last executing test programs:

15.808592694s ago: executing program 1 (id=614):
r0 = fanotify_init(0x4, 0x101000)
fanotify_mark(r0, 0x641, 0x1019, 0xffffffffffffffff, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
fsconfig$FSCONFIG_SET_PATH(0xffffffffffffffff, 0x3, &(0x7f00000001c0)='fdinfo/3\x00', &(0x7f0000000200)='./file0\x00', 0xffffffffffffffff)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000640)='\xf0\x891\xb8R\xe6\x8d\x12\xe5\xe3+\xcd24\x01\x80\x1a\xc9A\x93\xb1@\xbf\x89K\xd0\x86\xd9\x86\x18\xc4:\xc3\xe0\xac\xed~\x97\a\xbe\xfb1d\xbe\xa1\xc1N\xd2p\xf0\xc6\xf3\x8eD\x1b\xc7q\x99?9\xf1\xe6\f\xa9\x90\xec:\x037\xe8\x0f\rX6\xf2\x88\x8d\r\xd2\xfc+\x19\x9a}\x9c\xd9\x1a\xef\xf1\x16d>ah\xa2\xa7\x02U\x06\xe1\xe1PY\x90\x17\xf0p\x01*!I\xd3$\xd00C\x88*NA\xc3\x95`\xb2\xf1\xb1\xed\x91\xe4\x87\xcf_9\x1eIpAfN\x99\xa9\v)\x98p\xea[\xc5&D\xe7\xf3\xba/\xcd\xdb\x9dz\xb2\xbf\xc6\xea?\x13(\x15\xc1\tm\xe7t,[\x14|bM\xfa\xeb\x91\xb0\xdfAR\xf3\xe2\xdf', &(0x7f00000007c0)='{\xe0e%m\"\x92\xb5\xcb\x00\x01\x0e!5\xd8\xf2\x92\x97\x86\xf9\xa8\xe7;\xdff3\x83\xb1a\xf2j\x90\x10@\x1chOK\x98\xae\xd6>\xbaN\x1d_N\xcbdIP2$\xbc\xc9\x89\xb5\n\x90-i%\xe2\x94\fH\xf1\xed\r\b\x1c\x81>\t\xc30-\xe2\xb3\xb0<m\x8ePDhx\x04\xd8\x17\xbcP\x8bl\xd5\x00\x00\x00\x00\x00\x00\xa3E\x9a_\x9b\x98#\xb2\x03\x18!V\x1b\xcbk\xf8\xd6JE4,\xdf\x96\x80j#\xf9\xd8\x13,\x89\x10\x90:l/\xb9T\x9a', 0x0)
r4 = gettid()
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
readv(r3, &(0x7f0000000e80)=[{&(0x7f0000000500)=""/232, 0xe8}], 0x1)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000880)='\xf5\xfc\xd2\xec]\x95zx8*\xa2d\x11\xb5\xb1\x01\x00\x00\x00\xe49{\x8a{\x81s\xea$\xdfg\xb1\x03DY!\x97\xadM\xd7\xff\x8a\xcd[>\x12e\xc3]d8\xba\x8ec\x00\x00\x00\x00\x00\x00\x00\xa0\xe2\xd5y\xec\x90\x00\x98Y\x91\x19\x16\x89\xd0\x1a\xad\xcd\xd6\xd0\xc6\xb9\xeb\x95\xd3\x9cl\x9cu#\xb4\xee\xe5\x9d\t\fV\xd4\xda\xfc`2?\x15P\xba\x14b\x1c\xcc\xd5\xb9jA$s\xb9g3\x15M\xd9\xb9 \xca[\xc7\xec\xa9;\xee\x01\xc9\xc4\x1f\xc3\xe4\xfa\xd3fU\x0e\x86\xc8\xa7\xaf\xaf\x04p\xa3\x8bb\xbf\\\xdb\x83\x00\x96sy\x14\x1eo\xcc9&\x946\xf9\xf5v\xee\xb5m$;\x01\xb8\xeau\x00\xd1S=\x920H\xc2z\xb5\xbe\x95\xef\xeb\xd1\xc8\xa1\xba\xach\xbef\xa8\x86\xc2\x18\x9cC\x15\x9c^\xcf\xe9\xbcp\xb4Ff\x00\x9d>p\"\x19\xd8}|~\xae\xdb\a59f\xb8?\xba\xf2\x8e\xa5y\\\xf0\fkd??-\x983\xf3\x19\xc7\xc0/\xe9\x1a\x80=\xa72)\xd2\x00'/277, &(0x7f00000002c0)='/\x00\x01\x00H\x98', 0x0)
tkill(r4, 0xb)
sched_setscheduler(0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), r2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
setrlimit(0x0, &(0x7f0000000000)={0x6, 0x7})
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
sendmsg$SEG6_CMD_SETHMAC(r2, 0x0, 0x20008014)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, &(0x7f0000000100)})
openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000001540)=ANY=[@ANYBLOB="600000000206010100000000000000000100ffff14000780080012400000800008000b400000cd200500010006000000050005000a00000005000400000000000900020073797a310000000011000300686173683a69702c6d61726b"], 0x60}, 0x1, 0x0, 0x0, 0x4044081}, 0x0)

15.6090097s ago: executing program 2 (id=617):
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = inotify_init1(0x0)
fstatfs(r0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000000000002)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000300)=@abs={0x0, 0x0, 0xb}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
openat$tcp_congestion(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_VERDICT_BATCH(r5, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x28, 0x3, 0x3, 0x201, 0x0, 0x0, {0x3, 0x0, 0x2}, [@NFQA_VERDICT_HDR={0xc, 0x2, {0xfffffffffffffffd, 0xff}}, @NFQA_MARK={0x8, 0x3, 0x1, 0x0, 0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x8c0)
syz_usb_connect$uac1(0x2, 0xdc, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902ca0003010070000904000000010100000a24010800000201020d240600"], 0x0)

12.29280199s ago: executing program 3 (id=623):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x18, 0x30, 0x1, 0x0, 0x0, {}, [{0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_usbip_server_init(0x6) (fail_nth: 1)
ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560a, &(0x7f0000000040)={0x0, 0x8, 0x0, 0x4})
ptrace$ARCH_SHSTK_STATUS(0x1e, r0, &(0x7f0000000300), 0x5005)
socket$netlink(0x10, 0x3, 0x15)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000710000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
ptrace$ARCH_SHSTK_UNLOCK(0x1e, r0, 0x0, 0x5004)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='rpc_buf_alloc\x00', r4, 0x0, 0x1}, 0x18)
shmget$private(0x0, 0x2000, 0x800, &(0x7f0000ffd000/0x2000)=nil)
r5 = syz_open_procfs(0x0, &(0x7f0000000040)='smaps\x00')
lseek(r5, 0x289e0cb5, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)

11.713130805s ago: executing program 2 (id=626):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2002, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_DIRTY_LOG_RING(r1, 0x4068aea3, &(0x7f0000000000)={0xc0, 0x0, 0x1000})
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
bind$ax25(0xffffffffffffffff, &(0x7f0000000000)={{0x3, @default, 0x1}, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null]}, 0x48)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff})
r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000000)='rxrpc_local\x00', r3}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_usb_connect(0x1, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201000009a65d0860040800dee20102030109021b05000000000009040000f678eaf50009058402"], &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x28000)
io_uring_register$IORING_REGISTER_PBUF_RING(0xffffffffffffffff, 0x1f, 0xffffffffffffffff, 0x1)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x45, &(0x7f0000000080)=0x101, 0x4)
r5 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001a00)=ANY=[], 0x10b8}, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x19)
mremap(&(0x7f0000000000/0x9000)=nil, 0xa00000, 0x600000, 0x3, &(0x7f0000a00000/0x600000)=nil)
socketpair$unix(0x1, 0x3, 0x0, 0xfffffffffffffffe)

10.473105746s ago: executing program 1 (id=629):
r0 = socket$nl_route(0x10, 0x3, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet_sctp(0x2, 0x5, 0x84)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r4 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x800)
ioctl$SNDRV_CTL_IOCTL_HWDEP_INFO(r4, 0x80dc5521, &(0x7f00000011c0)=""/4096)
bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c)
listen(r3, 0xfffffffc)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r5, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x0, 0x7}, 0x14}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
openat$dsp(0xffffffffffffff9c, &(0x7f00000001c0), 0xb0901, 0x0)
syz_usb_connect$printer(0x1, 0x2d, &(0x7f0000000cc0)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0x8, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0x2, 0x90, 0xdd, [{{0x9, 0x4, 0x0, 0x6, 0x2, 0x7, 0x1, 0x1, 0x1, "", {{{0x9, 0x5, 0x1, 0x2, 0x20, 0x5, 0x80, 0x94}}}}}]}}]}}, &(0x7f0000001180)={0x0, 0x0, 0xf, &(0x7f0000000d40)={0x5, 0xf, 0xf, 0x1, [@ss_cap={0xa, 0x10, 0x3, 0x2, 0x2, 0x4a, 0x7, 0x108}]}, 0x3, [{0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}]})
syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
r6 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65)
ioctl$SNDRV_PCM_IOCTL_FORWARD(r6, 0x40084149, &(0x7f0000000340)=0x6)
sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)=@can_newroute={0x44, 0x18, 0x1, 0x70bd29, 0x25dfdbfe, {0x1d, 0x1, 0x5}, [@CGW_MOD_UID={0x8, 0xe, 0xffffffffffffffff}, @CGW_DST_IF={0x8}, @CGW_MOD_SET={0x15, 0x4, {{{0x4}, 0x3, 0x3, 0x0, 0x0, "918a76e1efa19e91"}, 0x5}}, @CGW_SRC_IF={0x8}]}, 0x44}}, 0x0)

8.456475021s ago: executing program 2 (id=632):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
socket$tipc(0x1e, 0x5, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r1 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000240)={&(0x7f000046a000/0x2000)=nil, &(0x7f000012a000/0x3000)=nil, 0x2000, 0x3})
r2 = userfaultfd(0x801)
r3 = getpid()
process_vm_readv(r3, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x280})
ioctl$UFFDIO_WRITEPROTECT(r2, 0xc018aa06, &(0x7f00000000c0)={{&(0x7f000040a000/0x800000)=nil, 0x800000}, 0x1})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x15)
ioctl$UFFDIO_COPY(r1, 0xc028aa05, &(0x7f0000000180)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00003ab000/0x2000)=nil, 0x400000, 0x2, 0x2})

7.45719587s ago: executing program 0 (id=633):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
socket$tipc(0x1e, 0x5, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r1 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000240)={&(0x7f000046a000/0x2000)=nil, &(0x7f000012a000/0x3000)=nil, 0x2000, 0x3})
r2 = userfaultfd(0x801)
r3 = getpid()
process_vm_readv(r3, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x280})
ioctl$UFFDIO_WRITEPROTECT(r2, 0xc018aa06, &(0x7f00000000c0)={{&(0x7f000040a000/0x800000)=nil, 0x800000}, 0x1})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x15)
ioctl$UFFDIO_COPY(r1, 0xc028aa05, &(0x7f0000000180)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00003ab000/0x2000)=nil, 0x400000, 0x2, 0x2})

7.368125462s ago: executing program 2 (id=634):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000440)=@file={0x0, './bus\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg(r1, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4b, 0x9, 0x8, 0x0, 0x20400003}, 0x0)
syz_usb_connect(0x0, 0x5f, 0x0, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
write$6lowpan_control(0xffffffffffffffff, &(0x7f0000000040)='connect aa:aa:aa:aa:aa:10 1', 0x1b)
socket$nl_netfilter(0x10, 0x3, 0xc)
mmap(&(0x7f0000807000/0x1000)=nil, 0x1000, 0x2, 0x31, 0xffffffffffffffff, 0x31306000)
statx(0xffffffffffffffff, &(0x7f00000000c0)='./bus\x00', 0x1000, 0x200, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19)
openat$ppp(0xffffffffffffff9c, 0x0, 0xc0802, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x2fb3, 0x0, 0x0, 0x0, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000300)={'bridge0\x00'})
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4800}, 0x220c0010)
openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000380)='/proc/asound/card1/oss_mixer\x00', 0x1, 0x0)
ioctl$FBIOPUTCMAP(0xffffffffffffffff, 0x4605, &(0x7f0000000140)={0xa, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'syzkaller1\x00'})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r3 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r3, &(0x7f0000002700)=""/102392, 0x18ff8)
syz_open_dev$tty1(0xc, 0x4, 0x1)

7.324659322s ago: executing program 3 (id=635):
r0 = socket$kcm(0xa, 0x3, 0x3a)
sendmsg$kcm(r0, &(0x7f0000000080)={&(0x7f0000000000)=@l2tp6={0xa, 0x700, 0x0, @loopback={0x0, 0xac14140c}}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000140)="8bcd", 0xffe3}], 0x1, 0x0, 0x0, 0x900}, 0x60)

7.313673434s ago: executing program 3 (id=636):
sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16, @ANYBLOB="050000000000000000", @ANYRES32, @ANYBLOB="3d000e0080000000ffffffffffff080211000000ffffffffffff0000feffffffffffffff070001000406f0027f"], 0x70}, 0x1, 0x0, 0x0, 0x20004090}, 0x0)
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1182, 0x0)
ioctl$mixer_OSS_ALSAEMULVER(r0, 0x80044df9, &(0x7f00000000c0))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, 0x0, &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x2}, 0x94)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb08004c000078ac1414000a0101004414", @ANYRES32=0x41424344, @ANYRES32=0x41424344], 0x0)
r1 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a", 0x2, 0xfffffffffffffffe)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4800000010000504"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0)
r2 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r1, r2, r1}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = dup(r4)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r4, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
syz_emit_ethernet(0x10e, &(0x7f0000000500)={@multicast, @random="857f34c20e05", @val={@void, {0x8100, 0x2, 0x0, 0x4}}, {@mpls_uc={0x8847, {[{0x293, 0x0, 0x1}, {0x2}, {0x5, 0x0, 0x1}], @generic="b47ab9a20b6cc809e4a0ee0150e8a4a4a9b88d10187a8675747037afe9312943575a3523c6712d7b7390eaee3e6c008ccb46ec3c9977ad7afd26c6f18b0dfe5a35e063690426b363547e9000d32d921eb8b23125b5d01b13c1119330295a31a0d473ace1bc9f5b15a565db29a99e48bd31589c0918cc6ad0136d48030ed05d299b0bfd1442cbcb1162413c77a2fc1c6e076e54886586c8fc740c66a28f4646c4256bc5f30d3ae097c1be68148de202f8d9842c098ae1e37cd1bee1e08f67045df6006028be525545b06d9643e5653ff5b75c84ab43d38e62e3a2800b4f5b8168b34327e3f54a28a77b5b1f058acd6100"}}}}, &(0x7f0000000640)={0x0, 0x1, [0x852, 0x94, 0x84, 0xe90]})
r7 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000400)={'wlan1\x00', <r8=>0x0})
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r7, &(0x7f0000000e80)={0x0, 0x0, &(0x7f0000000e40)={&(0x7f0000000300)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="01002bbd7000fbdbdf252100000008000300", @ANYRES32=r8, @ANYBLOB="0a00f7ff080211000001000004002a0008009e0008"], 0x34}, 0x1, 0x0, 0x0, 0x24004084}, 0x40000)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r5, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000240)={&(0x7f0000000480)={0x44, r9, 0xb00, 0x70bd2b, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_DURATION={0x8, 0x57, 0xb0}, @NL80211_ATTR_DURATION={0x8, 0x57, 0x4}, @chandef_params=[@NL80211_ATTR_CENTER_FREQ1={0x8}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x2}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xb}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x33}]]}, 0x44}, 0x1, 0x0, 0x0, 0x40080}, 0x0)

6.106295457s ago: executing program 0 (id=638):
semtimedop(0x0, &(0x7f00000003c0)=[{0x2, 0x4, 0x1800}], 0x1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = syz_open_dev$vim2m(0x0, 0x2000000f5, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r2, 0xc008561c, &(0x7f0000000400)={0xf0f016, 0x5})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000580)='net/fib_trie\x00')
pread64(r3, &(0x7f0000019180)=""/102355, 0x18fd3, 0xc2a)
sendmsg(r1, 0x0, 0x4000000)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r4 = syz_open_dev$sg(&(0x7f0000000280), 0x5dc, 0x0)
ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000180)=ANY=[@ANYBLOB="000000000a0000fa66919f8bce0047000000"])
r5 = openat(0xffffffffffffff9c, 0x0, 0x42, 0x1ff)
close(r5)
execveat(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x1000)
fsopen(&(0x7f00000003c0)='omfs\x00', 0x0)
syz_usb_connect(0x5, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100000cb768405e0483020b990102030109021b0001000000000904000001012920"], 0x0)
syz_open_dev$audion(&(0x7f00000011c0), 0x3, 0x8c4201)
unshare(0x8000000)
r6 = semget$private(0x0, 0x4000, 0x400)
semctl$GETALL(r6, 0x0, 0xd, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x81)
r7 = socket$inet(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000300)={'bond0\x00', <r8=>0x0})
mount$cgroup(0x0, &(0x7f0000000000)='.\x00', &(0x7f00000000c0), 0x10012, &(0x7f0000000040)={[{@name={'name', 0x3d, '_))%['}}]})
r9 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x34, 0x24, 0xf0b, 0x70bd2e, 0x0, {0x0, 0x0, 0x12, r8, {0x0, 0xf}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x4}}]}, 0x34}}, 0x0)

6.105869846s ago: executing program 4 (id=639):
r0 = fanotify_init(0x4, 0x101000)
fanotify_mark(r0, 0x641, 0x1019, 0xffffffffffffffff, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
fsconfig$FSCONFIG_SET_PATH(0xffffffffffffffff, 0x3, &(0x7f00000001c0)='fdinfo/3\x00', &(0x7f0000000200)='./file0\x00', 0xffffffffffffffff)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000640)='\xf0\x891\xb8R\xe6\x8d\x12\xe5\xe3+\xcd24\x01\x80\x1a\xc9A\x93\xb1@\xbf\x89K\xd0\x86\xd9\x86\x18\xc4:\xc3\xe0\xac\xed~\x97\a\xbe\xfb1d\xbe\xa1\xc1N\xd2p\xf0\xc6\xf3\x8eD\x1b\xc7q\x99?9\xf1\xe6\f\xa9\x90\xec:\x037\xe8\x0f\rX6\xf2\x88\x8d\r\xd2\xfc+\x19\x9a}\x9c\xd9\x1a\xef\xf1\x16d>ah\xa2\xa7\x02U\x06\xe1\xe1PY\x90\x17\xf0p\x01*!I\xd3$\xd00C\x88*NA\xc3\x95`\xb2\xf1\xb1\xed\x91\xe4\x87\xcf_9\x1eIpAfN\x99\xa9\v)\x98p\xea[\xc5&D\xe7\xf3\xba/\xcd\xdb\x9dz\xb2\xbf\xc6\xea?\x13(\x15\xc1\tm\xe7t,[\x14|bM\xfa\xeb\x91\xb0\xdfAR\xf3\xe2\xdf', &(0x7f00000007c0)='{\xe0e%m\"\x92\xb5\xcb\x00\x01\x0e!5\xd8\xf2\x92\x97\x86\xf9\xa8\xe7;\xdff3\x83\xb1a\xf2j\x90\x10@\x1chOK\x98\xae\xd6>\xbaN\x1d_N\xcbdIP2$\xbc\xc9\x89\xb5\n\x90-i%\xe2\x94\fH\xf1\xed\r\b\x1c\x81>\t\xc30-\xe2\xb3\xb0<m\x8ePDhx\x04\xd8\x17\xbcP\x8bl\xd5\x00\x00\x00\x00\x00\x00\xa3E\x9a_\x9b\x98#\xb2\x03\x18!V\x1b\xcbk\xf8\xd6JE4,\xdf\x96\x80j#\xf9\xd8\x13,\x89\x10\x90:l/\xb9T\x9a', 0x0)
r4 = gettid()
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
readv(r3, &(0x7f0000000e80)=[{&(0x7f0000000500)=""/232, 0xe8}], 0x1)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000880)='\xf5\xfc\xd2\xec]\x95zx8*\xa2d\x11\xb5\xb1\x01\x00\x00\x00\xe49{\x8a{\x81s\xea$\xdfg\xb1\x03DY!\x97\xadM\xd7\xff\x8a\xcd[>\x12e\xc3]d8\xba\x8ec\x00\x00\x00\x00\x00\x00\x00\xa0\xe2\xd5y\xec\x90\x00\x98Y\x91\x19\x16\x89\xd0\x1a\xad\xcd\xd6\xd0\xc6\xb9\xeb\x95\xd3\x9cl\x9cu#\xb4\xee\xe5\x9d\t\fV\xd4\xda\xfc`2?\x15P\xba\x14b\x1c\xcc\xd5\xb9jA$s\xb9g3\x15M\xd9\xb9 \xca[\xc7\xec\xa9;\xee\x01\xc9\xc4\x1f\xc3\xe4\xfa\xd3fU\x0e\x86\xc8\xa7\xaf\xaf\x04p\xa3\x8bb\xbf\\\xdb\x83\x00\x96sy\x14\x1eo\xcc9&\x946\xf9\xf5v\xee\xb5m$;\x01\xb8\xeau\x00\xd1S=\x920H\xc2z\xb5\xbe\x95\xef\xeb\xd1\xc8\xa1\xba\xach\xbef\xa8\x86\xc2\x18\x9cC\x15\x9c^\xcf\xe9\xbcp\xb4Ff\x00\x9d>p\"\x19\xd8}|~\xae\xdb\a59f\xb8?\xba\xf2\x8e\xa5y\\\xf0\fkd??-\x983\xf3\x19\xc7\xc0/\xe9\x1a\x80=\xa72)\xd2\x00'/277, &(0x7f00000002c0)='/\x00\x01\x00H\x98', 0x0)
tkill(r4, 0xb)
sched_setscheduler(0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), r2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
setrlimit(0x0, &(0x7f0000000000)={0x6, 0x7})
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
sendmsg$SEG6_CMD_SETHMAC(r2, 0x0, 0x20008014)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, &(0x7f0000000100)})
openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000001540)=ANY=[@ANYBLOB="600000000206010100000000000000000100ffff14000780080012400000800008000b400000cd200500010006000000050005000a00000005000400000000000900020073797a310000000011000300686173683a69702c6d61726b"], 0x60}, 0x1, 0x0, 0x0, 0x4044081}, 0x0)

5.7370021s ago: executing program 1 (id=640):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)
bind$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x1, @empty, 0x0, 0x3}, 0x20)
r1 = socket$l2tp6(0xa, 0x2, 0x73)
bind$l2tp6(r1, &(0x7f00000024c0)={0xa, 0x7, 0x0, @dev={0xfe, 0x80, '\x00', 0xb}, 0x8}, 0x20)

4.457295006s ago: executing program 3 (id=641):
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x280})
ioctl$UFFDIO_WRITEPROTECT(r0, 0xc018aa06, &(0x7f00000000c0)={{&(0x7f000040a000/0x800000)=nil, 0x800000}, 0x1})

4.372237239s ago: executing program 3 (id=642):
socket$nl_generic(0x10, 0x3, 0x10)
openat$mixer(0xffffffffffffff9c, &(0x7f0000000080), 0x101403, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r3 = openat$selinux_policy(0xffffff9c, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r3, 0x0)
write$selinux_load(r2, 0x0, 0x44f0)
syz_usb_connect$cdc_ncm(0x4, 0xd1, &(0x7f0000000040)=ANY=[@ANYBLOB="12011003020000182505a1a44000010203010902bf0002010650000900000000020d00000524060001082400a9b30d240f010a0000000300ff000606241a05001407240a050905580c240c00000000a90c09000304240202042402000424020244"], 0x0)
syz_usb_connect(0x3, 0xf5, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000772aed408680070bb96c010203010902e30003dc2000000904003f000e01000505a40600010524007f000d240f0104000000080000000006241a03000a05240101070424020a1524120001a317a88b045e4f01a607c0ffcb7e392a09044c03003a92a2010a240109000102010205240401050c2402"], 0x0)
ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, &(0x7f00000001c0)=0x2)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r5 = dup(r4)
ioctl$KVM_REGISTER_COALESCED_MMIO(r5, 0x4010ae67, 0x0)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r5, 0x4010ae68, &(0x7f0000000000)={0x8000000})
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, 0x0, 0x0)
r6 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
sendmmsg$inet(r6, &(0x7f00000020c0)=[{{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f00000004c0)='\f', 0x1}], 0x1, 0x0, 0x0, 0x2000000}}], 0xfdef, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
r7 = userfaultfd(0x80001)
ioctl$UFFDIO_REGISTER(r7, 0xc020aa00, 0x0)
ioctl$UFFDIO_CONTINUE(r7, 0xc020aa08, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, 0x0, 0x0, 0x2)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffb000/0x3000)=nil, 0x3000, &(0x7f0000000000)='\'\x00')

3.755009395s ago: executing program 1 (id=643):
socket(0x10, 0x3, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioprio_set$uid(0x0, 0x0, 0x4000)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
r2 = socket(0x40000000015, 0x5, 0x0)
bind$inet(r2, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10)
getsockname$inet(r2, 0x0, &(0x7f0000000100))
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), r2)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f00000000c0)={'batadv0\x00', <r4=>0x0})
sendmsg$BATADV_CMD_GET_GATEWAYS(r2, &(0x7f0000000380)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000240)={0x5c, r3, 0x10, 0x70bd28, 0x25dfdbfe, {}, [@BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x8000}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0xfffffe00}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r4}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_ISOLATION_MARK={0x8}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4800}, 0x40040)
sendmsg$key(r1, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000580)={&(0x7f0000000140)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x70bd2a, 0x0, [@sadb_address={0x5, 0x6, 0x33, 0x0, 0x0, @in6={0xa, 0x0, 0x2, @loopback}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x2, 0xa, 0x0, 0x20000000}, @sadb_address={0x5, 0x5, 0x33, 0x0, 0x0, @in6={0xa, 0x1, 0x10001, @mcast1}}]}, 0x70}, 0x1, 0x7}, 0x4010)
r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
sendfile(r0, 0xffffffffffffffff, 0x0, 0x984)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r6, 0x0, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r7, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0xb}, 0xe)
sendmmsg$sock(r7, &(0x7f0000004100)=[{{0x0, 0x0, 0x0}}], 0xffffff80, 0x0)
shutdown(r7, 0x1)

3.526372568s ago: executing program 4 (id=644):
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x43, &(0x7f0000000200)={0x77359400}, 0x8)
syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2)
r0 = socket$xdp(0x2c, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000440)={'batadv0\x00', <r5=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)={0x24, r4, 0x211, 0x0, 0x25dfdbfc, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r5}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x3}]}, 0x24}, 0x1, 0x100000000000000, 0x0, 0x4004059}, 0x0)
r6 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r6, 0x40345410, &(0x7f0000000300)={{0x0, 0x2}})
ioctl$SNDRV_TIMER_IOCTL_STATUS64(r6, 0x80605414, &(0x7f00000003c0))
sched_setattr(0x0, 0x0, 0x0)
mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4000, 0x0, &(0x7f0000389000/0x4000)=nil)
syz_open_dev$video4linux(0x0, 0xfffffffffffffe00, 0x171cc0)
sendmmsg$unix(r2, 0x0, 0x0, 0x811)
openat$qrtrtun(0xffffffffffffff9c, 0x0, 0x8000)
connect$qrtr(0xffffffffffffffff, 0x0, 0x0)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/65, 0x328000, 0x800}, 0x20)
syz_clone(0xa2540400, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
socket$netlink(0x10, 0x3, 0x0)

3.303399364s ago: executing program 2 (id=645):
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000100)={0x0, &(0x7f0000000300)=[0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c643c, &(0x7f0000000300)={0x0, 0x0, r0})

2.713969831s ago: executing program 1 (id=646):
r0 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000240)={&(0x7f000046a000/0x2000)=nil, &(0x7f000012a000/0x3000)=nil, 0x2000, 0x3})
ioctl$UFFDIO_COPY(r0, 0xc028aa05, &(0x7f0000000180)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00003ab000/0x2000)=nil, 0x400000, 0x2, 0x2})

2.592693379s ago: executing program 2 (id=647):
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mkdirat(0xffffffffffffff9c, 0x0, 0x1c0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="00000800000008048263d1cb392ee6262d168b33aca6c4419e26a06d31c66505701b7d6df7375f4272f4ec7f1f4c718875e08cb6005f8d89f22f"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x1, &(0x7f0000000040)='P')

2.452407424s ago: executing program 1 (id=648):
r0 = syz_usb_connect(0x5, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="120100001a77aa4094225b4210a20102030109022400010000000009040000029233500009050602ff030000000905ba3e79"], 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000440)={0x44, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000f80)={0x34, &(0x7f0000000000)=ANY=[@ANYBLOB="00061c0000005ad6723f09e2"], 0x0, 0x0, 0x0, 0x0, 0x0})

2.398429454s ago: executing program 4 (id=649):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}]}, @NFT_MSG_NEWRULE={0x3c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @cmp={{0x8}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x90}, 0x1, 0x0, 0x0, 0x4}, 0x0) (fail_nth: 6)

2.044688821s ago: executing program 0 (id=650):
ioctl$vim2m_VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, &(0x7f0000000040)={0x100, 0x43353039, 0x3, @discrete={0x7, 0x4}})

1.992554966s ago: executing program 4 (id=651):
r0 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000003c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r4, 0xc018643a, &(0x7f0000000140)={0x1, 0x101})
syz_clone(0x41860880, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r5)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$inet6(0xa, 0x80002, 0x0)
sendmmsg$inet6(r6, &(0x7f00000042c0)=[{{&(0x7f0000000000)={0xa, 0x4e23, 0x6, @mcast1, 0x5}, 0x1c, 0x0, 0x0, &(0x7f00000003c0)=[@hopopts={{0x18, 0x29, 0x36, {0x33}}}, @flowinfo={{0x14, 0x29, 0xb, 0xa}}], 0x30}}, {{&(0x7f0000000500)={0xa, 0x4e24, 0x8001, @remote, 0x9}, 0x1c, 0x0, 0x0, &(0x7f0000000640)=[@rthdr_2292={{0x18, 0x29, 0x39, {0x3b, 0x0, 0x2, 0xf4}}}], 0x18}}], 0x2, 0x4001dc6)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000e00), 0xffffffffffffffff)
r7 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r7, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r8=>0x0})
ioctl$IOMMU_IOAS_ALLOW_IOVAS(r7, 0x3b82, &(0x7f0000000000)={0x18, r8, 0x1, 0x0, &(0x7f0000000100)=[{0x7ff, 0x1080}]})

1.982338276s ago: executing program 0 (id=652):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000100000000000000004000000000000000046fbd76bb37bf74f1989f751e71f6f3edf95be674d3c8f2294a1c6150ed62e6c65685000984e61e10504f1f1869ab6ea0f10c5bf2ea2389083db725e57a169099fedb74a87ed06acd1da00f2d774047d33d4b0e262f3389badfd343ea8ce66192f1d4454934192fc6e59286c52c9098f833965dc3904310a37179e3632e33a4bb650ae6d32dbb66eaf405fa1dd277455000000000000a6c8193a35ad755680d2b2e6a8543d85e56b237926e9022d197390a7c711be0ec0d45a57ff55ddc1816f6ffa"], 0x48)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r0, 0x26, &(0x7f0000000000)={0x1})
r1 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f00000000c0))
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000380)={r0, 0x58, &(0x7f00000002c0)}, 0x10)
bind$bt_sco(r2, &(0x7f0000000400), 0x8)
ioctl$TIOCSTI(r1, 0x5412, 0x0)
ioctl$TCSETSW2(r1, 0x402c542c, &(0x7f0000000540)={0x3, 0x200401, 0xfffffffe, 0xc6cf, 0x91, "0000080100", 0x40240000, 0x7fffffff})
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000140)=0x8)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000180)=0x1)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000fffffffffffffff700000000000000aa21e77900000000000000"], 0x96)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r3}, 0x4)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r4=>0xffffffffffffffff})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000440)={0x5, 0x5d5}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0xffffffffffffff2a, &(0x7f00000000c0)=0x62a)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_xfrm(0x10, 0x3, 0x6)
recvmsg$unix(r4, 0x0, 0x0)
r6 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi1\x00', 0xa400, 0x0)
ioctl$COMEDI_DEVCONFIG(r6, 0x40946400, &(0x7f0000000200)={'dt2801\x00', [0x9e1, 0x2566, 0xfffffffe, 0x100000, 0x8, 0xfffffffc, 0x5, 0x10, 0x1002, 0xffffffff, 0x1, 0x5, 0x344, 0x1, 0x7, 0x0, 0x1, 0x3, 0x9, 0xe, 0x100, 0x1003, 0x5, 0xa, 0x5, 0x4fe731f2, 0xb0c4, 0x7df, 0x8, 0x400009, 0x1]})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000000), 0x4)

1.016785804s ago: executing program 4 (id=653):
r0 = socket(0x400000000010, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0xe1}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x2000000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
preadv2(0xffffffffffffffff, 0x0, 0x0, 0x2b, 0x0, 0x0)
r4 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$6lowpan_control(r4, &(0x7f0000000180)='connect aa:aa:aa:aa:aa:11 0', 0x1b)
bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYRESDEC=r0, @ANYRES32=<r5=>r2], 0x50)
r6 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r6, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r6, 0x40946400, &(0x7f00000000c0)={'pcmmio\x00', [0x4f27, 0x0, 0x4, 0x4, 0x5, 0x5, 0x4, 0x7, 0x54c6cff3, 0xfd, 0x2, 0x1, 0x1, 0x1, 0x6, 0x101, 0x0, 0x7f, 0x3, 0x40000003, 0x89, 0xcaa3, 0x0, 0x20001e5b, 0x3, 0xe66, 0x3, 0x8, 0x4086, 0x0, 0xfffffff8]})
ioctl$SIOCSIFMTU(r0, 0x8922, &(0x7f0000000340)={'bridge_slave_0\x00', 0x4088})
r7 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
bind$x25(r7, &(0x7f0000000e00), 0x12)
write(r7, 0x0, 0x0)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r0)
getsockopt$bt_hci(r0, 0x0, 0x3, &(0x7f0000000380)=""/130, &(0x7f0000000040)=0x82)
syz_clone(0x70001400, &(0x7f0000000680)="b8d66760bc0870ad3834c2ead03d359a819561cb517b7714f47d11a2f175da420e7f9ceeffb0dbf9f9fd154a0762cf98125df49371810000000000000041d07407de319f451dc4978accc886238862c1b0ede1b85191e06d59bbc98db860a0d4908bf1e555e2e0a6fc53a6e3aaf587d8223557f455443f1ffc7d13376bb4dc1c9e89f0b2015146ea53676242e70be79bd3f13fb62b465812c1a151fa1162d106f4b5bc5247440765cd3017f24b140cd6d04a4c92841bc738cc66127532a48f7ad6d207d47f82d8a7616d4ffa91570220947ed32a00baba86f463943b5877013fad53027c58e48900801cf05b69186fab6efdb8bd2ef11ea5b3019fa92f5cccc4e2cdc7a805a6d8608d82f5cf0101bbcc6da72efc0bd4252815defc2adbc7c05173fc68b68793484490aa08348a8f2abcd7ecacc6ed3c6c72ab71fa80", 0x13c, &(0x7f0000000480), &(0x7f00000004c0), &(0x7f0000000e40)="a96f1d7b4dd9769cd098ca712fe44e01c165aef383e88501f2637635c93ecb91d6c93279bd209a65d8f7b6b32e2fc3e84495e5a1bd64280fb4af194b4062828f403945130770d6e75bd68786a97391c6082086a701796ea5bf169a24105cdff577a5464e85e2004b11bc251176efe619ce8a5f0aaf348220b35daa8f3b5553924c4854d9d57d2a280db1d291a8a09b1246ae38a389649e1159ae3c030524fef2f72f8b626c2dd8ae28b2848b86ad887df1fdb7a205e39ed8c213da6f3d676558db61f2a89d4021e52eadf88bd31f97bce710b90d7e3603e56a15a37047720ae74b32443849f332867f17d6a02d5980cc1648ebfa6149134832696d202ea8eae4b4f7e4dc8f7939675bad4ec93e499a2d7f672d32d2a1dc3029faa1e8b6a2b3c7b2fe53d9b58392832e5673aeedc682993ca32187f78f1cc2b9184c10ce3e236b9a248a3976eeaa9d73b45ec67d59a74887bac269e4b7c5d46a8e7d89b38f4af654f292508fbccd4318e8ef5ecbd6ebf5fc4dd17808ba97e303e82485ce7f5f9452034c49daec6a1da149be76e1b7cc6887c95a76cfc6f3056a1c316f7fa850760c3fab4dee90c76eaa6c0c309677981a7d6cfbc79d7a6ea9223090b62acccb4c147bca8028296c019a7300bc278ff946c5341dbc3556a1c1b9be38e97029027863e4633721b6dc17b90abd36e80fddbec467d1cd29fbf584cc6a6b3d026f408bb3b11cdd3918ff3f8f8a7b2ec280a2fc4785fed9914ccb81ac62131bf9563be5418b3efd7d1e34604cf0326d4ec817e66b417829abbc58120507fdd51b3dc013f03fc4b506cab9017d749e4174627a7ce39b63378c786a1e82fcd49e2998f351b7a43610435a54966c3400ad6e02910c5c02e5153914bebfa78e1db89d9668c1be2fc68e99a21f6fdbba9c53b49167a42937a40aae02fc1eccbb95fed863460da1ccdd61e7a6ae4fdbf1a2dbe3116e589792e7adc75c36868544911c8d766c10bfc4bb80a99ec68065474107a511e59ad7748579b4ab491f5e44023c117b21458e1a0ef33a5f7eae738c50e1890c3b49269c87ed9cc0c736c5f60dc25be602d5ed4fca3dfb02a91e3751f5f2eb8aed32886b5321c1d7f0c1526afab89527d87e5d3a2d9b1ab231fa2ea4ede63b901222f6fb99bc3480039e75ef617ae059b06318b07ac11dde43d829dca72a2e9c09d75bdc3926fe1913ec6aea95cce95e472e74c777f3b1c6e0c6ccd0c513e7c4c672b8e4d608b11f8a7d900e1db64f21c9430bb0dc9a99cb98ec151b3c0a7f1f2fa465e0b6be1eb665d98828ca6a92d7fc02c8b4701bf9589f6fd22a8112587fabcec76435c119ad7a18de597b566a2e07c34a29e3776a94a04e6e74a25cf3786c695d913dc33b4181c9698acc108605a5389e23be60651ec8eb691dbbe3f3dee3a80fe890ddb92e64e9cba5fcd089d9824889d2ea757d632e71a3d127a439f4017f42e81767b86aabcc4ec70720beb6d701ad53ec7c4b2dd98a35522621478f6d9eb27bf762f1bb74ebb8668d5e0f3d0875065a32ba721198bda832264a89be1774caea7da4bc13630f429519aa9a6e28bd8878b9733efe59a377e519574d8c5a8eb472a1093f7c478c29dfebbf6a22a907fef7e25327e680d66ec37c6b7f6708358584d98857f1de9ef312f05847403320e32996bd88d8b7e24d26693ecd0c54df9e2cecfc946476226ba7c9abab4bd06372fe74791c6e43e74dde06e958fc3a64c5303f1c8b285447dc8b2d40f25b3a2a992420d6655bb15c8305dd81a1eea9ce6f432e6c63613c95a6fe1c93463aeb8574ed4a7883687d3fdb6e80dfe1f73219da717fb1d1b3eab3b534eeb41aa605c044fd69c1057eeb111390cead31a451ae7633cca027944d37cf378f389d69d4fcb8c16e32c1706ae8780948176a4a872f118e47ce7a39485db4b6f582308b9305c3952779a666329a613787053587a0b129dc997a4a2ebfab0d719eae7f260ab8c9e10dbbbc7176753116c5264f7c45a00397b317d42a85f6c6d03d5cc42fca20e5ff46f7679ac9087a9b3d1ff551178ffc1d5095d69cc522cce3f3539d143bc8a715209dc2742a43f230bbb06f72be894849072699a7ecd4f56b94550b223f4614a2cbd9e8241469631996ad6022009f0b4fe23f8dcb3539844e706f599ef17283e05e27c403d00fc028117512f208b3eaaaae6425fd815c9856c4eb0de9ba7d43bee8e945710259285890e12d8610635281c0a5028748549be0a155b2d6dcefd2359432bff080b6558a1b82168111e4e4499e2860265a358d74dad2f1ed931001fb03c432a9aaeb2fdb5a2f77310bd5eedafce0e351328162685745bc0d894e041558e4a824b9f4fe3493e63eecc4bd33c043ff77305d2fdcbf75d46458f24bfa355225286ce82d28ed1ac71adca3950a62a3030bcaaa0c9d9445d88d1d0fa007b5908e932f3f3c07e53a41dff8a3ef3a481e60190a015322ddf025d3197abd802a9d2e0c197e5b9871d714bc1357c4caee2a22cac6c2087c5472deed9442e4c9a10d6b1744ad8360ee8d3d7cad7e8f9f6fddf28b3b253cb789d3bdc1e3557ab15f24cbd369e4cf3a9f401de7484e80ae82da731199b9dee55599833d67b1a98772582600b4e3cc59796242445ca54c3200a1f794fc8527b4711d62bd020686d12fc12190de6535a30d54bbca23066d8181add5781c5c60201e9075d57cf250d2589b025ece634612311588e90dbc0082d1b68079f55b882c8d6d304f13e97d7ea1f20570e118d53924d6e01feb8804da4104cc5f71ca9ce41e704a53aee2662a32dc4a693d650b4324997b5f2ece387ca130dbbd52db4dada694b967e9b06cd04804dad1907f326ae80440a218b97d5534417259920f442bd6ce9b4387343cc410e692bd94cf3ca3b973673005233e011936e307dd677a6654412a51b87526a4bf0da067b67e176d7239422f7f6d9dc4b885bd72bf3dda3acff44b40278f6223795bc29826031df87b03f9a63e07bdf96ab1e5f135ee681ac9e9bbe135ce282c902866fa650c454fc6e73054c5b5f1318094e71f113afe8c68f962a584a14a2b696af2477a7585b8b0ffbefbe6e045d292fd9e89a722fe26b386c85fc5fc8e3516037570faabb112470f84b161f7cec61cc9532bca17a64a13f6c7cdb2fb8900dd0636750a5cf9783e4de77c5f83d0412712bf9b9bbec8739a6a5688e97dd34dd586d8ff7647d981418cd3a62ba6e42d14477b0b2ec05bf2e0bc68989464b3b3a75a6ade41bf3832459ee878e61c3f9f6713f15c67a06cd0e99101853fa52bf491a8c91346196e60a0952022f5a7b06fc31f27aa6909a1f55d980d5ba93dedc861e792d6f01ad64b11e3b15e97eb59514e9c26895a2e7f716b5af18de822d15e06d5c92a9fb84e56a80766695fc46d980a83b4a11fa1c3ce2283a813aa406750554c675004e0759dcc86e0abf3054fcc06dd7c8c01595ada51343d26ad8f68b72ab9fd526d737c7889f5cb2404122f8fd60e9772f621602330a9cd86b8e7c9fd883e5a319100bbb39ecfc0ebd4207d0aadb37e53d26a7c1709b423646faf5629dd29718efee2d0f98923546344e9ffa4045500cd5bfe7466ee71dbe68fa924861f1ab75d2404f980c8c0dc5321983ef4b774b9dca9dea456a290f1975a4d46717bb27d2fc273e4916964f130547821cd246d651cef93c714f55afc09d36278f8739ef1b72a9b7489f99d3a25142792210ad34024e53545ac19ad263992d3af6a37e059bb5996d139e5d28af6b12724ea95eadda6911a1ea398d3591ede85692da6abeb6a20370e360865b32781480420d612be268ede1a449218c6073a5629c828c976a2901e52d6de4bda7b2d6a88d26910aa3340d68e466144d600f32d3fc0b83d08fc7e3b71270a60fe923ba91949916f5d6c6c908c24ad0174458c1e4ce775a0faf9c957222d17c7af0944b481e9267bb318b1fd09838052821a60d31e16a879c6fa790c11bb7673223cdd5e70415072458274ca4e0c77908e8f4faa991cfaeee9c339a357e3a4890d511b2b8e6e843b4e19ed8ae77ffcc0eddbad27c6f753fd6cdb64c81508a1c80028b0b88f8c3fefaa2077858e54466136ce89c8da397c75b282e41e678b4b02250c55d173177e293dc15cc666bbcbe657ca9cdc1bb5925efe24c0007abf38b8f64ec58ef52c4dcd555473c12c6cce15c05d656e10660768e9af41642a2c2744765ef394a777644f52d0d10f90bd31cfd8c29efec88fa8333b4aeb8f2d364dc7ad36c561c649446cdf289e420a93aab274a9d3a3f96f95f8c0624ce12d59aa8eac684bdbeb52c5f12cfb532432746155ed5d99ac6caca224ce218c2d7592794b76872c8f63f5243fecbd1cda2f416543f9da24a75bf87faaa4d782307eeddb387b63afcdb546cf7942bc2eb5ba6097c8ee7c0171546b97f6c94cfbbe8470a2502332c4adcbca4d54cac7d9d82f04797cae90d1d53eafa6f74cce247106561522b45767c8bc92ae35515b6089750a1b3d9980599c43efc9fb5800344158d020bd16ab42bea94023f87bedb887156f1935c2c9b03d8768cb3e857ff0e84b250a093bd584f7901b39488dcfe5871144d94e7d0932a3ffde58be0bab66a349758fbcc58aeac2e95e7985d9cc640a32c50aa6e58cbc2e8e6cf42fd6ff5fac7912f95edaf5f1d7c3cf81541f4e416726c0717195e7be75a4141b3b94bc1aa5fb10bf3bd11bc7227fd6bd4d570ff81a74d7d6504c6ab46b501b332d3c6bf98d013aa264d635843df0ed68dd1611670f542bee4f7d0882fbb42ae6ca720b1350e3d22847d13231835b7be74b0f7b4a044104c3256b8406e3c47444144e44d4eb93a6779cb98cee41168e22ec7ac198727d7de7a3b1040200e4b68198f98afeb76c1994288eb5ace80ac82a1715458a1bc054900d98c4d309b5fd3d8fd3dfb6cd90b6381a5d738140cac757755efd057e3c918640d7c59d5f310c90ebca72ed4d125c46ff5bd3dba5bb7d07957f6872cd5e145ce786626706787cbd77aa99cddec96b7e00f4ab1bb15adb394a834ac18b194828babb3f64023dca386b0461b36b944d04e8cf897b65ed09636e0b66ccab622ce098fe6f1a90b12709f897439f2551c19e848611cc7ab494871256daad0321abec170da9d87dac86e6284063f39568ffb99bb8c9e36d4e7a1c13c5c52f46c5452816a46bdf9d2ffd9fb56d9ba8c096ba4f3aac971469d9e9b330d16b1e042cf9ea7177dd334a3a9639c7c3fcf1175f58b5620761d1b747b42fc3542740b91803e182a58f270153a2bef46410030e8c63a5b4405d719fd302510857adb7e6d10933e6aa2f48c0ef71bea443836e0bd551b33b983f8d5af2df42e2472bfb62572e9ae07fb5701f9484795f95b3a9ca9d7ed17393c92011469b7438646221e24ee3a141c9a5e9a21a261abec973320db12351638f4037f51d7712c63aeae9c5af6d9c82f2012c7b4445c76f1a72091621f2e8a623e93103ee2aade2c4fb4dd2eb5b688411433f5ae7a9c35e12b58726161a0ac60dfe819b4d2edb067781cb1955da714f82763f888169b6b1d0e06b2a578581f9326c8d5e73ed4af7c565b61d976d0a9ca4610264850c16f09bcaf91f3ece5ec1a7fb1b2437a27450d82b0b46434ea8336b895c86e22d7ea2ce6878238c404ab3b5d612827c3aeecd6faf1445134f891038464135131716a04c2b984b8c49a6ec7399705f4e115e3965dcf5eb89bcf5653f9b40721073773b6c46e2677cec5728962c9d7be7bf9c8ea520cf691e2e8c6a3766d3d5")
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000540)=ANY=[@ANYRES64, @ANYRES64=r2, @ANYRESOCT=r9, @ANYRESDEC=r3, @ANYRESHEX, @ANYRESHEX=r5], 0x28}}, 0x4)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, 0x0)
sendmsg$NL80211_CMD_DEL_KEY(r0, &(0x7f0000000300)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="000229bd7000fbdbdf250c00000008000300", @ANYRES32, @ANYBLOB="0c0600000000000000"], 0x30}, 0x1, 0x0, 0x0, 0x4000054}, 0x1)

829.606261ms ago: executing program 0 (id=654):
timer_create(0x0, &(0x7f0000000200)={0x0, 0x21}, &(0x7f0000000300))
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
vmsplice(r0, &(0x7f0000000380)=[{&(0x7f0000013580)}, {&(0x7f0000013680)="c578381bf5113dad8319d9ea5294285ae9a90384ce23866477bef9de4399237d8b3522c9c194e71edaf3332a2f169682f9d8fa271683d4d441b710409e506333e0c3b64e52e8720734b6787f4a84f5bebb046649c6c697d978affd349031b2cd874c7a8961a586a9f2d62f945e7a5bf2f5f7a31684c0503704881d2578a2a98ac3ef4e4a4b0dcdb70db735d5c1652eed3848b2dd4131bb0eb7cfadfaf5", 0x9d}], 0x2, 0x0)
write$binfmt_script(r0, &(0x7f0000000400)={'#! ', './file0'}, 0xb)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0xffff, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040), 0x106}}, 0x20)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000a00)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000009c0), 0x13f, 0x6}}, 0x20)

200.144624ms ago: executing program 0 (id=655):
r0 = fanotify_init(0x4, 0x101000)
fanotify_mark(r0, 0x641, 0x1019, 0xffffffffffffffff, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
fsconfig$FSCONFIG_SET_PATH(0xffffffffffffffff, 0x3, &(0x7f00000001c0)='fdinfo/3\x00', &(0x7f0000000200)='./file0\x00', 0xffffffffffffffff)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000640)='\xf0\x891\xb8R\xe6\x8d\x12\xe5\xe3+\xcd24\x01\x80\x1a\xc9A\x93\xb1@\xbf\x89K\xd0\x86\xd9\x86\x18\xc4:\xc3\xe0\xac\xed~\x97\a\xbe\xfb1d\xbe\xa1\xc1N\xd2p\xf0\xc6\xf3\x8eD\x1b\xc7q\x99?9\xf1\xe6\f\xa9\x90\xec:\x037\xe8\x0f\rX6\xf2\x88\x8d\r\xd2\xfc+\x19\x9a}\x9c\xd9\x1a\xef\xf1\x16d>ah\xa2\xa7\x02U\x06\xe1\xe1PY\x90\x17\xf0p\x01*!I\xd3$\xd00C\x88*NA\xc3\x95`\xb2\xf1\xb1\xed\x91\xe4\x87\xcf_9\x1eIpAfN\x99\xa9\v)\x98p\xea[\xc5&D\xe7\xf3\xba/\xcd\xdb\x9dz\xb2\xbf\xc6\xea?\x13(\x15\xc1\tm\xe7t,[\x14|bM\xfa\xeb\x91\xb0\xdfAR\xf3\xe2\xdf', &(0x7f00000007c0)='{\xe0e%m\"\x92\xb5\xcb\x00\x01\x0e!5\xd8\xf2\x92\x97\x86\xf9\xa8\xe7;\xdff3\x83\xb1a\xf2j\x90\x10@\x1chOK\x98\xae\xd6>\xbaN\x1d_N\xcbdIP2$\xbc\xc9\x89\xb5\n\x90-i%\xe2\x94\fH\xf1\xed\r\b\x1c\x81>\t\xc30-\xe2\xb3\xb0<m\x8ePDhx\x04\xd8\x17\xbcP\x8bl\xd5\x00\x00\x00\x00\x00\x00\xa3E\x9a_\x9b\x98#\xb2\x03\x18!V\x1b\xcbk\xf8\xd6JE4,\xdf\x96\x80j#\xf9\xd8\x13,\x89\x10\x90:l/\xb9T\x9a', 0x0)
r4 = gettid()
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
readv(r3, &(0x7f0000000e80)=[{&(0x7f0000000500)=""/232, 0xe8}], 0x1)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000880)='\xf5\xfc\xd2\xec]\x95zx8*\xa2d\x11\xb5\xb1\x01\x00\x00\x00\xe49{\x8a{\x81s\xea$\xdfg\xb1\x03DY!\x97\xadM\xd7\xff\x8a\xcd[>\x12e\xc3]d8\xba\x8ec\x00\x00\x00\x00\x00\x00\x00\xa0\xe2\xd5y\xec\x90\x00\x98Y\x91\x19\x16\x89\xd0\x1a\xad\xcd\xd6\xd0\xc6\xb9\xeb\x95\xd3\x9cl\x9cu#\xb4\xee\xe5\x9d\t\fV\xd4\xda\xfc`2?\x15P\xba\x14b\x1c\xcc\xd5\xb9jA$s\xb9g3\x15M\xd9\xb9 \xca[\xc7\xec\xa9;\xee\x01\xc9\xc4\x1f\xc3\xe4\xfa\xd3fU\x0e\x86\xc8\xa7\xaf\xaf\x04p\xa3\x8bb\xbf\\\xdb\x83\x00\x96sy\x14\x1eo\xcc9&\x946\xf9\xf5v\xee\xb5m$;\x01\xb8\xeau\x00\xd1S=\x920H\xc2z\xb5\xbe\x95\xef\xeb\xd1\xc8\xa1\xba\xach\xbef\xa8\x86\xc2\x18\x9cC\x15\x9c^\xcf\xe9\xbcp\xb4Ff\x00\x9d>p\"\x19\xd8}|~\xae\xdb\a59f\xb8?\xba\xf2\x8e\xa5y\\\xf0\fkd??-\x983\xf3\x19\xc7\xc0/\xe9\x1a\x80=\xa72)\xd2\x00'/277, &(0x7f00000002c0)='/\x00\x01\x00H\x98', 0x0)
tkill(r4, 0xb)
sched_setscheduler(0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), r2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
setrlimit(0x0, &(0x7f0000000000)={0x6, 0x7})
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
sendmsg$SEG6_CMD_SETHMAC(r2, 0x0, 0x20008014)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, &(0x7f0000000100)})
openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000001540)=ANY=[@ANYBLOB="600000000206010100000000000000000100ffff14000780080012400000800008000b400000cd200500010006000000050005000a00000005000400000000000900020073797a310000000011000300686173683a69702c6d61726b"], 0x60}, 0x1, 0x0, 0x0, 0x4044081}, 0x0)

80.477767ms ago: executing program 4 (id=656):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
socket$tipc(0x1e, 0x5, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r1 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000240)={&(0x7f000046a000/0x2000)=nil, &(0x7f000012a000/0x3000)=nil, 0x2000, 0x3})
r2 = userfaultfd(0x801)
r3 = getpid()
process_vm_readv(r3, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x280})
ioctl$UFFDIO_WRITEPROTECT(r2, 0xc018aa06, &(0x7f00000000c0)={{&(0x7f000040a000/0x800000)=nil, 0x800000}, 0x1})

0s ago: executing program 3 (id=657):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) (async, rerun: 32)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) (async, rerun: 32)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
r2 = open(&(0x7f0000000100)='./bus\x00', 0x24040, 0x10)
truncate(&(0x7f0000000000)='./bus\x00', 0x9471) (async)
finit_module(r2, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x100000d, 0x10, r2, 0x10000000) (async)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) (async)
r3 = socket$inet(0x2, 0x3, 0xfffffffc)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x4b, 0x1, 0xffffffff, 0x6, 0x0) (async)
shutdown(r3, 0x0) (async)
unshare(0x40200) (async)
r4 = semget(0x1, 0x4, 0x39c)
semop(r4, &(0x7f0000000080)=[{0x1, 0x8001, 0x1000}], 0x1) (async)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_int(r5, 0x0, 0x33, &(0x7f00000000c0)=0x8001fffe, 0x4)
semop(r4, &(0x7f0000000000)=[{0x3, 0xbbdd, 0x1000}, {0x2, 0x100, 0x800}], 0x2)
semctl$SETALL(r4, 0x0, 0x11, &(0x7f0000000140)=[0x6, 0x7fff]) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_reuseport=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
unshare(0x40400) (async)
syz_emit_ethernet(0x2a, &(0x7f0000000040)=ANY=[], 0x0) (async)
r6 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r6, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r7=>0x0})
sendto$packet(r6, &(0x7f0000000100)="f257a8ea7bc273dfaeab96850806", 0x2a, 0x0, &(0x7f0000000200)={0x11, 0x0, r7, 0x1, 0x0, 0x6, @link_local}, 0x14) (async)
recvmmsg(r3, 0x0, 0x0, 0x0, 0x0) (async, rerun: 32)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) (rerun: 32)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) (async)
fsmount(0xffffffffffffffff, 0x0, 0x0) (async, rerun: 32)
socket(0x10, 0x3, 0x0) (rerun: 32)

kernel console output (not intermixed with test programs):

5, idProduct=1010, bcdDevice=49.8e
[  173.822409][ T5848] usb 4-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  173.826068][ T5963] kovaplus 0003:1E7D:2D50.0006: unknown main item tag 0x0
[  173.837391][ T5848] usb 4-1: Product: syz
[  173.842805][ T5848] usb 4-1: Manufacturer: syz
[  173.843864][ T5963] kovaplus 0003:1E7D:2D50.0006: unknown main item tag 0x0
[  173.847685][ T5848] usb 4-1: SerialNumber: syz
[  173.859884][ T5963] kovaplus 0003:1E7D:2D50.0006: unknown main item tag 0x0
[  173.867204][ T5963] kovaplus 0003:1E7D:2D50.0006: unknown main item tag 0x0
[  173.868391][ T5848] usb 4-1: config 0 descriptor??
[  173.879519][ T5963] kovaplus 0003:1E7D:2D50.0006: unknown main item tag 0x0
[  173.881135][ T5963] kovaplus 0003:1E7D:2D50.0006: hidraw0: USB HID v0.00 Device [HID 1e7d:2d50] on usb-dummy_hcd.1-1/input0
[  173.908783][ T5848] yurex 4-1:0.0: USB YUREX device now attached to Yurex #0
[  174.114306][ T5848] usb 4-1: USB disconnect, device number 16
[  174.122797][ T5848] yurex 4-1:0.0: USB YUREX #0 now disconnected
[  174.232000][ T5963] kovaplus 0003:1E7D:2D50.0006: couldn't init struct kovaplus_device
[  174.240232][ T5963] kovaplus 0003:1E7D:2D50.0006: couldn't install mouse
[  174.248918][ T5963] kovaplus 0003:1E7D:2D50.0006: probe with driver kovaplus failed with error -5
[  174.438506][ T5963] usb 2-1: USB disconnect, device number 15
[  174.593216][   T30] audit: type=1400 audit(1758379480.562:401): avc:  denied  { mounton } for  pid=7314 comm="syz.2.376" path="/82/file0" dev="tmpfs" ino=460 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=sock_file permissive=1
[  174.593280][ T7315] fuse: Unknown parameter 'group_i00000000000000000000'
[  174.687269][ T7320] capability: warning: `syz.2.378' uses deprecated v2 capabilities in a way that may be insecure
[  174.926897][   T30] audit: type=1400 audit(1758379480.893:402): avc:  denied  { create } for  pid=7319 comm="syz.2.378" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  175.073692][   T30] audit: type=1400 audit(1758379480.893:403): avc:  denied  { create } for  pid=7319 comm="syz.2.378" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  175.328608][ T7333] binder: BC_ATTEMPT_ACQUIRE not supported
[  175.334575][ T7333] binder: 7329:7333 ioctl c0306201 2000000001c0 returned -22
[  175.795434][ T5933] usb 1-1: USB disconnect, device number 11
[  175.914483][ T7337] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  176.737689][ T7353] fuse: Unknown parameter 'group_i00000000000000000000'
[  176.747121][ T7354] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  176.854363][   T24] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  177.166586][   T24] usb 4-1: config 220 has an invalid interface number: 76 but max is 2
[  177.181277][   T24] usb 4-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[  177.193204][   T24] usb 4-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  177.226599][   T24] usb 4-1: config 220 has no interface number 2
[  177.276002][ T5933] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  177.288802][   T24] usb 4-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  177.325037][   T24] usb 4-1: config 220 interface 0 has no altsetting 0
[  177.335007][   T24] usb 4-1: config 220 interface 76 has no altsetting 0
[  177.342407][   T24] usb 4-1: config 220 interface 1 has no altsetting 0
[  177.353341][   T24] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  177.371516][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  177.380420][   T24] usb 4-1: Product: syz
[  177.384639][   T24] usb 4-1: Manufacturer: syz
[  177.394414][   T24] usb 4-1: SerialNumber: syz
[  177.492482][ T5933] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  177.502478][ T5933] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  177.533206][ T5933] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00
[  177.555734][ T5933] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  177.584580][ T5933] usb 1-1: config 0 descriptor??
[  177.588763][ T5848] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  178.290091][ T7380] ieee802154 phy0 wpan0: encryption failed: -22
[  178.374678][ T5848] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  178.389411][ T5848] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  178.407852][ T5848] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  178.496779][ T5933] kovaplus 0003:1E7D:2D50.0007: unknown main item tag 0x0
[  178.526518][ T5933] kovaplus 0003:1E7D:2D50.0007: unknown main item tag 0x0
[  178.536202][ T5848] usb 5-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  178.546496][ T5848] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  178.566508][ T5848] usb 5-1: Product: syz
[  178.580476][ T5848] usb 5-1: Manufacturer: syz
[  178.585194][ T5848] usb 5-1: SerialNumber: syz
[  178.585710][ T5933] kovaplus 0003:1E7D:2D50.0007: unknown main item tag 0x0
[  178.600875][ T5933] kovaplus 0003:1E7D:2D50.0007: unknown main item tag 0x0
[  178.617171][ T5848] usb 5-1: config 0 descriptor??
[  178.671912][ T5933] kovaplus 0003:1E7D:2D50.0007: unknown main item tag 0x0
[  178.681859][ T7364] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[  178.692241][ T5848] usb 5-1: ucan: probing device on interface #0
[  178.702689][ T5848] usb 5-1: ucan: invalid EP count (1)
[  178.713573][ T5848] usb 5-1: ucan: probe failed; try to update the device firmware
[  178.746580][ T5933] kovaplus 0003:1E7D:2D50.0007: hidraw0: USB HID v0.00 Device [HID 1e7d:2d50] on usb-dummy_hcd.0-1/input0
[  178.796981][ T5963] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  178.886995][   T92] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  178.956895][ T5963] usb 2-1: Using ep0 maxpacket: 16
[  178.963853][ T5963] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  178.974480][ T5963] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  178.994675][ T5963] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  179.004966][ T5963] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  179.016039][ T5963] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  179.030305][ T5963] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  179.039552][ T5963] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  179.047783][ T5963] usb 2-1: Manufacturer: syz
[  179.053279][ T5933] kovaplus 0003:1E7D:2D50.0007: couldn't init struct kovaplus_device
[  179.062089][   T92] usb 3-1: config 9 has an invalid interface number: 51 but max is 0
[  179.070807][   T92] usb 3-1: config 9 has no interface number 0
[  179.079489][ T5933] kovaplus 0003:1E7D:2D50.0007: couldn't install mouse
[  179.098188][   T92] usb 3-1: config 9 interface 51 has no altsetting 0
[  179.119039][ T5963] usb 2-1: config 0 descriptor??
[  179.125843][ T5933] kovaplus 0003:1E7D:2D50.0007: probe with driver kovaplus failed with error -5
[  179.145154][   T92] usb 3-1: New USB device found, idVendor=0499, idProduct=1001, bcdDevice=c4.19
[  179.155241][   T92] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  179.163927][   T92] usb 3-1: Product: syz
[  179.171203][   T92] usb 3-1: Manufacturer: syz
[  179.176111][   T92] usb 3-1: SerialNumber: syz
[  179.263337][ T5848] usb 1-1: USB disconnect, device number 12
[  179.389847][ T7384] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  179.402561][ T7384] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  179.406798][ T5963] rc_core: IR keymap rc-hauppauge not found
[  179.415897][   T30] kauditd_printk_skb: 4 callbacks suppressed
[  179.415910][   T30] audit: type=1400 audit(1758379485.385:408): avc:  denied  { shutdown } for  pid=7383 comm="syz.2.397" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  179.443102][ T5963] Registered IR keymap rc-empty
[  179.448125][ T5963] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  179.448965][   T30] audit: type=1400 audit(1758379485.415:409): avc:  denied  { write } for  pid=7383 comm="syz.2.397" name="binder0" dev="binder" ino=25 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  179.487392][ T5963] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  179.511358][ T5963] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0
[  179.535730][ T5963] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input21
[  179.558104][ T5963] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  179.577107][ T5963] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  179.597024][ T5963] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  179.617316][ T5963] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  179.636616][ T5963] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  179.656662][ T5963] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  179.676646][ T5963] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  179.696600][ T5963] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  179.716625][ T5963] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  179.736580][ T5963] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  179.760336][ T5963] mceusb 2-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  179.769467][ T5963] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  179.891670][ T5977] usb 2-1: USB disconnect, device number 16
[  179.912874][ T7395] fuse: Unknown parameter 'group_i00000000000000000000'
[  180.198535][ T7405] netlink: 24 bytes leftover after parsing attributes in process `syz.0.401'.
[  180.266265][ T5170] Bluetooth: hci4: command 0x0405 tx timeout
[  180.352417][ T5963] usb 5-1: USB disconnect, device number 9
[  180.589515][   T24] usb 4-1: selecting invalid altsetting 0
[  180.898817][   T30] audit: type=1400 audit(1758379486.825:410): avc:  denied  { name_connect } for  pid=7406 comm="syz.4.402" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=sctp_socket permissive=1
[  181.004708][   T24] usb 4-1: selecting invalid altsetting 0
[  181.010790][   T24] usb 4-1: Found UVC 7.01 device syz (8086:0b07)
[  181.050810][   T24] usb 4-1: No valid video chain found.
[  181.060847][   T30] audit: type=1400 audit(1758379486.866:411): avc:  denied  { listen } for  pid=7406 comm="syz.4.402" lport=48371 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  181.083776][   T30] audit: type=1400 audit(1758379486.946:412): avc:  denied  { accept } for  pid=7406 comm="syz.4.402" lport=48371 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  181.259428][ T7410] sctp: failed to load transform for md5: -2
[  181.271949][   T24] usb 4-1: selecting invalid altsetting 0
[  181.285736][   T24] usbtest 4-1:220.1: probe with driver usbtest failed with error -22
[  181.409661][ T7417] binder: BC_ATTEMPT_ACQUIRE not supported
[  181.415527][ T7417] binder: 7409:7417 ioctl c0306201 2000000001c0 returned -22
[  181.833122][   T30] audit: type=1400 audit(1758379487.006:413): avc:  denied  { ioctl } for  pid=5842 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=3031 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  181.875068][   T30] audit: type=1400 audit(1758379487.026:414): avc:  denied  { listen } for  pid=7406 comm="syz.4.402" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  181.898178][   T24] usb 4-1: USB disconnect, device number 17
[  182.043428][   T92] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  182.084206][   T92] usb 3-1: invalid MIDI in EP 0
[  182.257815][ T7430] netlink: 28 bytes leftover after parsing attributes in process `syz.0.404'.
[  182.393103][ T7437] netlink: 'syz.3.407': attribute type 2 has an invalid length.
[  183.538190][   T30] audit: type=1400 audit(1758379489.427:415): avc:  denied  { ioctl } for  pid=7418 comm="syz.0.404" path="socket:[13820]" dev="sockfs" ino=13820 ioctlcmd=0x8946 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  183.585659][ T7442] tty tty29: ldisc open failed (-12), clearing slot 28
[  183.624650][ T7436] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[  183.631269][ T7436] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  183.667800][   T92] snd-usb-audio 3-1:9.51: probe with driver snd-usb-audio failed with error -22
[  183.686471][   T92] usb 3-1: USB disconnect, device number 16
[  183.745978][ T7436] vhci_hcd vhci_hcd.0: Device attached
[  183.763613][ T7438] vhci_hcd: connection closed
[  183.765535][ T6145] vhci_hcd: stop threads
[  183.788768][ T6145] vhci_hcd: release socket
[  184.004478][ T6145] vhci_hcd: disconnect device
[  184.012032][ T7446] udevd[7446]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:9.51/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  184.014488][ T5963] usb 39-1: new high-speed USB device number 2 using vhci_hcd
[  184.094373][ T5963] usb 39-1: enqueue for inactive port 0
[  184.156566][ T7449] fuse: Unknown parameter 'group_id00000000000000000000'
[  184.174439][ T5963] vhci_hcd: vhci_device speed not set
[  184.388610][ T7455] FAULT_INJECTION: forcing a failure.
[  184.388610][ T7455] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  184.422427][ T7455] CPU: 0 UID: 0 PID: 7455 Comm: syz.2.411 Not tainted syzkaller #0 PREEMPT(full) 
[  184.422453][ T7455] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  184.422463][ T7455] Call Trace:
[  184.422469][ T7455]  <TASK>
[  184.422476][ T7455]  dump_stack_lvl+0x16c/0x1f0
[  184.422504][ T7455]  should_fail_ex+0x512/0x640
[  184.422530][ T7455]  _copy_from_user+0x2e/0xd0
[  184.422557][ T7455]  copy_msghdr_from_user+0x98/0x160
[  184.422580][ T7455]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  184.422614][ T7455]  ___sys_sendmsg+0xfe/0x1d0
[  184.422637][ T7455]  ? __pfx____sys_sendmsg+0x10/0x10
[  184.422689][ T7455]  __sys_sendmsg+0x16d/0x220
[  184.422711][ T7455]  ? __pfx___sys_sendmsg+0x10/0x10
[  184.422749][ T7455]  do_syscall_64+0xcd/0x4e0
[  184.422773][ T7455]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  184.422791][ T7455] RIP: 0033:0x7f8d1278ec29
[  184.422806][ T7455] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  184.422823][ T7455] RSP: 002b:00007f8d109ee038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  184.422839][ T7455] RAX: ffffffffffffffda RBX: 00007f8d129d5fa0 RCX: 00007f8d1278ec29
[  184.422851][ T7455] RDX: 0000000004000000 RSI: 0000200000000100 RDI: 0000000000000003
[  184.422862][ T7455] RBP: 00007f8d109ee090 R08: 0000000000000000 R09: 0000000000000000
[  184.422872][ T7455] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  184.422882][ T7455] R13: 00007f8d129d6038 R14: 00007f8d129d5fa0 R15: 00007ffdfe176d08
[  184.422905][ T7455]  </TASK>
[  184.795271][ T7464] netlink: 24 bytes leftover after parsing attributes in process `syz.0.414'.
[  184.823996][ T5968] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  185.003965][ T5968] usb 5-1: Using ep0 maxpacket: 16
[  185.012943][ T5968] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  185.456245][ T5977] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  185.488724][ T5968] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  185.512726][ T5968] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  185.531131][ T5968] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  185.550316][ T5968] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  185.571682][ T5968] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  185.599069][ T5968] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  185.648487][ T5968] usb 5-1: Manufacturer: syz
[  185.656864][ T5968] usb 5-1: config 0 descriptor??
[  185.669511][ T5977] usb 2-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  185.773800][ T5977] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  185.835961][ T5977] usb 2-1: Product: syz
[  185.840126][ T5977] usb 2-1: Manufacturer: syz
[  185.852972][ T5977] usb 2-1: SerialNumber: syz
[  185.880179][ T5977] usb 2-1: config 0 descriptor??
[  186.160296][ T5977] usb 2-1: USB disconnect, device number 17
[  186.173379][ T5968] rc_core: IR keymap rc-hauppauge not found
[  186.366518][ T5968] Registered IR keymap rc-empty
[  186.389057][ T5968] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  186.400202][ T7488] FAULT_INJECTION: forcing a failure.
[  186.400202][ T7488] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  186.449106][ T7488] CPU: 1 UID: 0 PID: 7488 Comm: syz.3.421 Not tainted syzkaller #0 PREEMPT(full) 
[  186.449132][ T7488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  186.449142][ T7488] Call Trace:
[  186.449148][ T7488]  <TASK>
[  186.449155][ T7488]  dump_stack_lvl+0x16c/0x1f0
[  186.449184][ T7488]  should_fail_ex+0x512/0x640
[  186.449210][ T7488]  _copy_from_user+0x2e/0xd0
[  186.449236][ T7488]  do_sock_getsockopt+0x3ca/0x440
[  186.449271][ T7488]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  186.449294][ T7488]  ? __fget_files+0x204/0x3c0
[  186.449328][ T7488]  __sys_getsockopt+0x12f/0x260
[  186.449355][ T7488]  __x64_sys_getsockopt+0xbd/0x160
[  186.449374][ T7488]  ? do_syscall_64+0x91/0x4e0
[  186.449395][ T7488]  ? lockdep_hardirqs_on+0x7c/0x110
[  186.449416][ T7488]  do_syscall_64+0xcd/0x4e0
[  186.449440][ T7488]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  186.449457][ T7488] RIP: 0033:0x7fd01758ec29
[  186.449471][ T7488] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  186.449487][ T7488] RSP: 002b:00007fd0184dc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  186.449505][ T7488] RAX: ffffffffffffffda RBX: 00007fd0177d5fa0 RCX: 00007fd01758ec29
[  186.449515][ T7488] RDX: 000000000000006d RSI: 0000000000000084 RDI: 0000000000000003
[  186.449524][ T7488] RBP: 00007fd0184dc090 R08: 0000200000000300 R09: 0000000000000000
[  186.449535][ T7488] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  186.449545][ T7488] R13: 00007fd0177d6038 R14: 00007fd0177d5fa0 R15: 00007ffe290151b8
[  186.449568][ T7488]  </TASK>
[  186.673909][ T5968] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  186.693666][ T5968] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0
[  186.706948][ T5968] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input22
[  186.722360][ T5968] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  186.743158][ T5968] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  186.763174][ T5968] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  186.783053][ T5968] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  186.803089][ T5968] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  186.823012][ T5968] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  186.843913][ T5968] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  186.863008][ T5968] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  186.882991][ T5968] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  186.903527][ T5968] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  186.925360][ T5968] mceusb 5-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  186.934996][ T5968] mceusb 5-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  187.002663][ T5968] usb 5-1: USB disconnect, device number 10
[  187.184377][ T7493] fuse: Unknown parameter 'group_id00000000000000000000'
[  187.510583][ T7496] Illegal XDP return value 14 on prog  (id 87) dev N/A, expect packet loss!
[  188.203862][ T7510] FAULT_INJECTION: forcing a failure.
[  188.203862][ T7510] name failslab, interval 1, probability 0, space 0, times 0
[  188.217586][ T7510] CPU: 1 UID: 0 PID: 7510 Comm: syz.1.428 Not tainted syzkaller #0 PREEMPT(full) 
[  188.217612][ T7510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  188.217622][ T7510] Call Trace:
[  188.217628][ T7510]  <TASK>
[  188.217634][ T7510]  dump_stack_lvl+0x16c/0x1f0
[  188.217662][ T7510]  should_fail_ex+0x512/0x640
[  188.217684][ T7510]  ? fs_reclaim_acquire+0xae/0x150
[  188.217710][ T7510]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  188.217737][ T7510]  should_failslab+0xc2/0x120
[  188.217758][ T7510]  __kmalloc_noprof+0xd2/0x510
[  188.217782][ T7510]  tomoyo_realpath_from_path+0xc2/0x6e0
[  188.217810][ T7510]  ? tomoyo_profile+0x47/0x60
[  188.217830][ T7510]  tomoyo_path_number_perm+0x245/0x580
[  188.217851][ T7510]  ? tomoyo_path_number_perm+0x237/0x580
[  188.217875][ T7510]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  188.217905][ T7510]  ? find_held_lock+0x2b/0x80
[  188.217951][ T7510]  ? find_held_lock+0x2b/0x80
[  188.217971][ T7510]  ? hook_file_ioctl_common+0x145/0x410
[  188.217996][ T7510]  ? __fget_files+0x20e/0x3c0
[  188.218021][ T7510]  security_file_ioctl+0x9b/0x240
[  188.218047][ T7510]  __x64_sys_ioctl+0xb7/0x210
[  188.218076][ T7510]  do_syscall_64+0xcd/0x4e0
[  188.218102][ T7510]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  188.218120][ T7510] RIP: 0033:0x7f2f4658ec29
[  188.218134][ T7510] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  188.218150][ T7510] RSP: 002b:00007f2f47436038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  188.218167][ T7510] RAX: ffffffffffffffda RBX: 00007f2f467d5fa0 RCX: 00007f2f4658ec29
[  188.218179][ T7510] RDX: 0000200000000180 RSI: 0000000040049366 RDI: 0000000000000003
[  188.218190][ T7510] RBP: 00007f2f47436090 R08: 0000000000000000 R09: 0000000000000000
[  188.218200][ T7510] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  188.218210][ T7510] R13: 00007f2f467d6038 R14: 00007f2f467d5fa0 R15: 00007ffe240d4738
[  188.218233][ T7510]  </TASK>
[  188.218246][ T7510] ERROR: Out of memory at tomoyo_realpath_from_path.
[  188.544626][ T7519] netlink: 'syz.4.431': attribute type 1 has an invalid length.
[  188.574243][ T7519] netlink: 'syz.4.431': attribute type 1 has an invalid length.
[  188.587934][   T30] audit: type=1400 audit(1758379494.559:416): avc:  denied  { shutdown } for  pid=7518 comm="syz.4.431" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  189.371914][   T92] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  189.546652][   T92] usb 2-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  189.561818][   T92] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  189.569900][ T7535] netlink: 4 bytes leftover after parsing attributes in process `syz.3.434'.
[  189.570325][   T92] usb 2-1: Product: syz
[  189.589305][   T92] usb 2-1: Manufacturer: syz
[  189.612262][   T92] usb 2-1: SerialNumber: syz
[  189.629415][   T92] usb 2-1: config 0 descriptor??
[  189.685213][ T7535] bridge_slave_1: left allmulticast mode
[  189.685238][ T7535] bridge_slave_1: left promiscuous mode
[  189.685566][ T7535] bridge0: port 2(bridge_slave_1) entered disabled state
[  189.936530][   T24] usb 2-1: USB disconnect, device number 18
[  189.969233][ T7542] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[  189.970918][ T7535] bridge_slave_0: left allmulticast mode
[  189.970934][ T7535] bridge_slave_0: left promiscuous mode
[  189.971050][ T7535] bridge0: port 1(bridge_slave_0) entered disabled state
[  190.520696][ T7532] openvswitch: netlink: Tunnel attr 2 has unexpected len 3 expected 4
[  191.167958][ T7560] netlink: 'syz.1.440': attribute type 1 has an invalid length.
[  191.177235][ T7560] netlink: 'syz.1.440': attribute type 1 has an invalid length.
[  191.391992][ T5968] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  191.631773][ T5968] usb 3-1: Using ep0 maxpacket: 8
[  191.723595][ T5968] usb 3-1: config 0 has an invalid interface number: 31 but max is 0
[  191.732951][ T5968] usb 3-1: config 0 has no interface number 0
[  191.741277][ T5968] usb 3-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[  191.750393][ T5968] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  191.758552][ T5968] usb 3-1: Product: syz
[  191.762839][ T5968] usb 3-1: Manufacturer: syz
[  191.767432][ T5968] usb 3-1: SerialNumber: syz
[  191.775678][ T5968] usb 3-1: config 0 descriptor??
[  191.781043][ T5963] usb 1-1: new full-speed USB device number 13 using dummy_hcd
[  191.834691][   T30] audit: type=1400 audit(1758379497.811:417): avc:  denied  { create } for  pid=7564 comm="syz.4.444" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  191.857458][ T5848] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  191.865304][   T30] audit: type=1400 audit(1758379497.831:418): avc:  denied  { connect } for  pid=7564 comm="syz.4.444" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  191.932205][ T5963] usb 1-1: config 0 has an invalid interface number: 202 but max is 0
[  191.940723][ T5963] usb 1-1: config 0 has no interface number 0
[  191.946875][ T5963] usb 1-1: config 0 interface 202 has no altsetting 0
[  191.959899][ T5963] usb 1-1: New USB device found, idVendor=1a0a, idProduct=0108, bcdDevice=fe.93
[  191.977711][ T5963] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  191.992525][ T5968] usb 3-1: Found UVC 0.04 device syz (046d:08c3)
[  192.053941][ T5968] usb 3-1: No valid video chain found.
[  192.059531][ T5963] usb 1-1: Product: syz
[  192.060824][ T5848] usb 2-1: too many configurations: 9, using maximum allowed: 8
[  192.074784][ T5968] usb 3-1: USB disconnect, device number 17
[  192.078618][ T5963] usb 1-1: Manufacturer: syz
[  192.084902][ T5848] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  192.097755][ T5848] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  192.112559][ T5963] usb 1-1: SerialNumber: syz
[  192.126757][ T5848] usb 2-1: config 0 interface 0 has no altsetting 0
[  192.158980][ T5848] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  192.159466][ T5963] usb 1-1: config 0 descriptor??
[  192.224704][ T5848] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  192.227091][ T5963] usb_ehset_test 1-1:0.202: probe with driver usb_ehset_test failed with error -32
[  192.272902][ T5848] usb 2-1: config 0 interface 0 has no altsetting 0
[  192.277601][ T7571] FAULT_INJECTION: forcing a failure.
[  192.277601][ T7571] name failslab, interval 1, probability 0, space 0, times 0
[  192.300313][ T7571] CPU: 0 UID: 0 PID: 7571 Comm: syz.3.446 Not tainted syzkaller #0 PREEMPT(full) 
[  192.300338][ T7571] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  192.300347][ T7571] Call Trace:
[  192.300353][ T7571]  <TASK>
[  192.300360][ T7571]  dump_stack_lvl+0x16c/0x1f0
[  192.300382][ T7571]  should_fail_ex+0x512/0x640
[  192.300397][ T7571]  ? fs_reclaim_acquire+0xae/0x150
[  192.300413][ T7571]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  192.300430][ T7571]  should_failslab+0xc2/0x120
[  192.300447][ T7571]  __kmalloc_noprof+0xd2/0x510
[  192.300471][ T7571]  tomoyo_realpath_from_path+0xc2/0x6e0
[  192.300498][ T7571]  ? tomoyo_profile+0x47/0x60
[  192.300517][ T7571]  tomoyo_path_number_perm+0x245/0x580
[  192.300536][ T7571]  ? tomoyo_path_number_perm+0x237/0x580
[  192.300560][ T7571]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  192.300580][ T7571]  ? find_held_lock+0x2b/0x80
[  192.300621][ T7571]  ? find_held_lock+0x2b/0x80
[  192.300642][ T7571]  ? hook_file_ioctl_common+0x145/0x410
[  192.300665][ T7571]  ? __fget_files+0x20e/0x3c0
[  192.300687][ T7571]  security_file_ioctl+0x9b/0x240
[  192.300704][ T7571]  __x64_sys_ioctl+0xb7/0x210
[  192.300723][ T7571]  do_syscall_64+0xcd/0x4e0
[  192.300739][ T7571]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  192.300755][ T7571] RIP: 0033:0x7fd01758ec29
[  192.300769][ T7571] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  192.300786][ T7571] RSP: 002b:00007fd0184dc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  192.300801][ T7571] RAX: ffffffffffffffda RBX: 00007fd0177d5fa0 RCX: 00007fd01758ec29
[  192.300813][ T7571] RDX: 0000000000000000 RSI: 0000000080184132 RDI: 0000000000000003
[  192.300822][ T7571] RBP: 00007fd0184dc090 R08: 0000000000000000 R09: 0000000000000000
[  192.300833][ T7571] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  192.300843][ T7571] R13: 00007fd0177d6038 R14: 00007fd0177d5fa0 R15: 00007ffe290151b8
[  192.300868][ T7571]  </TASK>
[  192.300879][ T7571] ERROR: Out of memory at tomoyo_realpath_from_path.
[  192.301327][ T5848] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  192.437598][ T5904] usb 1-1: USB disconnect, device number 13
[  192.702930][ T5848] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  192.810024][ T5848] usb 2-1: config 0 interface 0 has no altsetting 0
[  192.817630][ T5848] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  192.828202][ T5848] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  192.839113][ T5848] usb 2-1: config 0 interface 0 has no altsetting 0
[  192.847160][ T5848] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  192.856990][ T5848] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  192.876514][ T5848] usb 2-1: config 0 interface 0 has no altsetting 0
[  192.973298][ T7577] netlink: 52 bytes leftover after parsing attributes in process `syz.3.447'.
[  193.838240][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  193.844978][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  194.173742][ T5848] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  194.187900][ T7579] FAULT_INJECTION: forcing a failure.
[  194.187900][ T7579] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  194.209409][ T7579] CPU: 0 UID: 0 PID: 7579 Comm: syz.3.449 Not tainted syzkaller #0 PREEMPT(full) 
[  194.209435][ T7579] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  194.209444][ T7579] Call Trace:
[  194.209450][ T7579]  <TASK>
[  194.209456][ T7579]  dump_stack_lvl+0x16c/0x1f0
[  194.209480][ T7579]  should_fail_ex+0x512/0x640
[  194.209504][ T7579]  _copy_from_user+0x2e/0xd0
[  194.209530][ T7579]  copy_msghdr_from_user+0x98/0x160
[  194.209550][ T7579]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  194.209581][ T7579]  ___sys_sendmsg+0xfe/0x1d0
[  194.209603][ T7579]  ? __pfx____sys_sendmsg+0x10/0x10
[  194.209654][ T7579]  __sys_sendmsg+0x16d/0x220
[  194.209674][ T7579]  ? __pfx___sys_sendmsg+0x10/0x10
[  194.209710][ T7579]  do_syscall_64+0xcd/0x4e0
[  194.209734][ T7579]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  194.209750][ T7579] RIP: 0033:0x7fd01758ec29
[  194.209763][ T7579] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  194.209779][ T7579] RSP: 002b:00007fd0184dc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  194.209795][ T7579] RAX: ffffffffffffffda RBX: 00007fd0177d5fa0 RCX: 00007fd01758ec29
[  194.209806][ T7579] RDX: 0000000000000000 RSI: 0000200000007940 RDI: 0000000000000003
[  194.209815][ T7579] RBP: 00007fd0184dc090 R08: 0000000000000000 R09: 0000000000000000
[  194.209825][ T7579] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  194.209834][ T7579] R13: 00007fd0177d6038 R14: 00007fd0177d5fa0 R15: 00007ffe290151b8
[  194.209858][ T7579]  </TASK>
[  194.210520][ T5848] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  194.385044][ T5848] usb 2-1: config 0 interface 0 has no altsetting 0
[  194.539237][ T5904] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  194.542715][ T5848] usb 2-1: unable to read config index 6 descriptor/all
[  194.554590][ T5848] usb 2-1: can't read configurations, error -71
[  194.759237][   T30] audit: type=1400 audit(1758379500.702:419): avc:  denied  { setopt } for  pid=7583 comm="syz.4.452" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  194.837768][   T30] audit: type=1400 audit(1758379500.712:420): avc:  denied  { audit_write } for  pid=7583 comm="syz.4.452" capability=29  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  194.951268][ T5848] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  195.013336][ T7594] FAULT_INJECTION: forcing a failure.
[  195.013336][ T7594] name failslab, interval 1, probability 0, space 0, times 0
[  195.031544][ T7594] CPU: 0 UID: 0 PID: 7594 Comm: syz.3.454 Not tainted syzkaller #0 PREEMPT(full) 
[  195.031571][ T7594] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  195.031582][ T7594] Call Trace:
[  195.031588][ T7594]  <TASK>
[  195.031595][ T7594]  dump_stack_lvl+0x16c/0x1f0
[  195.031624][ T7594]  should_fail_ex+0x512/0x640
[  195.031647][ T7594]  ? fs_reclaim_acquire+0xae/0x150
[  195.031673][ T7594]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  195.031700][ T7594]  should_failslab+0xc2/0x120
[  195.031721][ T7594]  __kmalloc_noprof+0xd2/0x510
[  195.031746][ T7594]  tomoyo_realpath_from_path+0xc2/0x6e0
[  195.031775][ T7594]  ? tomoyo_profile+0x47/0x60
[  195.031795][ T7594]  tomoyo_path_number_perm+0x245/0x580
[  195.031816][ T7594]  ? tomoyo_path_number_perm+0x237/0x580
[  195.031847][ T7594]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  195.031871][ T7594]  ? find_held_lock+0x2b/0x80
[  195.031917][ T7594]  ? find_held_lock+0x2b/0x80
[  195.031938][ T7594]  ? hook_file_ioctl_common+0x145/0x410
[  195.031962][ T7594]  ? __fget_files+0x20e/0x3c0
[  195.031987][ T7594]  security_file_ioctl+0x9b/0x240
[  195.032014][ T7594]  __x64_sys_ioctl+0xb7/0x210
[  195.032043][ T7594]  do_syscall_64+0xcd/0x4e0
[  195.032069][ T7594]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  195.032087][ T7594] RIP: 0033:0x7fd01758ec29
[  195.032102][ T7594] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  195.032118][ T7594] RSP: 002b:00007fd0184dc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  195.032136][ T7594] RAX: ffffffffffffffda RBX: 00007fd0177d5fa0 RCX: 00007fd01758ec29
[  195.032147][ T7594] RDX: 0000200000000200 RSI: 00000000c0306201 RDI: 0000000000000004
[  195.032158][ T7594] RBP: 00007fd0184dc090 R08: 0000000000000000 R09: 0000000000000000
[  195.032169][ T7594] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  195.032179][ T7594] R13: 00007fd0177d6038 R14: 00007fd0177d5fa0 R15: 00007ffe290151b8
[  195.032203][ T7594]  </TASK>
[  195.032211][ T7594] ERROR: Out of memory at tomoyo_realpath_from_path.
[  195.189726][ T5848] usb 2-1: config 220 has an invalid interface number: 76 but max is 2
[  195.203254][ T7594] binder: 7593:7594 ioctl c0306201 200000000200 returned -11
[  195.221392][ T5848] usb 2-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[  195.226968][ T5904] usb 3-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  195.230125][ T5848] usb 2-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  195.250552][ T5904] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  195.263710][ T5848] usb 2-1: config 220 has no interface number 2
[  195.307947][ T5848] usb 2-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  195.314076][ T5904] usb 3-1: Product: syz
[  195.321568][ T5848] usb 2-1: config 220 interface 0 has no altsetting 0
[  195.333560][ T5848] usb 2-1: config 220 interface 76 has no altsetting 0
[  195.340565][ T5904] usb 3-1: Manufacturer: syz
[  195.340593][ T5848] usb 2-1: config 220 interface 1 has no altsetting 0
[  195.345153][ T5904] usb 3-1: SerialNumber: syz
[  195.359277][ T5848] usb 2-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  195.368542][ T5848] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  195.369161][ T5904] usb 3-1: config 0 descriptor??
[  195.376691][ T5848] usb 2-1: Product: syz
[  195.387782][ T5848] usb 2-1: Manufacturer: syz
[  195.423455][ T7596] FAULT_INJECTION: forcing a failure.
[  195.423455][ T7596] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  195.453414][ T7596] CPU: 0 UID: 0 PID: 7596 Comm: syz.3.455 Not tainted syzkaller #0 PREEMPT(full) 
[  195.453441][ T7596] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  195.453451][ T7596] Call Trace:
[  195.453457][ T7596]  <TASK>
[  195.453464][ T7596]  dump_stack_lvl+0x16c/0x1f0
[  195.453491][ T7596]  should_fail_ex+0x512/0x640
[  195.453518][ T7596]  _copy_from_user+0x2e/0xd0
[  195.453545][ T7596]  copy_msghdr_from_user+0x98/0x160
[  195.453569][ T7596]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  195.453603][ T7596]  ___sys_sendmsg+0xfe/0x1d0
[  195.453627][ T7596]  ? __pfx____sys_sendmsg+0x10/0x10
[  195.453680][ T7596]  __sys_sendmsg+0x16d/0x220
[  195.453702][ T7596]  ? __pfx___sys_sendmsg+0x10/0x10
[  195.453740][ T7596]  do_syscall_64+0xcd/0x4e0
[  195.453766][ T7596]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  195.453783][ T7596] RIP: 0033:0x7fd01758ec29
[  195.453798][ T7596] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  195.453815][ T7596] RSP: 002b:00007fd0184dc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  195.453833][ T7596] RAX: ffffffffffffffda RBX: 00007fd0177d5fa0 RCX: 00007fd01758ec29
[  195.453844][ T7596] RDX: 0000000004040080 RSI: 0000200000000280 RDI: 0000000000000003
[  195.453860][ T7596] RBP: 00007fd0184dc090 R08: 0000000000000000 R09: 0000000000000000
[  195.453871][ T7596] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  195.453881][ T7596] R13: 00007fd0177d6038 R14: 00007fd0177d5fa0 R15: 00007ffe290151b8
[  195.453908][ T7596]  </TASK>
[  195.467605][ T5848] usb 2-1: SerialNumber: syz
[  195.670515][ T5904] usb 3-1: USB disconnect, device number 18
[  196.267201][ T7607] ieee802154 phy0 wpan0: encryption failed: -22
[  197.064583][ T7620] FAULT_INJECTION: forcing a failure.
[  197.064583][ T7620] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  197.077929][ T7620] CPU: 0 UID: 0 PID: 7620 Comm: syz.0.461 Not tainted syzkaller #0 PREEMPT(full) 
[  197.077955][ T7620] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  197.077965][ T7620] Call Trace:
[  197.077971][ T7620]  <TASK>
[  197.077977][ T7620]  dump_stack_lvl+0x16c/0x1f0
[  197.078005][ T7620]  should_fail_ex+0x512/0x640
[  197.078033][ T7620]  _copy_from_user+0x2e/0xd0
[  197.078059][ T7620]  copy_msghdr_from_user+0x98/0x160
[  197.078082][ T7620]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  197.078115][ T7620]  ___sys_sendmsg+0xfe/0x1d0
[  197.078138][ T7620]  ? __pfx____sys_sendmsg+0x10/0x10
[  197.078190][ T7620]  __sys_sendmsg+0x16d/0x220
[  197.078213][ T7620]  ? __pfx___sys_sendmsg+0x10/0x10
[  197.078250][ T7620]  do_syscall_64+0xcd/0x4e0
[  197.078276][ T7620]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  197.078295][ T7620] RIP: 0033:0x7f88a938ec29
[  197.078309][ T7620] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  197.078326][ T7620] RSP: 002b:00007f88aa265038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  197.078344][ T7620] RAX: ffffffffffffffda RBX: 00007f88a95d6180 RCX: 00007f88a938ec29
[  197.078356][ T7620] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000007
[  197.078367][ T7620] RBP: 00007f88aa265090 R08: 0000000000000000 R09: 0000000000000000
[  197.078377][ T7620] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  197.078387][ T7620] R13: 00007f88a95d6218 R14: 00007f88a95d6180 R15: 00007ffc710655e8
[  197.078410][ T7620]  </TASK>
[  198.847540][ T5848] usb 2-1: selecting invalid altsetting 0
[  198.887044][ T5848] usb 2-1: selecting invalid altsetting 0
[  198.893125][ T5848] usb 2-1: Found UVC 7.01 device syz (8086:0b07)
[  198.948922][ T5848] usb 2-1: No valid video chain found.
[  199.038137][ T5977] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  199.180465][ T5848] usb 2-1: selecting invalid altsetting 0
[  199.186259][ T5848] usbtest 2-1:220.1: probe with driver usbtest failed with error -22
[  199.218781][ T5848] usb 2-1: USB disconnect, device number 20
[  199.299307][ T5977] usb 5-1: config 0 has no interfaces?
[  199.466456][ T5977] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  199.660836][   T24] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  199.669134][ T5977] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  199.683999][ T5977] usb 5-1: Product: syz
[  199.688390][ T5977] usb 5-1: Manufacturer: syz
[  199.692979][ T5977] usb 5-1: SerialNumber: syz
[  199.707758][ T5977] usb 5-1: config 0 descriptor??
[  199.826557][   T24] usb 3-1: Using ep0 maxpacket: 16
[  199.840009][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  199.873835][ T5848] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  200.135875][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  200.165319][ T5977] usb 5-1: USB disconnect, device number 11
[  200.181480][   T24] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  200.236480][   T24] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  200.245690][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  200.261698][   T24] usb 3-1: config 0 descriptor??
[  200.309650][ T5848] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  200.329860][ T5848] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  200.346441][ T5848] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00
[  200.355710][ T5848] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  200.366715][ T5848] usb 2-1: config 0 descriptor??
[  200.467904][ T7651] fuse: Bad value for 'user_id'
[  200.472834][ T7651] fuse: Bad value for 'user_id'
[  200.966910][ T7645] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  201.036594][ T7645] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  201.055598][ T5848] kovaplus 0003:1E7D:2D50.0008: unknown main item tag 0x0
[  201.083086][ T5848] kovaplus 0003:1E7D:2D50.0008: unknown main item tag 0x0
[  201.092244][   T24] microsoft 0003:045E:07DA.0009: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0
[  201.113991][ T5848] kovaplus 0003:1E7D:2D50.0008: unknown main item tag 0x0
[  201.125639][   T24] microsoft 0003:045E:07DA.0009: no inputs found
[  201.132305][ T5848] kovaplus 0003:1E7D:2D50.0008: unknown main item tag 0x0
[  201.139791][   T24] microsoft 0003:045E:07DA.0009: could not initialize ff, continuing anyway
[  201.148675][ T5848] kovaplus 0003:1E7D:2D50.0008: unknown main item tag 0x0
[  201.167652][ T5848] kovaplus 0003:1E7D:2D50.0008: hidraw1: USB HID v0.00 Device [HID 1e7d:2d50] on usb-dummy_hcd.1-1/input0
[  201.833770][ T5848] kovaplus 0003:1E7D:2D50.0008: couldn't init struct kovaplus_device
[  201.949526][ T5848] kovaplus 0003:1E7D:2D50.0008: couldn't install mouse
[  201.959811][ T5848] kovaplus 0003:1E7D:2D50.0008: probe with driver kovaplus failed with error -5
[  202.612885][ T5904] usb 3-1: USB disconnect, device number 19
[  202.673168][ T5933] usb 2-1: USB disconnect, device number 21
[  202.925469][ T5848] usb 5-1: new full-speed USB device number 12 using dummy_hcd
[  203.437112][ T5933] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  203.788152][ T7687] No source specified
[  203.844154][ T5848] usb 5-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0
[  203.854708][ T5848] usb 5-1: config 0 interface 0 altsetting 1 endpoint 0x89 has an invalid bInterval 0, changing to 10
[  203.930160][ T5848] usb 5-1: config 0 interface 0 altsetting 1 endpoint 0x89 has invalid maxpacket 255, setting to 64
[  203.942355][ T5848] usb 5-1: config 0 interface 0 has no altsetting 0
[  203.953639][ T5848] usb 5-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb
[  203.956165][ T5933] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  203.963154][ T5848] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  203.999131][ T7687] netlink: 16 bytes leftover after parsing attributes in process `syz.0.479'.
[  204.013686][ T7695] fuse: Bad value for 'fd'
[  204.023574][ T5848] usb 5-1: Product: syz
[  204.028299][ T5848] usb 5-1: Manufacturer: syz
[  204.032974][ T5848] usb 5-1: SerialNumber: syz
[  204.040953][ T5933] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  204.041286][ T5848] usb 5-1: config 0 descriptor??
[  204.055631][ T7676] raw-gadget.3 gadget.4: fail, usb_ep_enable returned -22
[  204.097005][ T5933] usb 2-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  204.110420][ T5933] usb 2-1: Product: syz
[  204.232995][ T5933] usb 2-1: Manufacturer: syz
[  204.238563][ T5933] usb 2-1: SerialNumber: syz
[  204.264328][ T5933] usb 2-1: config 0 descriptor??
[  204.276411][ T7676] raw-gadget.3 gadget.4: fail, usb_ep_enable returned -22
[  204.736950][   T30] audit: type=1400 audit(1758379510.247:421): avc:  denied  { mounton } for  pid=7697 comm="syz.3.485" path="/102/file0" dev="tmpfs" ino=570 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=fifo_file permissive=1
[  204.763488][ T5933] snd-usb-audio 2-1:0.0: probe with driver snd-usb-audio failed with error -22
[  204.766161][ T5848] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input24
[  204.856881][ T5843] udevd[5843]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  205.048117][   T30] audit: type=1400 audit(1758379511.018:422): avc:  denied  { write } for  pid=7674 comm="syz.4.478" path="socket:[15665]" dev="sockfs" ino=15665 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  205.054665][ T5904] usb 2-1: USB disconnect, device number 22
[  205.085881][ T5848] usb 5-1: USB disconnect, device number 12
[  205.091846][    C1] synaptics_usb 5-1:0.0: synusb_irq - usb_submit_urb failed with result: -19
[  205.115239][ T5204] synaptics_usb 5-1:0.0: synusb_open - usb_submit_urb failed, error: -19
[  205.293854][ T5933] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  205.466015][ T5933] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  205.478630][ T5933] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  205.492690][ T5933] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00
[  205.505487][ T5933] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  205.518524][ T5933] usb 3-1: config 0 descriptor??
[  205.585092][ T7712] binder: BC_ATTEMPT_ACQUIRE not supported
[  205.590917][ T7712] binder: 7711:7712 ioctl c0306201 2000000001c0 returned -22
[  206.346688][ T5933] kovaplus 0003:1E7D:2D50.000A: unknown main item tag 0x0
[  206.354866][ T5933] kovaplus 0003:1E7D:2D50.000A: unknown main item tag 0x0
[  206.362013][ T5933] kovaplus 0003:1E7D:2D50.000A: unknown main item tag 0x0
[  206.369610][ T5933] kovaplus 0003:1E7D:2D50.000A: unknown main item tag 0x0
[  206.376968][ T5933] kovaplus 0003:1E7D:2D50.000A: unknown main item tag 0x0
[  206.387779][ T5933] kovaplus 0003:1E7D:2D50.000A: hidraw0: USB HID v0.00 Device [HID 1e7d:2d50] on usb-dummy_hcd.2-1/input0
[  206.413608][ T5904] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  206.473517][ T5933] kovaplus 0003:1E7D:2D50.000A: couldn't init struct kovaplus_device
[  206.481656][ T5933] kovaplus 0003:1E7D:2D50.000A: couldn't install mouse
[  206.488653][   T92] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  206.501144][ T5933] kovaplus 0003:1E7D:2D50.000A: probe with driver kovaplus failed with error -71
[  206.515294][ T5933] usb 3-1: USB disconnect, device number 20
[  206.633085][ T5904] usb 2-1: Using ep0 maxpacket: 16
[  206.658148][ T5904] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  206.669048][ T5904] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  206.680118][ T5904] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  206.689930][ T5904] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  206.701192][ T5904] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  206.856383][ T5904] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  206.900999][   T92] usb 5-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  206.945271][ T5904] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  206.965194][   T92] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  207.027399][ T5904] usb 2-1: Manufacturer: syz
[  207.042350][   T92] usb 5-1: Product: syz
[  207.051260][ T5904] usb 2-1: config 0 descriptor??
[  207.059095][   T92] usb 5-1: Manufacturer: syz
[  207.154822][   T92] usb 5-1: SerialNumber: syz
[  207.176169][   T92] usb 5-1: config 0 descriptor??
[  207.406454][   T92] usb 5-1: USB disconnect, device number 13
[  207.564218][ T5904] rc_core: IR keymap rc-hauppauge not found
[  207.570321][ T5904] Registered IR keymap rc-empty
[  207.576810][ T5904] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  207.602776][ T5904] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  207.744014][ T5904] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0
[  207.766436][ T5904] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input25
[  207.782097][ T5904] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  207.812571][ T5904] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  207.832971][ T5904] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  207.889835][ T5904] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  207.921829][ T7740] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[  207.931900][ T5904] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  207.962516][ T5904] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  207.982496][ T5904] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  208.002448][ T5904] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  208.022446][ T5904] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  208.042493][ T5904] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  208.601139][ T5904] mceusb 2-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  208.613741][ T7751] FAULT_INJECTION: forcing a failure.
[  208.613741][ T7751] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  208.647437][ T5904] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  208.672089][ T7751] CPU: 1 UID: 0 PID: 7751 Comm: syz.4.499 Not tainted syzkaller #0 PREEMPT(full) 
[  208.672108][ T7751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  208.672114][ T7751] Call Trace:
[  208.672118][ T7751]  <TASK>
[  208.672124][ T7751]  dump_stack_lvl+0x16c/0x1f0
[  208.672144][ T7751]  should_fail_ex+0x512/0x640
[  208.672161][ T7751]  _copy_from_user+0x2e/0xd0
[  208.672178][ T7751]  copy_from_sockptr_offset+0x15c/0x1b0
[  208.672197][ T7751]  ? __pfx_copy_from_sockptr_offset+0x10/0x10
[  208.672214][ T7751]  ? avc_has_perm+0x144/0x1f0
[  208.672229][ T7751]  do_tcp_setsockopt+0x13e/0x2640
[  208.672244][ T7751]  ? __pfx_do_tcp_setsockopt+0x10/0x10
[  208.672256][ T7751]  ? sock_has_perm+0x259/0x2f0
[  208.672270][ T7751]  ? __pfx_sock_has_perm+0x10/0x10
[  208.672283][ T7751]  ? selinux_netlbl_socket_setsockopt+0x183/0x470
[  208.672300][ T7751]  ? __pfx_selinux_netlbl_socket_setsockopt+0x10/0x10
[  208.672320][ T7751]  ? find_held_lock+0x2b/0x80
[  208.672338][ T7751]  tcp_setsockopt+0xe2/0x100
[  208.672349][ T7751]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  208.672367][ T7751]  do_sock_setsockopt+0xf3/0x1d0
[  208.672385][ T7751]  __sys_setsockopt+0x1a0/0x230
[  208.672400][ T7751]  __x64_sys_setsockopt+0xbd/0x160
[  208.672413][ T7751]  ? do_syscall_64+0x91/0x4e0
[  208.672427][ T7751]  ? lockdep_hardirqs_on+0x7c/0x110
[  208.672441][ T7751]  do_syscall_64+0xcd/0x4e0
[  208.672456][ T7751]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  208.672468][ T7751] RIP: 0033:0x7fd115b8ec29
[  208.672477][ T7751] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  208.672488][ T7751] RSP: 002b:00007fd116a00038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  208.672500][ T7751] RAX: ffffffffffffffda RBX: 00007fd115dd5fa0 RCX: 00007fd115b8ec29
[  208.672507][ T7751] RDX: 0000000000000019 RSI: 0000000000000006 RDI: 0000000000000003
[  208.672513][ T7751] RBP: 00007fd116a00090 R08: 0000000000000004 R09: 0000000000000000
[  208.672519][ T7751] R10: 0000200000000200 R11: 0000000000000246 R12: 0000000000000001
[  208.672526][ T7751] R13: 00007fd115dd6038 R14: 00007fd115dd5fa0 R15: 00007ffd715c9258
[  208.672540][ T7751]  </TASK>
[  208.909343][ T5904] usb 2-1: USB disconnect, device number 23
[  209.441888][ T5913] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  210.169852][ T5913] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  210.228850][ T5913] usb 1-1: config 0 interface 0 altsetting 251 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  210.243177][ T5913] usb 1-1: config 0 interface 0 has no altsetting 0
[  210.281308][ T5913] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  210.294218][ T5913] usb 1-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  210.336222][ T5913] usb 1-1: Product: syz
[  210.384309][ T5913] usb 1-1: Manufacturer: syz
[  210.430211][ T5913] usb 1-1: SerialNumber: syz
[  210.463610][ T5913] usb 1-1: config 0 descriptor??
[  210.589996][ T5913] snd-usb-audio 1-1:0.0: probe with driver snd-usb-audio failed with error -22
[  210.612004][ T5866] udevd[5866]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  210.631167][   T24] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  210.677696][ T5977] usb 1-1: USB disconnect, device number 14
[  210.781309][   T24] usb 5-1: device descriptor read/64, error -71
[  210.840946][ T5904] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  211.000977][ T5904] usb 3-1: Using ep0 maxpacket: 32
[  211.013751][ T5904] usb 3-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[  211.020868][   T24] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  211.033476][ T5904] usb 3-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[  211.049556][ T5904] usb 3-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 202, changing to 7
[  211.063181][ T5904] usb 3-1: config 155 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 42735, setting to 1024
[  211.074866][ T5904] usb 3-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[  211.096442][ T5904] usb 3-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[  211.107602][ T5904] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  211.115938][ T5904] usb 3-1: Product: syz
[  211.120268][ T5904] usb 3-1: Manufacturer: syz
[  211.127021][ T5904] usb 3-1: SerialNumber: syz
[  211.130831][ T5977] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  211.170196][ T5904] imon:imon_find_endpoints: no valid input (IR) endpoint found
[  211.177989][ T5904] imon 3-1:155.0: unable to initialize intf0, err -19
[  211.180809][   T24] usb 5-1: device descriptor read/64, error -71
[  211.193189][ T5904] imon:imon_probe: failed to initialize context!
[  211.199652][ T5904] imon 3-1:155.0: unable to register, err -19
[  211.313863][   T24] usb usb5-port1: attempt power cycle
[  211.319769][ T5977] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  211.330254][ T5977] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  211.350388][ T5977] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00
[  211.360391][ T5977] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  211.366140][ T5904] usb 3-1: USB disconnect, device number 21
[  211.376808][ T5977] usb 4-1: config 0 descriptor??
[  211.545882][ T7797] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[  211.560635][ T1207] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[  211.670827][   T24] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  211.691148][   T24] usb 5-1: device descriptor read/8, error -71
[  211.778895][ T1207] usb 2-1: unable to get BOS descriptor or descriptor too short
[  211.790967][ T1207] usb 2-1: unable to read config index 0 descriptor/start: -71
[  211.804949][ T5977] kovaplus 0003:1E7D:2D50.000B: unknown main item tag 0x0
[  211.812177][ T1207] usb 2-1: can't read configurations, error -71
[  211.819811][ T5977] kovaplus 0003:1E7D:2D50.000B: unknown main item tag 0x0
[  211.831077][ T5977] kovaplus 0003:1E7D:2D50.000B: unknown main item tag 0x0
[  211.840767][ T5977] kovaplus 0003:1E7D:2D50.000B: unknown main item tag 0x0
[  211.848374][ T5977] kovaplus 0003:1E7D:2D50.000B: unknown main item tag 0x0
[  211.867573][ T5977] kovaplus 0003:1E7D:2D50.000B: hidraw0: USB HID v0.00 Device [HID 1e7d:2d50] on usb-dummy_hcd.3-1/input0
[  211.930751][   T24] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  211.956949][   T24] usb 5-1: device descriptor read/8, error -71
[  212.000093][ T5977] kovaplus 0003:1E7D:2D50.000B: couldn't init struct kovaplus_device
[  212.027660][ T5977] kovaplus 0003:1E7D:2D50.000B: couldn't install mouse
[  212.037951][ T5977] kovaplus 0003:1E7D:2D50.000B: probe with driver kovaplus failed with error -71
[  212.049649][ T7802] FAULT_INJECTION: forcing a failure.
[  212.049649][ T7802] name failslab, interval 1, probability 0, space 0, times 0
[  212.065855][ T5977] usb 4-1: USB disconnect, device number 18
[  212.228628][ T7802] CPU: 0 UID: 0 PID: 7802 Comm: syz.2.517 Not tainted syzkaller #0 PREEMPT(full) 
[  212.228656][ T7802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  212.228666][ T7802] Call Trace:
[  212.228672][ T7802]  <TASK>
[  212.228679][ T7802]  dump_stack_lvl+0x16c/0x1f0
[  212.228713][ T7802]  should_fail_ex+0x512/0x640
[  212.228734][ T7802]  ? fs_reclaim_acquire+0xae/0x150
[  212.228759][ T7802]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  212.228784][ T7802]  should_failslab+0xc2/0x120
[  212.228804][ T7802]  __kmalloc_noprof+0xd2/0x510
[  212.228828][ T7802]  tomoyo_realpath_from_path+0xc2/0x6e0
[  212.228855][ T7802]  ? tomoyo_profile+0x47/0x60
[  212.228874][ T7802]  tomoyo_path_number_perm+0x245/0x580
[  212.228896][ T7802]  ? tomoyo_path_number_perm+0x237/0x580
[  212.228920][ T7802]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  212.228943][ T7802]  ? find_held_lock+0x2b/0x80
[  212.228987][ T7802]  ? find_held_lock+0x2b/0x80
[  212.229007][ T7802]  ? hook_file_ioctl_common+0x145/0x410
[  212.229030][ T7802]  ? __fget_files+0x20e/0x3c0
[  212.229055][ T7802]  security_file_ioctl+0x9b/0x240
[  212.229081][ T7802]  __x64_sys_ioctl+0xb7/0x210
[  212.229109][ T7802]  do_syscall_64+0xcd/0x4e0
[  212.229134][ T7802]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  212.229151][ T7802] RIP: 0033:0x7f8d1278ec29
[  212.229165][ T7802] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  212.229179][ T7802] RSP: 002b:00007f8d109cd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  212.229195][ T7802] RAX: ffffffffffffffda RBX: 00007f8d129d6090 RCX: 00007f8d1278ec29
[  212.229205][ T7802] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006
[  212.229215][ T7802] RBP: 00007f8d109cd090 R08: 0000000000000000 R09: 0000000000000000
[  212.229224][ T7802] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  212.229233][ T7802] R13: 00007f8d129d6128 R14: 00007f8d129d6090 R15: 00007ffdfe176d08
[  212.229255][ T7802]  </TASK>
[  212.229261][ T7802] ERROR: Out of memory at tomoyo_realpath_from_path.
[  212.238475][   T24] usb usb5-port1: unable to enumerate USB device
[  212.659624][   T30] audit: type=1400 audit(1758379518.641:423): avc:  denied  { ioctl } for  pid=7806 comm="syz.0.519" path="socket:[15939]" dev="sockfs" ino=15939 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  212.733132][ T7811] netlink: 8 bytes leftover after parsing attributes in process `syz.0.521'.
[  212.805998][   T30] audit: type=1400 audit(1758379518.791:424): avc:  denied  { read write } for  pid=7812 comm="syz.3.524" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  212.823800][ T7817] netfs: Couldn't get user pages (rc=-14)
[  212.835806][ T7815] netfs: Couldn't get user pages (rc=-14)
[  212.950024][   T30] audit: type=1400 audit(1758379518.801:425): avc:  denied  { open } for  pid=7816 comm="syz.0.523" path="/108/file0" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  213.010043][ T1207] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[  213.199056][ T1207] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  213.219830][ T1207] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0
[  213.230791][ T1207] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[  213.249931][ T1207] usb 2-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b
[  213.259775][ T1207] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  213.293861][ T1207] usb 2-1: config 0 descriptor??
[  213.310304][ T1207] hdpvr 2-1:0.0: Could not find bulk-in endpoint
[  213.316916][ T1207] hdpvr 2-1:0.0: probe with driver hdpvr failed with error -12
[  213.499826][ T5904] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  213.740873][ T5913] usb 2-1: USB disconnect, device number 25
[  213.747958][ T5933] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  213.823374][ T5904] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  213.859456][ T5904] usb 1-1: config 0 interface 0 altsetting 251 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  213.872564][ T5904] usb 1-1: config 0 interface 0 has no altsetting 0
[  214.001064][ T5904] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  214.012184][ T5933] usb 3-1: Using ep0 maxpacket: 16
[  214.017456][ T5904] usb 1-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  214.026327][ T5904] usb 1-1: Product: syz
[  214.030915][ T5904] usb 1-1: Manufacturer: syz
[  214.035859][ T5933] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  214.046434][ T5933] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  214.059595][ T5933] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  214.074471][ T5904] usb 1-1: SerialNumber: syz
[  214.087825][ T5933] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  214.100871][ T5904] usb 1-1: config 0 descriptor??
[  214.130886][ T5933] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  214.178074][ T5904] snd-usb-audio 1-1:0.0: probe with driver snd-usb-audio failed with error -22
[  214.191741][ T5933] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  214.201127][ T5933] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  214.209657][ T5933] usb 3-1: Manufacturer: syz
[  214.241062][ T5933] usb 3-1: config 0 descriptor??
[  214.294304][ T5866] udevd[5866]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  214.322631][ T5913] usb 1-1: USB disconnect, device number 15
[  215.024253][ T7843] netdevsim netdevsim4 netdevsim0: entered promiscuous mode
[  215.032967][ T7843] macsec1: entered promiscuous mode
[  215.060909][ T5933] rc_core: IR keymap rc-hauppauge not found
[  215.071694][ T5933] Registered IR keymap rc-empty
[  215.082220][ T5933] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  215.118931][ T5933] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  215.161224][ T5933] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0
[  215.873102][ T5933] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input26
[  215.966312][ T5933] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  216.039508][ T5933] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  216.089599][ T5933] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  216.117669][ T5933] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  216.147331][ T7854] netlink: 8 bytes leftover after parsing attributes in process `syz.1.534'.
[  216.162657][ T5933] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  216.217147][ T5933] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  216.306090][ T5933] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  216.368810][ T5933] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  216.396422][ T1207] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  216.438562][ T5933] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  216.545106][ T5933] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  216.649852][ T5933] mceusb 3-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  216.707062][ T5933] mceusb 3-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  216.732631][ T5904] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[  216.854887][ T5933] usb 3-1: USB disconnect, device number 22
[  216.928000][ T5904] usb 2-1: device descriptor read/64, error -71
[  217.238001][ T5904] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  217.259171][ T1207] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  217.289058][ T1207] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[  217.367832][ T5904] usb 2-1: device descriptor read/64, error -71
[  217.374436][ T1207] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[  217.419863][ T1207] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 0
[  217.487610][ T5904] usb usb2-port1: attempt power cycle
[  217.499356][ T1207] usb 1-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  217.513434][ T1207] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  217.523374][ T1207] usb 1-1: Product: syz
[  217.693243][ T1207] usb 1-1: Manufacturer: syz
[  217.749650][ T7878] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[  217.785764][ T1207] usb 1-1: SerialNumber: syz
[  217.907879][ T1207] usb 1-1: config 0 descriptor??
[  217.927386][ T5904] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[  217.927646][ T7856] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  217.968257][ T5904] usb 2-1: device descriptor read/8, error -71
[  217.968428][ T1207] usb 1-1: ucan: probing device on interface #0
[  217.983969][ T1207] usb 1-1: ucan: invalid in_ep MaxPacketSize
[  217.991821][ T1207] usb 1-1: ucan: probe failed; try to update the device firmware
[  218.248395][ T5904] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[  218.273825][ T5904] usb 2-1: device descriptor read/8, error -71
[  218.407795][ T5904] usb usb2-port1: unable to enumerate USB device
[  218.441720][ T7881] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  218.671207][   T30] audit: type=1400 audit(1758379524.654:426): avc:  denied  { connect } for  pid=7888 comm="syz.3.544" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  218.690740][ T7891] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[  218.773339][   T30] audit: type=1400 audit(1758379524.754:427): avc:  denied  { read } for  pid=7894 comm="syz.4.547" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  218.887538][ T5904] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  219.028256][ T5933] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  219.147242][ T7902] fuse: Unknown parameter ''
[  219.185626][ T5904] usb 3-1: config 220 has an invalid interface number: 76 but max is 2
[  219.257029][ T5904] usb 3-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[  219.290449][ T5904] usb 3-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  219.306726][ T5933] usb 5-1: device descriptor read/64, error -71
[  219.350275][ T5904] usb 3-1: config 220 has no interface number 2
[  219.356777][ T5904] usb 3-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  219.384346][ T5904] usb 3-1: config 220 interface 0 has no altsetting 0
[  219.399982][ T5904] usb 3-1: config 220 interface 76 has no altsetting 0
[  219.414691][ T5904] usb 3-1: config 220 interface 1 has no altsetting 0
[  219.416345][ T5977] usb 1-1: USB disconnect, device number 16
[  219.474432][ T5904] usb 3-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  219.501165][ T5904] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  219.536761][ T5904] usb 3-1: Product: syz
[  219.540951][ T5904] usb 3-1: Manufacturer: syz
[  219.555788][ T5904] usb 3-1: SerialNumber: syz
[  219.566693][ T5933] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  219.612938][ T7911] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[  219.648403][ T5170] Bluetooth: hci2: unexpected event for opcode 0x0406
[  219.706549][ T5933] usb 5-1: device descriptor read/64, error -71
[  219.817025][ T5933] usb usb5-port1: attempt power cycle
[  220.015767][ T7915] ieee802154 phy0 wpan0: encryption failed: -22
[  220.296257][ T5933] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  220.316840][ T5933] usb 5-1: device descriptor read/8, error -71
[  220.557008][ T5933] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  220.776774][ T5933] usb 5-1: device descriptor read/8, error -71
[  220.993285][ T5933] usb usb5-port1: unable to enumerate USB device
[  222.075421][ T5933] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[  222.165429][ T5913] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[  222.261213][ T5933] usb 2-1: config 220 has an invalid interface number: 76 but max is 2
[  222.283563][ T5933] usb 2-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[  222.298457][ T7942] 9pnet_virtio: no channels available for device syz
[  222.313817][ T5913] usb 5-1: device descriptor read/64, error -71
[  222.320478][ T5933] usb 2-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  222.342406][ T5933] usb 2-1: config 220 has no interface number 2
[  222.355330][ T5933] usb 2-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  222.387709][ T5933] usb 2-1: config 220 interface 0 has no altsetting 0
[  222.410995][ T5904] usb 3-1: selecting invalid altsetting 0
[  222.421250][ T5933] usb 2-1: config 220 interface 76 has no altsetting 0
[  222.433416][ T5904] usb 3-1: selecting invalid altsetting 0
[  222.440311][ T5933] usb 2-1: config 220 interface 1 has no altsetting 0
[  222.447506][ T5904] usb 3-1: Found UVC 7.01 device syz (8086:0b07)
[  222.454384][ T5904] usb 3-1: No valid video chain found.
[  222.462552][ T5933] usb 2-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  222.479602][ T5933] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  222.492476][ T5933] usb 2-1: Product: syz
[  222.498144][ T5933] usb 2-1: Manufacturer: syz
[  222.507222][ T5904] usb 3-1: selecting invalid altsetting 0
[  222.513441][ T5904] usbtest 3-1:220.1: probe with driver usbtest failed with error -22
[  222.526916][ T5933] usb 2-1: SerialNumber: syz
[  222.555514][ T5904] usb 3-1: USB disconnect, device number 23
[  222.565755][ T5913] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  222.695059][ T5913] usb 5-1: device descriptor read/64, error -71
[  222.725057][   T92] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  222.806421][ T5913] usb usb5-port1: attempt power cycle
[  222.886003][ T5904] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  223.272974][   T92] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  223.285038][   T92] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  223.306727][   T92] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00
[  223.322290][   T92] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  223.340066][   T92] usb 4-1: config 0 descriptor??
[  223.464615][ T5904] usb 3-1: Using ep0 maxpacket: 16
[  223.471586][ T5904] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  223.481751][ T5904] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  223.493691][ T5904] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  223.503765][ T5904] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  223.513773][ T5904] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  223.544660][ T5913] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  223.554476][ T5904] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  223.567675][ T5913] usb 5-1: device descriptor read/8, error -71
[  223.630738][ T5904] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  223.639381][ T5904] usb 3-1: Manufacturer: syz
[  223.665544][ T5904] usb 3-1: config 0 descriptor??
[  223.976211][ T5913] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  223.994821][   T92] usbhid 4-1:0.0: can't add hid device: -71
[  224.000892][   T92] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  224.024904][ T5913] usb 5-1: device descriptor read/8, error -71
[  224.046707][   T92] usb 4-1: USB disconnect, device number 19
[  224.147108][ T5913] usb usb5-port1: unable to enumerate USB device
[  224.256111][ T5904] rc_core: IR keymap rc-hauppauge not found
[  224.262140][ T5904] Registered IR keymap rc-empty
[  224.267425][ T5904] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  224.295963][ T5904] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  224.318705][ T5904] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0
[  224.447382][ T5904] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input27
[  224.481683][ T5904] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  224.506491][ T5904] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  224.530281][ T7969] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[  224.538245][ T5904] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  224.554138][ T5904] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  224.574893][ T5904] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  224.604177][ T5904] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  224.624622][ T5904] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  224.654154][ T5904] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  224.676601][ T5904] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  224.704619][ T5904] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  224.714324][   T24] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  224.725999][ T5904] mceusb 3-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  224.740401][ T5904] mceusb 3-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  224.786411][ T5904] usb 3-1: USB disconnect, device number 24
[  224.874394][   T24] usb 4-1: Using ep0 maxpacket: 16
[  224.902504][   T24] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  224.916924][ T7971] netlink: 8 bytes leftover after parsing attributes in process `syz.4.569'.
[  224.941544][ T7971] netlink: 4 bytes leftover after parsing attributes in process `syz.4.569'.
[  224.964801][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  224.987524][ T7971] netlink: 'syz.4.569': attribute type 12 has an invalid length.
[  225.021596][ T5933] usb 2-1: selecting invalid altsetting 0
[  225.028471][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  225.273170][ T7971] netlink: 'syz.4.569': attribute type 11 has an invalid length.
[  225.303565][   T24] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  225.328078][ T5933] usb 2-1: selecting invalid altsetting 0
[  225.345276][ T5933] usb 2-1: Found UVC 7.01 device syz (8086:0b07)
[  225.350025][   T24] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  225.358578][ T5933] usb 2-1: No valid video chain found.
[  225.379381][ T5933] usb 2-1: selecting invalid altsetting 0
[  225.385303][ T5933] usbtest 2-1:220.1: probe with driver usbtest failed with error -22
[  225.406567][ T5933] usb 2-1: USB disconnect, device number 30
[  225.517684][ T7978] FAULT_INJECTION: forcing a failure.
[  225.517684][ T7978] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  225.531090][ T7978] CPU: 1 UID: 0 PID: 7978 Comm: syz.4.571 Not tainted syzkaller #0 PREEMPT(full) 
[  225.531115][ T7978] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  225.531125][ T7978] Call Trace:
[  225.531132][ T7978]  <TASK>
[  225.531138][ T7978]  dump_stack_lvl+0x16c/0x1f0
[  225.531166][ T7978]  should_fail_ex+0x512/0x640
[  225.531192][ T7978]  _copy_from_user+0x2e/0xd0
[  225.531219][ T7978]  copy_msghdr_from_user+0x98/0x160
[  225.531243][ T7978]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  225.531277][ T7978]  ___sys_sendmsg+0xfe/0x1d0
[  225.531301][ T7978]  ? __pfx____sys_sendmsg+0x10/0x10
[  225.531353][ T7978]  __sys_sendmsg+0x16d/0x220
[  225.531376][ T7978]  ? __pfx___sys_sendmsg+0x10/0x10
[  225.531414][ T7978]  do_syscall_64+0xcd/0x4e0
[  225.531440][ T7978]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  225.531458][ T7978] RIP: 0033:0x7fd115b8ec29
[  225.531473][ T7978] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  225.531489][ T7978] RSP: 002b:00007fd1169df038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  225.531507][ T7978] RAX: ffffffffffffffda RBX: 00007fd115dd6090 RCX: 00007fd115b8ec29
[  225.531519][ T7978] RDX: 000000000000c000 RSI: 0000200000000500 RDI: 0000000000000006
[  225.531530][ T7978] RBP: 00007fd1169df090 R08: 0000000000000000 R09: 0000000000000000
[  225.531540][ T7978] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  225.531551][ T7978] R13: 00007fd115dd6128 R14: 00007fd115dd6090 R15: 00007ffd715c9258
[  225.531575][ T7978]  </TASK>
[  226.629930][   T24] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  226.717253][   T24] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  226.756043][   T24] usb 4-1: Manufacturer: syz
[  226.776869][   T24] usb 4-1: config 0 descriptor??
[  227.162954][ T5933] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  227.293181][   T24] rc_core: IR keymap rc-hauppauge not found
[  227.300816][   T24] Registered IR keymap rc-empty
[  227.307442][   T24] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  227.364409][ T5933] usb 5-1: Using ep0 maxpacket: 32
[  227.382132][ T5933] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  227.393472][ T5933] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0
[  227.407075][ T5933] usb 5-1: config 0 interface 0 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 0
[  227.424187][   T30] audit: type=1400 audit(1758379533.359:428): avc:  denied  { read } for  pid=7994 comm="syz.1.576" name="file0" dev="fuse" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[  227.452535][ T5933] usb 5-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  227.475764][   T30] audit: type=1400 audit(1758379533.359:429): avc:  denied  { open } for  pid=7994 comm="syz.1.576" path="/101/file0/file0" dev="fuse" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[  227.478425][   T24] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  227.523516][ T5933] usb 5-1: config 0 interface 0 has no altsetting 0
[  227.542792][   T30] audit: type=1400 audit(1758379533.359:430): avc:  denied  { ioctl } for  pid=7994 comm="syz.1.576" path="/101/file0/file0" dev="fuse" ino=3 ioctlcmd=0x2201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[  227.572387][   T24] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0
[  227.573228][ T5933] usb 5-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=dc.8e
[  227.585646][   T24] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input28
[  227.619122][   T24] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  227.642842][   T24] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  227.681520][ T5933] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  227.681546][ T5933] usb 5-1: Product: syz
[  227.681561][ T5933] usb 5-1: Manufacturer: syz
[  227.681577][ T5933] usb 5-1: SerialNumber: syz
[  227.690317][ T5933] usb 5-1: config 0 descriptor??
[  227.706999][   T24] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  227.722538][   T24] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  227.743514][   T24] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  227.767169][   T24] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  227.782851][   T24] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  227.803131][   T24] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  227.831438][   T24] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  227.843647][   T24] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  227.954820][   T24] mceusb 4-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  227.954932][   T24] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  228.030218][ T5933] gs_usb 5-1:0.0: Required endpoints not found
[  228.099795][ T5933] usb 5-1: USB disconnect, device number 26
[  228.126254][   T24] usb 4-1: USB disconnect, device number 20
[  228.152123][   T30] audit: type=1804 audit(1758379534.139:431): pid=8005 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.2.578" name="/newroot/116/bus/bus" dev="overlay" ino=644 res=1 errno=0
[  228.154807][   T30] audit: type=1804 audit(1758379534.149:432): pid=8005 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.2.578" name="/newroot/116/bus/bus" dev="overlay" ino=644 res=1 errno=0
[  229.388758][ T8022] netlink: 8 bytes leftover after parsing attributes in process `syz.1.580'.
[  229.615119][   T30] audit: type=1326 audit(1758379535.390:433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8014 comm="syz.1.580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f4658ec29 code=0x7ffc0000
[  230.172687][   T30] audit: type=1326 audit(1758379535.400:434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8014 comm="syz.1.580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f4658ec29 code=0x7ffc0000
[  230.516484][ T8034] FAULT_INJECTION: forcing a failure.
[  230.516484][ T8034] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  230.569364][ T8034] CPU: 1 UID: 0 PID: 8034 Comm: syz.4.585 Not tainted syzkaller #0 PREEMPT(full) 
[  230.569387][ T8034] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  230.569394][ T8034] Call Trace:
[  230.569398][ T8034]  <TASK>
[  230.569402][ T8034]  dump_stack_lvl+0x16c/0x1f0
[  230.569420][ T8034]  should_fail_ex+0x512/0x640
[  230.569438][ T8034]  _copy_to_user+0x32/0xd0
[  230.569466][ T8034]  simple_read_from_buffer+0xcb/0x170
[  230.569488][ T8034]  proc_fail_nth_read+0x197/0x240
[  230.569508][ T8034]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  230.569526][ T8034]  ? rw_verify_area+0xcf/0x6c0
[  230.569544][ T8034]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  230.569560][ T8034]  vfs_read+0x1e1/0xcf0
[  230.569573][ T8034]  ? __pfx___mutex_lock+0x10/0x10
[  230.569590][ T8034]  ? __pfx_vfs_read+0x10/0x10
[  230.569604][ T8034]  ? __fget_files+0x20e/0x3c0
[  230.569620][ T8034]  ksys_read+0x12a/0x250
[  230.569631][ T8034]  ? __pfx_ksys_read+0x10/0x10
[  230.569642][ T8034]  ? fput+0x9b/0xd0
[  230.569658][ T8034]  do_syscall_64+0xcd/0x4e0
[  230.569675][ T8034]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  230.569686][ T8034] RIP: 0033:0x7fd115b8d63c
[  230.569696][ T8034] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  230.569707][ T8034] RSP: 002b:00007fd116a00030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  230.569718][ T8034] RAX: ffffffffffffffda RBX: 00007fd115dd5fa0 RCX: 00007fd115b8d63c
[  230.569725][ T8034] RDX: 000000000000000f RSI: 00007fd116a000a0 RDI: 0000000000000004
[  230.569731][ T8034] RBP: 00007fd116a00090 R08: 0000000000000000 R09: 0000000000000000
[  230.569737][ T8034] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  230.569743][ T8034] R13: 00007fd115dd6038 R14: 00007fd115dd5fa0 R15: 00007ffd715c9258
[  230.569756][ T8034]  </TASK>
[  231.023983][ T8044] netdevsim netdevsim4: Direct firmware load for .
[  231.023983][ T8044]  failed with error -2
[  231.048261][ T8044] netdevsim netdevsim4: Falling back to sysfs fallback for: .
[  231.048261][ T8044] 
[  231.061129][   T30] audit: type=1400 audit(1758379537.041:435): avc:  denied  { firmware_load } for  pid=8039 comm="syz.4.587" scontext=system_u:system_r:kernel_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  232.259496][ T1207] usb 1-1: new low-speed USB device number 17 using dummy_hcd
[  232.926227][ T1207] usb 1-1: config 1 interface 0 altsetting 6 endpoint 0x1 is Bulk; changing to Interrupt
[  232.966798][ T1207] usb 1-1: config 1 interface 0 altsetting 6 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  233.096539][ T1207] usb 1-1: config 1 interface 0 has no altsetting 0
[  233.115256][ T1207] usb 1-1: string descriptor 0 read error: -22
[  233.124320][ T1207] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  233.134199][ T1207] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  233.177104][ T8043] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  234.544015][   T24] usb 1-1: USB disconnect, device number 17
[  234.628305][ T5904] hid-generic 0006:0004:0009.000C: unknown main item tag 0x0
[  234.648862][ T5904] hid-generic 0006:0004:0009.000C: unknown main item tag 0x0
[  234.676432][ T5904] hid-generic 0006:0004:0009.000C: unknown main item tag 0x0
[  234.724906][ T5904] hid-generic 0006:0004:0009.000C: unknown main item tag 0x0
[  234.738092][ T5904] hid-generic 0006:0004:0009.000C: unknown main item tag 0x0
[  234.836513][ T5904] hid-generic 0006:0004:0009.000C: unknown main item tag 0x0
[  234.877952][ T5904] hid-generic 0006:0004:0009.000C: unknown main item tag 0x0
[  234.893494][ T5904] hid-generic 0006:0004:0009.000C: unknown main item tag 0x0
[  235.227283][ T5904] hid-generic 0006:0004:0009.000C: unknown main item tag 0x0
[  235.235010][ T5904] hid-generic 0006:0004:0009.000C: unknown main item tag 0x0
[  235.258578][ T5904] hid-generic 0006:0004:0009.000C: hidraw0: VIRTUAL HID v0.04 Device [syz1] on syz0
[  235.906042][ T8084] fido_id[8084]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  236.562720][   T30] audit: type=1400 audit(1758379542.553:436): avc:  denied  { mount } for  pid=8100 comm="syz.1.601" name="/" dev="afs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  236.588984][ T8101] FAULT_INJECTION: forcing a failure.
[  236.588984][ T8101] name failslab, interval 1, probability 0, space 0, times 0
[  236.601825][ T8101] CPU: 1 UID: 0 PID: 8101 Comm: syz.1.601 Not tainted syzkaller #0 PREEMPT(full) 
[  236.601841][ T8101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  236.601848][ T8101] Call Trace:
[  236.601852][ T8101]  <TASK>
[  236.601856][ T8101]  dump_stack_lvl+0x16c/0x1f0
[  236.601874][ T8101]  should_fail_ex+0x512/0x640
[  236.601889][ T8101]  ? __kvmalloc_node_noprof+0x124/0x620
[  236.601902][ T8101]  should_failslab+0xc2/0x120
[  236.601915][ T8101]  __kvmalloc_node_noprof+0x137/0x620
[  236.601924][ T8101]  ? get_pid_task+0xfc/0x250
[  236.601935][ T8101]  ? file_tty_write.constprop.0+0x6ef/0x9b0
[  236.601952][ T8101]  ? file_tty_write.constprop.0+0x6ef/0x9b0
[  236.601965][ T8101]  file_tty_write.constprop.0+0x6ef/0x9b0
[  236.601979][ T8101]  ? rw_verify_area+0xcf/0x6c0
[  236.601999][ T8101]  vfs_write+0x7d3/0x11d0
[  236.602010][ T8101]  ? __pfx_tty_write+0x10/0x10
[  236.602024][ T8101]  ? __pfx_vfs_write+0x10/0x10
[  236.602034][ T8101]  ? find_held_lock+0x2b/0x80
[  236.602056][ T8101]  ksys_write+0x12a/0x250
[  236.602067][ T8101]  ? __pfx_ksys_write+0x10/0x10
[  236.602082][ T8101]  do_syscall_64+0xcd/0x4e0
[  236.602098][ T8101]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  236.602109][ T8101] RIP: 0033:0x7f2f4658ec29
[  236.602118][ T8101] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  236.602129][ T8101] RSP: 002b:00007f2f47436038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  236.602139][ T8101] RAX: ffffffffffffffda RBX: 00007f2f467d5fa0 RCX: 00007f2f4658ec29
[  236.602146][ T8101] RDX: 0000000000001006 RSI: 0000200000002080 RDI: 0000000000000007
[  236.602152][ T8101] RBP: 00007f2f47436090 R08: 0000000000000000 R09: 0000000000000000
[  236.602158][ T8101] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  236.602165][ T8101] R13: 00007f2f467d6038 R14: 00007f2f467d5fa0 R15: 00007ffe240d4738
[  236.602178][ T8101]  </TASK>
[  236.702240][   T30] audit: type=1400 audit(1758379542.593:437): avc:  denied  { create } for  pid=8100 comm="syz.1.601" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_nflog_socket permissive=1
[  236.824314][ T8101] lo speed is unknown, defaulting to 1000
[  236.830930][ T8101] lo speed is unknown, defaulting to 1000
[  236.837837][ T8101] lo speed is unknown, defaulting to 1000
[  236.846679][ T8101] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  236.858444][ T8101] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  236.884832][ T8101] lo speed is unknown, defaulting to 1000
[  236.892266][ T8101] lo speed is unknown, defaulting to 1000
[  236.898863][ T8101] lo speed is unknown, defaulting to 1000
[  236.905235][ T8101] lo speed is unknown, defaulting to 1000
[  236.912566][ T8101] lo speed is unknown, defaulting to 1000
[  236.959223][   T30] audit: type=1400 audit(1758379542.944:438): avc:  denied  { unmount } for  pid=5847 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  237.725997][ T8090] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  237.733976][ T8090] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  237.742237][ T8090] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  237.872886][ T8090] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  237.928241][ T8090] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  238.208187][   T30] audit: type=1400 audit(1758379544.194:439): avc:  denied  { mount } for  pid=8116 comm="syz.1.604" name="/" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[  238.240207][ T5860] Bluetooth: hci0: command 0x0c1a tx timeout
[  238.478357][ T5904] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  238.486260][ T5913] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  238.803121][ T5913] usb 3-1: Using ep0 maxpacket: 16
[  238.824798][ T5904] usb 4-1: device descriptor read/64, error -71
[  238.848364][ T5913] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  239.079455][ T5913] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  239.359303][ T5913] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  239.997034][ T5913] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  240.049696][ T5860] Bluetooth: hci3: command 0x0c1a tx timeout
[  240.056510][ T5860] Bluetooth: hci2: command 0x0c1a tx timeout
[  240.077013][ T5861] Bluetooth: hci4: command 0x0405 tx timeout
[  240.083665][ T5170] Bluetooth: hci1: command 0x0c1a tx timeout
[  240.089910][ T5904] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  241.459369][ T5913] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  241.493165][ T5913] usb 3-1: string descriptor 0 read error: -71
[  241.545866][ T5913] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  241.562476][ T5913] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  241.587152][ T5913] usb 3-1: config 0 descriptor??
[  241.598104][ T5913] usb 3-1: can't set config #0, error -71
[  241.605981][ T5913] usb 3-1: USB disconnect, device number 25
[  241.628205][   T30] audit: type=1400 audit(1758379547.626:440): avc:  denied  { getopt } for  pid=8131 comm="syz.2.608" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  241.788968][ T8134] lo speed is unknown, defaulting to 1000
[  241.826297][   T30] audit: type=1400 audit(1758379547.726:441): avc:  denied  { mounton } for  pid=8131 comm="syz.2.608" path="/119/file0" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=file permissive=1
[  241.889638][   T30] audit: type=1400 audit(1758379547.726:442): avc:  denied  { mount } for  pid=8131 comm="syz.2.608" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  242.080611][   T30] audit: type=1400 audit(1758379547.806:443): avc:  denied  { create } for  pid=8133 comm="syz.3.607" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1
[  242.122291][   T30] audit: type=1400 audit(1758379547.826:444): avc:  denied  { write } for  pid=8133 comm="syz.3.607" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1
[  242.144854][   T30] audit: type=1400 audit(1758379548.056:445): avc:  denied  { unmount } for  pid=5847 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[  242.429071][ T8140] hub 8-0:1.0: USB hub found
[  242.437809][ T8140] hub 8-0:1.0: 1 port detected
[  243.912546][   T30] audit: type=1400 audit(1758379549.557:446): avc:  denied  { setopt } for  pid=8157 comm="syz.4.613" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  245.093978][   T24] usb 3-1: new full-speed USB device number 26 using dummy_hcd
[  245.297319][   T24] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  245.354525][   T24] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  245.403495][ T8184] FAULT_INJECTION: forcing a failure.
[  245.403495][ T8184] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  245.405036][   T24] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  245.427660][ T8184] CPU: 0 UID: 0 PID: 8184 Comm: syz.4.619 Not tainted syzkaller #0 PREEMPT(full) 
[  245.427687][ T8184] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  245.427697][ T8184] Call Trace:
[  245.427703][ T8184]  <TASK>
[  245.427710][ T8184]  dump_stack_lvl+0x16c/0x1f0
[  245.427738][ T8184]  should_fail_ex+0x512/0x640
[  245.427765][ T8184]  _copy_from_user+0x2e/0xd0
[  245.427791][ T8184]  copy_msghdr_from_user+0x98/0x160
[  245.427814][ T8184]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  245.427847][ T8184]  ___sys_sendmsg+0xfe/0x1d0
[  245.427870][ T8184]  ? __pfx____sys_sendmsg+0x10/0x10
[  245.427922][ T8184]  __sys_sendmsg+0x16d/0x220
[  245.427944][ T8184]  ? __pfx___sys_sendmsg+0x10/0x10
[  245.427979][ T8184]  do_syscall_64+0xcd/0x4e0
[  245.428003][ T8184]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  245.428018][ T8184] RIP: 0033:0x7fd115b8ec29
[  245.428031][ T8184] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  245.428047][ T8184] RSP: 002b:00007fd116a00038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  245.428063][ T8184] RAX: ffffffffffffffda RBX: 00007fd115dd5fa0 RCX: 00007fd115b8ec29
[  245.428074][ T8184] RDX: 0000000020000810 RSI: 0000200000000280 RDI: 0000000000000003
[  245.428083][ T8184] RBP: 00007fd116a00090 R08: 0000000000000000 R09: 0000000000000000
[  245.428093][ T8184] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  245.428103][ T8184] R13: 00007fd115dd6038 R14: 00007fd115dd5fa0 R15: 00007ffd715c9258
[  245.428125][ T8184]  </TASK>
[  245.437440][   T30] audit: type=1400 audit(1758379551.398:447): avc:  denied  { ioctl } for  pid=8181 comm="syz.4.619" path="socket:[17716]" dev="sockfs" ino=17716 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  245.456141][ T8185] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[  245.629259][ T8187] FAULT_INJECTION: forcing a failure.
[  245.629259][ T8187] name failslab, interval 1, probability 0, space 0, times 0
[  245.643053][ T8187] CPU: 0 UID: 0 PID: 8187 Comm: syz.0.620 Not tainted syzkaller #0 PREEMPT(full) 
[  245.643069][ T8187] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  245.643076][ T8187] Call Trace:
[  245.643080][ T8187]  <TASK>
[  245.643084][ T8187]  dump_stack_lvl+0x16c/0x1f0
[  245.643103][ T8187]  should_fail_ex+0x512/0x640
[  245.643117][ T8187]  ? __kmalloc_cache_node_noprof+0x5a/0x420
[  245.643131][ T8187]  should_failslab+0xc2/0x120
[  245.643144][ T8187]  __kmalloc_cache_node_noprof+0x6d/0x420
[  245.643154][ T8187]  ? __lock_acquire+0xb97/0x1ce0
[  245.643172][ T8187]  ? __get_vm_area_node+0x101/0x330
[  245.643189][ T8187]  __get_vm_area_node+0x101/0x330
[  245.643207][ T8187]  __vmalloc_node_range_noprof+0x271/0x14b0
[  245.643224][ T8187]  ? sel_write_load+0x2ac/0x1bd0
[  245.643240][ T8187]  ? find_held_lock+0x2b/0x80
[  245.643254][ T8187]  ? sel_write_load+0x2ac/0x1bd0
[  245.643269][ T8187]  ? avc_has_perm_noaudit+0x149/0x3b0
[  245.643281][ T8187]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  245.643299][ T8187]  ? avc_has_perm+0x144/0x1f0
[  245.643311][ T8187]  ? __pfx_avc_has_perm+0x10/0x10
[  245.643323][ T8187]  ? sel_write_load+0x2ac/0x1bd0
[  245.643335][ T8187]  __vmalloc_node_noprof+0xad/0xf0
[  245.643351][ T8187]  ? sel_write_load+0x2ac/0x1bd0
[  245.643365][ T8187]  sel_write_load+0x2ac/0x1bd0
[  245.643384][ T8187]  ? __lock_acquire+0xb97/0x1ce0
[  245.643401][ T8187]  ? __pfx_sel_write_load+0x10/0x10
[  245.643425][ T8187]  ? __pfx_sel_write_load+0x10/0x10
[  245.643444][ T8187]  vfs_write+0x2a0/0x11d0
[  245.643466][ T8187]  ? __pfx___mutex_lock+0x10/0x10
[  245.643489][ T8187]  ? __pfx_vfs_write+0x10/0x10
[  245.643512][ T8187]  ? __fget_files+0x20e/0x3c0
[  245.643531][ T8187]  ksys_write+0x12a/0x250
[  245.643542][ T8187]  ? __pfx_ksys_write+0x10/0x10
[  245.643558][ T8187]  do_syscall_64+0xcd/0x4e0
[  245.643574][ T8187]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  245.643586][ T8187] RIP: 0033:0x7f88a938ec29
[  245.643596][ T8187] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  245.643607][ T8187] RSP: 002b:00007f88aa2a7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  245.643618][ T8187] RAX: ffffffffffffffda RBX: 00007f88a95d5fa0 RCX: 00007f88a938ec29
[  245.643625][ T8187] RDX: 0000000000002000 RSI: 0000200000000000 RDI: 0000000000000003
[  245.643631][ T8187] RBP: 00007f88aa2a7090 R08: 0000000000000000 R09: 0000000000000000
[  245.643638][ T8187] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  245.643645][ T8187] R13: 00007f88a95d6038 R14: 00007f88a95d5fa0 R15: 00007ffc710655e8
[  245.643659][ T8187]  </TASK>
[  246.026388][ T8187] syz.0.620: vmalloc error: size 8192, vm_struct allocation failed, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=/,mems_allowed=0-1
[  246.045638][ T8187] CPU: 1 UID: 0 PID: 8187 Comm: syz.0.620 Not tainted syzkaller #0 PREEMPT(full) 
[  246.045656][ T8187] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  246.045662][ T8187] Call Trace:
[  246.045666][ T8187]  <TASK>
[  246.045671][ T8187]  dump_stack_lvl+0x16c/0x1f0
[  246.045690][ T8187]  warn_alloc+0x248/0x3a0
[  246.045704][ T8187]  ? __pfx_warn_alloc+0x10/0x10
[  246.045719][ T8187]  ? rcu_is_watching+0x12/0xc0
[  246.045734][ T8187]  ? trace_kmalloc+0x2b/0xd0
[  246.045747][ T8187]  ? __kmalloc_cache_node_noprof+0x272/0x420
[  246.045760][ T8187]  ? __kasan_kmalloc+0x8a/0xb0
[  246.045772][ T8187]  ? __get_vm_area_node+0x208/0x330
[  246.045791][ T8187]  __vmalloc_node_range_noprof+0xb2d/0x14b0
[  246.045811][ T8187]  ? find_held_lock+0x2b/0x80
[  246.045825][ T8187]  ? sel_write_load+0x2ac/0x1bd0
[  246.045841][ T8187]  ? avc_has_perm_noaudit+0x149/0x3b0
[  246.045853][ T8187]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  246.045871][ T8187]  ? avc_has_perm+0x144/0x1f0
[  246.045882][ T8187]  ? __pfx_avc_has_perm+0x10/0x10
[  246.045895][ T8187]  ? sel_write_load+0x2ac/0x1bd0
[  246.045907][ T8187]  __vmalloc_node_noprof+0xad/0xf0
[  246.045923][ T8187]  ? sel_write_load+0x2ac/0x1bd0
[  246.045937][ T8187]  sel_write_load+0x2ac/0x1bd0
[  246.045956][ T8187]  ? __lock_acquire+0xb97/0x1ce0
[  246.045973][ T8187]  ? __pfx_sel_write_load+0x10/0x10
[  246.045997][ T8187]  ? __pfx_sel_write_load+0x10/0x10
[  246.046009][ T8187]  vfs_write+0x2a0/0x11d0
[  246.046024][ T8187]  ? __pfx___mutex_lock+0x10/0x10
[  246.046039][ T8187]  ? __pfx_vfs_write+0x10/0x10
[  246.046054][ T8187]  ? __fget_files+0x20e/0x3c0
[  246.046071][ T8187]  ksys_write+0x12a/0x250
[  246.046082][ T8187]  ? __pfx_ksys_write+0x10/0x10
[  246.046097][ T8187]  do_syscall_64+0xcd/0x4e0
[  246.046113][ T8187]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  246.046125][ T8187] RIP: 0033:0x7f88a938ec29
[  246.046134][ T8187] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  246.046145][ T8187] RSP: 002b:00007f88aa2a7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  246.046155][ T8187] RAX: ffffffffffffffda RBX: 00007f88a95d5fa0 RCX: 00007f88a938ec29
[  246.046162][ T8187] RDX: 0000000000002000 RSI: 0000200000000000 RDI: 0000000000000003
[  246.046168][ T8187] RBP: 00007f88aa2a7090 R08: 0000000000000000 R09: 0000000000000000
[  246.046174][ T8187] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  246.046180][ T8187] R13: 00007f88a95d6038 R14: 00007f88a95d5fa0 R15: 00007ffc710655e8
[  246.046194][ T8187]  </TASK>
[  246.046198][ T8187] Mem-Info:
[  246.369688][ T8187] active_anon:29161 inactive_anon:0 isolated_anon:0
[  246.369688][ T8187]  active_file:17899 inactive_file:40665 isolated_file:0
[  246.369688][ T8187]  unevictable:768 dirty:398 writeback:0
[  246.369688][ T8187]  slab_reclaimable:12120 slab_unreclaimable:98217
[  246.369688][ T8187]  mapped:36369 shmem:20655 pagetables:1209
[  246.369688][ T8187]  sec_pagetables:0 bounce:0
[  246.369688][ T8187]  kernel_misc_reclaimable:0
[  246.369688][ T8187]  free:1275980 free_pcp:16408 free_cma:0
[  246.394837][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  246.451102][   T24] usb 3-1: Product: syz
[  246.468826][   T24] usb 3-1: Manufacturer: syz
[  246.493145][ T8187] Node 0 active_anon:117084kB inactive_anon:0kB active_file:71596kB inactive_file:162464kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:145476kB dirty:1596kB writeback:0kB shmem:81080kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12136kB pagetables:4772kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  246.646656][   T24] usb 3-1: SerialNumber: syz
[  246.678231][ T8187] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:196kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:144kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  246.804532][ T8191] netlink: 'syz.4.621': attribute type 13 has an invalid length.
[  246.867893][ T8191] hub 8-0:1.0: USB hub found
[  246.873912][ T8191] hub 8-0:1.0: 1 port detected
[  247.103741][ T8187] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  247.167379][ T8187] lowmem_reserve[]: 0 2479 2481 2481 2481
[  247.182292][ T8187] Node 0 DMA32 free:1174612kB boost:0kB min:34076kB low:42592kB high:51108kB reserved_highatomic:0KB free_highatomic:0KB active_anon:129772kB inactive_anon:0kB active_file:71596kB inactive_file:161144kB unevictable:1536kB writepending:1212kB present:3129332kB managed:2539316kB mlocked:0kB bounce:0kB free_pcp:48520kB local_pcp:13020kB free_cma:0kB
[  247.382905][ T8187] lowmem_reserve[]: 0 0 1 1 1
[  247.416154][ T8187] Node 0 Normal free:8kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:24kB inactive_anon:0kB active_file:0kB inactive_file:1320kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:36kB local_pcp:28kB free_cma:0kB
[  247.500904][ T8187] lowmem_reserve[]: 0 0 0 0 0
[  247.515603][ T8187] Node 1 Normal free:3898128kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:196kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:19380kB local_pcp:6188kB free_cma:0kB
[  247.547070][ T8187] lowmem_reserve[]: 0 0 0 0 0
[  247.552738][ T8187] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  247.584104][ T8187] Node 0 DMA32: 26*4kB (UM) 29*8kB (UE) 65*16kB (UME) 134*32kB (UME) 237*64kB (UME) 76*128kB (UM) 29*256kB (UM) 18*512kB (UM) 8*1024kB (UM) 6*2048kB (UME) 271*4096kB (UM) = 1177696kB
[  247.606713][ T8187] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB
[  247.625126][ T8187] Node 1 Normal: 208*4kB (UME) 50*8kB (UME) 52*16kB (UME) 132*32kB (UME) 34*64kB (UME) 8*128kB (UME) 4*256kB (UME) 3*512kB (UM) 3*1024kB (UME) 2*2048kB (UE) 947*4096kB (M) = 3898128kB
[  247.643847][ T8187] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  247.666261][ T8187] Node 0 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB
[  247.697902][ T8187] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  247.712559][ T8187] Node 1 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB
[  247.726217][ T8187] 79665 total pagecache pages
[  247.731675][ T8187] 0 pages in swap cache
[  247.737149][ T8187] Free swap  = 124996kB
[  247.745812][ T8187] Total swap = 124996kB
[  247.751096][ T8187] 2097051 pages RAM
[  247.755614][ T8187] 0 pages HighMem/MovableOnly
[  247.760481][ T8187] 430260 pages reserved
[  247.767436][ T8187] 0 pages cma reserved
[  247.773145][ T8194] SELinux:  policydb magic number 0x0 does not match expected magic number 0xf97cff8c
[  247.786168][ T8194] SELinux: failed to load policy
[  248.137128][   T24] usb 3-1: 0:2 : does not exist
[  248.653838][   T24] usb 3-1: USB disconnect, device number 26
[  249.651670][   T24] usb 3-1: new low-speed USB device number 27 using dummy_hcd
[  249.711581][ T8223] FAULT_INJECTION: forcing a failure.
[  249.711581][ T8223] name failslab, interval 1, probability 0, space 0, times 0
[  249.777222][ T8223] CPU: 1 UID: 0 PID: 8223 Comm: syz.3.623 Not tainted syzkaller #0 PREEMPT(full) 
[  249.777251][ T8223] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  249.777261][ T8223] Call Trace:
[  249.777267][ T8223]  <TASK>
[  249.777275][ T8223]  dump_stack_lvl+0x16c/0x1f0
[  249.777303][ T8223]  should_fail_ex+0x512/0x640
[  249.777325][ T8223]  ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0
[  249.777347][ T8223]  should_failslab+0xc2/0x120
[  249.777368][ T8223]  kmem_cache_alloc_lru_noprof+0x72/0x3b0
[  249.777386][ T8223]  ? __pfx_selinux_socket_create+0x10/0x10
[  249.777421][ T8223]  ? sock_alloc_inode+0x25/0x1c0
[  249.777450][ T8223]  ? __pfx_sock_alloc_inode+0x10/0x10
[  249.777473][ T8223]  sock_alloc_inode+0x25/0x1c0
[  249.777496][ T8223]  alloc_inode+0x61/0x240
[  249.777522][ T8223]  sock_alloc+0x40/0x280
[  249.777546][ T8223]  __sock_create+0xc1/0x8d0
[  249.777577][ T8223]  __sys_socketpair+0x1d8/0x5a0
[  249.777596][ T8223]  ? __pfx___sys_socketpair+0x10/0x10
[  249.777612][ T8223]  ? fput+0x9b/0xd0
[  249.777636][ T8223]  ? __pfx_ksys_write+0x10/0x10
[  249.777659][ T8223]  __x64_sys_socketpair+0x96/0x100
[  249.777676][ T8223]  ? lockdep_hardirqs_on+0x7c/0x110
[  249.777700][ T8223]  do_syscall_64+0xcd/0x4e0
[  249.777724][ T8223]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  249.777742][ T8223] RIP: 0033:0x7fd017590b7a
[  249.777758][ T8223] Code: 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 35 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  249.777775][ T8223] RSP: 002b:00007fd018499f78 EFLAGS: 00000246 ORIG_RAX: 0000000000000035
[  249.777793][ T8223] RAX: ffffffffffffffda RBX: 00007fd0177d6100 RCX: 00007fd017590b7a
[  249.777805][ T8223] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001
[  249.777815][ T8223] RBP: 00007fd01849a090 R08: 0000000000000000 R09: 0000000000000000
[  249.777826][ T8223] R10: 00007fd018499f98 R11: 0000000000000246 R12: 0000000000000006
[  249.777837][ T8223] R13: 00007fd0177d6218 R14: 00007fd0177d6180 R15: 00007ffe290151b8
[  249.777860][ T8223]  </TASK>
[  249.777950][ T8223] socket: no more sockets
[  250.319270][   T24] usb 3-1: config index 0 descriptor too short (expected 1307, got 27)
[  250.327907][   T24] usb 3-1: config 0 has an invalid interface number: 0 but max is -1
[  250.951094][ T5913] usb 2-1: new low-speed USB device number 31 using dummy_hcd
[  251.013753][   T24] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 0
[  251.051896][   T24] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 246, using maximum allowed: 30
[  251.112418][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 is Bulk; changing to Interrupt
[  251.156080][ T5913] usb 2-1: config 1 interface 0 altsetting 6 endpoint 0x1 is Bulk; changing to Interrupt
[  251.167205][ T5913] usb 2-1: config 1 interface 0 altsetting 6 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  251.191681][   T24] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 246
[  251.204697][ T5913] usb 2-1: config 1 interface 0 has no altsetting 0
[  251.216660][ T5913] usb 2-1: string descriptor 0 read error: -22
[  251.224209][ T5913] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  251.240989][ T5913] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  251.297991][ T8229] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  251.444944][   T30] audit: type=1400 audit(1758379557.441:448): avc:  denied  { listen } for  pid=8233 comm="syz.4.631" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  251.521759][   T30] audit: type=1400 audit(1758379557.441:449): avc:  denied  { ioctl } for  pid=8233 comm="syz.4.631" path="socket:[17396]" dev="sockfs" ino=17396 ioctlcmd=0x8905 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  251.680931][   T24] usb 3-1: string descriptor 0 read error: -71
[  252.258075][   T24] usb 3-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de
[  252.267165][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  252.322527][   T24] usb 3-1: config 0 descriptor??
[  252.329043][   T24] usb 3-1: can't set config #0, error -71
[  252.339607][   T24] usb 3-1: USB disconnect, device number 27
[  252.880685][ T5860] Bluetooth: hci4: command 0x0405 tx timeout
[  253.565386][   T30] audit: type=1400 audit(1758379559.572:450): avc:  denied  { mount } for  pid=8252 comm="syz.4.637" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1
[  253.626949][   T30] audit: type=1400 audit(1758379559.602:451): avc:  denied  { mounton } for  pid=8252 comm="syz.4.637" path="/128/file0" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1
[  253.649377][    C0] vkms_vblank_simulate: vblank timer overrun
[  253.719879][   T30] audit: type=1400 audit(1758379559.612:452): avc:  denied  { read } for  pid=8252 comm="syz.4.637" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1
[  253.744605][   T30] audit: type=1400 audit(1758379559.612:453): avc:  denied  { open } for  pid=8252 comm="syz.4.637" path="/128/file0" dev="overlay" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1
[  253.784798][   T30] audit: type=1400 audit(1758379559.612:454): avc:  denied  { read } for  pid=8252 comm="syz.4.637" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1
[  253.785031][ T5913] usb 2-1: USB disconnect, device number 31
[  253.806490][   T30] audit: type=1400 audit(1758379559.632:455): avc:  denied  { unmount } for  pid=5852 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1
[  253.986819][ T8267] program syz.0.638 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  254.349265][ T5904] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  254.936372][ T5904] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  254.987695][ T5904] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  255.203337][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  255.209887][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  255.261618][ T5904] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  255.279311][ T5904] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  255.294197][ T5904] usb 1-1: Product: syz
[  255.368897][ T5904] usb 1-1: Manufacturer: syz
[  255.394095][ T5904] usb 1-1: SerialNumber: syz
[  255.520334][ T5904] usb 1-1: config 0 descriptor??
[  255.683875][ T5904] snd-usb-audio 1-1:0.0: probe with driver snd-usb-audio failed with error -22
[  255.778561][   T24] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  255.910076][ T8267] cgroup: Invalid name
[  256.037399][ T5866] udevd[5866]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  256.169246][   T30] audit: type=1400 audit(1758379562.173:456): avc:  denied  { ioctl } for  pid=8279 comm="syz.1.643" path="socket:[17913]" dev="sockfs" ino=17913 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  256.201893][   T24] usb 4-1: config 220 has an invalid interface number: 76 but max is 2
[  256.211076][   T24] usb 4-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[  256.224399][   T24] usb 4-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  256.252942][   T24] usb 4-1: config 220 has no interface number 2
[  256.286050][   T24] usb 4-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  256.343826][   T24] usb 4-1: config 220 interface 0 has no altsetting 0
[  256.461321][   T24] usb 4-1: config 220 interface 76 has no altsetting 0
[  256.471576][   T24] usb 4-1: config 220 interface 1 has no altsetting 0
[  256.483834][   T24] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  256.493257][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  256.501506][   T24] usb 4-1: Product: syz
[  256.505777][   T24] usb 4-1: Manufacturer: syz
[  256.511544][   T24] usb 4-1: SerialNumber: syz
[  256.547300][   T30] audit: type=1400 audit(1758379562.533:457): avc:  denied  { shutdown } for  pid=8279 comm="syz.1.643" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  256.978480][ T8293] ieee802154 phy0 wpan0: encryption failed: -22
[  257.314525][ T5977] usb 1-1: USB disconnect, device number 18
[  257.472993][ T8302] FAULT_INJECTION: forcing a failure.
[  257.472993][ T8302] name failslab, interval 1, probability 0, space 0, times 0
[  257.486364][ T8302] CPU: 0 UID: 0 PID: 8302 Comm: syz.4.649 Not tainted syzkaller #0 PREEMPT(full) 
[  257.486387][ T8302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  257.486396][ T8302] Call Trace:
[  257.486401][ T8302]  <TASK>
[  257.486407][ T8302]  dump_stack_lvl+0x16c/0x1f0
[  257.486429][ T8302]  should_fail_ex+0x512/0x640
[  257.486443][ T8302]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  257.486457][ T8302]  should_failslab+0xc2/0x120
[  257.486470][ T8302]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  257.486485][ T8302]  ? skb_clone+0x190/0x3f0
[  257.486510][ T8302]  skb_clone+0x190/0x3f0
[  257.486529][ T8302]  nfnetlink_rcv_batch+0x1cf/0x2330
[  257.486553][ T8302]  ? __lock_acquire+0x62e/0x1ce0
[  257.486574][ T8302]  ? __pfx_nfnetlink_rcv_batch+0x10/0x10
[  257.486593][ T8302]  ? avc_has_perm_noaudit+0x149/0x3b0
[  257.486609][ T8302]  ? __asan_memset+0x23/0x50
[  257.486629][ T8302]  ? __nla_validate_parse+0x600/0x2880
[  257.486660][ T8302]  ? __pfx___nla_validate_parse+0x10/0x10
[  257.486685][ T8302]  ? cap_capable+0xb3/0x250
[  257.486705][ T8302]  ? __nla_parse+0x40/0x60
[  257.486724][ T8302]  nfnetlink_rcv+0x3c1/0x430
[  257.486734][ T8302]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  257.486748][ T8302]  netlink_unicast+0x5a7/0x870
[  257.486767][ T8302]  ? __pfx_netlink_unicast+0x10/0x10
[  257.486789][ T8302]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  257.486816][ T8302]  netlink_sendmsg+0x8d1/0xdd0
[  257.486840][ T8302]  ? __pfx_netlink_sendmsg+0x10/0x10
[  257.486858][ T8302]  ? __pfx_netlink_sendmsg+0x10/0x10
[  257.486875][ T8302]  ____sys_sendmsg+0xa95/0xc70
[  257.486892][ T8302]  ? copy_msghdr_from_user+0x10a/0x160
[  257.486910][ T8302]  ? __pfx_____sys_sendmsg+0x10/0x10
[  257.486945][ T8302]  ___sys_sendmsg+0x134/0x1d0
[  257.486965][ T8302]  ? __pfx____sys_sendmsg+0x10/0x10
[  257.487004][ T8302]  __sys_sendmsg+0x16d/0x220
[  257.487018][ T8302]  ? __pfx___sys_sendmsg+0x10/0x10
[  257.487041][ T8302]  do_syscall_64+0xcd/0x4e0
[  257.487059][ T8302]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  257.487076][ T8302] RIP: 0033:0x7fd115b8ec29
[  257.487089][ T8302] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  257.487104][ T8302] RSP: 002b:00007fd116a00038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  257.487120][ T8302] RAX: ffffffffffffffda RBX: 00007fd115dd5fa0 RCX: 00007fd115b8ec29
[  257.487130][ T8302] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003
[  257.487138][ T8302] RBP: 00007fd116a00090 R08: 0000000000000000 R09: 0000000000000000
[  257.487144][ T8302] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  257.487150][ T8302] R13: 00007fd115dd6038 R14: 00007fd115dd5fa0 R15: 00007ffd715c9258
[  257.487164][ T8302]  </TASK>
[  258.067518][ T5933] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  258.110782][ T1207] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  258.857245][ T5933] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  259.002522][ T5933] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[  259.016846][ T5933] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 121
[  259.026926][ T1207] usb 3-1: Using ep0 maxpacket: 16
[  259.589944][ T1207] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  259.590500][ T5933] usb 2-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  259.603246][ T1207] usb 3-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  259.630377][ T1207] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  259.662678][ T1207] usb 3-1: config 0 descriptor??
[  259.771878][ T5933] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  259.827757][   T24] usb 4-1: selecting invalid altsetting 0
[  259.831618][ T5933] usb 2-1: Product: syz
[  259.843387][   T24] usb 4-1: selecting invalid altsetting 0
[  259.854400][   T24] usb 4-1: Found UVC 7.01 device syz (8086:0b07)
[  259.857809][ T5933] usb 2-1: Manufacturer: syz
[  259.864874][   T24] usb 4-1: No valid video chain found.
[  259.988619][   T24] usb 4-1: selecting invalid altsetting 0
[  259.994382][   T24] usbtest 4-1:220.1: probe with driver usbtest failed with error -22
[  260.006512][   T24] usb 4-1: USB disconnect, device number 23
[  260.083560][   T30] audit: type=1326 audit(1758379566.085:458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8299 comm="syz.2.647" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8d1278ec29 code=0x7ffc0000
[  260.425189][ T1207] mcp2221 0003:04D8:00DD.000D: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.2-1/input0
[  260.451945][ T5933] usb 2-1: SerialNumber: syz
[  260.626091][    C1] ==================================================================
[  260.634178][    C1] BUG: KASAN: slab-out-of-bounds in mcp2221_raw_event+0x1070/0x10a0
[  260.642174][    C1] Read of size 1 at addr ffff888050ed7fff by task syz.4.656/8329
[  260.649867][    C1] 
[  260.652174][    C1] CPU: 1 UID: 0 PID: 8329 Comm: syz.4.656 Not tainted syzkaller #0 PREEMPT(full) 
[  260.652188][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  260.652195][    C1] Call Trace:
[  260.652201][    C1]  <IRQ>
[  260.652206][    C1]  dump_stack_lvl+0x116/0x1f0
[  260.652224][    C1]  print_report+0xcd/0x630
[  260.652239][    C1]  ? __virt_addr_valid+0x81/0x610
[  260.652255][    C1]  ? __phys_addr+0xe8/0x180
[  260.652270][    C1]  ? mcp2221_raw_event+0x1070/0x10a0
[  260.652286][    C1]  kasan_report+0xe0/0x110
[  260.652298][    C1]  ? mcp2221_raw_event+0x1070/0x10a0
[  260.652319][    C1]  mcp2221_raw_event+0x1070/0x10a0
[  260.652334][    C1]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  260.652350][    C1]  __hid_input_report.constprop.0+0x314/0x450
[  260.652364][    C1]  ? __pfx_mcp2221_raw_event+0x10/0x10
[  260.652381][    C1]  hid_irq_in+0x35e/0x870
[  260.652399][    C1]  __usb_hcd_giveback_urb+0x388/0x610
[  260.652412][    C1]  usb_hcd_giveback_urb+0x39b/0x450
[  260.652423][    C1]  dummy_timer+0x1814/0x3a30
[  260.652442][    C1]  ? __pfx_dummy_timer+0x10/0x10
[  260.652454][    C1]  ? __pfx_dummy_timer+0x10/0x10
[  260.652466][    C1]  ? mark_held_locks+0x49/0x80
[  260.652481][    C1]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  260.652494][    C1]  ? __pfx_dummy_timer+0x10/0x10
[  260.652507][    C1]  __hrtimer_run_queues+0x202/0xad0
[  260.652522][    C1]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  260.652534][    C1]  ? read_tsc+0x9/0x20
[  260.652549][    C1]  hrtimer_run_softirq+0x17d/0x350
[  260.652562][    C1]  handle_softirqs+0x219/0x8e0
[  260.652577][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  260.652595][    C1]  __irq_exit_rcu+0x109/0x170
[  260.652607][    C1]  irq_exit_rcu+0x9/0x30
[  260.652620][    C1]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  260.652633][    C1]  </IRQ>
[  260.652637][    C1]  <TASK>
[  260.652640][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  260.652654][    C1] RIP: 0010:finish_task_switch.isra.0+0x22a/0xc10
[  260.652670][    C1] Code: fb 09 00 00 44 8b 05 b9 8c 22 0f 45 85 c0 0f 85 be 01 00 00 4c 89 e7 e8 a4 f6 ff ff e8 af 69 3a 00 fb 65 48 8b 1d 5e c5 4d 12 <48> 8d bb 18 16 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1
[  260.652681][    C1] RSP: 0018:ffffc900101071e0 EFLAGS: 00000206
[  260.652691][    C1] RAX: 0000000000004699 RBX: ffff8880316c0000 RCX: 0000000000000007
[  260.652702][    C1] RDX: 0000000000000000 RSI: ffffffff8de52d29 RDI: ffffffff8c163380
[  260.652717][    C1] RBP: ffffc90010107228 R08: 0000000000000001 R09: 0000000000000001
[  260.652728][    C1] R10: ffffffff90ab7597 R11: 0000000000000000 R12: ffff8880b853a300
[  260.652735][    C1] R13: ffff8880546b0000 R14: ffff8880b843a300 R15: ffff8880b853b170
[  260.652746][    C1]  ? __switch_to+0x7a5/0x11a0
[  260.652760][    C1]  __schedule+0x1198/0x5de0
[  260.652771][    C1]  ? __lock_acquire+0x62e/0x1ce0
[  260.652790][    C1]  ? __pfx___schedule+0x10/0x10
[  260.652802][    C1]  ? page_table_check_set+0x627/0x750
[  260.652815][    C1]  ? page_table_check_set+0x631/0x750
[  260.652826][    C1]  ? preempt_schedule_thunk+0x16/0x30
[  260.652841][    C1]  preempt_schedule_common+0x44/0xc0
[  260.652854][    C1]  preempt_schedule_thunk+0x16/0x30
[  260.652870][    C1]  _raw_spin_unlock+0x3e/0x50
[  260.652881][    C1]  do_wp_page+0x177b/0x4f00
[  260.652897][    C1]  ? __pfx_do_wp_page+0x10/0x10
[  260.652912][    C1]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  260.652923][    C1]  ? ___pte_offset_map+0x2ad/0x4f0
[  260.652937][    C1]  __handle_mm_fault+0x1b2d/0x2a50
[  260.652954][    C1]  ? mt_find+0x3ef/0xa30
[  260.652969][    C1]  ? __pfx___handle_mm_fault+0x10/0x10
[  260.652984][    C1]  ? __pfx_mt_find+0x10/0x10
[  260.653002][    C1]  ? find_vma+0xbf/0x140
[  260.653013][    C1]  ? __pfx_find_vma+0x10/0x10
[  260.653025][    C1]  handle_mm_fault+0x589/0xd10
[  260.653042][    C1]  ? trace_raw_output_exceptions+0x131/0x150
[  260.653059][    C1]  do_user_addr_fault+0x7a6/0x1370
[  260.653070][    C1]  ? rcu_is_watching+0x12/0xc0
[  260.653085][    C1]  exc_page_fault+0x5c/0xb0
[  260.653097][    C1]  asm_exc_page_fault+0x26/0x30
[  260.653107][    C1] RIP: 0010:rep_movs_alternative+0x4a/0x90
[  260.653118][    C1] Code: cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 <f3> a4 c3 cc cc cc cc 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48
[  260.653133][    C1] RSP: 0018:ffffc90010107948 EFLAGS: 00050206
[  260.653141][    C1] RAX: 0000000000000001 RBX: 0000000000001000 RCX: 0000000000000e80
[  260.653148][    C1] RDX: 0000000000000000 RSI: ffff888013dad180 RDI: 00002000000e0000
[  260.653155][    C1] RBP: 0000000000001000 R08: 0000000000000000 R09: ffffed10027b5bff
[  260.653161][    C1] R10: ffff888013dadfff R11: 0000000000000000 R12: 00000000000dfb80
[  260.653167][    C1] R13: ffffc90010107d50 R14: ffff888013dad000 R15: 00002000000dfe80
[  260.653178][    C1]  _copy_to_iter+0x4eb/0x1710
[  260.653197][    C1]  ? __pfx__copy_to_iter+0x10/0x10
[  260.653214][    C1]  ? __up_read+0x1f8/0x750
[  260.653225][    C1]  ? __pfx_pin_user_pages_remote+0x10/0x10
[  260.653240][    C1]  ? mm_access+0x22d/0x2e0
[  260.653255][    C1]  copy_page_to_iter+0x12a/0x1e0
[  260.653271][    C1]  process_vm_rw_core.constprop.0+0x5ad/0x970
[  260.653287][    C1]  ? __pfx_process_vm_rw_core.constprop.0+0x10/0x10
[  260.653305][    C1]  ? iovec_from_user+0xbb/0x140
[  260.653321][    C1]  process_vm_rw+0x2ff/0x360
[  260.653333][    C1]  ? __pfx_process_vm_rw+0x10/0x10
[  260.653354][    C1]  ? xfd_validate_state+0x61/0x180
[  260.653370][    C1]  ? __task_pid_nr_ns+0x17c/0x500
[  260.653381][    C1]  __x64_sys_process_vm_readv+0xe2/0x1c0
[  260.653393][    C1]  ? do_syscall_64+0x91/0x4e0
[  260.653406][    C1]  ? lockdep_hardirqs_on+0x7c/0x110
[  260.653419][    C1]  do_syscall_64+0xcd/0x4e0
[  260.653433][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  260.653445][    C1] RIP: 0033:0x7fd115b8ec29
[  260.653455][    C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  260.653465][    C1] RSP: 002b:00007fd1169df038 EFLAGS: 00000246 ORIG_RAX: 0000000000000136
[  260.653475][    C1] RAX: ffffffffffffffda RBX: 00007fd115dd6090 RCX: 00007fd115b8ec29
[  260.653482][    C1] RDX: 0000000000000002 RSI: 0000200000008400 RDI: 00000000000001e3
[  260.653489][    C1] RBP: 00007fd115c11e41 R08: 0000000000000286 R09: 0000000000000000
[  260.653495][    C1] R10: 0000200000008640 R11: 0000000000000246 R12: 0000000000000000
[  260.653501][    C1] R13: 00007fd115dd6128 R14: 00007fd115dd6090 R15: 00007ffd715c9258
[  260.653511][    C1]  </TASK>
[  260.653515][    C1] 
[  261.274242][    C1] Allocated by task 8321:
[  261.278570][    C1]  kasan_save_stack+0x33/0x60
[  261.283222][    C1]  kasan_save_track+0x14/0x30
[  261.287869][    C1]  __kasan_kmalloc+0xaa/0xb0
[  261.292430][    C1]  __kmalloc_noprof+0x223/0x510
[  261.297253][    C1]  tomoyo_realpath_from_path+0xc2/0x6e0
[  261.302788][    C1]  tomoyo_path_perm+0x274/0x460
[  261.307628][    C1]  tomoyo_path_symlink+0x97/0xe0
[  261.312541][    C1]  security_path_symlink+0x152/0x2e0
[  261.317819][    C1]  do_symlinkat+0x10d/0x310
[  261.322298][    C1]  __x64_sys_symlinkat+0x93/0xc0
[  261.327218][    C1]  do_syscall_64+0xcd/0x4e0
[  261.331699][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  261.337562][    C1] 
[  261.339857][    C1] Freed by task 8321:
[  261.343815][    C1]  kasan_save_stack+0x33/0x60
[  261.348476][    C1]  kasan_save_track+0x14/0x30
[  261.353122][    C1]  kasan_save_free_info+0x3b/0x60
[  261.358119][    C1]  __kasan_slab_free+0x60/0x70
[  261.362853][    C1]  kfree+0x2b4/0x4d0
[  261.366722][    C1]  tomoyo_realpath_from_path+0x19f/0x6e0
[  261.372329][    C1]  tomoyo_path_perm+0x274/0x460
[  261.377164][    C1]  tomoyo_path_symlink+0x97/0xe0
[  261.382089][    C1]  security_path_symlink+0x152/0x2e0
[  261.387370][    C1]  do_symlinkat+0x10d/0x310
[  261.391851][    C1]  __x64_sys_symlinkat+0x93/0xc0
[  261.396798][    C1]  do_syscall_64+0xcd/0x4e0
[  261.401312][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  261.407214][    C1] 
[  261.409517][    C1] The buggy address belongs to the object at ffff888050ed6000
[  261.409517][    C1]  which belongs to the cache kmalloc-4k of size 4096
[  261.423544][    C1] The buggy address is located 4095 bytes to the right of
[  261.423544][    C1]  allocated 4096-byte region [ffff888050ed6000, ffff888050ed7000)
[  261.438361][    C1] 
[  261.440674][    C1] The buggy address belongs to the physical page:
[  261.447052][    C1] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x50ed0
[  261.455785][    C1] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  261.464264][    C1] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  261.471799][    C1] page_type: f5(slab)
[  261.475753][    C1] raw: 00fff00000000040 ffff88801b842140 dead000000000100 dead000000000122
[  261.484311][    C1] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000
[  261.492882][    C1] head: 00fff00000000040 ffff88801b842140 dead000000000100 dead000000000122
[  261.501528][    C1] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000
[  261.510175][    C1] head: 00fff00000000003 ffffea000143b401 00000000ffffffff 00000000ffffffff
[  261.518818][    C1] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  261.527455][    C1] page dumped because: kasan: bad access detected
[  261.533836][    C1] page_owner tracks the page as allocated
[  261.539534][    C1] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5852, tgid 5852 (syz-executor), ts 104992691521, free_ts 104961154267
[  261.560276][    C1]  post_alloc_hook+0x1c0/0x230
[  261.565032][    C1]  get_page_from_freelist+0x132b/0x38e0
[  261.570582][    C1]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  261.576463][    C1]  alloc_pages_mpol+0x1fb/0x550
[  261.581321][    C1]  new_slab+0x247/0x330
[  261.585462][    C1]  ___slab_alloc+0xcf2/0x1750
[  261.590127][    C1]  __slab_alloc.constprop.0+0x56/0xb0
[  261.595484][    C1]  __kmalloc_noprof+0x2f2/0x510
[  261.600323][    C1]  tomoyo_realpath_from_path+0xc2/0x6e0
[  261.605850][    C1]  tomoyo_path_number_perm+0x245/0x580
[  261.611283][    C1]  tomoyo_path_mkdir+0x9b/0xe0
[  261.616017][    C1]  security_path_mkdir+0x154/0x2f0
[  261.621102][    C1]  do_mkdirat+0x175/0x3e0
[  261.625404][    C1]  __x64_sys_mkdirat+0x83/0xb0
[  261.630140][    C1]  do_syscall_64+0xcd/0x4e0
[  261.634618][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  261.640498][    C1] page last free pid 5866 tgid 5866 stack trace:
[  261.646805][    C1]  __free_frozen_pages+0x7d5/0x10f0
[  261.651981][    C1]  __put_partials+0x165/0x1c0
[  261.656638][    C1]  qlist_free_all+0x4d/0x120
[  261.661203][    C1]  kasan_quarantine_reduce+0x195/0x1e0
[  261.666638][    C1]  __kasan_slab_alloc+0x69/0x90
[  261.671457][    C1]  __kvmalloc_node_noprof+0x230/0x620
[  261.676801][    C1]  seq_read_iter+0x826/0x12c0
[  261.681448][    C1]  kernfs_fop_read_iter+0x46c/0x610
[  261.686618][    C1]  vfs_read+0x8bc/0xcf0
[  261.690748][    C1]  ksys_read+0x12a/0x250
[  261.694976][    C1]  do_syscall_64+0xcd/0x4e0
[  261.699459][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  261.705326][    C1] 
[  261.707639][    C1] Memory state around the buggy address:
[  261.713239][    C1]  ffff888050ed7e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  261.721273][    C1]  ffff888050ed7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  261.729309][    C1] >ffff888050ed7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  261.737337][    C1]                                                                 ^
[  261.745277][    C1]  ffff888050ed8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  261.753305][    C1]  ffff888050ed8080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  261.761330][    C1] ==================================================================
[  261.769364][    C1] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  261.776538][    C1] CPU: 1 UID: 0 PID: 8329 Comm: syz.4.656 Not tainted syzkaller #0 PREEMPT(full) 
[  261.785701][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  261.795728][    C1] Call Trace:
[  261.798980][    C1]  <IRQ>
[  261.801797][    C1]  dump_stack_lvl+0x3d/0x1f0
[  261.806362][    C1]  vpanic+0x6e8/0x7a0
[  261.810322][    C1]  ? __pfx_vpanic+0x10/0x10
[  261.814803][    C1]  ? __pfx_vprintk_emit+0x10/0x10
[  261.819801][    C1]  ? mcp2221_raw_event+0x1070/0x10a0
[  261.825061][    C1]  panic+0xca/0xd0
[  261.828753][    C1]  ? __pfx_panic+0x10/0x10
[  261.833143][    C1]  ? end_report+0x4c/0x170
[  261.837532][    C1]  ? rcu_is_watching+0x12/0xc0
[  261.842268][    C1]  ? lock_release+0x201/0x2f0
[  261.846929][    C1]  check_panic_on_warn+0xab/0xb0
[  261.851854][    C1]  end_report+0x107/0x170
[  261.856164][    C1]  kasan_report+0xee/0x110
[  261.860578][    C1]  ? mcp2221_raw_event+0x1070/0x10a0
[  261.865846][    C1]  mcp2221_raw_event+0x1070/0x10a0
[  261.870934][    C1]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  261.876721][    C1]  __hid_input_report.constprop.0+0x314/0x450
[  261.882764][    C1]  ? __pfx_mcp2221_raw_event+0x10/0x10
[  261.888200][    C1]  hid_irq_in+0x35e/0x870
[  261.892505][    C1]  __usb_hcd_giveback_urb+0x388/0x610
[  261.897847][    C1]  usb_hcd_giveback_urb+0x39b/0x450
[  261.903014][    C1]  dummy_timer+0x1814/0x3a30
[  261.907589][    C1]  ? __pfx_dummy_timer+0x10/0x10
[  261.912500][    C1]  ? __pfx_dummy_timer+0x10/0x10
[  261.917408][    C1]  ? mark_held_locks+0x49/0x80
[  261.922147][    C1]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  261.927924][    C1]  ? __pfx_dummy_timer+0x10/0x10
[  261.932830][    C1]  __hrtimer_run_queues+0x202/0xad0
[  261.938005][    C1]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  261.943697][    C1]  ? read_tsc+0x9/0x20
[  261.947740][    C1]  hrtimer_run_softirq+0x17d/0x350
[  261.952823][    C1]  handle_softirqs+0x219/0x8e0
[  261.957574][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  261.962833][    C1]  __irq_exit_rcu+0x109/0x170
[  261.967482][    C1]  irq_exit_rcu+0x9/0x30
[  261.971697][    C1]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  261.977301][    C1]  </IRQ>
[  261.980203][    C1]  <TASK>
[  261.983109][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  261.989063][    C1] RIP: 0010:finish_task_switch.isra.0+0x22a/0xc10
[  261.995456][    C1] Code: fb 09 00 00 44 8b 05 b9 8c 22 0f 45 85 c0 0f 85 be 01 00 00 4c 89 e7 e8 a4 f6 ff ff e8 af 69 3a 00 fb 65 48 8b 1d 5e c5 4d 12 <48> 8d bb 18 16 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1
[  262.015036][    C1] RSP: 0018:ffffc900101071e0 EFLAGS: 00000206
[  262.021077][    C1] RAX: 0000000000004699 RBX: ffff8880316c0000 RCX: 0000000000000007
[  262.029022][    C1] RDX: 0000000000000000 RSI: ffffffff8de52d29 RDI: ffffffff8c163380
[  262.036967][    C1] RBP: ffffc90010107228 R08: 0000000000000001 R09: 0000000000000001
[  262.044908][    C1] R10: ffffffff90ab7597 R11: 0000000000000000 R12: ffff8880b853a300
[  262.052852][    C1] R13: ffff8880546b0000 R14: ffff8880b843a300 R15: ffff8880b853b170
[  262.060808][    C1]  ? __switch_to+0x7a5/0x11a0
[  262.065460][    C1]  __schedule+0x1198/0x5de0
[  262.069935][    C1]  ? __lock_acquire+0x62e/0x1ce0
[  262.074864][    C1]  ? __pfx___schedule+0x10/0x10
[  262.079699][    C1]  ? page_table_check_set+0x627/0x750
[  262.085041][    C1]  ? page_table_check_set+0x631/0x750
[  262.090394][    C1]  ? preempt_schedule_thunk+0x16/0x30
[  262.095739][    C1]  preempt_schedule_common+0x44/0xc0
[  262.101009][    C1]  preempt_schedule_thunk+0x16/0x30
[  262.106187][    C1]  _raw_spin_unlock+0x3e/0x50
[  262.110833][    C1]  do_wp_page+0x177b/0x4f00
[  262.115314][    C1]  ? __pfx_do_wp_page+0x10/0x10
[  262.120141][    C1]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  262.125484][    C1]  ? ___pte_offset_map+0x2ad/0x4f0
[  262.130569][    C1]  __handle_mm_fault+0x1b2d/0x2a50
[  262.135657][    C1]  ? mt_find+0x3ef/0xa30
[  262.139876][    C1]  ? __pfx___handle_mm_fault+0x10/0x10
[  262.145307][    C1]  ? __pfx_mt_find+0x10/0x10
[  262.149884][    C1]  ? find_vma+0xbf/0x140
[  262.154095][    C1]  ? __pfx_find_vma+0x10/0x10
[  262.158749][    C1]  handle_mm_fault+0x589/0xd10
[  262.163488][    C1]  ? trace_raw_output_exceptions+0x131/0x150
[  262.169448][    C1]  do_user_addr_fault+0x7a6/0x1370
[  262.174532][    C1]  ? rcu_is_watching+0x12/0xc0
[  262.179269][    C1]  exc_page_fault+0x5c/0xb0
[  262.183755][    C1]  asm_exc_page_fault+0x26/0x30
[  262.188576][    C1] RIP: 0010:rep_movs_alternative+0x4a/0x90
[  262.194353][    C1] Code: cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 <f3> a4 c3 cc cc cc cc 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48
[  262.213934][    C1] RSP: 0018:ffffc90010107948 EFLAGS: 00050206
[  262.220041][    C1] RAX: 0000000000000001 RBX: 0000000000001000 RCX: 0000000000000e80
[  262.227981][    C1] RDX: 0000000000000000 RSI: ffff888013dad180 RDI: 00002000000e0000
[  262.235925][    C1] RBP: 0000000000001000 R08: 0000000000000000 R09: ffffed10027b5bff
[  262.243866][    C1] R10: ffff888013dadfff R11: 0000000000000000 R12: 00000000000dfb80
[  262.251810][    C1] R13: ffffc90010107d50 R14: ffff888013dad000 R15: 00002000000dfe80
[  262.259757][    C1]  _copy_to_iter+0x4eb/0x1710
[  262.264416][    C1]  ? __pfx__copy_to_iter+0x10/0x10
[  262.269502][    C1]  ? __up_read+0x1f8/0x750
[  262.273896][    C1]  ? __pfx_pin_user_pages_remote+0x10/0x10
[  262.279680][    C1]  ? mm_access+0x22d/0x2e0
[  262.284090][    C1]  copy_page_to_iter+0x12a/0x1e0
[  262.289009][    C1]  process_vm_rw_core.constprop.0+0x5ad/0x970
[  262.295048][    C1]  ? __pfx_process_vm_rw_core.constprop.0+0x10/0x10
[  262.301611][    C1]  ? iovec_from_user+0xbb/0x140
[  262.306437][    C1]  process_vm_rw+0x2ff/0x360
[  262.311083][    C1]  ? __pfx_process_vm_rw+0x10/0x10
[  262.316181][    C1]  ? xfd_validate_state+0x61/0x180
[  262.321271][    C1]  ? __task_pid_nr_ns+0x17c/0x500
[  262.326264][    C1]  __x64_sys_process_vm_readv+0xe2/0x1c0
[  262.331873][    C1]  ? do_syscall_64+0x91/0x4e0
[  262.336523][    C1]  ? lockdep_hardirqs_on+0x7c/0x110
[  262.341703][    C1]  do_syscall_64+0xcd/0x4e0
[  262.346181][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  262.352048][    C1] RIP: 0033:0x7fd115b8ec29
[  262.356441][    C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  262.376020][    C1] RSP: 002b:00007fd1169df038 EFLAGS: 00000246 ORIG_RAX: 0000000000000136
[  262.384405][    C1] RAX: ffffffffffffffda RBX: 00007fd115dd6090 RCX: 00007fd115b8ec29
[  262.392354][    C1] RDX: 0000000000000002 RSI: 0000200000008400 RDI: 00000000000001e3
[  262.400300][    C1] RBP: 00007fd115c11e41 R08: 0000000000000286 R09: 0000000000000000
[  262.408254][    C1] R10: 0000200000008640 R11: 0000000000000246 R12: 0000000000000000
[  262.416194][    C1] R13: 00007fd115dd6128 R14: 00007fd115dd6090 R15: 00007ffd715c9258
[  262.424138][    C1]  </TASK>
[  262.427334][    C1] Kernel Offset: disabled
[  262.431636][    C1] Rebooting in 86400 seconds..