T15685]  _copy_from_user+0x2e/0xd0
[  542.372204][T15685]  copy_msghdr_from_user+0x99/0x160
[  542.377394][T15685]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  542.383196][T15685]  ? rcu_is_watching+0x12/0xc0
[  542.387961][T15685]  ? lock_release+0x4e2/0x6f0
[  542.392632][T15685]  ? get_pid_task+0xfc/0x250
[  542.397216][T15685]  ___sys_sendmsg+0xff/0x1e0
[  542.401798][T15685]  ? get_pid_task+0x35/0x250
[  542.406381][T15685]  ? __pfx____sys_sendmsg+0x10/0x10
[  542.411571][T15685]  ? lock_release+0x4e2/0x6f0
[  542.416247][T15685]  ? __pfx_lock_release+0x10/0x10
[  542.421266][T15685]  ? trace_lock_acquire+0x14e/0x1f0
[  542.426470][T15685]  ? __fget_files+0x206/0x3a0
[  542.431143][T15685]  __sys_sendmsg+0x16e/0x220
[  542.435725][T15685]  ? __pfx___sys_sendmsg+0x10/0x10
[  542.440830][T15685]  ? rcu_is_watching+0x12/0xc0
[  542.445590][T15685]  ? rcu_is_watching+0x12/0xc0
[  542.450351][T15685]  do_syscall_64+0xcd/0x250
[  542.454860][T15685]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  542.460846][T15685] RIP: 0033:0x7f2d3ed7ff19
[  542.465250][T15685] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  542.484848][T15685] RSP: 002b:00007f2d3fb4e058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  542.493255][T15685] RAX: ffffffffffffffda RBX: 00007f2d3ef46160 RCX: 00007f2d3ed7ff19
[  542.501221][T15685] RDX: 0000000000068040 RSI: 0000000020000840 RDI: 000000000000000d
[  542.509186][T15685] RBP: 00007f2d3fb4e0a0 R08: 0000000000000000 R09: 0000000000000000
[  542.517146][T15685] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  542.525109][T15685] R13: 0000000000000000 R14: 00007f2d3ef46160 R15: 00007ffcb3921d58
[  542.533077][T15685]  </TASK>
[  542.536169][    C0] vkms_vblank_simulate: vblank timer overrun
[  542.723907][T15686] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  542.811487][   T29] audit: type=1326 audit(1733463913.079:442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15672 comm="syz.1.2382" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fddd357ff19 code=0x0
[  543.110429][T14879] usb 1-1: new high-speed USB device number 55 using dummy_hcd
[  543.260413][T14879] usb 1-1: Using ep0 maxpacket: 8
[  543.268148][T14879] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[  543.278124][T14879] usb 1-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  543.338857][T14879] usb 1-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  543.406277][T14879] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  543.425161][T14879] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  543.438051][T14879] usbtmc 1-1:16.0: bulk endpoints not found
[  543.470518][ T6784] usb 4-1: new high-speed USB device number 63 using dummy_hcd
[  543.630746][ T6784] usb 4-1: Using ep0 maxpacket: 8
[  543.647562][ T6784] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[  543.657901][ T6784] usb 4-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  543.678318][ T6784] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  543.691434][ T6784] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  543.711367][ T6784] usb 4-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  543.731862][ T6784] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  543.780426][ T6784] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  543.801829][ T6784] usbtmc 4-1:16.0: bulk endpoints not found
[  543.928395][T15714] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  544.091785][T15718] sctp: [Deprecated]: syz.2.2394 (pid 15718) Use of struct sctp_assoc_value in delayed_ack socket option.
[  544.091785][T15718] Use struct sctp_sack_info instead
[  544.760509][ T6784] usb 5-1: new low-speed USB device number 55 using dummy_hcd
[  544.820434][ T5836] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  544.841817][T15730] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  544.942640][ T6784] usb 5-1: config 0 has an invalid interface number: 55 but max is 0
[  544.959956][ T6784] usb 5-1: config 0 has no interface number 0
[  544.966572][ T6784] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  544.977512][ T6784] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8
[  545.004801][ T6784] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  545.018103][ T6784] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  545.035515][ T6784] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  545.047496][ T6784] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  545.076547][ T6784] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  545.125708][ T6784] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  545.142367][ T6784] usb 5-1: config 0 descriptor??
[  545.243250][T15722] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[  545.301379][ T6784] ldusb 5-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  545.503148][T15743] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  545.542237][ T6784] usb 5-1: USB disconnect, device number 55
[  545.596334][ T6784] ldusb 5-1:0.55: LD USB Device #0 now disconnected
[  545.963819][   T29] audit: type=1400 audit(1733463916.319:443): avc:  denied  { setopt } for  pid=15754 comm="syz.2.2404" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  546.714590][T14879] usb 4-1: USB disconnect, device number 63
[  546.718409][ T5925] usb 1-1: USB disconnect, device number 55
[  546.731413][ T6784] usb 2-1: new high-speed USB device number 63 using dummy_hcd
[  546.912297][ T6784] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  546.923585][ T6784] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  546.935691][ T6784] usb 2-1: New USB device found, idVendor=0c45, idProduct=760b, bcdDevice= 0.00
[  546.944904][ T6784] usb 2-1: New USB device strings: Mfr=0, Product=128, SerialNumber=0
[  547.094384][ T6784] usb 2-1: Product: syz
[  547.099528][ T6784] usb 2-1: config 0 descriptor??
[  547.107500][ T6784] usbhid 2-1:0.0: can't add hid device: -22
[  547.579517][ T6784] usbhid 2-1:0.0: probe with driver usbhid failed with error -22
[  547.859366][T15752] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  547.868170][T15752] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  548.101672][T14879] usb 4-1: new high-speed USB device number 64 using dummy_hcd
[  548.120436][T15791] block nbd2: Device being setup by another task
[  548.283697][T14879] usb 4-1: config index 0 descriptor too short (expected 45, got 36)
[  548.313708][T15791] block nbd2: shutting down sockets
[  548.319870][T14879] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  548.456459][T14879] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  548.480699][T14879] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  548.510464][T14879] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  548.540102][T14879] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  548.558492][T14879] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  548.577633][T14879] usb 4-1: config 0 descriptor??
[  548.589209][T15767] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  548.730403][   T25] usb 3-1: new high-speed USB device number 81 using dummy_hcd
[  548.779752][T15803] xt_l2tp: invalid flags combination: c
[  548.786834][   T29] audit: type=1400 audit(1733463919.139:444): avc:  denied  { watch watch_reads } for  pid=15802 comm="syz.4.2419" path=2F6D656D66643A2D42D54E49C56A9A707070F00884A26D202864656C6574656429 dev="tmpfs" ino=1413 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  548.821155][ T6784] usb 1-1: new high-speed USB device number 56 using dummy_hcd
[  548.890453][   T25] usb 3-1: Using ep0 maxpacket: 8
[  548.896603][   T25] usb 3-1: config index 0 descriptor too short (expected 301, got 45)
[  548.905011][   T25] usb 3-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  548.915344][   T25] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  548.925329][   T25] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  548.935104][   T25] usb 3-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  548.948004][   T25] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  548.957251][   T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  548.967751][   T25] usbtmc 3-1:16.0: bulk endpoints not found
[  549.017434][T14879] plantronics 0003:047F:FFFF.004C: unknown main item tag 0xd
[  549.025607][T14879] plantronics 0003:047F:FFFF.004C: No inputs registered, leaving
[  549.034430][T14879] plantronics 0003:047F:FFFF.004C: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  549.056083][ T6784] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16
[  549.066175][ T6784] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64
[  549.078518][ T6784] usb 1-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32
[  549.087673][ T6784] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  549.095703][ T6784] usb 1-1: Product: syz
[  549.099863][ T6784] usb 1-1: Manufacturer: syz
[  549.104504][ T6784] usb 1-1: SerialNumber: syz
[  549.109846][ T6784] usb 1-1: config 0 descriptor??
[  549.115217][T15799] raw-gadget.4 gadget.0: fail, usb_ep_enable returned -22
[  549.122761][T15799] raw-gadget.4 gadget.0: fail, usb_ep_enable returned -22
[  549.292156][T14879] usb 4-1: USB disconnect, device number 64
[  549.336096][T15799] raw-gadget.4 gadget.0: fail, usb_ep_enable returned -22
[  549.343517][T15799] raw-gadget.4 gadget.0: fail, usb_ep_enable returned -22
[  549.491119][   T25] usb 2-1: USB disconnect, device number 63
[  549.822296][ T6784] Error reading MAC address
[  550.062438][   T29] audit: type=1326 audit(1733463920.419:445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15798 comm="syz.0.2417" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fef7757ff19 code=0x0
[  550.164299][   T29] audit: type=1400 audit(1733463920.519:446): avc:  denied  { ioctl } for  pid=15798 comm="syz.0.2417" path="socket:[42236]" dev="sockfs" ino=42236 ioctlcmd=0x8904 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  551.466813][   T25] usb 3-1: USB disconnect, device number 81
[  551.514369][ T6784] usb 1-1: USB disconnect, device number 56
[  552.182452][   T25] usb 5-1: new high-speed USB device number 56 using dummy_hcd
[  552.250400][ T6784] usb 1-1: new high-speed USB device number 57 using dummy_hcd
[  552.351777][   T25] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  552.360549][   T25] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  552.372151][   T25] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  552.381459][   T25] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  552.394045][   T25] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  552.409998][   T25] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  552.430788][   T25] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  552.438874][ T6784] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  552.459084][   T25] usb 5-1: Product: syz
[  552.463791][ T6784] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  552.476350][   T25] usb 5-1: Manufacturer: syz
[  552.486322][ T6784] usb 1-1: New USB device found, idVendor=0c45, idProduct=760b, bcdDevice= 0.00
[  552.498423][   T25] cdc_wdm 5-1:1.0: skipping garbage
[  552.504140][   T25] cdc_wdm 5-1:1.0: skipping garbage
[  552.509540][ T6784] usb 1-1: New USB device strings: Mfr=0, Product=128, SerialNumber=0
[  552.519571][   T25] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[  552.525652][   T25] cdc_wdm 5-1:1.0: Unknown control protocol
[  552.533638][ T6784] usb 1-1: Product: syz
[  552.540385][ T6784] usb 1-1: config 0 descriptor??
[  552.547614][ T6784] usbhid 1-1:0.0: can't add hid device: -22
[  552.554867][ T6784] usbhid 1-1:0.0: probe with driver usbhid failed with error -22
[  552.701360][T15845] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  552.709871][T15845] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  552.720915][ T6784] usb 5-1: USB disconnect, device number 56
[  552.750223][T15850] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  552.758901][T15850] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  553.819884][   T29] audit: type=1400 audit(1733463924.159:447): avc:  denied  { ioctl } for  pid=15878 comm="syz.4.2439" path="time:[4026531834]" dev="nsfs" ino=4026531834 ioctlcmd=0xb701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  553.904359][   T29] audit: type=1400 audit(1733463924.159:448): avc:  denied  { setcheckreqprot } for  pid=15878 comm="syz.4.2439" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[  554.023690][T15893] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  554.083168][T14584] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  554.090941][T14584] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  554.099664][T14584] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  554.112848][T14584] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  554.122851][T14584] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  554.133551][T14584] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  554.181815][   T29] audit: type=1400 audit(1733463924.509:449): avc:  denied  { mounton } for  pid=15892 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  554.327336][T15892] chnl_net:caif_netlink_parms(): no params data found
[  554.570490][   T29] audit: type=1326 audit(1733463924.899:450): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15896 comm="syz.3.2444" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2d3ed7ff19 code=0x0
[  554.701965][   T25] usb 1-1: USB disconnect, device number 57
[  554.956376][T15892] bridge0: port 1(bridge_slave_0) entered blocking state
[  554.963853][T15892] bridge0: port 1(bridge_slave_0) entered disabled state
[  554.971194][T15892] bridge_slave_0: entered allmulticast mode
[  554.977922][T15892] bridge_slave_0: entered promiscuous mode
[  554.989938][T15892] bridge0: port 2(bridge_slave_1) entered blocking state
[  554.997253][T15892] bridge0: port 2(bridge_slave_1) entered disabled state
[  555.006908][T15892] bridge_slave_1: entered allmulticast mode
[  555.013603][T15892] bridge_slave_1: entered promiscuous mode
[  555.028034][T15892] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  555.038833][T15892] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  555.056799][T15892] team0: Port device team_slave_0 added
[  555.063633][T15892] team0: Port device team_slave_1 added
[  555.082392][T15892] batman_adv: batadv0: Adding interface: batadv_slave_0
[  555.090030][T15892] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  555.116398][T15892] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  555.128810][T15892] batman_adv: batadv0: Adding interface: batadv_slave_1
[  555.136686][T15892] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  555.162802][T15892] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  555.195945][T15892] hsr_slave_0: entered promiscuous mode
[  555.202035][T15892] hsr_slave_1: entered promiscuous mode
[  555.208016][T15892] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  555.217387][T15892] Cannot create hsr debugfs directory
[  555.279805][T15892] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  555.288248][T15892] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  555.297379][T15892] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  555.305313][T15892] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  555.388112][   T29] audit: type=1400 audit(1733463925.729:451): avc:  denied  { mount } for  pid=15922 comm="syz.2.2449" name="/" dev="rpc_pipefs" ino=41586 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:rpc_pipefs_t tclass=filesystem permissive=1
[  555.638899][T15892] 8021q: adding VLAN 0 to HW filter on device bond0
[  555.651043][ T6784] usb 3-1: new high-speed USB device number 82 using dummy_hcd
[  555.652402][T15892] 8021q: adding VLAN 0 to HW filter on device team0
[  555.670619][ T6425] bridge0: port 1(bridge_slave_0) entered blocking state
[  555.677689][ T6425] bridge0: port 1(bridge_slave_0) entered forwarding state
[  555.705133][   T61] bridge0: port 2(bridge_slave_1) entered blocking state
[  555.712247][   T61] bridge0: port 2(bridge_slave_1) entered forwarding state
[  555.788831][T15931] FAULT_INJECTION: forcing a failure.
[  555.788831][T15931] name failslab, interval 1, probability 0, space 0, times 0
[  555.802435][T15931] CPU: 1 UID: 0 PID: 15931 Comm: syz.3.2450 Not tainted 6.13.0-rc1-syzkaller-00036-g5076001689e4 #0
[  555.804095][T15892] 8021q: adding VLAN 0 to HW filter on device batadv0
[  555.813189][T15931] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  555.813200][T15931] Call Trace:
[  555.813206][T15931]  <TASK>
[  555.813212][T15931]  dump_stack_lvl+0x16c/0x1f0
[  555.813237][T15931]  should_fail_ex+0x497/0x5b0
[  555.813260][T15931]  ? fs_reclaim_acquire+0xae/0x150
[  555.813286][T15931]  should_failslab+0xc2/0x120
[  555.813307][T15931]  __kmalloc_noprof+0xcb/0x510
[  555.813328][T15931]  tomoyo_realpath_from_path+0xb9/0x720
[  555.813351][T15931]  ? tomoyo_path_number_perm+0x235/0x590
[  555.813376][T15931]  ? tomoyo_path_number_perm+0x235/0x590
[  555.813396][T15931]  tomoyo_path_number_perm+0x248/0x590
[  555.813414][T15931]  ? tomoyo_path_number_perm+0x235/0x590
[  555.813434][T15931]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  555.813454][T15931]  ? rcu_is_watching+0x12/0xc0
[  555.813480][T15931]  ? preempt_count_add+0x76/0x150
[  555.813502][T15931]  ? __pfx_lock_release+0x10/0x10
[  555.813520][T15931]  ? trace_lock_acquire+0x14e/0x1f0
[  555.813545][T15931]  ? __fget_files+0x40/0x3a0
[  555.813562][T15931]  ? lock_acquire+0x2f/0xb0
[  555.908486][T15892] veth0_vlan: entered promiscuous mode
[  555.908748][T15931]  ? __fget_files+0x40/0x3a0
[  555.919764][T15892] veth1_vlan: entered promiscuous mode
[  555.922950][T15931]  ? __fget_files+0x206/0x3a0
[  555.922974][T15931]  security_file_ioctl+0x9b/0x240
[  555.922996][T15931]  __x64_sys_ioctl+0xb7/0x200
[  555.939931][T15892] veth0_macvtap: entered promiscuous mode
[  555.943066][T15931]  do_syscall_64+0xcd/0x250
[  555.943094][T15931]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  555.951702][T15892] veth1_macvtap: entered promiscuous mode
[  555.952733][T15931] RIP: 0033:0x7f2d3ed7ff19
[  555.964650][T15892] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  555.968771][T15931] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  555.974534][T15892] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  555.978829][T15931] RSP: 002b:00007f2d3fb90058 EFLAGS: 00000246
[  555.990756][T15892] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  556.008772][T15931]  ORIG_RAX: 0000000000000010
[  556.008782][T15931] RAX: ffffffffffffffda RBX: 00007f2d3ef45fa0 RCX: 00007f2d3ed7ff19
[  556.008793][T15931] RDX: 0000000020000100 RSI: 0000000000003ba0 RDI: 0000000000000003
[  556.008804][T15931] RBP: 00007f2d3fb900a0 R08: 0000000000000000 R09: 0000000000000000
[  556.008814][T15931] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  556.008824][T15931] R13: 0000000000000000 R14: 00007f2d3ef45fa0 R15: 00007ffcb3921d58
[  556.008842][T15931]  </TASK>
[  556.023432][T15931] ERROR: Out of memory at tomoyo_realpath_from_path.
[  556.068093][T15892] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  556.072936][ T6784] usb 3-1: New USB device found, idVendor=0af0, idProduct=d013, bcdDevice=5b.2c
[  556.081741][T15892] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  556.096484][ T6784] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  556.105797][T15892] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  556.112674][ T6784] usb 3-1: Product: syz
[  556.121555][T15892] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  556.131365][ T6784] usb 3-1: Manufacturer: syz
[  556.137921][T15892] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  556.160572][ T6784] usb 3-1: SerialNumber: syz
[  556.167047][T15892] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  556.182823][T15892] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  556.184638][ T6784] usb 3-1: config 0 descriptor??
[  556.193456][T15892] batman_adv: batadv0: Interface activated: batadv_slave_0
[  556.197632][T14584] Bluetooth: hci4: command tx timeout
[  556.206455][T15892] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  556.221034][T15892] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  556.231794][ T6784] hso 3-1:0.0: Not our interface
[  556.246262][T15892] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  556.256868][T15892] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  556.266742][T15892] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  556.277559][T15892] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  556.287960][T15892] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  556.298477][T15892] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  556.308328][T15892] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  556.319004][T15892] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  556.330213][T15892] batman_adv: batadv0: Interface activated: batadv_slave_1
[  556.352572][T15892] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  556.363910][T15892] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  556.373945][T15892] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  556.383703][T15892] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  556.427398][   T25] usb 5-1: new high-speed USB device number 57 using dummy_hcd
[  556.463203][ T6883] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  556.481303][ T6883] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  556.499372][ T6425] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  556.508591][ T6425] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  556.519044][   T29] audit: type=1400 audit(1733463926.869:452): avc:  denied  { mount } for  pid=15892 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  556.551405][   T29] audit: type=1400 audit(1733463926.869:453): avc:  denied  { mounton } for  pid=15892 comm="syz-executor" path="/root/syzkaller.GSYgIO/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  556.696873][   T29] audit: type=1400 audit(1733463927.039:454): avc:  denied  { create } for  pid=15955 comm="syz.0.2454" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  557.034954][T15962] FAULT_INJECTION: forcing a failure.
[  557.034954][T15962] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  557.048660][T15962] CPU: 1 UID: 0 PID: 15962 Comm: syz.5.2441 Not tainted 6.13.0-rc1-syzkaller-00036-g5076001689e4 #0
[  557.059434][T15962] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  557.069482][T15962] Call Trace:
[  557.072751][T15962]  <TASK>
[  557.075676][T15962]  dump_stack_lvl+0x16c/0x1f0
[  557.080370][T15962]  should_fail_ex+0x497/0x5b0
[  557.085050][T15962]  _copy_from_iter+0x2a1/0x1560
[  557.089893][T15962]  ? kstrtouint+0xde/0x130
[  557.094306][T15962]  ? __pfx__copy_from_iter+0x10/0x10
[  557.099586][T15962]  ? rcu_is_watching+0x12/0xc0
[  557.104347][T15962]  ? lock_release+0x4e2/0x6f0
[  557.109019][T15962]  ? get_pid_task+0xfc/0x250
[  557.113605][T15962]  vhost_chr_write_iter+0xc5/0x1080
[  557.118801][T15962]  ? lock_acquire+0x2f/0xb0
[  557.123300][T15962]  ? __pfx_vhost_chr_write_iter+0x10/0x10
[  557.129021][T15962]  ? avc_policy_seqno+0x9/0x20
[  557.133779][T15962]  ? bpf_lsm_file_permission+0x9/0x10
[  557.139152][T15962]  ? security_file_permission+0x71/0x210
[  557.144791][T15962]  vfs_write+0x5ae/0x1150
[  557.149137][T15962]  ? __pfx_vhost_net_chr_write_iter+0x10/0x10
[  557.155199][T15962]  ? __pfx_vfs_write+0x10/0x10
[  557.159955][T15962]  ? __fget_files+0x40/0x3a0
[  557.164545][T15962]  ksys_write+0x12b/0x250
[  557.168864][T15962]  ? __pfx_ksys_write+0x10/0x10
[  557.173706][T15962]  ? rcu_is_watching+0x12/0xc0
[  557.178469][T15962]  ? rcu_is_watching+0x12/0xc0
[  557.183233][T15962]  do_syscall_64+0xcd/0x250
[  557.187739][T15962]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  557.193631][T15962] RIP: 0033:0x7ff674f7ff19
[  557.198036][T15962] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  557.217636][T15962] RSP: 002b:00007ff675dad058 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  557.226042][T15962] RAX: ffffffffffffffda RBX: 00007ff675146160 RCX: 00007ff674f7ff19
[  557.234004][T15962] RDX: 0000000000000048 RSI: 0000000020000980 RDI: 0000000000000009
[  557.241969][T15962] RBP: 00007ff675dad0a0 R08: 0000000000000000 R09: 0000000000000000
[  557.249931][T15962] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  557.257892][T15962] R13: 0000000000000000 R14: 00007ff675146160 R15: 00007ffc9d6ee448
[  557.265895][T15962]  </TASK>
[  557.434832][   T29] audit: type=1400 audit(1733463927.049:455): avc:  denied  { bind } for  pid=15955 comm="syz.0.2454" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  557.454489][ T5836] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  557.454768][   T29] audit: type=1400 audit(1733463927.049:456): avc:  denied  { read } for  pid=15955 comm="syz.0.2454" path="socket:[42844]" dev="sockfs" ino=42844 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  557.484556][   T25] usb 5-1: config index 0 descriptor too short (expected 45, got 36)
[  557.498941][   T25] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  557.522749][   T25] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  557.555339][   T25] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  557.584318][   T25] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  557.619938][   T25] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  557.631978][   T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  557.654309][   T25] usb 5-1: config 0 descriptor??
[  557.659742][T15950] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  558.073285][   T25] plantronics 0003:047F:FFFF.004D: unknown main item tag 0xd
[  558.082097][   T25] plantronics 0003:047F:FFFF.004D: No inputs registered, leaving
[  558.091038][   T25] plantronics 0003:047F:FFFF.004D: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  558.161219][   T25] usb 3-1: USB disconnect, device number 82
[  558.196632][T15981] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=15981 comm=syz.2.2460
[  558.209949][T15981] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pid=15981 comm=syz.2.2460
[  558.261088][ T5836] Bluetooth: hci4: command tx timeout
[  558.279704][   T52] usb 5-1: USB disconnect, device number 57
[  559.040388][ T6784] usb 4-1: new high-speed USB device number 65 using dummy_hcd
[  559.200716][ T6784] usb 4-1: Using ep0 maxpacket: 8
[  559.209834][ T6784] usb 4-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  559.329811][ T6784] usb 4-1: config 1 has 0 interfaces, different from the descriptor's value: 2
[  559.412388][ T6784] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  559.421606][ T6784] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  559.429588][ T6784] usb 4-1: Product: syz
[  559.659549][ T6784] usb 4-1: Manufacturer: syz
[  559.664256][ T6784] usb 4-1: SerialNumber: syz
[  559.932663][T16009] 9pnet_fd: Insufficient options for proto=fd
[  560.083148][   T29] kauditd_printk_skb: 2 callbacks suppressed
[  560.083179][   T29] audit: type=1400 audit(1733463930.289:459): avc:  denied  { mounton } for  pid=16007 comm="syz.2.2469" path="/498/file0" dev="tmpfs" ino=2615 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=fifo_file permissive=1
[  560.410662][ T5836] Bluetooth: hci4: command tx timeout
[  560.714341][T16034] FAULT_INJECTION: forcing a failure.
[  560.714341][T16034] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  560.714367][T16034] CPU: 0 UID: 0 PID: 16034 Comm: syz.5.2477 Not tainted 6.13.0-rc1-syzkaller-00036-g5076001689e4 #0
[  560.738119][T16034] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  560.748208][T16034] Call Trace:
[  560.748217][T16034]  <TASK>
[  560.748225][T16034]  dump_stack_lvl+0x16c/0x1f0
[  560.759080][T16034]  should_fail_ex+0x497/0x5b0
[  560.759115][T16034]  _copy_from_user+0x2e/0xd0
[  560.759134][T16034]  move_addr_to_kernel+0x68/0x160
[  560.759160][T16034]  __sys_sendto+0x1ba/0x4f0
[  560.759187][T16034]  ? __pfx___sys_sendto+0x10/0x10
[  560.759223][T16034]  ? ksys_write+0x1ba/0x250
[  560.759242][T16034]  ? __pfx_ksys_write+0x10/0x10
[  560.759262][T16034]  __x64_sys_sendto+0xe0/0x1c0
[  560.759288][T16034]  ? trace_irq_enable.constprop.0+0xea/0x140
[  560.759312][T16034]  do_syscall_64+0xcd/0x250
[  560.759342][T16034]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  560.759367][T16034] RIP: 0033:0x7ff674f7ff19
[  560.759382][T16034] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  560.759399][T16034] RSP: 002b:00007ff675def058 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  560.759417][T16034] RAX: ffffffffffffffda RBX: 00007ff675145fa0 RCX: 00007ff674f7ff19
[  560.759429][T16034] RDX: 0000000000034000 RSI: 0000000020847fff RDI: 0000000000000003
[  560.759440][T16034] RBP: 00007ff675def0a0 R08: 000000002005ffe4 R09: 000000000000001c
[  560.759452][T16034] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  560.759463][T16034] R13: 0000000000000000 R14: 00007ff675145fa0 R15: 00007ffc9d6ee448
[  560.759479][T16034]  </TASK>
[  561.035619][ T5871] usb 4-1: USB disconnect, device number 65
[  561.037883][   T25] usb 5-1: new high-speed USB device number 58 using dummy_hcd
[  561.453388][   T25] usb 5-1: config index 0 descriptor too short (expected 45, got 36)
[  561.477656][   T25] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  561.507384][   T29] audit: type=1400 audit(1733463931.859:460): avc:  denied  { listen } for  pid=16058 comm="syz.0.2483" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  561.529924][   T25] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  561.542812][   T25] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  561.558481][   T25] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  561.573873][   T25] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  561.583475][   T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  561.597270][   T25] usb 5-1: config 0 descriptor??
[  561.603773][T16060] binder: 16059:16060 ioctl c0306201 200004c0 returned -22
[  561.671414][T16040] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  561.721221][   T29] audit: type=1400 audit(1733463932.079:461): avc:  denied  { write } for  pid=16058 comm="syz.0.2483" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  561.812737][   T29] audit: type=1400 audit(1733463932.169:462): avc:  denied  { write } for  pid=16065 comm="syz.3.2485" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  562.094803][   T25] plantronics 0003:047F:FFFF.004E: unknown main item tag 0xd
[  562.115174][   T25] plantronics 0003:047F:FFFF.004E: No inputs registered, leaving
[  562.195035][   T25] plantronics 0003:047F:FFFF.004E: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  562.423823][ T5836] Bluetooth: hci4: command tx timeout
[  562.517632][ T1289] ieee802154 phy0 wpan0: encryption failed: -22
[  562.524620][ T1289] ieee802154 phy1 wpan1: encryption failed: -22
[  562.539528][   T25] usb 5-1: USB disconnect, device number 58
[  562.904802][T16123] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  564.164525][T16153] block device autoloading is deprecated and will be removed.
[  564.173568][T16153] syz.4.2501: attempt to access beyond end of device
[  564.173568][T16153] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  564.224984][   T29] audit: type=1400 audit(1733463934.579:463): avc:  denied  { unmount } for  pid=5820 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  564.300512][ T5871] usb 1-1: new high-speed USB device number 58 using dummy_hcd
[  564.330411][   T52] usb 3-1: new high-speed USB device number 83 using dummy_hcd
[  564.450417][ T5871] usb 1-1: Using ep0 maxpacket: 32
[  564.456904][ T5871] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  564.467168][ T5871] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  564.478101][ T5871] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  564.487964][ T5871] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  564.501166][ T5871] usb 1-1: New USB device found, idVendor=1b96, idProduct=000a, bcdDevice= 0.00
[  564.510258][ T5871] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  564.519234][   T52] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  564.520123][ T5871] usb 1-1: config 0 descriptor??
[  564.537417][   T52] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  564.549658][   T52] usb 3-1: New USB device found, idVendor=0c45, idProduct=760b, bcdDevice= 0.00
[  564.559722][   T52] usb 3-1: New USB device strings: Mfr=0, Product=128, SerialNumber=0
[  564.567982][   T52] usb 3-1: Product: syz
[  564.573998][   T52] usb 3-1: config 0 descriptor??
[  564.580684][   T52] usbhid 3-1:0.0: can't add hid device: -22
[  564.586621][   T52] usbhid 3-1:0.0: probe with driver usbhid failed with error -22
[  564.793724][    T9] usb 3-1: USB disconnect, device number 83
[  564.942660][ T5871] ntrig 0003:1B96:000A.004F: unknown main item tag 0x0
[  564.950002][ T5871] ntrig 0003:1B96:000A.004F: unknown main item tag 0x0
[  564.958367][ T5871] ntrig 0003:1B96:000A.004F: unknown main item tag 0x0
[  564.965726][ T5871] ntrig 0003:1B96:000A.004F: unknown main item tag 0x0
[  564.974026][ T5871] ntrig 0003:1B96:000A.004F: unknown main item tag 0x0
[  564.983457][ T5871] ntrig 0003:1B96:000A.004F: hidraw0: USB HID v0.00 Device [HID 1b96:000a] on usb-dummy_hcd.0-1/input0
[  565.470739][ T5871] usb 1-1: USB disconnect, device number 58
[  566.330432][   T52] usb 3-1: new high-speed USB device number 84 using dummy_hcd
[  566.494344][   T52] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16
[  566.567128][   T52] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64
[  566.657461][   T52] usb 3-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32
[  566.667309][   T52] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  566.676450][   T52] usb 3-1: Product: syz
[  566.762560][   T52] usb 3-1: Manufacturer: syz
[  566.827984][   T52] usb 3-1: SerialNumber: syz
[  566.863726][   T52] usb 3-1: config 0 descriptor??
[  566.895193][T16180] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  566.927470][T16180] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  567.220755][T16208] veth0_to_team: entered promiscuous mode
[  567.226544][T16208] veth0_to_team: entered allmulticast mode
[  567.340731][ T5871] usb 5-1: new high-speed USB device number 59 using dummy_hcd
[  567.377233][T16180] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  567.393040][T16180] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  567.572026][ T5871] usb 5-1: config 0 has an invalid interface number: 8 but max is 0
[  567.580110][ T5871] usb 5-1: config 0 has no interface number 0
[  567.588443][ T5871] usb 5-1: config 0 interface 8 has no altsetting 0
[  567.597510][ T5871] usb 5-1: New USB device found, idVendor=13d3, idProduct=3219, bcdDevice=7a.67
[  567.606700][ T5871] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  567.614847][ T5871] usb 5-1: Product: syz
[  567.619045][ T5871] usb 5-1: Manufacturer: syz
[  567.624345][ T5871] usb 5-1: SerialNumber: syz
[  567.635151][ T5871] usb 5-1: config 0 descriptor??
[  567.884154][   T52] Error reading MAC address
[  568.211209][   T29] audit: type=1400 audit(1733463938.559:464): avc:  denied  { map } for  pid=16215 comm="syz.5.2517" path="socket:[43436]" dev="sockfs" ino=43436 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  568.240914][ T5871] usb 5-1: USB disconnect, device number 59
[  568.247043][ T5871] dvb-usb: generic DVB-USB module successfully deinitialized and disconnected.
[  568.259561][   T29] audit: type=1400 audit(1733463938.559:465): avc:  denied  { read } for  pid=16215 comm="syz.5.2517" path="socket:[43436]" dev="sockfs" ino=43436 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  568.285293][   T29] audit: type=1400 audit(1733463938.559:466): avc:  denied  { getopt } for  pid=16215 comm="syz.5.2517" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  568.314836][   T29] audit: type=1326 audit(1733463938.609:467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16179 comm="syz.2.2509" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1e57b7ff19 code=0x0
[  568.340953][   T29] audit: type=1400 audit(1733463938.689:468): avc:  denied  { setopt } for  pid=16226 comm="syz.5.2520" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  568.360929][   T29] audit: type=1400 audit(1733463938.699:469): avc:  denied  { bind } for  pid=16226 comm="syz.5.2520" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  568.381577][   T29] audit: type=1400 audit(1733463938.699:470): avc:  denied  { getopt } for  pid=16226 comm="syz.5.2520" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  568.600425][    T9] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  568.776374][    T9] usb 6-1: config 1 interface 0 has no altsetting 0
[  568.789645][    T9] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  568.807183][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  568.905236][    T9] usb 6-1: Product: syz
[  568.912199][    T9] usb 6-1: Manufacturer: syz
[  568.925617][    T9] usb 6-1: SerialNumber: syz
[  569.453266][    T9] usb 6-1: USB disconnect, device number 2
[  569.493883][   T52] usb 3-1: USB disconnect, device number 84
[  570.097933][T16254] FAULT_INJECTION: forcing a failure.
[  570.097933][T16254] name failslab, interval 1, probability 0, space 0, times 0
[  570.156406][T16254] CPU: 0 UID: 0 PID: 16254 Comm: syz.4.2528 Not tainted 6.13.0-rc1-syzkaller-00036-g5076001689e4 #0
[  570.167200][T16254] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  570.177249][T16254] Call Trace:
[  570.180516][T16254]  <TASK>
[  570.183422][T16254]  dump_stack_lvl+0x16c/0x1f0
[  570.188084][T16254]  should_fail_ex+0x497/0x5b0
[  570.192742][T16254]  ? fs_reclaim_acquire+0xae/0x150
[  570.197839][T16254]  should_failslab+0xc2/0x120
[  570.202494][T16254]  __kmalloc_noprof+0xcb/0x510
[  570.207230][T16254]  ? rcu_is_watching+0x12/0xc0
[  570.211969][T16254]  tomoyo_encode2+0x100/0x3e0
[  570.216622][T16254]  tomoyo_encode+0x29/0x50
[  570.221014][T16254]  tomoyo_realpath_from_path+0x19d/0x720
[  570.226629][T16254]  ? tomoyo_path_number_perm+0x235/0x590
[  570.232234][T16254]  tomoyo_path_number_perm+0x248/0x590
[  570.237664][T16254]  ? tomoyo_path_number_perm+0x235/0x590
[  570.243268][T16254]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  570.249221][T16254]  ? rcu_is_watching+0x12/0xc0
[  570.253964][T16254]  ? preempt_count_add+0x76/0x150
[  570.258961][T16254]  ? __pfx_lock_release+0x10/0x10
[  570.263957][T16254]  ? trace_lock_acquire+0x14e/0x1f0
[  570.269142][T16254]  ? __fget_files+0x40/0x3a0
[  570.273802][T16254]  ? lock_acquire+0x2f/0xb0
[  570.278285][T16254]  ? __fget_files+0x40/0x3a0
[  570.282847][T16254]  ? __fget_files+0x206/0x3a0
[  570.287495][T16254]  security_file_ioctl+0x9b/0x240
[  570.292498][T16254]  __x64_sys_ioctl+0xb7/0x200
[  570.297150][T16254]  do_syscall_64+0xcd/0x250
[  570.301628][T16254]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  570.307493][T16254] RIP: 0033:0x7f2a7af7ff19
[  570.311880][T16254] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  570.331460][T16254] RSP: 002b:00007f2a78df6058 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  570.339843][T16254] RAX: ffffffffffffffda RBX: 00007f2a7b145fa0 RCX: 00007f2a7af7ff19
[  570.347784][T16254] RDX: 00000000200000c0 RSI: 00000000400448e2 RDI: 0000000000000004
[  570.355740][T16254] RBP: 00007f2a78df60a0 R08: 0000000000000000 R09: 0000000000000000
[  570.363689][T16254] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  570.371675][T16254] R13: 0000000000000000 R14: 00007f2a7b145fa0 R15: 00007ffe7640eaa8
[  570.379625][T16254]  </TASK>
[  571.066002][T16254] ERROR: Out of memory at tomoyo_realpath_from_path.
[  571.936135][   T29] audit: type=1400 audit(1733463942.289:471): avc:  denied  { map } for  pid=16289 comm="syz.3.2538" path="/dev/dri/card0" dev="devtmpfs" ino=627 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  572.130443][   T29] audit: type=1400 audit(1733463942.289:472): avc:  denied  { execute } for  pid=16289 comm="syz.3.2538" path="/dev/dri/card0" dev="devtmpfs" ino=627 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  572.616090][   T29] audit: type=1400 audit(1733463942.969:473): avc:  denied  { module_request } for  pid=16296 comm="syz.0.2540" kmod="netdev-vxcan0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  572.788598][T16305] overlayfs: failed to resolve './file1': -2
[  574.390917][    T9] usb 3-1: new high-speed USB device number 85 using dummy_hcd
[  574.601114][    T9] usb 3-1: Using ep0 maxpacket: 32
[  574.608129][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  574.651972][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  574.767548][    T9] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  574.792624][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  574.807251][    T9] usb 3-1: config 0 descriptor??
[  574.819457][    T9] hub 3-1:0.0: USB hub found
[  575.019465][    T9] hub 3-1:0.0: 1 port detected
[  575.280508][   T52] usb 4-1: new high-speed USB device number 66 using dummy_hcd
[  575.582642][   T52] usb 4-1: config index 0 descriptor too short (expected 45, got 36)
[  575.591958][   T52] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  575.604562][   T52] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  575.617020][   T52] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  575.628442][   T52] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  575.643112][   T52] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  575.652449][   T52] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  575.677804][   T52] usb 4-1: config 0 descriptor??
[  575.684244][T16368] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  575.711878][T16347] xt_limit: Overflow, try lower: 0/0
[  575.741678][T16390] IPVS: sync thread started: state = BACKUP, mcast_ifn = veth1_virt_wifi, syncid = -2, id = 0
[  575.747747][    T9] usb 3-1: USB disconnect, device number 85
[  576.038566][T16400] overlayfs: conflicting options: userxattr,redirect_dir=on
[  576.057073][   T29] kauditd_printk_skb: 2 callbacks suppressed
[  576.057087][   T29] audit: type=1400 audit(1733463946.399:476): avc:  denied  { sqpoll } for  pid=16398 comm="syz.0.2570" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  576.167325][   T52] plantronics 0003:047F:FFFF.0050: unknown main item tag 0xd
[  576.197087][   T52] plantronics 0003:047F:FFFF.0050: No inputs registered, leaving
[  576.308823][   T52] plantronics 0003:047F:FFFF.0050: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  576.461338][T16415] FAULT_INJECTION: forcing a failure.
[  576.461338][T16415] name failslab, interval 1, probability 0, space 0, times 0
[  576.481044][T16415] CPU: 1 UID: 0 PID: 16415 Comm: syz.2.2575 Not tainted 6.13.0-rc1-syzkaller-00036-g5076001689e4 #0
[  576.491825][T16415] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  576.501866][T16415] Call Trace:
[  576.505129][T16415]  <TASK>
[  576.508041][T16415]  dump_stack_lvl+0x16c/0x1f0
[  576.512706][T16415]  should_fail_ex+0x497/0x5b0
[  576.517369][T16415]  ? fs_reclaim_acquire+0xae/0x150
[  576.522469][T16415]  should_failslab+0xc2/0x120
[  576.527132][T16415]  __kmalloc_noprof+0xcb/0x510
[  576.531878][T16415]  ? rcu_is_watching+0x12/0xc0
[  576.536628][T16415]  tomoyo_encode2+0x100/0x3e0
[  576.541291][T16415]  tomoyo_encode+0x29/0x50
[  576.545689][T16415]  tomoyo_realpath_from_path+0x19d/0x720
[  576.551309][T16415]  ? tomoyo_path_number_perm+0x235/0x590
[  576.556923][T16415]  tomoyo_path_number_perm+0x248/0x590
[  576.562361][T16415]  ? tomoyo_path_number_perm+0x235/0x590
[  576.567974][T16415]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  576.573934][T16415]  ? rcu_is_watching+0x12/0xc0
[  576.578682][T16415]  ? preempt_count_add+0x76/0x150
[  576.583692][T16415]  ? __pfx_lock_release+0x10/0x10
[  576.588699][T16415]  ? trace_lock_acquire+0x14e/0x1f0
[  576.593883][T16415]  ? __fget_files+0x40/0x3a0
[  576.598453][T16415]  ? lock_acquire+0x2f/0xb0
[  576.602935][T16415]  ? __fget_files+0x40/0x3a0
[  576.607508][T16415]  ? __fget_files+0x206/0x3a0
[  576.612168][T16415]  security_file_ioctl+0x9b/0x240
[  576.617177][T16415]  __x64_sys_ioctl+0xb7/0x200
[  576.621840][T16415]  do_syscall_64+0xcd/0x250
[  576.626328][T16415]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  576.632204][T16415] RIP: 0033:0x7f1e57b7ff19
[  576.636598][T16415] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  576.656185][T16415] RSP: 002b:00007f1e589fc058 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  576.664578][T16415] RAX: ffffffffffffffda RBX: 00007f1e57d45fa0 RCX: 00007f1e57b7ff19
[  576.672545][T16415] RDX: 0000000020000680 RSI: 00000000000089f1 RDI: 0000000000000003
[  576.680500][T16415] RBP: 00007f1e589fc0a0 R08: 0000000000000000 R09: 0000000000000000
[  576.688448][T16415] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  576.696398][T16415] R13: 0000000000000000 R14: 00007f1e57d45fa0 R15: 00007ffc1765e548
[  576.704356][T16415]  </TASK>
[  576.710119][T16415] ERROR: Out of memory at tomoyo_realpath_from_path.
[  576.720598][   T52] usb 4-1: USB disconnect, device number 66
[  576.831932][ T5871] usb 1-1: new full-speed USB device number 59 using dummy_hcd
[  577.061571][ T5871] usb 1-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  577.077143][ T5871] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8 has invalid wMaxPacketSize 0
[  577.083353][   T29] audit: type=1326 audit(1733463947.419:477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16434 comm="syz.5.2581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff674f7ff19 code=0x7ffc0000
[  577.089980][ T5871] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  577.126176][   T29] audit: type=1326 audit(1733463947.419:478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16434 comm="syz.5.2581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff674f7ff19 code=0x7ffc0000
[  577.157602][ T5871] usb 1-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae
[  577.178387][ T5871] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  577.260554][   T29] audit: type=1326 audit(1733463947.419:479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16434 comm="syz.5.2581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=111 compat=0 ip=0x7ff674f7ff19 code=0x7ffc0000
[  577.292926][   T29] audit: type=1326 audit(1733463947.419:480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16434 comm="syz.5.2581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff674f7ff19 code=0x7ffc0000
[  577.373147][ T5871] usb 1-1: Product: syz
[  577.377660][T16424] kvm: kvm [16423]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x13500000000
[  577.379737][ T5871] usb 1-1: Manufacturer: syz
[  577.390116][   T29] audit: type=1326 audit(1733463947.419:481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16434 comm="syz.5.2581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff674f7ff19 code=0x7ffc0000
[  577.392395][ T5871] usb 1-1: SerialNumber: syz
[  577.454752][ T5871] usb 1-1: config 0 descriptor??
[  577.582575][   T29] audit: type=1326 audit(1733463947.419:482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16434 comm="syz.5.2581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=434 compat=0 ip=0x7ff674f7ff19 code=0x7ffc0000
[  577.771530][   T29] audit: type=1326 audit(1733463947.419:483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16434 comm="syz.5.2581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff674f7ff19 code=0x7ffc0000
[  577.795035][   T29] audit: type=1326 audit(1733463947.419:484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16434 comm="syz.5.2581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=283 compat=0 ip=0x7ff674f7ff19 code=0x7ffc0000
[  577.818539][   T29] audit: type=1326 audit(1733463947.419:485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16434 comm="syz.5.2581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff674f7ff19 code=0x7ffc0000
[  577.835451][T16413] virtio-fs: tag <(null)> not found
[  578.244753][   T52] usb 1-1: USB disconnect, device number 59
[  578.580738][ T5925] usb 4-1: new high-speed USB device number 67 using dummy_hcd
[  578.750737][ T5925] usb 4-1: device descriptor read/64, error -71
[  579.131647][ T5925] usb 4-1: new high-speed USB device number 68 using dummy_hcd
[  579.297339][ T5925] usb 4-1: device descriptor read/64, error -71
[  579.679588][ T5925] usb usb4-port1: attempt power cycle
[  580.320917][ T5925] usb 4-1: new high-speed USB device number 69 using dummy_hcd
[  580.350985][ T5925] usb 4-1: device descriptor read/8, error -71
[  580.705451][T16549] FAULT_INJECTION: forcing a failure.
[  580.705451][T16549] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  580.718597][T16549] CPU: 1 UID: 0 PID: 16549 Comm: syz.4.2597 Not tainted 6.13.0-rc1-syzkaller-00036-g5076001689e4 #0
[  580.729351][T16549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  580.739395][T16549] Call Trace:
[  580.742664][T16549]  <TASK>
[  580.745584][T16549]  dump_stack_lvl+0x16c/0x1f0
[  580.750258][T16549]  should_fail_ex+0x497/0x5b0
[  580.754939][T16549]  _copy_from_user+0x2e/0xd0
[  580.759519][T16549]  kstrtouint_from_user+0xd7/0x1c0
[  580.764624][T16549]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  580.770341][T16549]  ? inode_security+0x101/0x130
[  580.775186][T16549]  proc_fail_nth_write+0x84/0x250
[  580.780205][T16549]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  580.785839][T16549]  ? ksys_write+0x12b/0x250
[  580.790333][T16549]  ? lock_acquire+0x2f/0xb0
[  580.794828][T16549]  ? ksys_write+0x12b/0x250
[  580.799321][T16549]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  580.804952][T16549]  vfs_write+0x24c/0x1150
[  580.809272][T16549]  ? __fget_files+0x1fc/0x3a0
[  580.813943][T16549]  ? __pfx___mutex_lock+0x10/0x10
[  580.818971][T16549]  ? __pfx_vfs_write+0x10/0x10
[  580.823740][T16549]  ? __fget_files+0x206/0x3a0
[  580.828421][T16549]  ksys_write+0x12b/0x250
[  580.832750][T16549]  ? __pfx_ksys_write+0x10/0x10
[  580.837597][T16549]  ? rcu_is_watching+0x12/0xc0
[  580.837799][ T5836] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  580.842352][T16549]  ? rcu_is_watching+0x12/0xc0
[  580.842376][T16549]  do_syscall_64+0xcd/0x250
[  580.857657][T16549]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  580.857682][T16549] RIP: 0033:0x7f2a7af7e9cf
[  580.857697][T16549] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  580.857712][T16549] RSP: 002b:00007f2a78db4050 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  580.857730][T16549] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f2a7af7e9cf
[  580.857745][T16549] RDX: 0000000000000001 RSI: 00007f2a78db40b0 RDI: 0000000000000006
[  580.857755][T16549] RBP: 00007f2a78db40a0 R08: 0000000000000000 R09: 0000000000000000
[  580.857767][T16549] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  580.857776][T16549] R13: 0000000000000000 R14: 00007f2a7b146160 R15: 00007ffe7640eaa8
[  580.857792][T16549]  </TASK>
[  581.140735][   T29] kauditd_printk_skb: 46 callbacks suppressed
[  581.140748][   T29] audit: type=1400 audit(1733463951.499:532): avc:  denied  { sys_chroot } for  pid=16567 comm="dhcpcd" capability=18  scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=capability permissive=1
[  581.168403][   T29] audit: type=1400 audit(1733463951.499:533): avc:  denied  { setgid } for  pid=16567 comm="dhcpcd" capability=6  scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=capability permissive=1
[  581.190468][ T5925] usb 4-1: new high-speed USB device number 70 using dummy_hcd
[  581.191971][   T29] audit: type=1400 audit(1733463951.499:534): avc:  denied  { setrlimit } for  pid=16567 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=process permissive=1
[  581.224262][ T5925] usb 4-1: device descriptor read/8, error -71
[  581.381789][ T5925] usb usb4-port1: unable to enumerate USB device
[  581.854743][T16586] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[  581.861278][T16586] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  581.881542][T16586] vhci_hcd vhci_hcd.0: Device attached
[  582.159292][T16592] vhci_hcd: connection closed
[  582.191023][ T6715] vhci_hcd: stop threads
[  582.200242][ T6715] vhci_hcd: release socket
[  582.211467][ T5871] usb 40-1: SetAddress Request (2) to port 0
[  582.217490][ T5871] usb 40-1: new SuperSpeed USB device number 2 using vhci_hcd
[  582.223384][ T6715] vhci_hcd: disconnect device
[  582.250648][ T5871] usb 40-1: enqueue for inactive port 0
[  582.453884][T16608] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  582.797790][T16617] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  583.446200][ T5871] usb usb40-port1: attempt power cycle
[  583.451884][   T29] audit: type=1400 audit(1733463953.659:535): avc:  denied  { ioctl } for  pid=16607 comm="syz.5.2610" path="socket:[45634]" dev="sockfs" ino=45634 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  583.477025][    C0] vkms_vblank_simulate: vblank timer overrun
[  583.540845][ T5872] usb 4-1: new high-speed USB device number 71 using dummy_hcd
[  583.839087][T16654] dccp_flush_write_queue: CCID did not manage to send all packets
[  583.861490][ T5872] usb 4-1: config index 0 descriptor too short (expected 45, got 36)
[  583.870083][ T5872] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  583.882707][ T5872] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  583.894728][ T5872] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  583.906698][ T5872] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  583.920037][ T5872] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  583.987444][ T5872] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  584.001239][ T5872] usb 4-1: config 0 descriptor??
[  584.006760][T16626] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  584.120850][ T5871] usb usb40-port1: unable to enumerate USB device
[  584.431892][ T6883] tipc: Subscription rejected, illegal request
[  584.431906][   T29] audit: type=1400 audit(1733463954.789:536): avc:  denied  { read } for  pid=16665 comm="syz.4.2623" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  584.481292][ T5925] usb 1-1: new high-speed USB device number 60 using dummy_hcd
[  584.489764][ T5872] plantronics 0003:047F:FFFF.0051: unknown main item tag 0xd
[  584.501576][ T5872] plantronics 0003:047F:FFFF.0051: No inputs registered, leaving
[  584.519354][ T5872] plantronics 0003:047F:FFFF.0051: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  584.588033][T16671] syzkaller1: entered promiscuous mode
[  584.593582][T16671] syzkaller1: entered allmulticast mode
[  584.672915][ T5925] usb 1-1: config index 0 descriptor too short (expected 45, got 36)
[  584.681160][ T5925] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  584.693243][ T5925] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  584.704245][ T5925] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  584.715416][ T5925] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  584.728342][ T5925] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  584.737412][ T5925] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  584.746415][ T5925] usb 1-1: config 0 descriptor??
[  584.751827][T16662] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  584.752672][   T52] usb 4-1: USB disconnect, device number 71
[  585.128410][   T29] audit: type=1400 audit(1733463955.479:537): avc:  denied  { read } for  pid=16678 comm="syz.5.2627" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  585.151861][   T29] audit: type=1400 audit(1733463955.479:538): avc:  denied  { open } for  pid=16678 comm="syz.5.2627" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  585.177157][   T29] audit: type=1400 audit(1733463955.529:539): avc:  denied  { write } for  pid=16678 comm="syz.5.2627" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  585.206412][ T5925] plantronics 0003:047F:FFFF.0052: unknown main item tag 0xd
[  585.219365][ T5925] plantronics 0003:047F:FFFF.0052: No inputs registered, leaving
[  585.237010][ T5925] plantronics 0003:047F:FFFF.0052: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  585.466448][T16686] FAULT_INJECTION: forcing a failure.
[  585.466448][T16686] name failslab, interval 1, probability 0, space 0, times 0
[  585.486212][T16686] CPU: 0 UID: 0 PID: 16686 Comm: syz.5.2630 Not tainted 6.13.0-rc1-syzkaller-00036-g5076001689e4 #0
[  585.497019][T16686] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  585.507048][T16686] Call Trace:
[  585.510299][T16686]  <TASK>
[  585.513203][T16686]  dump_stack_lvl+0x16c/0x1f0
[  585.517865][T16686]  should_fail_ex+0x497/0x5b0
[  585.522518][T16686]  ? fs_reclaim_acquire+0xae/0x150
[  585.527604][T16686]  should_failslab+0xc2/0x120
[  585.532260][T16686]  kmem_cache_alloc_node_noprof+0x72/0x3c0
[  585.538039][T16686]  ? xas_move_index+0xb0/0x110
[  585.542774][T16686]  ? __alloc_skb+0x2b1/0x380
[  585.547341][T16686]  __alloc_skb+0x2b1/0x380
[  585.551733][T16686]  ? __pfx___alloc_skb+0x10/0x10
[  585.556643][T16686]  ? lock_release+0x4e2/0x6f0
[  585.561291][T16686]  ? filemap_map_pages+0xf1d/0x16b0
[  585.566470][T16686]  ? rcu_is_watching+0x12/0xc0
[  585.571211][T16686]  tipc_buf_acquire+0x26/0xe0
[  585.575873][T16686]  tipc_msg_build+0x10c/0x1120
[  585.580632][T16686]  ? lock_acquire+0x2f/0xb0
[  585.585130][T16686]  ? avc_has_perm_noaudit+0x61/0x3a0
[  585.590394][T16686]  ? __pfx_tipc_msg_build+0x10/0x10
[  585.595564][T16686]  ? avc_has_perm+0x11b/0x1c0
[  585.600215][T16686]  ? __pfx_avc_has_perm+0x10/0x10
[  585.605214][T16686]  __tipc_sendstream+0x6fa/0x1190
[  585.610227][T16686]  ? __pfx___tipc_sendstream+0x10/0x10
[  585.615660][T16686]  ? lock_release+0x4e2/0x6f0
[  585.620309][T16686]  ? tipc_sendstream+0x41/0x70
[  585.625053][T16686]  ? __pfx_lock_release+0x10/0x10
[  585.630052][T16686]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  585.636092][T16686]  ? __pfx_woken_wake_function+0x10/0x10
[  585.641706][T16686]  ? rcu_is_watching+0x12/0xc0
[  585.646443][T16686]  ? trace_irq_enable.constprop.0+0xea/0x140
[  585.652394][T16686]  tipc_sendstream+0x4f/0x70
[  585.656959][T16686]  __sys_sendto+0x488/0x4f0
[  585.661437][T16686]  ? __pfx___sys_sendto+0x10/0x10
[  585.666434][T16686]  ? rcu_is_watching+0x12/0xc0
[  585.671172][T16686]  ? rcu_is_watching+0x12/0xc0
[  585.675910][T16686]  __x64_sys_sendto+0xe0/0x1c0
[  585.680661][T16686]  ? trace_irq_enable.constprop.0+0xea/0x140
[  585.686613][T16686]  do_syscall_64+0xcd/0x250
[  585.691089][T16686]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  585.696953][T16686] RIP: 0033:0x7ff674f81dac
[  585.701339][T16686] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b
[  585.720918][T16686] RSP: 002b:00007ff675dedee0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[  585.729299][T16686] RAX: ffffffffffffffda RBX: 00007ff675dedfe0 RCX: 00007ff674f81dac
[  585.737243][T16686] RDX: 0000000000000020 RSI: 00007ff675dee030 RDI: 0000000000000003
[  585.745184][T16686] RBP: 0000000000000000 R08: 00007ff675dedf34 R09: 000000000000000c
[  585.753128][T16686] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
[  585.761069][T16686] R13: 00007ff675dedf88 R14: 00007ff675dee030 R15: 0000000000000000
[  585.769017][T16686]  </TASK>
[  585.772057][    C0] vkms_vblank_simulate: vblank timer overrun
[  585.786490][ T5871] usb 1-1: USB disconnect, device number 60
[  585.793439][   T11] tipc: Subscription rejected, illegal request
[  585.869972][T16693] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2632'.
[  585.893239][T16693] netlink: 'syz.5.2632': attribute type 39 has an invalid length.
[  586.227289][T16684] kvm: emulating exchange as write
[  586.660488][ T5872] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  586.757162][ T5871] usb 5-1: new high-speed USB device number 60 using dummy_hcd
[  587.555922][   T29] audit: type=1400 audit(1733463957.909:540): avc:  denied  { wake_alarm } for  pid=16731 comm="syz.0.2644" capability=35  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  587.573269][T16736] FAULT_INJECTION: forcing a failure.
[  587.573269][T16736] name failslab, interval 1, probability 0, space 0, times 0
[  587.591639][T16736] CPU: 1 UID: 0 PID: 16736 Comm: syz.0.2646 Not tainted 6.13.0-rc1-syzkaller-00036-g5076001689e4 #0
[  587.601766][ T5872] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16
[  587.602396][T16736] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  587.602409][T16736] Call Trace:
[  587.625424][T16736]  <TASK>
[  587.628351][T16736]  dump_stack_lvl+0x16c/0x1f0
[  587.633071][T16736]  should_fail_ex+0x497/0x5b0
[  587.637129][ T5872] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64
[  587.637739][T16736]  ? fs_reclaim_acquire+0xae/0x150
[  587.652696][T16736]  should_failslab+0xc2/0x120
[  587.657383][T16736]  kmem_cache_alloc_noprof+0x6e/0x3d0
[  587.662741][T16736]  ? rcu_is_watching+0x12/0xc0
[  587.667491][T16736]  ? __thp_vma_allowable_orders+0x1ca/0xb30
[  587.673373][T16736]  ? __pmd_alloc+0xc3/0x860
[  587.677859][T16736]  __pmd_alloc+0xc3/0x860
[  587.682171][T16736]  __handle_mm_fault+0x94a/0x2a40
[  587.687199][T16736]  ? __pfx___handle_mm_fault+0x10/0x10
[  587.692659][T16736]  ? find_vma+0xc0/0x140
[  587.696889][T16736]  ? __pfx_find_vma+0x10/0x10
[  587.701544][T16736]  handle_mm_fault+0x3fa/0xaa0
[  587.706297][T16736]  do_user_addr_fault+0x7a3/0x13f0
[  587.711389][T16736]  exc_page_fault+0x5c/0xc0
[  587.715873][T16736]  asm_exc_page_fault+0x26/0x30
[  587.720715][T16736] RIP: 0010:rep_movs_alternative+0x13/0x70
[  587.726511][T16736] Code: cc cc cc 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 83 f9 40 73 40 83 f9 08 73 21 85 c9 74 0f <8a> 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 0f
[  587.746110][T16736] RSP: 0018:ffffc9000441f9b0 EFLAGS: 00050202
[  587.752166][T16736] RAX: 0000000000000001 RBX: 0000000020000180 RCX: 0000000000000004
[  587.760125][T16736] RDX: fffff52000883f4c RSI: 0000000020000180 RDI: ffffc9000441fa60
[  587.768082][T16736] RBP: 0000000000000004 R08: 0000000000000001 R09: fffff52000883f4c
[  587.776049][T16736] R10: 0000000000000003 R11: 0000000000000001 R12: 0000000000000000
[  587.784014][T16736] R13: ffffc9000441fa60 R14: 0000000000000004 R15: ffff88805ceaa592
[  587.791971][T16736]  _copy_from_user+0x9a/0xd0
[  587.796548][T16736]  do_ipv6_setsockopt+0x97d/0x45f0
[  587.801642][T16736]  ? __pfx_do_ipv6_setsockopt+0x10/0x10
[  587.807170][T16736]  ? lock_release+0x4e2/0x6f0
[  587.811831][T16736]  ? trace_lock_acquire+0x14e/0x1f0
[  587.817021][T16736]  ? __pfx__kstrtoull+0x10/0x10
[  587.821859][T16736]  ? avc_has_perm_noaudit+0x61/0x3a0
[  587.827133][T16736]  ? lock_acquire+0x2f/0xb0
[  587.831616][T16736]  ? avc_has_perm_noaudit+0x61/0x3a0
[  587.836890][T16736]  ? avc_has_perm_noaudit+0x143/0x3a0
[  587.842249][T16736]  ? avc_has_perm+0x11b/0x1c0
[  587.846911][T16736]  ? __pfx_avc_has_perm+0x10/0x10
[  587.851919][T16736]  ? rcu_is_watching+0x12/0xc0
[  587.856666][T16736]  ? get_pid_task+0xfc/0x250
[  587.861235][T16736]  ? __pfx_lock_release+0x10/0x10
[  587.866239][T16736]  ? trace_lock_acquire+0x14e/0x1f0
[  587.871428][T16736]  ? sock_has_perm+0x25a/0x2f0
[  587.876173][T16736]  ? ipv6_setsockopt+0xcb/0x170
[  587.881004][T16736]  ipv6_setsockopt+0xcb/0x170
[  587.885663][T16736]  rawv6_setsockopt+0xd7/0x680
[  587.890406][T16736]  ? __pfx_rawv6_setsockopt+0x10/0x10
[  587.895759][T16736]  ? preempt_count_add+0x76/0x150
[  587.900776][T16736]  ? selinux_socket_setsockopt+0x6a/0x80
[  587.906388][T16736]  ? sock_common_setsockopt+0x2e/0xf0
[  587.911744][T16736]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  587.917620][T16736]  do_sock_setsockopt+0x222/0x480
[  587.922628][T16736]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  587.928155][T16736]  ? __fget_files+0x40/0x3a0
[  587.932724][T16736]  ? lock_acquire+0x2f/0xb0
[  587.937213][T16736]  __sys_setsockopt+0x1a0/0x230
[  587.942044][T16736]  __x64_sys_setsockopt+0xbd/0x160
[  587.947134][T16736]  ? trace_irq_enable.constprop.0+0xea/0x140
[  587.953097][T16736]  do_syscall_64+0xcd/0x250
[  587.957587][T16736]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  587.963463][T16736] RIP: 0033:0x7fef7757ff19
[  587.967857][T16736] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  587.987445][T16736] RSP: 002b:00007fef78317058 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  587.995837][T16736] RAX: ffffffffffffffda RBX: 00007fef77745fa0 RCX: 00007fef7757ff19
[  588.003788][T16736] RDX: 0001000000000021 RSI: 0000000000000029 RDI: 0000000000000003
[  588.011737][T16736] RBP: 00007fef783170a0 R08: 0000000000000004 R09: 0000000000000000
[  588.019686][T16736] R10: 0000000020000180 R11: 0000000000000246 R12: 0000000000000001
[  588.027637][T16736] R13: 0000000000000000 R14: 00007fef77745fa0 R15: 00007ffd3f21c618
[  588.035591][T16736]  </TASK>
[  588.041351][ T5872] usb 6-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32
[  588.050435][ T5871] usb 5-1: Using ep0 maxpacket: 8
[  588.056336][ T5872] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  588.065853][ T5871] usb 5-1: config 179 has an invalid interface number: 65 but max is 0
[  588.075434][ T5871] usb 5-1: config 179 has no interface number 0
[  588.089552][ T6715] tipc: Subscription rejected, illegal request
[  588.111446][ T5872] usb 6-1: Product: syz
[  588.115625][ T5872] usb 6-1: Manufacturer: syz
[  588.120296][ T5871] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  588.142362][ T5872] usb 6-1: SerialNumber: syz
[  588.146973][ T5871] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  588.154838][   T29] audit: type=1400 audit(1733463958.499:541): avc:  denied  { setopt } for  pid=16747 comm="syz.3.2650" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  588.158559][ T5871] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  588.190394][ T5871] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  588.201912][ T5871] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  588.215442][ T5871] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  588.224692][ T5871] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  588.227628][ T5872] usb 6-1: config 0 descriptor??
[  588.244035][T16718] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  588.248723][T16708] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  588.261556][T16708] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  588.631035][   T29] audit: type=1400 audit(1733463958.849:542): avc:  denied  { ioctl } for  pid=16745 comm="syz.0.2649" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 ioctlcmd=0x9412 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  588.666686][T16708] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  588.722695][ T5871] input: Generic X-Box pad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:179.65/input/input97
[  588.755016][T16708] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  588.880464][ T5925] usb 3-1: new high-speed USB device number 86 using dummy_hcd
[  589.042234][ T5925] usb 3-1: config index 0 descriptor too short (expected 45, got 36)
[  589.051547][ T5925] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  589.066542][ T5925] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  589.077556][ T6784] usb 4-1: new high-speed USB device number 72 using dummy_hcd
[  589.109632][ T5925] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  589.186484][    C0] xpad 5-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  589.194801][    C0] xpad 5-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  589.197370][ T5925] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  589.203204][ T5871] usb 5-1: USB disconnect, device number 60
[  589.250138][ T6784] usb 4-1: device descriptor read/64, error -71
[  589.250514][ T5871] xpad 5-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19
[  589.303694][ T5925] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  589.360803][ T5872] Error reading MAC address
[  589.364771][ T5925] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  589.448388][ T5925] usb 3-1: config 0 descriptor??
[  589.486319][T16755] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[  589.561229][ T6784] usb 4-1: new high-speed USB device number 73 using dummy_hcd
[  589.700746][ T6784] usb 4-1: device descriptor read/64, error -71
[  589.855213][ T6784] usb usb4-port1: attempt power cycle
[  589.875571][   T29] audit: type=1326 audit(1733463960.229:543): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16706 comm="syz.5.2636" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff674f7ff19 code=0x0
[  590.031459][ T5925] plantronics 0003:047F:FFFF.0053: unknown main item tag 0xd
[  590.040547][ T5925] plantronics 0003:047F:FFFF.0053: No inputs registered, leaving
[  590.049846][ T5925] plantronics 0003:047F:FFFF.0053: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  590.266060][ T5925] usb 3-1: USB disconnect, device number 86
[  590.301977][ T6784] usb 4-1: new high-speed USB device number 74 using dummy_hcd
[  590.321632][ T6784] usb 4-1: device descriptor read/8, error -71
[  590.570449][ T6784] usb 4-1: new high-speed USB device number 75 using dummy_hcd
[  590.592163][ T6784] usb 4-1: device descriptor read/8, error -71
[  590.703079][ T6784] usb usb4-port1: unable to enumerate USB device
[  591.678636][ T6784] usb 6-1: USB disconnect, device number 3
[  591.701113][   T29] audit: type=1400 audit(1733463962.049:544): avc:  denied  { bind } for  pid=16855 comm="syz.0.2663" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  591.912880][   T29] audit: type=1400 audit(1733463962.269:545): avc:  granted  { setsecparam } for  pid=16865 comm="syz.3.2667" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security
[  592.050498][ T5872] usb 3-1: new high-speed USB device number 87 using dummy_hcd
[  592.160458][ T5871] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  592.200454][ T5872] usb 3-1: Using ep0 maxpacket: 32
[  592.211564][ T5872] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32
[  592.224058][ T5872] usb 3-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[  592.233564][ T5872] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  592.242344][ T5872] usb 3-1: Product: syz
[  592.246981][ T5872] usb 3-1: Manufacturer: syz
[  592.251875][ T5872] usb 3-1: SerialNumber: syz
[  592.268533][ T5872] usb 3-1: config 0 descriptor??
[  592.274995][T16859] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  592.285889][ T5872] hub 3-1:0.0: bad descriptor, ignoring hub
[  592.292375][ T5872] hub 3-1:0.0: probe with driver hub failed with error -5
[  592.309594][ T5872] input: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input99
[  592.319935][ T5871] usb 6-1: config index 0 descriptor too short (expected 45, got 36)
[  592.331948][ T5871] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  592.346045][ T5871] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  592.362322][ T5871] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  592.374982][ T5871] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  592.388113][ T5871] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  592.397276][ T5871] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  592.408153][ T5871] usb 6-1: config 0 descriptor??
[  592.414297][T16872] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  592.487342][ T5872] usb 3-1: USB disconnect, device number 87
[  592.493324][    C0] usbtouchscreen 3-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19
[  592.827668][ T5871] usbhid 6-1:0.0: can't add hid device: -71
[  592.833692][ T5871] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  592.842847][ T5871] usb 6-1: USB disconnect, device number 4
[  592.950436][T14879] usb 4-1: new high-speed USB device number 76 using dummy_hcd
[  593.114806][T14879] usb 4-1: config index 0 descriptor too short (expected 45, got 36)
[  593.123089][T14879] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  593.135857][T14879] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  593.148674][T14879] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  593.160201][T14879] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  593.174555][T14879] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  593.184346][T14879] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  593.193535][T14879] usb 4-1: config 0 descriptor??
[  593.198843][T16880] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  593.231720][T16882] dccp_flush_write_queue: CCID did not manage to send all packets
[  593.257987][T16885] delete_channel: no stack
[  593.263464][   T29] audit: type=1400 audit(1733463963.619:546): avc:  denied  { accept } for  pid=16884 comm="syz.0.2673" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  593.561747][T16890] overlayfs: missing 'workdir'
[  593.569489][   T29] audit: type=1400 audit(1733463963.919:547): avc:  granted  { setsecparam } for  pid=16889 comm="syz.5.2675" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security
[  593.627244][T14879] plantronics 0003:047F:FFFF.0054: unknown main item tag 0xd
[  593.635462][T14879] plantronics 0003:047F:FFFF.0054: No inputs registered, leaving
[  593.646190][T14879] plantronics 0003:047F:FFFF.0054: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  593.675841][T16898] FAULT_INJECTION: forcing a failure.
[  593.675841][T16898] name failslab, interval 1, probability 0, space 0, times 0
[  593.688958][T16898] CPU: 0 UID: 0 PID: 16898 Comm: syz.0.2677 Not tainted 6.13.0-rc1-syzkaller-00036-g5076001689e4 #0
[  593.699740][T16898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  593.709776][T16898] Call Trace:
[  593.713031][T16898]  <TASK>
[  593.715935][T16898]  dump_stack_lvl+0x16c/0x1f0
[  593.720589][T16898]  should_fail_ex+0x497/0x5b0
[  593.725242][T16898]  ? fs_reclaim_acquire+0xae/0x150
[  593.730335][T16898]  should_failslab+0xc2/0x120
[  593.735006][T16898]  __kmalloc_noprof+0xcb/0x510
[  593.739747][T16898]  do_handle_open+0x37e/0x990
[  593.744405][T16898]  ? __fget_files+0x206/0x3a0
[  593.749053][T16898]  ? __pfx_do_handle_open+0x10/0x10
[  593.754234][T16898]  ? ksys_write+0x1ba/0x250
[  593.758722][T16898]  ? rcu_is_watching+0x12/0xc0
[  593.763463][T16898]  ? do_syscall_64+0xcd/0x250
[  593.768118][T16898]  do_syscall_64+0xcd/0x250
[  593.772594][T16898]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  593.778461][T16898] RIP: 0033:0x7fef7757ff19
[  593.782852][T16898] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  593.802436][T16898] RSP: 002b:00007fef78317058 EFLAGS: 00000246 ORIG_RAX: 0000000000000130
[  593.810832][T16898] RAX: ffffffffffffffda RBX: 00007fef77745fa0 RCX: 00007fef7757ff19
[  593.818773][T16898] RDX: 0000000000030000 RSI: 0000000020000140 RDI: 0000000000000003
[  593.826721][T16898] RBP: 00007fef783170a0 R08: 0000000000000000 R09: 0000000000000000
[  593.834680][T16898] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  593.842636][T16898] R13: 0000000000000000 R14: 00007fef77745fa0 R15: 00007ffd3f21c618
[  593.850592][T16898]  </TASK>
[  593.892623][ T6784] usb 4-1: USB disconnect, device number 76
[  594.022476][T16908] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2680'.
[  594.033351][   T29] audit: type=1400 audit(1733463964.389:548): avc:  denied  { setopt } for  pid=16907 comm="syz.4.2680" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  594.362507][T16919] FAULT_INJECTION: forcing a failure.
[  594.362507][T16919] name failslab, interval 1, probability 0, space 0, times 0
[  594.376697][T16919] CPU: 0 UID: 0 PID: 16919 Comm: syz.4.2683 Not tainted 6.13.0-rc1-syzkaller-00036-g5076001689e4 #0
[  594.387470][T16919] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  594.397520][T16919] Call Trace:
[  594.400790][T16919]  <TASK>
[  594.403703][T16919]  dump_stack_lvl+0x16c/0x1f0
[  594.408374][T16919]  should_fail_ex+0x497/0x5b0
[  594.413039][T16919]  ? fs_reclaim_acquire+0xae/0x150
[  594.418139][T16919]  should_failslab+0xc2/0x120
[  594.422801][T16919]  __kmalloc_noprof+0xcb/0x510
[  594.427550][T16919]  ? __import_iovec+0x1f2/0x6d0
[  594.432383][T16919]  sock_kmalloc+0x111/0x170
[  594.436888][T16919]  ____sys_sendmsg+0x876/0xc90
[  594.441638][T16919]  ? copy_msghdr_from_user+0x10b/0x160
[  594.447076][T16919]  ? __pfx_____sys_sendmsg+0x10/0x10
[  594.452345][T16919]  ? rcu_is_watching+0x12/0xc0
[  594.457115][T16919]  ? lock_release+0x4e2/0x6f0
[  594.461771][T16919]  ? get_pid_task+0xfc/0x250
[  594.466355][T16919]  ___sys_sendmsg+0x135/0x1e0
[  594.471014][T16919]  ? get_pid_task+0x35/0x250
[  594.475583][T16919]  ? __pfx____sys_sendmsg+0x10/0x10
[  594.480760][T16919]  ? lock_release+0x4e2/0x6f0
[  594.485419][T16919]  ? __pfx_lock_release+0x10/0x10
[  594.490428][T16919]  ? trace_lock_acquire+0x14e/0x1f0
[  594.495613][T16919]  ? __fget_files+0x206/0x3a0
[  594.500271][T16919]  __sys_sendmsg+0x16e/0x220
[  594.504841][T16919]  ? __pfx___sys_sendmsg+0x10/0x10
[  594.509933][T16919]  ? rcu_is_watching+0x12/0xc0
[  594.514682][T16919]  ? rcu_is_watching+0x12/0xc0
[  594.519431][T16919]  do_syscall_64+0xcd/0x250
[  594.523924][T16919]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  594.529800][T16919] RIP: 0033:0x7f2a7af7ff19
[  594.534194][T16919] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  594.553781][T16919] RSP: 002b:00007f2a78df6058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  594.562172][T16919] RAX: ffffffffffffffda RBX: 00007f2a7b145fa0 RCX: 00007f2a7af7ff19
[  594.570120][T16919] RDX: 0000000000002000 RSI: 0000000020003580 RDI: 0000000000000003
[  594.578070][T16919] RBP: 00007f2a78df60a0 R08: 0000000000000000 R09: 0000000000000000
[  594.586020][T16919] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  594.593968][T16919] R13: 0000000000000000 R14: 00007f2a7b145fa0 R15: 00007ffe7640eaa8
[  594.601923][T16919]  </TASK>
[  594.637587][T16921] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2684'.
[  594.684695][T16925] delete_channel: no stack
[  595.350932][ T6784] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  595.455015][T16945] lo speed is unknown, defaulting to 1000
[  595.460863][   T29] audit: type=1400 audit(1733463965.809:549): avc:  denied  { write } for  pid=16944 comm="syz.0.2695" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  595.481165][T16945] lo speed is unknown, defaulting to 1000
[  595.489774][T16945] lo speed is unknown, defaulting to 1000
[  595.496672][T16945] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  595.515299][T16945] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  595.542592][ T6784] usb 6-1: Using ep0 maxpacket: 8
[  595.566582][ T6784] usb 6-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 256
[  595.577870][T16945] lo speed is unknown, defaulting to 1000
[  595.584665][T16945] lo speed is unknown, defaulting to 1000
[  595.591559][T16945] lo speed is unknown, defaulting to 1000
[  595.612966][T16945] lo speed is unknown, defaulting to 1000
[  595.629495][T16945] lo speed is unknown, defaulting to 1000
[  595.638117][T16945] lo speed is unknown, defaulting to 1000
[  595.946058][ T6784] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  595.955650][ T6784] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  595.966989][ T6784] usb 6-1: Product: 揝ꁛ쬗ㄨᇧﶗ蘂派⶛錢㌇윛⊶֑兀獢㸬ෞ㞡ᩮ⋰‚ıඥ䔒Ղ麲钢紤㒫؊ꉅ뎳ꉶ埪烟▯ᖡ⌓裻֍⨸₏蚆ꋣ뼝↹䕼観竗䐡놀罱讌Ὼ⇃ഞ戠蘨䣮緸旺阢ީ㎹읆뇻䄴玱ᦌ篼嬴姕鹗ᣑ꟞儵㙏Ꟁ䔫
[  596.048310][ T6784] usb 6-1: Manufacturer: 塎♐脲˫慆ﻫ➹⾌쒾㧟彋킁㸌鶊粒솝˜ᄙ牫而익폌堵귲ᛋ㥕璾ぜ볓夯뼘삐
[  596.088878][ T6784] usb 6-1: SerialNumber: ఊ
[  596.422352][T16975] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2698'.
[  596.438575][T16975] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2698'.
[  596.685608][T16978] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2699'.
[  597.042516][   T11] tipc: Subscription rejected, illegal request
[  597.048980][T16990] FAULT_INJECTION: forcing a failure.
[  597.048980][T16990] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  597.089461][T16990] CPU: 1 UID: 0 PID: 16990 Comm: syz.0.2702 Not tainted 6.13.0-rc1-syzkaller-00036-g5076001689e4 #0
[  597.100268][T16990] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  597.110301][T16990] Call Trace:
[  597.113575][T16990]  <TASK>
[  597.116479][T16990]  dump_stack_lvl+0x16c/0x1f0
[  597.121134][T16990]  should_fail_ex+0x497/0x5b0
[  597.125787][T16990]  _copy_to_user+0x32/0xd0
[  597.130177][T16990]  simple_read_from_buffer+0xd0/0x160
[  597.135525][T16990]  proc_fail_nth_read+0x198/0x270
[  597.140524][T16990]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  597.146054][T16990]  ? bpf_lsm_file_permission+0x9/0x10
[  597.151402][T16990]  ? security_file_permission+0x71/0x210
[  597.157011][T16990]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  597.162532][T16990]  vfs_read+0x1df/0xbe0
[  597.166660][T16990]  ? __fget_files+0x1fc/0x3a0
[  597.171306][T16990]  ? __pfx___mutex_lock+0x10/0x10
[  597.176302][T16990]  ? __pfx_vfs_read+0x10/0x10
[  597.180953][T16990]  ? __fget_files+0x206/0x3a0
[  597.185603][T16990]  ksys_read+0x12b/0x250
[  597.189987][T16990]  ? __pfx_ksys_read+0x10/0x10
[  597.194723][T16990]  ? rcu_is_watching+0x12/0xc0
[  597.199473][T16990]  ? rcu_is_watching+0x12/0xc0
[  597.204209][T16990]  do_syscall_64+0xcd/0x250
[  597.208695][T16990]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  597.214563][T16990] RIP: 0033:0x7fef7757e92c
[  597.218960][T16990] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  597.238537][T16990] RSP: 002b:00007fef78317050 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  597.246920][T16990] RAX: ffffffffffffffda RBX: 00007fef77745fa0 RCX: 00007fef7757e92c
[  597.254864][T16990] RDX: 000000000000000f RSI: 00007fef783170b0 RDI: 0000000000000004
[  597.262807][T16990] RBP: 00007fef783170a0 R08: 0000000000000000 R09: 0000000000000000
[  597.270759][T16990] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  597.278730][T16990] R13: 0000000000000000 R14: 00007fef77745fa0 R15: 00007ffd3f21c618
[  597.286687][T16990]  </TASK>
[  597.334675][ T6784] cdc_ncm 6-1:1.0: bind() failure
[  597.341084][ T6784] cdc_ncm 6-1:1.1: CDC Union missing and no IAD found
[  597.353307][ T6784] cdc_ncm 6-1:1.1: bind() failure
[  597.368964][ T6784] usb 6-1: USB disconnect, device number 5
[  597.540382][T14696] usb 3-1: new high-speed USB device number 88 using dummy_hcd
[  597.690436][   T25] usb 1-1: new high-speed USB device number 61 using dummy_hcd
[  597.692945][T14696] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  597.709198][T14696] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  597.719998][T14696] usb 3-1: New USB device found, idVendor=0c45, idProduct=760b, bcdDevice= 0.00
[  597.729154][T14696] usb 3-1: New USB device strings: Mfr=0, Product=128, SerialNumber=0
[  597.737356][T14696] usb 3-1: Product: syz
[  597.742513][T14696] usb 3-1: config 0 descriptor??
[  597.748906][T14696] usbhid 3-1:0.0: can't add hid device: -22
[  597.754887][T14696] usbhid 3-1:0.0: probe with driver usbhid failed with error -22
[  597.830450][ T5925] usb 4-1: new high-speed USB device number 77 using dummy_hcd
[  597.850431][   T25] usb 1-1: Using ep0 maxpacket: 16
[  597.857888][   T25] usb 1-1: no configurations
[  597.862597][   T25] usb 1-1: can't read configurations, error -22
[  597.953158][T16993] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  597.962629][T16993] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  598.023707][   T25] usb 1-1: new high-speed USB device number 62 using dummy_hcd
[  598.035100][ T5925] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  598.043814][ T5925] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  598.054242][ T5925] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[  598.063214][ T5925] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  598.074217][ T5925] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  598.086288][ T5925] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  598.368503][ T5925] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  598.376565][ T5925] usb 4-1: Product: syz
[  598.380784][ T5925] usb 4-1: Manufacturer: syz
[  598.388312][ T5925] cdc_wdm 4-1:1.0: skipping garbage
[  598.393542][ T5925] cdc_wdm 4-1:1.0: skipping garbage
[  598.399163][ T5925] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device
[  598.405090][ T5925] cdc_wdm 4-1:1.0: Unknown control protocol
[  598.420417][   T52] usb 5-1: new full-speed USB device number 61 using dummy_hcd
[  598.460381][   T25] usb 1-1: Using ep0 maxpacket: 16
[  598.465967][   T25] usb 1-1: no configurations
[  598.471470][   T25] usb 1-1: can't read configurations, error -22
[  598.477863][   T25] usb usb1-port1: attempt power cycle
[  598.582029][   T52] usb 5-1: unable to get BOS descriptor or descriptor too short
[  598.590102][   T52] usb 5-1: not running at top speed; connect to a high speed hub
[  598.593166][T17005] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  598.598880][   T52] usb 5-1: config 4 has an invalid interface number: 111 but max is 0
[  598.607656][T17005] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  598.615375][   T52] usb 5-1: config 4 has no interface number 0
[  598.633279][   T52] usb 5-1: config 4 interface 111 has no altsetting 0
[  598.634521][T14696] usb 4-1: USB disconnect, device number 77
[  598.646054][   T52] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=44.99
[  598.656271][   T52] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  598.664306][   T52] usb 5-1: Product: syz
[  598.668494][   T52] usb 5-1: Manufacturer: syz
[  598.673137][   T52] usb 5-1: SerialNumber: syz
[  598.820711][   T25] usb 1-1: new high-speed USB device number 63 using dummy_hcd
[  598.844138][   T25] usb 1-1: Using ep0 maxpacket: 16
[  598.849944][   T25] usb 1-1: no configurations
[  598.859774][   T25] usb 1-1: can't read configurations, error -22
[  598.884563][   T52] pvrusb2: Hardware description: Terratec Grabster AV400
[  598.892389][   T52] pvrusb2: **********
[  598.896388][   T52] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  598.906722][   T52] pvrusb2: Important functionality might not be entirely working.
[  598.914560][   T52] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  598.926319][   T52] pvrusb2: **********
[  598.962319][   T52] usb 5-1: selecting invalid altsetting 0
[  598.969492][ T2322] pvrusb2: control-write URB failure, status=-71
[  599.093112][ T2322] pvrusb2: Device being rendered inoperable
[  599.104529][ T2322] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  599.189737][   T25] usb 1-1: new high-speed USB device number 64 using dummy_hcd
[  599.216323][ T2322] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  599.248074][   T52] usb 5-1: USB disconnect, device number 61
[  599.270859][   T25] usb 1-1: Using ep0 maxpacket: 16
[  599.276924][   T25] usb 1-1: no configurations
[  599.281638][   T25] usb 1-1: can't read configurations, error -22
[  599.290633][   T25] usb usb1-port1: unable to enumerate USB device
[  599.307153][   T29] audit: type=1400 audit(1733463969.659:550): avc:  denied  { bind } for  pid=17028 comm="syz.3.2714" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  599.307589][T17029] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2714'.
[  599.580415][ T5871] usb 4-1: new high-speed USB device number 78 using dummy_hcd
[  599.810405][ T5871] usb 4-1: Using ep0 maxpacket: 16
[  599.817664][ T5871] usb 4-1: config 0 has an invalid interface number: 41 but max is 0
[  599.830475][ T5871] usb 4-1: config 0 has no interface number 0
[  599.837477][ T5871] usb 4-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  599.862147][ T5871] usb 4-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  599.874158][ T5871] usb 4-1: config 0 interface 41 has no altsetting 0
[  599.887888][ T5871] usb 4-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a
[  599.897753][ T5871] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  599.907063][ T5871] usb 4-1: Product: syz
[  599.912671][ T5871] usb 4-1: Manufacturer: syz
[  599.917351][ T5871] usb 4-1: SerialNumber: syz
[  599.929078][ T5871] usb 4-1: config 0 descriptor??
[  599.935082][T17029] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[  599.949063][T17029] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[  600.157462][T14696] usb 3-1: USB disconnect, device number 88
[  600.195914][ T5871] dm9601 4-1:0.41: probe with driver dm9601 failed with error -71
[  600.222061][ T5871] sr9700 4-1:0.41: probe with driver sr9700 failed with error -71
[  600.248557][ T5871] usb 4-1: USB disconnect, device number 78
[  600.258338][T17046] FAULT_INJECTION: forcing a failure.
[  600.258338][T17046] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  600.275878][T17046] CPU: 0 UID: 0 PID: 17046 Comm: syz.5.2720 Not tainted 6.13.0-rc1-syzkaller-00036-g5076001689e4 #0
[  600.286664][T17046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  600.296725][T17046] Call Trace:
[  600.300004][T17046]  <TASK>
[  600.302934][T17046]  dump_stack_lvl+0x16c/0x1f0
[  600.307614][T17046]  should_fail_ex+0x497/0x5b0
[  600.312299][T17046]  _copy_to_user+0x32/0xd0
[  600.316719][T17046]  simple_read_from_buffer+0xd0/0x160
[  600.322108][T17046]  proc_fail_nth_read+0x198/0x270
[  600.327138][T17046]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  600.332677][T17046]  ? bpf_lsm_file_permission+0x9/0x10
[  600.338041][T17046]  ? security_file_permission+0x71/0x210
[  600.343676][T17046]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  600.349195][T17046]  vfs_read+0x1df/0xbe0
[  600.353325][T17046]  ? __fget_files+0x1fc/0x3a0
[  600.357975][T17046]  ? __pfx___mutex_lock+0x10/0x10
[  600.362971][T17046]  ? __pfx_vfs_read+0x10/0x10
[  600.367619][T17046]  ? __fget_files+0x206/0x3a0
[  600.372266][T17046]  ksys_read+0x12b/0x250
[  600.376479][T17046]  ? __pfx_ksys_read+0x10/0x10
[  600.381216][T17046]  ? rcu_is_watching+0x12/0xc0
[  600.385958][T17046]  ? rcu_is_watching+0x12/0xc0
[  600.390708][T17046]  do_syscall_64+0xcd/0x250
[  600.395190][T17046]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  600.401080][T17046] RIP: 0033:0x7ff674f7e92c
[  600.405478][T17046] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  600.425055][T17046] RSP: 002b:00007ff675def050 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  600.433460][T17046] RAX: ffffffffffffffda RBX: 00007ff675145fa0 RCX: 00007ff674f7e92c
[  600.441417][T17046] RDX: 000000000000000f RSI: 00007ff675def0b0 RDI: 0000000000000005
[  600.449367][T17046] RBP: 00007ff675def0a0 R08: 0000000000000000 R09: 0000000000000000
[  600.457340][T17046] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001
[  600.465282][T17046] R13: 0000000000000000 R14: 00007ff675145fa0 R15: 00007ffc9d6ee448
[  600.473246][T17046]  </TASK>
[  600.704184][T17053] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2719'.
[  600.713234][T17053] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2719'.
[  600.782518][   T29] audit: type=1400 audit(1733463971.009:551): avc:  denied  { execmem } for  pid=17043 comm="syz.2.2719" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  600.809042][   T29] audit: type=1400 audit(1733463971.029:552): avc:  denied  { create } for  pid=17043 comm="syz.2.2719" anonclass=[io_uring] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  600.837600][   T29] audit: type=1400 audit(1733463971.029:553): avc:  denied  { map } for  pid=17043 comm="syz.2.2719" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=48291 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  600.912426][   T29] audit: type=1400 audit(1733463971.029:554): avc:  denied  { read write } for  pid=17043 comm="syz.2.2719" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=48291 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  600.925453][T17061] bridge0: port 3(erspan0) entered disabled state
[  600.957214][T17061] bridge0: port 1(bridge_slave_0) entered disabled state
[  600.958580][   T29] audit: type=1400 audit(1733463971.059:555): avc:  denied  { create } for  pid=17043 comm="syz.2.2719" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  600.970806][T17061] bridge0: port 2(bridge_slave_1) entered disabled state
[  601.000981][   T29] audit: type=1400 audit(1733463971.059:556): avc:  denied  { write } for  pid=17043 comm="syz.2.2719" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  601.028979][   T29] audit: type=1400 audit(1733463971.079:557): avc:  denied  { read } for  pid=5172 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[  601.077177][T17072] FAULT_INJECTION: forcing a failure.
[  601.077177][T17072] name failslab, interval 1, probability 0, space 0, times 0
[  601.101301][   T29] audit: type=1400 audit(1733463971.079:558): avc:  denied  { search } for  pid=5172 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  601.124466][T17072] CPU: 0 UID: 0 PID: 17072 Comm: syz.4.2725 Not tainted 6.13.0-rc1-syzkaller-00036-g5076001689e4 #0
[  601.135249][T17072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  601.145299][T17072] Call Trace:
[  601.148561][T17072]  <TASK>
[  601.151472][T17072]  dump_stack_lvl+0x16c/0x1f0
[  601.156141][T17072]  should_fail_ex+0x497/0x5b0
[  601.160804][T17072]  ? fs_reclaim_acquire+0xae/0x150
[  601.165901][T17072]  should_failslab+0xc2/0x120
[  601.170562][T17072]  kmem_cache_alloc_node_noprof+0x72/0x3c0
[  601.176350][T17072]  ? __alloc_skb+0x2b1/0x380
[  601.180928][T17072]  __alloc_skb+0x2b1/0x380
[  601.185329][T17072]  ? __pfx___alloc_skb+0x10/0x10
[  601.190252][T17072]  ? selinux_socket_getpeersec_dgram+0x1a5/0x370
[  601.196563][T17072]  ? __pfx_selinux_socket_getpeersec_dgram+0x10/0x10
[  601.203221][T17072]  ? cap_capable+0x1cf/0x240
[  601.207792][T17072]  netlink_alloc_large_skb+0x69/0x130
[  601.213149][T17072]  netlink_sendmsg+0x689/0xd70
[  601.217895][T17072]  ? __pfx_netlink_sendmsg+0x10/0x10
[  601.223167][T17072]  ____sys_sendmsg+0xaaf/0xc90
[  601.227930][T17072]  ? copy_msghdr_from_user+0x10b/0x160
[  601.233380][T17072]  ? __pfx_____sys_sendmsg+0x10/0x10
[  601.238660][T17072]  ? rcu_is_watching+0x12/0xc0
[  601.243418][T17072]  ? lock_release+0x4e2/0x6f0
[  601.248083][T17072]  ? get_pid_task+0xfc/0x250
[  601.252662][T17072]  ___sys_sendmsg+0x135/0x1e0
[  601.257325][T17072]  ? get_pid_task+0x35/0x250
[  601.261912][T17072]  ? __pfx____sys_sendmsg+0x10/0x10
[  601.267180][T17072]  ? lock_release+0x4e2/0x6f0
[  601.271842][T17072]  ? __pfx_lock_release+0x10/0x10
[  601.276862][T17072]  ? trace_lock_acquire+0x14e/0x1f0
[  601.282092][T17072]  ? __fget_files+0x206/0x3a0
[  601.286756][T17072]  __sys_sendmsg+0x16e/0x220
[  601.291339][T17072]  ? __pfx___sys_sendmsg+0x10/0x10
[  601.296432][T17072]  ? rcu_is_watching+0x12/0xc0
[  601.301180][T17072]  ? rcu_is_watching+0x12/0xc0
[  601.305939][T17072]  do_syscall_64+0xcd/0x250
[  601.310440][T17072]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  601.316316][T17072] RIP: 0033:0x7f2a7af7ff19
[  601.320722][T17072] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  601.340745][T17072] RSP: 002b:00007f2a78df6058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  601.349141][T17072] RAX: ffffffffffffffda RBX: 00007f2a7b145fa0 RCX: 00007f2a7af7ff19
[  601.357092][T17072] RDX: 0000000004040054 RSI: 00000000200000c0 RDI: 0000000000000004
[  601.365044][T17072] RBP: 00007f2a78df60a0 R08: 0000000000000000 R09: 0000000000000000
[  601.373003][T17072] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  601.380954][T17072] R13: 0000000000000000 R14: 00007f2a7b145fa0 R15: 00007ffe7640eaa8
[  601.388927][T17072]  </TASK>
[  601.397695][   T29] audit: type=1400 audit(1733463971.079:559): avc:  denied  { append } for  pid=5172 comm="syslogd" name="messages" dev="tmpfs" ino=11 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  601.430861][T14696] usb 4-1: new high-speed USB device number 79 using dummy_hcd
[  601.520516][   T25] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  601.746212][   T25] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  601.757655][   T25] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  601.769059][   T25] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  601.778189][   T25] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  601.789526][   T25] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  601.803980][T14696] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  601.814611][   T25] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  601.818040][T17086] usb usb7: usbfs: process 17086 (syz.2.2728) did not claim interface 1 before use
[  601.824608][   T25] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  601.842412][T14696] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  601.848555][   T25] usb 6-1: Product: syz
[  601.856078][T14696] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  601.858624][   T25] usb 6-1: Manufacturer: syz
[  601.866533][T14696] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  601.876040][   T25] cdc_wdm 6-1:1.0: skipping garbage
[  601.882460][T17065] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  601.883918][   T25] cdc_wdm 6-1:1.0: skipping garbage
[  601.896135][T14696] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  601.904413][   T25] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[  601.910485][   T25] cdc_wdm 6-1:1.0: Unknown control protocol
[  602.189626][T17063] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  602.221070][T17063] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  602.233657][T14696] usb 6-1: USB disconnect, device number 6
[  602.321286][T17102] overlayfs: missing 'workdir'
[  602.599438][   T52] usb 4-1: USB disconnect, device number 79
[  604.289002][T17147] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2747'.
[  604.352051][T17147] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2747'.
[  604.577150][   T29] kauditd_printk_skb: 84 callbacks suppressed
[  604.577166][   T29] audit: type=1400 audit(1733463974.929:644): avc:  denied  { ioctl } for  pid=17154 comm="syz.4.2751" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  604.614823][T17153] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2749'.
[  604.683687][   T29] audit: type=1400 audit(1733463975.029:645): avc:  denied  { read write } for  pid=17151 comm="syz.5.2750" name="sg0" dev="devtmpfs" ino=725 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  604.712302][   T29] audit: type=1400 audit(1733463975.029:646): avc:  denied  { open } for  pid=17151 comm="syz.5.2750" path="/dev/sg0" dev="devtmpfs" ino=725 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  604.737629][   T29] audit: type=1400 audit(1733463975.029:647): avc:  denied  { ioctl } for  pid=17151 comm="syz.5.2750" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=48436 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  604.992565][T17165] FAULT_INJECTION: forcing a failure.
[  604.992565][T17165] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  605.059345][T17165] CPU: 1 UID: 0 PID: 17165 Comm: syz.2.2752 Not tainted 6.13.0-rc1-syzkaller-00036-g5076001689e4 #0
[  605.070135][T17165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  605.080180][T17165] Call Trace:
[  605.083439][T17165]  <TASK>
[  605.086346][T17165]  dump_stack_lvl+0x16c/0x1f0
[  605.091002][T17165]  should_fail_ex+0x497/0x5b0
[  605.095659][T17165]  _copy_to_user+0x32/0xd0
[  605.100050][T17165]  simple_read_from_buffer+0xd0/0x160
[  605.105412][T17165]  proc_fail_nth_read+0x198/0x270
[  605.110413][T17165]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  605.115947][T17165]  ? bpf_lsm_file_permission+0x9/0x10
[  605.121309][T17165]  ? security_file_permission+0x71/0x210
[  605.126917][T17165]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  605.132449][T17165]  vfs_read+0x1df/0xbe0
[  605.136575][T17165]  ? __pfx___mutex_lock+0x10/0x10
[  605.141584][T17165]  ? __pfx_vfs_read+0x10/0x10
[  605.146241][T17165]  ? rcu_is_watching+0x12/0xc0
[  605.150979][T17165]  ? __rcu_read_unlock+0x2b4/0x580
[  605.156063][T17165]  ? __fget_files+0x206/0x3a0
[  605.160713][T17165]  ksys_read+0x12b/0x250
[  605.164942][T17165]  ? __pfx_ksys_read+0x10/0x10
[  605.169676][T17165]  ? rcu_is_watching+0x12/0xc0
[  605.174413][T17165]  ? rcu_is_watching+0x12/0xc0
[  605.179154][T17165]  do_syscall_64+0xcd/0x250
[  605.183644][T17165]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  605.189509][T17165] RIP: 0033:0x7f1e57b7e92c
[  605.193895][T17165] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  605.213473][T17165] RSP: 002b:00007f1e589fc050 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  605.221872][T17165] RAX: ffffffffffffffda RBX: 00007f1e57d45fa0 RCX: 00007f1e57b7e92c
[  605.229817][T17165] RDX: 000000000000000f RSI: 00007f1e589fc0b0 RDI: 0000000000000005
[  605.237776][T17165] RBP: 00007f1e589fc0a0 R08: 0000000000000000 R09: 0000000000000000
[  605.245733][T17165] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  605.253688][T17165] R13: 0000000000000000 R14: 00007f1e57d45fa0 R15: 00007ffc1765e548
[  605.261650][T17165]  </TASK>
[  605.276010][T17167] FAULT_INJECTION: forcing a failure.
[  605.276010][T17167] name failslab, interval 1, probability 0, space 0, times 0
[  605.288706][T17167] CPU: 0 UID: 0 PID: 17167 Comm: syz.0.2755 Not tainted 6.13.0-rc1-syzkaller-00036-g5076001689e4 #0
[  605.299479][T17167] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  605.309534][T17167] Call Trace:
[  605.312805][T17167]  <TASK>
[  605.315736][T17167]  dump_stack_lvl+0x16c/0x1f0
[  605.320429][T17167]  should_fail_ex+0x497/0x5b0
[  605.325118][T17167]  ? fs_reclaim_acquire+0xae/0x150
[  605.330236][T17167]  should_failslab+0xc2/0x120
[  605.334912][T17167]  __kmalloc_node_noprof+0xd1/0x510
[  605.340110][T17167]  ? lock_acquire+0x2f/0xb0
[  605.344606][T17167]  ? __might_fault+0xe3/0x190
[  605.349274][T17167]  ? __kvmalloc_node_noprof+0xad/0x1a0
[  605.354720][T17167]  ? __might_fault+0xe3/0x190
[  605.359391][T17167]  __kvmalloc_node_noprof+0xad/0x1a0
[  605.364660][T17167]  xt_alloc_table_info+0x3e/0xa0
[  605.369583][T17167]  do_ip6t_set_ctl+0x59d/0xc40
[  605.374332][T17167]  ? __mutex_lock+0x1cc/0xa60
[  605.378993][T17167]  ? __pfx_do_ip6t_set_ctl+0x10/0x10
[  605.384262][T17167]  ? __mutex_unlock_slowpath+0x164/0x690
[  605.389876][T17167]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  605.395843][T17167]  ? nf_sockopt_find.constprop.0+0x221/0x290
[  605.401807][T17167]  nf_setsockopt+0x8a/0xf0
[  605.406205][T17167]  ipv6_setsockopt+0x135/0x170
[  605.410949][T17167]  udpv6_setsockopt+0x7d/0xd0
[  605.415611][T17167]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  605.421485][T17167]  do_sock_setsockopt+0x222/0x480
[  605.426492][T17167]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  605.432017][T17167]  ? __fget_files+0x40/0x3a0
[  605.436589][T17167]  ? lock_acquire+0x2f/0xb0
[  605.441078][T17167]  __sys_setsockopt+0x1a0/0x230
[  605.445907][T17167]  __x64_sys_setsockopt+0xbd/0x160
[  605.450995][T17167]  ? trace_irq_enable.constprop.0+0xea/0x140
[  605.456959][T17167]  do_syscall_64+0xcd/0x250
[  605.461450][T17167]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  605.467325][T17167] RIP: 0033:0x7fef7757ff19
[  605.471719][T17167] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  605.491309][T17167] RSP: 002b:00007fef78317058 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  605.499700][T17167] RAX: ffffffffffffffda RBX: 00007fef77745fa0 RCX: 00007fef7757ff19
[  605.507650][T17167] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003
[  605.515599][T17167] RBP: 00007fef783170a0 R08: 00000000000006a8 R09: 0000000000000000
[  605.523551][T17167] R10: 0000000020000040 R11: 0000000000000246 R12: 0000000000000001
[  605.531501][T17167] R13: 0000000000000000 R14: 00007fef77745fa0 R15: 00007ffd3f21c618
[  605.539456][T17167]  </TASK>
[  605.542465][    C0] vkms_vblank_simulate: vblank timer overrun
[  605.693724][   T29] audit: type=1400 audit(1733463976.029:648): avc:  denied  { write } for  pid=17173 comm="syz.5.2757" name="event2" dev="devtmpfs" ino=929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  605.720972][   T29] audit: type=1400 audit(1733463976.039:649): avc:  denied  { open } for  pid=17173 comm="syz.5.2757" path="/dev/input/event2" dev="devtmpfs" ino=929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  605.745084][    C0] vkms_vblank_simulate: vblank timer overrun
[  605.836306][   T29] audit: type=1400 audit(1733463976.179:650): avc:  denied  { ioctl } for  pid=17173 comm="syz.5.2757" path="socket:[48492]" dev="sockfs" ino=48492 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  605.861985][    C0] vkms_vblank_simulate: vblank timer overrun
[  605.888213][   T29] audit: type=1400 audit(1733463976.189:651): avc:  denied  { watch watch_reads } for  pid=17176 comm="syz.0.2758" path="/561/file0" dev="tmpfs" ino=2953 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  606.361371][   T29] audit: type=1400 audit(1733463976.719:652): avc:  denied  { name_bind } for  pid=17205 comm="syz.0.2765" src=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1
[  606.593252][   T29] audit: type=1326 audit(1733463976.949:653): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17205 comm="syz.0.2765" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fef7757ff19 code=0x0
[  607.945134][T17226] lo speed is unknown, defaulting to 1000
[  607.951031][T17226] lo speed is unknown, defaulting to 1000
[  607.956923][T17226] lo speed is unknown, defaulting to 1000
[  607.965461][T17226] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  607.967443][T17235] dccp_flush_write_queue: CCID did not manage to send all packets
[  607.981413][T17226] lo speed is unknown, defaulting to 1000
[  607.994175][T17226] lo speed is unknown, defaulting to 1000
[  608.006375][T17226] lo speed is unknown, defaulting to 1000
[  608.012825][T17226] lo speed is unknown, defaulting to 1000
[  608.019028][T17226] lo speed is unknown, defaulting to 1000
[  608.029641][T17226] lo speed is unknown, defaulting to 1000
[  608.103590][    C0] ==================================================================
[  608.111670][    C0] BUG: KASAN: slab-out-of-bounds in selinux_ip_output+0x1e0/0x1f0
[  608.119556][    C0] Read of size 8 at addr ffff888034380758 by task syz.0.2777/17244
[  608.127428][    C0] 
[  608.129731][    C0] CPU: 0 UID: 0 PID: 17244 Comm: syz.0.2777 Not tainted 6.13.0-rc1-syzkaller-00036-g5076001689e4 #0
[  608.140465][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  608.150501][    C0] Call Trace:
[  608.153756][    C0]  <IRQ>
[  608.156578][    C0]  dump_stack_lvl+0x116/0x1f0
[  608.161233][    C0]  print_report+0xc3/0x620
[  608.165622][    C0]  ? __virt_addr_valid+0x5e/0x590
[  608.170621][    C0]  ? __phys_addr+0xc6/0x150
[  608.175098][    C0]  kasan_report+0xd9/0x110
[  608.179485][    C0]  ? selinux_ip_output+0x1e0/0x1f0
[  608.184582][    C0]  ? selinux_ip_output+0x1e0/0x1f0
[  608.189666][    C0]  selinux_ip_output+0x1e0/0x1f0
[  608.194578][    C0]  ? __pfx_selinux_ip_output+0x10/0x10
[  608.200020][    C0]  nf_hook_slow+0xbb/0x200
[  608.204422][    C0]  nf_hook+0x386/0x6d0
[  608.208475][    C0]  ? __pfx_dst_output+0x10/0x10
[  608.213325][    C0]  ? __pfx_nf_hook+0x10/0x10
[  608.217908][    C0]  ? trace_irq_enable.constprop.0+0xea/0x140
[  608.223878][    C0]  ? __pfx_ip_reply_glue_bits+0x10/0x10
[  608.229416][    C0]  ? __pfx_dst_output+0x10/0x10
[  608.234242][    C0]  ? __ip_make_skb+0x1150/0x1d00
[  608.239243][    C0]  ? do_csum+0x26f/0x2d0
[  608.243471][    C0]  __ip_local_out+0x339/0x640
[  608.248121][    C0]  ? __pfx_dst_output+0x10/0x10
[  608.252952][    C0]  ip_push_pending_frames+0xa0/0x5b0
[  608.258216][    C0]  ip_send_unicast_reply+0xd0e/0x1650
[  608.263567][    C0]  ? __pfx_ip_send_unicast_reply+0x10/0x10
[  608.269448][    C0]  ? __pfx_lock_release+0x10/0x10
[  608.274455][    C0]  ? __ip_vs_conn_in_get+0xa0/0xbf0
[  608.279644][    C0]  ? tcp_v4_send_reset+0x1fe5/0x2f20
[  608.284917][    C0]  ? __pfx_lock_release+0x10/0x10
[  608.289921][    C0]  ? rcu_is_watching+0x12/0xc0
[  608.294678][    C0]  ? trace_irq_enable.constprop.0+0xea/0x140
[  608.300635][    C0]  tcp_v4_send_reset+0x129b/0x2f20
[  608.305721][    C0]  ? rcu_is_watching+0x12/0xc0
[  608.310470][    C0]  ? tcp_conn_schedule+0x4b3/0x830
[  608.315557][    C0]  ? __pfx_tcp_v4_send_reset+0x10/0x10
[  608.320996][    C0]  ? tcp_parse_options+0x1f5/0x11b0
[  608.326169][    C0]  ? __pfx_tcp_timewait_state_process+0x10/0x10
[  608.332385][    C0]  ? __asan_memmove+0x3c/0x60
[  608.337045][    C0]  ? tcp_v4_rcv+0x3715/0x4380
[  608.341696][    C0]  tcp_v4_rcv+0x3715/0x4380
[  608.346176][    C0]  ? __pfx_tcp_v4_rcv+0x10/0x10
[  608.351003][    C0]  ? __pfx_raw_local_deliver+0x10/0x10
[  608.356450][    C0]  ? rcu_is_watching+0x12/0xc0
[  608.361191][    C0]  ? trace_lock_acquire+0x14e/0x1f0
[  608.366364][    C0]  ? trace_irq_enable.constprop.0+0xea/0x140
[  608.372317][    C0]  ? __pfx_tcp_v4_rcv+0x10/0x10
[  608.377158][    C0]  ip_protocol_deliver_rcu+0xba/0x4c0
[  608.382519][    C0]  ip_local_deliver_finish+0x316/0x570
[  608.387949][    C0]  ip_local_deliver+0x18e/0x1f0
[  608.392805][    C0]  ? __pfx_ip_local_deliver+0x10/0x10
[  608.398173][    C0]  ip_rcv+0x2c3/0x5d0
[  608.402144][    C0]  ? __pfx_ip_rcv+0x10/0x10
[  608.406635][    C0]  __netif_receive_skb_one_core+0x199/0x1e0
[  608.412516][    C0]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  608.418915][    C0]  ? rcu_is_watching+0x12/0xc0
[  608.423668][    C0]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  608.429039][    C0]  ? process_backlog+0x3f1/0x15f0
[  608.434054][    C0]  ? process_backlog+0x3f1/0x15f0
[  608.439053][    C0]  __netif_receive_skb+0x1d/0x160
[  608.444054][    C0]  process_backlog+0x443/0x15f0
[  608.448883][    C0]  __napi_poll.constprop.0+0xb7/0x550
[  608.454242][    C0]  net_rx_action+0xa94/0x1010
[  608.458895][    C0]  ? __pfx_net_rx_action+0x10/0x10
[  608.463979][    C0]  ? __pfx_lock_release+0x10/0x10
[  608.468975][    C0]  ? kvm_sched_clock_read+0x11/0x20
[  608.474147][    C0]  ? sched_clock+0x38/0x60
[  608.478546][    C0]  ? sched_clock_cpu+0x6d/0x4d0
[  608.483369][    C0]  ? kvm_sched_clock_read+0x11/0x20
[  608.488540][    C0]  ? rcu_is_watching+0x12/0xc0
[  608.493279][    C0]  handle_softirqs+0x213/0x8f0
[  608.498017][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  608.503276][    C0]  ? irqtime_account_irq+0x18d/0x2e0
[  608.508549][    C0]  ? __dev_queue_xmit+0x89b/0x43e0
[  608.513652][    C0]  do_softirq+0xb2/0xf0
[  608.517790][    C0]  </IRQ>
[  608.520707][    C0]  <TASK>
[  608.523630][    C0]  __local_bh_enable_ip+0x100/0x120
[  608.528811][    C0]  ? __dev_queue_xmit+0x89b/0x43e0
[  608.533895][    C0]  __dev_queue_xmit+0x8b0/0x43e0
[  608.538806][    C0]  ? __pfx_avc_has_perm+0x10/0x10
[  608.543811][    C0]  ? __pfx___dev_queue_xmit+0x10/0x10
[  608.549156][    C0]  ? sel_netnode_sid+0x11e/0xb90
[  608.554073][    C0]  ? selinux_ip_postroute+0x73b/0xde0
[  608.559418][    C0]  ? __pfx_selinux_ip_postroute+0x10/0x10
[  608.565110][    C0]  ? rcu_is_watching+0x12/0xc0
[  608.569863][    C0]  ? lock_release+0x4e2/0x6f0
[  608.574510][    C0]  ? __ip_finish_output+0x49e/0x950
[  608.579691][    C0]  ? __pfx_lock_release+0x10/0x10
[  608.584686][    C0]  ? trace_lock_acquire+0x14e/0x1f0
[  608.589865][    C0]  ? rcu_is_watching+0x12/0xc0
[  608.594604][    C0]  ? __ip_finish_output+0x49e/0x950
[  608.599787][    C0]  ? rcu_is_watching+0x12/0xc0
[  608.604531][    C0]  ip_finish_output2+0xc6c/0x2150
[  608.609551][    C0]  ? __pfx_ip_finish_output2+0x10/0x10
[  608.614983][    C0]  ? ip_skb_dst_mtu+0x3fc/0xc70
[  608.619805][    C0]  ? __pfx_ip_skb_dst_mtu+0x10/0x10
[  608.624976][    C0]  ? __pfx_nf_hook+0x10/0x10
[  608.629550][    C0]  __ip_finish_output+0x49e/0x950
[  608.634564][    C0]  ? __tcp_select_window+0x2b3/0x1310
[  608.639910][    C0]  ip_finish_output+0x35/0x380
[  608.644661][    C0]  ip_output+0x13b/0x2a0
[  608.648878][    C0]  ? __pfx_ip_output+0x10/0x10
[  608.653618][    C0]  ip_local_out+0x33e/0x4a0
[  608.658096][    C0]  __ip_queue_xmit+0x777/0x1970
[  608.662941][    C0]  ? __pfx_ip_queue_xmit+0x10/0x10
[  608.668041][    C0]  __tcp_transmit_skb+0x2b39/0x3df0
[  608.673215][    C0]  ? __pfx___tcp_transmit_skb+0x10/0x10
[  608.678729][    C0]  ? rcu_is_watching+0x12/0xc0
[  608.683480][    C0]  ? __pfx_lock_release+0x10/0x10
[  608.688479][    C0]  ? trace_irq_enable.constprop.0+0xea/0x140
[  608.694432][    C0]  tcp_write_xmit+0x12b1/0x8560
[  608.699263][    C0]  ? __might_fault+0xe3/0x190
[  608.703916][    C0]  ? _copy_from_iter+0x15e/0x1560
[  608.708912][    C0]  ? trace_lock_acquire+0x14e/0x1f0
[  608.714085][    C0]  ? __alloc_skb+0x1fe/0x380
[  608.718649][    C0]  ? __virt_addr_valid+0x1a4/0x590
[  608.723744][    C0]  ? __pfx__copy_from_iter+0x10/0x10
[  608.728999][    C0]  __tcp_push_pending_frames+0xaf/0x390
[  608.734531][    C0]  tcp_push+0x221/0x6f0
[  608.738662][    C0]  tcp_sendmsg_locked+0x28d1/0x3770
[  608.743838][    C0]  ? __pfx_tcp_sendmsg_locked+0x10/0x10
[  608.749370][    C0]  ? rcu_is_watching+0x12/0xc0
[  608.754114][    C0]  ? lock_release+0x4e2/0x6f0
[  608.758762][    C0]  ? tcp_sendmsg+0x20/0x50
[  608.763155][    C0]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  608.768508][    C0]  ? rcu_is_watching+0x12/0xc0
[  608.773257][    C0]  ? trace_irq_enable.constprop.0+0xea/0x140
[  608.779227][    C0]  tcp_sendmsg+0x2e/0x50
[  608.783454][    C0]  ? __pfx_tcp_sendmsg+0x10/0x10
[  608.788386][    C0]  inet_sendmsg+0xb9/0x140
[  608.792800][    C0]  ____sys_sendmsg+0x98c/0xc90
[  608.797542][    C0]  ? copy_msghdr_from_user+0x10b/0x160
[  608.802974][    C0]  ? __pfx_____sys_sendmsg+0x10/0x10
[  608.808236][    C0]  ? try_to_wake_up+0x953/0x1490
[  608.813148][    C0]  ___sys_sendmsg+0x135/0x1e0
[  608.817810][    C0]  ? __pfx____sys_sendmsg+0x10/0x10
[  608.822980][    C0]  ? __pfx_lock_release+0x10/0x10
[  608.827977][    C0]  ? trace_lock_acquire+0x14e/0x1f0
[  608.833152][    C0]  ? __fget_files+0x206/0x3a0
[  608.837806][    C0]  __sys_sendmsg+0x16e/0x220
[  608.842365][    C0]  ? __pfx___sys_sendmsg+0x10/0x10
[  608.847449][    C0]  ? __x64_sys_futex+0x1e1/0x4c0
[  608.852361][    C0]  ? rcu_is_watching+0x12/0xc0
[  608.857100][    C0]  ? rcu_is_watching+0x12/0xc0
[  608.861841][    C0]  do_syscall_64+0xcd/0x250
[  608.866332][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  608.872202][    C0] RIP: 0033:0x7fef7757ff19
[  608.876591][    C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  608.896184][    C0] RSP: 002b:00007fef782f6058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  608.904572][    C0] RAX: ffffffffffffffda RBX: 00007fef77746080 RCX: 00007fef7757ff19
[  608.912518][    C0] RDX: 00000000000052cc RSI: 0000000020000040 RDI: 0000000000000008
[  608.920474][    C0] RBP: 00007fef775f3986 R08: 0000000000000000 R09: 0000000000000000
[  608.928417][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  608.936366][    C0] R13: 0000000000000000 R14: 00007fef77746080 R15: 00007ffd3f21c618
[  608.944315][    C0]  </TASK>
[  608.947310][    C0] 
[  608.949607][    C0] The buggy address belongs to the object at ffff8880343806e0
[  608.949607][    C0]  which belongs to the cache tw_sock_TCPv6 of size 288
[  608.963806][    C0] The buggy address is located 120 bytes inside of
[  608.963806][    C0]  allocated 288-byte region [ffff8880343806e0, ffff888034380800)
[  608.977918][    C0] 
[  608.980217][    C0] The buggy address belongs to the physical page:
[  608.986607][    C0] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888034380580 pfn:0x34380
[  608.996647][    C0] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  609.005138][    C0] memcg:ffff8880298ede01
[  609.009351][    C0] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  609.016876][    C0] page_type: f5(slab)
[  609.020844][    C0] raw: 00fff00000000040 ffff888030f3e3c0 dead000000000122 0000000000000000
[  609.029401][    C0] raw: ffff888034380580 0000000080170014 00000001f5000000 ffff8880298ede01
[  609.037957][    C0] head: 00fff00000000040 ffff888030f3e3c0 dead000000000122 0000000000000000
[  609.046597][    C0] head: ffff888034380580 0000000080170014 00000001f5000000 ffff8880298ede01
[  609.055249][    C0] head: 00fff00000000001 ffffea0000d0e001 ffffffffffffffff 0000000000000000
[  609.063913][    C0] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[  609.072551][    C0] page dumped because: kasan: bad access detected
[  609.078931][    C0] page_owner tracks the page as allocated
[  609.084614][    C0] page last allocated via order 1, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 6026, tgid 6025 (syz.1.37), ts 53892603976, free_ts 53770599968
[  609.103509][    C0]  post_alloc_hook+0x2d1/0x350
[  609.108248][    C0]  get_page_from_freelist+0xfce/0x2f80
[  609.113678][    C0]  __alloc_pages_noprof+0x223/0x25b0
[  609.118946][    C0]  alloc_pages_mpol_noprof+0x2c9/0x610
[  609.124395][    C0]  new_slab+0x2c9/0x410
[  609.128525][    C0]  ___slab_alloc+0xdac/0x1870
[  609.133173][    C0]  __slab_alloc.constprop.0+0x56/0xb0
[  609.138520][    C0]  kmem_cache_alloc_noprof+0xfa/0x3d0
[  609.143863][    C0]  inet_twsk_alloc+0x120/0x970
[  609.148605][    C0]  tcp_time_wait+0x5f/0xe10
[  609.153090][    C0]  tcp_rcv_state_process+0x1fda/0x4c40
[  609.158524][    C0]  tcp_v6_do_rcv+0x492/0x1730
[  609.163176][    C0]  __release_sock+0x14c/0x400
[  609.167828][    C0]  release_sock+0x5a/0x220
[  609.172213][    C0]  mptcp_check_send_data_fin+0x24a/0x450
[  609.177816][    C0]  mptcp_shutdown+0xde/0x110
[  609.182377][    C0] page last free pid 6006 tgid 6005 stack trace:
[  609.188672][    C0]  free_unref_page+0x661/0x1080
[  609.193507][    C0]  rcu_core+0x79d/0x14d0
[  609.197721][    C0]  handle_softirqs+0x213/0x8f0
[  609.202458][    C0]  __irq_exit_rcu+0x109/0x170
[  609.207119][    C0]  irq_exit_rcu+0x9/0x30
[  609.211334][    C0]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  609.216938][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  609.222891][    C0] 
[  609.225190][    C0] Memory state around the buggy address:
[  609.230798][    C0]  ffff888034380600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  609.238843][    C0]  ffff888034380680: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc
[  609.246881][    C0] >ffff888034380700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  609.252353][ T5836] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  609.254913][    C0]                                                     ^
[  609.254928][    C0]  ffff888034380780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  609.276190][    C0]  ffff888034380800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  609.284228][    C0] ==================================================================
[  609.292532][    C0] vkms_vblank_simulate: vblank timer overrun
[  609.298616][    C0] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  609.305791][    C0] CPU: 0 UID: 0 PID: 17244 Comm: syz.0.2777 Not tainted 6.13.0-rc1-syzkaller-00036-g5076001689e4 #0
[  609.316520][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  609.326546][    C0] Call Trace:
[  609.329799][    C0]  <IRQ>
[  609.332644][    C0]  dump_stack_lvl+0x3d/0x1f0
[  609.337213][    C0]  panic+0x71d/0x800
[  609.341087][    C0]  ? __pfx_panic+0x10/0x10
[  609.345578][    C0]  ? trace_irq_enable.constprop.0+0xea/0x140
[  609.351535][    C0]  ? check_panic_on_warn+0x1f/0xb0
[  609.356619][    C0]  check_panic_on_warn+0xab/0xb0
[  609.361529][    C0]  end_report+0x117/0x180
[  609.365836][    C0]  kasan_report+0xe9/0x110
[  609.370227][    C0]  ? selinux_ip_output+0x1e0/0x1f0
[  609.375312][    C0]  ? selinux_ip_output+0x1e0/0x1f0
[  609.380399][    C0]  selinux_ip_output+0x1e0/0x1f0
[  609.385319][    C0]  ? __pfx_selinux_ip_output+0x10/0x10
[  609.390762][    C0]  nf_hook_slow+0xbb/0x200
[  609.395153][    C0]  nf_hook+0x386/0x6d0
[  609.399209][    C0]  ? __pfx_dst_output+0x10/0x10
[  609.404034][    C0]  ? __pfx_nf_hook+0x10/0x10
[  609.408595][    C0]  ? trace_irq_enable.constprop.0+0xea/0x140
[  609.414548][    C0]  ? __pfx_ip_reply_glue_bits+0x10/0x10
[  609.420069][    C0]  ? __pfx_dst_output+0x10/0x10
[  609.424894][    C0]  ? __ip_make_skb+0x1150/0x1d00
[  609.429808][    C0]  ? do_csum+0x26f/0x2d0
[  609.434038][    C0]  __ip_local_out+0x339/0x640
[  609.438687][    C0]  ? __pfx_dst_output+0x10/0x10
[  609.443512][    C0]  ip_push_pending_frames+0xa0/0x5b0
[  609.448769][    C0]  ip_send_unicast_reply+0xd0e/0x1650
[  609.454116][    C0]  ? __pfx_ip_send_unicast_reply+0x10/0x10
[  609.459897][    C0]  ? __pfx_lock_release+0x10/0x10
[  609.464903][    C0]  ? __ip_vs_conn_in_get+0xa0/0xbf0
[  609.470088][    C0]  ? tcp_v4_send_reset+0x1fe5/0x2f20
[  609.475349][    C0]  ? __pfx_lock_release+0x10/0x10
[  609.480350][    C0]  ? rcu_is_watching+0x12/0xc0
[  609.485092][    C0]  ? trace_irq_enable.constprop.0+0xea/0x140
[  609.491061][    C0]  tcp_v4_send_reset+0x129b/0x2f20
[  609.496153][    C0]  ? rcu_is_watching+0x12/0xc0
[  609.500896][    C0]  ? tcp_conn_schedule+0x4b3/0x830
[  609.505994][    C0]  ? __pfx_tcp_v4_send_reset+0x10/0x10
[  609.511430][    C0]  ? tcp_parse_options+0x1f5/0x11b0
[  609.516603][    C0]  ? __pfx_tcp_timewait_state_process+0x10/0x10
[  609.522828][    C0]  ? __asan_memmove+0x3c/0x60
[  609.527564][    C0]  ? tcp_v4_rcv+0x3715/0x4380
[  609.532213][    C0]  tcp_v4_rcv+0x3715/0x4380
[  609.536689][    C0]  ? __pfx_tcp_v4_rcv+0x10/0x10
[  609.541516][    C0]  ? __pfx_raw_local_deliver+0x10/0x10
[  609.546950][    C0]  ? rcu_is_watching+0x12/0xc0
[  609.551688][    C0]  ? trace_lock_acquire+0x14e/0x1f0
[  609.556861][    C0]  ? trace_irq_enable.constprop.0+0xea/0x140
[  609.562813][    C0]  ? __pfx_tcp_v4_rcv+0x10/0x10
[  609.567640][    C0]  ip_protocol_deliver_rcu+0xba/0x4c0
[  609.572987][    C0]  ip_local_deliver_finish+0x316/0x570
[  609.578437][    C0]  ip_local_deliver+0x18e/0x1f0
[  609.583268][    C0]  ? __pfx_ip_local_deliver+0x10/0x10
[  609.588622][    C0]  ip_rcv+0x2c3/0x5d0
[  609.592585][    C0]  ? __pfx_ip_rcv+0x10/0x10
[  609.597075][    C0]  __netif_receive_skb_one_core+0x199/0x1e0
[  609.602947][    C0]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  609.609336][    C0]  ? rcu_is_watching+0x12/0xc0
[  609.614089][    C0]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  609.619447][    C0]  ? process_backlog+0x3f1/0x15f0
[  609.624444][    C0]  ? process_backlog+0x3f1/0x15f0
[  609.629441][    C0]  __netif_receive_skb+0x1d/0x160
[  609.634440][    C0]  process_backlog+0x443/0x15f0
[  609.639266][    C0]  __napi_poll.constprop.0+0xb7/0x550
[  609.644625][    C0]  net_rx_action+0xa94/0x1010
[  609.649296][    C0]  ? __pfx_net_rx_action+0x10/0x10
[  609.654402][    C0]  ? __pfx_lock_release+0x10/0x10
[  609.659410][    C0]  ? kvm_sched_clock_read+0x11/0x20
[  609.664595][    C0]  ? sched_clock+0x38/0x60
[  609.668994][    C0]  ? sched_clock_cpu+0x6d/0x4d0
[  609.673819][    C0]  ? kvm_sched_clock_read+0x11/0x20
[  609.678992][    C0]  ? rcu_is_watching+0x12/0xc0
[  609.683745][    C0]  handle_softirqs+0x213/0x8f0
[  609.688484][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  609.693741][    C0]  ? irqtime_account_irq+0x18d/0x2e0
[  609.699011][    C0]  ? __dev_queue_xmit+0x89b/0x43e0
[  609.704107][    C0]  do_softirq+0xb2/0xf0
[  609.708235][    C0]  </IRQ>
[  609.711140][    C0]  <TASK>
[  609.714046][    C0]  __local_bh_enable_ip+0x100/0x120
[  609.719215][    C0]  ? __dev_queue_xmit+0x89b/0x43e0
[  609.724300][    C0]  __dev_queue_xmit+0x8b0/0x43e0
[  609.729213][    C0]  ? __pfx_avc_has_perm+0x10/0x10
[  609.734214][    C0]  ? __pfx___dev_queue_xmit+0x10/0x10
[  609.739559][    C0]  ? sel_netnode_sid+0x11e/0xb90
[  609.744469][    C0]  ? selinux_ip_postroute+0x73b/0xde0
[  609.749826][    C0]  ? __pfx_selinux_ip_postroute+0x10/0x10
[  609.755532][    C0]  ? rcu_is_watching+0x12/0xc0
[  609.760271][    C0]  ? lock_release+0x4e2/0x6f0
[  609.764920][    C0]  ? __ip_finish_output+0x49e/0x950
[  609.770091][    C0]  ? __pfx_lock_release+0x10/0x10
[  609.775088][    C0]  ? trace_lock_acquire+0x14e/0x1f0
[  609.780261][    C0]  ? rcu_is_watching+0x12/0xc0
[  609.784998][    C0]  ? __ip_finish_output+0x49e/0x950
[  609.790174][    C0]  ? rcu_is_watching+0x12/0xc0
[  609.794911][    C0]  ip_finish_output2+0xc6c/0x2150
[  609.799909][    C0]  ? __pfx_ip_finish_output2+0x10/0x10
[  609.805340][    C0]  ? ip_skb_dst_mtu+0x3fc/0xc70
[  609.810164][    C0]  ? __pfx_ip_skb_dst_mtu+0x10/0x10
[  609.815344][    C0]  ? __pfx_nf_hook+0x10/0x10
[  609.819921][    C0]  __ip_finish_output+0x49e/0x950
[  609.824929][    C0]  ? __tcp_select_window+0x2b3/0x1310
[  609.830276][    C0]  ip_finish_output+0x35/0x380
[  609.835034][    C0]  ip_output+0x13b/0x2a0
[  609.839256][    C0]  ? __pfx_ip_output+0x10/0x10
[  609.843993][    C0]  ip_local_out+0x33e/0x4a0
[  609.848557][    C0]  __ip_queue_xmit+0x777/0x1970
[  609.853387][    C0]  ? __pfx_ip_queue_xmit+0x10/0x10
[  609.858476][    C0]  __tcp_transmit_skb+0x2b39/0x3df0
[  609.863651][    C0]  ? __pfx___tcp_transmit_skb+0x10/0x10
[  609.869166][    C0]  ? rcu_is_watching+0x12/0xc0
[  609.873908][    C0]  ? __pfx_lock_release+0x10/0x10
[  609.878921][    C0]  ? trace_irq_enable.constprop.0+0xea/0x140
[  609.884877][    C0]  tcp_write_xmit+0x12b1/0x8560
[  609.889712][    C0]  ? __might_fault+0xe3/0x190
[  609.894367][    C0]  ? _copy_from_iter+0x15e/0x1560
[  609.899362][    C0]  ? trace_lock_acquire+0x14e/0x1f0
[  609.904540][    C0]  ? __alloc_skb+0x1fe/0x380
[  609.909106][    C0]  ? __virt_addr_valid+0x1a4/0x590
[  609.914193][    C0]  ? __pfx__copy_from_iter+0x10/0x10
[  609.919463][    C0]  __tcp_push_pending_frames+0xaf/0x390
[  609.924980][    C0]  tcp_push+0x221/0x6f0
[  609.929150][    C0]  tcp_sendmsg_locked+0x28d1/0x3770
[  609.934344][    C0]  ? __pfx_tcp_sendmsg_locked+0x10/0x10
[  609.939876][    C0]  ? rcu_is_watching+0x12/0xc0
[  609.944628][    C0]  ? lock_release+0x4e2/0x6f0
[  609.949292][    C0]  ? tcp_sendmsg+0x20/0x50
[  609.953689][    C0]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  609.959123][    C0]  ? rcu_is_watching+0x12/0xc0
[  609.963873][    C0]  ? trace_irq_enable.constprop.0+0xea/0x140
[  609.969829][    C0]  tcp_sendmsg+0x2e/0x50
[  609.974049][    C0]  ? __pfx_tcp_sendmsg+0x10/0x10
[  609.978964][    C0]  inet_sendmsg+0xb9/0x140
[  609.983361][    C0]  ____sys_sendmsg+0x98c/0xc90
[  609.988098][    C0]  ? copy_msghdr_from_user+0x10b/0x160
[  609.993528][    C0]  ? __pfx_____sys_sendmsg+0x10/0x10
[  609.998786][    C0]  ? try_to_wake_up+0x953/0x1490
[  610.003698][    C0]  ___sys_sendmsg+0x135/0x1e0
[  610.008345][    C0]  ? __pfx____sys_sendmsg+0x10/0x10
[  610.013517][    C0]  ? __pfx_lock_release+0x10/0x10
[  610.018516][    C0]  ? trace_lock_acquire+0x14e/0x1f0
[  610.023701][    C0]  ? __fget_files+0x206/0x3a0
[  610.028351][    C0]  __sys_sendmsg+0x16e/0x220
[  610.032917][    C0]  ? __pfx___sys_sendmsg+0x10/0x10
[  610.038000][    C0]  ? __x64_sys_futex+0x1e1/0x4c0
[  610.042913][    C0]  ? rcu_is_watching+0x12/0xc0
[  610.047652][    C0]  ? rcu_is_watching+0x12/0xc0
[  610.052391][    C0]  do_syscall_64+0xcd/0x250
[  610.056870][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  610.062738][    C0] RIP: 0033:0x7fef7757ff19
[  610.067126][    C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  610.086724][    C0] RSP: 002b:00007fef782f6058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  610.095213][    C0] RAX: ffffffffffffffda RBX: 00007fef77746080 RCX: 00007fef7757ff19
[  610.103169][    C0] RDX: 00000000000052cc RSI: 0000000020000040 RDI: 0000000000000008
[  610.111117][    C0] RBP: 00007fef775f3986 R08: 0000000000000000 R09: 0000000000000000
[  610.119067][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  610.127019][    C0] R13: 0000000000000000 R14: 00007fef77746080 R15: 00007ffd3f21c618
[  610.134967][    C0]  </TASK>
[  610.138163][    C0] Kernel Offset: disabled
[  610.142466][    C0] Rebooting in 86400 seconds..