last executing test programs:

3m49.569626242s ago: executing program 4 (id=1633):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000600)={0x6, 0x6, &(0x7f0000000a00)=@framed={{}, [@jmp={0x6, 0x0, 0xc, 0x0, 0x0, 0x1, 0x25}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @exit]}, &(0x7f0000000100)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB='\x00'/15, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000100000000000d0000"], 0x48)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
r0 = socket(0x200000000000011, 0x2, 0x100)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge0\x00'})
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0x62d81)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, 0x0)
write$sndseq(r1, &(0x7f00000001c0)=[{0x23, 0x2, 0x0, 0x0, @tick=0x1, {}, {}, @queue={0x0, {0x7a120}}}], 0x1c)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x0, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
mount$9p_fd(0x0, 0x0, &(0x7f0000000040), 0x2860020, &(0x7f0000000180)=ANY=[])
r3 = getpid()
socket$netlink(0x10, 0x3, 0x8)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r4=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
open_by_handle_at(0xffffffffffffffff, &(0x7f0000000180)=ANY=[], 0x1)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000180), r5)
sendmsg$IEEE802154_LLSEC_LIST_SECLEVEL(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000001c0)={0x14, r6, 0x31f, 0xffffffff}, 0x14}, 0x1, 0x0, 0x0, 0x40c0}, 0x0)

3m48.625701148s ago: executing program 4 (id=1636):
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x5, 0x1000086}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x43, &(0x7f0000000040)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000a40)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ftruncate(0xffffffffffffffff, 0x200000000000)
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000280)={@mcast1, 0x800, 0x0, 0x103, 0x1}, 0x20)
r2 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e20, @loopback}, 0x10)
bind$inet(r2, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
sendmsg$xdp(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000900)='Z', 0xffaa}, {&(0x7f0000000040)="a3d7f3e8a9cf9e3887a6f6eca30e90d85fcfa281378973ab916b0e1d03bd28bca55c552da8cfecb0fbccbfb18ef20fe9541e0e1e8fa214cb6bb0455c2386f5ebb4730be449beb72f481c1429d6eb835b76fd1fdcacd50b884c98caa871ec4e225b6036b6ad2638ab5b06828c10fc355b170075f37b748b8f466fe29f40ec981d1431132bca9884654780b3205ed61f49c3b3b6229593e61d13a8505de19a8a0f502d4f3148f9450ed35ef5950bb7fefcf299beed14", 0xb5}], 0x2}, 0x0)
recvmmsg(r2, &(0x7f0000005680)=[{{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f000001a240)=""/4112, 0x1010}], 0x1}, 0x1}], 0x1, 0x0, 0x0)
setsockopt$inet6_int(r1, 0x29, 0x1000000000021, &(0x7f0000000040)=0x5, 0x4)

3m47.445933398s ago: executing program 4 (id=1642):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000080)='./binderfs/binder0\x00', 0x0, 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, 0x0, 0x0)
syz_open_dev$amidi(&(0x7f0000000480), 0x2, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.sectors\x00', 0x0, 0x0)
preadv(r2, &(0x7f00000000c0)=[{&(0x7f0000000240)=""/140, 0x8c}], 0x1, 0x0, 0x0)
pselect6(0x40, &(0x7f0000000000)={0x0, 0x0, 0x8000000000000000, 0x0, 0x0, 0x0, 0x9, 0x10000000}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x8, 0x1b, 0x80000000000005, 0x2, 0x7}, 0x0, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)

3m45.73598595s ago: executing program 4 (id=1648):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000000c0)=0x22, 0x4)
pipe2(&(0x7f0000000040)={<r1=>0xffffffffffffffff}, 0x84880)
ioctl$FIONREAD(r1, 0x541b, 0xfffffffffffffffe)

3m45.623854874s ago: executing program 4 (id=1649):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x0, 0x0, &(0x7f0000000180)='GPL\x00', 0xfffffffc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
mkdir(&(0x7f0000000200)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000140)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdir(&(0x7f0000001c00)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x800400, 0x0)
r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/psched\x00')
pread64(r1, &(0x7f00000002c0)=""/163, 0xa3, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, &(0x7f0000000180))

3m44.679785157s ago: executing program 4 (id=1652):
creat(&(0x7f00000001c0)='./bus\x00', 0x171)
open(&(0x7f0000000100)='./bus\x00', 0x0, 0x10)
syz_io_uring_setup(0x88f, 0x0, 0x0, 0x0)
truncate(&(0x7f00000000c0)='./bus\x00', 0x9471)
dup(0xffffffffffffffff)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xc36e5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r5, &(0x7f0000000440)={0xa, 0x2, 0x0, @empty}, 0x1c)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)={0x98, 0x3e, 0x200, 0x0, 0x800, {0x1b}, [@typed={0x8, 0x4, 0x0, 0x0, @fd=r0}, @nested={0x7c, 0xc, 0x0, 0x1, [@nested={0x78, 0xe, 0x0, 0x1, [@generic="8ebb122302583246611d8a6ff5e53d1fd83167536b8bcaeb76fc4bee68dd1f272246eff723bad42a420bdeec6aeb254e3ae575c769d1b032050060e0661125a897fe0254b8a2b107d166d29868aa83f0b64b70274aa783b5f9688b2ab13168cb00005714d1922fc99f33a9703791fff39cc2d55c"]}]}]}, 0x98}, 0x1, 0x0, 0x0, 0x40080}, 0x0)
listen(r5, 0x2)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r7, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
setsockopt$inet6_int(r7, 0x29, 0x3c, &(0x7f0000000000)=0x3, 0x4)
sendto$inet6(r7, &(0x7f0000000040)="c4f978705256fb7ac574d7872f270c", 0xf, 0x20000845, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @rand_addr, 0x5}, 0x1c)

3m29.607624396s ago: executing program 32 (id=1652):
creat(&(0x7f00000001c0)='./bus\x00', 0x171)
open(&(0x7f0000000100)='./bus\x00', 0x0, 0x10)
syz_io_uring_setup(0x88f, 0x0, 0x0, 0x0)
truncate(&(0x7f00000000c0)='./bus\x00', 0x9471)
dup(0xffffffffffffffff)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xc36e5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r5, &(0x7f0000000440)={0xa, 0x2, 0x0, @empty}, 0x1c)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)={0x98, 0x3e, 0x200, 0x0, 0x800, {0x1b}, [@typed={0x8, 0x4, 0x0, 0x0, @fd=r0}, @nested={0x7c, 0xc, 0x0, 0x1, [@nested={0x78, 0xe, 0x0, 0x1, [@generic="8ebb122302583246611d8a6ff5e53d1fd83167536b8bcaeb76fc4bee68dd1f272246eff723bad42a420bdeec6aeb254e3ae575c769d1b032050060e0661125a897fe0254b8a2b107d166d29868aa83f0b64b70274aa783b5f9688b2ab13168cb00005714d1922fc99f33a9703791fff39cc2d55c"]}]}]}, 0x98}, 0x1, 0x0, 0x0, 0x40080}, 0x0)
listen(r5, 0x2)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r7, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
setsockopt$inet6_int(r7, 0x29, 0x3c, &(0x7f0000000000)=0x3, 0x4)
sendto$inet6(r7, &(0x7f0000000040)="c4f978705256fb7ac574d7872f270c", 0xf, 0x20000845, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @rand_addr, 0x5}, 0x1c)

12.60767086s ago: executing program 0 (id=2421):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = syz_usb_connect(0x0, 0x2d, &(0x7f00000004c0)={{0x12, 0x1, 0x141, 0x30, 0xf5, 0x69, 0x20, 0x5ac, 0x219, 0xf072, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x55, 0x7, 0x1, 0x3, 0x49, 0x2, 0x0, [], [{{0x9, 0x5, 0x82, 0x3, 0x400, 0x0, 0x33, 0x81}}]}}]}}]}}, 0x0)
syz_usb_control_io(r1, 0x0, &(0x7f0000000580)={0x84, &(0x7f0000000540)={0x0, 0x8c7c8f6744f0b74e, 0x8, "d4a911bb11e39d2e"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_ep_write$ath9k_ep1(r1, 0x82, 0x40, &(0x7f0000000000)=ANY=[@ANYRESOCT, @ANYRESOCT=r1, @ANYBLOB="e95533571ddf3463f7aca39c428e1cb2b9b9"])
sched_setscheduler(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x101000, 0x9)
r3 = syz_create_resource$binfmt(&(0x7f00000000c0)='./file0\x00')
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3, &(0x7f0000000240)=@framed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket(0x1, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0xc, 0x4, 0x4, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r4}, &(0x7f0000000080), &(0x7f00000002c0)}, 0x20)
close(0x3)
bpf$BPF_GET_MAP_INFO(0x3, &(0x7f0000000140)={r4, 0x0, 0x0}, 0x10)
sendmsg$IPSET_CMD_ADD(r0, &(0x7f0000000880)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000840)={&(0x7f0000000780)={0x84, 0x9, 0x6, 0x5, 0x0, 0x0, {0x3, 0x0, 0x3}, [@IPSET_ATTR_DATA={0x4c, 0x7, 0x0, 0x1, [@IPSET_ATTR_SKBPRIO={0x8, 0x1c, 0x1, 0x0, 0x10001}, @IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x9}, @IPSET_ATTR_SKBMARK={0xc, 0x1b, 0x1, 0x0, 0x8}, @IPSET_ATTR_IP_TO={0x18, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @empty}}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0xf}, @IPSET_ATTR_SKBMARK={0xc, 0x1b, 0x1, 0x0, 0x2}]}, @IPSET_ATTR_ADT={0x24, 0x8, 0x0, 0x1, [{0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_NAMEREF={0x9, 0x13, 'syz2\x00'}}, {0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @private=0xa010102}}}]}]}, 0x84}, 0x1, 0x0, 0x0, 0x4000080}, 0x10)
execveat$binfmt(r2, r3, &(0x7f0000000300)={[&(0x7f0000000100)='/\x00', &(0x7f0000000140)=':-\x00', &(0x7f0000000180)='\x00', &(0x7f00000001c0)='\x00', &(0x7f0000000200)='}\x00', &(0x7f0000000240)='/.@!\x00', &(0x7f0000000280)='}!\x00', &(0x7f00000002c0)=',%\x00']}, &(0x7f0000000480)={[&(0x7f0000000380)='}\x00', &(0x7f00000003c0)='\x00', &(0x7f0000000400)='@{\\{\x00', &(0x7f0000000440)='\x00']}, 0x800)
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0)

9.471965739s ago: executing program 0 (id=2434):
syz_emit_ethernet(0x42, &(0x7f0000001540)=ANY=[@ANYBLOB="01040000aaaa86082b98270c1100fe8000000000000000000000000000aa200100000000000000000000000000014e224e23000c9078410600"/66], 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000009c0)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$inet_udp(0x2, 0x2, 0x0)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x4044844}, 0x404c001)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSIGACCEPT(r3, 0x4b4e, 0x80000013)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/bus/input/handlers\x00', 0x0, 0x0)
syz_usb_connect(0x0, 0x43, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x43, 0xa5, 0xaa, 0x40, 0x1b80, 0xe396, 0xa7b1, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x68, 0x5b, 0xd1}}]}}]}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8b30, &(0x7f00000000c0)={'wlan0\x00'})
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSETELEM={0x20, 0x1e, 0xa, 0x105, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x68}}, 0x0)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
fcntl$getownex(r5, 0x10, &(0x7f0000000480)={0x0, <r6=>0x0})
kcmp(0x0, r6, 0x3, r2, r1)
r7 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
r9 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000580)=ANY=[@ANYBLOB="34000000200001000000000000000000028014000000000000000000050019003c00000008000200ac1414aa08000100d6f2e5e4"], 0x34}}, 0x48850)
ioctl$KVM_SET_MSRS(r8, 0xc008ae88, &(0x7f0000000240)=ANY=[@ANYBLOB="050000000000000005010040"])
syz_genetlink_get_family_id$mptcp(&(0x7f0000000100), 0xffffffffffffffff)

9.373145523s ago: executing program 2 (id=2436):
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
r0 = getpid()
prlimit64(r0, 0xe, &(0x7f0000000000)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x3, &(0x7f0000000540)=ANY=[@ANYBLOB], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4, @void, @value}, 0x94)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$inet_udplite(0x2, 0x2, 0x88)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, 0x0, 0x80)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3e)
syz_init_net_socket$llc(0x1a, 0x2, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
r5 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000080)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffb)
add_key(&(0x7f0000000040)='pkcs7_test\x00', 0x0, &(0x7f00000000c0)="100c0601001000bad775aa1b71ca", 0xe, r5)
sendto$inet6(r4, &(0x7f0000000300)="8b", 0x34000, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @private1}, 0x1c)
r6 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000), 0x41, 0x0)
write$nbd(r6, &(0x7f0000000340)=ANY=[@ANYBLOB="01"], 0x40)
sendto$inet6(r4, &(0x7f0000000100)='y^S${', 0x5, 0x20000040, &(0x7f0000000140)={0xa, 0x4e24, 0x5, @private2={0xfc, 0x2, '\x00', 0x1}, 0xb}, 0x1c)
bind$alg(r3, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-blowfish-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000180)="ad060000", 0x4)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000380)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000140)="17", 0x1}, {&(0x7f0000002a40)="0d5ebfd6dfe98a01b2fb5b0eb19a417353a0833d961a98422333bb10a75289c4353c82666dbc1db13e21381283bf8a01be70deccac2c9bce8a8ea365f060b795c3238d7219c2d3020933c9c39c6d0cbc957ec3f682cac392c2a627a0c386d59681fdfd5ea467e2db933c4ae7a5aafaa8c86de5dfdc5ed01a788fc636bf7a8062bebeff2374151183", 0x88}], 0x2, &(0x7f0000003840)=ANY=[@ANYBLOB='@'], 0x40}}], 0x1, 0x715076165a76ad26)

7.854644026s ago: executing program 2 (id=2439):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f00000002c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4)
setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x1, &(0x7f0000000140)=@gcm_128={{0x303}, "87ee8ac6c46dad33", "2607080d7f4fcf00fd4ef2dece6c7c58"}, 0x28)
sendmsg$inet(r3, 0x0, 0x0)
setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x2, &(0x7f0000000680)=@gcm_128={{0x303}, "000037d7009400", "c0b6c5b29ca2b838d41ac2fc7ddf972d", "e9be1eae", "bb10000000000001"}, 0x28)
recvfrom$inet6(r3, &(0x7f0000000840)=""/20, 0x14, 0x140, 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$SNDCTL_DSP_RESET(0xffffffffffffffff, 0x5000, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240))
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, @void, @value}, 0x28)
ioctl$KVM_RUN(r5, 0xae80, 0xcc9)

6.719065003s ago: executing program 2 (id=2446):
openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0)
r0 = syz_io_uring_setup(0x27f1, &(0x7f0000000340)={0x0, 0x0, 0x10100}, &(0x7f0000000140), &(0x7f0000000100)=<r1=>0x0)
syz_io_uring_setup(0x1868, &(0x7f00000003c0), &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000180))
syz_io_uring_submit(r2, r1, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54})
io_uring_enter(r0, 0x184c, 0x0, 0x0, 0x0, 0x0)

6.718250638s ago: executing program 2 (id=2447):
syz_emit_ethernet(0x42, &(0x7f0000001540)=ANY=[@ANYBLOB="01040000aaaa86082b98270c1100fe8000000000000000000000000000aa200100000000000000000000000000014e224e23000c9078410600"/66], 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000009c0)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$inet_udp(0x2, 0x2, 0x0)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x4044844}, 0x404c001)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSIGACCEPT(r3, 0x4b4e, 0x80000013)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/bus/input/handlers\x00', 0x0, 0x0)
syz_usb_connect(0x0, 0x43, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x43, 0xa5, 0xaa, 0x40, 0x1b80, 0xe396, 0xa7b1, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x68, 0x5b, 0xd1}}]}}]}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8b30, &(0x7f00000000c0)={'wlan0\x00'})
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSETELEM={0x20, 0x1e, 0xa, 0x105, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x68}}, 0x0)
r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
fcntl$getownex(r6, 0x10, &(0x7f0000000480)={0x0, <r7=>0x0})
kcmp(0x0, r7, 0x3, r2, r1)
r8 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
r10 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000580)=ANY=[@ANYBLOB="34000000200001000000000000000000028014000000000000000000050019003c00000008000200ac1414aa08000100d6f2e5e4"], 0x34}}, 0x48850)
ioctl$KVM_SET_MSRS(r9, 0xc008ae88, &(0x7f0000000240)=ANY=[@ANYBLOB="050000000000000005010040"])
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000001c0)={'syztnl0\x00', &(0x7f0000000140)={'syztnl1\x00', 0x0, 0x2f, 0x7, 0x2, 0x401, 0x4, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @empty, 0x20, 0x29, 0x6, 0xf}})
r11 = openat$autofs(0xffffffffffffff9c, &(0x7f00000003c0), 0x4cf00, 0x0)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r11, 0xc0189372, &(0x7f0000000400)={{0x1, 0x1, 0x18, r0, {0x6}}, './file0\x00'})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000200))
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000080)={0x10, 0x30, 0xfa00, {&(0x7f0000000040), 0x1, {0xa, 0x4e21, 0x2, @empty, 0x2}}}, 0x38)

6.421619339s ago: executing program 0 (id=2448):
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x12, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
epoll_create1(0x0)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4080)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000500)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000027c0)={0x11, 0x4, &(0x7f0000000a40)=ANY=[@ANYBLOB="1801000000050000000000000000ea0485000000d000000095"], &(0x7f0000000a00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
r4 = socket$inet6(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001900010000000000000000000218000000"], 0x2c}}, 0x0)
sendto$inet6(r4, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b)
bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0)
ioprio_set$pid(0x2, 0x0, 0x0)
landlock_create_ruleset(0x0, 0x0, 0x0)
openat$nullb(0xffffffffffffff9c, 0x0, 0x282, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r6 = syz_open_dev$vbi(&(0x7f00000001c0), 0x0, 0x2)
ioctl$VIDIOC_S_INPUT(r6, 0xc0045627, &(0x7f0000000100)=0x3)
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r6, 0xc0845657, &(0x7f0000000200)={0x0, @bt={0xa8f, 0x86c, 0x1, 0x1, 0xd59f80, 0x19f2, 0x83f, 0x19ef, 0x3, 0x5, 0x2800, 0x6, 0x2, 0xba2, 0xc, 0x30, {0x8, 0xffffffff}, 0xd0, 0x1}})
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000c80)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r5}, {}, {0x7, 0x0, 0xb, 0x2}, {0x85, 0x0, 0x0, 0x51}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x5}}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000780)={r7, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000400)="5aee41dea43e9eee28e622e563a3", 0x0, 0x3e, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

5.476108508s ago: executing program 0 (id=2449):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x5, 0x1000086}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x43, &(0x7f0000000040)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={0x0, 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ftruncate(0xffffffffffffffff, 0x200000000000)
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000280)={@mcast1, 0x800, 0x0, 0x103, 0x1}, 0x20)
r2 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e20, @loopback}, 0x10)
bind$inet(r2, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
sendmsg$xdp(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000900)='Z', 0xffaa}, {&(0x7f0000000040)="a3d7f3e8a9cf9e3887a6f6eca30e90d85fcfa281378973ab916b0e1d03bd28bca55c552da8cfecb0fbccbfb18ef20fe9541e0e1e8fa214cb6bb0455c2386f5ebb4730be449beb72f481c1429d6eb835b76fd1fdcacd50b884c98caa871ec4e225b6036b6ad2638ab5b06828c10fc355b170075f37b748b8f466fe29f40ec981d1431132bca9884654780b3205ed61f49c3b3b6229593e61d13a8505de19a8a0f502d4f3148f9450ed35ef5950bb7fefcf299beed14", 0xb5}], 0x2}, 0x0)
recvmmsg(r2, &(0x7f0000005680)=[{{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f000001a240)=""/4112, 0x1010}], 0x1}, 0x1}], 0x1, 0x0, 0x0)
setsockopt$inet6_int(r1, 0x29, 0x1000000000021, &(0x7f0000000040)=0x5, 0x4)
socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a00)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01040000000000000000010000000900010073797a310000000054000000030a01020000000000000000010000000900010073797a31000000000900030073797a320000000028000480080002400000000008000140000000051400030076657468315f6d6163767461700000004c000000050a01020000000000000000010020000c00024000000000000000010900010073797a3100000000200004801400030076657468315f6d616376746170000000080001400000000514000000110001"], 0xe8}}, 0x0)
sendmsg$inet6(r1, &(0x7f00000000c0)={&(0x7f0000000080)={0xa, 0x4e22, 0x80000, @dev={0xfe, 0x80, '\x00', 0x16}}, 0x1c, 0x0, 0x0, &(0x7f0000000a00)=[@dstopts_2292={{0x18, 0x29, 0x4, {0x84}}}], 0x18}, 0x40)

5.071777965s ago: executing program 2 (id=2450):
syz_emit_ethernet(0x42, &(0x7f0000001540)=ANY=[@ANYBLOB="01040000aaaa86082b98270c1100fe8000000000000000000000000000aa200100000000000000000000000000014e224e23000c9078410600"/66], 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000009c0)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$inet_udp(0x2, 0x2, 0x0)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x4044844}, 0x404c001)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSIGACCEPT(r3, 0x4b4e, 0x80000013)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/bus/input/handlers\x00', 0x0, 0x0)
syz_usb_connect(0x0, 0x43, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x43, 0xa5, 0xaa, 0x40, 0x1b80, 0xe396, 0xa7b1, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x68, 0x5b, 0xd1}}]}}]}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8b30, &(0x7f00000000c0)={'wlan0\x00'})
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSETELEM={0x20, 0x1e, 0xa, 0x105, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x68}}, 0x0)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
fcntl$getownex(r5, 0x10, &(0x7f0000000480)={0x0, <r6=>0x0})
kcmp(0x0, r6, 0x3, r2, r1)
r7 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
r8 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000580)=ANY=[@ANYBLOB="34000000200001000000000000000000028014000000000000000000050019003c00000008000200ac1414aa08000100d6f2e5e4"], 0x34}}, 0x48850)

5.061608899s ago: executing program 0 (id=2451):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/uts\x00')
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(0xffffffffffffffff, 0x40045532, 0x0)
r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x801, 0x0)
ioctl$UI_ABS_SETUP(r1, 0x401c5504, &(0x7f0000000800)={0x0, {0x1, 0x0, 0x4, 0x3, 0x3, 0x80000001}})
ioctl$UI_DEV_SETUP(r1, 0x405c5503, &(0x7f00000001c0)={{}, 'syz1\x00'})
ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x3)
ioctl$UI_DEV_SETUP(r1, 0x5501, 0x0)
write$6lowpan_enable(0xffffffffffffffff, &(0x7f0000000100)='1', 0x1)
syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000ff4ae0086d04dd08f4ff080203010902120001000000000904"], 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)

3.142134542s ago: executing program 3 (id=2454):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
add_key$fscrypt_v1(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'\x00', 0x5})
ioctl$TUNSETOFFLOAD(r1, 0x400454d0, 0xff1)
unshare(0x40600)
mkdir(0x0, 0x0)
ioprio_set$pid(0x2, 0x0, 0x2007)
ioprio_get$pid(0x2, 0x0)
r2 = socket(0x10, 0x3, 0x0)
unshare(0x64000600)
mkdir(0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000040)='net/route\x00')
pread64(r3, &(0x7f0000000080)=""/102356, 0x18fd4, 0x3)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r4, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x4}, 0x6)
write$bt_hci(r4, &(0x7f00000002c0)=ANY=[@ANYBLOB="0000023f32"], 0x138)
setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r2, 0x10e, 0x8, 0x0, 0x0)

3.141569804s ago: executing program 5 (id=2455):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'veth1_to_bridge\x00'})
socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000010c0))
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000600), 0x0)
syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
ioctl$TCSETAF(r1, 0x5408, &(0x7f0000000080)={0x49de, 0x0, 0x0, 0xc003, 0x0, "ec28a144f13d7607"})
socket$kcm(0x11, 0x2, 0x300)
fsopen(&(0x7f0000000000)='ntfs3\x00', 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r3=>0x0})
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0xe, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r5}, &(0x7f0000000240), &(0x7f00000003c0)=r7}, 0x20)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r6, r3, 0x25, 0x2, @void}, 0x10)
syz_emit_ethernet(0x5e, &(0x7f0000000340)={@local, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "cb763e", 0x28, 0x3a, 0xff, @dev={0xfe, 0x80, '\x00', 0x41}, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, [{0x18, 0x3, "007c4de20278ab96e88afd5c976b4c1ce4a945b1aafb"}]}}}}}}, 0x0)

3.127061613s ago: executing program 2 (id=2456):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/uts\x00')
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(0xffffffffffffffff, 0x40045532, 0x0)
r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x801, 0x0)
ioctl$UI_ABS_SETUP(r1, 0x401c5504, &(0x7f0000000800)={0x0, {0x1, 0x0, 0x4, 0x3, 0x3, 0x80000001}})
ioctl$UI_DEV_SETUP(r1, 0x405c5503, &(0x7f00000001c0)={{}, 'syz1\x00'})
ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x3)
ioctl$UI_DEV_SETUP(r1, 0x5501, 0x0)
write$6lowpan_enable(0xffffffffffffffff, &(0x7f0000000100)='1', 0x1)
syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000ff4ae0086d04dd08f4ff080203010902120001000000000904"], 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)

2.791667948s ago: executing program 1 (id=2457):
openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0)
r0 = syz_io_uring_setup(0x27f1, &(0x7f0000000340)={0x0, 0x0, 0x10100}, &(0x7f0000000140), &(0x7f0000000100)=<r1=>0x0)
syz_io_uring_setup(0x1868, &(0x7f00000003c0), &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000180))
syz_io_uring_submit(r2, r1, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54})
io_uring_enter(r0, 0x184c, 0x0, 0x0, 0x0, 0x0)

2.712540359s ago: executing program 5 (id=2458):
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x108, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0xf}, {0xffe0, 0xffff}, {0x16, 0xfff3}}, [@qdisc_kind_options=@q_etf={{0x8}, {0x14, 0x2, @TCA_ETF_PARMS={0x10, 0x1, {0x0, 0x7, 0x3}}}}, @TCA_STAB={0xc0, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x3, 0x5, 0x3, 0x101, 0x2, 0xf, 0xffff, 0xa}}, {0x18, 0x2, [0x0, 0x80, 0x3, 0x9, 0x2, 0x3, 0xffff, 0x42, 0x0, 0x6]}}, {{0x1c, 0x1, {0x7, 0x81, 0x3, 0x2, 0x0, 0x9, 0x0, 0x6}}, {0x10, 0x2, [0x80, 0x3, 0x1000, 0x5c, 0x2, 0x2]}}, {{0x1c, 0x1, {0x0, 0x8, 0xfff7, 0x8, 0x1, 0x751, 0xff, 0x6}}, {0x10, 0x2, [0x9, 0x9, 0x9, 0x4800, 0x6c, 0x2]}}, {{0x1c, 0x1, {0x66, 0x2, 0x401, 0x7, 0x2, 0xff, 0x1, 0x8}}, {0x14, 0x2, [0x90, 0x90a8, 0x100, 0x1, 0x7, 0x4, 0x0, 0xd3]}}]}, @TCA_RATE={0x6, 0x5, {0x6, 0x2}}]}, 0x108}, 0x1, 0x0, 0x0, 0x40000}, 0x4000000)

2.623909372s ago: executing program 5 (id=2459):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
splice(r0, &(0x7f0000000000)=0x171c6000000000, r0, &(0x7f0000000040)=0x5, 0x7f, 0x9)
r2 = syz_open_procfs(0x0, &(0x7f0000001380))
r3 = socket$packet(0x11, 0x3, 0x300)
r4 = socket$packet(0x11, 0x2, 0x300)
dup3(r4, r3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r5=>0x0})
sendto$packet(r3, 0x0, 0x0, 0x20000800, &(0x7f0000000140)={0x11, 0xf6, r5, 0x1, 0x0, 0x6, @random="604112381e74"}, 0x14)
getdents(r2, &(0x7f0000001000)=""/4085, 0xff5)

2.60657437s ago: executing program 1 (id=2460):
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x5, 0x1000086}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x43, &(0x7f0000000040)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000a40)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000"], 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ftruncate(0xffffffffffffffff, 0x200000000000)
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, 0x0, 0x0)
r2 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e20, @loopback}, 0x10)
bind$inet(r2, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
sendmsg$xdp(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000900)='Z', 0xffaa}, {&(0x7f0000000040)="a3d7f3e8a9cf9e3887a6f6eca30e90d85fcfa281378973ab916b0e1d03bd28bca55c552da8cfecb0fbccbfb18ef20fe9541e0e1e8fa214cb6bb0455c2386f5ebb4730be449beb72f481c1429d6eb835b76fd1fdcacd50b884c98caa871ec4e225b6036b6ad2638ab5b06828c10fc355b170075f37b748b8f466fe29f40ec981d1431132bca9884654780b3205ed61f49c3b3b6229593e61d13a8505de19a8a0f502d4f3148f9450ed35ef5950bb7fefcf299beed14", 0xb5}], 0x2}, 0x0)

2.278246917s ago: executing program 3 (id=2461):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000600)={0x6, 0x6, &(0x7f0000000a00)=@framed={{}, [@jmp={0x6, 0x0, 0xc, 0x0, 0x0, 0x1, 0x25}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @exit]}, &(0x7f0000000100)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
r0 = socket(0x200000000000011, 0x2, 0x100)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge0\x00'})
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0x62d81)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, 0x0)
write$sndseq(r1, &(0x7f00000001c0)=[{0x23, 0x2, 0x0, 0x0, @tick=0x1, {}, {}, @queue={0x0, {0x7a120}}}], 0x1c)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x0, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
mount$9p_fd(0x0, 0x0, &(0x7f0000000040), 0x2860020, &(0x7f0000000180)=ANY=[])
r3 = getpid()
socket$netlink(0x10, 0x3, 0x8)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
open_by_handle_at(0xffffffffffffffff, &(0x7f0000000180)=ANY=[], 0x1)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000180), r6)
sendmsg$IEEE802154_LLSEC_LIST_SECLEVEL(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000001c0)={0x14, r7, 0x31f, 0xffffffff}, 0x14}, 0x1, 0x0, 0x0, 0x40c0}, 0x0)

2.223824695s ago: executing program 1 (id=2462):
r0 = memfd_secret(0x80000)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x22806d, 0x0)
ioctl$KDFONTOP_COPY(r0, 0x4b72, &(0x7f0000000040)={0x3, 0x1, 0x1f, 0x1f, 0xc8, &(0x7f00000001c0)})
socket$packet(0x11, 0x2, 0x300)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001200)=ANY=[@ANYRES16=r1, @ANYBLOB="ae92abf4c2d76fb9ea936f89e2fed3c4cfe3260f4b0c763f200746607c997c696dbb187c90383c336970893873d74af5a479520dced987439080d857d6efe5e15b9f76073471e828c64da8e5892eb2c1c31d4c3f646bae2c2337ee9d1b8adba9418ab75d6b057dae25b95fcadc7fba812c9542a75975255394f5fc4b4953b0ac2cd2cd1ca8ebdf34d01ad39e6f0babe31bcc9222a8a4551d64c06a25fc5e5c9142a81b4e13f3cd4921fd41a7853d60c3a2af7c001955fc5a830b2f296cce2a7811085240066f4c464148ce70581b8216ca0913d57f2ca21609c748706d2c86ac3cb13413ffcf70ec5394bab947d4aefddf18fe03dbf52da9a3ef20383edb3a0cd80aa03e208afa20a11b3cd3804f1a67ab881d939349d9bd727d94221c1ad9855047e4510de089c9e86a12c325d3cef9f9e8143ffab47a4236f76bea360a0aa693915628598a26de00850b4b2103c66da1238f1e50430ff34c76d7942960786c27ce7baa64d01e4f4fdc37036f4ce09857355e7e8257b30c6615e0c9d29b0033f348aab9d4e0691a3cb36a4905e94f0ea2f265df0ab2d9f89931fd61b19a01ee52457e99cb54611a241a3daa0a2d8f3b89db69ab9d227102939fecf13313fbac275e64ad0ba9f344d1ad1f14aae0c875525edbc0fe43048f7d001ac1edfe789cb2353b304b29b45c4d7a080e2ad5487a7bd37aa47381a79901b7629e6102f3cd34f9c26b518162e40446fb9739d5bcfa789730f4451b7e75e80389afef4734097471a61bed3b3e1c9dbca749e2c5bd09b361e9bf7dc9b20e24119ea2f359bb290112d82a8f8dba2a8bc169edb7b5dd38642d122550bf6797fa721e985cf79474ff4d1752f5bffcf986bc00ba92fc25474f4dddc7b7db103e56963db39cebb54d546fb1efb7bf8b1d7df04d54a11c91a4ad455679935b24f99a150b4039eacbabad19f99a50f2db9f4541168790645bc50c9e84e3047980845112b75834e6d7d0c64138d5b01bd197bbf26ac871ed9527426906be2230fd8839cef869685b8df4481f7b83acde77d4a9509e8acd98e194694458e3d5a046191db8a0046c86678b2296218e9740cbc996425fe8dbc2c6967db1fadcc14edce6f033706866644dcd03cad836639262c0bdb773e2cb715eff13884625478f5147e3e62c14756971f9bae875e88fedb505a3dfcbe676a2569b42ff15b420bc375e19acf9a7c8f2c2b542046b32af4be008b336469ee7775f3ffd1de1ab9bcf7d6e771adf1dd56c82758f339eeaa741a4f9a9685963876be5af3668afaba33202c114e8da835eacc32436036db003b939247ea6612d44ff586dce3d374add5fe628161dd63fe808d083938749e8b422c8d061881627a5157f2e0625bfbb2d642838ac9cbc3c6471218870ed23da9f8b4b393ca318fe52b86a2fe6aefe863685d71005a7b25024cf8733d9e8dd233736ba6a335b62aa32fcc2f0668c42bfb109425e68823492fbd66eeef4e15e0585b592ad930f471a482fd99f2cde8bd7796721dfc1d87961e0430e10344eb8924efcec9fc2ecf457eabde4edcc358ce86a3687b7bd057d2de869708b94056b663583a13ba51444337c85ed3a4d73f9b14e2ec1c90c3ce635e61c81d4b1a338cfe6daeb1a2b1e64c1e2927636d678f31bb45950c90a470b4dbc4395e7c10f923e395e5c8d827dd692393ce427514929be6f6b5133979d3ebe25d87458bae68f2d09d9586de416d7693c0d5020d0714e00c4c4611f669f3cb3135a62d39eb814767ab881a528faf05d59f516cfcec666b635c385e54f48e451e81d631848e0484f7912251c521b2f42b4809493d15dcbe29cb8bb0c7deab497910acc88319e61f2da83a1fe50d34ba58091fdb157fa9f8136823dcb7c8c79b076d52422bfa86237b6f13ccb30606247f9c1d777558c328d3294150a5762f061de51490684edc4242935ff1df91ced59efafffed3c8ee12db41169916e157caa97c952f00426a95d43b1ef7f807f1eb2a6451b945cf8c8805e3822cf015833d92b548c301e4b618209695ff3a9d52d81f013ded7e7d6c3b3fb71bd76397c249f84fbf2272cbd7cd9095073046add3c2635851871759c922bfc8748cf87c433acd5be83e0546f5cf54268bd0a87c002c31ef809993b4d64b8a87c7a968e037e4e091c194cd23c776a6f6ee7048cb0752851418a3255802a25ae5f3b3b39285b174b8503281b1a467f0465891d95931159ad1038d3adf15a8e5702bc4e9a0d10b016a21a6e9e7ad43f0c81bc796f958acb69e1050ad0be2e99bd8d024173e2b0871681f5b05f33af6ac4edff4865ba0d235da042af93c6ac752e6c9368a02eafe92f5e9df3ce9b9467e247bffda1b630c5d971697fcf8ffd23c46490b057fae0fff6b45650e3148a177c4bd7e4bbf5af1d970f425866ab34cbb990211cf9260216eb609e72dc533df9369cad628b7eafa12471353f9a256eca07cb19804151122242b659ca14ad6b7905e8a273eeeb85163f4cf45a58478a104f9231c851930ebf07b3e0cba8ce8c9d16050afd136495b78bee436b95fbfae7d5c1a27fa1ca6e9b01c5994519e4ad34ff07cc1f52119197249ba5d4996a1b0a446585efbcd24624b30fe3d78bc268d547d8a8e4488b6a69a52c71e83405310a0292670bc153e673e9ccf94eeb180da7ace3a9545ca2256507ab15c70e2a154c2380fa7c3319529e2d2a29744ef4b987f8cf6ae43cecd3307a2d0ff4ee6e1ccaea1f133c891a67a79bfd93292732c7b4150130c110ba41dac1ce2cabdc15a2bdac92552e46ac568d6fe016c6462acf5e00b8ad1b38e680f1c5eb4ddb01be80f10ba02e1b780828476a766239664482b27bf74a9aff5f04b9685e4ab5c2dd2ecab127b7a3cb21c5b16bcb7d13a5baca947aae86da9d7e14fed2e58bc7a16c81870fd37b447a380319b27d156f2911d4043749c50d5cddf1a4201a360ee2ab0fa9bb47d754e386be6756a87bf943f6605e7302700db0be95651dbda81f24ef7a1151c16e36e8c6da7485bf794424ac70a179ea96f3bc377c38b473fe4ece163ebc06e71fe37db7ba71eb0bd330e255aa1ab2ac9d8f0f4472ffae66fdd666a882108ab41e05f14c9cead2949bae6fc2ad294ca69982d114e6d088a00863e755cc85411742a3a4c142575bb67f8bde8c8067ababdbbbe953d0b42eb190a98df3a0feca94214e49e8d0af5062df1c7695256239cb9dd0d2a9cd02b8d4f631c9646747170ca7a194e05efa6ebeae2eca4df4ab16890b73987b3e5dc0ad24e3beda8583249bca7f01a094ff5e7158681bde65b824bc3606c22ad9278ae7bdaf9597dcdcd050c9065e6f00335a79e44abc4e2414915ebbc540699cfeb34b02d441ce06aff0a5cac1a0be7d9d18fd8951eeb08d90175cbf829a7d7d6562c82b0e401f9345621b6937be2ad27efd4eb917337b4b3dc4d30771f50f4fdf0c90df6d9afe60ee80379c59615669260e923d8999ce7dcae9329966915cb54217447dd0b3a1ccb0bbb3b15bd6b887cf9d81eef47cf5fd7969eb6c9e46c9274a03707e8db5f3d9a4e7a5280ed43bf1fdde5726de9d467a98ce35785d3a1d184bdd5f56cd8b93600f824c0726eb3a5068004bfd1e6491187d4847cdb85cd5ba1fc89a698b446d0ba13d6cb85220ef08ad3ed6746a0d8e38863cd2b7036682925aeaab4d59269bd0705853d8af0feb71449eec2123f4174a58d31aebc96663296992a52fa628ea19d63c490186e6061b07c9305ea88e0c62815d77806740b4bc5082a4c52abd6f389c6492a039ba9e9630e3783854201524ca8f2729c615afcef298345c9bc3422507859b28ebf7b377a587888a2264fb5cd3f0f0444d18f7bb86e4b7b2627813e0cf8b5868812d6bd13a029088a27c2342469a51a66d9353f03c439bd0bc0abab2036088ceea56013b1255d7a160e25f0e8c5184353753473aa064db2e8c872056054dec3b6aa9d608ebe0790ec68f39bcacb61ccfd83bd10ad90909aee574311659948aeb71799e2d16d647264818c4d4b64d1827a1a5f0a3375fce80015ead8c031a5e2101ec3732e2bcc9c8c3ef4cfe0a3bf523ab58dcee2919951eeb885b5f61657bbc7fa9c45d982740d3faf41d952f5f47bd9a022563dcb5ed141d821490871d28f78208d5b41bc1da0ce00922275c599b99636394c62117a027ceecfdf1f41b592e883616e3296c7c7f19e9e757b7654061695594b12bf0895dccf16aaa4d78bab1e50b9694d4846d08a01306a3f72b4bda03ffabd134032d9fc8c20f69a4610389649865d1ee8afdb3033856f876d768fac3f9a5e047a335453c5e424e8ec3eede968ebc6d4933a164c75b05ea4038e753ccc75e181f2f5d49c1675ce977606877a691c3a1a75bf7fe2bda71aa7f440129323ba1e8318754d5db3cf169bc5b7527fcdc97ee828e86ad1d47d9465b3992bb5b1e04820f4213975357505c8157421c0ee5a945ef7516b4837ca0d9a7a83233185564e4263391cc1867ffbed39b1799dd8a0ad3a2b2295822abbb9acc5ad42c5d049a2f9fc70e34337cda9380b0314aa84ed5d9650e39c41be53755c50f062394eb5f7f75cf9b23a70403be930066c7476f709c7b5c4f32ebd853ec08c4f822f199c8e717784a98c6104ba3088acc8495a296dbb4ac3c82c0dde6daf9cc8bc99e1467586a23e79877455d5d7d12ff54f177704a68d02d58a937bb163e7e083bf78e49425201e604ddda3bd47698a169813898991aafb8ffc6e5a9a283c807d60af981ffe5432bb408e58d750b0813eb7f3376b33e0829b5b83b4a7dba4090ad7a441738525dbc13343e9ede944874fd653126f0628850d9268c13fc139d261b57e0f0824ef824fb28b592fa6e3294a4adb7837bbb6e59d9e4dc3cb50cebc3b83fcd2e423270332bb6d038bfb42b7bd51895367ceb698fd223807ae4ce75d3dca2853dfff2fa2d244c774598ba41cb86cc5949f8a6b5a39517c499321ddbbd01c96cd34c5169706cb5ff68da0931bb7a2ac64ee4a8f2852ba1e838a8fca3232fe82968b7f354d30a6fbdcfdbf552fa1300b5f791c4e7a201825f9d14c3be7368a986289c3bf22dfa4913e2088ef930ed478d231dc7bf0a8617e37e3200c173a4682c09cc9c484e81c1d64e4e0486526c6f70cb708ae2f72eec5fdd034d7402d7e52413be57734d6514fb89d941a81f273b36b1606cf4c2846e3928df177c9b41c4c34a4620bfd2114183758a5d7b15cdac1a8297dd45f64fd69a60123f6f5bc6e04ea0b4030f433416d646f8118112c095d7bbb0d0b91d5072901793f847e6d6f41d1745befe00e22973ddfb3b1192e2c14bca2c7408aeb0a0ec51ec41ed75e3db313e6f2b3881bbfd17836cce34759b8bd43f75ff7bc29217719a3534de5e197ec5f6edabb726b9a77c7bb8582eeecc7ebd03cdc62c18eff0a61395eafb758ffe60346c61600a4a05851d30152a85bbd81a22a4f88a2419d29c00eacc871b22870f743b961157d096638686bdcc460847fe07be79d8cb0f5ea8b0471b8f50f180d6c93693727b6e744abd5b164cc8f44e566f7b8f85cbf69ccf11c8574ae416b68479046252f8a05eaa0e9f77b8e51c795d5c65f5d8bf98f7eb26f853645120c72e1a67db09faff34630f6b1a535bdbf95702debc2cc5fc7061530038a12f8d04ac0f0e0e8dcc528e116eabdb6d444b081b0e7ace0fd8276f3d70f099622de9c3b2ce18259804d76633e7bf1ed592229b5fadf9de8412669839cd8f5892edb468b91672e532a6786250304e60afb377aeb541e1573a8a4a3a", @ANYRES32=r1, @ANYRESDEC=r1], 0x1c}}, 0x0)

2.171608222s ago: executing program 5 (id=2463):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000300)={{0x0, 0x2}})
ioctl$SNDRV_TIMER_IOCTL_START(r0, 0x54a0)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r1=>r0, {0x4}}, './file0\x00'})
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000140)={0x0, 0x7, 0x1, 'queue0\x00', 0x7f})
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f00000003c0)={0x9c9, 0x0, 0x0, 'queue1\x00', 0x200000})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r2, 0x40605346, &(0x7f0000000280)={0x0, 0x0, {0x3}})
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f00000000c0)={0x2, 0x1ff, 0x42, 0x0, 0x8})

2.118917971s ago: executing program 5 (id=2464):
syz_emit_ethernet(0x42, &(0x7f0000001540)=ANY=[@ANYBLOB="01040000aaaa86082b98270c1100fe8000000000000000000000000000aa200100000000000000000000000000014e224e23000c9078410600"/66], 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000009c0)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$inet_udp(0x2, 0x2, 0x0)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x4044844}, 0x404c001)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSIGACCEPT(r3, 0x4b4e, 0x80000013)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/bus/input/handlers\x00', 0x0, 0x0)
syz_usb_connect(0x0, 0x43, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x43, 0xa5, 0xaa, 0x40, 0x1b80, 0xe396, 0xa7b1, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x68, 0x5b, 0xd1}}]}}]}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8b30, &(0x7f00000000c0)={'wlan0\x00'})
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSETELEM={0x20, 0x1e, 0xa, 0x105, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x68}}, 0x0)
r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
fcntl$getownex(r6, 0x10, &(0x7f0000000480)={0x0, <r7=>0x0})
kcmp(0x0, r7, 0x3, r2, r1)
r8 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
r9 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000580)=ANY=[@ANYBLOB="34000000200001000000000000000000028014000000000000000000050019003c00000008000200ac1414aa08000100d6f2e5e4"], 0x34}}, 0x48850)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000100), 0xffffffffffffffff)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000001c0)={'syztnl0\x00', &(0x7f0000000140)={'syztnl1\x00', 0x0, 0x2f, 0x7, 0x2, 0x401, 0x4, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @empty, 0x20, 0x29, 0x6, 0xf}})
r10 = openat$autofs(0xffffffffffffff9c, &(0x7f00000003c0), 0x4cf00, 0x0)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r10, 0xc0189372, &(0x7f0000000400)={{0x1, 0x1, 0x18, r0, {0x6}}, './file0\x00'})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000200))
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000080)={0x10, 0x30, 0xfa00, {&(0x7f0000000040), 0x1, {0xa, 0x4e21, 0x2, @empty, 0x2}}}, 0x38)

2.037645658s ago: executing program 1 (id=2465):
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x12, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
epoll_create1(0x0)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4080)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000500)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00'}, 0x10)
r3 = socket$inet6(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001900010000000000000000000218000000"], 0x2c}}, 0x0)
sendto$inet6(r3, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b)
bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0)
ioprio_set$pid(0x2, 0x0, 0x0)
landlock_create_ruleset(0x0, 0x0, 0x0)
openat$nullb(0xffffffffffffff9c, 0x0, 0x282, 0x0)
r4 = syz_open_dev$vbi(&(0x7f00000001c0), 0x0, 0x2)
ioctl$VIDIOC_S_INPUT(r4, 0xc0045627, &(0x7f0000000100)=0x3)
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r4, 0xc0845657, &(0x7f0000000200)={0x0, @bt={0xa8f, 0x86c, 0x1, 0x1, 0xd59f80, 0x19f2, 0x83f, 0x19ef, 0x3, 0x5, 0x2800, 0x6, 0x2, 0xba2, 0xc, 0x30, {0x8, 0xffffffff}, 0xd0, 0x1}})
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000c80)=@ringbuf={{}, {{}, {}, {0x7, 0x0, 0xb, 0x2}, {0x85, 0x0, 0x0, 0x51}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x5}}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000780)={r5, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000400)="5aee41dea43e9eee28e622e563a3", 0x0, 0x3e, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

1.995592071s ago: executing program 0 (id=2466):
syz_emit_ethernet(0x42, &(0x7f0000001540)=ANY=[@ANYBLOB="01040000aaaa86082b98270c1100fe8000000000000000000000000000aa200100000000000000000000000000014e224e23000c9078410600"/66], 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000009c0)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$inet_udp(0x2, 0x2, 0x0)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x4044844}, 0x404c001)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSIGACCEPT(r3, 0x4b4e, 0x80000013)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/bus/input/handlers\x00', 0x0, 0x0)
syz_usb_connect(0x0, 0x43, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x43, 0xa5, 0xaa, 0x40, 0x1b80, 0xe396, 0xa7b1, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x68, 0x5b, 0xd1}}]}}]}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8b30, &(0x7f00000000c0)={'wlan0\x00'})
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSETELEM={0x20, 0x1e, 0xa, 0x105, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x68}}, 0x0)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
fcntl$getownex(r5, 0x10, &(0x7f0000000480)={0x0, <r6=>0x0})
kcmp(0x0, r6, 0x3, r2, r1)
r7 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
socket$netlink(0x10, 0x3, 0x0)

1.016575949s ago: executing program 1 (id=2467):
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
r0 = getpid()
prlimit64(r0, 0xe, &(0x7f0000000000)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x3, &(0x7f0000000540)=ANY=[@ANYBLOB], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4, @void, @value}, 0x94)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$inet_udplite(0x2, 0x2, 0x88)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, 0x0, 0x80)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3e)
syz_init_net_socket$llc(0x1a, 0x2, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
r5 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000080)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffb)
add_key(&(0x7f0000000040)='pkcs7_test\x00', 0x0, &(0x7f00000000c0)="100c0601001000bad775aa1b71ca", 0xe, r5)
sendto$inet6(r4, &(0x7f0000000300)="8b", 0x34000, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @private1}, 0x1c)
r6 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000), 0x41, 0x0)
write$nbd(r6, &(0x7f0000000340)=ANY=[@ANYBLOB="01"], 0x40)
r7 = accept$alg(r3, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000180)="ad060000", 0x4)
sendmmsg$inet(r7, &(0x7f0000000380)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000140)="17", 0x1}, {&(0x7f0000002a40)="0d5ebfd6dfe98a01b2fb5b0eb19a417353a0833d961a98422333bb10a75289c4353c82666dbc1db13e21381283bf8a01be70deccac2c9bce8a8ea365f060b795c3238d7219c2d3020933c9c39c6d0cbc957ec3f682cac392c2a627a0c386d59681fdfd5ea467e2db933c4ae7a5aafaa8c86de5dfdc5ed01a788fc636bf7a8062bebeff2374151183", 0x88}], 0x2, &(0x7f0000003840)=ANY=[@ANYBLOB='@'], 0x40}}], 0x1, 0x715076165a76ad26)

1.014459223s ago: executing program 3 (id=2468):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'veth1_to_bridge\x00'})
socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000010c0))
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000600), 0x0)
syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
ioctl$TCSETAF(r1, 0x5408, &(0x7f0000000080)={0x49de, 0x0, 0x0, 0xc003, 0x0, "ec28a144f13d7607"})
socket$kcm(0x11, 0x2, 0x300)
fsopen(&(0x7f0000000000)='ntfs3\x00', 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r3=>0x0})
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0xe, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r5}, &(0x7f0000000240), &(0x7f00000003c0)=r7}, 0x20)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r6, r3, 0x25, 0x2, @void}, 0x10)
syz_emit_ethernet(0x5e, &(0x7f0000000340)={@local, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "cb763e", 0x28, 0x3a, 0xff, @dev={0xfe, 0x80, '\x00', 0x41}, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, [{0x18, 0x3, "007c4de20278ab96e88afd5c976b4c1ce4a945b1aafb"}]}}}}}}, 0x0)

653.628248ms ago: executing program 3 (id=2469):
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x108, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0xf}, {0xffe0, 0xffff}, {0x16, 0xfff3}}, [@qdisc_kind_options=@q_etf={{0x8}, {0x14, 0x2, @TCA_ETF_PARMS={0x10, 0x1, {0x0, 0x7, 0x3}}}}, @TCA_STAB={0xc0, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x3, 0x5, 0x3, 0x101, 0x2, 0xf, 0xffff, 0xa}}, {0x18, 0x2, [0x0, 0x80, 0x3, 0x9, 0x2, 0x3, 0xffff, 0x42, 0x0, 0x6]}}, {{0x1c, 0x1, {0x7, 0x81, 0x3, 0x2, 0x0, 0x9, 0x0, 0x6}}, {0x10, 0x2, [0x80, 0x3, 0x1000, 0x5c, 0x2, 0x2]}}, {{0x1c, 0x1, {0x0, 0x8, 0xfff7, 0x8, 0x1, 0x751, 0xff, 0x6}}, {0x10, 0x2, [0x9, 0x9, 0x9, 0x4800, 0x6c, 0x2]}}, {{0x1c, 0x1, {0x66, 0x2, 0x401, 0x7, 0x2, 0xff, 0x1, 0x8}}, {0x14, 0x2, [0x90, 0x90a8, 0x100, 0x1, 0x7, 0x4, 0x0, 0xd3]}}]}, @TCA_RATE={0x6, 0x5, {0x6, 0x2}}]}, 0x108}, 0x1, 0x0, 0x0, 0x40000}, 0x4000000)

616.753705ms ago: executing program 3 (id=2470):
openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0)
r0 = syz_io_uring_setup(0x27f1, &(0x7f0000000340)={0x0, 0x0, 0x10100}, &(0x7f0000000140), &(0x7f0000000100)=<r1=>0x0)
syz_io_uring_setup(0x1868, &(0x7f00000003c0), &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000180))
syz_io_uring_submit(r2, r1, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54})
io_uring_enter(r0, 0x184c, 0x0, 0x0, 0x0, 0x0)

587.840179ms ago: executing program 3 (id=2471):
r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0xffffffffffffffc2, 0x0)
ioctl$USBDEVFS_ALLOW_SUSPEND(r0, 0x5522)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/locks\x00', 0x0, 0x0)
pread64(r1, 0x0, 0x0, 0x35)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="1b00000000004d49ba6669b204d4721cdf5336bc2e6998ab10c7dad7b92570e1cf9dae8b09c653d8b20945a26f41298aec3947e03a80e73273e22c5546d2130c20f4e5a3914de53d814274568ccc5de6a3043c28cfd13f4382876ab223c5c51b728fba222f7331b2b288f3a2771e497fd54f9b161553c4397a0688eb1bd57b5331a13b4f5b475afc359a03078cba14ae4d9ed1dc46464671aaf35b8389079807a83c2bceff1c539b616bb705cdd2dbf843c7ddbeaff38a3f721c78581c6a3516d4bbcbe3133b170954e0b0fcbecb520ba8840bb5c2157999cb66963df71066d58e8d21580dfee3dca298439c8f50038bf70000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/25], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYBLOB="0000000000000000b708000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x28af, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001800)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x15, 0x301, 0x0, 0x0, {0xb}}, 0x14}}, 0x8096)
sendmsg$NLBL_UNLABEL_C_STATICADD(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x8, 0x3000000000002}, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = syz_open_dev$vim2m(0x0, 0x200000001003, 0x2)
ioctl$vim2m_VIDIOC_STREAMON(r7, 0x40045612, 0x0)
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000000000)={'veth0_vlan\x00', @remote})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000480)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000000000)={'veth0_vlan\x00', @random="0106002010ff"})
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$team(&(0x7f00000044c0), 0xffffffffffffffff)

8.005172ms ago: executing program 5 (id=2472):
clock_settime(0x0, &(0x7f0000000240)={0x77359400})
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}]}, 0x0)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={<r2=>0x0}, &(0x7f00000004c0)=0x27)
getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={r2, @in={{0x2, 0x4e21, @rand_addr=0x64010101}}}, &(0x7f0000000100)=0x84)
clock_adjtime(0x0, &(0x7f0000000640)={0x7, 0x9, 0x380000, 0x8, 0xfffffffffffffff9, 0xfffffffffffffff7, 0x9, 0x0, 0xae, 0x6, 0x7, 0x4, 0xfffffffffffff04f, 0x1ff, 0xffffffffffffffff, 0xfffffffffffffff8, 0xffffffffffffffff, 0x6, 0x0, 0x100, 0x4, 0x2, 0x5, 0x3, 0x8, 0x8})
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x40, @void, @value}, 0x94)
r3 = syz_io_uring_setup(0x10d2, &(0x7f00000003c0)={0x0, 0x7734, 0x80, 0x0, 0x377}, &(0x7f00000000c0)=<r4=>0x0, &(0x7f0000000080)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1})
setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r1, 0x84, 0x71, &(0x7f0000000140)={r2, 0x5}, 0x8)
io_uring_enter(r3, 0x47bc, 0x0, 0x0, 0x0, 0x0)
clock_adjtime(0x0, &(0x7f0000000280)={0x6, 0xe, 0xf, 0x4, 0x681, 0x8000000000000000, 0xa, 0x2, 0x9, 0x2, 0x4, 0x8000000000000000, 0xc, 0x10, 0x5, 0x9, 0x7, 0x5, 0x8, 0xfffffffffffffffa, 0x0, 0x5, 0x80, 0x7, 0x1, 0x6})
r6 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r6, 0x0, 0x80, &(0x7f0000000a40)=@nat={'nat\x00', 0x19, 0x2, 0x90, [0x2000000005c0, 0x0, 0x0, 0x2000000005f0, 0x200000000620], 0x0, 0x0, &(0x7f00000005c0)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0x3}, {0x0, '\x00', 0x0, 0xfffffffffffffffe}]}, 0x108)

0s ago: executing program 1 (id=2473):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000440)=ANY=[@ANYBLOB="12011f00abbe6740e9174e8b089c000000010902120001000000000904000000ff"], 0x0)
syz_usb_control_io(r0, &(0x7f0000000340)={0x2c, &(0x7f0000000000)=ANY=[@ANYBLOB="781002000000025f"], 0x0, 0x0, 0x0, 0x0}, 0x0)
io_setup(0x5, &(0x7f0000000040))

kernel console output (not intermixed with test programs):

r, different from the interface descriptor's value: 21
[  578.391316][ T5914] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  578.400534][ T5914] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  578.430110][ T5914] usb 4-1: config 0 descriptor??
[  579.032926][T12457] netlink: 87 bytes leftover after parsing attributes in process `syz.1.1695'.
[  579.689953][ T5914] plantronics 0003:047F:FFFF.0007: No inputs registered, leaving
[  579.702638][ T5914] plantronics 0003:047F:FFFF.0007: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  579.743276][ T5914] usb 4-1: USB disconnect, device number 29
[  579.829389][   T30] audit: type=1400 audit(1746137986.924:1151): avc:  denied  { sqpoll } for  pid=12460 comm="syz.2.1700" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  579.857637][T12467] binder: 12465:12467 ioctl 4018620d 0 returned -22
[  579.892298][T12464] kvm: vcpu 0: requested 16512 ns lapic timer period limited to 200000 ns
[  579.909058][T12464] kvm: pic: non byte write
[  580.185957][ T5812] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  580.614079][ T5812] usb 3-1: New USB device found, idVendor=249c, idProduct=9002, bcdDevice=de.ad
[  580.644704][ T5812] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  580.669400][ T5812] usb 3-1: config 0 descriptor??
[  580.819244][   T30] audit: type=1400 audit(1746137987.914:1152): avc:  denied  { append } for  pid=12481 comm="syz.0.1707" name="video8" dev="devtmpfs" ino=951 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[  581.075511][T12482] gfs2: gfs2 mount does not exist
[  581.125749][T12488] misc userio: No port type given on /dev/userio
[  581.438558][T12491] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  581.448069][T12491] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  581.457329][T12491] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  581.465813][T12491] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  581.473824][T12491] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  581.489332][ T7201] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  581.500754][   T30] audit: type=1400 audit(1746137988.594:1153): avc:  denied  { mounton } for  pid=12490 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  581.618172][ T7201] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  581.698737][ T7201] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  581.722460][T12497] pim6reg: entered allmulticast mode
[  581.760438][ T7201] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  581.900114][T12502] 9pnet_fd: Insufficient options for proto=fd
[  582.268389][T12490] chnl_net:caif_netlink_parms(): no params data found
[  582.302508][ T7201] bridge_slave_1: left allmulticast mode
[  582.315446][ T7201] bridge_slave_1: left promiscuous mode
[  582.322595][ T7201] bridge0: port 2(bridge_slave_1) entered disabled state
[  582.337048][ T7201] bridge_slave_0: left allmulticast mode
[  582.342747][ T7201] bridge_slave_0: left promiscuous mode
[  582.351437][ T7201] bridge0: port 1(bridge_slave_0) entered disabled state
[  582.829066][ T5812] usb 3-1: can't set first interface for hiFace device.
[  582.843607][ T5812] snd-usb-hiface 3-1:0.0: probe with driver snd-usb-hiface failed with error -5
[  582.855263][ T5812] usb 3-1: USB disconnect, device number 22
[  582.934628][ T7201] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  582.949924][ T7201] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  582.960025][ T7201] bond0 (unregistering): Released all slaves
[  582.981977][T12501] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-wireguard%d": -EINTR
[  583.187917][T12490] bridge0: port 1(bridge_slave_0) entered blocking state
[  583.214102][T12490] bridge0: port 1(bridge_slave_0) entered disabled state
[  583.222229][T12490] bridge_slave_0: entered allmulticast mode
[  583.223838][T12525] binder: 12524:12525 ioctl 4018620d 0 returned -22
[  583.229811][T12490] bridge_slave_0: entered promiscuous mode
[  583.252399][T12490] bridge0: port 2(bridge_slave_1) entered blocking state
[  583.261414][T12490] bridge0: port 2(bridge_slave_1) entered disabled state
[  583.271238][T12490] bridge_slave_1: entered allmulticast mode
[  583.283255][T12490] bridge_slave_1: entered promiscuous mode
[  583.565647][T12491] Bluetooth: hci0: command tx timeout
[  584.080009][T12490] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  584.120923][   T30] audit: type=1400 audit(1746137991.214:1154): avc:  denied  { connect } for  pid=12532 comm="syz.1.1718" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  584.165597][   T30] audit: type=1400 audit(1746137991.254:1155): avc:  denied  { write } for  pid=12532 comm="syz.1.1718" path="socket:[40840]" dev="sockfs" ino=40840 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  584.248882][ T7201] hsr_slave_0: left promiscuous mode
[  584.259988][ T7201] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  584.285806][ T7201] batman_adv: batadv0: Removing interface: batadv_slave_0
[  584.316524][ T7201] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  584.342797][ T7201] batman_adv: batadv0: Removing interface: batadv_slave_1
[  584.451610][ T7201] veth1_macvtap: left promiscuous mode
[  584.494691][ T7201] veth1_vlan: left promiscuous mode
[  584.512360][ T7201] veth0_vlan: left promiscuous mode
[  584.800458][ T7201] team0 (unregistering): Port device team_slave_1 removed
[  584.829140][ T7201] team0 (unregistering): Port device team_slave_0 removed
[  585.126153][T12490] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  585.197873][T12490] team0: Port device team_slave_0 added
[  585.230075][T12490] team0: Port device team_slave_1 added
[  585.312055][T12560] binder: 12559:12560 ioctl 4018620d 0 returned -22
[  585.331206][T12490] batman_adv: batadv0: Adding interface: batadv_slave_0
[  585.349702][T12490] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  585.380101][T12490] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  585.381795][T12563] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  585.401254][T12561] FAULT_INJECTION: forcing a failure.
[  585.401254][T12561] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  585.407856][T12490] batman_adv: batadv0: Adding interface: batadv_slave_1
[  585.423082][T12561] CPU: 0 UID: 0 PID: 12561 Comm: syz.2.1723 Not tainted 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) 
[  585.423103][T12561] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  585.423113][T12561] Call Trace:
[  585.423119][T12561]  <TASK>
[  585.423125][T12561]  dump_stack_lvl+0x16c/0x1f0
[  585.423151][T12561]  should_fail_ex+0x512/0x640
[  585.423177][T12561]  _copy_to_user+0x32/0xd0
[  585.423199][T12561]  simple_read_from_buffer+0xcb/0x170
[  585.423225][T12561]  proc_fail_nth_read+0x197/0x270
[  585.423249][T12561]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  585.423274][T12561]  ? rw_verify_area+0xcf/0x680
[  585.423293][T12561]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  585.423316][T12561]  vfs_read+0x1de/0xc70
[  585.423341][T12561]  ? __pfx___mutex_lock+0x10/0x10
[  585.423362][T12561]  ? __pfx_vfs_read+0x10/0x10
[  585.423391][T12561]  ? __fget_files+0x20e/0x3c0
[  585.423422][T12561]  ksys_read+0x12a/0x240
[  585.423444][T12561]  ? __pfx_ksys_read+0x10/0x10
[  585.423464][T12561]  ? rcu_is_watching+0x12/0xc0
[  585.423490][T12561]  do_syscall_64+0xcd/0x260
[  585.423513][T12561]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  585.423529][T12561] RIP: 0033:0x7f3b16d8d37c
[  585.423542][T12561] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  585.423558][T12561] RSP: 002b:00007f3b17c88030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  585.423573][T12561] RAX: ffffffffffffffda RBX: 00007f3b16fb6080 RCX: 00007f3b16d8d37c
[  585.423583][T12561] RDX: 000000000000000f RSI: 00007f3b17c880a0 RDI: 0000000000000006
[  585.423592][T12561] RBP: 00007f3b17c88090 R08: 0000000000000000 R09: 0000000000000000
[  585.423602][T12561] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  585.423611][T12561] R13: 0000000000000001 R14: 00007f3b16fb6080 R15: 00007ffe3abe53b8
[  585.423633][T12561]  </TASK>
[  585.645998][T12491] Bluetooth: hci0: command tx timeout
[  585.801671][T12490] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  585.828122][T12490] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  585.924955][T12490] hsr_slave_0: entered promiscuous mode
[  585.931498][T12490] hsr_slave_1: entered promiscuous mode
[  585.938022][T12490] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  585.946753][T12490] Cannot create hsr debugfs directory
[  586.355500][T12490] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  586.364817][T12490] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  586.375266][T12490] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  586.385146][T12490] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  586.456507][   T30] audit: type=1400 audit(1746137993.544:1156): avc:  denied  { map } for  pid=12576 comm="syz.1.1731" path="socket:[40919]" dev="sockfs" ino=40919 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  586.487801][   T30] audit: type=1400 audit(1746137993.574:1157): avc:  denied  { accept } for  pid=12576 comm="syz.1.1731" path="socket:[40919]" dev="sockfs" ino=40919 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  586.487983][T12490] 8021q: adding VLAN 0 to HW filter on device bond0
[  586.576993][T12490] 8021q: adding VLAN 0 to HW filter on device team0
[  586.601751][ T7201] bridge0: port 1(bridge_slave_0) entered blocking state
[  586.608824][ T7201] bridge0: port 1(bridge_slave_0) entered forwarding state
[  586.641789][ T7211] bridge0: port 2(bridge_slave_1) entered blocking state
[  586.648857][ T7211] bridge0: port 2(bridge_slave_1) entered forwarding state
[  586.960580][T12490] 8021q: adding VLAN 0 to HW filter on device batadv0
[  587.095682][T12605] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1738'.
[  587.394702][T12490] veth0_vlan: entered promiscuous mode
[  587.504270][T12490] veth1_vlan: entered promiscuous mode
[  587.569576][T12490] veth0_macvtap: entered promiscuous mode
[  587.607751][T12490] veth1_macvtap: entered promiscuous mode
[  587.622983][T12490] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  587.636058][T12490] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  587.647708][T12490] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  587.658647][T12490] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  587.668508][T12490] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  587.679014][T12490] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  587.694996][T12490] batman_adv: batadv0: Interface activated: batadv_slave_0
[  587.713302][T12490] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  587.724887][T12490] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  587.738149][T12491] Bluetooth: hci0: command tx timeout
[  587.743552][T12490] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  587.754783][T12490] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  587.766435][T12490] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  587.778685][T12490] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  587.789699][T12490] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  587.800549][T12490] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  587.812885][T12490] batman_adv: batadv0: Interface activated: batadv_slave_1
[  587.828600][T12490] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  587.837871][   T10] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  587.845532][T12490] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  587.858137][T12490] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  587.867194][T12490] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  587.982792][ T1154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  587.993925][ T1154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  588.009038][   T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  588.032565][   T10] usb 4-1: New USB device found, idVendor=07c0, idProduct=1125, bcdDevice= 0.00
[  588.043431][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  588.055397][   T10] usb 4-1: config 0 descriptor??
[  588.071050][ T7201] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  588.080531][ T7201] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  588.104014][   T30] audit: type=1400 audit(1746137995.194:1158): avc:  denied  { mounton } for  pid=12490 comm="syz-executor" path="/root/syzkaller.FZsRDs/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  588.134960][   T30] audit: type=1400 audit(1746137995.224:1159): avc:  denied  { mounton } for  pid=12490 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  588.195270][T12619] syz_tun: entered allmulticast mode
[  588.209926][T12619] team0: No ports can be present during mode change
[  588.231959][T12619] netlink: 'syz.5.1704': attribute type 8 has an invalid length.
[  588.266731][   T30] audit: type=1400 audit(1746137995.364:1160): avc:  denied  { listen } for  pid=12615 comm="syz.3.1740" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  588.305331][T12618] syz_tun: left allmulticast mode
[  589.356627][   T10] vrc2 0003:07C0:1125.0008: fixing up VRC-2 report descriptor
[  589.376513][   T10] input: HID 07c0:1125 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:07C0:1125.0008/input/input51
[  589.437810][T12631] binder: 12630:12631 ioctl 4018620d 0 returned -22
[  589.816898][T12491] Bluetooth: hci0: command tx timeout
[  589.925791][   T10] vrc2 0003:07C0:1125.0008: input,hidraw0: USB HID v0.00 Joystick [HID 07c0:1125] on usb-dummy_hcd.3-1/input0
[  590.013300][   T10] usb 4-1: USB disconnect, device number 30
[  590.675662][   T30] audit: type=1400 audit(1746137997.754:1161): avc:  denied  { write } for  pid=12652 comm="syz.2.1751" name="snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  590.852006][T12658] netlink: 87 bytes leftover after parsing attributes in process `syz.1.1750'.
[  593.833338][T12694] 9pnet: Found fid 0 not clunked
[  593.919602][T12698] netlink: 'syz.5.1760': attribute type 1 has an invalid length.
[  593.977177][T12698] (unnamed net_device) (uninitialized): Unable to set peer notification delay as MII monitoring is disabled
[  594.402828][  T971] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[  594.555860][  T971] usb 4-1: Using ep0 maxpacket: 32
[  594.562666][  T971] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  594.573785][  T971] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  594.584418][  T971] usb 4-1: New USB device found, idVendor=0458, idProduct=0138, bcdDevice= 0.00
[  594.593524][  T971] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  594.601708][  T971] usb 4-1: SerialNumber: syz
[  594.608421][  T971] usb 4-1: config 0 descriptor??
[  594.976590][T12701] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  594.987298][T12701] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  595.120615][T12721] netlink: 87 bytes leftover after parsing attributes in process `syz.5.1766'.
[  597.578760][   T30] audit: type=1400 audit(1746138004.564:1162): avc:  denied  { ioctl } for  pid=12700 comm="syz.3.1762" path="socket:[42790]" dev="sockfs" ino=42790 ioctlcmd=0x8926 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[  597.720972][T12745] netlink: 87 bytes leftover after parsing attributes in process `syz.1.1773'.
[  598.095464][  T971] usbhid 4-1:0.0: can't add hid device: -71
[  598.286313][  T971] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  598.310890][  T971] usb 4-1: USB disconnect, device number 31
[  598.503202][T12754] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1776'.
[  598.513564][T12754] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1776'.
[  598.525079][T12754] netlink: 'syz.1.1776': attribute type 21 has an invalid length.
[  598.533239][T12754] netlink: 'syz.1.1776': attribute type 20 has an invalid length.
[  599.096703][T12763] netlink: 87 bytes leftover after parsing attributes in process `syz.1.1777'.
[  599.849522][T12772] netlink: 108 bytes leftover after parsing attributes in process `syz.1.1779'.
[  599.870028][T12773] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1778'.
[  599.917214][T12772] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1779'.
[  600.057741][T12773] batadv0: left allmulticast mode
[  600.071154][T12773] batadv0: left promiscuous mode
[  600.081396][T12773] bridge0: port 4(batadv0) entered disabled state
[  600.118377][T12773] netdevsim netdevsim3 netdevsim0: left allmulticast mode
[  600.126720][T12773] netdevsim netdevsim3 netdevsim0: left promiscuous mode
[  600.145405][T12773] bridge0: port 3(netdevsim0) entered disabled state
[  600.721112][T12773] bridge_slave_1: left allmulticast mode
[  600.728375][T12773] bridge_slave_1: left promiscuous mode
[  600.737835][T12773] bridge0: port 2(bridge_slave_1) entered disabled state
[  600.749882][T12773] bridge_slave_0: left allmulticast mode
[  600.800049][T12773] bridge_slave_0: left promiscuous mode
[  600.817583][T12773] bridge0: port 1(bridge_slave_0) entered disabled state
[  602.939206][T12809] netlink: 87 bytes leftover after parsing attributes in process `syz.2.1785'.
[  603.358822][T12812] fuse: Unknown parameter ''
[  603.449022][ T5874] Process accounting resumed
[  603.620901][T12813] Process accounting resumed
[  604.693295][T12833] netlink: 108 bytes leftover after parsing attributes in process `syz.1.1791'.
[  605.617794][  T971] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  606.394196][  T971] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 64, using maximum allowed: 30
[  606.474344][  T971] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 64
[  606.742839][  T971] usb 3-1: New USB device found, idVendor=0c45, idProduct=608f, bcdDevice=b5.55
[  606.754860][T12854] netdevsim netdevsim0: Direct firmware load for ./file0 failed with error -2
[  606.764624][T12854] netdevsim netdevsim0: Falling back to sysfs fallback for: ./file0
[  606.774734][   T30] audit: type=1400 audit(606.727:1163): avc:  denied  { firmware_load } for  pid=12852 comm="syz.0.1796" scontext=system_u:system_r:kernel_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  606.874832][  T971] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  606.929414][  T971] usb 3-1: Product: syz
[  606.947422][  T971] usb 3-1: Manufacturer: syz
[  606.964995][  T971] usb 3-1: config 0 descriptor??
[  606.982229][  T971] usb 3-1: can't set config #0, error -71
[  607.477117][ T5862] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[  607.484906][    C1] raw-gadget.0 gadget.3: ignoring, device is not running
[  607.568083][  T971] usb 3-1: USB disconnect, device number 23
[  607.635630][ T5862] usb 4-1: device descriptor read/64, error -32
[  607.885776][ T5862] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[  609.315947][ T5862] usb 4-1: device descriptor read/64, error -71
[  609.439708][ T5862] usb usb4-port1: attempt power cycle
[  609.664508][T12887] netlink: 87 bytes leftover after parsing attributes in process `syz.5.1804'.
[  610.056688][ T5862] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  610.389277][ T5862] usb 4-1: device not accepting address 34, error -71
[  610.741387][T12892] tipc: Started in network mode
[  610.758748][T12892] tipc: Node identity 4, cluster identity 4711
[  610.780878][T12892] tipc: Node number set to 4
[  610.909330][T12898] netlink: 108 bytes leftover after parsing attributes in process `syz.1.1807'.
[  612.823495][T12943] netlink: 87 bytes leftover after parsing attributes in process `syz.1.1818'.
[  613.652448][T12959] FAULT_INJECTION: forcing a failure.
[  613.652448][T12959] name failslab, interval 1, probability 0, space 0, times 0
[  613.775598][T12959] CPU: 0 UID: 0 PID: 12959 Comm: syz.0.1821 Not tainted 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) 
[  613.775622][T12959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  613.775631][T12959] Call Trace:
[  613.775637][T12959]  <TASK>
[  613.775644][T12959]  dump_stack_lvl+0x16c/0x1f0
[  613.775669][T12959]  should_fail_ex+0x512/0x640
[  613.775694][T12959]  should_failslab+0xc2/0x120
[  613.775711][T12959]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  613.775737][T12959]  ? skb_clone+0x190/0x3f0
[  613.775755][T12959]  skb_clone+0x190/0x3f0
[  613.775772][T12959]  netlink_deliver_tap+0xabd/0xd30
[  613.775795][T12959]  netlink_unicast+0x5df/0x7f0
[  613.775817][T12959]  ? __pfx_netlink_unicast+0x10/0x10
[  613.775842][T12959]  netlink_sendmsg+0x8d1/0xdd0
[  613.775865][T12959]  ? __pfx_netlink_sendmsg+0x10/0x10
[  613.775893][T12959]  ____sys_sendmsg+0xa95/0xc70
[  613.775915][T12959]  ? copy_msghdr_from_user+0x10a/0x160
[  613.775931][T12959]  ? __pfx_____sys_sendmsg+0x10/0x10
[  613.775963][T12959]  ___sys_sendmsg+0x134/0x1d0
[  613.775981][T12959]  ? __pfx____sys_sendmsg+0x10/0x10
[  613.776028][T12959]  __sys_sendmsg+0x16d/0x220
[  613.776045][T12959]  ? __pfx___sys_sendmsg+0x10/0x10
[  613.776068][T12959]  ? rcu_is_watching+0x12/0xc0
[  613.776095][T12959]  do_syscall_64+0xcd/0x260
[  613.776118][T12959]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  613.776135][T12959] RIP: 0033:0x7f96c7f8e969
[  613.776148][T12959] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  613.776164][T12959] RSP: 002b:00007f96c5df6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  613.776180][T12959] RAX: ffffffffffffffda RBX: 00007f96c81b5fa0 RCX: 00007f96c7f8e969
[  613.776191][T12959] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[  613.776201][T12959] RBP: 00007f96c5df6090 R08: 0000000000000000 R09: 0000000000000000
[  613.776211][T12959] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  613.776220][T12959] R13: 0000000000000000 R14: 00007f96c81b5fa0 R15: 00007fff9e6480e8
[  613.776242][T12959]  </TASK>
[  615.838799][   T30] audit: type=1400 audit(615.807:1164): avc:  denied  { setopt } for  pid=12981 comm="syz.0.1826" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  616.015628][ T5874] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  616.617233][ T5874] usb 3-1: config 0 has no interfaces?
[  616.633331][ T5874] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  616.664946][T13002] veth0_vlan: left promiscuous mode
[  616.673090][ T5874] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  616.697937][T13002] veth0_vlan: entered promiscuous mode
[  616.719193][ T5874] usb 3-1: config 0 descriptor??
[  616.934981][T12978] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  616.966608][    T9] IPVS: starting estimator thread 0...
[  617.076693][T13016] IPVS: using max 44 ests per chain, 105600 per kthread
[  617.106034][T12978] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  617.233757][   T30] audit: type=1400 audit(617.147:1165): avc:  denied  { watch } for  pid=13014 comm="syz.1.1831" path="/proc/1335/fdinfo" dev="proc" ino=43653 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[  617.305787][    T9] usb 3-1: USB disconnect, device number 24
[  617.462133][T13026] syz_tun: entered allmulticast mode
[  617.486373][T13026] team0: No ports can be present during mode change
[  617.501478][T12986] Bluetooth: MGMT ver 1.23
[  617.514970][T12986] Bluetooth: hci0: invalid len left 7, exp >= 195
[  617.522513][T13026] netlink: 'syz.1.1833': attribute type 8 has an invalid length.
[  617.533421][T13025] syz_tun: left allmulticast mode
[  617.735670][ T5874] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  617.825688][  T971] usb 6-1: new low-speed USB device number 2 using dummy_hcd
[  617.895704][ T5874] usb 3-1: Using ep0 maxpacket: 16
[  617.923980][ T5874] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  617.969607][ T5874] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  618.020326][  T971] usb 6-1: config 0 has an invalid interface number: 181 but max is 0
[  618.047778][ T5874] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 1.40
[  618.077851][  T971] usb 6-1: config 0 has no interface number 0
[  618.094302][ T5874] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  618.137439][  T971] usb 6-1: New USB device found, idVendor=0545, idProduct=8080, bcdDevice= 3.01
[  618.151694][ T5874] usb 3-1: Product: syz
[  618.170802][ T5874] usb 3-1: Manufacturer: syz
[  618.190079][  T971] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  618.203675][ T5874] usb 3-1: SerialNumber: syz
[  618.259739][  T971] usb 6-1: config 0 descriptor??
[  618.487112][  T971] usb 6-1: USB disconnect, device number 2
[  618.494589][T12978] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  618.505859][T12978] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  618.964406][   T30] audit: type=1400 audit(618.927:1166): avc:  denied  { mount } for  pid=13048 comm="syz.3.1839" name="/" dev="configfs" ino=1051 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1
[  618.996341][   T30] audit: type=1400 audit(618.967:1167): avc:  denied  { search } for  pid=13048 comm="syz.3.1839" name="/" dev="configfs" ino=1051 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  619.021705][   T30] audit: type=1400 audit(618.987:1168): avc:  denied  { read } for  pid=13048 comm="syz.3.1839" name="/" dev="configfs" ino=1051 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  619.046210][   T30] audit: type=1400 audit(618.987:1169): avc:  denied  { open } for  pid=13048 comm="syz.3.1839" path="/" dev="configfs" ino=1051 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  620.425244][T13058] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  620.767781][ T5874] usb 3-1: 0:2 : does not exist
[  620.926153][ T5874] usb 3-1: USB disconnect, device number 25
[  623.889255][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  624.354812][T13130] overlayfs: failed to get inode (-116)
[  624.362958][T13130] overlayfs: failed to get inode (-116)
[  624.392750][T13130] overlayfs: failed to get inode (-116)
[  624.405589][T13130] overlayfs: failed to get inode (-116)
[  624.434487][T13130] overlayfs: failed to get inode (-116)
[  624.452938][T13130] overlayfs: failed to get inode (-116)
[  624.477526][T13130] overlayfs: failed to get inode (-116)
[  624.500195][T13130] overlayfs: failed to get inode (-116)
[  624.509210][T13130] overlayfs: failed to get inode (-116)
[  624.517197][T13130] overlayfs: failed to get inode (-116)
[  624.612755][T13126] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  624.688586][T13115] delete_channel: no stack
[  625.327029][T13151] input: syz1 as /devices/virtual/input/input52
[  628.080404][T13186] input: syz1 as /devices/virtual/input/input53
[  628.475933][    T9] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  629.035932][    T9] usb 6-1: Using ep0 maxpacket: 8
[  629.188362][    T9] usb 6-1: New USB device found, idVendor=046d, idProduct=08dd, bcdDevice=ff.f4
[  629.204724][    T9] usb 6-1: New USB device strings: Mfr=8, Product=2, SerialNumber=3
[  629.215668][    T9] usb 6-1: Product: syz
[  629.223841][    T9] usb 6-1: Manufacturer: syz
[  629.299277][T13195] netlink: 87 bytes leftover after parsing attributes in process `syz.2.1878'.
[  629.765610][    T9] usb 6-1: SerialNumber: syz
[  629.772354][    T9] usb 6-1: config 0 descriptor??
[  629.789478][    T9] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08dd
[  630.085708][ T5916] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  630.130996][    T9] gspca_zc3xx: reg_w_i err -71
[  630.152310][    T9] gspca_zc3xx 6-1:0.0: probe with driver gspca_zc3xx failed with error -71
[  630.172708][    T9] usb 6-1: USB disconnect, device number 3
[  630.295751][ T5916] usb 3-1: Using ep0 maxpacket: 8
[  630.406016][ T5916] usb 3-1: config 0 has an invalid interface number: 130 but max is 0
[  630.417385][ T5916] usb 3-1: config 0 has no interface number 0
[  630.423479][ T5916] usb 3-1: too many endpoints for config 0 interface 130 altsetting 82: 228, using maximum allowed: 30
[  630.436338][ T5916] usb 3-1: config 0 interface 130 altsetting 82 has 0 endpoint descriptors, different from the interface descriptor's value: 228
[  630.916674][ T5916] usb 3-1: config 0 interface 130 has no altsetting 0
[  630.923517][ T5916] usb 3-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  630.932981][ T5916] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  630.943331][ T5916] usb 3-1: config 0 descriptor??
[  632.146904][ T5916] usb 3-1: string descriptor 0 read error: -71
[  632.159724][ T5916] asix 3-1:0.130 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  632.183339][ T5916] asix 3-1:0.130: probe with driver asix failed with error -71
[  632.333583][   T30] audit: type=1400 audit(632.287:1170): avc:  denied  { append } for  pid=13221 comm="syz.5.1885" name="loop6" dev="devtmpfs" ino=653 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  632.346322][T13223] loop6: detected capacity change from 0 to 63
[  632.365798][ T5916] usb 3-1: USB disconnect, device number 26
[  632.380600][T13225] Buffer I/O error on dev loop6, logical block 0, async page read
[  632.436099][T13225] Buffer I/O error on dev loop6, logical block 1, async page read
[  632.446185][   T30] audit: type=1400 audit(632.347:1171): avc:  denied  { map } for  pid=13221 comm="syz.5.1885" path="/dev/loop6" dev="devtmpfs" ino=653 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  632.476905][T13225] Buffer I/O error on dev loop6, logical block 2, async page read
[  632.487759][T13225] Buffer I/O error on dev loop6, logical block 3, async page read
[  632.515090][T13225] Buffer I/O error on dev loop6, logical block 0, async page read
[  632.534426][   T30] audit: type=1400 audit(632.347:1172): avc:  denied  { execute } for  pid=13221 comm="syz.5.1885" path="/dev/loop6" dev="devtmpfs" ino=653 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  632.578318][T13225] Buffer I/O error on dev loop6, logical block 1, async page read
[  632.603414][T13225] Buffer I/O error on dev loop6, logical block 2, async page read
[  632.621537][T13225] Buffer I/O error on dev loop6, logical block 3, async page read
[  632.630161][T13230] Buffer I/O error on dev loop6, logical block 0, async page read
[  633.197581][T13230] Buffer I/O error on dev loop6, logical block 1, async page read
[  633.235640][ T5863] usb 4-1: new high-speed USB device number 36 using dummy_hcd
[  633.260649][   T30] audit: type=1400 audit(633.227:1173): avc:  denied  { getopt } for  pid=13240 comm="syz.0.1890" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  633.406992][ T5863] usb 4-1: Using ep0 maxpacket: 8
[  633.422000][ T5863] usb 4-1: unable to get BOS descriptor or descriptor too short
[  633.443765][ T5863] usb 4-1: config 0 has an invalid interface number: 88 but max is 0
[  633.461226][ T5863] usb 4-1: config 0 has no interface number 0
[  633.478191][ T5863] usb 4-1: config 0 interface 88 altsetting 8 endpoint 0x86 has an invalid bInterval 32, changing to 9
[  633.510318][ T5863] usb 4-1: config 0 interface 88 altsetting 8 endpoint 0x86 has invalid maxpacket 25479, setting to 1024
[  633.522012][ T5863] usb 4-1: config 0 interface 88 has no altsetting 0
[  633.535612][ T5863] usb 4-1: New USB device found, idVendor=0460, idProduct=0004, bcdDevice=96.31
[  633.544815][ T5863] usb 4-1: New USB device strings: Mfr=1, Product=84, SerialNumber=3
[  633.555253][ T5863] usb 4-1: Product: syz
[  633.559475][ T5863] usb 4-1: Manufacturer: syz
[  633.564164][ T5863] usb 4-1: SerialNumber: syz
[  633.579740][ T5863] usb 4-1: config 0 descriptor??
[  634.288039][ T5863] input: syz syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.88/input/input54
[  634.355076][ T5863] usb 4-1: USB disconnect, device number 36
[  634.401881][   T30] audit: type=1326 audit(634.367:1174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13254 comm="syz.5.1896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f318998e969 code=0x7ffc0000
[  634.404573][T13255] FAULT_INJECTION: forcing a failure.
[  634.404573][T13255] name failslab, interval 1, probability 0, space 0, times 0
[  634.428396][   T30] audit: type=1326 audit(634.367:1175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13254 comm="syz.5.1896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f318998e969 code=0x7ffc0000
[  634.531749][T13255] CPU: 1 UID: 0 PID: 13255 Comm: syz.5.1896 Not tainted 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) 
[  634.531774][T13255] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  634.531784][T13255] Call Trace:
[  634.531789][T13255]  <TASK>
[  634.531796][T13255]  dump_stack_lvl+0x16c/0x1f0
[  634.531821][T13255]  should_fail_ex+0x512/0x640
[  634.531841][T13255]  ? __kmalloc_noprof+0xbf/0x510
[  634.531867][T13255]  ? shmem_initxattrs+0x168/0x5b0
[  634.531886][T13255]  should_failslab+0xc2/0x120
[  634.531902][T13255]  __kmalloc_noprof+0xd2/0x510
[  634.531931][T13255]  shmem_initxattrs+0x168/0x5b0
[  634.531951][T13255]  ? evm_inode_init_security+0x237/0x320
[  634.531977][T13255]  security_inode_init_security+0x26b/0x390
[  634.531995][T13255]  ? __pfx_shmem_initxattrs+0x10/0x10
[  634.532015][T13255]  ? __pfx_security_inode_init_security+0x10/0x10
[  634.532038][T13255]  shmem_mknod+0x22e/0x450
[  634.532064][T13255]  ? __pfx_shmem_create+0x10/0x10
[  634.532084][T13255]  lookup_open.isra.0+0x11d0/0x1580
[  634.532112][T13255]  ? __pfx_lookup_open.isra.0+0x10/0x10
[  634.532147][T13255]  ? __pfx_down_write+0x10/0x10
[  634.532168][T13255]  ? mnt_get_write_access+0x20c/0x300
[  634.532192][T13255]  path_openat+0x905/0x2d40
[  634.532227][T13255]  ? __pfx_path_openat+0x10/0x10
[  634.532266][T13255]  do_filp_open+0x20b/0x470
[  634.532290][T13255]  ? __pfx_do_filp_open+0x10/0x10
[  634.532332][T13255]  ? alloc_fd+0x471/0x7d0
[  634.532363][T13255]  do_sys_openat2+0x11b/0x1d0
[  634.532382][T13255]  ? __pfx_do_sys_openat2+0x10/0x10
[  634.532410][T13255]  __do_sys_openat2+0x1c0/0x2d0
[  634.532428][T13255]  ? __pfx___do_sys_openat2+0x10/0x10
[  634.532445][T13255]  ? ksys_write+0x1b9/0x240
[  634.532469][T13255]  ? __secure_computing+0x28e/0x3b0
[  634.532496][T13255]  do_syscall_64+0xcd/0x260
[  634.532517][T13255]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  634.532536][T13255] RIP: 0033:0x7f318998e969
[  634.532549][T13255] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  634.532564][T13255] RSP: 002b:00007f318a7fc038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b5
[  634.532580][T13255] RAX: ffffffffffffffda RBX: 00007f3189bb5fa0 RCX: 00007f318998e969
[  634.532591][T13255] RDX: 00002000000001c0 RSI: 0000200000000100 RDI: ffffffffffffff9c
[  634.532601][T13255] RBP: 00007f318a7fc090 R08: 0000000000000000 R09: 0000000000000000
[  634.532611][T13255] R10: 0000000000000018 R11: 0000000000000246 R12: 0000000000000002
[  634.532621][T13255] R13: 0000000000000000 R14: 00007f3189bb5fa0 R15: 00007ffe133b1828
[  634.532644][T13255]  </TASK>
[  634.538450][   T30] audit: type=1326 audit(634.367:1176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13254 comm="syz.5.1896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f318998d2d0 code=0x7ffc0000
[  634.815725][   T30] audit: type=1326 audit(634.367:1177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13254 comm="syz.5.1896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f318998d41f code=0x7ffc0000
[  634.840044][   T30] audit: type=1326 audit(634.367:1178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13254 comm="syz.5.1896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=437 compat=0 ip=0x7f318998e969 code=0x7ffc0000
[  635.171567][   T30] audit: type=1326 audit(634.837:1179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13254 comm="syz.5.1896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7f318998d37c code=0x7ffc0000
[  638.472239][T13320] netlink: 87 bytes leftover after parsing attributes in process `syz.5.1911'.
[  638.676149][T13328] FAULT_INJECTION: forcing a failure.
[  638.676149][T13328] name failslab, interval 1, probability 0, space 0, times 0
[  638.697558][T13328] CPU: 1 UID: 0 PID: 13328 Comm: syz.3.1914 Not tainted 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) 
[  638.697583][T13328] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  638.697593][T13328] Call Trace:
[  638.697598][T13328]  <TASK>
[  638.697605][T13328]  dump_stack_lvl+0x16c/0x1f0
[  638.697630][T13328]  should_fail_ex+0x512/0x640
[  638.697650][T13328]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  638.697677][T13328]  should_failslab+0xc2/0x120
[  638.697694][T13328]  __kmalloc_cache_noprof+0x6a/0x3e0
[  638.697717][T13328]  ? mac802154_llsec_dev_add+0x32c/0x950
[  638.697741][T13328]  mac802154_llsec_dev_add+0x32c/0x950
[  638.697766][T13328]  mac802154_add_dev+0x79/0xa0
[  638.697791][T13328]  ieee802154_llsec_add_dev+0x5b9/0x7b0
[  638.697815][T13328]  ? __pfx_ieee802154_llsec_add_dev+0x10/0x10
[  638.697833][T13328]  ? rcu_is_watching+0x12/0xc0
[  638.697862][T13328]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  638.697886][T13328]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  638.697919][T13328]  genl_family_rcv_msg_doit+0x206/0x2f0
[  638.697942][T13328]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  638.697971][T13328]  ? bpf_lsm_capable+0x9/0x10
[  638.697984][T13328]  ? security_capable+0x7e/0x260
[  638.698009][T13328]  genl_rcv_msg+0x55c/0x800
[  638.698032][T13328]  ? __pfx_genl_rcv_msg+0x10/0x10
[  638.698054][T13328]  ? __pfx_ieee802154_llsec_add_dev+0x10/0x10
[  638.698076][T13328]  ? __lock_acquire+0xaa4/0x1ba0
[  638.698105][T13328]  netlink_rcv_skb+0x16a/0x440
[  638.698124][T13328]  ? __pfx_genl_rcv_msg+0x10/0x10
[  638.698145][T13328]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  638.698175][T13328]  ? __pfx_down_read+0x10/0x10
[  638.698199][T13328]  ? netlink_deliver_tap+0x1ae/0xd30
[  638.698219][T13328]  genl_rcv+0x28/0x40
[  638.698236][T13328]  netlink_unicast+0x53a/0x7f0
[  638.698257][T13328]  ? __pfx_netlink_unicast+0x10/0x10
[  638.698282][T13328]  netlink_sendmsg+0x8d1/0xdd0
[  638.698305][T13328]  ? __pfx_netlink_sendmsg+0x10/0x10
[  638.698332][T13328]  ____sys_sendmsg+0xa95/0xc70
[  638.698353][T13328]  ? copy_msghdr_from_user+0x10a/0x160
[  638.698369][T13328]  ? __pfx_____sys_sendmsg+0x10/0x10
[  638.698401][T13328]  ___sys_sendmsg+0x134/0x1d0
[  638.698419][T13328]  ? __pfx____sys_sendmsg+0x10/0x10
[  638.698468][T13328]  __sys_sendmsg+0x16d/0x220
[  638.698484][T13328]  ? __pfx___sys_sendmsg+0x10/0x10
[  638.698507][T13328]  ? rcu_is_watching+0x12/0xc0
[  638.698532][T13328]  do_syscall_64+0xcd/0x260
[  638.698555][T13328]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  638.698570][T13328] RIP: 0033:0x7f2184f8e969
[  638.698582][T13328] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  638.698597][T13328] RSP: 002b:00007f2185e09038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  638.698613][T13328] RAX: ffffffffffffffda RBX: 00007f21851b5fa0 RCX: 00007f2184f8e969
[  638.698623][T13328] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000007
[  638.698632][T13328] RBP: 00007f2185e09090 R08: 0000000000000000 R09: 0000000000000000
[  638.698642][T13328] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  638.698650][T13328] R13: 0000000000000000 R14: 00007f21851b5fa0 R15: 00007ffc22b33048
[  638.698673][T13328]  </TASK>
[  639.217532][T13333] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1917'.
[  640.195472][T13355] veth0_vlan: left promiscuous mode
[  640.204730][T13355] veth0_vlan: entered promiscuous mode
[  640.444037][T13353] overlayfs: failed to get inode (-116)
[  640.484493][T13353] overlayfs: failed to get inode (-116)
[  640.562209][T13357] overlayfs: failed to get inode (-116)
[  640.573653][T13358] overlayfs: failed to get inode (-116)
[  640.581581][T13357] overlayfs: failed to get inode (-116)
[  640.589488][T13358] overlayfs: failed to get inode (-116)
[  640.599795][T13353] overlayfs: failed to get inode (-116)
[  640.605862][T13353] overlayfs: failed to get inode (-116)
[  640.612771][T13353] overlayfs: failed to get inode (-116)
[  640.632539][T13353] overlayfs: failed to get inode (-116)
[  641.328691][T13370] overlayfs: missing 'lowerdir'
[  643.302341][T13394] binder: 13393:13394 ioctl 4018620d 0 returned -22
[  643.455898][ T5874] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  644.344090][ T5874] usb 3-1: New USB device found, idVendor=1b80, idProduct=e396, bcdDevice=a7.b1
[  644.353599][ T5874] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  644.528900][ T5874] usb 3-1: config 0 descriptor??
[  644.538309][ T5874] usb 3-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  644.546766][ T5874] dvb_usb_af9015 3-1:0.0: probe with driver dvb_usb_af9015 failed with error -22
[  644.745906][    T9] usb 6-1: new low-speed USB device number 4 using dummy_hcd
[  644.761552][T13407] sp0: Synchronizing with TNC
[  644.799349][   T30] kauditd_printk_skb: 7 callbacks suppressed
[  644.799362][   T30] audit: type=1400 audit(644.767:1187): avc:  denied  { append } for  pid=13386 comm="syz.2.1931" name="autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  644.882464][   T30] audit: type=1400 audit(644.847:1188): avc:  denied  { listen } for  pid=13411 comm="syz.3.1938" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1
[  644.949283][T13412] sctp: [Deprecated]: syz.3.1938 (pid 13412) Use of struct sctp_assoc_value in delayed_ack socket option.
[  644.949283][T13412] Use struct sctp_sack_info instead
[  644.967954][    T9] usb 6-1: unable to get BOS descriptor or descriptor too short
[  644.977324][    T9] usb 6-1: config index 0 descriptor too short (expected 2084, got 36)
[  644.995004][    T9] usb 6-1: config 1 interface 0 altsetting 207 endpoint 0x81 has invalid maxpacket 16, setting to 8
[  645.006405][    T9] usb 6-1: config 1 interface 0 has no altsetting 0
[  645.013534][    T9] usb 6-1: language id specifier not provided by device, defaulting to English
[  645.023556][ T5874] usb 3-1: USB disconnect, device number 27
[  645.139486][    T9] usb 6-1: New USB device found, idVendor=1130, idProduct=3101, bcdDevice= 0.40
[  645.148610][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  645.156770][    T9] usb 6-1: Manufacturer: 㬋ﮬ뜞䆌ᙳᾴ⢓��램닆芚פֿ�掎묗䷄㪭毦祒ꂄ⪕㇗��㢽꺗ꪒ悓䒬簾叼딶�羔⊽㍣︮疊㭶笠睪闣韩仔齄撎랙椱ᩊ๿匼娝疂䄨蛽홺�㶱〡糒솜�嫳⒍��帔蚚幾캧㝢�깽╜틻�뜧ࠩ鏪躉렉�辵钝芓徂㞝�
[  645.197974][T13402] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22
[  645.699148][T13418] netlink: 'syz.1.1940': attribute type 30 has an invalid length.
[  645.716586][T13418] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  645.725345][T13418] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  645.734695][T13418] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  645.743513][T13418] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  645.783152][T13419] overlayfs: upper fs does not support file handles, falling back to index=off.
[  645.795412][T13418] netdevsim netdevsim1 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  645.804705][T13418] netdevsim netdevsim1 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  645.813870][T13418] netdevsim netdevsim1 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  645.822791][T13418] netdevsim netdevsim1 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  645.862994][T13402] SELinux: failed to load policy
[  646.250890][    T9] usbhid 6-1:1.0: can't add hid device: -71
[  646.264543][    T9] usbhid 6-1:1.0: probe with driver usbhid failed with error -71
[  646.925642][    T9] usb 6-1: USB disconnect, device number 4
[  647.022356][T13435] binder: 13434:13435 ioctl 4018620d 0 returned -22
[  647.232357][T13440] netlink: 87 bytes leftover after parsing attributes in process `syz.0.1944'.
[  650.845648][ T5916] usb 4-1: new high-speed USB device number 37 using dummy_hcd
[  651.025691][ T5916] usb 4-1: Using ep0 maxpacket: 32
[  651.049443][ T5916] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  651.291096][ T5916] usb 4-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  651.318925][ T5916] usb 4-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  651.342601][ T5916] usb 4-1: Product: syz
[  651.352925][ T5916] usb 4-1: Manufacturer: syz
[  651.362219][ T5916] usb 4-1: SerialNumber: syz
[  651.374000][ T5916] usb 4-1: config 0 descriptor??
[  651.403724][T13472] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  651.529431][T13489] veth0_vlan: entered allmulticast mode
[  651.689233][T13491] netlink: 87 bytes leftover after parsing attributes in process `syz.0.1958'.
[  652.061065][T13486] veth0_vlan: left promiscuous mode
[  652.401335][T13486] veth0_vlan: entered promiscuous mode
[  653.335658][ T5862] usb 4-1: USB disconnect, device number 37
[  654.381066][T13512] binder: 13508:13512 ioctl 4018620d 0 returned -22
[  655.116098][    T9] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  655.307969][    T9] usb 3-1: New USB device found, idVendor=1b80, idProduct=e396, bcdDevice=a7.b1
[  655.338055][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  655.408524][    T9] usb 3-1: config 0 descriptor??
[  655.427158][    T9] usb 3-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  655.449301][    T9] dvb_usb_af9015 3-1:0.0: probe with driver dvb_usb_af9015 failed with error -22
[  656.174549][T13542] netlink: 'syz.3.1970': attribute type 1 has an invalid length.
[  656.219007][T13542] 8021q: adding VLAN 0 to HW filter on device bond1
[  656.230746][   T30] audit: type=1400 audit(656.197:1189): avc:  denied  { listen } for  pid=13524 comm="syz.5.1967" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  656.468885][T13545] bond1: (slave veth3): Enslaving as an active interface with a down link
[  656.493618][T13542] bond1: (slave dummy0): making interface the new active one
[  656.508158][    T9] usb 3-1: USB disconnect, device number 28
[  656.545350][T13542] dummy0: entered promiscuous mode
[  656.554016][T13542] bond1: (slave dummy0): Enslaving as an active interface with an up link
[  656.641867][T13552] veth0_vlan: left promiscuous mode
[  656.648580][T13552] veth0_vlan: entered promiscuous mode
[  657.059614][T13561] veth0_vlan: left promiscuous mode
[  657.084151][T13561] veth0_vlan: entered promiscuous mode
[  657.124312][T13563] binder: 13562:13563 ioctl 4018620d 0 returned -22
[  657.150969][ T5862] IPVS: starting estimator thread 0...
[  657.273451][T13568] IPVS: using max 41 ests per chain, 98400 per kthread
[  660.548576][ T5863] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  660.726547][ T5863] usb 6-1: Using ep0 maxpacket: 32
[  660.743586][ T5863] usb 6-1: config 0 has an invalid interface number: 85 but max is 0
[  660.758658][ T5863] usb 6-1: config 0 has no interface number 0
[  660.764781][ T5863] usb 6-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  660.776110][ T5863] usb 6-1: config 0 interface 85 has no altsetting 0
[  660.806368][T13609] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1987'.
[  660.815502][T13609] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1987'.
[  660.823731][ T5863] usb 6-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  660.830932][    T9] usb 4-1: new high-speed USB device number 38 using dummy_hcd
[  660.886016][T13611] binder: 13610:13611 ioctl 4018620d 0 returned -22
[  660.910403][ T5863] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  660.922130][ T5863] usb 6-1: Product: syz
[  660.926891][ T5863] usb 6-1: Manufacturer: syz
[  660.927248][T13613] FAULT_INJECTION: forcing a failure.
[  660.927248][T13613] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  660.931474][ T5863] usb 6-1: SerialNumber: syz
[  660.950743][T13613] CPU: 1 UID: 0 PID: 13613 Comm: syz.2.1988 Not tainted 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) 
[  660.950767][T13613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  660.950777][T13613] Call Trace:
[  660.950782][T13613]  <TASK>
[  660.950789][T13613]  dump_stack_lvl+0x16c/0x1f0
[  660.950821][T13613]  should_fail_ex+0x512/0x640
[  660.950846][T13613]  _copy_from_user+0x2e/0xd0
[  660.950870][T13613]  copy_msghdr_from_user+0x98/0x160
[  660.950888][T13613]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  660.950915][T13613]  ___sys_sendmsg+0xfe/0x1d0
[  660.950932][T13613]  ? __pfx____sys_sendmsg+0x10/0x10
[  660.950978][T13613]  __sys_sendmsg+0x16d/0x220
[  660.950994][T13613]  ? __pfx___sys_sendmsg+0x10/0x10
[  660.951017][T13613]  ? rcu_is_watching+0x12/0xc0
[  660.951043][T13613]  do_syscall_64+0xcd/0x260
[  660.951065][T13613]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  660.951082][T13613] RIP: 0033:0x7f3b16d8e969
[  660.951095][T13613] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  660.951110][T13613] RSP: 002b:00007f3b17ca9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  660.951127][T13613] RAX: ffffffffffffffda RBX: 00007f3b16fb5fa0 RCX: 00007f3b16d8e969
[  660.951137][T13613] RDX: 0000000020004090 RSI: 0000200000000280 RDI: 0000000000000004
[  660.951147][T13613] RBP: 00007f3b17ca9090 R08: 0000000000000000 R09: 0000000000000000
[  660.951157][T13613] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  660.951167][T13613] R13: 0000000000000000 R14: 00007f3b16fb5fa0 R15: 00007ffe3abe53b8
[  660.951189][T13613]  </TASK>
[  661.136076][    T9] usb 4-1: Using ep0 maxpacket: 32
[  661.143226][    T9] usb 4-1: config 0 has an invalid interface number: 85 but max is 0
[  661.154001][    T9] usb 4-1: config 0 has no interface number 0
[  661.235741][ T5863] usb 6-1: config 0 descriptor??
[  661.342401][T13618] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13618 comm=syz.1.1990
[  661.842167][    T9] usb 4-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  661.853285][    T9] usb 4-1: config 0 interface 85 has no altsetting 0
[  661.862122][    T9] usb 4-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  661.872008][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  661.899075][ T5863] appletouch 6-1:0.85: Geyser mode initialized.
[  661.909436][ T5863] input: appletouch as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.85/input/input56
[  661.925827][    T9] usb 4-1: Product: syz
[  661.930009][    T9] usb 4-1: Manufacturer: syz
[  661.934604][    T9] usb 4-1: SerialNumber: syz
[  661.943186][    T9] usb 4-1: config 0 descriptor??
[  662.448919][ T5863] usb 6-1: USB disconnect, device number 5
[  662.484543][ T5863] appletouch 6-1:0.85: input: appletouch disconnected
[  662.665131][T13630] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  662.716846][    T9] appletouch 4-1:0.85: Geyser mode initialized.
[  662.730563][    T9] input: appletouch as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.85/input/input57
[  662.971598][ T5863] usb 4-1: USB disconnect, device number 38
[  663.005043][ T5863] appletouch 4-1:0.85: input: appletouch disconnected
[  663.124114][T13644] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1998'.
[  663.275648][  T971] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  663.849193][T13651] overlayfs: failed to get inode (-116)
[  663.856048][T13651] overlayfs: failed to get inode (-116)
[  663.872859][T13651] overlayfs: failed to get inode (-116)
[  663.885052][T13651] overlayfs: failed to get inode (-116)
[  663.897551][  T971] usb 6-1: unable to read config index 0 descriptor/start: -61
[  663.905146][  T971] usb 6-1: can't read configurations, error -61
[  664.135729][  T971] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  664.184135][T13659] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13659 comm=syz.3.2003
[  664.616778][  T971] usb 6-1: unable to read config index 0 descriptor/start: -61
[  664.870660][  T971] usb 6-1: can't read configurations, error -61
[  664.917027][  T971] usb usb6-port1: attempt power cycle
[  664.958428][T13665] overlayfs: failed to get inode (-116)
[  664.965281][T13665] overlayfs: failed to get inode (-116)
[  664.980910][T13665] overlayfs: failed to get inode (-116)
[  664.987428][T13665] overlayfs: failed to get inode (-116)
[  664.994041][T13665] overlayfs: failed to get inode (-116)
[  665.002417][T13665] overlayfs: failed to get inode (-116)
[  665.140668][T13672] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2009'.
[  665.149804][T13672] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2009'.
[  665.171834][   T30] audit: type=1400 audit(665.137:1190): avc:  denied  { ioctl } for  pid=13671 comm="syz.0.2009" path="socket:[46831]" dev="sockfs" ino=46831 ioctlcmd=0x48d2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  665.213383][   T30] audit: type=1400 audit(665.137:1191): avc:  denied  { setopt } for  pid=13671 comm="syz.0.2009" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  665.395691][  T971] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  665.446583][  T971] usb 6-1: unable to read config index 0 descriptor/start: -61
[  665.466038][  T971] usb 6-1: can't read configurations, error -61
[  665.616048][  T971] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  665.652759][  T971] usb 6-1: unable to read config index 0 descriptor/start: -61
[  665.663077][  T971] usb 6-1: can't read configurations, error -61
[  665.671764][  T971] usb usb6-port1: unable to enumerate USB device
[  665.715669][ T5914] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  665.865727][ T5914] usb 3-1: Using ep0 maxpacket: 32
[  665.877194][ T5914] usb 3-1: config 0 has an invalid interface number: 85 but max is 0
[  665.889357][ T5914] usb 3-1: config 0 has no interface number 0
[  665.895475][ T5914] usb 3-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  665.909559][ T5914] usb 3-1: config 0 interface 85 has no altsetting 0
[  665.919927][ T5914] usb 3-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  665.931754][ T5914] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  665.939971][ T5914] usb 3-1: Product: syz
[  665.944130][ T5914] usb 3-1: Manufacturer: syz
[  665.990195][ T5914] usb 3-1: SerialNumber: syz
[  665.997882][ T5914] usb 3-1: config 0 descriptor??
[  666.026929][ T5862] usb 4-1: new high-speed USB device number 39 using dummy_hcd
[  666.379086][ T5862] usb 4-1: config 0 has an invalid interface number: 112 but max is 0
[  666.460856][ T5862] usb 4-1: config 0 has no interface number 0
[  666.497329][ T5862] usb 4-1: too many endpoints for config 0 interface 112 altsetting 112: 234, using maximum allowed: 30
[  666.518953][ T5862] usb 4-1: config 0 interface 112 altsetting 112 has 0 endpoint descriptors, different from the interface descriptor's value: 234
[  666.543291][ T5862] usb 4-1: config 0 interface 112 has no altsetting 0
[  666.552586][ T5862] usb 4-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  666.562643][ T5862] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  666.573434][ T5862] usb 4-1: config 0 descriptor??
[  667.389395][ T5914] appletouch 3-1:0.85: Geyser mode initialized.
[  667.405439][ T5914] input: appletouch as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.85/input/input58
[  667.660297][ T5914] usb 3-1: USB disconnect, device number 29
[  667.818419][T13706] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13706 comm=syz.5.2017
[  668.060184][ T5914] appletouch 3-1:0.85: input: appletouch disconnected
[  668.066043][   T30] audit: type=1400 audit(668.027:1192): avc:  denied  { ioctl } for  pid=13679 comm="syz.3.2011" path="/dev/fb0" dev="devtmpfs" ino=629 ioctlcmd=0x4620 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  669.017375][    T9] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  669.289152][    T9] usb 6-1: Using ep0 maxpacket: 32
[  669.310380][    T9] usb 6-1: config 0 interface 0 has no altsetting 0
[  669.319984][    T9] usb 6-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  669.329985][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  669.342123][    T9] usb 6-1: Product: syz
[  669.351481][    T9] usb 6-1: Manufacturer: syz
[  669.362874][    T9] usb 6-1: SerialNumber: syz
[  669.388310][    T9] usb 6-1: config 0 descriptor??
[  669.617078][T13713] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  669.635699][T13713] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  669.650279][T13713] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  669.659546][T13713] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  669.806537][T13723] netlink: 'syz.0.2022': attribute type 2 has an invalid length.
[  669.806544][ T5862] usb 4-1: string descriptor 0 read error: -71
[  669.831601][T13725] vivid-001: disconnect
[  669.865651][ T5862] usb 4-1: Cannot read MAC address
[  669.872233][ T5862] MOSCHIP usb-ethernet driver 4-1:0.112: probe with driver MOSCHIP usb-ethernet driver failed with error -71
[  669.888056][T13724] syz.0.2022: attempt to access beyond end of device
[  669.888056][T13724] nbd0: rw=0, sector=0, nr_sectors = 1 limit=0
[  669.889786][ T5862] usb 4-1: USB disconnect, device number 39
[  669.901105][T13724] hpfs: hpfs_map_sector(): read error
[  670.161287][    T9] gs_usb 6-1:0.0: Configuring for 195 interfaces
[  670.215455][    T9] gs_usb 6-1:0.0: Driver cannot handle more that 3 CAN interfaces
[  670.225647][    T9] gs_usb 6-1:0.0: probe with driver gs_usb failed with error -22
[  670.325175][T13713] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  670.336924][T13713] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  670.370467][T13713] 9pnet: Could not find request transport: xen
[  670.398428][T13712] vivid-001: reconnect
[  670.404877][    T9] usb 6-1: USB disconnect, device number 10
[  671.756671][T13745] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  671.916860][T13745] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  672.225858][T13747] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  672.265625][T13748] ceph: No mds server is up or the cluster is laggy
[  673.641876][T13775] overlayfs: failed to get inode (-116)
[  673.863929][T13775] overlayfs: failed to get inode (-116)
[  673.908471][T13775] overlayfs: failed to get inode (-116)
[  673.927935][T13775] overlayfs: failed to get inode (-116)
[  674.089376][T13779] sctp: [Deprecated]: syz.5.2035 (pid 13779) Use of struct sctp_assoc_value in delayed_ack socket option.
[  674.089376][T13779] Use struct sctp_sack_info instead
[  674.853846][   T13] dummy0: left promiscuous mode
[  674.878580][T13787] block device autoloading is deprecated and will be removed.
[  674.967088][T13789] Process accounting resumed
[  675.265456][T13781] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  675.328302][   T30] audit: type=1400 audit(675.297:1193): avc:  denied  { relabelfrom } for  pid=13801 comm="syz.0.2041" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  675.360518][   T30] audit: type=1400 audit(675.297:1194): avc:  denied  { relabelto } for  pid=13801 comm="syz.0.2041" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  675.392814][ T5874] IPVS: starting estimator thread 0...
[  675.655993][T13809] IPVS: using max 36 ests per chain, 86400 per kthread
[  675.732848][T13804] syzkaller0: entered promiscuous mode
[  675.758906][T13810] syzkaller0: tun_chr_ioctl cmd 1074025677
[  675.782800][T13810] syzkaller0: Linktype set failed because interface is up
[  675.915890][ T5916] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[  676.243864][ T5916] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16
[  676.255783][ T5916] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64
[  676.271826][ T5916] usb 3-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32
[  676.363519][ T5916] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  676.372389][ T5916] usb 3-1: Product: syz
[  676.378134][ T5916] usb 3-1: Manufacturer: syz
[  676.382745][ T5916] usb 3-1: SerialNumber: syz
[  676.397256][ T5916] usb 3-1: config 0 descriptor??
[  676.405381][T13813] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  676.419471][T13813] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  677.007745][T13813] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  677.015239][T13813] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  677.410483][T13835] netlink: 108 bytes leftover after parsing attributes in process `syz.3.2050'.
[  677.792762][ T5916] Error reading MAC address
[  679.347095][T12617] usb 3-1: USB disconnect, device number 30
[  679.677704][T13866] ip6erspan0: entered promiscuous mode
[  681.240271][T13887] serio: Serial port ptm0
[  683.103557][ T5863] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  683.609413][ T5863] usb 3-1: New USB device found, idVendor=1b80, idProduct=e396, bcdDevice=a7.b1
[  683.632942][ T5863] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  683.673901][ T5863] usb 3-1: config 0 descriptor??
[  683.695068][ T5863] usb 3-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  683.718605][ T5863] dvb_usb_af9015 3-1:0.0: probe with driver dvb_usb_af9015 failed with error -22
[  684.632528][   T30] audit: type=1400 audit(684.597:1195): avc:  denied  { write } for  pid=13920 comm="syz.5.2074" name="random" dev="devtmpfs" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1
[  684.879151][T13921] nbd: must specify a size in bytes for the device
[  684.888398][ T5863] usb 3-1: USB disconnect, device number 31
[  684.897590][T13921] option changes via remount are deprecated (pid=13920 comm=syz.5.2074)
[  685.010897][   T30] audit: type=1326 audit(684.977:1196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13934 comm="syz.0.2077" exe="/root/syz-executor" sig=31 arch=c000003e syscall=317 compat=0 ip=0x7f96c7f8e969 code=0x0
[  685.090301][   T30] audit: type=1400 audit(685.007:1197): avc:  denied  { accept } for  pid=13934 comm="syz.0.2077" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  685.328344][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  687.118821][T13958] netlink: 108 bytes leftover after parsing attributes in process `syz.3.2083'.
[  688.924584][   T30] audit: type=1400 audit(688.887:1198): avc:  denied  { setopt } for  pid=13973 comm="syz.0.2087" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  689.023277][   T30] audit: type=1400 audit(688.987:1199): avc:  denied  { ioctl } for  pid=13973 comm="syz.0.2087" path="socket:[48043]" dev="sockfs" ino=48043 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  689.106666][T13981] loop7: detected capacity change from 0 to 16384
[  689.225875][    T9] usb 4-1: new high-speed USB device number 40 using dummy_hcd
[  689.376925][    T9] usb 4-1: New USB device found, idVendor=1b80, idProduct=e396, bcdDevice=a7.b1
[  689.392467][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  689.403642][    T9] usb 4-1: config 0 descriptor??
[  689.416946][    T9] usb 4-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  689.432321][    T9] dvb_usb_af9015 4-1:0.0: probe with driver dvb_usb_af9015 failed with error -22
[  689.576692][T13981] loop7: detected capacity change from 16384 to 0
[  689.718722][    T9] usb 4-1: USB disconnect, device number 40
[  689.938588][T14001] SELinux: security_context_str_to_sid (5ýĆÉ]ÖS9q#“ťë) failed with errno=-22
[  689.953565][T14001] QAT: failed to copy from user.
[  691.559141][   T30] audit: type=1400 audit(691.387:1200): avc:  denied  { listen } for  pid=14007 comm="syz.0.2095" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  691.842904][   T30] audit: type=1400 audit(691.807:1201): avc:  denied  { mounton } for  pid=14015 comm="syz.3.2097" path="/414/file1" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=file permissive=1
[  692.159149][T14026] netlink: 108 bytes leftover after parsing attributes in process `syz.3.2099'.
[  692.330983][   T30] audit: type=1400 audit(692.287:1202): avc:  denied  { view } for  pid=14020 comm="syz.5.2098" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1
[  694.341610][T14052] lo speed is unknown, defaulting to 1000
[  694.872329][T14052] lo speed is unknown, defaulting to 1000
[  694.906844][T14052] lo speed is unknown, defaulting to 1000
[  695.038491][T14052] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  695.059699][T14052] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  695.634544][    T9] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[  695.810959][T14052] lo speed is unknown, defaulting to 1000
[  695.835764][    T9] usb 3-1: Using ep0 maxpacket: 32
[  695.854080][T14052] lo speed is unknown, defaulting to 1000
[  695.863188][T14052] lo speed is unknown, defaulting to 1000
[  695.870404][T14052] lo speed is unknown, defaulting to 1000
[  695.877430][T14052] lo speed is unknown, defaulting to 1000
[  695.944152][    T9] usb 3-1: config 0 has an invalid interface number: 85 but max is 0
[  695.989619][    T9] usb 3-1: config 0 has no interface number 0
[  696.007154][    T9] usb 3-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  696.037317][    T9] usb 3-1: config 0 interface 85 has no altsetting 0
[  696.107016][    T9] usb 3-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  696.169045][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  696.240152][    T9] usb 3-1: Product: syz
[  696.258261][    T9] usb 3-1: Manufacturer: syz
[  696.270587][    T9] usb 3-1: SerialNumber: syz
[  696.289678][    T9] usb 3-1: config 0 descriptor??
[  696.525675][   T30] audit: type=1326 audit(696.467:1203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14076 comm="syz.0.2111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96c7f8e969 code=0x7fc00000
[  696.937842][    T9] appletouch 3-1:0.85: Geyser mode initialized.
[  696.957278][    T9] input: appletouch as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.85/input/input60
[  697.148513][    T9] usb 3-1: USB disconnect, device number 32
[  697.170214][   T30] audit: type=1326 audit(697.137:1204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14076 comm="syz.0.2111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7f96c7f8e969 code=0x7fc00000
[  697.206897][    T9] appletouch 3-1:0.85: input: appletouch disconnected
[  698.350400][T14096] syz_tun: entered allmulticast mode
[  698.390202][T14096] netlink: 'syz.3.2116': attribute type 8 has an invalid length.
[  698.414876][T14095] syz_tun: left allmulticast mode
[  698.697355][    T9] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[  698.785997][T12617] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  699.134804][    T9] usb 3-1: New USB device found, idVendor=1b80, idProduct=e396, bcdDevice=a7.b1
[  699.173051][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  699.218764][    T9] usb 3-1: config 0 descriptor??
[  699.290663][T12617] usb 6-1: Using ep0 maxpacket: 32
[  699.309708][T14107] lo speed is unknown, defaulting to 1000
[  699.345163][    T9] usb 3-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  699.353228][T12617] usb 6-1: config 0 has an invalid interface number: 85 but max is 0
[  699.362524][T12617] usb 6-1: config 0 has no interface number 0
[  699.373391][    T9] dvb_usb_af9015 3-1:0.0: probe with driver dvb_usb_af9015 failed with error -22
[  699.418732][T12617] usb 6-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  699.443636][T12617] usb 6-1: config 0 interface 85 has no altsetting 0
[  699.463231][T12617] usb 6-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  699.474090][T12617] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  699.482411][T12617] usb 6-1: Product: syz
[  699.486807][T12617] usb 6-1: Manufacturer: syz
[  699.491726][T12617] usb 6-1: SerialNumber: syz
[  699.497997][T12617] usb 6-1: config 0 descriptor??
[  699.573228][T14112] lo speed is unknown, defaulting to 1000
[  699.741243][ T5862] usb 3-1: USB disconnect, device number 33
[  700.236488][T12617] appletouch 6-1:0.85: Geyser mode initialized.
[  700.255486][T12617] input: appletouch as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.85/input/input61
[  700.307761][T14130] lo speed is unknown, defaulting to 1000
[  700.513944][T12617] usb 6-1: USB disconnect, device number 11
[  700.532188][T12617] appletouch 6-1:0.85: input: appletouch disconnected
[  700.728824][T14142] overlayfs: failed to get inode (-116)
[  700.734960][T14142] overlayfs: failed to get inode (-116)
[  700.887908][T14147] netlink: 87 bytes leftover after parsing attributes in process `syz.3.2128'.
[  701.225921][T14146] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2129'.
[  702.311561][   T30] audit: type=1400 audit(702.277:1205): avc:  denied  { setopt } for  pid=14165 comm="syz.2.2135" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  702.335956][   T30] audit: type=1400 audit(702.277:1206): avc:  denied  { create } for  pid=14165 comm="syz.2.2135" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmpvc_socket permissive=1
[  702.360404][T14168] sctp: [Deprecated]: syz.1.2137 (pid 14168) Use of struct sctp_assoc_value in delayed_ack socket option.
[  702.360404][T14168] Use struct sctp_sack_info instead
[  702.962165][T14182] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2140'.
[  703.030162][T14186] netlink: 87 bytes leftover after parsing attributes in process `syz.5.2138'.
[  703.376443][T14182] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  703.383916][T14182] batman_adv: batadv0: Removing interface: batadv_slave_0
[  703.392088][T14182] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  703.399562][T14182] batman_adv: batadv0: Removing interface: batadv_slave_1
[  703.410471][T14187] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2140'.
[  703.538829][T14182] bond0: (slave batadv0): Releasing backup interface
[  706.178981][T14214] netlink: 296 bytes leftover after parsing attributes in process `syz.2.2149'.
[  707.274177][T14228] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2154'.
[  707.305631][ T5874] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[  707.357957][   T30] audit: type=1400 audit(707.327:1207): avc:  denied  { bind } for  pid=14227 comm="syz.1.2154" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  707.970541][ T5874] usb 3-1: New USB device found, idVendor=413c, idProduct=81e0, bcdDevice=fe.29
[  707.984772][ T5874] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  708.001343][ T5874] usb 3-1: Product: syz
[  708.009754][ T5874] usb 3-1: Manufacturer: syz
[  708.016102][ T5874] usb 3-1: SerialNumber: syz
[  708.123017][ T5874] usb 3-1: config 0 descriptor??
[  708.608871][   T30] audit: type=1400 audit(708.487:1208): avc:  denied  { read } for  pid=14240 comm="syz.0.2158" laddr=::ffff:127.0.0.1 lport=20003 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  708.705623][ T5874] usb 4-1: new high-speed USB device number 41 using dummy_hcd
[  708.756994][T14258] FAULT_INJECTION: forcing a failure.
[  708.756994][T14258] name failslab, interval 1, probability 0, space 0, times 0
[  708.771570][T14258] CPU: 0 UID: 0 PID: 14258 Comm: syz.1.2161 Not tainted 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) 
[  708.771593][T14258] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  708.771602][T14258] Call Trace:
[  708.771608][T14258]  <TASK>
[  708.771614][T14258]  dump_stack_lvl+0x16c/0x1f0
[  708.771639][T14258]  should_fail_ex+0x512/0x640
[  708.771657][T14258]  ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0
[  708.771682][T14258]  should_failslab+0xc2/0x120
[  708.771698][T14258]  kmem_cache_alloc_lru_noprof+0x72/0x3b0
[  708.771719][T14258]  ? find_held_lock+0x2b/0x80
[  708.771736][T14258]  ? __d_alloc+0x31/0xaa0
[  708.771755][T14258]  __d_alloc+0x31/0xaa0
[  708.771767][T14258]  ? __d_lookup+0x266/0x4a0
[  708.771787][T14258]  d_alloc+0x4a/0x1e0
[  708.771803][T14258]  lookup_one_qstr_excl_raw.part.0+0x96/0x160
[  708.771820][T14258]  ? lookup_dcache+0x66/0x170
[  708.771838][T14258]  lookup_one_qstr_excl+0x3e/0x120
[  708.771856][T14258]  filename_create+0x1e7/0x4a0
[  708.771876][T14258]  ? __pfx_filename_create+0x10/0x10
[  708.771896][T14258]  ? find_held_lock+0x2b/0x80
[  708.771919][T14258]  do_mkdirat+0xaa/0x3e0
[  708.771942][T14258]  ? __pfx_do_mkdirat+0x10/0x10
[  708.771964][T14258]  ? getname_flags.part.0+0x1c5/0x550
[  708.771980][T14258]  ? rcu_is_watching+0x12/0xc0
[  708.772001][T14258]  __x64_sys_mkdirat+0x83/0xb0
[  708.772015][T14258]  do_syscall_64+0xcd/0x260
[  708.772035][T14258]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  708.772049][T14258] RIP: 0033:0x7f7ba5d8e969
[  708.772062][T14258] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  708.772076][T14258] RSP: 002b:00007f7ba6c5d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[  708.772090][T14258] RAX: ffffffffffffffda RBX: 00007f7ba5fb5fa0 RCX: 00007f7ba5d8e969
[  708.772100][T14258] RDX: 0000000000000010 RSI: 0000200000000080 RDI: ffffffffffffff9c
[  708.772108][T14258] RBP: 00007f7ba6c5d090 R08: 0000000000000000 R09: 0000000000000000
[  708.772117][T14258] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  708.772132][T14258] R13: 0000000000000000 R14: 00007f7ba5fb5fa0 R15: 00007fff68f22f18
[  708.772153][T14258]  </TASK>
[  708.814642][   T30] audit: type=1400 audit(708.777:1209): avc:  denied  { unmount } for  pid=5815 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  708.871982][ T5874] usb 4-1: Using ep0 maxpacket: 32
[  708.879417][ T5874] usb 4-1: config 0 interface 0 has no altsetting 0
[  708.886803][ T5874] usb 4-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  708.886830][ T5874] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  708.886849][ T5874] usb 4-1: Product: syz
[  708.886863][ T5874] usb 4-1: Manufacturer: syz
[  708.886883][ T5874] usb 4-1: SerialNumber: syz
[  708.893671][ T5874] usb 4-1: config 0 descriptor??
[  709.109013][T14251] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  709.109327][T14251] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  709.112587][T14251] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  709.112833][T14251] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  709.124350][T14251] 9pnet_fd: Insufficient options for proto=fd
[  709.131106][T14251] vivid-002: disconnect
[  709.414860][ T5874] gs_usb 4-1:0.0: Configuring for 195 interfaces
[  709.421611][ T5874] gs_usb 4-1:0.0: Driver cannot handle more that 3 CAN interfaces
[  709.430076][ T5874] gs_usb 4-1:0.0: probe with driver gs_usb failed with error -22
[  709.924852][T14251] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  709.942106][T14251] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  709.978762][    T9] usb 3-1: USB disconnect, device number 34
[  710.029625][T14251] 9pnet: Could not find request transport: xen
[  710.061564][T14250] vivid-002: reconnect
[  710.071933][   T30] audit: type=1400 audit(710.037:1210): avc:  denied  { write } for  pid=14270 comm="syz.2.2165" name="/" dev="ocfs2_dlmfs" ino=50560 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  710.103721][ T5874] usb 4-1: USB disconnect, device number 41
[  710.381049][   T30] audit: type=1400 audit(710.067:1211): avc:  denied  { add_name } for  pid=14270 comm="syz.2.2165" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  710.403675][   T30] audit: type=1400 audit(710.067:1212): avc:  denied  { create } for  pid=14270 comm="syz.2.2165" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  710.423803][   T30] audit: type=1400 audit(710.067:1213): avc:  denied  { associate } for  pid=14270 comm="syz.2.2165" name="file0" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  710.480331][   T30] audit: type=1400 audit(710.447:1214): avc:  denied  { setattr } for  pid=14274 comm="syz.5.2166" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  711.235890][T12617] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  711.387341][T12617] usb 6-1: New USB device found, idVendor=1b80, idProduct=e396, bcdDevice=a7.b1
[  711.410840][T12617] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  711.438706][T12617] usb 6-1: config 0 descriptor??
[  711.447200][T12617] usb 6-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  711.457030][T12617] dvb_usb_af9015 6-1:0.0: probe with driver dvb_usb_af9015 failed with error -22
[  712.613626][    T9] usb 6-1: USB disconnect, device number 12
[  712.755697][ T5874] usb 4-1: new high-speed USB device number 42 using dummy_hcd
[  712.770682][ T7205] Bluetooth: hci5: Frame reassembly failed (-84)
[  712.799015][T14302] Bluetooth: received HCILL_WAKE_UP_IND in state 2
[  712.819414][ T7205] Bluetooth: hci5: Frame reassembly failed (-84)
[  712.845332][T14311] tipc: Started in network mode
[  712.854757][T14311] tipc: Node identity aaaaaaaaaa3a, cluster identity 4711
[  712.865047][T14311] tipc: Enabled bearer <eth:macvtap0>, priority 10
[  712.926984][ T5874] usb 4-1: config index 0 descriptor too short (expected 45, got 36)
[  712.936133][ T5874] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  712.970258][ T5874] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  712.993841][ T5874] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  713.016121][ T5874] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  713.048399][ T5874] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  713.057762][ T5874] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  713.070149][ T5874] usb 4-1: config 0 descriptor??
[  713.078156][T14300] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  713.435722][T14319] netlink: 87 bytes leftover after parsing attributes in process `syz.5.2178'.
[  713.569549][ T5874] plantronics 0003:047F:FFFF.0009: reserved main item tag 0xd
[  713.805109][ T5874] plantronics 0003:047F:FFFF.0009: No inputs registered, leaving
[  713.818233][T14320] afs: Unknown parameter 'smackfsroot'
[  713.835617][   T30] audit: type=1400 audit(713.797:1215): avc:  denied  { setopt } for  pid=14317 comm="syz.0.2179" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  713.856659][T12617] tipc: Node number set to 9480874
[  713.865728][ T5874] plantronics 0003:047F:FFFF.0009: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  713.950782][T14323] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2179'.
[  714.021624][T14322] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2179'.
[  714.119447][T12617] usb 4-1: USB disconnect, device number 42
[  714.845898][ T5826] Bluetooth: hci5: command 0x1003 tx timeout
[  714.852771][T12491] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  716.153859][T14353] binder: 14352:14353 ioctl c0306201 2000000003c0 returned -14
[  716.379873][T14361] veth0_vlan: left promiscuous mode
[  716.389811][T14361] veth0_vlan: entered promiscuous mode
[  717.183380][T14366] lo speed is unknown, defaulting to 1000
[  717.765612][T14372] syz_tun: entered allmulticast mode
[  717.780650][T14374] team0: No ports can be present during mode change
[  717.795299][T14370] netlink: 'syz.3.2197': attribute type 8 has an invalid length.
[  718.154220][T14369] syz_tun: left allmulticast mode
[  718.255858][T14380] PKCS7: Unknown OID: [4] 0.0
[  718.261124][T14380] PKCS7: Only support pkcs7_signedData type
[  718.296994][T14391] bad cache= option: none˙˙
[  718.296994][T14391] 
[  718.304035][T14391] CIFS: VFS: bad cache= option: none˙˙
[  718.431972][T14393] input: syz1 as /devices/virtual/input/input63
[  719.006319][   T30] audit: type=1400 audit(718.967:1216): avc:  denied  { setopt } for  pid=14401 comm="syz.5.2206" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  719.065635][ T5874] usb 4-1: new high-speed USB device number 43 using dummy_hcd
[  719.161296][T14400] lo speed is unknown, defaulting to 1000
[  719.247932][ T5874] usb 4-1: Using ep0 maxpacket: 8
[  719.291243][ T5874] usb 4-1: New USB device found, idVendor=046d, idProduct=08dd, bcdDevice=ff.f4
[  719.403918][ T5874] usb 4-1: New USB device strings: Mfr=8, Product=2, SerialNumber=3
[  719.452202][ T5874] usb 4-1: Product: syz
[  719.457706][ T5874] usb 4-1: Manufacturer: syz
[  719.462960][ T5874] usb 4-1: SerialNumber: syz
[  719.486690][ T5874] usb 4-1: config 0 descriptor??
[  719.507240][ T5874] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08dd
[  719.732096][ T5874] gspca_zc3xx: reg_w_i err -71
[  719.790176][ T5874] gspca_zc3xx 4-1:0.0: probe with driver gspca_zc3xx failed with error -71
[  719.857710][ T5874] usb 4-1: USB disconnect, device number 43
[  721.339460][T14434] lo speed is unknown, defaulting to 1000
[  721.619740][T14441] syz_tun: entered allmulticast mode
[  721.649200][T14439] team0: No ports can be present during mode change
[  721.659619][T14439] netlink: 'syz.0.2213': attribute type 8 has an invalid length.
[  721.676200][T14437] syz_tun: left allmulticast mode
[  722.914818][T14454] netlink: 87 bytes leftover after parsing attributes in process `syz.2.2216'.
[  723.474141][T14455] netlink: 'syz.0.2217': attribute type 12 has an invalid length.
[  723.521746][T14455] netlink: 'syz.0.2217': attribute type 29 has an invalid length.
[  723.550386][T14460] ALSA: mixer_oss: invalid OSS volume '00000000000000000003'
[  723.565994][T14455] netlink: 148 bytes leftover after parsing attributes in process `syz.0.2217'.
[  723.591496][T14455] netlink: 'syz.0.2217': attribute type 1 has an invalid length.
[  723.629101][T14455] netlink: 'syz.0.2217': attribute type 2 has an invalid length.
[  723.867043][T14455] netlink: 'syz.0.2217': attribute type 3 has an invalid length.
[  723.877902][T14455] netlink: 19 bytes leftover after parsing attributes in process `syz.0.2217'.
[  725.310707][T14487] syz_tun: entered allmulticast mode
[  725.419257][T14488] team0: No ports can be present during mode change
[  725.438108][T14487] netlink: 'syz.1.2225': attribute type 8 has an invalid length.
[  725.453386][T14486] syz_tun: left allmulticast mode
[  725.892376][   T30] audit: type=1400 audit(725.487:1217): avc:  denied  { setopt } for  pid=14482 comm="syz.3.2226" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  725.920725][T14492] lo speed is unknown, defaulting to 1000
[  726.466378][T12617] usb 4-1: new low-speed USB device number 44 using dummy_hcd
[  726.629122][T12617] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  726.760537][T12617] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  726.807127][T12617] usb 4-1: New USB device found, idVendor=1038, idProduct=1410, bcdDevice= 0.00
[  726.848062][T12617] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  726.858992][T12617] usb 4-1: config 0 descriptor??
[  727.744507][T12617] steelseries 0003:1038:1410.000A: unbalanced delimiter at end of report description
[  728.090869][T12617] steelseries 0003:1038:1410.000A: parse failed
[  728.100754][T14504] netdevsim netdevsim3 netdevsim0: entered promiscuous mode
[  728.145958][T12617] steelseries 0003:1038:1410.000A: probe with driver steelseries failed with error -22
[  728.170607][T14504] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  728.246275][ T5863] usb 4-1: USB disconnect, device number 44
[  728.260111][   T30] audit: type=1326 audit(728.227:1218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14523 comm="syz.2.2239" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f3b16d8e969 code=0x0
[  728.505375][T14537] input: syz1 as /devices/virtual/input/input66
[  729.036667][T14543] netlink: 87 bytes leftover after parsing attributes in process `syz.0.2244'.
[  729.374095][T14539] input: syz0 as /devices/virtual/input/input68
[  729.382225][T14539] input: failed to attach handler leds to device input68, error: -6
[  729.419263][T14539] input: syz0 as /devices/virtual/input/input67
[  729.430999][T14539] input: failed to attach handler leds to device input67, error: -6
[  730.985985][    T9] usb 4-1: new high-speed USB device number 45 using dummy_hcd
[  731.234474][T14571] netlink: 87 bytes leftover after parsing attributes in process `syz.1.2252'.
[  731.529639][    T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  731.563963][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[  731.616065][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0
[  731.677461][    T9] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  731.704431][    T9] usb 4-1: New USB device found, idVendor=2040, idProduct=1605, bcdDevice= a.94
[  731.731019][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  731.749295][    T9] usb 4-1: config 0 descriptor??
[  731.950356][T14586] netlink: 108 bytes leftover after parsing attributes in process `syz.2.2257'.
[  732.063981][T14564] binder: 14563:14564 ioctl c018620c 2000000001c0 returned -1
[  732.085624][ T5874] usb 6-1: new full-speed USB device number 13 using dummy_hcd
[  732.237235][ T5874] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[  732.247722][ T5874] usb 6-1: config 0 has no interface number 0
[  732.254034][ T5874] usb 6-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  732.263943][ T5874] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  732.290186][ T5874] usb 6-1: config 0 descriptor??
[  732.313311][ T5874] usb 6-1: selecting invalid altsetting 1
[  732.320378][ T5874] dvb_ttusb_budget: ttusb_init_controller: error
[  732.329218][ T5874] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  732.448385][ T5874] DVB: Unable to find symbol cx22700_attach()
[  732.497208][ T5874] DVB: Unable to find symbol tda10046_attach()
[  732.503488][ T5874] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  732.566696][T14584] batman_adv: batadv0: Adding interface: ip6gretap1
[  732.573531][T14584] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  732.602121][T14584] batman_adv: batadv0: Interface activated: ip6gretap1
[  732.620293][    T9] usb 6-1: USB disconnect, device number 13
[  733.105743][T14598] lo speed is unknown, defaulting to 1000
[  733.321942][T14606] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2261'.
[  733.373799][T14606] netlink: 'syz.2.2261': attribute type 5 has an invalid length.
[  733.484712][T14609] input: syz1 as /devices/virtual/input/input69
[  733.672991][T14606] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2261'.
[  733.807378][T14606] netdevsim netdevsim2 netdevsim0: set [1, 1] type 2 family 0 port 256 - 0
[  733.818473][T14606] netdevsim netdevsim2 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0
[  733.827237][T14606] netdevsim netdevsim2 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0
[  733.838080][T14606] netdevsim netdevsim2 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0
[  733.846871][T14606] geneve2: entered promiscuous mode
[  733.852075][T14606] geneve2: entered allmulticast mode
[  733.915907][ T5862] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[  734.094524][ T5862] usb 6-1: Using ep0 maxpacket: 8
[  734.127392][    T9] usb 4-1: USB disconnect, device number 45
[  734.133052][ T5862] usb 6-1: New USB device found, idVendor=046d, idProduct=08dd, bcdDevice=ff.f4
[  734.183285][ T5862] usb 6-1: New USB device strings: Mfr=8, Product=2, SerialNumber=3
[  734.229644][ T5862] usb 6-1: Product: syz
[  734.233855][ T5862] usb 6-1: Manufacturer: syz
[  734.253807][ T5862] usb 6-1: SerialNumber: syz
[  734.271399][ T5862] usb 6-1: config 0 descriptor??
[  734.332415][   T30] audit: type=1400 audit(734.297:1219): avc:  denied  { map } for  pid=14618 comm="syz.3.2266" path="socket:[52622]" dev="sockfs" ino=52622 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  734.397341][ T5862] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08dd
[  734.452150][   T30] audit: type=1400 audit(734.297:1220): avc:  denied  { accept } for  pid=14618 comm="syz.3.2266" path="socket:[52622]" dev="sockfs" ino=52622 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  734.643616][ T5862] gspca_zc3xx: reg_w_i err -71
[  734.668974][T14622] syz.3.2266: attempt to access beyond end of device
[  734.668974][T14622] nbd3: rw=4096, sector=0, nr_sectors = 1 limit=0
[  734.683866][ T5862] gspca_zc3xx 6-1:0.0: probe with driver gspca_zc3xx failed with error -71
[  734.703858][T14622] XFS (nbd3): SB validate failed with error -5.
[  734.746791][ T5863] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[  734.795742][ T5862] usb 6-1: USB disconnect, device number 14
[  735.027049][ T5863] usb 3-1: New USB device found, idVendor=1b80, idProduct=e396, bcdDevice=a7.b1
[  735.041067][ T5863] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  735.057481][ T5863] usb 3-1: config 0 descriptor??
[  735.065959][ T5863] usb 3-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  735.072984][ T5863] dvb_usb_af9015 3-1:0.0: probe with driver dvb_usb_af9015 failed with error -22
[  735.146167][T14635] netlink: 87 bytes leftover after parsing attributes in process `syz.1.2269'.
[  735.618404][ T5863] usb 3-1: USB disconnect, device number 35
[  736.480883][T14648] netlink: 'syz.1.2273': attribute type 27 has an invalid length.
[  736.571882][T14647] lo speed is unknown, defaulting to 1000
[  737.081673][T14646] netlink: 87 bytes leftover after parsing attributes in process `syz.0.2272'.
[  738.357772][T14659] lo speed is unknown, defaulting to 1000
[  739.674927][T14671] netlink: 87 bytes leftover after parsing attributes in process `syz.0.2278'.
[  739.801037][T14675] PKCS7: Unknown OID: [4] 0.0
[  739.806152][T14675] PKCS7: Only support pkcs7_signedData type
[  740.104101][T14681] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2280'.
[  740.173125][T14685] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2
[  740.305684][ T5862] usb 4-1: new high-speed USB device number 46 using dummy_hcd
[  740.370215][   T30] audit: type=1326 audit(740.227:1221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14683 comm="syz.2.2283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b16d8e969 code=0x7ffc0000
[  740.393349][   T30] audit: type=1326 audit(740.227:1222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14683 comm="syz.2.2283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b16d8e969 code=0x7ffc0000
[  740.416785][   T30] audit: type=1326 audit(740.227:1223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14683 comm="syz.2.2283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f3b16d8e969 code=0x7ffc0000
[  740.471542][   T30] audit: type=1326 audit(740.227:1224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14683 comm="syz.2.2283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b16d8e969 code=0x7ffc0000
[  740.592526][T14688] tmpfs: Bad value for 'mpol'
[  740.606522][   T30] audit: type=1326 audit(740.227:1225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14683 comm="syz.2.2283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b16d8e969 code=0x7ffc0000
[  740.647678][   T30] audit: type=1326 audit(740.227:1226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14683 comm="syz.2.2283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7f3b16d8e969 code=0x7ffc0000
[  740.730213][T14692] netlink: 87 bytes leftover after parsing attributes in process `syz.1.2284'.
[  740.743131][   T30] audit: type=1326 audit(740.227:1227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14683 comm="syz.2.2283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b16d8e969 code=0x7ffc0000
[  740.773788][   T30] audit: type=1326 audit(740.227:1228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14683 comm="syz.2.2283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b16d8e969 code=0x7ffc0000
[  740.813942][   T30] audit: type=1326 audit(740.227:1229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14683 comm="syz.2.2283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7f3b16d8e969 code=0x7ffc0000
[  740.843372][ T5862] usb 4-1: Using ep0 maxpacket: 32
[  740.861365][   T30] audit: type=1326 audit(740.227:1230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14683 comm="syz.2.2283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b16d8e969 code=0x7ffc0000
[  740.885083][ T5862] usb 4-1: config 0 has an invalid interface number: 85 but max is 0
[  740.904633][ T5862] usb 4-1: config 0 has no interface number 0
[  740.911758][ T5862] usb 4-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  740.927564][ T5862] usb 4-1: config 0 interface 85 has no altsetting 0
[  740.936921][ T5862] usb 4-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  740.950903][ T5862] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  740.959452][T14698] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes.
[  740.962497][ T5862] usb 4-1: Product: syz
[  740.971498][ T5862] usb 4-1: Manufacturer: syz
[  740.978597][ T5862] usb 4-1: SerialNumber: syz
[  740.985241][ T5862] usb 4-1: config 0 descriptor??
[  741.628493][ T5862] appletouch 4-1:0.85: Geyser mode initialized.
[  742.073044][ T5862] input: appletouch as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.85/input/input70
[  742.135165][ T5862] usb 4-1: USB disconnect, device number 46
[  742.135213][    C1] appletouch 4-1:0.85: atp_complete: usb_submit_urb failed with result -19
[  742.191839][ T5862] appletouch 4-1:0.85: input: appletouch disconnected
[  742.565781][ T5863] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[  742.751863][ T5863] usb 6-1: Using ep0 maxpacket: 32
[  742.803696][T14728] FAULT_INJECTION: forcing a failure.
[  742.803696][T14728] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  742.821804][ T5863] usb 6-1: config 0 interface 0 has no altsetting 0
[  742.833816][ T5863] usb 6-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  742.844883][ T5863] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  742.887455][T14728] CPU: 0 UID: 0 PID: 14728 Comm: syz.2.2295 Not tainted 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) 
[  742.887482][T14728] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  742.887490][T14728] Call Trace:
[  742.887495][T14728]  <TASK>
[  742.887499][T14728]  dump_stack_lvl+0x16c/0x1f0
[  742.887517][T14728]  should_fail_ex+0x512/0x640
[  742.887533][T14728]  strncpy_from_user+0x3b/0x2e0
[  742.887547][T14728]  getname_flags.part.0+0x8f/0x550
[  742.887563][T14728]  getname_flags+0x93/0xf0
[  742.887578][T14728]  user_path_at+0x24/0x60
[  742.887594][T14728]  __x64_sys_mount+0x1fc/0x310
[  742.887605][T14728]  ? __pfx___x64_sys_mount+0x10/0x10
[  742.887616][T14728]  ? rcu_is_watching+0x12/0xc0
[  742.887634][T14728]  do_syscall_64+0xcd/0x260
[  742.887649][T14728]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  742.887659][T14728] RIP: 0033:0x7f3b16d8e969
[  742.887668][T14728] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  742.887678][T14728] RSP: 002b:00007f3b17ca9038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  742.887689][T14728] RAX: ffffffffffffffda RBX: 00007f3b16fb5fa0 RCX: 00007f3b16d8e969
[  742.887696][T14728] RDX: 0000200000000140 RSI: 00002000000000c0 RDI: 0000000000000000
[  742.887702][T14728] RBP: 00007f3b17ca9090 R08: 0000200000000000 R09: 0000000000000000
[  742.887708][T14728] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001
[  742.887714][T14728] R13: 0000000000000000 R14: 00007f3b16fb5fa0 R15: 00007ffe3abe53b8
[  742.887727][T14728]  </TASK>
[  743.052881][ T5863] usb 6-1: Product: syz
[  743.057161][ T5863] usb 6-1: Manufacturer: syz
[  743.061816][ T5863] usb 6-1: SerialNumber: syz
[  743.082307][ T5863] usb 6-1: config 0 descriptor??
[  743.153795][T14732] lo speed is unknown, defaulting to 1000
[  743.456406][T14719] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  743.465072][T14719] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  743.476906][T14719] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  743.486917][T14719] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  743.509987][T14719] 9pnet_fd: Insufficient options for proto=fd
[  743.537704][T14719] vivid-001: disconnect
[  743.748174][ T5863] gs_usb 6-1:0.0: Configuring for 195 interfaces
[  743.754773][ T5863] gs_usb 6-1:0.0: Driver cannot handle more that 3 CAN interfaces
[  743.857105][ T5863] gs_usb 6-1:0.0: probe with driver gs_usb failed with error -22
[  744.083623][T14719] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  744.109349][T14719] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  744.217021][T14719] 9pnet: Could not find request transport: xen
[  744.255832][T14716] vivid-001: reconnect
[  744.261140][ T5914] usb 6-1: USB disconnect, device number 15
[  744.866984][T14776] veth0_vlan: left promiscuous mode
[  744.877014][T14776] veth0_vlan: entered promiscuous mode
[  745.273721][T14780] x_tables: duplicate underflow at hook 3
[  745.784427][T14786] lo speed is unknown, defaulting to 1000
[  746.115738][ T5914] usb 4-1: new high-speed USB device number 47 using dummy_hcd
[  746.175607][ T5863] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[  746.240789][   T30] kauditd_printk_skb: 13 callbacks suppressed
[  746.240803][   T30] audit: type=1400 audit(746.207:1244): avc:  denied  { accept } for  pid=14795 comm="syz.2.2314" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  746.295272][ T5914] usb 4-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  746.307482][ T5914] usb 4-1: too many endpoints for config 4 interface 0 altsetting 0: 101, using maximum allowed: 30
[  746.318305][ T5914] usb 4-1: config 4 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 101
[  746.335838][ T5914] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  746.345584][ T5914] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  746.346950][ T5863] usb 6-1: New USB device found, idVendor=1b80, idProduct=e396, bcdDevice=a7.b1
[  746.392294][ T5863] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  746.405031][ T5863] usb 6-1: config 0 descriptor??
[  746.416096][ T5863] usb 6-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  746.422900][ T5863] dvb_usb_af9015 6-1:0.0: probe with driver dvb_usb_af9015 failed with error -22
[  746.568805][ T5914] ath6kl: Failed to submit usb control message: -71
[  746.575881][ T5914] ath6kl: unable to send the bmi data to the device: -71
[  746.583031][ T5914] ath6kl: Unable to send get target info: -71
[  746.591265][ T5914] ath6kl: Failed to init ath6kl core: -71
[  746.599355][ T5914] ath6kl_usb 4-1:4.0: probe with driver ath6kl_usb failed with error -71
[  746.611317][ T5914] usb 4-1: USB disconnect, device number 47
[  746.645957][    T9] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[  746.699824][ T5916] usb 6-1: USB disconnect, device number 16
[  746.773935][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  746.977174][    T9] usb 3-1: New USB device found, idVendor=1b80, idProduct=e396, bcdDevice=a7.b1
[  746.986525][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  746.995901][    T9] usb 3-1: config 0 descriptor??
[  747.004491][    T9] usb 3-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  747.012105][    T9] dvb_usb_af9015 3-1:0.0: probe with driver dvb_usb_af9015 failed with error -22
[  747.540179][    T9] usb 3-1: USB disconnect, device number 36
[  747.715675][ T5862] usb 4-1: new full-speed USB device number 48 using dummy_hcd
[  747.987336][ T5862] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  748.010660][ T5862] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  748.080568][T14825] netlink: 87 bytes leftover after parsing attributes in process `syz.1.2322'.
[  748.200996][ T5862] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  748.360720][ T5862] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  748.412296][ T5862] usb 4-1: config 0 descriptor??
[  748.445639][ T5862] hub 4-1:0.0: USB hub found
[  748.977706][ T5862] hub 4-1:0.0: 25 ports detected
[  748.995369][ T5862] hub 4-1:0.0: insufficient power available to use all downstream ports
[  749.298016][T14831] syz_tun: entered allmulticast mode
[  749.317996][T14831] team0: No ports can be present during mode change
[  749.326819][T14830] syz_tun: left allmulticast mode
[  749.405437][ T5862] usb 4-1: USB disconnect, device number 48
[  749.438685][T14833] FAULT_INJECTION: forcing a failure.
[  749.438685][T14833] name failslab, interval 1, probability 0, space 0, times 0
[  749.465531][T14833] CPU: 0 UID: 0 PID: 14833 Comm: syz.1.2326 Not tainted 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) 
[  749.465559][T14833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  749.465569][T14833] Call Trace:
[  749.465575][T14833]  <TASK>
[  749.465582][T14833]  dump_stack_lvl+0x16c/0x1f0
[  749.465610][T14833]  should_fail_ex+0x512/0x640
[  749.465630][T14833]  ? fs_reclaim_acquire+0xae/0x150
[  749.465654][T14833]  ? tomoyo_encode2+0x100/0x3e0
[  749.465677][T14833]  should_failslab+0xc2/0x120
[  749.465695][T14833]  __kmalloc_noprof+0xd2/0x510
[  749.465719][T14833]  ? d_absolute_path+0x136/0x1a0
[  749.465743][T14833]  tomoyo_encode2+0x100/0x3e0
[  749.465769][T14833]  tomoyo_encode+0x29/0x50
[  749.465790][T14833]  tomoyo_realpath_from_path+0x18f/0x6e0
[  749.465819][T14833]  tomoyo_path_number_perm+0x245/0x580
[  749.465838][T14833]  ? tomoyo_path_number_perm+0x237/0x580
[  749.465860][T14833]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  749.465882][T14833]  ? find_held_lock+0x2b/0x80
[  749.465922][T14833]  ? find_held_lock+0x2b/0x80
[  749.465938][T14833]  ? hook_file_ioctl_common+0x145/0x410
[  749.465958][T14833]  ? __fget_files+0x20e/0x3c0
[  749.465985][T14833]  security_file_ioctl+0x9b/0x240
[  749.466008][T14833]  __x64_sys_ioctl+0xb7/0x200
[  749.466030][T14833]  do_syscall_64+0xcd/0x260
[  749.466053][T14833]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  749.466070][T14833] RIP: 0033:0x7f7ba5d8e969
[  749.466084][T14833] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  749.466099][T14833] RSP: 002b:00007f7ba6c5d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  749.466115][T14833] RAX: ffffffffffffffda RBX: 00007f7ba5fb5fa0 RCX: 00007f7ba5d8e969
[  749.466127][T14833] RDX: 0000200000000000 RSI: 0000000000002287 RDI: 0000000000000003
[  749.466136][T14833] RBP: 00007f7ba6c5d090 R08: 0000000000000000 R09: 0000000000000000
[  749.466146][T14833] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  749.466155][T14833] R13: 0000000000000000 R14: 00007f7ba5fb5fa0 R15: 00007fff68f22f18
[  749.466178][T14833]  </TASK>
[  749.466196][T14833] ERROR: Out of memory at tomoyo_realpath_from_path.
[  750.255568][ T5916] usb 3-1: new high-speed USB device number 37 using dummy_hcd
[  750.375695][    T9] usb 4-1: new high-speed USB device number 49 using dummy_hcd
[  750.428407][ T5916] usb 3-1: New USB device found, idVendor=1b80, idProduct=e396, bcdDevice=a7.b1
[  750.442081][ T5916] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  750.479082][ T5916] usb 3-1: config 0 descriptor??
[  750.490381][ T5916] usb 3-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  750.509878][ T5916] dvb_usb_af9015 3-1:0.0: probe with driver dvb_usb_af9015 failed with error -22
[  750.536898][    T9] usb 4-1: Using ep0 maxpacket: 32
[  750.548604][    T9] usb 4-1: config 0 has an invalid interface number: 85 but max is 0
[  750.559187][    T9] usb 4-1: config 0 has no interface number 0
[  750.565436][    T9] usb 4-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  750.579354][    T9] usb 4-1: config 0 interface 85 has no altsetting 0
[  750.600201][    T9] usb 4-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  750.613285][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  750.622102][T14857] netlink: 87 bytes leftover after parsing attributes in process `syz.1.2335'.
[  750.639519][    T9] usb 4-1: Product: syz
[  750.643865][    T9] usb 4-1: Manufacturer: syz
[  750.648743][    T9] usb 4-1: SerialNumber: syz
[  750.658024][    T9] usb 4-1: config 0 descriptor??
[  750.763418][T14859] syz_tun: entered allmulticast mode
[  750.771984][T14859] team0: No ports can be present during mode change
[  750.781973][ T5862] usb 3-1: USB disconnect, device number 37
[  750.791461][T14859] netlink: 'syz.0.2336': attribute type 8 has an invalid length.
[  750.800435][T14858] syz_tun: left allmulticast mode
[  751.074600][T14863] QAT: failed to copy from user cfg_data.
[  751.761099][    T9] appletouch 4-1:0.85: Geyser mode initialized.
[  751.770077][    T9] input: appletouch as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.85/input/input71
[  751.901097][T14875] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2340'.
[  751.910120][T14875] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2340'.
[  752.206020][ T5916] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[  752.299137][T12617] usb 4-1: USB disconnect, device number 49
[  752.345776][ T5916] usb 6-1: device descriptor read/64, error -71
[  752.542672][T12617] appletouch 4-1:0.85: input: appletouch disconnected
[  752.670900][ T5916] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[  753.913600][ T5916] usb 6-1: device descriptor read/64, error -71
[  753.963552][T14885] lo speed is unknown, defaulting to 1000
[  754.218845][ T5916] usb usb6-port1: attempt power cycle
[  754.837003][T14904] netlink: 87 bytes leftover after parsing attributes in process `syz.0.2349'.
[  754.882076][T14905] nvme_fabrics: unknown parameter or missing value '' in ctrl creation request
[  754.954057][T14905] tracefs: Unknown parameter '0x00000000ffffffff'
[  754.988414][   T30] audit: type=1400 audit(754.897:1245): avc:  denied  { mount } for  pid=14898 comm="syz.1.2348" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1
[  755.174111][   T30] audit: type=1400 audit(754.917:1246): avc:  denied  { remount } for  pid=14898 comm="syz.1.2348" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1
[  755.565591][   T30] audit: type=1400 audit(755.527:1247): avc:  denied  { unmount } for  pid=5815 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1
[  756.620329][T14924] netlink: 87 bytes leftover after parsing attributes in process `syz.0.2353'.
[  757.378984][T14935] bridge_slave_0: default FDB implementation only supports local addresses
[  761.410639][   T30] audit: type=1326 audit(761.377:1248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14953 comm="syz.2.2362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b16d8e969 code=0x7ffc0000
[  761.473953][   T30] audit: type=1326 audit(761.377:1249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14953 comm="syz.2.2362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b16d8e969 code=0x7ffc0000
[  761.643578][   T30] audit: type=1326 audit(761.377:1250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14953 comm="syz.2.2362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f3b16d8e969 code=0x7ffc0000
[  761.693708][   T30] audit: type=1326 audit(761.377:1251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14953 comm="syz.2.2362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b16d8e969 code=0x7ffc0000
[  761.767851][T14961] netlink: 87 bytes leftover after parsing attributes in process `syz.5.2364'.
[  761.826278][   T30] audit: type=1326 audit(761.377:1252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14953 comm="syz.2.2362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b16d8e969 code=0x7ffc0000
[  761.854595][   T30] audit: type=1326 audit(761.417:1253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14953 comm="syz.2.2362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f3b16d8e969 code=0x7ffc0000
[  761.880316][   T30] audit: type=1326 audit(761.417:1254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14953 comm="syz.2.2362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b16d8e969 code=0x7ffc0000
[  761.904300][   T30] audit: type=1326 audit(761.417:1255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14953 comm="syz.2.2362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b16d8e969 code=0x7ffc0000
[  761.935848][   T30] audit: type=1326 audit(761.417:1256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14953 comm="syz.2.2362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f3b16d8e969 code=0x7ffc0000
[  761.963929][   T30] audit: type=1326 audit(761.417:1257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14953 comm="syz.2.2362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b16d8e969 code=0x7ffc0000
[  762.227744][T14971] netlink: 87 bytes leftover after parsing attributes in process `syz.2.2366'.
[  764.778967][T14986] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  765.072612][T14998] PKCS7: Unknown OID: [4] 0.0
[  765.077469][T14998] PKCS7: Only support pkcs7_signedData type
[  765.465666][ T5862] usb 3-1: new high-speed USB device number 38 using dummy_hcd
[  766.015593][ T5862] usb 3-1: Using ep0 maxpacket: 32
[  766.028279][ T5862] usb 3-1: config 0 interface 0 has no altsetting 0
[  766.037186][ T5862] usb 3-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  766.047504][ T5862] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  766.055624][ T5862] usb 3-1: Product: syz
[  766.060603][ T5862] usb 3-1: Manufacturer: syz
[  766.065227][ T5862] usb 3-1: SerialNumber: syz
[  766.072139][ T5862] usb 3-1: config 0 descriptor??
[  766.482615][T15001] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  766.493523][T15001] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  766.507742][T15001] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  766.517493][T15001] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  766.598263][T15020] vivid-000: disconnect
[  766.830676][ T5862] gs_usb 3-1:0.0: Configuring for 195 interfaces
[  766.842480][ T5862] gs_usb 3-1:0.0: Driver cannot handle more that 3 CAN interfaces
[  766.879379][ T5862] gs_usb 3-1:0.0: probe with driver gs_usb failed with error -22
[  767.145739][T15001] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  767.155055][T15001] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  767.346723][T15001] 9pnet: Could not find request transport: xen
[  767.418747][T15000] vivid-000: reconnect
[  767.440205][T12617] usb 3-1: USB disconnect, device number 38
[  768.067943][T15025] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2386'.
[  768.304418][T15041] input: syz1 as /devices/virtual/input/input72
[  768.838373][T12617] usb 4-1: new high-speed USB device number 50 using dummy_hcd
[  768.865027][T15052] netlink: 87 bytes leftover after parsing attributes in process `syz.5.2391'.
[  769.495754][T12617] usb 4-1: Using ep0 maxpacket: 8
[  770.298144][T12617] usb 4-1: New USB device found, idVendor=046d, idProduct=08dd, bcdDevice=ff.f4
[  770.308659][T12617] usb 4-1: New USB device strings: Mfr=8, Product=2, SerialNumber=3
[  770.317698][T12617] usb 4-1: Product: syz
[  770.322735][T12617] usb 4-1: Manufacturer: syz
[  770.327647][T12617] usb 4-1: SerialNumber: syz
[  770.336282][T12617] usb 4-1: config 0 descriptor??
[  770.363222][T12617] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08dd
[  770.475012][T15063] fuse: Unknown parameter '000000000000000000000000x000000000000000700000000000000000003'
[  770.487793][T15065] Set syz1 is full, maxelem 65536 reached
[  770.940153][T12617] gspca_zc3xx: reg_w_i err -110
[  770.946881][T12617] gspca_zc3xx 4-1:0.0: probe with driver gspca_zc3xx failed with error -110
[  771.131117][T12617] usb 4-1: USB disconnect, device number 50
[  771.169426][T15077] SELinux:  policydb magic number 0x2c7cff8c does not match expected magic number 0xf97cff8c
[  771.180019][T15077] SELinux: failed to load policy
[  771.235692][T15078] netlink: 87 bytes leftover after parsing attributes in process `syz.2.2398'.
[  771.736006][   T30] kauditd_printk_skb: 14 callbacks suppressed
[  771.736023][   T30] audit: type=1400 audit(771.687:1272): avc:  denied  { read } for  pid=15076 comm="syz.5.2399" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=socket permissive=1
[  772.377448][T15090] PKCS7: Unknown OID: [4] 0.0
[  772.382296][T15090] PKCS7: Only support pkcs7_signedData type
[  772.700293][T15085] PKCS7: Unknown OID: [4] 0.0
[  772.705000][T15085] PKCS7: Only support pkcs7_signedData type
[  773.092181][   T30] audit: type=1400 audit(773.057:1273): avc:  denied  { nlmsg_write } for  pid=15091 comm="syz.1.2403" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  773.585725][ T5874] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[  774.126828][ T5874] usb 6-1: New USB device found, idVendor=1b80, idProduct=e396, bcdDevice=a7.b1
[  774.245965][T15117] overlayfs: failed to resolve './file0': -2
[  774.338259][T15121] netlink: 87 bytes leftover after parsing attributes in process `syz.1.2409'.
[  774.415544][ T5874] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  774.699542][ T5874] usb 6-1: config 0 descriptor??
[  774.721632][ T5874] usb 6-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  774.729904][ T5874] dvb_usb_af9015 6-1:0.0: probe with driver dvb_usb_af9015 failed with error -22
[  775.347528][T12617] usb 6-1: USB disconnect, device number 20
[  775.724090][T15132] lo speed is unknown, defaulting to 1000
[  776.278592][T15137] lo speed is unknown, defaulting to 1000
[  777.252856][T15148] syz_tun: entered allmulticast mode
[  777.279795][T15148] team0: No ports can be present during mode change
[  777.346874][T15158] netlink: 'syz.3.2419': attribute type 8 has an invalid length.
[  778.126807][   T30] audit: type=1400 audit(778.097:1274): avc:  denied  { create } for  pid=15151 comm="syz.5.2420" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1
[  778.785649][T15177] netlink: 87 bytes leftover after parsing attributes in process `syz.3.2425'.
[  779.203824][T15178] nvme_fabrics: unknown parameter or missing value '' in ctrl creation request
[  779.288365][   T30] audit: type=1400 audit(779.197:1275): avc:  denied  { append } for  pid=15174 comm="syz.1.2426" name="mice" dev="devtmpfs" ino=916 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  779.477860][T15179] random: crng reseeded on system resumption
[  779.738326][T15175] kvm: kvm [15174]: vcpu0, guest rIP: 0xfff0 Unhandled RDMSR(0x4000001b)
[  781.150589][T15212] PKCS7: Unknown OID: [4] 0.0
[  781.155383][T15212] PKCS7: Only support pkcs7_signedData type
[  781.610587][T15220] netlink: 87 bytes leftover after parsing attributes in process `syz.3.2438'.
[  783.055633][ T5874] usb 4-1: new full-speed USB device number 51 using dummy_hcd
[  783.205756][ T5874] usb 4-1: device descriptor read/64, error -71
[  783.277716][T12617] usb 6-1: new full-speed USB device number 21 using dummy_hcd
[  783.425613][   T10] usb 3-1: new high-speed USB device number 39 using dummy_hcd
[  783.447204][T12617] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  783.447329][ T5874] usb 4-1: new full-speed USB device number 52 using dummy_hcd
[  783.457165][T12617] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  783.483034][T12617] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  783.492281][T12617] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  783.595595][   T10] usb 3-1: New USB device found, idVendor=1b80, idProduct=e396, bcdDevice=a7.b1
[  783.604820][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  783.615571][   T10] usb 3-1: config 0 descriptor??
[  783.626577][   T10] usb 3-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  783.633309][   T10] dvb_usb_af9015 3-1:0.0: probe with driver dvb_usb_af9015 failed with error -22
[  783.655566][ T5874] usb 4-1: device descriptor read/64, error -71
[  783.748158][T12617] usb 6-1: usb_control_msg returned -32
[  783.758205][T15249] netlink: 87 bytes leftover after parsing attributes in process `syz.0.2448'.
[  783.764648][T12617] usbtmc 6-1:16.0: can't read capabilities
[  783.767578][ T5874] usb usb4-port1: attempt power cycle
[  784.043849][ T5863] usb 3-1: USB disconnect, device number 39
[  784.126090][ T5874] usb 4-1: new full-speed USB device number 53 using dummy_hcd
[  784.146138][ T5874] usb 4-1: device descriptor read/8, error -71
[  784.385580][ T5874] usb 4-1: new full-speed USB device number 54 using dummy_hcd
[  784.419112][ T5874] usb 4-1: device descriptor read/8, error -71
[  784.538623][ T5874] usb usb4-port1: unable to enumerate USB device
[  784.896028][T15258] input: syz1 as /devices/virtual/input/input73
[  785.056603][T12617] usb 3-1: new high-speed USB device number 40 using dummy_hcd
[  785.226996][T12617] usb 3-1: New USB device found, idVendor=1b80, idProduct=e396, bcdDevice=a7.b1
[  785.236528][T12617] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  785.246221][T12617] usb 3-1: config 0 descriptor??
[  785.253523][T12617] usb 3-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  785.260944][T12617] dvb_usb_af9015 3-1:0.0: probe with driver dvb_usb_af9015 failed with error -22
[  785.499496][T12617] usb 3-1: USB disconnect, device number 40
[  786.421948][T15267] PKCS7: Unknown OID: [4] 0.0
[  786.426962][T15267] PKCS7: Only support pkcs7_signedData type
[  786.695231][ T5874] usb 6-1: USB disconnect, device number 21
[  787.126340][T15276] input: syz1 as /devices/virtual/input/input74
[  787.171461][T15272] lo speed is unknown, defaulting to 1000
[  787.365715][ T5863] usb 3-1: new high-speed USB device number 41 using dummy_hcd
[  787.664490][   T30] audit: type=1400 audit(787.637:1276): avc:  denied  { remount } for  pid=15295 comm="syz.1.2462" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  787.845573][ T5863] usb 3-1: Using ep0 maxpacket: 8
[  787.870329][ T5863] usb 3-1: New USB device found, idVendor=046d, idProduct=08dd, bcdDevice=ff.f4
[  787.936939][ T5863] usb 3-1: New USB device strings: Mfr=8, Product=2, SerialNumber=3
[  788.015874][T12617] usb 6-1: new high-speed USB device number 22 using dummy_hcd
[  788.091733][ T5863] usb 3-1: Product: syz
[  788.096325][ T5863] usb 3-1: Manufacturer: syz
[  788.101201][ T5863] usb 3-1: SerialNumber: syz
[  788.108041][ T5863] usb 3-1: config 0 descriptor??
[  788.134187][ T5863] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08dd
[  788.215384][T12617] usb 6-1: New USB device found, idVendor=1b80, idProduct=e396, bcdDevice=a7.b1
[  788.241481][T15310] netlink: 87 bytes leftover after parsing attributes in process `syz.1.2465'.
[  788.283503][T12617] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  788.642317][ T5863] gspca_zc3xx: reg_w_i err -71
[  788.642840][T12617] usb 6-1: config 0 descriptor??
[  788.657212][ T5863] gspca_zc3xx 3-1:0.0: probe with driver gspca_zc3xx failed with error -71
[  788.668324][ T5863] usb 3-1: USB disconnect, device number 41
[  788.668746][T12617] usb 6-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  788.682057][T12617] dvb_usb_af9015 6-1:0.0: probe with driver dvb_usb_af9015 failed with error -22
[  788.970644][T15315] PKCS7: Unknown OID: [4] 0.0
[  788.975497][T15315] PKCS7: Only support pkcs7_signedData type
[  789.287158][ T5863] usb 6-1: USB disconnect, device number 22
[  789.439009][T15324] veth0_vlan: left promiscuous mode
[  789.449234][T15324] veth0_vlan: entered promiscuous mode
[  894.919563][    C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[  894.926542][    C1] rcu: 	0-...!: (1 GPs behind) idle=b53c/1/0x4000000000000000 softirq=72663/72664 fqs=0
[  894.937164][    C1] rcu: 	(detected by 1, t=10506 jiffies, g=57209, q=268 ncpus=2)
[  894.944880][    C1] Sending NMI from CPU 1 to CPUs 0:
[  894.944905][    C0] NMI backtrace for cpu 0
[  894.944916][    C0] CPU: 0 UID: 0 PID: 5815 Comm: syz-executor Not tainted 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) 
[  894.944934][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  894.944941][    C0] RIP: 0010:__sanitizer_cov_trace_cmp8+0x0/0x20
[  894.944967][    C0] Code: 0c 24 89 f2 89 fe bf 04 00 00 00 e9 ea fe ff ff 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <f3> 0f 1e fa 48 8b 0c 24 48 89 f2 48 89 fe bf 06 00 00 00 e9 b8 fe
[  894.944979][    C0] RSP: 0018:ffffc90000007dd8 EFLAGS: 00000046
[  894.944990][    C0] RAX: dffffc0000000000 RBX: ffff888079118340 RCX: ffffffff81a858b4
[  894.944999][    C0] RDX: 1ffff1100f223068 RSI: ffff888079118340 RDI: 0000000000000001
[  894.945008][    C0] RBP: ffff8880b8427990 R08: 0000000000000001 R09: 0000000000000000
[  894.945015][    C0] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000001
[  894.945023][    C0] R13: 0000000000000000 R14: ffff8880b8427840 R15: 0000000000000000
[  894.945031][    C0] FS:  000055556b106500(0000) GS:ffff8881249e2000(0000) knlGS:0000000000000000
[  894.945045][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  894.945053][    C0] CR2: 00007f3189bb7bac CR3: 000000005e84b000 CR4: 00000000003526f0
[  894.945062][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  894.945070][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  894.945077][    C0] Call Trace:
[  894.945082][    C0]  <IRQ>
[  894.945087][    C0]  timerqueue_del+0x40/0x150
[  894.945109][    C0]  __remove_hrtimer+0x99/0x290
[  894.945123][    C0]  __hrtimer_run_queues+0x4f9/0xad0
[  894.945139][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  894.945156][    C0]  ? read_tsc+0x9/0x20
[  894.945181][    C0]  hrtimer_interrupt+0x397/0x8e0
[  894.945200][    C0]  __sysvec_apic_timer_interrupt+0x108/0x3f0
[  894.945217][    C0]  sysvec_apic_timer_interrupt+0x9f/0xc0
[  894.945232][    C0]  </IRQ>
[  894.945236][    C0]  <TASK>
[  894.945240][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  894.945254][    C0] RIP: 0010:__sanitizer_cov_trace_pc+0x66/0x70
[  894.945267][    C0] Code: 82 18 16 00 00 83 f8 02 75 20 48 8b 8a 20 16 00 00 8b 92 1c 16 00 00 48 8b 01 48 83 c0 01 48 39 d0 73 07 48 89 01 48 89 34 c1 <c3> cc cc cc cc 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 90 90
[  894.945279][    C0] RSP: 0018:ffffc90003e9f670 EFLAGS: 00000293
[  894.945289][    C0] RAX: 0000000000000000 RBX: 000000000006cb29 RCX: ffffffff822c3069
[  894.945297][    C0] RDX: ffff888026398000 RSI: ffffffff822c30cc RDI: 0000000000000007
[  894.945306][    C0] RBP: ffff88813fffa5a0 R08: 0000000000000007 R09: 0000000000000000
[  894.945314][    C0] R10: 0000000000000008 R11: 0000000000000000 R12: 0000000000000008
[  894.945321][    C0] R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000000
[  894.945333][    C0]  ? page_table_check_set+0x199/0xb50
[  894.945346][    C0]  ? page_table_check_set+0x1fc/0xb50
[  894.945359][    C0]  page_table_check_set+0x1fc/0xb50
[  894.945373][    C0]  __page_table_check_ptes_set+0x318/0x420
[  894.945386][    C0]  ? __pfx___page_table_check_ptes_set+0x10/0x10
[  894.945398][    C0]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  894.945416][    C0]  copy_page_range+0x1bd2/0x5fe0
[  894.945443][    C0]  ? __pfx_copy_page_range+0x10/0x10
[  894.945462][    C0]  ? __pfx___might_resched+0x10/0x10
[  894.945478][    C0]  ? __pfx_mas_store+0x10/0x10
[  894.945494][    C0]  ? __vma_enter_locked+0x163/0x3f0
[  894.945508][    C0]  ? copy_process+0x85dd/0x91a0
[  894.945525][    C0]  ? down_write+0x14d/0x200
[  894.945543][    C0]  ? up_write+0x1b2/0x520
[  894.945556][    C0]  copy_process+0x862b/0x91a0
[  894.945579][    C0]  ? __pfx_copy_process+0x10/0x10
[  894.945598][    C0]  ? do_raw_spin_lock+0x12c/0x2b0
[  894.945616][    C0]  kernel_clone+0xfc/0x960
[  894.945632][    C0]  ? __pfx_kernel_clone+0x10/0x10
[  894.945651][    C0]  ? cgroup_rstat_updated+0x2a/0xb20
[  894.945668][    C0]  __do_sys_clone+0xce/0x120
[  894.945683][    C0]  ? __pfx___do_sys_clone+0x10/0x10
[  894.945705][    C0]  ? do_user_addr_fault+0x843/0x1370
[  894.945721][    C0]  do_syscall_64+0xcd/0x260
[  894.945737][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  894.945750][    C0] RIP: 0033:0x7f7ba5d851d3
[  894.945762][    C0] Code: 1f 84 00 00 00 00 00 64 48 8b 04 25 10 00 00 00 45 31 c0 31 d2 31 f6 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 89 c2 85 c0 75 2c 64 48 8b 04 25 10 00 00
[  894.945774][    C0] RSP: 002b:00007fff68f23198 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[  894.945785][    C0] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f7ba5d851d3
[  894.945793][    C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[  894.945801][    C0] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000001
[  894.945809][    C0] R10: 000055556b1067d0 R11: 0000000000000246 R12: 0000000000000000
[  894.945817][    C0] R13: 00000000000927c0 R14: 00000000000c0d2f R15: 00007fff68f23330
[  894.945831][    C0]  </TASK>
[  894.945899][    C1] rcu: rcu_preempt kthread starved for 10506 jiffies! g57209 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
[  895.431922][    C1] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[  895.441882][    C1] rcu: RCU grace-period kthread stack dump:
[  895.447755][    C1] task:rcu_preempt     state:R  running task     stack:27192 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00004000
[  895.461235][    C1] Call Trace:
[  895.464509][    C1]  <TASK>
[  895.467439][    C1]  __schedule+0x116f/0x5de0
[  895.471953][    C1]  ? __lock_acquire+0x5ca/0x1ba0
[  895.476895][    C1]  ? __pfx___schedule+0x10/0x10
[  895.481745][    C1]  ? find_held_lock+0x2b/0x80
[  895.486419][    C1]  ? schedule+0x2d7/0x3a0
[  895.490744][    C1]  schedule+0xe7/0x3a0
[  895.494808][    C1]  schedule_timeout+0x123/0x290
[  895.499650][    C1]  ? __pfx_schedule_timeout+0x10/0x10
[  895.505014][    C1]  ? __pfx_process_timeout+0x10/0x10
[  895.510299][    C1]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  895.516099][    C1]  ? prepare_to_swait_event+0xf5/0x480
[  895.521559][    C1]  rcu_gp_fqs_loop+0x1ea/0xb00
[  895.526324][    C1]  ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[  895.531611][    C1]  ? rcu_gp_init+0xc76/0x15a0
[  895.536292][    C1]  ? rcu_gp_cleanup+0x7c1/0xd90
[  895.541146][    C1]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  895.546947][    C1]  rcu_gp_kthread+0x270/0x380
[  895.551625][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  895.556824][    C1]  ? rcu_is_watching+0x12/0xc0
[  895.561582][    C1]  ? lockdep_hardirqs_on+0x7c/0x110
[  895.566789][    C1]  ? __kthread_parkme+0x19e/0x250
[  895.571814][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  895.577012][    C1]  kthread+0x3c2/0x780
[  895.581073][    C1]  ? __pfx_kthread+0x10/0x10
[  895.585653][    C1]  ? __pfx_kthread+0x10/0x10
[  895.590254][    C1]  ? __pfx_kthread+0x10/0x10
[  895.594856][    C1]  ? __pfx_kthread+0x10/0x10
[  895.599457][    C1]  ? rcu_is_watching+0x12/0xc0
[  895.604224][    C1]  ? __pfx_kthread+0x10/0x10
[  895.608808][    C1]  ret_from_fork+0x45/0x80
[  895.613220][    C1]  ? __pfx_kthread+0x10/0x10
[  895.617803][    C1]  ret_from_fork_asm+0x1a/0x30
[  895.622576][    C1]  </TASK>
[  895.625586][    C1] rcu: Stack dump where RCU GP kthread last ran:
[  895.631900][    C1] CPU: 1 UID: 0 PID: 15326 Comm: syz.5.2472 Not tainted 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) 
[  895.643955][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  895.653998][    C1] RIP: 0010:smp_call_function_many_cond+0x4a5/0x1290
[  895.660667][    C1] Code: 89 ee e8 be 12 0c 00 85 ed 74 48 48 8b 44 24 20 49 89 c4 83 e0 07 49 c1 ec 03 48 89 c5 4d 01 f4 83 c5 03 e8 5d 17 0c 00 f3 90 <41> 0f b6 04 24 40 38 c5 7c 08 84 c0 0f 85 de 0b 00 00 8b 43 08 31
[  895.680270][    C1] RSP: 0018:ffffc90011807ad8 EFLAGS: 00000246
[  895.686331][    C1] RAX: 0000000000080000 RBX: ffff8880b8441720 RCX: ffffc9001c489000
[  895.694295][    C1] RDX: 0000000000080000 RSI: ffffffff81af1b93 RDI: 0000000000000005
[  895.702257][    C1] RBP: 0000000000000003 R08: 0000000000000005 R09: 0000000000000000
[  895.710217][    C1] R10: 0000000000000001 R11: 0000000000000000 R12: ffffed10170882e5
[  895.718177][    C1] R13: 0000000000000001 R14: dffffc0000000000 R15: ffff8880b853b040
[  895.726140][    C1] FS:  00007f318a7fc6c0(0000) GS:ffff888124ae2000(0000) knlGS:0000000000000000
[  895.735157][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  895.741738][    C1] CR2: 0000001b2fa19ff8 CR3: 0000000012a4b000 CR4: 00000000003526f0
[  895.749702][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  895.757665][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  895.765627][    C1] Call Trace:
[  895.768899][    C1]  <TASK>
[  895.771831][    C1]  ? __pfx_do_sync_core+0x10/0x10
[  895.776851][    C1]  on_each_cpu_cond_mask+0x40/0x90
[  895.781958][    C1]  text_poke_bp_batch+0x220/0x760
[  895.786994][    C1]  ? __pfx_text_poke_bp_batch+0x10/0x10
[  895.792536][    C1]  ? __jump_label_patch+0x1db/0x400
[  895.797735][    C1]  ? arch_jump_label_transform_queue+0xc0/0x120
[  895.803979][    C1]  ? find_held_lock+0x2b/0x80
[  895.808657][    C1]  text_poke_finish+0x30/0x40
[  895.813333][    C1]  arch_jump_label_transform_apply+0x1c/0x30
[  895.819309][    C1]  jump_label_update+0x376/0x550
[  895.824248][    C1]  static_key_slow_inc_cpuslocked+0x82/0x120
[  895.830221][    C1]  static_key_slow_inc+0x1a/0x30
[  895.835152][    C1]  io_uring_setup+0x187b/0x2090
[  895.840004][    C1]  ? __pfx_io_uring_setup+0x10/0x10
[  895.845194][    C1]  ? avc_has_perm_noaudit+0x117/0x3b0
[  895.850563][    C1]  ? avc_has_perm_noaudit+0x149/0x3b0
[  895.855940][    C1]  ? rcu_is_watching+0x12/0xc0
[  895.860705][    C1]  __x64_sys_io_uring_setup+0xc2/0x170
[  895.866176][    C1]  do_syscall_64+0xcd/0x260
[  895.870690][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  895.876587][    C1] RIP: 0033:0x7f318998e969
[  895.881011][    C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  895.900629][    C1] RSP: 002b:00007f318a7fbfc8 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[  895.909059][    C1] RAX: ffffffffffffffda RBX: 00007f3189bb5fa0 RCX: 00007f318998e969
[  895.917032][    C1] RDX: 0000200000000080 RSI: 00002000000003c0 RDI: 00000000000010d2
[  895.925000][    C1] RBP: 00002000000003c0 R08: 0000000000000000 R09: 0000200000000080
[  895.932966][    C1] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[  895.940931][    C1] R13: 00002000000000c0 R14: 00000000000010d2 R15: 0000200000000080
[  895.948910][    C1]  </TASK>