last executing test programs:

3m47.662416954s ago: executing program 1 (id=4868):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs2/binder1\x00', 0x800, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x800, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = syz_open_dev$dri(&(0x7f00000004c0), 0xb, 0x810000)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000500)={0x1f3, 0x23a2, 0x1})
r3 = socket(0x10, 0x803, 0x0)
write(r3, &(0x7f0000000240)="aefc00001a0025f00385bc04fef7681d0a0b49ff708800008002280008020200ac0a1410bc71176a36ede498534108e58342fa94a235a2a441f9", 0xfcae)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x4, 0x7ffc0002}]})
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000020000838500000071000000850000002a00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000280)='kmem_cache_free\x00', r4}, 0x18)
syz_open_dev$usbfs(&(0x7f0000000300), 0x2, 0x200000)
brk(0x3)
r5 = syz_open_procfs$userns(0xffffffffffffffff, &(0x7f0000000440))
setns(r5, 0x4000000)
ioctl$sock_inet_udp_SIOCINQ(r3, 0x541b, &(0x7f0000000180))
r6 = dup3(r1, r0, 0x0)
r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x402, 0x0)
ioctl$VHOST_VDPA_GET_AS_NUM(r6, 0x8004af7a, &(0x7f0000000480))
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r7, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r7, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a, 0x4})
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000003c0)={0x4c, 0x0, &(0x7f0000000680)=[@transaction_sg={0x40486311, {0x3, 0x0, 0x0, 0x0, 0x31, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000600)={@flat=@binder={0x73622a85, 0x1001, 0x3}, @flat=@handle={0x73682a85, 0x100a, 0x3}, @flat=@binder={0x73622a85, 0x1, 0x2}}, &(0x7f0000000540)={0x0, 0x18, 0x30}}, 0x40}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000580)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000280)={@flat=@binder={0x73622a85, 0x0, 0x1}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x1, 0x24}, @ptr={0x70742a85, 0x1, 0x0, 0x0, 0x1, 0x8000000002a}}, &(0x7f0000000240)={0x0, 0x18, 0x40}}, 0x1000}], 0x0, 0x0, 0x0})
r8 = getpgid(0xffffffffffffffff)
prlimit64(r8, 0x1, &(0x7f0000000080)={0x3ff, 0x1}, &(0x7f0000000140))

3m47.319954549s ago: executing program 1 (id=4872):
syz_open_dev$radio(&(0x7f0000000000), 0x2, 0x2)
openat$dsp1(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000005c0)={0x6, 0x30, &(0x7f0000000000)=ANY=[@ANYBLOB='7'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x62, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6cd67c8}, 0x94)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
futex(&(0x7f00000002c0)=0x2, 0xb, 0x2, &(0x7f0000000300)={0x77359400}, &(0x7f00000004c0)=0x1, 0x2)
syz_open_dev$vim2m(&(0x7f0000000300), 0x80000007, 0x2)
syz_usb_connect$printer(0x5, 0x2d, &(0x7f0000000200)=ANY=[@ANYBLOB="12011001070102002505a8a440000102ede7a2221b0001010b3003090400cd010000000f090501021000070608"], &(0x7f0000000600)={0xa, &(0x7f00000002c0)={0xa, 0x6, 0x200, 0xc, 0x2, 0x8, 0x10, 0x9}, 0x52, &(0x7f0000000300)={0x5, 0xf, 0x52, 0x5, [@ss_cap={0xa, 0x10, 0x3, 0x2, 0x5, 0xe, 0x4, 0xfad}, @ptm_cap={0x3}, @ptm_cap={0x3}, @ext_cap={0x7, 0x10, 0x2, 0x1a, 0x2, 0x6, 0x6}, @generic={0x36, 0x10, 0x4, "3ba3b593f5e23fa691d6bf449569ed047b18f0bc25289f01310d5349564f27c41ede4b210375dbef16e40c9ac845551a99a1dc"}]}, 0x6, [{0x4, &(0x7f0000000380)=@lang_id={0x4, 0x3, 0x3009}}, {0xea, &(0x7f0000000440)=@string={0xea, 0x3, "cb248e4320fad309d390860e7fec760f5601b9735a0946bb21b155b27a66502ea46d26daa6168481a60cdcbe47c039f40fe4b684e26b1c95147b84fc419f4e9815c097abad515ba0ccb35fe4050c2c5f65efcf6d7ca3b7e8d80cec8996faf9fa9cb66037dbb0f2ad4299c19134552c4f603675ff6c8d17fa7916aab78ceb1ac9a6c6e73dd63cbf79a1c85ccee011b4251178ccd1f1073fec38a8e0bb1306e0da8af6b817c680d9b91cf1771bab136d68f47c0ab0d5d8c15308b8ff45a339c8fb261709a3483e37ef51905ffda22f0d7ad874c5916483666ca58beb20b220f0f59b49356b5471ff4e"}}, {0x4, &(0x7f00000003c0)=@lang_id={0x4, 0x3, 0xc04}}, {0x8, &(0x7f0000000540)=@string={0x8, 0x3, "97d3ea0c028d"}}, {0x4, &(0x7f0000000580)=@lang_id={0x4, 0x3, 0x4001}}, {0x24, &(0x7f00000005c0)=@string={0x24, 0x3, "35ee9abd4abdf6c653011ae0229ddb6bf7c579ce8d526130873404bb23c9bffbd5bb"}}]})

3m43.3701743s ago: executing program 1 (id=4889):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000140)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'sm3\x00'}, 0x58)
r4 = accept4(r3, 0x0, 0x0, 0x0)
recvmmsg$unix(r4, &(0x7f0000003700)=[{{0x0, 0x700, 0x0, 0x0, 0x0, 0x500}}], 0x600, 0x0, 0x0)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
setsockopt$packet_int(r0, 0x107, 0x7, 0x0, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r6 = socket$can_bcm(0x1d, 0x2, 0x2)
sendmsg$can_bcm(r6, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="01000000020200000000008000000000", @ANYRES64=0x77359400, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="00001a0001000000000000e0040100004c86b8b1f25c1517"], 0x38}}, 0x40000)
timer_create(0x0, 0x0, &(0x7f0000bbdffc))
timer_create(0x3, 0x0, &(0x7f0000000040))
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="9feb01000b000000000000003c0000003c000000020000000000000002000084ffffffff000000000300000000000000000000000200000000000000000000000000000a03000000000000000000001002"], 0x0, 0x56}, 0x20)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000480)={0x3}, 0x8)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)

3m40.475973741s ago: executing program 1 (id=4894):
r0 = memfd_create(&(0x7f00000005c0)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\xd7Uw\x00\xbc\xfa2\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10`\xee\xa9\x8b\x06%\xb8G\xd1c\xe1$\xff\x97k\xde\xc5\xa96\xddU)\xc98M\xcd\xfb\xcc\x82n=\x7f=\xd9Jx\xaa\x8f~\xb94a\xa9\xb2\x04K\x98\x93=\xabQ\xf7\x05\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xd6m\xf7@]iNP\xf1\x1d\xab\x13\xce\x152s\xb8\x85\x98\x84\xbf\x8c\x80{\x16\t\xd6\x17P3\xe9\xebGKL\xd3\x88\xd2\rLG\x8e\xd6\xa72\xf4\x92\xeb&\xa5\xcc\x14FZN\x98%[p\x989\xf6\xf5\xb6\xedk\xe6\xb0\xa1\x8f\x90\xdb\xd6h)\x0f6\x88\x03P\x8ak\xf9\xc9\x82`\xa7Ku\x99\xab\xd4\xb2\xaa1\x99O\x8b\x99-\xe3', 0x1)
r1 = dup(r0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
r3 = getpgrp(0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r5 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r5, 0x1, 0x0)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000002000)=""/102400, 0x19000)
bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e21, @local}, 0x10)
connect$inet(r2, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
sendto$inet(r2, &(0x7f0000000900)="2e552f5d9fd8b0d9627c4980f0d1ea2bf8f617a682acd2841acd878bd68344d4f50f83b0c51fa9135a01c95d4a068ec8b12d01010000a44c4505ba9a36f2cf4cc5e8308126d0a2c3b9d24e57c5011376b6263e2a1258eec1eb72bedea3eb5ccf73eb081b4c6d5faa998d7b795c057dd757d14200a8a6dbb3e59df96b77d16753ac4b32b94ffe6b5ee304d0428eb18056657c8c5c71c632be66cb26fe5c9abec7591ef3cb9b2a1133e9fa9bf0de6c378bed7b51cb8a07c343aabfda193349b91a5dc81a658cb61fbbfa51ef95abe03381ee2cb8d41da19ea8b96ec68ce17cf57da60f1d04acaf34a643db8d2d5ad2991f306b42744347a0c9e1fe2136b2b3da49032d3a57df1e236222cf6d6fe396aff8e5fe7fff5baa88789b783c12045e2c904a5d118369fdddc3e6e2f24bdbb26df92ac9bf4751c897a87c0223888e36ad14ba6e4d879ff464cac6f13a3a543e067d922e99c50f2fc6391e9c1c82b7195005eafdbb3374200c134cbd0f11739e8c19dd07140686242fea48caf3a1a93b86f35d77f258a2c9ce24cf321068551a584262d7a74a344e428c77c8af755e72904b0ca8a0bb359fb0", 0xffffff5d, 0x12, 0x0, 0x0)
recvfrom$inet(r2, &(0x7f0000000080), 0xffffffffffffffa9, 0xc9100120, 0x0, 0x1500)
r7 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r7, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x7}, 0x4)
r8 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r8, 0x107, 0x12, &(0x7f0000000000), 0x8)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_MPATH(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, r10, 0x301, 0x70bd2c, 0x5, {{}, {@val={0x8}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x8080}, 0x20040004)
r11 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
mkdirat(r11, &(0x7f00000000c0)='./file0\x00', 0x0)
write$binfmt_elf64(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="7f454c4606ff78a002efff000000000002003e00cd000002cb030000000000004000000000000000ea02000000000000000001000500380006"], 0x78)
execveat(r11, &(0x7f0000000100)='./file0/file0\x00', 0x0, 0x0, 0x1000)

3m38.823789285s ago: executing program 1 (id=4897):
bpf$MAP_CREATE(0x0, 0x0, 0x50)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = dup(r0)
read$msr(r1, &(0x7f0000000300)=""/4096, 0x1000)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r2)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x110e22fff6)
ioctl$TUNGETVNETLE(r2, 0x40047452, &(0x7f0000001200))
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x220)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x40000, 0x120)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='proc\x00', 0x0, 0x0)
r4 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x888000, 0x0)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r4, 0xc018937c, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r3, {0x1}}, './file0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x3, 0x0, 0x111}}, 0x20)
memfd_create(&(0x7f0000000300)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xac\x06\x9c&\xf5\xe3j\xfa\tcqM\xb8R\x86\xd9\xd2.\x9f\x12\xed\x10\f\xbd\x1a|\x8a\xbb\xda\xcfY\x98gU@\xf2M\xc0\xb5\xdf\x9a\x8d\xdb,n\xae\x0eT\x80\x8c\xfd\xd7\xb0\x94\x82t\x96\rKx\xc5\x9b\x8c\x87\x96\x8bc\xbc\xee\xcc\x9f\xe3F\x99V4\x8e;M\xa9\x823\xe3\xb3mG\x8f\xdb\xed\x1b\x05\xec\xfc\xd1\xb5\xfd\xec@\xdeU\xdd\xa4\xc1\xe4L)\x8e\xe5\x91\x8e\xd4\x89\xef\x95T\x05G\xac\xb8\xc1: )mh\xc7\xf1?\xbb\x13;\xad\x95\xd70\xb6\x0e\x7f\x84r\x0e\xbf\xc5\xf6\xd4\xdd\t\x14\x18\xf7\xefi\x93\x03\xd2\xf2\bK\"\xd2\xb5\xaa\xb8\xc8\xe0\xac\x99\xe8su\xcd\xc3E\x12\xd7\xdd\x96!\x16Tu\xe3\xf0\x84#R\xd9\xe3~Wj\xb0r\x87\'\xea\a\xcfOeK\x9daW\xf4\x87@\x9c\xf3\xf1K\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x91\xe6\xdb\xc2\xa5h\'\xdfIn\x97\x0263~\xeb\xbe(i\n\xc2k4\x7f\x12\xa9e`SOs\x8c\xb4\xe7FeQ\xc6$\x92j_U\xfa\b\xea\xb0bYkW\xc0\x05\aC{\xcc\x03T\x17\xa5Sk\x87P\xc2\x97D\xb2\xfa\x1b\x9fe\xf4\x10\x1a\xad\x92\xce\x88\x1b\xbc\xe14\x19\xaa\xd3\r\xf4\xa2\xc3\x9e=\xa0 \xe6j\xe5\x85\xf8\x97\x03\x15\xaa\x920\xdcrI\xd8\b\xfb\xc7\xe7xX\x00>d\xbb\xa71\xad\x9a\xfb\xe6\x13\x87\x93\\\xe5W-\xfc\xfd\xb8O\xb9j\xb8\xf2\x9dx\xb2\x86\xad\x92', 0x3)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r5, &(0x7f0000000840), 0x0)
syz_init_net_socket$ax25(0x3, 0x5, 0x0)
r6 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r6}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)

3m34.967150761s ago: executing program 1 (id=4911):
r0 = epoll_create1(0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000280)={0x64, 0x2, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x1}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0x24, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x0}, @IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}}}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x64}, 0x1, 0x0, 0x0, 0x40801}, 0x0)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/wakeup_count', 0x0, 0x34)
r3 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000000), 0x101800, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r5, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\b'], 0x28}}, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f0000000080)=0xfe6)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000200)={0x6000000c})
syz_emit_ethernet(0x6a, &(0x7f0000000080)=ANY=[@ANYBLOB="ffffffffffffffffffffffff08004500005c0065000000019078ac1e0001ac14142f053490781200183f200000000000fffd0d0200000a0101000000000083178fac14142cffffffff640101000000000000000000860600000002440c53737f0000017fffffff000000"], 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r7 = dup(r6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r7, 0x2000)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x16)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x17)
syz_usb_connect(0x2, 0x2d, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000056544820e105080411250102030109021b00010000000009040000012ec25d000905d8"], 0x0)
write(0xffffffffffffffff, &(0x7f0000000340), 0x11000)
io_setup(0x3fc, &(0x7f0000000500)=<r8=>0x0)
io_submit(r8, 0x1, &(0x7f0000000040)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff, 0x0}])
vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
socket(0x40000000015, 0x5, 0x0)
timer_create(0x2, &(0x7f0000533fa0)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
timer_create(0x2, &(0x7f0000000800)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000000))

3m19.510852858s ago: executing program 32 (id=4911):
r0 = epoll_create1(0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000280)={0x64, 0x2, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x1}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0x24, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x0}, @IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}}}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x64}, 0x1, 0x0, 0x0, 0x40801}, 0x0)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/wakeup_count', 0x0, 0x34)
r3 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000000), 0x101800, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r5, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\b'], 0x28}}, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f0000000080)=0xfe6)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000200)={0x6000000c})
syz_emit_ethernet(0x6a, &(0x7f0000000080)=ANY=[@ANYBLOB="ffffffffffffffffffffffff08004500005c0065000000019078ac1e0001ac14142f053490781200183f200000000000fffd0d0200000a0101000000000083178fac14142cffffffff640101000000000000000000860600000002440c53737f0000017fffffff000000"], 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r7 = dup(r6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r7, 0x2000)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x16)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x17)
syz_usb_connect(0x2, 0x2d, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000056544820e105080411250102030109021b00010000000009040000012ec25d000905d8"], 0x0)
write(0xffffffffffffffff, &(0x7f0000000340), 0x11000)
io_setup(0x3fc, &(0x7f0000000500)=<r8=>0x0)
io_submit(r8, 0x1, &(0x7f0000000040)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff, 0x0}])
vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
socket(0x40000000015, 0x5, 0x0)
timer_create(0x2, &(0x7f0000533fa0)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
timer_create(0x2, &(0x7f0000000800)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000000))

18.364093398s ago: executing program 4 (id=5472):
socket$inet_udplite(0x2, 0x2, 0x88)
openat$sequencer2(0xffffff9c, 0x0, 0x80200, 0x0)
socket$netlink(0x10, 0x3, 0xa)
timer_create(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff})
syz_create_resource$binfmt(0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$kcm_KCM_RECV_DISABLE(0xffffffffffffffff, 0x119, 0x1, &(0x7f0000000000)=0x1000002, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r2 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_ERR_FILTER(r2, 0x65, 0x7, &(0x7f00000001c0)=0x8, 0x4)
setsockopt$CAN_RAW_FD_FRAMES(r2, 0x65, 0x5, &(0x7f0000000040), 0x4)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = socket$inet(0x2, 0x1, 0x0)
setsockopt$inet_mreqn(r3, 0x0, 0x27, &(0x7f00000000c0)={@multicast1, @local}, 0xc)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$SNDCTL_SEQ_GETTIME(0xffffffffffffffff, 0x80045113, &(0x7f0000000040))

18.001848448s ago: executing program 4 (id=5473):
bind$bt_hci(0xffffffffffffffff, &(0x7f00000006c0)={0x1f, 0x6}, 0x5)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
futex(&(0x7f00000002c0)=0x2, 0xb, 0x2, &(0x7f0000000300)={0x77359400}, &(0x7f00000004c0)=0x1, 0x2)
syz_open_dev$vim2m(0x0, 0x80000007, 0x2)
syz_usb_connect$printer(0x5, 0x2d, &(0x7f0000000200)=ANY=[@ANYBLOB="12011001070102002505a8a440000102ede7a2221b0001010b3003090400cd010000000f090501021000070608"], &(0x7f0000000600)={0xa, &(0x7f00000002c0)={0xa, 0x6, 0x200, 0xc, 0x2, 0x8, 0x10, 0x9}, 0x52, &(0x7f0000000300)={0x5, 0xf, 0x52, 0x5, [@ss_cap={0xa, 0x10, 0x3, 0x2, 0x5, 0xe, 0x4, 0xfad}, @ptm_cap={0x3}, @ptm_cap={0x3}, @ext_cap={0x7, 0x10, 0x2, 0x1a, 0x2, 0x6, 0x6}, @generic={0x36, 0x10, 0x4, "3ba3b593f5e23fa691d6bf449569ed047b18f0bc25289f01310d5349564f27c41ede4b210375dbef16e40c9ac845551a99a1dc"}]}, 0x6, [{0x4, &(0x7f0000000380)=@lang_id={0x4, 0x3, 0x3009}}, {0xea, &(0x7f0000000440)=@string={0xea, 0x3, "cb248e4320fad309d390860e7fec760f5601b9735a0946bb21b155b27a66502ea46d26daa6168481a60cdcbe47c039f40fe4b684e26b1c95147b84fc419f4e9815c097abad515ba0ccb35fe4050c2c5f65efcf6d7ca3b7e8d80cec8996faf9fa9cb66037dbb0f2ad4299c19134552c4f603675ff6c8d17fa7916aab78ceb1ac9a6c6e73dd63cbf79a1c85ccee011b4251178ccd1f1073fec38a8e0bb1306e0da8af6b817c680d9b91cf1771bab136d68f47c0ab0d5d8c15308b8ff45a339c8fb261709a3483e37ef51905ffda22f0d7ad874c5916483666ca58beb20b220f0f59b49356b5471ff4e"}}, {0x4, &(0x7f00000003c0)=@lang_id={0x4, 0x3, 0xc04}}, {0x8, &(0x7f0000000540)=@string={0x8, 0x3, "97d3ea0c028d"}}, {0x4, &(0x7f0000000580)=@lang_id={0x4, 0x3, 0x4001}}, {0x24, &(0x7f00000005c0)=@string={0x24, 0x3, "35ee9abd4abdf6c653011ae0229ddb6bf7c579ce8d526130873404bb23c9bffbd5bb"}}]})

14.911745335s ago: executing program 4 (id=5485):
r0 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x4001, 0x0)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000300), 0xffffffffffffffff)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000000180)={'wpan1\x00', <r3=>0x0})
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_NEW_SEC_LEVEL(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002bbd7000ffdbdf252020f60008000300", @ANYRES32=r3, @ANYBLOB="1c002d800500040000000000050001000d00000008000200ff"], 0x38}, 0x1, 0x0, 0x0, 0x4004}, 0x20044010)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, 0x0, 0x1, 0x70bd29, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x9, 0x6}}}}, [@NL80211_ATTR_MESH_ID={0xa}]}, 0x2c}}, 0x20000000)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0xf88e470f, 0xed}]})
r5 = openat$kvm(0xffffff9c, &(0x7f0000000300), 0x80800, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r7, 0x4090ae82, &(0x7f00000001c0)={[0xfffffffffffffffb, 0x6, 0x0, 0x4, 0x10003, 0x0, 0x400200cc4, 0x5, 0x7d, 0x0, 0x0, 0x52, 0x5, 0x1, 0xb9, 0x8d], 0xeeee8000, 0x2011c0})
ioctl$KVM_RUN(r7, 0xae80, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
r8 = socket$pppl2tp(0x18, 0x1, 0x1)
r9 = socket(0x10, 0x803, 0x4)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r9)
getsockname$packet(r9, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14)
connect$pppl2tp(r9, &(0x7f0000000000)=@pppol2tpv3in6={0x18, 0x1, {0x0, r8, 0x4, 0x0, 0x1, 0x3, {0xa, 0x4e20, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x9}}}, 0x3a)
r10 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x20)
read$FUSE(r10, &(0x7f0000006300)={0x2020}, 0x402)
ioctl$DRM_IOCTL_RES_CTX(r0, 0xc0106426, &(0x7f0000000280)={0x1, &(0x7f0000000180)=[{<r11=>0x0}]})
r12 = gettid()
rt_sigtimedwait(&(0x7f0000000040)={[0xffffffff]}, 0x0, 0x0, 0x8)
tkill(r12, 0x8)
ioctl$DRM_IOCTL_LOCK(r10, 0x4008642a, &(0x7f00000002c0)={r11})

11.582399925s ago: executing program 4 (id=5496):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x2}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
r2 = fsopen(&(0x7f0000000140)='debugfs\x00', 0x1)
pipe2(&(0x7f00000001c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x80080)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
r4 = fsmount(r2, 0x0, 0x1)
fchdir(r4)
r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x108)
getdents64(r5, &(0x7f00000000c0)=""/55, 0x37)
getdents64(r5, &(0x7f0000000f80)=""/4096, 0x1000)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
symlink(&(0x7f0000000040)='.\x00', &(0x7f0000000100)='./file0\x00')
openat(0xffffffffffffff9c, 0x0, 0x2c040, 0x0)
mount(0x0, 0x0, &(0x7f0000000000)='nfs4\x00', 0x0, &(0x7f00000001c0)='\x01')
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r6 = socket$xdp(0x2c, 0x3, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
setsockopt$XDP_UMEM_REG(r6, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c)
r7 = getpid()
sched_setscheduler(r7, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
connect$unix(r8, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r9, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r8, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(r7, 0x2, &(0x7f0000000000)=0x7)
socket$nl_generic(0x10, 0x3, 0x10)

10.638561114s ago: executing program 5 (id=5500):
r0 = syz_clone(0x80000400, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x4206, r0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
read$FUSE(r1, &(0x7f00000024c0)={0x2020}, 0xfffffec1)
tkill(r0, 0x12)

9.679658246s ago: executing program 5 (id=5503):
r0 = msgget$private(0x0, 0x1c0)
msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)={{0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x96}, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0xffffffffffffffff})
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000001c0))
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x22, 0x22, {[@global=@item_012={0x2, 0x1, 0x9, "2313"}, @global=@item_012={0x2, 0x1, 0x0, "e53f"}, @local=@item_4={0x3, 0x2, 0x0, "53743ff6"}, @local=@item_012={0x2, 0x2, 0x2, "9000"}, @global=@item_4={0x3, 0x1, 0x0, "0900be00"}, @main=@item_4={0x3, 0x0, 0x8}, @global=@item_4={0x3, 0x1, 0x5, "a90da1f6"}, @local=@item_4={0x3, 0x2, 0x0, "00000400"}]}}, 0x0}, 0x0)
r2 = syz_open_dev$evdev(&(0x7f00000000c0), 0x40, 0xa0000)
ioctl$EVIOCGKEYCODE_V2(r2, 0x80284504, &(0x7f0000000200)=""/98)
socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000300)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r7 = socket(0x400000000010, 0x3, 0x0)
iopl(0x40)
r8 = socket$unix(0x1, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x20008000)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x70bd27, 0xffffffff, {0x0, 0x0, 0x0, r9, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x4, 0xffff2153, 0x2, 0xa, 0xd, 0x1c4, 0x7, 0x2, 0x6}}}}]}, 0x58}}, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001300)=@newtfilter={0x24, 0x2c, 0xd27, 0x30bd29, 0x25dfdbff, {0x0, 0x0, 0x0, r9, {0x0, 0x3}, {}, {0x2, 0xc}}}, 0x24}, 0x1, 0x0, 0x0, 0x4040011}, 0xb880d1130b8f2fbd)
syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SET_LINK_PRI(r5, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x16ba82, 0x10)

8.592710469s ago: executing program 3 (id=5505):
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x3, r0, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000d5e9bd40eb030200c0ba050000010902115c01000000000904000001b504b100090581"], 0x0)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_io_uring_setup(0x49a, &(0x7f00000000c0)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340)=<r4=>0x0, &(0x7f0000000040)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f00000004c0)={0x26, 'hash\x00', 0x0, 0x0, 'nhpoly1305-avx2\x00'}, 0x58)
r7 = accept4(r6, 0x0, 0x0, 0x800)
syz_io_uring_submit(r4, r5, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x6000, @fd=r7, 0xffffffffffffffff, &(0x7f0000000240)=""/210, 0xd2, 0x2, 0x1})
io_uring_enter(r3, 0x627, 0x4c1, 0xb, 0x0, 0x0)

8.417228185s ago: executing program 2 (id=5507):
r0 = socket$packet(0x11, 0x2, 0x300)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000, 0x0)
r1 = open(0x0, 0xe6242, 0x4ebfac6bbaf7949)
syz_io_uring_setup(0x7669, 0xfffffffffffffffe, 0x0, 0x0)
fcntl$lock(r1, 0xa, &(0x7f00000019c0)={0x1, 0x0, 0x2000000000000001, 0x2})
r2 = eventfd2(0x0, 0x800)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, 0x0, 0x0, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r6)
waitid(0x0, r6, 0x0, 0x8, 0xfffffffffffffffd)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x42, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
r8 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r8, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000080)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000100)=0x10)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f0000000000)={0x1, [<r9=>0x0]}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp_SCTP_AUTH_DELETE_KEY(r8, 0x84, 0x19, &(0x7f0000000000)={r9, 0x2}, 0x8)
setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000000)={0x0, 0x1}, 0x8)
mount$9p_fd(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x8440, &(0x7f00000003c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r7, @ANYBLOB="2cd582844ebe433249958488d95ccea6cbded2590cb1", @ANYRESHEX=r2, @ANYBLOB=',\x00'])
prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x0)
setsockopt$packet_int(r0, 0x107, 0x12, &(0x7f0000000080)=0x1, 0x4)

7.952007804s ago: executing program 0 (id=5508):
r0 = socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
clock_gettime(0x9, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x7, 0x6, &(0x7f0000000100)=ANY=[@ANYBLOB="c60a0100000000006111b400000000008510000002000000850000000700000095000e000000000095000000000000003764e7be95cd1b051a0f3cd983c673d1cc389e632d686ff6bfc1884d28861b616a4e21cc0c6b735256c1d8389642393b41331d67072eac14cc61e5392e2bfdb6c35de43684005670f403f1fc05a286a2029fb37849d0ec6f224dd3578c7a5f29bfec9c769e5eb33f37"], &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195}, 0x94)
r5 = syz_open_procfs(0x0, &(0x7f0000000100)='net/ip_vs\x00')
preadv(r5, &(0x7f00000001c0)=[{0x0}], 0x1, 0x8f, 0x3b16)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=@newlink={0x3c, 0x10, 0x401, 0xffffffff, 0x0, {0x0, 0x0, 0x0, 0x0, 0x137b}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @gre={{0x8}, {0x10, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x8, 0x7, @multicast1}, @IFLA_GRE_COLLECT_METADATA={0x4}]}}}]}, 0x3c}}, 0x0)
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000880)='./binderfs/binder1\x00', 0x800, 0x0)
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000300)={0x50, 0x0, &(0x7f00000008c0)=[@enter_looper, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x400}], 0x1, 0x0, &(0x7f0000000780)="1f"})
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000004c0)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x2, 0x0, &(0x7f0000000440)="79cf"})
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000001040)=ANY=[@ANYBLOB="140000000301010300000000000000000a00000067b53a37c48b1e547b9e29e116383eacecdeda25b6447c"], 0x14}, 0x1, 0x0, 0x0, 0xc014}, 0x0)
sendmsg$NFT_MSG_GETRULE(0xffffffffffffffff, 0x0, 0x4804)

7.605960971s ago: executing program 3 (id=5509):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000001780)={'wlan1\x00', <r2=>0x0})
r3 = semget$private(0x0, 0x20000000102, 0x0)
semctl$SETALL(r3, 0x0, 0x11, &(0x7f0000000680))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x40001e0, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r7 = socket(0x40000000015, 0x5, 0x0)
r8 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet_sctp(r8, &(0x7f00000032c0)=[{&(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000040)=[{&(0x7f0000000100)='a', 0x1}], 0x1, 0x0, 0x0, 0x44}], 0x1, 0x0)
setsockopt$inet_sctp_SCTP_EVENTS(r8, 0x84, 0xb, &(0x7f0000000180)={0x98, 0x20, 0x8d, 0xd, 0x0, 0x2, 0x0, 0x7, 0x4, 0x0, 0x0, 0x2, 0x4}, 0xe)
sendmmsg$inet_sctp(r8, &(0x7f00000032c0)=[{&(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="300000000000000084000000010000000000000004"], 0x30}], 0x1, 0x0)
recvmmsg(r8, &(0x7f0000011c40)=[{{0x0, 0x0, 0x0}, 0xffffffff}], 0x1, 0x10102, 0x0)
connect$inet(r7, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
bind$inet(r7, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
sendmsg$NL80211_CMD_JOIN_MESH(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYRES16, @ANYRES64, @ANYRESDEC=r7, @ANYRES16=r6, @ANYRES8=r6, @ANYRES8], 0x1a000}}, 0x0)
r9 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r9, 0xffffffffffffffff, 0x0)
sendmsg$NL80211_CMD_FRAME_WAIT_CANCEL(r0, &(0x7f0000001880)={0x0, 0x0, &(0x7f0000001840)={&(0x7f0000000000)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010029bd7000fedbdf254300000008000300", @ANYRES32=r2], 0x28}, 0x1, 0x0, 0x0, 0x20000010}, 0x50)

7.262177462s ago: executing program 2 (id=5510):
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x0, 0x0, r1}, &(0x7f0000000180)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r0, 0x0, 0x0, 0x0, {0x3010}, 0x1})
io_uring_enter(r2, 0x2ded, 0x4000, 0x4, 0x0, 0x0)
r5 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r5, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
setsockopt$SO_RDS_TRANSPORT(r5, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4)
setsockopt$sock_int(r5, 0x1, 0x8, &(0x7f00006dbffc), 0x4)
bind$inet(r5, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
sendmsg$xdp(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000200)="0000000000aa303e97380e90231bdbdaf6a4bd866226b7cdb7c26858c4e4fd703be2f51ed6ddc4a47116ec2db75c7042a22491af0ffea4174a9de3350c0a498396b28c7d1784d04aa38922721cb7816094cb82950fd012efd26d", 0x5a}, {&(0x7f0000000900)="0f198d5aa5caa1c55b84b414797cbdd4e8c576a921a070fc828060506683fd1106a961ac55b5b8ea3342ca7de5559ca2c14e05e42aed8ba14b2c78cb540f71a817d80fbf1945a046ebda494a8048a106a4d49d7f214735ada53397db3b203885ce39ee48d69465935eade21ce36e61826c52c82f038341d9bab5687c740ed3c18897094e7e1391eb84a4052e03c0c7c39ae86d454938f65e284620b99481c33d9f5e5b7a6c0d7548723f55b213c76be37f40c850c38e265758ebd8238257a146d6eced16fd658a784c928fea7a841db1a7fd6520442dae5fc0d3a3d3a5f16fcf6fe4f062ecdad7d0f3c6cd339339533c0ef28ad1e2729907094c3de93c1b1b00ad6df89507000000fb7565d3a8e9eaea020ed173c2179fb03e0944460989240a689c7fe795d310be4e7a6b778a903280dbf426b39c3603c49049980767e31edb997f59785184cbd7b9070400000073c745f71db0906cb51780f908fa61634af8ac85d9f04f3dff0a948e81cd3229a59aaeb00995358155343e3239588a0383e4df109d5ca24276d0d83a27d0e9bf681c1bbea12a6f3c20ad50f63430333bb327eb6ae32fe8809065bce26d2dc2fbb2b48d404637d61fd86852e0e1b6ccc6f75b1107aaa5f60ef45f94e953b3f213c3cb4ca4c716565078c666f84e1a99bb4cb5c7190648132f6ff1f6cb79b93f20752753c938da6241607a742361d995188b23cb4b8269e98e822585695962620673433748e476f7cc3e37db88639c525ff3a502c82c283b00aecfe7734ab369e1ed7c75e27a5a333641817baa3ea37844e20e6266c5095abf9d47ca5f8ad93f1a4d8795daec222ada00d65cf91425fae7939ceaa8d94ec1ab5082e1d251c27b3132119b350e81771f3733be232ffb90c03a818bf458aac3314007c3e35d5e4bed6b897608b01e7e26a54433e5f5c74a2ee3c2fc50067be05a677f122b7dba7010830b879a41b579d44158fb89ea05761d2d369853bea84dfb8081ed7b891dcb3bb3361534fdc5252e4964aed936ad2838e7af14fc65c7c1c6d44c6256f2462ae83cfd6a6b2651da607fe79d345e5080098e9e6e7482cc5c267e00d8d09dcde70b60fe6220fe9530547201664db91cf1885ecc2f106b66cd99131523c99f6102ddd7403791b3a7ac59b256cc4c938fe01740ae4f19b5204ca305b1666b0c2a7e5015d6d530995843adfbac3954306d4cd82257d4d2c3283d45dbae43548fed9879328f114f7c8238ac955391b24614d91be1701ae07c170a9c299fcf3d0ac4cea07e88fbf66b697883af17a06ac3f9954eb2fbd20f101802cd023fc48c5d464c16059cc9dce8558c5322ac7612db0e2725427628c2c41a21f0d2f3962e32f710bf9e216ff1694e8d88c8a81328744b36d9ef9f08c0ea3ccd4f8729e2f00a048162834a95", 0x3f1}, {&(0x7f00000003c0)="128b9306006d4810e5ac5040ad9201847839fc378469d5765b9cc241840896c1498194a7197b45d74a8532b82037b02c9e6045c361eb", 0x36}], 0x3}, 0x0)
sendmsg$nl_route(r5, &(0x7f00000006c0)={0x0, 0xf00, &(0x7f0000000280)={&(0x7f00000005c0)=ANY=[], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x0)

6.999771355s ago: executing program 0 (id=5511):
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r1, &(0x7f0000000040)={0x28, 0x0, 0x2710}, 0x10)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x1ffffcb66, @local}, 0x10)
ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000100)={0x400, 0x33e, 0x280, 0x1e0, 0x0, 0x4db, 0x0, 0x0, {0x4, 0x40}, {0x0, 0x1, 0x1}, {}, {0x3, 0x0, 0x1}, 0x0, 0x100, 0x0, 0x0, 0x0, 0x1, 0x0, 0xfffffc00, 0x0, 0x400, 0x0, 0x0, 0x21, 0x0, 0x2, 0x7})
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmmsg$inet6(r3, &(0x7f0000001d40)=[{{&(0x7f0000000140)={0xa, 0x4e22, 0x80, @remote, 0x1}, 0x1c, &(0x7f0000000200)=[{&(0x7f0000000340)='>', 0x1}], 0x1}}], 0x1, 0x4000054)
sendto$inet6(r3, &(0x7f0000000300)="8b", 0x34000, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @private1}, 0x1c)
shutdown(r3, 0x1)
writev(r3, &(0x7f0000001580)=[{&(0x7f0000000380)='!', 0x1}], 0x1)
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r1, 0xc0c89425, &(0x7f00000004c0)={"5e573ed4a83a89ad731b46ea5abafe1e", <r4=>0x0, 0x0, {0x2, 0x7}, {0x6, 0x5}, 0x5, [0x1, 0x8, 0x7, 0x80000001, 0x3955, 0x5, 0x7fffffff, 0xfffffffffffffff8, 0x6, 0x3, 0x28, 0x6, 0x7ff, 0xc4, 0x1, 0x557]})
ioctl$BTRFS_IOC_GET_DEV_STATS(r0, 0xc4089434, &(0x7f0000000b00)={<r5=>0x0, 0x5, 0x0, [0x7fff, 0x1, 0x6, 0xfffffffffffffff7, 0xffffffffffffffff], [0x6, 0x1ff, 0x8, 0x401, 0x0, 0x6, 0x1, 0xfffffffffffffffc, 0xfffffffffffff800, 0x2, 0x21000, 0x8, 0x9, 0xffff, 0xfe, 0x4, 0x9, 0x10000, 0x0, 0x80, 0x8001, 0x9, 0x1, 0x7, 0x7ff, 0x8, 0x4, 0x7fffffffffffffff, 0x100000000, 0x7, 0xffffffffffffffd8, 0x3, 0x1, 0x64c, 0x1, 0x41f, 0xfffffffffffffff8, 0x3, 0x7, 0x8, 0x3, 0xffffffffffffffff, 0x4, 0x7, 0xfa, 0x2, 0x81, 0x8c, 0x2, 0x6, 0x100000000, 0x2, 0x9, 0x3, 0xbe, 0x800, 0x6, 0x0, 0x9, 0x90, 0xffffffff, 0x5, 0x9, 0xc, 0xffff, 0xfffffffffffffdd0, 0xffffffffffffffff, 0x4, 0x2, 0x3e, 0x7, 0x7, 0x5, 0x8, 0x8, 0x6, 0x6, 0x3, 0x6, 0xf4, 0x6, 0x80000001, 0xfc772f7, 0x5b, 0x2, 0x7ff, 0xd7a, 0xd, 0x6, 0x7, 0x1, 0x5988, 0x8000000000000000, 0x2, 0x5, 0x6, 0x1ff, 0x1, 0xffffffffffffffff, 0x1000000000000, 0x5, 0x0, 0x9, 0x100000000, 0x2, 0x8, 0x7f, 0x7, 0x1, 0x7, 0x3, 0x2, 0x6, 0x8a, 0x0, 0x40, 0x800, 0x0, 0x7, 0x5, 0xd5]})
ioctl$BTRFS_IOC_SNAP_DESTROY_V2(r3, 0x5000943f, &(0x7f0000002d40)={{r2}, r4, 0x4, @inherit={0x78, &(0x7f00000005c0)=ANY=[@ANYBLOB="010000000000000006000000000000000700000000000000ff000400000000000400000000000000b30e000000000000090000000000000005000000000000000500000000000000df0000000000000000000000000000001b410000000000000700000000000000131e0000000000000200000000000000"]}, @devid=r5})
timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r6=>0x0)
ioctl$SNDCTL_DSP_CHANNELS(0xffffffffffffffff, 0xc0045006, 0x0)
ioctl$KVM_HYPERV_EVENTFD(0xffffffffffffffff, 0x4018aebd, &(0x7f0000000440)={0x4, 0xffffffffffffffff, 0x1})
fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0xfd8b, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r6, 0x1, &(0x7f0000000040)={{}, {0x77359400}}, 0x0)
stat(&(0x7f0000000280)='./file0/file0\x00', &(0x7f00000003c0))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0xfffff000)
r7 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r8 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r8, 0xc0285700, &(0x7f0000000180)={0x7, "abacd211119ca94c63377526aeb5ab2c7b9ca5fa07558139ede6dc06270ee042", <r9=>0xffffffffffffffff})
ioctl$SW_SYNC_IOC_CREATE_FENCE(r7, 0xc0285700, &(0x7f0000000100)={0x8, "b546baa5cc590d3033de259c29ebab028deda501009bdeffafde2500", <r10=>0xffffffffffffffff})
ioctl$SYNC_IOC_MERGE(r9, 0xc0303e03, &(0x7f00000001c0)={"0080bced01eb0100000000000000000700000000000000c900", r10, <r11=>0xffffffffffffffff})
ioctl$SYNC_IOC_FILE_INFO(r11, 0xc0383e04, &(0x7f00000000c0)={""/32, 0x0, 0x0, 0x0, 0x0, 0x0})
r12 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000740)=ANY=[@ANYBLOB="180200000000ff0100000000000000008500000020000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000001700000095"], &(0x7f0000000480)='GPL\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r12, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

6.950930449s ago: executing program 4 (id=5512):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000280)='jbd2_handle_stats\x00', r1, 0x0, 0xd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000540)=0x4)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = creat(&(0x7f0000000100)='./file0\x00', 0xfb)
close(r6)
r7 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r7, 0xc0045516, &(0x7f00000000c0)=0x81)
r8 = fanotify_init(0x12, 0x1000)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r6, @ANYBLOB=',wfdno=', @ANYRESHEX=r8])
r9 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x8480)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r9, 0xc1105517, &(0x7f00000006c0)={{0xfffffffe, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x6, 0x2, 0x4, 0x0, 0x0, 0x0, 'syz1\x00', 0x0})
ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60)
syz_open_dev$vim2m(&(0x7f0000000000), 0x33c, 0x2)
getsockopt(r3, 0x5, 0x62be, &(0x7f0000000880)=""/4096, &(0x7f0000000180)=0x1000)
fcntl$setownex(0xffffffffffffffff, 0xf, 0x0)
socket(0xa, 0x1, 0x0)
sendmsg$NFNL_MSG_CTHELPER_NEW(0xffffffffffffffff, 0x0, 0xe5adbad90dd43c47)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x1fffffffffe, 0xfffffffffffffffd, 0x0, 0x2, 0x9, 0x9}, 0x0, &(0x7f00000002c0)={0x8, 0xe726, 0x400000000001, 0x9, 0x7, 0x94, 0x7fffffff, 0x2}, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/icmp\x00')

6.473367855s ago: executing program 3 (id=5513):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
r3 = accept4(r2, 0x0, 0x0, 0x0)
sendmsg$alg(r3, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0)
recvmmsg(r3, &(0x7f0000004600)=[{{0x0, 0x30, &(0x7f0000002100)=[{&(0x7f0000001fc0)=""/217, 0xe088}, {&(0x7f00000020c0)=""/16, 0x10}], 0x2}, 0x3b83}], 0x1, 0x20001000, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/tcp6\x00')
unshare(0x6a040000)
syz_usb_connect(0x3, 0x24, &(0x7f0000000100)={{0x12, 0x1, 0x0, 0xe7, 0xd7, 0x7f, 0x40, 0x12d6, 0x444, 0x293d, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xcc, 0x0, 0x0, 0x8b, 0xa, 0x2e}}]}}]}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x0, 0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r4}})
io_uring_enter(0xffffffffffffffff, 0x3516, 0xc2de, 0x8, 0x0, 0x0)
unshare(0x6a040000)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r6 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
statx(r6, 0x0, 0x1000, 0xf0cb2f4a0c2cfc5d, &(0x7f0000000540))
sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a00)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1, 0x0, 0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWCHAIN={0x48, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_CHAIN_TYPE={0x8, 0x7, 'nat\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x3}, @NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0xce05562}]}]}, @NFT_MSG_DELCHAIN={0x14, 0x5, 0xa, 0x201, 0x0, 0x0, {0x1}}], {0x14}}, 0xa4}}, 0x0)

5.775989307s ago: executing program 2 (id=5514):
openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x20100, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r0, 0x400448e3, &(0x7f00000004c0))
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000101c1b021b00000000000109022400010000400009040000010300400009210000000122050009058103"], 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000040)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r3 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
fallocate(r3, 0x0, 0x0, 0x2000402)
utime(&(0x7f00000000c0)='./file0\x00', 0x0)
lseek(r3, 0x0, 0x3)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)

5.264463185s ago: executing program 4 (id=5515):
r0 = syz_open_dev$video4linux(&(0x7f00000001c0), 0xe3, 0x400)
ioctl$VIDIOC_QUERY_EXT_CTRL(r0, 0xc0205647, &(0x7f00000000c0)={0xf010000, 0x0, "4f2572ce1cedbf10981e10326800000000000000000000000500", 0x0, 0x100000000, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, [0x400, 0xfffffffd]})

5.260766489s ago: executing program 5 (id=5516):
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
fcntl$getownex(r1, 0x10, &(0x7f0000000080)={0x0, <r2=>0x0})
ptrace$ARCH_SHSTK_LOCK(0x1e, r2, 0x2, 0x5003)
setns(r1, 0x24020000)
r3 = syz_clone(0xb21e0000, 0x0, 0x0, 0x0, 0x0, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x3, 0xc, &(0x7f0000000200)=@framed={{0x18, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40002}, [@call={0x85, 0x0, 0x0, 0x4f}, @printk={@p, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x2}}]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r4, 0x0, 0xe, 0x0, &(0x7f0000000100)="b34715ecd04550d3abc89b6f7bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r5 = syz_pidfd_open(r3, 0x0)
setns(r5, 0x24020000)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b7020000000d0000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000006f6400000000000045040400010000001704000001000a00b7040000ff0100006a0a00fe0000000085000000be000000b70000000000000095000000000000009e17f199a68b06d83298a8cdc21ce784909b849d5550ad857d0454d8877a6db61d69f2ffcaa10350e11cb97c8adf1bc9a0c4eeceb9971e43405d621ffbc9ce000000d8ca56b50d0c010d631f6dde53a9a53608c10556e5734eb84049761451ce540c772e2d9f8004e26f7fcc059c062234d5595f6fbaa187b81d1106000000000fd60000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7e43c5cbd80450f859ce8122a79c3e40000b59b0fc46d6cec3c0802882add4e3179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3a32efa04137d4524847d2638da3261c8162bb7c7824be6195a66d2e17e122040e1100000000928612a29fc691e4f1f7bd053abb885f39381f1759410b1059f05684261f332d606834669b49ec99320ca7712d7e79bd5bf5ed818ecc7640917f6a559a47db608fcf9f6c131b84e41c354c66838f72b9e12d36e996f316f0812ca83efb30c7f6c6d57c4a64590401eec22523dd712c680013e87f649a1ede7142ca9d5d8a8c9f9b440fe4331ad5532c74d9a31a5d737537f7a2caa30581253d14dd3e92af7dc836686365ae01bdec561c0402b67801267a8df97d2f85426a5963d4fa3e26cc05972c162f223f000000d999e80de00fcbcc02d0aed7bb8f7ba337d59c14f39dcd4aad4139ef6425a9367f1bd1467fc6b95a4df7669839771ce9d5788029901e5a79d8b9990ace8f74087f25ad50c46088000000008000"/686], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x3a, 0x10, &(0x7f0000000340), 0xd58495bc, 0x0, 0xffffffffffffffff, 0xffffffffffffff5b}, 0x42)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000c80)={r6, 0x2000012, 0xeff, 0x0, &(0x7f0000000c40)="63eced8e46dc3f2ddf33c9e9b9", 0x0, 0x7ffe, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c8)
mount$overlay(0x20, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f00000000c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c})

4.796347957s ago: executing program 0 (id=5518):
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x5, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000040000850000002e000000850000000700000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={0xffffffffffffffff, 0x0, 0x0}, 0x10)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001440)={r0, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r1=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x31, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000380)=@newqdisc={0x24, 0x24, 0xf0b, 0x70bd2e, 0x0, {0x0, 0x0, 0x12, r1, {0xe}, {0xffff, 0x4}, {0x2, 0x10}}}, 0x24}, 0x1, 0x0, 0x0, 0xd6f613755206ddbe}, 0x20040055)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='mountinfo\x00')
socket$inet6_udp(0xa, 0x2, 0x0)
read$FUSE(r2, &(0x7f0000002780)={0x2020}, 0x2020)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000180)={0x1, 0x0, [{0xb09, 0x0, 0x9}]})
r3 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
mount(&(0x7f0000000040)=@nullb, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='ntfs3\x00', 0x1000080, 0x0)
prctl$PR_MCE_KILL(0x4e, 0x1, 0x4000)
prctl$PR_MCE_KILL(0x4e, 0x1, 0x4000)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_MCE_KILL(0x21, 0x0, 0x1)
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000006c0)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000680)={&(0x7f0000000800)=ANY=[@ANYBLOB="8c000000", @ANYRES16=0x0, @ANYBLOB="080028bd7000fcdbdf25070000005c00038014000600ff01000000000000000000000000000108000500ac1414bb080003000100000009e602000100000014000600fe8800000000000000000000000000010600040007000000080003000100000008000300000000000c000380060007004e2100000800050002000000080005001f0c0000f9781b5a686ad4fc99e1040e95e1bcc97e23776cbf6dae99083b094b79814a79255949832e3a1061448fcb1a80774992c4d7107cbc83b3cfa067a316397a038ee8733b6b098b84a24a90af0c8072c0f412239bcd1574076215f0a52f89a7"], 0x8c}, 0x1, 0x0, 0x0, 0x4040000}, 0x8804)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r4)
sendmsg$NL80211_CMD_STOP_P2P_DEVICE(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYRES16=r5], 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x8000)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000340)={0xffffffffffffffff, 0x20, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0}}, 0x10)

4.67960995s ago: executing program 5 (id=5519):
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet_sctp(0x2, 0x1, 0x84)
socket$inet6(0x2d, 0x806, 0x0)
socket(0x29, 0x3, 0x3d)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0x7ff}, 0x0)
ioctl$VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, &(0x7f0000000040)={0x0, 0xfff, 0x2, {0x9, @pix_mp={0xf, 0x5be7, 0x50323234, 0x0, 0xb, [{0x80000004, 0x7}, {0x7ff, 0xffff}, {0x10000003, 0x9}, {0x63d, 0x7fd}, {0x1, 0xb}, {0x3, 0x489aa92e}, {0x5}, {0x40, 0x7}], 0x1, 0xc, 0x2, 0x0, 0x3}}, 0xfffffffd})
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r3 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f0000000140)={0x0, &(0x7f0000000080)=[<r4=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r3, 0xc06864a1, &(0x7f0000000240)={0x0, 0x0, r4, <r5=>0x0})
ioctl$DRM_IOCTL_MODE_SETCRTC(r3, 0xc06864a2, &(0x7f00000000c0)={0x0, 0x1800, r4, r5, 0x3, 0x500, 0xfa, 0x2, {0x400009, 0x9, 0xfffc, 0x8000, 0x3e, 0x400, 0xf5, 0x2, 0x0, 0x1, 0x200, 0xfffffd, 0x6, 0x40000001, "0e19cd00000000caa3431a0300dffb381f5300"}})
bind$inet6(r2, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c)
connect$inet6(r2, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r2, 0x0, 0x0, 0x10)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f00000000c0)='cubic', 0x9)
socket$nl_route(0x10, 0x3, 0x0)
r7 = syz_open_dev$vim2m(&(0x7f0000002c80), 0x3, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r7, 0xc0145608, &(0x7f0000000140)={0x7, 0x1, 0x2})

4.14131909s ago: executing program 0 (id=5520):
r0 = socket$packet(0x11, 0x2, 0x300)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000, 0x0)
r1 = open(0x0, 0xe6242, 0x4ebfac6bbaf7949)
syz_io_uring_setup(0x7669, 0xfffffffffffffffe, 0x0, 0x0)
fcntl$lock(r1, 0xa, &(0x7f00000019c0)={0x1, 0x0, 0x2000000000000001, 0x2})
r2 = eventfd2(0x0, 0x800)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, 0x0, 0x0, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r6)
waitid(0x0, r6, 0x0, 0x8, 0xfffffffffffffffd)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x42, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
r8 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r8, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000080)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000100)=0x10)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f0000000000)={0x1, [<r9=>0x0]}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp_SCTP_AUTH_DELETE_KEY(r8, 0x84, 0x19, &(0x7f0000000000)={r9, 0x2}, 0x8)
setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000000)={0x0, 0x1}, 0x8)
mount$9p_fd(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x8440, &(0x7f00000003c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r7, @ANYBLOB="2cd582844ebe433249958488d95ccea6cbded2590cb1", @ANYRESHEX=r2, @ANYBLOB=',\x00'])
prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x0)
setsockopt$packet_int(r0, 0x107, 0x12, &(0x7f0000000080)=0x1, 0x4)

3.38315864s ago: executing program 3 (id=5521):
r0 = socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
clock_gettime(0x9, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x7, 0x6, &(0x7f0000000100)=ANY=[@ANYBLOB="c60a0100000000006111b400000000008510000002000000850000000700000095000e000000000095000000000000003764e7be95cd1b051a0f3cd983c673d1cc389e632d686ff6bfc1884d28861b616a4e21cc0c6b735256c1d8389642393b41331d67072eac14cc61e5392e2bfdb6c35de43684005670f403f1fc05a286a2029fb37849d0ec6f224dd3578c7a5f29bfec9c769e5eb33f37"], &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195}, 0x94)
r5 = syz_open_procfs(0x0, &(0x7f0000000100)='net/ip_vs\x00')
preadv(r5, &(0x7f00000001c0)=[{0x0}], 0x1, 0x8f, 0x3b16)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=@newlink={0x3c, 0x10, 0x401, 0xffffffff, 0x0, {0x0, 0x0, 0x0, 0x0, 0x137b}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @gre={{0x8}, {0x10, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x8, 0x7, @multicast1}, @IFLA_GRE_COLLECT_METADATA={0x4}]}}}]}, 0x3c}}, 0x0)
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000880)='./binderfs/binder1\x00', 0x800, 0x0)
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000300)={0x50, 0x0, &(0x7f00000008c0)=[@enter_looper, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x400}], 0x1, 0x0, &(0x7f0000000780)="1f"})
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000004c0)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x2, 0x0, &(0x7f0000000440)="79cf"})
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000001040)=ANY=[@ANYBLOB="140000000301010300000000000000000a00000067b53a37c48b1e547b9e29e116383eacecdeda25b6447c"], 0x14}, 0x1, 0x0, 0x0, 0xc014}, 0x0)
sendmsg$NFT_MSG_GETRULE(0xffffffffffffffff, 0x0, 0x4804)

2.698202116s ago: executing program 0 (id=5522):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
mount(0x0, &(0x7f0000000200)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x8, &(0x7f0000000300)='usrquota')
chdir(&(0x7f0000000280)='./file1\x00')
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0)
quotactl_fd$Q_SETQUOTA(r1, 0xffffffff80000800, 0x0, &(0x7f0000000500)={0x0, 0x0, 0x2000240000a95c, 0x40000009, 0x101, 0x80000001, 0x48d1, 0x0, 0x800000df})
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$FUSE_DEV_IOC_BACKING_OPEN(0xffffffffffffffff, 0x4010e501, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000880)=ANY=[@ANYBLOB="14000000150001034083562fa3cd361005"], 0x14}}, 0x0)

2.30683043s ago: executing program 3 (id=5523):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000280)='jbd2_handle_stats\x00', r1, 0x0, 0xd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000540)=0x4)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = creat(&(0x7f0000000100)='./file0\x00', 0xfb)
close(r6)
r7 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r7, 0xc0045516, &(0x7f00000000c0)=0x81)
r8 = fanotify_init(0x12, 0x1000)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r6, @ANYBLOB=',wfdno=', @ANYRESHEX=r8])
r9 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x8480)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r9, 0xc1105517, &(0x7f00000006c0)={{0xfffffffe, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x6, 0x2, 0x4, 0x0, 0x0, 0x0, 'syz1\x00', 0x0})
ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60)
syz_open_dev$vim2m(&(0x7f0000000000), 0x33c, 0x2)
getsockopt(r3, 0x5, 0x62be, &(0x7f0000000880)=""/4096, &(0x7f0000000180)=0x1000)
fcntl$setownex(0xffffffffffffffff, 0xf, 0x0)
socket(0xa, 0x1, 0x0)
sendmsg$NFNL_MSG_CTHELPER_NEW(0xffffffffffffffff, 0x0, 0xe5adbad90dd43c47)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x1fffffffffe, 0xfffffffffffffffd, 0x0, 0x2, 0x9, 0x9}, 0x0, &(0x7f00000002c0)={0x8, 0xe726, 0x400000000001, 0x9, 0x7, 0x94, 0x7fffffff, 0x2}, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/icmp\x00')

2.093980678s ago: executing program 0 (id=5524):
syz_usb_connect(0x5, 0x1bb, &(0x7f0000000880)=ANY=[@ANYBLOB="12010000a677c120229062d60eb3000000010902a90101000000000904"], 0x0)
r0 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_RDWR(r0, 0x707, &(0x7f00000004c0)={&(0x7f0000000480)=[{0x1900, 0x3001, 0x0, 0x0}, {0xf25, 0xc200, 0x0, 0x0}], 0x2})

2.028266062s ago: executing program 2 (id=5525):
ioctl$vim2m_VIDIOC_EXPBUF(0xffffffffffffffff, 0xc0405610, &(0x7f0000000000)={0x2, 0x6, 0x7, 0x80000, <r0=>0xffffffffffffffff})
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
setrlimit(0x6, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
syz_clone(0x2180, 0x0, 0xe4, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(r1, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, 0x0, 0xc2882, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
fadvise64(0xffffffffffffffff, 0x18, 0x0, 0x4)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000d00), 0xffffffffffffffff)
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r3, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000ec0)={0x14, r4, 0x719, 0x70bd2b, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x880)
openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x840, 0x43)
r5 = openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', 0x0, 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r5, @ANYBLOB=',group_', @ANYRESDEC=0x0])
read$FUSE(r5, &(0x7f00000021c0)={0x2020}, 0x2020)
close(r5)
setresuid(0xffffffffffffffff, 0xee00, 0xffffffffffffffff)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
truncate(&(0x7f0000000180)='./file0\x00', 0x8fff5)
r6 = open$dir(&(0x7f0000000100)='./file0\x00', 0x149800, 0x0)
poll(&(0x7f00000000c0)=[{r6, 0x80}], 0x1, 0x101)
close_range(r0, r6, 0x0)
r7 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$inet6_udp_int(r7, 0x11, 0x67, &(0x7f0000000180)=0x7f, 0x4)

1.839645869s ago: executing program 5 (id=5526):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000280)='jbd2_handle_stats\x00', r1, 0x0, 0xd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000540)=0x4)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = creat(&(0x7f0000000100)='./file0\x00', 0xfb)
close(r6)
r7 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r7, 0xc0045516, &(0x7f00000000c0)=0x81)
r8 = fanotify_init(0x12, 0x1000)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r6, @ANYBLOB=',wfdno=', @ANYRESHEX=r8])
r9 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x8480)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r9, 0xc1105517, &(0x7f00000006c0)={{0xfffffffe, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x6, 0x2, 0x4, 0x0, 0x0, 0x0, 'syz1\x00', 0x0})
ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60)
syz_open_dev$vim2m(&(0x7f0000000000), 0x33c, 0x2)
getsockopt(r3, 0x5, 0x62be, &(0x7f0000000880)=""/4096, &(0x7f0000000180)=0x1000)
fcntl$setownex(0xffffffffffffffff, 0xf, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x2, &(0x7f0000000100)=0x6, 0x4)
sendmsg$NFNL_MSG_CTHELPER_NEW(0xffffffffffffffff, 0x0, 0xe5adbad90dd43c47)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x1fffffffffe, 0xfffffffffffffffd, 0x0, 0x2, 0x9, 0x9}, 0x0, &(0x7f00000002c0)={0x8, 0xe726, 0x400000000001, 0x9, 0x7, 0x94, 0x7fffffff, 0x2}, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/icmp\x00')

1.224004022s ago: executing program 3 (id=5527):
ioctl$vim2m_VIDIOC_EXPBUF(0xffffffffffffffff, 0xc0405610, &(0x7f0000000000)={0x2, 0x6, 0x7, 0x80000, <r0=>0xffffffffffffffff})
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
setrlimit(0x6, 0x0)
syz_clone(0x2180, 0x0, 0xe4, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, 0x0, 0xc2882, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
fadvise64(0xffffffffffffffff, 0x18, 0x0, 0x4)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000d00), 0xffffffffffffffff)
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r2, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000ec0)={0x14, r3, 0x719, 0x70bd2b, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x880)
openat(0xffffffffffffff9c, 0x0, 0x840, 0x43)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', 0x0, 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',group_', @ANYRESDEC=0x0])
read$FUSE(r4, &(0x7f00000021c0)={0x2020}, 0x2020)
close(r4)
setresuid(0xffffffffffffffff, 0xee00, 0xffffffffffffffff)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
truncate(&(0x7f0000000180)='./file0\x00', 0x8fff5)
r5 = open$dir(&(0x7f0000000100)='./file0\x00', 0x149800, 0x0)
poll(&(0x7f00000000c0)=[{r5, 0x80}], 0x1, 0x101)
close_range(r0, r5, 0x0)
rseq(&(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x2, 0x2, 0x7, 0xe16}, 0x5}, 0x20, 0x0, 0x0)
r6 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$inet6_udp_int(r6, 0x11, 0x67, &(0x7f0000000180)=0x7f, 0x4)

213.427182ms ago: executing program 5 (id=5528):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x6361, 0x7, 0xffffffff, 0x3}}}}]}, 0x4c}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000440)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x70b926, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, {0x0, 0xd}, {0x6, 0xb}, {0xffff, 0xffe0}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0x14, 0x2, [@TCA_HHF_ADMIT_BYTES={0x8, 0x5, 0x8}, @TCA_HHF_EVICT_TIMEOUT={0x8, 0x6, 0xffffffff}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x240040e0}, 0x4890)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r4)
sendmsg$TIPC_CMD_ENABLE_BEARER(r4, &(0x7f00000002c0)={0x0, 0x1f, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)

115.399624ms ago: executing program 2 (id=5529):
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x3, &(0x7f0000000040)=@framed={{0x66, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0xc0}}, &(0x7f0000000000)='GPL\x00'}, 0x94)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(aes)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="6507060082762422f9a30250a90def79e5ddb933b83b8f8f1a0daad170478560f60eb8dc258ded60aee45b04b15db386", 0x30)
r1 = accept$alg(r0, 0x0, 0x0)
sendmmsg$alg(r1, &(0x7f0000002940)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x20000800}], 0x1, 0x91)
recvmsg(r1, &(0x7f0000001580)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000003f80)=""/4109, 0x100d}], 0x1}, 0x20f2)
syz_emit_ethernet(0x106, &(0x7f00000002c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0xd0, 0x3a, 0xff, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, '\x00', @dev, @dev, [{0x2, 0x15, "2eb7f26ce4f6e2e6782d7affc771df67f2733c5a58bf3d2462689219ab1aa005de27e7cb0ccb6c86ec43f54adda87747d698f07fa8cd6c4cf252f4ff8d87327d2d9811c4866d79592b9f191a0f85fe887ef68afe46c97e4c171d91bdc438e0812acc2ea006aae7162d486fec964ddd8db85c1c702f22033f023ea107e2cbf6ca49c2d855d18eaab59d1e8633f55c7aa08013742d53494653b1837976081e661acdd962a7d6de"}]}}}}}}, 0x0)

0s ago: executing program 2 (id=5530):
syz_usb_connect(0x5, 0x1bb, &(0x7f0000000880)=ANY=[@ANYBLOB="12010000a677c120229062d60eb3000000010902a90101000000000904"], 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0x7, &(0x7f0000000040)=0x46c, 0x4)
r1 = socket(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'ip6gretap0\x00', <r2=>0x0})
sendto$packet(r0, &(0x7f0000000080)="330320000a00140000007e19143baa4b1f0f858c6632f47042195e000000b806", 0x20, 0x40008c1, &(0x7f00000000c0)={0x11, 0x86dd, r2, 0x1, 0x62, 0x6, @remote}, 0x14)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYRESHEX=0x0, @ANYRESDEC=r3, @ANYRESDEC=r3, @ANYBLOB="6c22ec037f827392b89af8c102c32d68c78064e26122d36cae2e285a5ec608f9e1d28d527143058d61463748a79fb36c011353e71725c64b47581d75195f954caba5022b12bae15cc9f87c13878412565de7a45da34ab984f25936f080d0e2c5c970274be87419054f0506a1a97e5fb08130e365", @ANYRESOCT=r3, @ANYBLOB="c4062f8b05f7ba0643d744335ab789d154a79e4da852bf8fdc05a11aa90063c28f3f222e79e0a0b65455830fc2c186fab7f3e696ff359f51ab5ed083f1bb830eab3e88304cd7f0c1e89c064c"], 0x7c}}, 0x20004000)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000080)={<r4=>0xffffffffffffffff})
splice(r4, 0x0, 0xffffffffffffffff, 0x0, 0x33fe0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x40ead000)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x1)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
madvise(&(0x7f0000130000/0xd000)=nil, 0xd000, 0x66)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x19)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone3(&(0x7f00000001c0)={0x2000000, 0x0, 0x0, 0x0, {0x1f}, 0x0, 0x0, 0x0, 0x0}, 0x58)
sendmsg$NFT_BATCH(r3, &(0x7f00000002c0)={0x0, 0x23, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="1400000010000100000000000000e1000000000a98000000060a01030000000000000000020000000900020073797a32000000006c000480680001800b00010074617267657400005800028040000300cd4b6abe42031763d02899c77f963d140d7a9d3ac869f3a860917523679abf4579f9cd6564e64066e37ab6fcbfe585ab6933a6f6514a0eebad4e35370a000100484d41524b00000008000240000000000900010073797a3000000000140000001100010000000000000000000000000a"], 0xc0}, 0x1, 0x0, 0x0, 0x20048000}, 0x0)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000040)=<r5=>0x0)
syz_open_procfs(r5, &(0x7f0000000080)='net/kcm\x00')
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60)
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
memfd_create(&(0x7f0000000000)='-&:{-\xaa]{\x00', 0x2)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
ioctl$KVM_SIGNAL_MSI(r7, 0x4020aea5, &(0x7f0000000000)={0x8000000, 0xffff1000, 0x1, 0x1, 0x999})

kernel console output (not intermixed with test programs):

dm_t pid=24054 comm="syz.0.4791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=235 compat=0 ip=0x7f778098f749 code=0x7ffc0000
[ 1607.495873][   T30] audit: type=1326 audit(1765630539.067:1960): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24054 comm="syz.0.4791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f778098f749 code=0x7ffc0000
[ 1607.576634][   T30] audit: type=1326 audit(1765630539.067:1961): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24054 comm="syz.0.4791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f778098f749 code=0x7ffc0000
[ 1607.854112][T16937] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[ 1608.576498][   T30] audit: type=1326 audit(1765630539.067:1962): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24054 comm="syz.0.4791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f778098f749 code=0x7ffc0000
[ 1608.662359][   T30] audit: type=1326 audit(1765630539.067:1963): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24054 comm="syz.0.4791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f778098f749 code=0x7ffc0000
[ 1608.696062][T16937] usb 5-1: config 0 has an invalid interface number: 204 but max is 0
[ 1608.714114][T16937] usb 5-1: config 0 has no interface number 0
[ 1608.724332][   T30] audit: type=1326 audit(1765630539.067:1964): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24054 comm="syz.0.4791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f778098f749 code=0x7ffc0000
[ 1608.756218][T16937] usb 5-1: New USB device found, idVendor=12d6, idProduct=0444, bcdDevice=29.3d
[ 1608.774051][T16937] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1608.784053][T16937] usb 5-1: Product: syz
[ 1608.788206][T16937] usb 5-1: Manufacturer: syz
[ 1608.803802][T16937] usb 5-1: SerialNumber: syz
[ 1608.842876][T16937] usb 5-1: config 0 descriptor??
[ 1608.855684][T16937] ems_usb 5-1:0.204 (unnamed net_device) (uninitialized): couldn't initialize controller: -22
[ 1608.884493][T16937] ems_usb 5-1:0.204: probe with driver ems_usb failed with error -22
[ 1610.071407][T24102] vlan2: entered promiscuous mode
[ 1610.360860][T24104] FAULT_INJECTION: forcing a failure.
[ 1610.360860][T24104] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1610.373933][T24104] CPU: 1 UID: 0 PID: 24104 Comm: syz.1.4801 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1610.373950][T24104] Tainted: [L]=SOFTLOCKUP
[ 1610.373954][T24104] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1610.373960][T24104] Call Trace:
[ 1610.373965][T24104]  <TASK>
[ 1610.373970][T24104]  dump_stack_lvl+0x16c/0x1f0
[ 1610.373985][T24104]  should_fail_ex+0x512/0x640
[ 1610.374013][T24104]  _copy_to_user+0x32/0xd0
[ 1610.374035][T24104]  simple_read_from_buffer+0xcb/0x170
[ 1610.374060][T24104]  proc_fail_nth_read+0x197/0x240
[ 1610.374075][T24104]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1610.374087][T24104]  ? rw_verify_area+0xcf/0x6c0
[ 1610.374099][T24104]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1610.374109][T24104]  vfs_read+0x1e4/0xcf0
[ 1610.374123][T24104]  ? __pfx___mutex_lock+0x10/0x10
[ 1610.374137][T24104]  ? __pfx_vfs_read+0x10/0x10
[ 1610.374153][T24104]  ? __fget_files+0x20e/0x3c0
[ 1610.374171][T24104]  ksys_read+0x12a/0x250
[ 1610.374184][T24104]  ? __pfx_ksys_read+0x10/0x10
[ 1610.374201][T24104]  do_syscall_64+0xcd/0xf80
[ 1610.374213][T24104]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1610.374224][T24104] RIP: 0033:0x7f3d62d8e15c
[ 1610.374232][T24104] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1610.374242][T24104] RSP: 002b:00007f3d63ca9030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1610.374253][T24104] RAX: ffffffffffffffda RBX: 00007f3d62fe5fa0 RCX: 00007f3d62d8e15c
[ 1610.374260][T24104] RDX: 000000000000000f RSI: 00007f3d63ca90a0 RDI: 0000000000000005
[ 1610.374268][T24104] RBP: 00007f3d63ca9090 R08: 0000000000000000 R09: 0000000000000000
[ 1610.374274][T24104] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1610.374280][T24104] R13: 00007f3d62fe6038 R14: 00007f3d62fe5fa0 R15: 00007fff033f4788
[ 1610.374294][T24104]  </TASK>
[ 1610.818722][ T5930] usb 5-1: USB disconnect, device number 38
[ 1613.987304][T24151] FAULT_INJECTION: forcing a failure.
[ 1613.987304][T24151] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1614.064115][T24151] CPU: 0 UID: 0 PID: 24151 Comm: syz.0.4815 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1614.064144][T24151] Tainted: [L]=SOFTLOCKUP
[ 1614.064150][T24151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1614.064160][T24151] Call Trace:
[ 1614.064167][T24151]  <TASK>
[ 1614.064174][T24151]  dump_stack_lvl+0x16c/0x1f0
[ 1614.064196][T24151]  should_fail_ex+0x512/0x640
[ 1614.064219][T24151]  _copy_to_user+0x32/0xd0
[ 1614.064243][T24151]  simple_read_from_buffer+0xcb/0x170
[ 1614.064267][T24151]  proc_fail_nth_read+0x197/0x240
[ 1614.064287][T24151]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1614.064307][T24151]  ? rw_verify_area+0xcf/0x6c0
[ 1614.064326][T24151]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1614.064343][T24151]  vfs_read+0x1e4/0xcf0
[ 1614.064364][T24151]  ? __pfx___mutex_lock+0x10/0x10
[ 1614.064387][T24151]  ? __pfx_vfs_read+0x10/0x10
[ 1614.064413][T24151]  ? __fget_files+0x20e/0x3c0
[ 1614.064441][T24151]  ksys_read+0x12a/0x250
[ 1614.064466][T24151]  ? __pfx_ksys_read+0x10/0x10
[ 1614.064494][T24151]  do_syscall_64+0xcd/0xf80
[ 1614.064514][T24151]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1614.064532][T24151] RIP: 0033:0x7f778098e15c
[ 1614.064549][T24151] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1614.064566][T24151] RSP: 002b:00007f778183b030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1614.064583][T24151] RAX: ffffffffffffffda RBX: 00007f7780be5fa0 RCX: 00007f778098e15c
[ 1614.064594][T24151] RDX: 000000000000000f RSI: 00007f778183b0a0 RDI: 0000000000000004
[ 1614.064604][T24151] RBP: 00007f778183b090 R08: 0000000000000000 R09: 0000000000000000
[ 1614.064614][T24151] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1614.064624][T24151] R13: 00007f7780be6038 R14: 00007f7780be5fa0 R15: 00007fff3b33f1c8
[ 1614.064649][T24151]  </TASK>
[ 1615.931239][T24175] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4821'.
[ 1615.958800][T24176] 9pnet_virtio: no channels available for device syz
[ 1616.054324][   T30] kauditd_printk_skb: 31 callbacks suppressed
[ 1616.060687][   T30] audit: type=1400 audit(1765630548.127:1996): avc:  denied  { audit_read } for  pid=24169 comm="syz.0.4820" capability=37  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 1616.109697][T24178] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1616.120334][T24178] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1616.221690][T24178] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1616.232273][T24178] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1616.234081][T17549] usb 2-1: new high-speed USB device number 107 using dummy_hcd
[ 1616.592222][   T30] audit: type=1326 audit(1765630548.667:1997): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24179 comm="syz.4.4822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe4ed38f749 code=0x7ffc0000
[ 1616.704501][   T30] audit: type=1326 audit(1765630548.697:1998): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24179 comm="syz.4.4822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=437 compat=0 ip=0x7fe4ed38f749 code=0x7ffc0000
[ 1616.724111][T17549] usb 2-1: config 0 has an invalid interface number: 204 but max is 0
[ 1616.746921][T24178] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1616.757227][T24178] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1616.772940][T17549] usb 2-1: config 0 has no interface number 0
[ 1616.819342][T24178] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1616.829650][T24178] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1616.975928][T23868] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[ 1617.007077][T23868] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1617.033201][T17549] usb 2-1: New USB device found, idVendor=12d6, idProduct=0444, bcdDevice=29.3d
[ 1617.042204][T23868] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[ 1617.066179][T23868] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1617.074516][T17549] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1617.084939][   T30] audit: type=1326 audit(1765630548.707:1999): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24179 comm="syz.4.4822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe4ed38f749 code=0x7ffc0000
[ 1617.120764][T23868] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[ 1617.143220][T23868] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1617.144474][T17549] usb 2-1: Product: syz
[ 1617.157720][T17549] usb 2-1: Manufacturer: syz
[ 1617.163883][T17549] usb 2-1: SerialNumber: syz
[ 1617.168758][   T30] audit: type=1326 audit(1765630548.707:2000): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24179 comm="syz.4.4822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe4ed38f749 code=0x7ffc0000
[ 1617.197641][T17549] usb 2-1: config 0 descriptor??
[ 1617.208773][   T30] audit: type=1326 audit(1765630548.707:2001): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24179 comm="syz.4.4822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fe4ed38f749 code=0x7ffc0000
[ 1617.233868][T17549] ems_usb 2-1:0.204 (unnamed net_device) (uninitialized): couldn't initialize controller: -22
[ 1617.245270][T17549] ems_usb 2-1:0.204: probe with driver ems_usb failed with error -22
[ 1617.312464][   T30] audit: type=1326 audit(1765630548.707:2002): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24179 comm="syz.4.4822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe4ed38f749 code=0x7ffc0000
[ 1617.367885][T23868] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[ 1617.400107][   T30] audit: type=1326 audit(1765630548.707:2003): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24179 comm="syz.4.4822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe4ed38f749 code=0x7ffc0000
[ 1617.450759][   T30] audit: type=1326 audit(1765630548.717:2004): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24179 comm="syz.4.4822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe4ed38f749 code=0x7ffc0000
[ 1617.475949][   T30] audit: type=1326 audit(1765630548.727:2005): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24179 comm="syz.4.4822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=28 compat=0 ip=0x7fe4ed38f749 code=0x7ffc0000
[ 1617.484245][T23868] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1618.280383][T24204] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1618.281352][ T5930] usb 2-1: USB disconnect, device number 107
[ 1618.302239][T24204] cgroup2: Unknown parameter 'pids_localevents>'
[ 1618.626751][T24218] mmap: syz.3.4831 (24218): VmData 37347328 exceed data ulimit 0. Update limits or use boot option ignore_rlimit_data.
[ 1618.957364][T24235] netdevsim netdevsim0 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1618.978502][T24235] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1618.995161][ T9279] usb 2-1: new high-speed USB device number 108 using dummy_hcd
[ 1619.264281][T24242] 9pnet_fd: Insufficient options for proto=fd
[ 1619.459459][T24235] netdevsim netdevsim0 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1619.476620][T24235] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1619.571896][T24235] netdevsim netdevsim0 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1619.594205][ T9279] usb 2-1: Using ep0 maxpacket: 32
[ 1619.602511][T24235] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1619.605693][ T9279] usb 2-1: config 0 has no interfaces?
[ 1619.619214][ T9279] usb 2-1: New USB device found, idVendor=0b05, idProduct=17e0, bcdDevice= 0.00
[ 1619.630217][ T9279] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1619.646940][ T9279] usb 2-1: config 0 descriptor??
[ 1619.846603][T24235] netdevsim netdevsim0 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1619.870408][ T9279] usb 2-1: USB disconnect, device number 108
[ 1619.893188][T24235] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1620.037514][T24261] netlink: 32 bytes leftover after parsing attributes in process `syz.2.4845'.
[ 1621.300955][   T30] kauditd_printk_skb: 6 callbacks suppressed
[ 1621.300970][   T30] audit: type=1400 audit(1765630553.377:2012): avc:  denied  { read } for  pid=24281 comm="syz.1.4851" name="cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1
[ 1621.336223][   T30] audit: type=1400 audit(1765630553.407:2013): avc:  denied  { open } for  pid=24281 comm="syz.1.4851" path="/dev/cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1
[ 1621.361816][   T30] audit: type=1400 audit(1765630553.417:2014): avc:  denied  { ioctl } for  pid=24281 comm="syz.1.4851" path="/dev/cachefiles" dev="devtmpfs" ino=4 ioctlcmd=0x127f scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1
[ 1621.927565][T24298] 9pnet_fd: Insufficient options for proto=fd
[ 1622.149402][T17549] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[ 1622.285661][T17549] usb 5-1: device descriptor read/64, error -71
[ 1622.457655][T24303] netlink: 72 bytes leftover after parsing attributes in process `syz.1.4854'.
[ 1622.624109][T17549] usb 5-1: new high-speed USB device number 40 using dummy_hcd
[ 1622.844079][T17549] usb 5-1: device descriptor read/64, error -71
[ 1622.857094][T23827] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[ 1622.866172][T23827] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1622.912967][T23827] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[ 1622.932527][T23827] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1623.030938][T17549] usb usb5-port1: attempt power cycle
[ 1623.059063][T23827] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[ 1623.072207][T23827] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1623.127258][ T1155] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[ 1623.164392][ T1155] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1623.192174][T24317] vlan0: entered promiscuous mode
[ 1623.338160][T24322] FAULT_INJECTION: forcing a failure.
[ 1623.338160][T24322] name failslab, interval 1, probability 0, space 0, times 0
[ 1623.380796][T24322] CPU: 0 UID: 0 PID: 24322 Comm: syz.0.4858 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1623.380827][T24322] Tainted: [L]=SOFTLOCKUP
[ 1623.380833][T24322] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1623.380843][T24322] Call Trace:
[ 1623.380849][T24322]  <TASK>
[ 1623.380856][T24322]  dump_stack_lvl+0x16c/0x1f0
[ 1623.380879][T24322]  should_fail_ex+0x512/0x640
[ 1623.380901][T24322]  ? __pfx_ref_tracker_alloc+0x10/0x10
[ 1623.380927][T24322]  should_failslab+0xc2/0x120
[ 1623.380952][T24322]  kmem_cache_alloc_noprof+0x83/0x770
[ 1623.380970][T24322]  ? skb_clone+0x190/0x3f0
[ 1623.381000][T24322]  ? skb_clone+0x190/0x3f0
[ 1623.381022][T24322]  skb_clone+0x190/0x3f0
[ 1623.381048][T24322]  netlink_deliver_tap+0xabd/0xd30
[ 1623.381081][T24322]  netlink_unicast+0x64c/0x870
[ 1623.381103][T24322]  ? __pfx_netlink_unicast+0x10/0x10
[ 1623.381129][T24322]  netlink_sendmsg+0x8c8/0xdd0
[ 1623.381147][T24322]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1623.381174][T24322]  ____sys_sendmsg+0xa5d/0xc30
[ 1623.381194][T24322]  ? copy_msghdr_from_user+0x10a/0x160
[ 1623.381219][T24322]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1623.381249][T24322]  ___sys_sendmsg+0x134/0x1d0
[ 1623.381275][T24322]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1623.381331][T24322]  __sys_sendmsg+0x16d/0x220
[ 1623.381356][T24322]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1623.381404][T24322]  do_syscall_64+0xcd/0xf80
[ 1623.381425][T24322]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1623.381442][T24322] RIP: 0033:0x7f778098f749
[ 1623.381457][T24322] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1623.381473][T24322] RSP: 002b:00007f778181a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1623.381491][T24322] RAX: ffffffffffffffda RBX: 00007f7780be6090 RCX: 00007f778098f749
[ 1623.381502][T24322] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[ 1623.381513][T24322] RBP: 00007f778181a090 R08: 0000000000000000 R09: 0000000000000000
[ 1623.381523][T24322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1623.381537][T24322] R13: 00007f7780be6128 R14: 00007f7780be6090 R15: 00007fff3b33f1c8
[ 1623.381563][T24322]  </TASK>
[ 1623.474149][T17549] usb 5-1: new high-speed USB device number 41 using dummy_hcd
[ 1624.066597][T17549] usb 5-1: device descriptor read/8, error -71
[ 1624.304184][T17549] usb 5-1: new high-speed USB device number 42 using dummy_hcd
[ 1624.344722][T17549] usb 5-1: device descriptor read/8, error -71
[ 1624.454276][T17549] usb usb5-port1: unable to enumerate USB device
[ 1625.876654][ T5927] usb 5-1: new low-speed USB device number 43 using dummy_hcd
[ 1626.077497][T24348] 9pnet_fd: Insufficient options for proto=fd
[ 1626.108529][ T5927] usb 5-1: config 0 has an invalid interface number: 55 but max is 0
[ 1626.348703][ T5927] usb 5-1: config 0 has no interface number 0
[ 1626.371813][ T5927] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1626.383147][ T5927] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8
[ 1626.396363][ T5927] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[ 1626.410467][ T5927] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[ 1626.421827][ T5927] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8
[ 1626.434009][ T5927] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[ 1626.458885][ T5927] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[ 1626.468613][ T5927] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1626.489388][ T5927] usb 5-1: config 0 descriptor??
[ 1626.496860][T24342] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 1626.505942][T24342] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 1626.522548][ T5927] ldusb 5-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[ 1626.799933][ T5927] usb 5-1: USB disconnect, device number 43
[ 1626.842537][ T5927] ldusb 5-1:0.55: LD USB Device #0 now disconnected
[ 1627.178514][T24361] netlink: 64138 bytes leftover after parsing attributes in process `syz.1.4868'.
[ 1627.204799][   T30] audit: type=1326 audit(1765630559.277:2015): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24360 comm="syz.1.4868" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d62d8f749 code=0x7ffc0000
[ 1627.286732][   T30] audit: type=1326 audit(1765630559.277:2016): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24360 comm="syz.1.4868" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d62d8f749 code=0x7ffc0000
[ 1627.365653][   T30] audit: type=1326 audit(1765630559.277:2017): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24360 comm="syz.1.4868" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3d62d8f749 code=0x7ffc0000
[ 1627.466824][   T30] audit: type=1326 audit(1765630559.277:2018): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24360 comm="syz.1.4868" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d62d8f749 code=0x7ffc0000
[ 1627.499329][T24366] 9pnet_fd: Insufficient options for proto=fd
[ 1627.530385][   T30] audit: type=1326 audit(1765630559.277:2019): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24360 comm="syz.1.4868" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d62d8f749 code=0x7ffc0000
[ 1627.630346][   T30] audit: type=1326 audit(1765630559.287:2020): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24360 comm="syz.1.4868" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3d62d8f749 code=0x7ffc0000
[ 1627.760318][   T30] audit: type=1326 audit(1765630559.287:2021): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24360 comm="syz.1.4868" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d62d8f749 code=0x7ffc0000
[ 1627.837485][   T30] audit: type=1326 audit(1765630559.287:2022): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24360 comm="syz.1.4868" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f3d62d8df90 code=0x7ffc0000
[ 1627.904236][   T30] audit: type=1326 audit(1765630559.287:2023): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24360 comm="syz.1.4868" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d62d8f749 code=0x7ffc0000
[ 1627.934388][   T24] usb 2-1: new high-speed USB device number 109 using dummy_hcd
[ 1628.048405][   T30] audit: type=1326 audit(1765630559.287:2024): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24360 comm="syz.1.4868" exe="/root/syz-executor" sig=0 arch=c000003e syscall=12 compat=0 ip=0x7f3d62d8f749 code=0x7ffc0000
[ 1628.207177][T24390] 9pnet_fd: Insufficient options for proto=fd
[ 1628.470906][   T24] usb 2-1: device descriptor read/64, error -71
[ 1628.714118][   T24] usb 2-1: new high-speed USB device number 110 using dummy_hcd
[ 1628.904165][   T24] usb 2-1: device descriptor read/64, error -71
[ 1629.024807][   T24] usb usb2-port1: attempt power cycle
[ 1629.364136][   T24] usb 2-1: new high-speed USB device number 111 using dummy_hcd
[ 1629.414981][   T24] usb 2-1: device descriptor read/8, error -71
[ 1629.766876][   T24] usb 2-1: new high-speed USB device number 112 using dummy_hcd
[ 1629.930791][   T24] usb 2-1: device descriptor read/8, error -71
[ 1630.044416][   T24] usb usb2-port1: unable to enumerate USB device
[ 1630.341453][T24418] netlink: 40 bytes leftover after parsing attributes in process `syz.3.4884'.
[ 1633.663217][T24457] 9pnet_fd: Insufficient options for proto=fd
[ 1633.770492][T24458] 9pnet_fd: Insufficient options for proto=fd
[ 1635.247657][T24467] genirq: Flags mismatch irq 4. 00200000 (pcl812) vs. 00200080 (ttyS0)
[ 1636.534075][   T24] usb 1-1: new high-speed USB device number 127 using dummy_hcd
[ 1636.684090][   T24] usb 1-1: device descriptor read/64, error -71
[ 1636.964153][   T24] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 1637.154176][   T24] usb 1-1: device descriptor read/64, error -71
[ 1637.604999][   T24] usb usb1-port1: attempt power cycle
[ 1637.994290][   T24] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[ 1638.381181][   T24] usb 1-1: device descriptor read/8, error -71
[ 1638.654071][   T24] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[ 1638.675524][   T24] usb 1-1: device descriptor read/8, error -71
[ 1638.784992][   T24] usb usb1-port1: unable to enumerate USB device
[ 1638.814709][   T30] kauditd_printk_skb: 34 callbacks suppressed
[ 1638.814725][   T30] audit: type=1400 audit(1765630570.897:2059): avc:  denied  { mounton } for  pid=24511 comm="syz.1.4897" path="/332/file1/file0" dev="autofs" ino=95533 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=dir permissive=1
[ 1639.004162][   T30] audit: type=1400 audit(1765630570.897:2060): avc:  denied  { read } for  pid=24511 comm="syz.1.4897" name="autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[ 1639.545938][T24525] 9pnet_fd: Insufficient options for proto=fd
[ 1639.717994][   T30] audit: type=1400 audit(1765630571.797:2061): avc:  denied  { allowed } for  pid=24530 comm="syz.0.4910" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[ 1639.800780][   T30] audit: type=1400 audit(1765630571.797:2062): avc:  denied  { sqpoll } for  pid=24530 comm="syz.0.4910" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[ 1640.822259][T24541] 9pnet_fd: Insufficient options for proto=fd
[ 1642.177216][T24570] gre1: entered promiscuous mode
[ 1642.182212][T24570] gre1: entered allmulticast mode
[ 1644.091598][T24592] 9pnet_fd: Insufficient options for proto=fd
[ 1647.706231][   T24] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[ 1647.902566][   T24] usb 1-1: Using ep0 maxpacket: 32
[ 1647.957981][   T24] usb 1-1: New USB device found, idVendor=13d8, idProduct=0020, bcdDevice=f7.31
[ 1647.994171][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1648.013768][   T24] usb 1-1: config 0 descriptor??
[ 1648.045054][   T24] usb 1-1: selecting invalid altsetting 3
[ 1648.050773][   T24] comedi comedi5: could not set alternate setting 3 in high speed
[ 1648.084560][   T24] usbduxsigma 1-1:0.0: driver 'usbduxsigma' failed to auto-configure device.
[ 1648.102178][T24630] FAULT_INJECTION: forcing a failure.
[ 1648.102178][T24630] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1648.117389][   T24] usbduxsigma 1-1:0.0: probe with driver usbduxsigma failed with error -22
[ 1648.154392][T24630] CPU: 1 UID: 0 PID: 24630 Comm: syz.4.4931 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1648.154410][T24630] Tainted: [L]=SOFTLOCKUP
[ 1648.154414][T24630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1648.154420][T24630] Call Trace:
[ 1648.154425][T24630]  <TASK>
[ 1648.154429][T24630]  dump_stack_lvl+0x16c/0x1f0
[ 1648.154445][T24630]  should_fail_ex+0x512/0x640
[ 1648.154462][T24630]  _copy_from_user+0x2e/0xd0
[ 1648.154476][T24630]  copy_msghdr_from_user+0x98/0x160
[ 1648.154492][T24630]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 1648.154513][T24630]  ___sys_sendmsg+0xfe/0x1d0
[ 1648.154528][T24630]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1648.154565][T24630]  __sys_sendmsg+0x16d/0x220
[ 1648.154588][T24630]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1648.154624][T24630]  do_syscall_64+0xcd/0xf80
[ 1648.154643][T24630]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1648.154660][T24630] RIP: 0033:0x7fe4ed38f749
[ 1648.154675][T24630] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1648.154692][T24630] RSP: 002b:00007fe4ee304038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1648.154709][T24630] RAX: ffffffffffffffda RBX: 00007fe4ed5e5fa0 RCX: 00007fe4ed38f749
[ 1648.154720][T24630] RDX: 0000000000000800 RSI: 0000200000000140 RDI: 0000000000000004
[ 1648.154732][T24630] RBP: 00007fe4ee304090 R08: 0000000000000000 R09: 0000000000000000
[ 1648.154742][T24630] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1648.154752][T24630] R13: 00007fe4ed5e6038 R14: 00007fe4ed5e5fa0 R15: 00007fff23995c68
[ 1648.154776][T24630]  </TASK>
[ 1648.349188][   T49] usb 1-1: USB disconnect, device number 5
[ 1648.680030][T24639] gre1: entered promiscuous mode
[ 1648.685131][T24639] gre1: entered allmulticast mode
[ 1649.454879][T24645] 9pnet_fd: Insufficient options for proto=fd
[ 1650.780122][T24658] could not open pipe file descriptor
[ 1652.081850][T24673] SELinux:  Context system_u:object_r:systemd_logger_exec_t:s0 is not valid (left unmapped).
[ 1652.094978][   T30] audit: type=1400 audit(1765630584.177:2063): avc:  denied  { relabelto } for  pid=24672 comm="syz.3.4943" name="471" dev="tmpfs" ino=2528 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:systemd_logger_exec_t:s0"
[ 1653.430760][   T30] audit: type=1400 audit(1765630584.177:2064): avc:  denied  { associate } for  pid=24672 comm="syz.3.4943" name="471" dev="tmpfs" ino=2528 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="system_u:object_r:systemd_logger_exec_t:s0"
[ 1653.624170][T17549] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[ 1653.663776][   T30] audit: type=1400 audit(1765630584.387:2065): avc:  denied  { remove_name } for  pid=16835 comm="syz-executor" name="binderfs" dev="tmpfs" ino=2532 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:systemd_logger_exec_t:s0"
[ 1653.804063][T17549] usb 1-1: Using ep0 maxpacket: 32
[ 1653.812628][T17549] usb 1-1: config 0 has an invalid interface number: 133 but max is 0
[ 1653.850787][T17549] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1653.861188][   T30] audit: type=1400 audit(1765630584.417:2066): avc:  denied  { rmdir } for  pid=16835 comm="syz-executor" name="471" dev="tmpfs" ino=2528 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:systemd_logger_exec_t:s0"
[ 1653.908643][T17549] usb 1-1: config 0 has no interface number 0
[ 1653.915106][T17549] usb 1-1: config 0 interface 133 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[ 1653.946213][T17549] usb 1-1: config 0 interface 133 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1653.971699][T17549] usb 1-1: New USB device found, idVendor=0424, idProduct=012c, bcdDevice=71.1e
[ 1654.006564][T17549] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1654.015746][T17549] usb 1-1: Product: syz
[ 1654.024545][T17549] usb 1-1: Manufacturer: syz
[ 1654.029533][T17549] usb 1-1: SerialNumber: syz
[ 1654.039666][T17549] usb 1-1: config 0 descriptor??
[ 1654.448603][T17549] usb 1-1: probing VID:PID(0424:012C)   
[ 1654.491352][T17549] usb 1-1: vub300 testing UNKNOWN EndPoint(0) 0B
[ 1654.508096][T17549] usb 1-1: vub300 ignoring EndPoint(0) 0B
[ 1654.523626][T17549] usb 1-1: Could not find two sets of bulk-in/out endpoint pairs
[ 1654.539229][T17549] vub300 1-1:0.133: probe with driver vub300 failed with error -22
[ 1654.562382][T17549] usb 1-1: USB disconnect, device number 6
[ 1654.931757][T24737] 9pnet_fd: Insufficient options for proto=fd
[ 1655.619592][T22203] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1655.745263][T24752] tipc: Started in network mode
[ 1655.755429][T22203] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1655.763801][T22203] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1655.771553][T22203] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1655.779657][T22203] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1655.783306][T24752] tipc: Node identity 1e80984e7e74, cluster identity 4711
[ 1655.871762][T24757] SELinux:  Context system_u:object_r:var_auth_t:s0 is not valid (left unmapped).
[ 1655.889659][   T30] audit: type=1400 audit(1765630587.947:2067): avc:  denied  { relabelfrom } for  pid=24744 comm="syz.3.4953" name="NETLINK" dev="sockfs" ino=96873 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1
[ 1656.184863][   T30] audit: type=1400 audit(1765630587.967:2068): avc:  denied  { relabelto } for  pid=24744 comm="syz.3.4953" name="NETLINK" dev="sockfs" ino=96873 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=netlink_route_socket permissive=1 trawcon="system_u:object_r:var_auth_t:s0"
[ 1656.191865][T24752] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1656.514504][T24758] syzkaller0: entered promiscuous mode
[ 1656.519996][T24758] syzkaller0: entered allmulticast mode
[ 1656.603196][T24758] tipc: Resetting bearer <eth:syzkaller0>
[ 1656.678577][   T30] audit: type=1400 audit(1765630588.757:2069): avc:  denied  { accept } for  pid=24751 comm="syz.4.4955" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1
[ 1656.928672][T24751] tipc: Resetting bearer <eth:syzkaller0>
[ 1656.956849][T24751] tipc: Disabling bearer <eth:syzkaller0>
[ 1658.012442][T22203] Bluetooth: hci0: command tx timeout
[ 1658.304334][ T6374] usb 5-1: new high-speed USB device number 44 using dummy_hcd
[ 1658.454133][ T6374] usb 5-1: Using ep0 maxpacket: 16
[ 1658.467382][T24747] chnl_net:caif_netlink_parms(): no params data found
[ 1658.573918][ T6374] usb 5-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1658.602235][ T6374] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1658.744770][T24795] 9pnet_fd: Insufficient options for proto=fd
[ 1659.012742][ T6374] usb 5-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00
[ 1659.021922][ T6374] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1659.035601][ T6374] usb 5-1: config 0 descriptor??
[ 1659.207030][T24747] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1659.215402][T24747] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1659.222655][T24747] bridge_slave_0: entered allmulticast mode
[ 1659.230865][T24747] bridge_slave_0: entered promiscuous mode
[ 1659.245036][T24747] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1659.264945][T24747] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1659.281675][T24747] bridge_slave_1: entered allmulticast mode
[ 1659.293270][T24747] bridge_slave_1: entered promiscuous mode
[ 1659.463263][ T6374] nzxt-smart2 0003:1E71:2009.0022: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.4-1/input0
[ 1660.080853][T22203] Bluetooth: hci0: command tx timeout
[ 1660.690418][T24815] overlayfs: failed to clone upperpath
[ 1661.469154][ T5930] usb 5-1: USB disconnect, device number 44
[ 1661.560625][T22203] Bluetooth: hci4: unexpected event for opcode 0x0c25
[ 1661.620766][T22203] Bluetooth: hci4: ACL packet for unknown connection handle 0
[ 1661.653827][T23830] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1661.674738][T23830] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1661.690180][T23830] bond0 (unregistering): Released all slaves
[ 1661.708497][T24747] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1661.730392][T24819] gre1: entered promiscuous mode
[ 1661.735374][T24819] gre1: entered allmulticast mode
[ 1661.742910][T24821] netlink: 666 bytes leftover after parsing attributes in process `syz.2.4969'.
[ 1661.836117][T24747] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1661.925395][T24825] overlayfs: failed to clone upperpath
[ 1662.136224][T24747] team0: Port device team_slave_0 added
[ 1662.154599][T22203] Bluetooth: hci0: command tx timeout
[ 1662.192015][T24747] team0: Port device team_slave_1 added
[ 1662.661448][T24849] 9pnet_fd: Insufficient options for proto=fd
[ 1662.990300][T24747] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1663.025511][T24747] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1663.094040][T24747] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1663.116976][T24747] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1663.188761][T24747] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1663.224113][T24747] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1664.249996][T12322] Bluetooth: hci0: command tx timeout
[ 1664.477383][T24863] overlayfs: failed to clone upperpath
[ 1665.389846][T24747] hsr_slave_0: entered promiscuous mode
[ 1665.398915][T24747] hsr_slave_1: entered promiscuous mode
[ 1665.405426][T24747] debugfs: 'hsr0' already exists in 'hsr'
[ 1665.411231][T24747] Cannot create hsr debugfs directory
[ 1665.499256][T24884] netlink: 1752 bytes leftover after parsing attributes in process `syz.2.4983'.
[ 1665.975947][T24893] 9pnet_fd: Insufficient options for proto=fd
[ 1666.658256][T23830] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1667.694793][T23830] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1667.830080][T24914] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4987'.
[ 1668.214200][ T5930] usb 5-1: new high-speed USB device number 45 using dummy_hcd
[ 1668.455464][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[ 1668.461828][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[ 1668.544191][ T5930] usb 5-1: Using ep0 maxpacket: 16
[ 1668.550512][ T5930] usb 5-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1668.580708][T23830] team0 (unregistering): Port device team_slave_1 removed
[ 1668.594095][ T5930] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1668.600731][ T5930] usb 5-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00
[ 1668.626804][ T5930] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1668.642388][ T5930] usb 5-1: config 0 descriptor??
[ 1668.676606][T23830] team0 (unregistering): Port device team_slave_0 removed
[ 1671.326853][T23830] IPVS: stop unused estimator thread 0...
[ 1671.340210][ T5930] usbhid 5-1:0.0: can't add hid device: -71
[ 1671.389598][ T5930] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[ 1671.433948][ T5930] usb 5-1: USB disconnect, device number 45
[ 1671.467779][T24747] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 1671.520479][T24747] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 1671.607895][T24747] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 1671.659126][T24747] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 1672.813552][T24747] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1672.877211][T24747] 8021q: adding VLAN 0 to HW filter on device team0
[ 1672.913532][T23834] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1672.920670][T23834] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1673.252833][T23834] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1673.259976][T23834] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1674.578448][T24998] 9pnet_fd: Insufficient options for proto=fd
[ 1675.441515][T24747] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1675.779952][T25025] C: renamed from team_slave_0 (while UP)
[ 1675.794237][T17549] usb 1-1: new full-speed USB device number 7 using dummy_hcd
[ 1675.829370][T25025] netlink: 'syz.3.5001': attribute type 2 has an invalid length.
[ 1675.864473][T25025] netlink: 128 bytes leftover after parsing attributes in process `syz.3.5001'.
[ 1675.894094][T25025] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[ 1675.975569][T17549] usb 1-1: config 0 has an invalid interface number: 133 but max is 0
[ 1675.983763][T17549] usb 1-1: config 0 has no interface number 0
[ 1676.057394][T17549] usb 1-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d
[ 1676.085097][T17549] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1676.114288][T17549] usb 1-1: Product: syz
[ 1676.118472][T17549] usb 1-1: Manufacturer: syz
[ 1676.123056][T17549] usb 1-1: SerialNumber: syz
[ 1676.147213][T17549] usb 1-1: config 0 descriptor??
[ 1676.174050][ T9781] usb 5-1: new high-speed USB device number 46 using dummy_hcd
[ 1676.242095][T24747] veth0_vlan: entered promiscuous mode
[ 1676.270475][T24747] veth1_vlan: entered promiscuous mode
[ 1676.344213][ T9781] usb 5-1: Using ep0 maxpacket: 16
[ 1676.353239][ T9781] usb 5-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1676.355247][T24747] veth0_macvtap: entered promiscuous mode
[ 1676.420244][ T9781] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1676.447335][ T9781] usb 5-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00
[ 1676.459024][ T9781] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1676.478459][ T9781] usb 5-1: config 0 descriptor??
[ 1676.489291][T24747] veth1_macvtap: entered promiscuous mode
[ 1676.648359][T24747] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1676.676334][T24747] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1677.124224][T17549] keyspan 1-1:0.133: Keyspan 1 port adapter converter detected
[ 1677.153820][T17549] keyspan 1-1:0.133: found no endpoint descriptor for endpoint 81
[ 1677.169158][T18068] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1677.173453][T17549] keyspan 1-1:0.133: found no endpoint descriptor for endpoint 1
[ 1677.183812][T18068] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1677.203418][T18068] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1677.252860][T17549] keyspan 1-1:0.133: found no endpoint descriptor for endpoint 2
[ 1677.263124][T18068] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1677.310949][T18068] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1677.373455][T17549] usb 1-1: Keyspan 1 port adapter converter now attached to ttyUSB0
[ 1677.408719][T18068] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1677.459026][T17549] usb 1-1: USB disconnect, device number 7
[ 1677.855813][T17549] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0
[ 1678.274345][T17549] keyspan 1-1:0.133: device disconnected
[ 1679.193076][ T3513] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1679.219148][ T9781] usbhid 5-1:0.0: can't add hid device: -71
[ 1679.225316][ T9781] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[ 1679.236162][ T9781] usb 5-1: USB disconnect, device number 46
[ 1679.244400][ T3513] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1679.388266][   T30] audit: type=1400 audit(1765630611.457:2070): avc:  denied  { mounton } for  pid=24747 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[ 1679.632751][T25062] netlink: 'syz.5.4950': attribute type 10 has an invalid length.
[ 1679.659620][T25062] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1679.668359][T25062] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1679.692156][T25062] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1679.699336][T25062] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1679.706806][T25062] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1679.713910][T25062] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1679.786621][T25062] bond0: (slave bridge0): Enslaving as an active interface with an up link
[ 1680.306260][T25062] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4950'.
[ 1680.331279][   T30] audit: type=1326 audit(1765630612.407:2071): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25060 comm="syz.5.4950" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f631c58f749 code=0x0
[ 1681.583838][T25077] FAULT_INJECTION: forcing a failure.
[ 1681.583838][T25077] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1681.640004][T25077] CPU: 0 UID: 0 PID: 25077 Comm: syz.4.5011 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1681.640034][T25077] Tainted: [L]=SOFTLOCKUP
[ 1681.640040][T25077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1681.640050][T25077] Call Trace:
[ 1681.640057][T25077]  <TASK>
[ 1681.640063][T25077]  dump_stack_lvl+0x16c/0x1f0
[ 1681.640087][T25077]  should_fail_ex+0x512/0x640
[ 1681.640114][T25077]  _copy_from_iter+0x2a4/0x16c0
[ 1681.640139][T25077]  ? __alloc_skb+0x220/0x410
[ 1681.640160][T25077]  ? __alloc_skb+0x35d/0x410
[ 1681.640180][T25077]  ? __pfx__copy_from_iter+0x10/0x10
[ 1681.640201][T25077]  ? netlink_autobind.isra.0+0x158/0x370
[ 1681.640228][T25077]  netlink_sendmsg+0x820/0xdd0
[ 1681.640250][T25077]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1681.640277][T25077]  ____sys_sendmsg+0xa5d/0xc30
[ 1681.640296][T25077]  ? copy_msghdr_from_user+0x10a/0x160
[ 1681.640319][T25077]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1681.640354][T25077]  ___sys_sendmsg+0x134/0x1d0
[ 1681.640379][T25077]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1681.640433][T25077]  __sys_sendmsg+0x16d/0x220
[ 1681.640457][T25077]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1681.640498][T25077]  do_syscall_64+0xcd/0xf80
[ 1681.640518][T25077]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1681.640536][T25077] RIP: 0033:0x7fe4ed38f749
[ 1681.640550][T25077] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1681.640566][T25077] RSP: 002b:00007fe4ee304038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1681.640583][T25077] RAX: ffffffffffffffda RBX: 00007fe4ed5e5fa0 RCX: 00007fe4ed38f749
[ 1681.640594][T25077] RDX: 0000000000040000 RSI: 00002000000000c0 RDI: 0000000000000003
[ 1681.640605][T25077] RBP: 00007fe4ee304090 R08: 0000000000000000 R09: 0000000000000000
[ 1681.640615][T25077] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1681.640625][T25077] R13: 00007fe4ed5e6038 R14: 00007fe4ed5e5fa0 R15: 00007fff23995c68
[ 1681.640650][T25077]  </TASK>
[ 1682.145490][T25083] gre1: entered promiscuous mode
[ 1682.150493][T25083] gre1: entered allmulticast mode
[ 1682.862022][T25090] 9pnet_fd: Insufficient options for proto=fd
[ 1683.777292][T25111] vlan2: entered promiscuous mode
[ 1686.251930][T25138] genirq: Flags mismatch irq 4. 00200000 (pcl812) vs. 00200080 (ttyS0)
[ 1687.372066][T25188] gre1: entered promiscuous mode
[ 1687.377207][T25188] gre1: entered allmulticast mode
[ 1688.499369][T25195] gre1: entered promiscuous mode
[ 1688.504393][T25195] gre1: entered allmulticast mode
[ 1688.701223][T25198] 9pnet_fd: Insufficient options for proto=fd
[ 1690.333648][   T24] kernel read not supported for file /snd/controlC0 (pid: 24 comm: kworker/1:0)
[ 1691.230278][T25237] binder: 25233:25237 ioctl 40089416 200000001f80 returned -22
[ 1691.291023][T25242] binder: 25233:25242 ioctl 40489426 200000002380 returned -22
[ 1691.461931][T25252] FAULT_INJECTION: forcing a failure.
[ 1691.461931][T25252] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1691.522541][T25252] CPU: 1 UID: 0 PID: 25252 Comm: syz.4.5045 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1691.522571][T25252] Tainted: [L]=SOFTLOCKUP
[ 1691.522577][T25252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1691.522587][T25252] Call Trace:
[ 1691.522594][T25252]  <TASK>
[ 1691.522601][T25252]  dump_stack_lvl+0x16c/0x1f0
[ 1691.522624][T25252]  should_fail_ex+0x512/0x640
[ 1691.522651][T25252]  _copy_from_user+0x2e/0xd0
[ 1691.522673][T25252]  video_usercopy+0xee2/0x16c0
[ 1691.522693][T25252]  ? __pfx___video_do_ioctl+0x10/0x10
[ 1691.522718][T25252]  ? selinux_kernel_read_file+0x50/0x120
[ 1691.522736][T25252]  ? __pfx_video_usercopy+0x10/0x10
[ 1691.522765][T25252]  v4l2_ioctl+0x1bd/0x250
[ 1691.522788][T25252]  ? __pfx_v4l2_ioctl+0x10/0x10
[ 1691.522813][T25252]  __x64_sys_ioctl+0x18e/0x210
[ 1691.522833][T25252]  do_syscall_64+0xcd/0xf80
[ 1691.522851][T25252]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1691.522867][T25252] RIP: 0033:0x7fe4ed38f749
[ 1691.522881][T25252] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1691.522897][T25252] RSP: 002b:00007fe4ee304038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1691.522914][T25252] RAX: ffffffffffffffda RBX: 00007fe4ed5e5fa0 RCX: 00007fe4ed38f749
[ 1691.522926][T25252] RDX: 0000200000000340 RSI: 00000000c0585611 RDI: 0000000000000003
[ 1691.522936][T25252] RBP: 00007fe4ee304090 R08: 0000000000000000 R09: 0000000000000000
[ 1691.522946][T25252] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1691.522956][T25252] R13: 00007fe4ed5e6038 R14: 00007fe4ed5e5fa0 R15: 00007fff23995c68
[ 1691.522979][T25252]  </TASK>
[ 1693.214071][ T5865] usb 6-1: new low-speed USB device number 2 using dummy_hcd
[ 1693.354251][ T5865] usb 6-1: device descriptor read/64, error -71
[ 1693.444578][T25283] gre1: entered promiscuous mode
[ 1693.449551][T25283] gre1: entered allmulticast mode
[ 1693.654126][ T5865] usb 6-1: new low-speed USB device number 3 using dummy_hcd
[ 1693.864809][ T5865] usb 6-1: device descriptor read/64, error -71
[ 1694.039108][ T5865] usb usb6-port1: attempt power cycle
[ 1694.704429][ T5865] usb 6-1: new low-speed USB device number 4 using dummy_hcd
[ 1695.525462][ T5865] usb 6-1: device descriptor read/8, error -71
[ 1695.604039][T16937] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[ 1695.774807][T16937] usb 1-1: Using ep0 maxpacket: 32
[ 1695.790108][T16937] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0
[ 1695.813476][T16937] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 0
[ 1695.847188][T16937] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[ 1695.861081][T16937] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[ 1695.881678][T16937] usb 1-1: Product: syz
[ 1695.910021][T16937] usb 1-1: Manufacturer: syz
[ 1695.920120][T16937] usb 1-1: SerialNumber: syz
[ 1695.940759][T16937] usb 1-1: config 0 descriptor??
[ 1695.952723][T16937] hub 1-1:0.0: bad descriptor, ignoring hub
[ 1695.964153][T16937] hub 1-1:0.0: probe with driver hub failed with error -5
[ 1696.159347][T25312] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5055'.
[ 1696.251622][   T30] audit: type=1400 audit(1765630628.317:2072): avc:  denied  { write } for  pid=25309 comm="syz.0.5055" name="renderD128" dev="devtmpfs" ino=626 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[ 1696.285831][T25332] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1696.296789][T25312] veth1_to_hsr: entered promiscuous mode
[ 1696.302558][T25312] macvlan3: entered allmulticast mode
[ 1696.308443][T25312] veth1_to_hsr: entered allmulticast mode
[ 1696.315130][T25332] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1696.737505][T22203] Bluetooth: hci2: Unknown advertising packet type: 0x1e
[ 1696.737569][T22203] Bluetooth: hci2: Malformed LE Event: 0x0d
[ 1696.884916][   T24] usb 1-1: USB disconnect, device number 8
[ 1697.327704][T25347] 9pnet_fd: Insufficient options for proto=fd
[ 1698.267081][T25371] gre1: entered promiscuous mode
[ 1698.272205][T25371] gre1: entered allmulticast mode
[ 1698.826335][T25385] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5067'.
[ 1698.997662][T25385] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1699.217013][T25392] vlan2: entered allmulticast mode
[ 1699.337367][T25392] macsec0: entered allmulticast mode
[ 1699.398429][T25401] 9pnet_fd: Insufficient options for proto=fd
[ 1700.214700][T25392] veth1_macvtap: entered allmulticast mode
[ 1700.629645][T25407] 9pnet_fd: Insufficient options for proto=fd
[ 1700.750161][T25410] xt_addrtype: input interface limitation not valid in POSTROUTING and OUTPUT
[ 1701.157499][T25430] FAULT_INJECTION: forcing a failure.
[ 1701.157499][T25430] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1701.174355][T25430] CPU: 0 UID: 0 PID: 25430 Comm: syz.0.5075 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1701.174383][T25430] Tainted: [L]=SOFTLOCKUP
[ 1701.174390][T25430] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1701.174400][T25430] Call Trace:
[ 1701.174407][T25430]  <TASK>
[ 1701.174413][T25430]  dump_stack_lvl+0x16c/0x1f0
[ 1701.174437][T25430]  should_fail_ex+0x512/0x640
[ 1701.174462][T25430]  _copy_from_user+0x2e/0xd0
[ 1701.174484][T25430]  restore_sigcontext+0xcb/0x6a0
[ 1701.174509][T25430]  ? __pfx_restore_sigcontext+0x10/0x10
[ 1701.174549][T25430]  ? __pfx_restore_altstack+0x10/0x10
[ 1701.174570][T25430]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1701.174593][T25430]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1701.174610][T25430]  __do_sys_rt_sigreturn+0x229/0x2c0
[ 1701.174628][T25430]  ? __pfx___do_sys_rt_sigreturn+0x10/0x10
[ 1701.174652][T25430]  do_syscall_64+0xcd/0xf80
[ 1701.174666][T25430]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1701.174679][T25430] RIP: 0033:0x7f778092b829
[ 1701.174690][T25430] Code: 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 90 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 c7 c0 0f 00 00 00 0f 05 <0f> 1f 80 00 00 00 00 48 81 ec 48 01 00 00 49 89 d0 64 48 8b 04 25
[ 1701.174703][T25430] RSP: 002b:00007f77817f8340 EFLAGS: 00000206 ORIG_RAX: 000000000000000f
[ 1701.174716][T25430] RAX: ffffffffffffffda RBX: 00007f7780be6180 RCX: 00007f778092b829
[ 1701.174724][T25430] RDX: 00007f77817f8340 RSI: 00007f77817f8470 RDI: 0000000000000021
[ 1701.174732][T25430] RBP: 00007f77817f9090 R08: 0000000000000000 R09: 0000000000000000
[ 1701.174740][T25430] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001
[ 1701.174747][T25430] R13: 00007f7780be6218 R14: 00007f7780be6180 R15: 00007fff3b33f1c8
[ 1701.174766][T25430]  </TASK>
[ 1701.705934][T25437] gre2: entered promiscuous mode
[ 1701.710931][T25437] gre2: entered allmulticast mode
[ 1702.070264][T25438] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5077'.
[ 1702.080013][T25438] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1702.161365][T25438] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1702.399627][T25447] FAULT_INJECTION: forcing a failure.
[ 1702.399627][T25447] name failslab, interval 1, probability 0, space 0, times 0
[ 1702.405116][T25446] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5080'.
[ 1702.413022][T25447] CPU: 1 UID: 0 PID: 25447 Comm: syz.4.5081 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1702.413045][T25447] Tainted: [L]=SOFTLOCKUP
[ 1702.413051][T25447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1702.413060][T25447] Call Trace:
[ 1702.413065][T25447]  <TASK>
[ 1702.413071][T25447]  dump_stack_lvl+0x16c/0x1f0
[ 1702.413091][T25447]  should_fail_ex+0x512/0x640
[ 1702.413110][T25447]  ? __pfx_ref_tracker_alloc+0x10/0x10
[ 1702.413132][T25447]  should_failslab+0xc2/0x120
[ 1702.413152][T25447]  kmem_cache_alloc_noprof+0x83/0x770
[ 1702.413167][T25447]  ? skb_clone+0x190/0x3f0
[ 1702.413192][T25447]  ? skb_clone+0x190/0x3f0
[ 1702.413210][T25447]  skb_clone+0x190/0x3f0
[ 1702.413231][T25447]  netlink_deliver_tap+0xabd/0xd30
[ 1702.413258][T25447]  netlink_unicast+0x64c/0x870
[ 1702.413276][T25447]  ? __pfx_netlink_unicast+0x10/0x10
[ 1702.413298][T25447]  netlink_sendmsg+0x8c8/0xdd0
[ 1702.413316][T25447]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1702.413351][T25447]  ____sys_sendmsg+0xa5d/0xc30
[ 1702.413368][T25447]  ? copy_msghdr_from_user+0x10a/0x160
[ 1702.413388][T25447]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1702.413414][T25447]  ___sys_sendmsg+0x134/0x1d0
[ 1702.413435][T25447]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1702.413482][T25447]  __sys_sendmsg+0x16d/0x220
[ 1702.413502][T25447]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1702.413530][T25447]  ? fput+0x70/0xf0
[ 1702.413555][T25447]  do_syscall_64+0xcd/0xf80
[ 1702.413572][T25447]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1702.413586][T25447] RIP: 0033:0x7fe4ed38f749
[ 1702.413599][T25447] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1702.413613][T25447] RSP: 002b:00007fe4ee304038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1702.413628][T25447] RAX: ffffffffffffffda RBX: 00007fe4ed5e5fa0 RCX: 00007fe4ed38f749
[ 1702.413638][T25447] RDX: 0000000004004050 RSI: 00002000000001c0 RDI: 0000000000000003
[ 1702.413648][T25447] RBP: 00007fe4ee304090 R08: 0000000000000000 R09: 0000000000000000
[ 1702.413656][T25447] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1702.413666][T25447] R13: 00007fe4ed5e6038 R14: 00007fe4ed5e5fa0 R15: 00007fff23995c68
[ 1702.413687][T25447]  </TASK>
[ 1704.380662][T25459] 9pnet_fd: Insufficient options for proto=fd
[ 1704.826056][T25476] bridge1: trying to set multicast query interval below minimum, setting to 100 (1000ms)
[ 1704.861294][T25471] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5088'.
[ 1705.504265][T25488] Bluetooth: MGMT ver 1.23
[ 1706.018165][T25497] 9pnet_fd: Insufficient options for proto=fd
[ 1707.172409][T25511] erspan1: entered allmulticast mode
[ 1707.234437][T25512] netlink: 'syz.0.5101': attribute type 10 has an invalid length.
[ 1707.627155][T25515] FAULT_INJECTION: forcing a failure.
[ 1707.627155][T25515] name failslab, interval 1, probability 0, space 0, times 0
[ 1707.642937][T25512] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1707.715735][T25515] CPU: 1 UID: 0 PID: 25515 Comm: syz.4.5100 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1707.715762][T25515] Tainted: [L]=SOFTLOCKUP
[ 1707.715768][T25515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1707.715775][T25515] Call Trace:
[ 1707.715778][T25515]  <TASK>
[ 1707.715783][T25515]  dump_stack_lvl+0x16c/0x1f0
[ 1707.715798][T25515]  should_fail_ex+0x512/0x640
[ 1707.715814][T25515]  should_failslab+0xc2/0x120
[ 1707.715828][T25515]  __kmalloc_cache_noprof+0x80/0x800
[ 1707.715846][T25515]  ? __io_queue_proc+0x2bb/0x920
[ 1707.715863][T25515]  ? __io_queue_proc+0x2bb/0x920
[ 1707.715878][T25515]  __io_queue_proc+0x2bb/0x920
[ 1707.715894][T25515]  ? __pfx_io_async_queue_proc+0x10/0x10
[ 1707.715909][T25515]  n_hdlc_tty_poll+0xd4/0x250
[ 1707.715926][T25515]  ? __pfx_n_hdlc_tty_poll+0x10/0x10
[ 1707.715940][T25515]  tty_poll+0x105/0x1d0
[ 1707.715957][T25515]  __io_arm_poll_handler+0x445/0x1270
[ 1707.715972][T25515]  ? __pfx_tty_poll+0x10/0x10
[ 1707.715994][T25515]  io_arm_apoll+0x50b/0x960
[ 1707.716008][T25515]  ? io_read+0xe0/0x1f0
[ 1707.716022][T25515]  ? __pfx_io_arm_apoll+0x10/0x10
[ 1707.716037][T25515]  ? __pfx_io_async_queue_proc+0x10/0x10
[ 1707.716055][T25515]  ? __io_issue_sqe+0x14a/0x7c0
[ 1707.716069][T25515]  io_arm_poll_handler+0x223/0x2b0
[ 1707.716085][T25515]  io_queue_async+0xab/0x130
[ 1707.716100][T25515]  io_submit_sqes+0x154e/0x28e0
[ 1707.716123][T25515]  __do_sys_io_uring_enter+0xd6b/0x1630
[ 1707.716141][T25515]  ? __fget_files+0x20e/0x3c0
[ 1707.716155][T25515]  ? __pfx___do_sys_io_uring_enter+0x10/0x10
[ 1707.716172][T25515]  ? fput+0x70/0xf0
[ 1707.716188][T25515]  ? ksys_write+0x1ac/0x250
[ 1707.716200][T25515]  ? __pfx_ksys_write+0x10/0x10
[ 1707.716217][T25515]  do_syscall_64+0xcd/0xf80
[ 1707.716230][T25515]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1707.716242][T25515] RIP: 0033:0x7fe4ed38f749
[ 1707.716251][T25515] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1707.716261][T25515] RSP: 002b:00007fe4ee2e3038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1707.716272][T25515] RAX: ffffffffffffffda RBX: 00007fe4ed5e6090 RCX: 00007fe4ed38f749
[ 1707.716279][T25515] RDX: 0000000000000000 RSI: 00000000000847ba RDI: 0000000000000007
[ 1707.716285][T25515] RBP: 00007fe4ee2e3090 R08: 0000000000000000 R09: 0000000000000000
[ 1707.716291][T25515] R10: 000000000000000e R11: 0000000000000246 R12: 0000000000000001
[ 1707.716297][T25515] R13: 00007fe4ed5e6128 R14: 00007fe4ed5e6090 R15: 00007fff23995c68
[ 1707.716311][T25515]  </TASK>
[ 1708.580632][T25532] 9pnet_fd: Insufficient options for proto=fd
[ 1709.877352][T25544] 9pnet_fd: Insufficient options for proto=fd
[ 1710.375396][T25538] Process accounting resumed
[ 1711.244293][T25562] netlink: 'syz.0.5111': attribute type 9 has an invalid length.
[ 1711.285847][T25559] netlink: 20 bytes leftover after parsing attributes in process `syz.5.5113'.
[ 1711.399770][   T49] hid-generic 0000:0000:0000.0023: unknown main item tag 0x0
[ 1711.419018][   T49] hid-generic 0000:0000:0000.0023: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[ 1711.434465][   T30] audit: type=1400 audit(1765630643.497:2073): avc:  denied  { setopt } for  pid=25563 comm="syz.4.5114" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[ 1711.602602][T25569] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5115'.
[ 1711.650666][T25569] 8021q: adding VLAN 0 to HW filter on device ipvlan2
[ 1711.744903][T25569] team0: Device ipvlan2 is already an upper device of the team interface
[ 1712.948547][T25581] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1713.193238][T25581] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1713.234120][T22873] usb 1-1: new full-speed USB device number 9 using dummy_hcd
[ 1713.567787][T22873] usb 1-1: device descriptor read/64, error -71
[ 1713.631362][T25581] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1713.707019][T25594] netlink: 76 bytes leftover after parsing attributes in process `syz.3.5121'.
[ 1713.891030][T22873] usb 1-1: new full-speed USB device number 10 using dummy_hcd
[ 1714.041910][T22873] usb 1-1: device descriptor read/64, error -71
[ 1714.162293][T22873] usb usb1-port1: attempt power cycle
[ 1714.447366][T25581] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1715.390754][T25605] netlink: 'syz.4.5123': attribute type 4 has an invalid length.
[ 1715.546337][T23843] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1715.664729][T23837] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1715.701751][T23837] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1715.832162][T23837] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1715.910257][T25612] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pid=25612 comm=syz.0.5125
[ 1716.535017][T25616] FAULT_INJECTION: forcing a failure.
[ 1716.535017][T25616] name failslab, interval 1, probability 0, space 0, times 0
[ 1716.646894][T25616] CPU: 0 UID: 0 PID: 25616 Comm: syz.5.5126 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1716.646924][T25616] Tainted: [L]=SOFTLOCKUP
[ 1716.646930][T25616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1716.646940][T25616] Call Trace:
[ 1716.646947][T25616]  <TASK>
[ 1716.646954][T25616]  dump_stack_lvl+0x16c/0x1f0
[ 1716.646976][T25616]  should_fail_ex+0x512/0x640
[ 1716.646998][T25616]  ? __kmalloc_cache_noprof+0x5f/0x800
[ 1716.647026][T25616]  should_failslab+0xc2/0x120
[ 1716.647048][T25616]  __kmalloc_cache_noprof+0x80/0x800
[ 1716.647073][T25616]  ? drm_mode_setcrtc+0x695/0x1de0
[ 1716.647095][T25616]  ? drm_mode_setcrtc+0x695/0x1de0
[ 1716.647114][T25616]  drm_mode_setcrtc+0x695/0x1de0
[ 1716.647139][T25616]  ? avc_has_extended_perms+0x33a/0x1090
[ 1716.647167][T25616]  ? avc_has_extended_perms+0x47c/0x1090
[ 1716.647191][T25616]  ? __pfx_drm_mode_setcrtc+0x10/0x10
[ 1716.647215][T25616]  ? __pfx_avc_has_extended_perms+0x10/0x10
[ 1716.647252][T25616]  ? drm_is_current_master+0x2c/0x40
[ 1716.647277][T25616]  ? do_raw_spin_unlock+0x172/0x230
[ 1716.647304][T25616]  drm_ioctl_kernel+0x1f4/0x3e0
[ 1716.647323][T25616]  ? __pfx_drm_mode_setcrtc+0x10/0x10
[ 1716.647343][T25616]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[ 1716.647370][T25616]  drm_ioctl+0x5c9/0xc30
[ 1716.647394][T25616]  ? __pfx_drm_mode_setcrtc+0x10/0x10
[ 1716.647413][T25616]  ? __pfx_drm_ioctl+0x10/0x10
[ 1716.647443][T25616]  ? selinux_file_ioctl+0x180/0x270
[ 1716.647461][T25616]  ? selinux_file_ioctl+0xb4/0x270
[ 1716.647480][T25616]  ? __pfx_drm_ioctl+0x10/0x10
[ 1716.647500][T25616]  __x64_sys_ioctl+0x18e/0x210
[ 1716.647523][T25616]  do_syscall_64+0xcd/0xf80
[ 1716.647542][T25616]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1716.647559][T25616] RIP: 0033:0x7f631c58f749
[ 1716.647573][T25616] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1716.647589][T25616] RSP: 002b:00007f631d35d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1716.647606][T25616] RAX: ffffffffffffffda RBX: 00007f631c7e5fa0 RCX: 00007f631c58f749
[ 1716.647617][T25616] RDX: 0000200000000500 RSI: 00000000c06864a2 RDI: 0000000000000003
[ 1716.647627][T25616] RBP: 00007f631d35d090 R08: 0000000000000000 R09: 0000000000000000
[ 1716.647637][T25616] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1716.647647][T25616] R13: 00007f631c7e6038 R14: 00007f631c7e5fa0 R15: 00007ffd8315e3e8
[ 1716.647672][T25616]  </TASK>
[ 1717.257789][   T30] audit: type=1326 audit(1765630649.337:2074): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25619 comm="syz.0.5129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f778098f749 code=0x7ffc0000
[ 1717.805274][   T30] audit: type=1326 audit(1765630649.367:2075): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25619 comm="syz.0.5129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f778098f749 code=0x7ffc0000
[ 1717.837478][T25628] bridge0: port 3(veth0_to_bridge) entered blocking state
[ 1717.860686][T25628] bridge0: port 3(veth0_to_bridge) entered disabled state
[ 1717.868049][   T30] audit: type=1326 audit(1765630649.367:2076): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25619 comm="syz.0.5129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=79 compat=0 ip=0x7f778098f749 code=0x7ffc0000
[ 1717.913000][T25628] veth0_to_bridge: entered allmulticast mode
[ 1717.954825][T25628] veth0_to_bridge: entered promiscuous mode
[ 1717.974877][   T30] audit: type=1326 audit(1765630649.367:2077): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25619 comm="syz.0.5129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f778098f749 code=0x7ffc0000
[ 1718.042192][   T30] audit: type=1326 audit(1765630649.367:2078): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25619 comm="syz.0.5129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f778098f749 code=0x7ffc0000
[ 1718.066084][T22873] usb 6-1: new full-speed USB device number 6 using dummy_hcd
[ 1718.164104][   T30] audit: type=1326 audit(1765630649.447:2079): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25619 comm="syz.0.5129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f778098f749 code=0x7ffc0000
[ 1718.202191][   T30] audit: type=1326 audit(1765630649.947:2080): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25619 comm="syz.0.5129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f778098f749 code=0x7ffc0000
[ 1718.250969][T22873] usb 6-1: New USB device found, idVendor=2040, idProduct=9301, bcdDevice=5b.81
[ 1718.274702][T22873] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1718.565885][T25636] vlan2: entered promiscuous mode
[ 1718.635597][   T30] audit: type=1326 audit(1765630649.947:2081): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25619 comm="syz.0.5129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f778098f749 code=0x7ffc0000
[ 1718.687678][T22873] usb 6-1: config 0 descriptor??
[ 1718.708843][T22873] dvb-usb: found a 'Hauppauge WinTV-NOVA-T usb2' in warm state.
[ 1718.717519][T22873] dvb-usb: bulk message failed: -22 (3/0)
[ 1718.760053][T22873] dvb-usb: will use the device's hardware PID filter (table count: 32).
[ 1718.785199][T22873] dvbdev: DVB: registering new adapter (Hauppauge WinTV-NOVA-T usb2)
[ 1718.802742][T22873] usb 6-1: media controller created
[ 1718.813776][T22873] dvb-usb: bulk message failed: -22 (5/0)
[ 1718.830493][T22873] dvb-usb: MAC address reading failed.
[ 1718.849291][T22873] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1718.892287][T22873] dvb-usb: bulk message failed: -22 (6/0)
[ 1718.922440][T22873] dvb-usb: bulk message failed: -22 (6/0)
[ 1718.927364][T25625] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1718.953245][T22873] dvb-usb: no frontend was attached by 'Hauppauge WinTV-NOVA-T usb2'
[ 1718.973721][T25625] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1718.987575][T22873] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.5/usb6/6-1/input/input30
[ 1719.012316][T22873] dvb-usb: schedule remote query interval to 100 msecs.
[ 1719.048220][T22873] dvb-usb: Hauppauge WinTV-NOVA-T usb2 successfully initialized and connected.
[ 1719.193300][T22873] usb 6-1: USB disconnect, device number 6
[ 1719.669020][T25652] vlan0: entered promiscuous mode
[ 1719.966015][T22873] dvb-usb: Hauppauge WinTV-NOVA-T usb2 successfully deinitialized and disconnected.
[ 1720.743497][T25668] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5140'.
[ 1722.005825][T25681] netlink: 'syz.5.5144': attribute type 11 has an invalid length.
[ 1722.081935][T25681] netlink: 199788 bytes leftover after parsing attributes in process `syz.5.5144'.
[ 1723.644172][T25703] kvm: kvm [25697]: vcpu0, guest rIP: 0x5408d Unhandled WRMSR(0x4000006e) = 0x0
[ 1724.883783][T25711] Process accounting resumed
[ 1725.917372][T25741] syz_tun: entered allmulticast mode
[ 1725.924799][T25740] syz_tun: left allmulticast mode
[ 1726.674409][   T30] audit: type=1400 audit(1765630658.757:2082): avc:  denied  { getopt } for  pid=25746 comm="syz.4.5159" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[ 1726.694851][   T30] audit: type=1400 audit(1765630658.757:2083): avc:  denied  { ioctl } for  pid=25746 comm="syz.4.5159" path="socket:[101101]" dev="sockfs" ino=101101 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[ 1729.757789][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[ 1729.764197][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[ 1729.845557][   T30] audit: type=1400 audit(1765630661.927:2084): avc:  denied  { ioctl } for  pid=25794 comm="syz.0.5171" path="socket:[101231]" dev="sockfs" ino=101231 ioctlcmd=0x8922 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[ 1731.027031][T25820] genirq: Flags mismatch irq 4. 00200000 (pcl812) vs. 00200080 (ttyS0)
[ 1733.106386][T25853] 9pnet_fd: Insufficient options for proto=fd
[ 1734.160005][T25858] FAULT_INJECTION: forcing a failure.
[ 1734.160005][T25858] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1734.294134][T25858] CPU: 0 UID: 0 PID: 25858 Comm: syz.5.5187 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1734.294161][T25858] Tainted: [L]=SOFTLOCKUP
[ 1734.294167][T25858] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1734.294176][T25858] Call Trace:
[ 1734.294182][T25858]  <TASK>
[ 1734.294189][T25858]  dump_stack_lvl+0x16c/0x1f0
[ 1734.294212][T25858]  should_fail_ex+0x512/0x640
[ 1734.294237][T25858]  _copy_from_user+0x2e/0xd0
[ 1734.294258][T25858]  video_usercopy+0xee2/0x16c0
[ 1734.294276][T25858]  ? __pfx___video_do_ioctl+0x10/0x10
[ 1734.294300][T25858]  ? selinux_kernel_read_file+0x50/0x120
[ 1734.294319][T25858]  ? __pfx_video_usercopy+0x10/0x10
[ 1734.294351][T25858]  v4l2_ioctl+0x1bd/0x250
[ 1734.294373][T25858]  ? __pfx_v4l2_ioctl+0x10/0x10
[ 1734.294397][T25858]  __x64_sys_ioctl+0x18e/0x210
[ 1734.294418][T25858]  do_syscall_64+0xcd/0xf80
[ 1734.294437][T25858]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1734.294454][T25858] RIP: 0033:0x7f631c58f749
[ 1734.294468][T25858] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1734.294484][T25858] RSP: 002b:00007f631d35d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1734.294501][T25858] RAX: ffffffffffffffda RBX: 00007f631c7e5fa0 RCX: 00007f631c58f749
[ 1734.294512][T25858] RDX: 0000200000000140 RSI: 00000000c100565c RDI: 0000000000000003
[ 1734.294522][T25858] RBP: 00007f631d35d090 R08: 0000000000000000 R09: 0000000000000000
[ 1734.294532][T25858] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1734.294542][T25858] R13: 00007f631c7e6038 R14: 00007f631c7e5fa0 R15: 00007ffd8315e3e8
[ 1734.294566][T25858]  </TASK>
[ 1735.174098][T22203] Bluetooth: hci4: unknown advertising packet type: 0xff
[ 1735.174125][T22203] Bluetooth: hci4: unknown advertising packet type: 0xfa
[ 1735.181520][T22203] Bluetooth: hci4: unknown advertising packet type: 0x09
[ 1735.188893][T22203] Bluetooth: hci4: unknown advertising packet type: 0x05
[ 1735.196484][T22203] Bluetooth: hci4: Malformed LE Event: 0x02
[ 1736.545453][T25885] FAULT_INJECTION: forcing a failure.
[ 1736.545453][T25885] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1736.562937][T25885] CPU: 0 UID: 0 PID: 25885 Comm: syz.4.5196 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1736.562962][T25885] Tainted: [L]=SOFTLOCKUP
[ 1736.562966][T25885] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1736.562972][T25885] Call Trace:
[ 1736.562976][T25885]  <TASK>
[ 1736.562980][T25885]  dump_stack_lvl+0x16c/0x1f0
[ 1736.562996][T25885]  should_fail_ex+0x512/0x640
[ 1736.563012][T25885]  _copy_from_iter+0x2a4/0x16c0
[ 1736.563027][T25885]  ? __alloc_skb+0x220/0x410
[ 1736.563040][T25885]  ? __alloc_skb+0x35d/0x410
[ 1736.563053][T25885]  ? __pfx__copy_from_iter+0x10/0x10
[ 1736.563066][T25885]  ? selinux_socket_getpeersec_dgram+0x1a4/0x370
[ 1736.563083][T25885]  ? __pfx_selinux_socket_getpeersec_dgram+0x10/0x10
[ 1736.563106][T25885]  netlink_sendmsg+0x820/0xdd0
[ 1736.563119][T25885]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1736.563134][T25885]  ____sys_sendmsg+0xa5d/0xc30
[ 1736.563146][T25885]  ? copy_msghdr_from_user+0x10a/0x160
[ 1736.563161][T25885]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1736.563178][T25885]  ___sys_sendmsg+0x134/0x1d0
[ 1736.563193][T25885]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1736.563223][T25885]  __sys_sendmsg+0x16d/0x220
[ 1736.563238][T25885]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1736.563261][T25885]  do_syscall_64+0xcd/0xf80
[ 1736.563272][T25885]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1736.563288][T25885] RIP: 0033:0x7fe4ed38f749
[ 1736.563297][T25885] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1736.563307][T25885] RSP: 002b:00007fe4ee304038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1736.563318][T25885] RAX: ffffffffffffffda RBX: 00007fe4ed5e5fa0 RCX: 00007fe4ed38f749
[ 1736.563325][T25885] RDX: 0000000000000000 RSI: 0000200000000540 RDI: 0000000000000003
[ 1736.563331][T25885] RBP: 00007fe4ee304090 R08: 0000000000000000 R09: 0000000000000000
[ 1736.563337][T25885] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1736.563343][T25885] R13: 00007fe4ed5e6038 R14: 00007fe4ed5e5fa0 R15: 00007fff23995c68
[ 1736.563356][T25885]  </TASK>
[ 1738.299799][T25901] vlan4: entered promiscuous mode
[ 1740.143329][T25908] netlink: 666 bytes leftover after parsing attributes in process `syz.3.5202'.
[ 1740.315435][ T9279] kernel read not supported for file /snd/controlC0 (pid: 9279 comm: kworker/1:13)
[ 1740.544134][ T9279] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[ 1741.084311][ T9279] usb 6-1: Using ep0 maxpacket: 16
[ 1741.138462][ T9279] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[ 1741.253574][ T9279] usb 6-1: config 0 has no interface number 0
[ 1741.301368][ T9279] usb 6-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[ 1741.386850][ T9279] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1741.457354][ T9279] usb 6-1: Product: syz
[ 1741.507053][ T9279] usb 6-1: Manufacturer: syz
[ 1741.550035][ T9279] usb 6-1: SerialNumber: syz
[ 1741.644072][ T9279] usb 6-1: config 0 descriptor??
[ 1741.735431][ T9279] gspca_main: spca1528-2.14.0 probing 04fc:1528
[ 1742.375111][T25938] vlan2: entered promiscuous mode
[ 1742.988127][ T9279] gspca_spca1528: reg_w err -71
[ 1742.993896][ T9279] spca1528 6-1:0.1: probe with driver spca1528 failed with error -71
[ 1743.250959][ T9279] usb 6-1: USB disconnect, device number 7
[ 1743.835213][T25767] Process accounting resumed
[ 1745.861954][T25959] netlink: 44 bytes leftover after parsing attributes in process `syz.3.5217'.
[ 1747.522016][T25984] Process accounting resumed
[ 1747.824284][T25991] gre1: entered promiscuous mode
[ 1747.829284][T25991] gre1: entered allmulticast mode
[ 1749.033341][T26001] gre3: entered promiscuous mode
[ 1749.038465][T26001] gre3: entered allmulticast mode
[ 1749.449557][T26003] gre1: entered promiscuous mode
[ 1749.455124][T26003] gre1: entered allmulticast mode
[ 1749.576334][T26010] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5223'.
[ 1750.504781][T26010] netlink: 32 bytes leftover after parsing attributes in process `syz.0.5223'.
[ 1750.622081][T26018] FAULT_INJECTION: forcing a failure.
[ 1750.622081][T26018] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1750.782527][T26018] CPU: 0 UID: 0 PID: 26018 Comm: syz.4.5229 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1750.782547][T26018] Tainted: [L]=SOFTLOCKUP
[ 1750.782551][T26018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1750.782557][T26018] Call Trace:
[ 1750.782562][T26018]  <TASK>
[ 1750.782566][T26018]  dump_stack_lvl+0x16c/0x1f0
[ 1750.782582][T26018]  should_fail_ex+0x512/0x640
[ 1750.782598][T26018]  _copy_from_user+0x2e/0xd0
[ 1750.782612][T26018]  kvm_clear_dirty_log_protect+0x464/0x910
[ 1750.782633][T26018]  kvm_vm_ioctl+0x1ae0/0x4090
[ 1750.782651][T26018]  ? __pfx_kvm_vm_ioctl+0x10/0x10
[ 1750.782672][T26018]  ? kasan_quarantine_put+0x10a/0x240
[ 1750.782685][T26018]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1750.782700][T26018]  ? find_held_lock+0x2b/0x80
[ 1750.782717][T26018]  ? tomoyo_path_number_perm+0x295/0x580
[ 1750.782730][T26018]  ? tomoyo_path_number_perm+0x18d/0x580
[ 1750.782741][T26018]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1750.782759][T26018]  ? find_held_lock+0x2b/0x80
[ 1750.782776][T26018]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1750.782790][T26018]  ? do_vfs_ioctl+0x128/0x14f0
[ 1750.782802][T26018]  ? __pfx_do_vfs_ioctl+0x10/0x10
[ 1750.782814][T26018]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[ 1750.782830][T26018]  ? hook_file_ioctl_common+0x144/0x410
[ 1750.782848][T26018]  ? selinux_file_ioctl+0x180/0x270
[ 1750.782858][T26018]  ? selinux_file_ioctl+0xb4/0x270
[ 1750.782870][T26018]  ? __pfx_kvm_vm_ioctl+0x10/0x10
[ 1750.782884][T26018]  __x64_sys_ioctl+0x18e/0x210
[ 1750.782897][T26018]  do_syscall_64+0xcd/0xf80
[ 1750.782908][T26018]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1750.782919][T26018] RIP: 0033:0x7fe4ed38f749
[ 1750.782928][T26018] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1750.782938][T26018] RSP: 002b:00007fe4ee304038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1750.782948][T26018] RAX: ffffffffffffffda RBX: 00007fe4ed5e5fa0 RCX: 00007fe4ed38f749
[ 1750.782955][T26018] RDX: 0000200000000180 RSI: 00000000c018aec0 RDI: 0000000000000004
[ 1750.782961][T26018] RBP: 00007fe4ee304090 R08: 0000000000000000 R09: 0000000000000000
[ 1750.782968][T26018] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1750.782974][T26018] R13: 00007fe4ed5e6038 R14: 00007fe4ed5e5fa0 R15: 00007fff23995c68
[ 1750.782988][T26018]  </TASK>
[ 1752.285893][   T30] audit: type=1400 audit(1765630684.347:2085): avc:  denied  { connect } for  pid=26036 comm="syz.0.5233" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[ 1753.509689][T26043] Process accounting resumed
[ 1753.901829][T26052] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1754.249005][T26048] tipc: Resetting bearer <eth:syzkaller0>
[ 1754.320380][T26046] tipc: Disabling bearer <eth:syzkaller0>
[ 1754.364496][   T30] audit: type=1400 audit(1765630686.447:2086): avc:  denied  { read } for  pid=26056 comm="syz.0.5239" path="socket:[103651]" dev="sockfs" ino=103651 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[ 1754.664179][T26060] ip6gretap0: entered promiscuous mode
[ 1754.670397][T26060] vlan2: entered promiscuous mode
[ 1755.195814][T19883] usb 5-1: new high-speed USB device number 47 using dummy_hcd
[ 1755.481929][T19883] usb 5-1: Using ep0 maxpacket: 16
[ 1755.496568][T19883] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[ 1755.510133][T19883] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1755.538223][T19883] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[ 1755.548783][T19883] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1755.559704][T19883] usb 5-1: Product: syz
[ 1755.566749][T19883] usb 5-1: Manufacturer: syz
[ 1755.571998][T19883] usb 5-1: SerialNumber: syz
[ 1755.622467][T19883] usb 5-1: config 0 descriptor??
[ 1755.655501][T19883] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[ 1755.666891][T19883] em28xx 5-1:0.0: Audio interface 0 found (Vendor Class)
[ 1756.292318][T26081] gre1: entered promiscuous mode
[ 1756.297563][T26081] gre1: entered allmulticast mode
[ 1756.381388][T26063] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1756.523441][T26063] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1756.578606][T19883] em28xx 5-1:0.0: unknown em28xx chip ID (0)
[ 1757.871075][T19883] em28xx 5-1:0.0: Config register raw data: 0xfffffffb
[ 1757.944860][T26092] Process accounting resumed
[ 1758.054415][T19883] em28xx 5-1:0.0: AC97 chip type couldn't be determined
[ 1758.061390][T19883] em28xx 5-1:0.0: No AC97 audio processor
[ 1758.087262][T19883] usb 5-1: USB disconnect, device number 47
[ 1758.094381][T19883] em28xx 5-1:0.0: Disconnecting em28xx
[ 1758.116540][T19883] em28xx 5-1:0.0: Freeing device
[ 1758.874297][T18051] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[ 1759.006136][T26109] No source specified
[ 1759.024208][T18051] usb 6-1: device descriptor read/64, error -71
[ 1759.366622][T26118] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5256'.
[ 1759.444035][T18051] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[ 1759.564043][ T9279] usb 5-1: new high-speed USB device number 48 using dummy_hcd
[ 1759.574307][T18051] usb 6-1: device descriptor read/64, error -71
[ 1759.694435][T18051] usb usb6-port1: attempt power cycle
[ 1759.753564][ T9279] usb 5-1: config index 0 descriptor too short (expected 39, got 27)
[ 1759.763097][ T9279] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[ 1759.782433][ T9279] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1759.837345][ T9279] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[ 1759.856266][ T9279] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[ 1759.874781][ T9279] usb 5-1: Product: syz
[ 1759.883518][ T9279] usb 5-1: Manufacturer: syz
[ 1759.893330][ T9279] usb 5-1: SerialNumber: syz
[ 1759.907119][ T9279] usb 5-1: config 0 descriptor??
[ 1759.926697][ T9279] hub 5-1:0.0: bad descriptor, ignoring hub
[ 1759.939423][ T9279] hub 5-1:0.0: probe with driver hub failed with error -5
[ 1759.964932][ T9279] usb 5-1: selecting invalid altsetting 0
[ 1760.044920][T18051] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[ 1760.086303][T18051] usb 6-1: device descriptor read/8, error -71
[ 1760.402202][T18051] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[ 1760.434530][T18051] usb 6-1: device descriptor read/8, error -71
[ 1760.866946][T18051] usb usb6-port1: unable to enumerate USB device
[ 1760.957395][T26116] usb 5-1: reset high-speed USB device number 48 using dummy_hcd
[ 1761.145405][T26132] gre1: entered promiscuous mode
[ 1761.150473][T26132] gre1: entered allmulticast mode
[ 1761.279236][T26116] usb 5-1: device firmware changed
[ 1761.309607][ T9279] usb 5-1: USB disconnect, device number 48
[ 1761.353006][T26135] xt_TPROXY: Can be used only with -p tcp or -p udp
[ 1761.534470][ T9279] usb 5-1: new high-speed USB device number 49 using dummy_hcd
[ 1761.864471][T26144] vlan2: entered promiscuous mode
[ 1762.205783][ T9279] usb 5-1: config index 0 descriptor too short (expected 39, got 27)
[ 1762.254094][ T9279] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[ 1762.278550][ T9279] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1762.369044][ T9279] usb 5-1: string descriptor 0 read error: -71
[ 1762.392079][ T9279] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[ 1762.542072][ T9279] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[ 1762.567570][ T9279] usb 5-1: config 0 descriptor??
[ 1762.584455][ T9279] usb 5-1: can't set config #0, error -71
[ 1762.591698][ T9279] usb 5-1: USB disconnect, device number 49
[ 1763.309150][   T30] audit: type=1400 audit(1765630695.337:2087): avc:  denied  { unmount } for  pid=14276 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:rpc_pipefs_t tclass=filesystem permissive=1
[ 1764.860489][T26202] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5273'.
[ 1770.450090][T26253] batman_adv: batadv0: Adding interface: vlan2
[ 1770.469784][T26253] batman_adv: batadv0: The MTU of interface vlan2 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1770.554102][T26253] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1770.564905][T26253] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1770.575589][T26253] batman_adv: batadv0: Not using interface vlan2 (retrying later): interface not active
[ 1772.441442][T26286] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5287'.
[ 1774.653147][T26304] 9pnet_fd: Insufficient options for proto=fd
[ 1774.993678][T22873] kernel read not supported for file /snd/controlC0 (pid: 22873 comm: kworker/1:3)
[ 1776.510745][T26317] vlan2: entered promiscuous mode
[ 1777.450899][T26328] vlan3: entered promiscuous mode
[ 1778.006719][T26340] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5299'.
[ 1778.114323][T26313] Bluetooth: hci0: command 0x0406 tx timeout
[ 1780.597355][T26369] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5307'.
[ 1780.854446][T26373] 9pnet_fd: Insufficient options for proto=fd
[ 1780.905290][T26372] netlink: 'syz.2.5308': attribute type 1 has an invalid length.
[ 1781.095901][T26372] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1781.116032][   T30] audit: type=1400 audit(1765630713.197:2088): avc:  denied  { lock } for  pid=26375 comm="syz.3.5309" path="socket:[104571]" dev="sockfs" ino=104571 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 1781.186639][T26380] netlink: 'syz.2.5308': attribute type 10 has an invalid length.
[ 1781.224100][T26380] netlink: 40 bytes leftover after parsing attributes in process `syz.2.5308'.
[ 1784.064515][   T30] audit: type=1400 audit(1765630716.137:2089): avc:  denied  { write } for  pid=26415 comm="syz.2.5318" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[ 1784.138358][T26425] genirq: Flags mismatch irq 4. 00200000 (pcl812) vs. 00200080 (ttyS0)
[ 1784.923849][T26436] 9pnet_fd: Insufficient options for proto=fd
[ 1787.382391][T26441] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5322'.
[ 1787.443077][T26441] netlink: 32 bytes leftover after parsing attributes in process `syz.3.5322'.
[ 1788.317605][T26485] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5328'.
[ 1788.460803][T26492] netlink: 32 bytes leftover after parsing attributes in process `syz.5.5328'.
[ 1789.244396][ T5927] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[ 1789.398950][T26506] 9pnet_fd: Insufficient options for proto=fd
[ 1789.484031][ T5927] usb 6-1: Using ep0 maxpacket: 32
[ 1789.490754][ T5927] usb 6-1: config 0 has an invalid interface number: 217 but max is 0
[ 1789.504717][ T5927] usb 6-1: config 0 has no interface number 0
[ 1789.515807][ T5927] usb 6-1: New USB device found, idVendor=0483, idProduct=3747, bcdDevice= 0.02
[ 1789.532375][ T5927] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1789.540609][ T5927] usb 6-1: Product: syz
[ 1789.547215][ T5927] usb 6-1: Manufacturer: syz
[ 1789.551885][ T5927] usb 6-1: SerialNumber: syz
[ 1789.562440][ T5927] usb 6-1: config 0 descriptor??
[ 1789.581158][ T5927] ftdi_sio 6-1:0.217: FTDI USB Serial Device converter detected
[ 1789.590600][ T5927] usb 6-1: Detected SIO
[ 1789.596978][ T5927] usb 6-1: FTDI USB Serial Device converter now attached to ttyUSB0
[ 1790.407465][T18051] usb 6-1: USB disconnect, device number 12
[ 1790.424378][T18051] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[ 1790.469305][T18051] ftdi_sio 6-1:0.217: device disconnected
[ 1791.199800][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[ 1791.206208][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[ 1791.609088][T26543] vlan2: entered promiscuous mode
[ 1793.022981][ T9781] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[ 1793.247948][ T9781] usb 6-1: Using ep0 maxpacket: 32
[ 1793.264204][ T9781] usb 6-1: config 0 has an invalid interface number: 67 but max is 0
[ 1793.272387][ T9781] usb 6-1: config 0 has no interface number 0
[ 1793.286825][ T9781] usb 6-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[ 1793.298971][ T9781] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1793.314001][ T9781] usb 6-1: Product: syz
[ 1793.487882][T26572] vlan2: entered promiscuous mode
[ 1793.780484][ T9781] usb 6-1: Manufacturer: syz
[ 1793.785906][ T9781] usb 6-1: SerialNumber: syz
[ 1793.865652][ T9781] usb 6-1: config 0 descriptor??
[ 1793.880129][ T9781] smsc95xx v2.0.0
[ 1794.369791][   T30] audit: type=1400 audit(1765630726.407:2090): avc:  denied  { execute } for  pid=26555 comm="syz.5.5348" path="/dev/sg0" dev="devtmpfs" ino=747 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[ 1795.807190][T26579] vlan2: entered promiscuous mode
[ 1796.381347][T26583] vlan0: entered promiscuous mode
[ 1797.176945][ T9781] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -71
[ 1797.224376][ T9781] smsc95xx 6-1:0.67: probe with driver smsc95xx failed with error -71
[ 1797.284255][ T9781] usb 6-1: USB disconnect, device number 13
[ 1799.153617][T26622] vlan4: entered promiscuous mode
[ 1799.903616][T26627] 9pnet_fd: Insufficient options for proto=fd
[ 1800.365146][T26645] FAULT_INJECTION: forcing a failure.
[ 1800.365146][T26645] name failslab, interval 1, probability 0, space 0, times 0
[ 1800.377920][T26645] CPU: 0 UID: 0 PID: 26645 Comm: syz.0.5369 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1800.377944][T26645] Tainted: [L]=SOFTLOCKUP
[ 1800.377950][T26645] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1800.377958][T26645] Call Trace:
[ 1800.377964][T26645]  <TASK>
[ 1800.377970][T26645]  dump_stack_lvl+0x16c/0x1f0
[ 1800.377991][T26645]  should_fail_ex+0x512/0x640
[ 1800.378010][T26645]  ? __kmalloc_noprof+0xca/0x910
[ 1800.378035][T26645]  should_failslab+0xc2/0x120
[ 1800.378056][T26645]  __kmalloc_noprof+0xeb/0x910
[ 1800.378079][T26645]  ? copy_splice_read+0x1a8/0xc20
[ 1800.378104][T26645]  ? copy_splice_read+0x1a8/0xc20
[ 1800.378125][T26645]  copy_splice_read+0x1a8/0xc20
[ 1800.378150][T26645]  ? __pfx_copy_splice_read+0x10/0x10
[ 1800.378173][T26645]  ? look_up_lock_class+0x59/0x130
[ 1800.378194][T26645]  ? lockdep_init_map_type+0x5c/0x270
[ 1800.378215][T26645]  ? __pfx_pipe_lock_cmp_fn+0x10/0x10
[ 1800.378236][T26645]  ? __pfx_copy_splice_read+0x10/0x10
[ 1800.378256][T26645]  do_splice_read+0x285/0x370
[ 1800.378281][T26645]  splice_direct_to_actor+0x2a1/0xa30
[ 1800.378305][T26645]  ? __pfx_direct_splice_actor+0x10/0x10
[ 1800.378334][T26645]  ? __pfx_splice_direct_to_actor+0x10/0x10
[ 1800.378361][T26645]  do_splice_direct+0x174/0x240
[ 1800.378385][T26645]  ? __pfx_do_splice_direct+0x10/0x10
[ 1800.378408][T26645]  ? __pfx_direct_file_splice_eof+0x10/0x10
[ 1800.378435][T26645]  ? rw_verify_area+0xcf/0x6c0
[ 1800.378455][T26645]  do_sendfile+0xb06/0xe50
[ 1800.378480][T26645]  ? __pfx_do_sendfile+0x10/0x10
[ 1800.378509][T26645]  __x64_sys_sendfile64+0x154/0x220
[ 1800.378534][T26645]  ? __pfx___x64_sys_sendfile64+0x10/0x10
[ 1800.378567][T26645]  do_syscall_64+0xcd/0xf80
[ 1800.378586][T26645]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1800.378603][T26645] RIP: 0033:0x7f778098f749
[ 1800.378618][T26645] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1800.378633][T26645] RSP: 002b:00007f778181a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 1800.378650][T26645] RAX: ffffffffffffffda RBX: 00007f7780be6090 RCX: 00007f778098f749
[ 1800.378661][T26645] RDX: 0000200000002080 RSI: 0000000000000005 RDI: 0000000000000006
[ 1800.378670][T26645] RBP: 00007f778181a090 R08: 0000000000000000 R09: 0000000000000000
[ 1800.378681][T26645] R10: 000000000000021c R11: 0000000000000246 R12: 0000000000000001
[ 1800.378691][T26645] R13: 00007f7780be6128 R14: 00007f7780be6090 R15: 00007fff3b33f1c8
[ 1800.378714][T26645]  </TASK>
[ 1802.549506][T26666] netlink: 56 bytes leftover after parsing attributes in process `syz.3.5373'.
[ 1802.678399][T22873] usb 5-1: new high-speed USB device number 50 using dummy_hcd
[ 1802.866314][T22873] usb 5-1: Using ep0 maxpacket: 8
[ 1802.882851][T22873] usb 5-1: config 179 has an invalid interface number: 65 but max is 0
[ 1802.894316][T22873] usb 5-1: config 179 has no interface number 0
[ 1802.900605][T22873] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9
[ 1802.968207][T22873] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024
[ 1803.135983][T22873] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 52, changing to 9
[ 1803.261730][T22873] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid maxpacket 8241, setting to 1024
[ 1803.324478][T22873] usb 5-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1803.364271][T22873] usb 5-1: config 179 interface 65 has no altsetting 0
[ 1803.384881][T22873] usb 5-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[ 1803.410917][T22873] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1803.460356][T22873] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:179.65/input/input31
[ 1803.634339][ T5175] input input31: unable to receive magic message: -110
[ 1803.747717][T26683] vlan2: entered promiscuous mode
[ 1804.191904][ T5175] input input31: unable to receive magic message: -32
[ 1804.223340][ T5175] input input31: unable to receive magic message: -32
[ 1804.433247][T25044] input input31: unable to receive magic message: -32
[ 1804.469861][   T30] audit: type=1400 audit(1765630736.537:2091): avc:  denied  { mount } for  pid=26680 comm="syz.2.5380" name="/" dev="hugetlbfs" ino=106378 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1
[ 1804.494678][ T5898] libceph: connect (1)[c::]:6789 error -101
[ 1804.875696][ T5898] libceph: mon0 (1)[c::]:6789 connect error
[ 1804.881693][T26681] ceph: No mds server is up or the cluster is laggy
[ 1805.318431][T22873] usb 5-1: USB disconnect, device number 50
[ 1805.324537][    C1] xpad 5-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[ 1805.399368][ T5898] libceph: connect (1)[c::]:6789 error -101
[ 1805.405618][ T5898] libceph: mon0 (1)[c::]:6789 connect error
[ 1805.774477][T26675] syz.0.5378 (26675): drop_caches: 2
[ 1807.005413][T26720] netlink: 460 bytes leftover after parsing attributes in process `syz.5.5388'.
[ 1807.251994][T26718] 9pnet_fd: Insufficient options for proto=fd
[ 1808.078589][T26740] C: renamed from team_slave_0 (while UP)
[ 1808.130528][T26740] netlink: 164 bytes leftover after parsing attributes in process `syz.5.5394'.
[ 1808.274072][ T6374] usb 5-1: new high-speed USB device number 51 using dummy_hcd
[ 1808.283506][T26749] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5390'.
[ 1808.456208][T26734] netlink: 32 bytes leftover after parsing attributes in process `syz.3.5390'.
[ 1808.538179][ T6374] usb 5-1: Using ep0 maxpacket: 16
[ 1808.554181][ T5865] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[ 1808.555866][ T6374] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1808.593812][ T6374] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1808.618420][ T6374] usb 5-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00
[ 1809.164108][ T6374] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1809.183557][ T6374] usb 5-1: config 0 descriptor??
[ 1809.195325][ T5865] usb 6-1: Using ep0 maxpacket: 16
[ 1809.212708][ T5865] usb 6-1: unable to get BOS descriptor or descriptor too short
[ 1809.242279][ T5865] usb 6-1: config 1 has an invalid interface number: 35 but max is 0
[ 1809.271358][ T5865] usb 6-1: config 1 has no interface number 0
[ 1809.290578][ T5865] usb 6-1: config 1 interface 35 has no altsetting 0
[ 1809.316135][ T5865] usb 6-1: New USB device found, idVendor=0abf, idProduct=3370, bcdDevice=fd.15
[ 1809.338003][ T5865] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1809.386888][ T5865] usb 6-1: Product: syz
[ 1809.391077][ T5865] usb 6-1: Manufacturer: syz
[ 1809.404446][ T5865] usb 6-1: SerialNumber: syz
[ 1809.599617][ T6374] usbhid 5-1:0.0: can't add hid device: -71
[ 1809.624069][ T6374] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[ 1809.629941][T26750] sch_tbf: burst 1821 is lower than device lo mtu (65550) !
[ 1809.644693][ T6374] usb 5-1: USB disconnect, device number 51
[ 1809.734091][T26755] netlink: 12 bytes leftover after parsing attributes in process `syz.5.5395'.
[ 1811.319888][ T5865] usb 6-1: USB disconnect, device number 14
[ 1811.907055][T26798] 9pnet_fd: Insufficient options for proto=fd
[ 1813.113010][T26804] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1813.144639][T22203] Bluetooth: hci2: unexpected event 0x03 length: 1 < 11
[ 1814.334333][ T9781] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[ 1814.504255][ T9781] usb 1-1: Using ep0 maxpacket: 8
[ 1814.509510][ T5927] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[ 1814.518707][ T9781] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[ 1814.534677][ T9781] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1814.557231][ T9781] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1814.607888][ T9781] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1814.635740][ T9781] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1814.680432][ T9781] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1814.767787][ T9781] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1814.788198][ T5927] usb 6-1: config 0 has no interfaces?
[ 1814.930844][T26828] 9pnet_fd: Insufficient options for proto=fd
[ 1815.225807][ T5927] usb 6-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[ 1815.260780][ T5927] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1815.308360][ T5927] usb 6-1: Product: syz
[ 1815.323344][ T5927] usb 6-1: Manufacturer: syz
[ 1815.354441][ T5927] usb 6-1: SerialNumber: syz
[ 1815.371601][ T5927] usb 6-1: config 0 descriptor??
[ 1815.554582][ T9781] usb 1-1: GET_CAPABILITIES returned 0
[ 1815.560111][ T9781] usbtmc 1-1:16.0: can't read capabilities
[ 1815.817456][ T9781] usb 6-1: USB disconnect, device number 15
[ 1815.880243][ T5927] usb 1-1: USB disconnect, device number 12
[ 1816.199337][T26843] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5413'.
[ 1816.254868][T26836] netlink: 32 bytes leftover after parsing attributes in process `syz.3.5413'.
[ 1816.790148][   T30] audit: type=1400 audit(1765630747.835:2092): avc:  denied  { read } for  pid=26856 comm="syz.5.5418" dev="nsfs" ino=4026533319 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 1817.049104][   T30] audit: type=1400 audit(1765630747.835:2093): avc:  denied  { open } for  pid=26856 comm="syz.5.5418" path="net:[4026533319]" dev="nsfs" ino=4026533319 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 1817.367123][T24728] udevd[24728]: inotify_add_watch(7, /dev/nbd137, 10) failed: No such file or directory
[ 1817.797506][T26877] FAULT_INJECTION: forcing a failure.
[ 1817.797506][T26877] name failslab, interval 1, probability 0, space 0, times 0
[ 1817.811322][T26877] CPU: 1 UID: 0 PID: 26877 Comm: syz.4.5420 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1817.811351][T26877] Tainted: [L]=SOFTLOCKUP
[ 1817.811358][T26877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1817.811368][T26877] Call Trace:
[ 1817.811374][T26877]  <TASK>
[ 1817.811381][T26877]  dump_stack_lvl+0x16c/0x1f0
[ 1817.811404][T26877]  should_fail_ex+0x512/0x640
[ 1817.811431][T26877]  should_failslab+0xc2/0x120
[ 1817.811454][T26877]  kmem_cache_alloc_noprof+0x83/0x770
[ 1817.811471][T26877]  ? dst_alloc+0x99/0x1a0
[ 1817.811496][T26877]  ? dst_alloc+0x99/0x1a0
[ 1817.811513][T26877]  dst_alloc+0x99/0x1a0
[ 1817.811531][T26877]  rt_dst_alloc+0x35/0x3a0
[ 1817.811548][T26877]  ip_route_output_key_hash_rcu+0x87a/0x28e0
[ 1817.811572][T26877]  ip_route_output_key_hash+0x10f/0x2b0
[ 1817.811591][T26877]  ? __pfx_ip_route_output_key_hash+0x10/0x10
[ 1817.811614][T26877]  ? __xfrm4_dst_lookup+0x416/0x600
[ 1817.811634][T26877]  __xfrm4_dst_lookup+0x322/0x600
[ 1817.811651][T26877]  xfrm4_get_saddr+0x90/0x140
[ 1817.811666][T26877]  ? __pfx_xfrm4_get_saddr+0x10/0x10
[ 1817.811691][T26877]  xfrm_resolve_and_create_bundle+0x83f/0x3710
[ 1817.811723][T26877]  ? __pfx_xfrm_resolve_and_create_bundle+0x10/0x10
[ 1817.811765][T26877]  ? dst_alloc+0xc0/0x1a0
[ 1817.811786][T26877]  ? xfrm_expand_policies.constprop.0+0x252/0x6a0
[ 1817.811807][T26877]  xfrm_lookup_with_ifid+0x2a0/0x1e40
[ 1817.811825][T26877]  ? find_held_lock+0x2b/0x80
[ 1817.811847][T26877]  ? __pfx_xfrm_lookup_with_ifid+0x10/0x10
[ 1817.811867][T26877]  ? ip_route_output_key_hash+0x143/0x2b0
[ 1817.811893][T26877]  xfrm_lookup_route+0x3b/0x200
[ 1817.811913][T26877]  ip_route_output_flow+0x11e/0x150
[ 1817.811933][T26877]  udp_sendmsg+0x1af9/0x2870
[ 1817.811950][T26877]  ? __pfx_ip_generic_getfrag+0x10/0x10
[ 1817.811966][T26877]  ? avc_has_perm_noaudit+0x100/0x3b0
[ 1817.811983][T26877]  ? __pfx_udp_sendmsg+0x10/0x10
[ 1817.811998][T26877]  ? avc_has_perm+0x144/0x1f0
[ 1817.812025][T26877]  ? sock_has_perm+0x258/0x2f0
[ 1817.812044][T26877]  ? __pfx_sock_has_perm+0x10/0x10
[ 1817.812070][T26877]  ? __import_iovec+0x1dd/0x650
[ 1817.812085][T26877]  ? __might_fault+0xe3/0x190
[ 1817.812097][T26877]  ? __might_fault+0x13b/0x190
[ 1817.812109][T26877]  ? __pfx_udp_sendmsg+0x10/0x10
[ 1817.812123][T26877]  inet_sendmsg+0x105/0x140
[ 1817.812141][T26877]  ____sys_sendmsg+0x973/0xc30
[ 1817.812158][T26877]  ? copy_msghdr_from_user+0x10a/0x160
[ 1817.812176][T26877]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1817.812192][T26877]  ? __pfx__kstrtoull+0x10/0x10
[ 1817.812216][T26877]  ___sys_sendmsg+0x134/0x1d0
[ 1817.812235][T26877]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1817.812263][T26877]  ? find_held_lock+0x2b/0x80
[ 1817.812297][T26877]  __sys_sendmmsg+0x200/0x420
[ 1817.812318][T26877]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1817.812342][T26877]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1817.812366][T26877]  ? fput+0x70/0xf0
[ 1817.812385][T26877]  ? ksys_write+0x1ac/0x250
[ 1817.812400][T26877]  ? __pfx_ksys_write+0x10/0x10
[ 1817.812419][T26877]  __x64_sys_sendmmsg+0x9c/0x100
[ 1817.812436][T26877]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1817.812451][T26877]  do_syscall_64+0xcd/0xf80
[ 1817.812465][T26877]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1817.812478][T26877] RIP: 0033:0x7fe4ed38f749
[ 1817.812490][T26877] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1817.812502][T26877] RSP: 002b:00007fe4ee2c2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1817.812515][T26877] RAX: ffffffffffffffda RBX: 00007fe4ed5e6180 RCX: 00007fe4ed38f749
[ 1817.812524][T26877] RDX: 000000000800001d RSI: 0000200000007fc0 RDI: 0000000000000005
[ 1817.812532][T26877] RBP: 00007fe4ee2c2090 R08: 0000000000000000 R09: 0000000000000000
[ 1817.812540][T26877] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1817.812547][T26877] R13: 00007fe4ed5e6218 R14: 00007fe4ed5e6180 R15: 00007fff23995c68
[ 1817.812566][T26877]  </TASK>
[ 1819.087591][T26887] 9pnet_fd: Insufficient options for proto=fd
[ 1819.703713][ T5898] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[ 1819.804636][T26896] sch_tbf: peakrate 7 is lower than or equals to rate 6829859379779001161 !
[ 1819.916320][ T5898] usb 6-1: config 0 has no interfaces?
[ 1819.932203][ T5898] usb 6-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[ 1819.942875][ T5898] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1820.085523][ T5898] usb 6-1: Product: syz
[ 1820.089808][ T5898] usb 6-1: Manufacturer: syz
[ 1820.095957][ T5898] usb 6-1: SerialNumber: syz
[ 1820.357707][ T5898] usb 6-1: config 0 descriptor??
[ 1821.145496][T26891] FAULT_INJECTION: forcing a failure.
[ 1821.145496][T26891] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1821.158705][T26891] CPU: 0 UID: 0 PID: 26891 Comm: syz.5.5423 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1821.158731][T26891] Tainted: [L]=SOFTLOCKUP
[ 1821.158737][T26891] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1821.158747][T26891] Call Trace:
[ 1821.158754][T26891]  <TASK>
[ 1821.158760][T26891]  dump_stack_lvl+0x16c/0x1f0
[ 1821.158781][T26891]  should_fail_ex+0x512/0x640
[ 1821.158806][T26891]  _copy_from_iter+0x2a4/0x16c0
[ 1821.158831][T26891]  ? __alloc_skb+0x220/0x410
[ 1821.158851][T26891]  ? __alloc_skb+0x35d/0x410
[ 1821.158872][T26891]  ? __pfx__copy_from_iter+0x10/0x10
[ 1821.158893][T26891]  ? netlink_autobind.isra.0+0x158/0x370
[ 1821.158920][T26891]  netlink_sendmsg+0x820/0xdd0
[ 1821.158940][T26891]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1821.158966][T26891]  ____sys_sendmsg+0xa5d/0xc30
[ 1821.158985][T26891]  ? copy_msghdr_from_user+0x10a/0x160
[ 1821.159010][T26891]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1821.159040][T26891]  ___sys_sendmsg+0x134/0x1d0
[ 1821.159066][T26891]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1821.159119][T26891]  __sys_sendmsg+0x16d/0x220
[ 1821.159143][T26891]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1821.159183][T26891]  do_syscall_64+0xcd/0xf80
[ 1821.159203][T26891]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1821.159220][T26891] RIP: 0033:0x7f631c58f749
[ 1821.159234][T26891] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1821.159249][T26891] RSP: 002b:00007f631a7f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1821.159265][T26891] RAX: ffffffffffffffda RBX: 00007f631c7e6090 RCX: 00007f631c58f749
[ 1821.159276][T26891] RDX: 0000000000000000 RSI: 0000200000000340 RDI: 0000000000000003
[ 1821.159286][T26891] RBP: 00007f631a7f6090 R08: 0000000000000000 R09: 0000000000000000
[ 1821.159296][T26891] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1821.159306][T26891] R13: 00007f631c7e6128 R14: 00007f631c7e6090 R15: 00007ffd8315e3e8
[ 1821.159329][T26891]  </TASK>
[ 1821.567977][ T6374] usb 6-1: USB disconnect, device number 16
[ 1822.472636][T26921] vlan0: entered promiscuous mode
[ 1823.602619][T26940] 9pnet_fd: Insufficient options for proto=fd
[ 1824.118542][T26936] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5429'.
[ 1824.514119][T26917] netlink: 32 bytes leftover after parsing attributes in process `syz.2.5429'.
[ 1826.479860][T18051] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[ 1826.649784][T18051] usb 1-1: Using ep0 maxpacket: 8
[ 1826.673408][T18051] usb 1-1: config 2 has an invalid interface number: 146 but max is 0
[ 1826.694047][T18051] usb 1-1: config 2 has an invalid descriptor of length 1, skipping remainder of the config
[ 1826.721555][T18051] usb 1-1: config 2 has no interface number 0
[ 1826.760007][T18051] usb 1-1: New USB device found, idVendor=045e, idProduct=0c5e, bcdDevice=dd.01
[ 1826.774203][T18051] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1826.792892][T18051] usb 1-1: Product: syz
[ 1826.804068][T18051] usb 1-1: Manufacturer: syz
[ 1826.811400][T18051] usb 1-1: SerialNumber: syz
[ 1826.827025][T18051] r8152-cfgselector 1-1: Unknown version 0x0000
[ 1827.048342][   T30] audit: type=1400 audit(1765630758.125:2094): avc:  denied  { audit_write } for  pid=26967 comm="syz.0.5441" capability=29  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[ 1827.213887][T26981] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5444'.
[ 1827.222958][T26981] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5444'.
[ 1827.730825][T26988] vlan4: entered promiscuous mode
[ 1828.899067][   T30] audit: type=1400 audit(1765630759.805:2095): avc:  denied  { getopt } for  pid=26994 comm="syz.4.5448" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[ 1829.341103][T18051] r8152-cfgselector 1-1: USB disconnect, device number 13
[ 1829.731687][T27008] vlan3: entered promiscuous mode
[ 1831.245984][T27025] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5453'.
[ 1831.326511][T27025] netlink: 32 bytes leftover after parsing attributes in process `syz.0.5453'.
[ 1832.485732][T27044] vlan2: entered promiscuous mode
[ 1833.026047][T27046] 9pnet_fd: Insufficient options for proto=fd
[ 1833.884011][ T5927] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[ 1834.033605][T27059] vlan0: entered allmulticast mode
[ 1834.038932][T27059] veth0_to_bond: entered allmulticast mode
[ 1834.057372][ T5927] usb 1-1: Using ep0 maxpacket: 16
[ 1834.065120][ T5927] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1834.081042][ T5927] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1834.100926][ T5927] usb 1-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00
[ 1834.121033][ T5927] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1834.266546][ T5927] usb 1-1: config 0 descriptor??
[ 1835.551937][T27084] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[ 1835.604007][   T24] usb 6-1: new full-speed USB device number 17 using dummy_hcd
[ 1835.744368][   T24] usb 6-1: device descriptor read/64, error -71
[ 1835.994235][   T24] usb 6-1: new full-speed USB device number 18 using dummy_hcd
[ 1836.154017][   T24] usb 6-1: device descriptor read/64, error -71
[ 1836.292809][T27095] 9pnet_fd: Insufficient options for proto=fd
[ 1836.494701][   T24] usb usb6-port1: attempt power cycle
[ 1836.511028][   T30] audit: type=1400 audit(1765630767.585:2096): avc:  denied  { create } for  pid=27097 comm="syz.4.5472" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1
[ 1836.854410][   T24] usb 6-1: new full-speed USB device number 19 using dummy_hcd
[ 1836.875079][   T24] usb 6-1: device descriptor read/8, error -71
[ 1837.104380][T18051] usb 5-1: new high-speed USB device number 52 using dummy_hcd
[ 1837.113993][   T24] usb 6-1: new full-speed USB device number 20 using dummy_hcd
[ 1837.128858][ T5927] usbhid 1-1:0.0: can't add hid device: -71
[ 1837.142279][   T24] usb 6-1: device descriptor read/8, error -71
[ 1837.156945][ T5927] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[ 1837.217651][ T5927] usb 1-1: USB disconnect, device number 14
[ 1837.252521][T18051] usb 5-1: device descriptor read/64, error -71
[ 1837.267296][   T24] usb usb6-port1: unable to enumerate USB device
[ 1837.524020][T18051] usb 5-1: new high-speed USB device number 53 using dummy_hcd
[ 1837.664505][T27116] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=27116 comm=syz.0.5476
[ 1837.677118][T18051] usb 5-1: device descriptor read/64, error -71
[ 1838.093728][T18051] usb usb5-port1: attempt power cycle
[ 1838.434148][ T5898] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[ 1838.456823][T18051] usb 5-1: new high-speed USB device number 54 using dummy_hcd
[ 1838.570213][   T24] usb 6-1: new high-speed USB device number 21 using dummy_hcd
[ 1838.604423][T18051] usb 5-1: device descriptor read/8, error -71
[ 1838.854068][T18051] usb 5-1: new high-speed USB device number 55 using dummy_hcd
[ 1838.995155][ T5898] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1839.007317][ T5898] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1839.018569][ T5898] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1839.028641][ T5898] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1839.114679][T18051] usb 5-1: device descriptor read/8, error -71
[ 1839.136442][   T24] usb 6-1: New USB device found, idVendor=0856, idProduct=ac31, bcdDevice=93.1e
[ 1839.154409][ T5898] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1839.156392][   T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1839.172114][   T24] usb 6-1: Product: syz
[ 1839.180206][ T5898] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1839.180775][   T24] usb 6-1: Manufacturer: syz
[ 1839.194775][ T5898] usb 1-1: config 0 descriptor??
[ 1839.303661][T18051] usb usb5-port1: unable to enumerate USB device
[ 1839.393503][T27137] 9pnet_fd: Insufficient options for proto=fd
[ 1839.476789][   T24] usb 6-1: SerialNumber: syz
[ 1839.483620][   T24] usb 6-1: config 0 descriptor??
[ 1839.859235][ T5898] plantronics 0003:047F:FFFF.0024: ignoring exceeding usage max
[ 1839.921675][   T30] audit: type=1400 audit(1765630770.995:2097): avc:  denied  { write } for  pid=27144 comm="syz.4.5485" name="nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[ 1839.965280][ T5898] plantronics 0003:047F:FFFF.0024: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[ 1840.036256][T27145] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=27145 comm=syz.4.5485
[ 1840.065495][T27153] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1840.101461][T27141] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1840.104197][T27153] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1840.122573][T27141] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1840.238189][T27128] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1840.321855][T27128] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1840.618533][T27128] veth1_vlan: left promiscuous mode
[ 1841.117516][   T24] mos7840 6-1:0.0: required endpoints missing
[ 1841.429714][   T24] usb 6-1: USB disconnect, device number 21
[ 1841.498859][ T5927] usb 1-1: USB disconnect, device number 15
[ 1842.541404][T27180] 9pnet_fd: Insufficient options for proto=fd
[ 1843.325311][T27191] gre1: entered promiscuous mode
[ 1843.330277][T27191] gre1: entered allmulticast mode
[ 1844.007199][T27195] netlink: 'syz.0.5498': attribute type 2 has an invalid length.
[ 1844.015592][T27195] netlink: 'syz.0.5498': attribute type 2 has an invalid length.
[ 1844.730472][T27212] syzkaller0: entered promiscuous mode
[ 1844.743904][T27212] syzkaller0: entered allmulticast mode
[ 1844.883795][T22203] Bluetooth: unknown link type 79
[ 1844.888890][T22203] Bluetooth: hci2: connection err: -111
[ 1845.124931][T27213] tipc: Started in network mode
[ 1845.138427][T27213] tipc: Node identity e637a9d67552, cluster identity 4711
[ 1845.152251][T27213] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1845.181195][T27210] tipc: Resetting bearer <eth:syzkaller0>
[ 1845.210877][T27210] tipc: Disabling bearer <eth:syzkaller0>
[ 1845.414023][ T5927] usb 6-1: new high-speed USB device number 22 using dummy_hcd
[ 1846.104087][ T5927] usb 6-1: Using ep0 maxpacket: 16
[ 1846.116175][ T5927] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1846.139636][ T5927] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1846.154732][ T5927] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 1846.168034][ T5927] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 1846.177229][ T5927] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1846.189867][ T5927] usb 6-1: config 0 descriptor??
[ 1846.616590][ T5927] HID 045e:07da: Invalid code 65791 type 1
[ 1846.633039][T27232] 9pnet_fd: Insufficient options for proto=fd
[ 1846.640524][ T5927] input: HID 045e:07da as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:045E:07DA.0025/input/input32
[ 1846.735533][ T5927] microsoft 0003:045E:07DA.0025: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.5-1/input0
[ 1847.102397][T27239] gre1: entered promiscuous mode
[ 1847.107573][T27239] gre1: entered allmulticast mode
[ 1848.392854][ T6374] usb 6-1: reset high-speed USB device number 22 using dummy_hcd
[ 1848.887895][T18051] kernel read not supported for file /snd/controlC0 (pid: 18051 comm: kworker/1:4)
[ 1849.839614][T26313] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1849.852524][T26313] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1849.862964][T26313] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1849.871977][T26313] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1849.886542][T26313] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1850.123606][T27281] ntfs3(nullb0): Primary boot signature is not NTFS.
[ 1850.215247][T27281] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00
[ 1850.264635][   T24] usb 6-1: USB disconnect, device number 22
[ 1850.656624][T27288] netlink: 12 bytes leftover after parsing attributes in process `syz.5.5519'.
[ 1851.013480][T27293] 9pnet_fd: Insufficient options for proto=fd
[ 1851.130650][T27275] chnl_net:caif_netlink_parms(): no params data found
[ 1851.272745][T27275] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1851.291930][T27275] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1851.358548][T27275] bridge_slave_0: entered allmulticast mode
[ 1851.377603][T27275] bridge_slave_0: entered promiscuous mode
[ 1851.410864][T27275] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1851.418272][T27275] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1851.427263][T27275] bridge_slave_1: entered allmulticast mode
[ 1851.440391][T27275] bridge_slave_1: entered promiscuous mode
[ 1852.015250][T22203] Bluetooth: hci1: command tx timeout
[ 1852.307172][T27303] gre1: entered promiscuous mode
[ 1852.312135][T27303] gre1: entered allmulticast mode
[ 1852.369965][T27275] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1852.396453][T27275] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1852.625297][T27275] team0: Port device team_slave_0 added
[ 1852.648678][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[ 1852.655392][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[ 1852.686157][T27275] team0: Port device team_slave_1 added
[ 1852.921368][T27275] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1852.935958][T27275] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1853.006203][T27275] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1853.034359][ T5898] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[ 1853.050884][T27275] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1853.066534][T27275] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1853.113811][T27275] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1853.214330][ T5898] usb 1-1: Using ep0 maxpacket: 32
[ 1853.350975][T27275] hsr_slave_0: entered promiscuous mode
[ 1853.373200][ T6374] kernel read not supported for file /snd/controlC0 (pid: 6374 comm: kworker/1:11)
[ 1853.484510][T27275] hsr_slave_1: entered promiscuous mode
[ 1853.625421][T27275] debugfs: 'hsr0' already exists in 'hsr'
[ 1853.695846][T27275] Cannot create hsr debugfs directory
[ 1853.964889][ T5898] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1854.077217][T22203] Bluetooth: hci1: command tx timeout
[ 1854.349340][ T5898] usb 1-1: New USB device found, idVendor=9022, idProduct=d662, bcdDevice=b3.0e
[ 1854.358706][ T5898] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1854.369444][ T5898] usb 1-1: config 0 descriptor??
[ 1854.377904][ T5898] dvb-usb: found a 'TeVii S662' in warm state.
[ 1854.384490][ T5898] dw2102: su3000_power_ctrl: 1, initialized 0
[ 1854.390568][ T5898] dvb-usb: bulk message failed: -22 (2/0)
[ 1854.405057][ T5898] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1854.415419][ T5898] dvbdev: DVB: registering new adapter (TeVii S662)
[ 1854.422147][ T5898] usb 1-1: media controller created
[ 1854.427704][ T5898] dvb-usb: bulk message failed: -22 (6/0)
[ 1854.433521][ T5898] dw2102: i2c transfer failed.
[ 1854.438385][ T5898] dvb-usb: bulk message failed: -22 (6/0)
[ 1854.445258][ T5898] dw2102: i2c transfer failed.
[ 1854.451751][ T5898] dvb-usb: bulk message failed: -22 (6/0)
[ 1854.465232][ T5898] dw2102: i2c transfer failed.
[ 1854.471978][ T5898] dvb-usb: bulk message failed: -22 (6/0)
[ 1854.480025][ T5898] dw2102: i2c transfer failed.
[ 1854.484953][ T5898] dvb-usb: bulk message failed: -22 (6/0)
[ 1854.490676][ T5898] dw2102: i2c transfer failed.
[ 1854.495527][ T5898] dvb-usb: bulk message failed: -22 (6/0)
[ 1854.503593][ T5898] dw2102: i2c transfer failed.
[ 1854.509036][ T5898] dvb-usb: MAC address: 02:02:02:02:02:02
[ 1854.523769][ T5898] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1854.582758][ T5898] dvb-usb: bulk message failed: -22 (3/0)
[ 1854.594021][ T5898] dw2102: command 0x0e transfer failed.
[ 1854.624007][ T5898] dvb-usb: bulk message failed: -22 (3/0)
[ 1854.635786][ T5898] dw2102: command 0x0e transfer failed.
[ 1854.754971][T27331] syzkaller0: entered promiscuous mode
[ 1854.780760][T27331] syzkaller0: entered allmulticast mode
[ 1854.918608][T27331] tipc: Started in network mode
[ 1854.929050][T27331] tipc: Node identity f20d31eef9dd, cluster identity 4711
[ 1854.945101][T27331] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1854.954731][ T5898] dvb-usb: bulk message failed: -22 (3/0)
[ 1854.967313][ T5898] dw2102: command 0x0e transfer failed.
[ 1854.979831][ T5898] dvb-usb: bulk message failed: -22 (3/0)
[ 1854.991829][ T5898] dw2102: command 0x0e transfer failed.
[ 1854.994197][T27330] tipc: Resetting bearer <eth:syzkaller0>
[ 1854.997886][ T5898] dvb-usb: bulk message failed: -22 (1/0)
[ 1855.011384][ T5898] dw2102: command 0x51 transfer failed.
[ 1855.029155][ T5898] dvb-usb: bulk message failed: -22 (5/0)
[ 1855.036006][ T5898] dw2102: i2c probe for address 0x68 failed.
[ 1855.043070][ T5898] dvb-usb: bulk message failed: -22 (5/0)
[ 1855.050449][ T5898] dw2102: i2c probe for address 0x69 failed.
[ 1855.056885][ T5898] dvb-usb: bulk message failed: -22 (5/0)
[ 1855.062691][ T5898] dw2102: i2c probe for address 0x6a failed.
[ 1855.069210][T27313] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] SMP KASAN NOPTI
[ 1855.081284][T27313] KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]
[ 1855.089694][T27313] CPU: 0 UID: 0 PID: 27313 Comm: syz.0.5524 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1855.100606][T27313] Tainted: [L]=SOFTLOCKUP
[ 1855.104903][T27313] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1855.114940][T27313] RIP: 0010:su3000_i2c_transfer+0x610/0xea0
[ 1855.120811][T27313] Code: b0 ec f9 48 8d 7b 08 48 89 f8 48 c1 e8 03 42 80 3c 38 00 0f 85 81 07 00 00 48 8b 5b 08 48 89 d8 48 89 da 48 c1 e8 03 83 e2 07 <42> 0f b6 04 38 38 d0 7f 08 84 c0 0f 85 52 07 00 00 48 8b 44 24 10
[ 1855.140396][T27313] RSP: 0018:ffffc9000ca27c30 EFLAGS: 00010246
[ 1855.146437][T27313] RAX: 0000000000000002 RBX: 0000000000000010 RCX: ffffc9000e29a000
[ 1855.154412][T27313] RDX: 0000000000000000 RSI: ffffffff87d23379 RDI: ffff88805d5d92c8
[ 1855.162363][T27313] RBP: 0000000000000000 R08: 0000000000000003 R09: 0000000000001a00
[ 1855.170418][T27313] R10: 0000000000001900 R11: ffff888021bf0b30 R12: ffff8880433f8800
[ 1855.175195][   T30] audit: type=1400 audit(1765630793.263:2098): avc:  denied  { write } for  pid=5803 comm="syz-executor" path="pipe:[4067]" dev="pipefs" ino=4067 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[ 1855.178370][T27313] R13: 0000000000001900 R14: 0000000000000001 R15: dffffc0000000000
[ 1855.209398][T27313] FS:  00007f778183b6c0(0000) GS:ffff8881248fb000(0000) knlGS:0000000000000000
[ 1855.218317][T27313] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1855.224899][T27313] CR2: 00007f631c5753c0 CR3: 0000000068c32000 CR4: 00000000003526f0
[ 1855.232857][T27313] Call Trace:
[ 1855.236124][T27313]  <TASK>
[ 1855.239077][T27313]  __i2c_transfer+0x6b6/0x2100
[ 1855.243837][T27313]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1855.249041][T27313]  ? __pfx___i2c_transfer+0x10/0x10
[ 1855.254224][T27313]  ? rt_mutex_slowtrylock+0xc9/0x100
[ 1855.259496][T27313]  i2c_transfer+0x1da/0x380
[ 1855.264174][T27313]  i2cdev_ioctl_rdwr+0x373/0x710
[ 1855.269095][T27313]  i2cdev_ioctl+0x628/0x840
[ 1855.273579][T27313]  ? __pfx_i2cdev_ioctl+0x10/0x10
[ 1855.278583][T27313]  ? selinux_file_ioctl+0x180/0x270
[ 1855.283771][T27313]  ? __pfx_i2cdev_ioctl+0x10/0x10
[ 1855.288771][T27313]  __x64_sys_ioctl+0x18e/0x210
[ 1855.293515][T27313]  do_syscall_64+0xcd/0xf80
[ 1855.298000][T27313]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1855.303895][T27313] RIP: 0033:0x7f778098f749
[ 1855.308294][T27313] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1855.327877][T27313] RSP: 002b:00007f778183b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1855.336269][T27313] RAX: ffffffffffffffda RBX: 00007f7780be5fa0 RCX: 00007f778098f749
[ 1855.344219][T27313] RDX: 00002000000004c0 RSI: 0000000000000707 RDI: 0000000000000004
[ 1855.352168][T27313] RBP: 00007f7780a13f91 R08: 0000000000000000 R09: 0000000000000000
[ 1855.360118][T27313] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1855.368080][T27313] R13: 00007f7780be6038 R14: 00007f7780be5fa0 R15: 00007fff3b33f1c8
[ 1855.376045][T27313]  </TASK>
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1855.379042][T27313] Modules linked in:
[ 1855.383739][T27313] ---[ end trace 0000000000000000 ]---
[ 1855.389691][ T5898] dw2102: probing for demodulator failed. Is the external power switched on?
[ 1855.398459][ T5898] dvb-usb: no frontend was attached by 'TeVii S662'
[ 1855.422661][T27330] tipc: Disabling bearer <eth:syzkaller0>
[ 1855.444341][   T30] audit: type=1400 audit(1765630793.513:2099): avc:  denied  { read } for  pid=5172 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[ 1855.474304][   T30] audit: type=1400 audit(1765630793.513:2100): avc:  denied  { search } for  pid=5172 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 1855.498880][T27313] RIP: 0010:su3000_i2c_transfer+0x610/0xea0
[ 1855.508771][T27313] Code: b0 ec f9 48 8d 7b 08 48 89 f8 48 c1 e8 03 42 80 3c 38 00 0f 85 81 07 00 00 48 8b 5b 08 48 89 d8 48 89 da 48 c1 e8 03 83 e2 07 <42> 0f b6 04 38 38 d0 7f 08 84 c0 0f 85 52 07 00 00 48 8b 44 24 10
[ 1855.528639][   T30] audit: type=1400 audit(1765630793.513:2101): avc:  denied  { search } for  pid=5172 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 1855.550619][ T5898] rc_core: IR keymap rc-tt-1500 not found
[ 1855.556820][ T5898] Registered IR keymap rc-empty
[ 1855.572453][ T5898] rc rc0: TeVii S662 as /devices/platform/dummy_hcd.0/usb1/1-1/rc/rc0
[ 1855.590951][ T5898] input: TeVii S662 as /devices/platform/dummy_hcd.0/usb1/1-1/rc/rc0/input33
[ 1855.602361][T27313] RSP: 0018:ffffc9000ca27c30 EFLAGS: 00010246
[ 1855.614400][   T30] audit: type=1400 audit(1765630793.513:2102): avc:  denied  { add_name } for  pid=5172 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 1855.624137][T27313] RAX: 0000000000000002 RBX: 0000000000000010 RCX: ffffc9000e29a000
[ 1855.647060][ T5898] dvb-usb: schedule remote query interval to 250 msecs.
[ 1855.654294][ T5898] dw2102: su3000_power_ctrl: 0, initialized 1
[ 1855.663970][T27313] RDX: 0000000000000000 RSI: ffffffff87d23379 RDI: ffff88805d5d92c8
[ 1855.684589][T27313] RBP: 0000000000000000 R08: 0000000000000003 R09: 0000000000001a00
[ 1855.714039][ T5898] dvb-usb: TeVii S662 successfully initialized and connected.
[ 1855.749508][   T30] audit: type=1400 audit(1765630793.523:2103): avc:  denied  { create } for  pid=5172 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 1855.821567][   T30] audit: type=1400 audit(1765630793.523:2104): avc:  denied  { append open } for  pid=5172 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 1855.853990][T27313] R10: 0000000000001900 R11: ffff888021bf0b30 R12: ffff8880433f8800
[ 1855.862017][T27313] R13: 0000000000001900 R14: 0000000000000001 R15: dffffc0000000000
[ 1855.884479][T27313] FS:  00007f778183b6c0(0000) GS:ffff8881249fb000(0000) knlGS:0000000000000000
[ 1855.893462][T27313] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1855.893988][   T30] audit: type=1400 audit(1765630793.523:2105): avc:  denied  { getattr } for  pid=5172 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 1855.914160][T27313] CR2: 00007f199ad7e9c8 CR3: 0000000068c32000 CR4: 00000000003526f0
[ 1855.975747][T27313] DR0: 0000000000000001 DR1: fffffffffffffff7 DR2: 0000000000000000
[ 1855.983774][T27313] DR3: 000000000000000a DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 1856.034245][T27313] Kernel panic - not syncing: Fatal exception
[ 1856.040607][T27313] Kernel Offset: disabled
[ 1856.044916][T27313] Rebooting in 86400 seconds..