last executing test programs:

6.019068759s ago: executing program 1 (id=1272):
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000000)={0x0, <r0=>0x0}, 0x8)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x6, 0x3, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000580)={'veth0_to_team\x00', <r3=>0x0})
r4 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r1, r3, 0x25, 0x0, @void}, 0x10)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000040)={r4, r1, 0x4, r1}, 0x10)

5.740533103s ago: executing program 1 (id=1274):
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x3)
map_shadow_stack(&(0x7f0000517000/0x3000)=nil, 0x3000, 0x1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=@newtaction={0x14, 0x30, 0x1}, 0x14}}, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
nanosleep(&(0x7f0000000040)={0x0, 0x989680}, 0x0)
r0 = syz_open_procfs$pagemap(0x0, &(0x7f0000001080))
ioctl$PAGEMAP_SCAN(r0, 0xc0606610, &(0x7f0000000140)={0x60, 0x0, &(0x7f0000001000/0x3000)=nil, &(0x7f0000c68000/0x3000)=nil, 0x7fffffff, 0x0, 0x0, 0x6, 0x14, 0x5a, 0x0, 0x46})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r1)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000003900000008000300", @ANYRES32=r3, @ANYBLOB="10005a800c000180050004000e"], 0x2c}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x75e, 0x7}, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) (async)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x3) (async)
map_shadow_stack(&(0x7f0000517000/0x3000)=nil, 0x3000, 0x1) (async)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=@newtaction={0x14, 0x30, 0x1}, 0x14}}, 0x0) (async)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) (async)
nanosleep(&(0x7f0000000040)={0x0, 0x989680}, 0x0) (async)
syz_open_procfs$pagemap(0x0, &(0x7f0000001080)) (async)
ioctl$PAGEMAP_SCAN(r0, 0xc0606610, &(0x7f0000000140)={0x60, 0x0, &(0x7f0000001000/0x3000)=nil, &(0x7f0000c68000/0x3000)=nil, 0x7fffffff, 0x0, 0x0, 0x6, 0x14, 0x5a, 0x0, 0x46}) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r1) (async)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00'}) (async)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000003900000008000300", @ANYRES32=r3, @ANYBLOB="10005a800c000180050004000e"], 0x2c}}, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x75e, 0x7}, 0x0) (async)

5.307237481s ago: executing program 4 (id=1277):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newlink={0x34, 0x10, 0x801, 0x0, 0x25dfdbfd, {}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8, 0x1, r2}]}, @IFLA_GROUP={0x8}]}, 0x34}}, 0x0)
close(0x4)
getpgrp(0xffffffffffffffff)
syz_open_dev$vcsn(&(0x7f00000000c0), 0x6c90, 0x40000)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r5 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r4, &(0x7f0000000300)={@val={0x0, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x3d}, @mpls={[], @ipv4=@tcp={{0x8, 0x4, 0x0, 0x3e, 0x40, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local, {[@timestamp={0x44, 0xc, 0x67, 0x0, 0x0, [0x4, 0x3]}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x2, 0x8, 0x0, 0x0, 0x0, 0x4, {[@window={0xa, 0x3}, @eol, @generic={0x0, 0x5, "d58838"}]}}}}}}, 0x4e)
r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)=0x4})
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="050000000a0000004200000040"], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000080), 0x1003, r8}, 0x38)

4.996571247s ago: executing program 3 (id=1278):
socket(0x10, 0x803, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newtfilter={0x38, 0x2c, 0xd27, 0x70bd2c, 0x0, {0x0, 0x0, 0x0, 0x0, {0xa, 0x9}, {}, {0xc, 0x8}}, [@filter_kind_options=@f_fw={{0x7}, {0xc, 0x2, [@TCA_FW_CLASSID={0x8, 0x1, {0x1, 0x9}}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x60000080}, 0x20000000)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file2\x00', 0x80142, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)=@updpolicy={0xc4, 0x19, 0xfd3649826d894c67, 0x0, 0x0, {{@in6=@empty, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x1, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0xfffffffffffffffc}, {0x0, 0xacb0, 0x400000000}, 0x400}, [@policy_type={0xa, 0x10, {0x1}}]}, 0xc4}}, 0x4c050)

4.673448041s ago: executing program 3 (id=1280):
socket$kcm(0x10, 0x0, 0x0)
r0 = syz_open_dev$loop(&(0x7f0000000140), 0x1, 0x2000)
ioctl$BLKCRYPTOPREPAREKEY(r0, 0xc040128b, &(0x7f0000000280)={&(0x7f00000001c0)="364e921da9d1c63b8d3048d19968493b14f37afc25e89e64", 0x18, &(0x7f0000000200)=""/118, 0xffffffffffffff28})
openat$dma_heap(0xffffffffffffff9c, &(0x7f00000002c0), 0x40, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r1 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000640)='\xf0\x891\xb8R\xe6\x8d\x12\xe5\xe3+\xcd24\x01\x80\x1a\xc9A\x93\xb1@\xbf\x89K\xd0\x86\xd9\x86\x18\xc4:\xc3\xe0\xac\xed~\x97\a\xbe\xfb1d\xbe\xa1\xc1N\xd2p\xf0\xc6\xf3\x8eD\x1b\xc7q\x99?9\xf1\xe6\f\xa9\x90\xec:\x037\xe8\x0f\rX6\xf2\x88\x8d\r\xd2\xfc+\x19\x9a}\x9c\xd9\x1a\xef\xf1\x16d>ah\xa2\xa7\x02U\x06\xe1\xe1PY\x90\x17\xf0p\x01*!I\xd3$\xd00C\x88*NA\xc3\x95`\xb2\xf1\xb1\xed\x91\xe4\x87\xcf_9\x1eIpAfN\x99\xa9\v)\x98p\xea[\xc5&D\xe7\xf3\xba/\xcd\xdb\x9dz\xb2\xbf\xc6\xea?\x13(\x15\xc1\tm\xe7t,[\x14|bM\xfa\xeb\x91\xb0\xdfAR\xf3\xe2\xdf', &(0x7f00000007c0)='{\xe0e%m\"\x92\xb5\xcb\x00\x01\x0e!5\xd8\xf2\x92\x97\x86\xf9\xa8\xe7;\xdff3\x83\xb1a\xf2j\x90\x10@\x1chOK\x98\xae\xd6>\xbaN\x1d_N\xcbdIP2$\xbc\xc9\x89\xb5\n\x90-i%\xe2\x94\fH\xf1\xed\r\b\x1c\x81>\t\xc30-\xe2\xb3\xb0<m\x8ePDhx\x04\xd8\x17\xbcP\x8bl\xd5\x00\x00\x00\x00\x00\x00\xa3E\x9a_\x9b\x98#\xb2\x03\x18!V\x1b\xcbk\xf8\xd6JE4,\xdf\x96\x80j#\xf9\xd8\x13,\x89\x10\x90:l/\xb9T\x9a', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000b40)='q\xb8\x1c\xec\xbee', &(0x7f0000000040)='c:::\x00', 0x0)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
bind$nfc_llcp(r2, &(0x7f0000000240)={0x27, 0x0, 0x0, 0x4, 0x0, 0x3, "e88509de7f1939e8abff005597c8ef039a5be42200", 0x13}, 0x60)
setsockopt$nfc_llcp_NFC_LLCP_MIUX(r2, 0x118, 0x1, 0x0, 0x0)
r3 = gettid()
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
readv(r1, &(0x7f0000000e80)=[{&(0x7f0000000500)=""/232, 0xe8}], 0x1)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000880)='\xf5\xfc\xd2\xec]\x95zx8*\xa2d\x11\xb5\xb1\x01\x00\x00\x00\xe49{\x8a{\x81s\xea$\xdfg\xb1\x03DY!\x97\xadM\xd7\xff\x8a\xcd[>\x12e\xc3]d8\xba\x8ec\x00\x00\x00\x00\x00\x00\x00\xa0\xe2\xd5y\xec\x90\x00\x98Y\x91\x19\x16\x89\xd0\x1a\xad\xcd\xd6\xd0\xc6\xb9\xeb\x95\xd3\x9cl\x9cu#\xb4\xee\xe5\x9d\t\fV\xd4\xda\xfc`2?\x15P\xba\x14b\x1c\xcc\xd5\xb9jA$s\xb9g3\x15M\xd9\xb9 \xca[\xc7\xec\xa9;\xee\x01\xc9\xc4\x1f\xc3\xe4\xfa\xd3fU\x0e\x86\xc8\xa7\xaf\xaf\x04p\xa3\x8bb\xbf\\\xdb\x83\x00\x96sy\x14\x1eo\xcc9&\x946\xf9\xf5v\xee\xb5m$;\x01\xb8\xeau\x00\xd1S=\x920H\xc2z\xb5\xbe\x95\xef\xeb\xd1\xc8\xa1\xba\xach\xbef\xa8\x86\xc2\x18\x9cC\x15\x9c^\xcf\xe9\xbcp\xb4Ff\x00\x9d>p\"\x19\xd8}|~\xae\xdb\a59f\xb8?\xba\xf2\x8e\xa5y\\\xf0\fkd??-\x983\xf3\x19\xc7\xc0/\xe9\x1a\x80=\xa72)\xd2\x00'/277, &(0x7f00000002c0)='/\x00\x01\x00H\x98', 0x0)
tkill(r3, 0xb)
sched_setscheduler(0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000009c0)="d80000001e0081054e81f782dbe8abd22d267e8e1c007c09e8fe08a104000e800a00142603600e1208000fc01e000402a80016c008000e400400027c035c0461c1d67f6f94007134cff6d26efb8000a0ffa290457f0189c129f509c1c9d8c87017eeadc9c809b316277ce06bba0000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16c82934f8ba41ea5f7a5025ccced500360db7e5167fda40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e97039278177ec960bb756b", 0x63f11ec94259eb9c}], 0x1}, 0x4048450)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f0000000300), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
setrlimit(0x0, &(0x7f0000000000)={0x6, 0x7})
socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x4a, &(0x7f0000000040), 0x4)
mprotect(&(0x7f0000005000/0x3000)=nil, 0x3000, 0x18)
sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, 0x0, 0x20004010)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, 0x0})

4.347057625s ago: executing program 1 (id=1282):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket(0x1, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f0000000400003366"], 0x48)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r3, &(0x7f0000000180), &(0x7f00000000c0)=@tcp6=r2}, 0x20)
sendmmsg$unix(r2, &(0x7f0000001680), 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
r4 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
r5 = openat$binfmt(0xffffffffffffff9c, r4, 0x42, 0x1ff)
close(r5)
execveat$binfmt(0xffffffffffffff9c, r4, 0x0, 0x0, 0x0)
r6 = openat$binfmt(0xffffffffffffff9c, r4, 0x2, 0x0)
close(r6)
execveat$binfmt(0xffffffffffffff9c, r4, 0x0, 0x0, 0x0)
execveat$binfmt(0xffffffffffffff9c, r4, &(0x7f00000004c0)={[&(0x7f0000000000)='\x00', &(0x7f00000003c0)=')!}\x00']}, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001400)=@newlink={0x20, 0x10, 0x49920d862a92153b, 0x800, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1b400}}, 0x20}}, 0x0)
r7 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', <r8=>0x0})
r9 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000040)={0x0, 0xffa1, &(0x7f0000000380)={&(0x7f0000000140)=ANY=[@ANYBLOB="440000001300a7cc4a372eaf541d002007000000", @ANYRES32=r8, @ANYBLOB="00000000100000001c001a80080002802d00ff0008000200", @ANYBLOB="35874207"], 0x44}, 0x1, 0x0, 0x0, 0x50}, 0x0)

4.078242112s ago: executing program 2 (id=1284):
sched_setaffinity(0x0, 0x0, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x13, 0x0, 0x0)
mount$tmpfs(0x0, &(0x7f0000000540)='./cgroup\x00', &(0x7f0000000580), 0x2cc010, &(0x7f0000000200)=ANY=[@ANYBLOB="6d706f6c3d6465743d72656c61746976652c67727003006f6e3a65756c6f636b5f686172646c696d69743d787470bdaf1b0e9c75a12b604bdff6002c67727071756f74612c6e6f737761702c6e725f626c6f636b733d742c73697a653d13356d2535342c6e725f696e6f6465733d303900000000"])
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0xff59}, 0x0)
openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000480)={0x9, 0x8b}, 0x0)
setrlimit(0x6, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10002)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
fanotify_mark(0xffffffffffffffff, 0x105, 0x40001032, 0xffffffffffffffff, 0x0)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000040), 0x6)
ioctl$sock_bt_hci(r1, 0x800448d7, &(0x7f0000000880))
r2 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r3=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f0000000300)={0x0, 0xfffffffffffffc99, r3, <r4=>0x0})
r5 = syz_open_dev$dri(&(0x7f0000000100), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETFB(r5, 0xc01c64ad, &(0x7f0000000080)={r4})
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000003c0)='GPL\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', r8}, 0x10)
ioctl$KVM_CAP_X86_APIC_BUS_CYCLES_NS(r7, 0x4068aea3, &(0x7f0000000100)={0xed, 0x0, 0x3})
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x1000004, 0x13, r5, 0x100000000)
syz_open_dev$vim2m(&(0x7f0000002c80), 0x3, 0x2)

3.957067695s ago: executing program 0 (id=1285):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f00000006c0)=ANY=[@ANYBLOB="18000000000000000047ff00000095000000020000010000db175aa860e6e54900da"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000280)={0x1f, 0x1, 0x2}, 0x6)

3.931176628s ago: executing program 4 (id=1286):
r0 = fsopen(&(0x7f0000000500)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
syz_open_dev$ndb(&(0x7f0000000880), 0x0, 0x801)
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$IOMMU_HWPT_ALLOC$TEST(0xffffffffffffffff, 0x3b89, &(0x7f0000000340)={0x28, 0x1, 0x0, 0x0, <r6=>0x0, 0x0, 0xdead, 0x4, &(0x7f00000002c0)})
ioctl$IOMMU_TEST_OP_MD_CHECK_MAP(r4, 0x3ba0, &(0x7f00000003c0)={0x48, 0x3, r6, 0x0, 0x1000, 0xe, &(0x7f0000000380)="8c572baf5bb188080900e65610c6"})
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000680)={'bridge0\x00', <r7=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r7, 0x3f, 0x40206}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_BR_MULTI_BOOLOPT={0xc, 0x2e, {0x3, 0x3}}, @IFLA_BR_VLAN_FILTERING={0x5, 0x7, 0x8}]}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x44000}, 0x0)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r8 = fsmount(r0, 0x0, 0x0)
fchdir(r8)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=@newtaction={0x48, 0x30, 0x1, 0x0, 0xfffffffd, {}, [{0x34, 0x1, [@m_csum={0x30, 0x1, 0x0, 0x0, {{0x9}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x81}, 0x0)
getsockname(r9, &(0x7f0000000180)=@nl=@proc, &(0x7f0000000280)=0x80)
mount$overlay(0x0, 0x0, &(0x7f0000000140), 0x200800, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}]})
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f0000000440)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1/file0'}}, {@upperdir={'upperdir', 0x3d, './file1/file0'}}]})

3.453096569s ago: executing program 0 (id=1287):
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x101002, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
clock_adjtime(0x0, &(0x7f0000000000)={0xfffd, 0x4, 0xb0000000000, 0x3, 0x0, 0x0, 0xfffffffffffffffb, 0x0, 0x400000, 0x0, 0x3b9ac9ff, 0x0, 0x81, 0xffffffffffffffff, 0x2000000000000000, 0x5a6c101, 0x3, 0x1, 0x0, 0x0, 0xffffffffffffffff, 0x100000000000, 0x7, 0x1ff, 0x4, 0x8})
pivot_root(&(0x7f00000001c0)='.\x00', 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000740)=0xe)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x400448ca, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c0000000203030000000000000000000000001008000440000000008b7ee2ea5fccd78267"], 0x1c}}, 0x0)
sendmsg$NFQNL_MSG_VERDICT(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x4008000}, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1, 0x1}, 0x28)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x40040)
r5 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x8, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES64])
mount(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000280)='autofs\x00', 0x221080c, 0x0)
setpgid(0x0, r5)

3.336762968s ago: executing program 2 (id=1288):
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff}, 0x13f, 0x6}}, 0x20)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="400000002100110829bd7000fcdbdf250a0010020c000004040000001400020020010000000000000000000200010002050016003a00000008001700", @ANYRES32=r1], 0x40}, 0x1, 0x0, 0x0, 0x4000000}, 0x44000)
r2 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000140), 0xc4800, 0x0)
ioctl$SNDCTL_DSP_GETFMTS(r2, 0x8004500b, &(0x7f0000000180)=0x9)
write$RDMA_USER_CM_CMD_BIND(0xffffffffffffffff, &(0x7f0000000080)={0x14, 0x88, 0xfa00, {r0, 0x1c, 0x0, @in6={0xa, 0x4e20, 0x2, @remote, 0x4}}}, 0x90)

3.179056584s ago: executing program 3 (id=1289):
r0 = syz_open_dev$loop(&(0x7f0000000100), 0xf01c, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
prctl$PR_SET_NAME(0xf, &(0x7f00000002c0)='+}[@\x00G5\v\x89n\xb2\x0e\xb7\xb4\x9a\xb3\xb9\xe1\xff@`\x87\xefy\xb7\xe0\xe6c\x91\x81ND\t3\xc4\xca\xf0\xd0Zp\xadbdY\xdcz\xc6lo\xd0\xc7\'CT')
r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
r3 = syz_open_dev$usbfs(&(0x7f0000000240), 0xb, 0x101301)
ioctl$USBDEVFS_IOCTL(r3, 0xc0105500, &(0x7f0000000040)=@usbdevfs_connect={0x6a0})
write$UHID_INPUT(r1, &(0x7f00000007c0)={0x8, {"dc5d3b0169633d3eba3eabbc09167be55101d4af4b22a373236464d2dbfaa84399b77bd438a54364a7ebc5bdaab4f9decb7c044318cd59a0af8279bcab35dd7daf7a0ceb381df2c32eff45b13e2c8f40e1895355bf6f165200cb1ca41a155730ee2e9f83183f9fafe029d0401b0770618254a8b2dc87b630072b1e2de160d1afed51b74c14b71ec1b226a324482d14ad586b1a4ce80e458fe45244c01eddeddf3564af838d6d5324f8a77023d6eb7aa14397a0e1413ea1c3dfdf063a35b709e627f36fe403ee3117365be5017682f53595f28543062c740a94a794312f5cebc315044b8ea000a5d0f27812ab0ce149d11e6f6f7620c5f3e250bf67d13a1ca39dbb7b8b5a31e3d7ba7ebe5849a7a09b61fc9f2cfc54b89e9cd0105bca49483ce55e0187ce2ad692a18219d881057c838587b915337169ee054655f26a04df913a658fccbf4def6aad750ca4796b74d322c67e9d4ee6a530a22dcc35db850b424d6ec9f62495b9f9fd2b000feadd57d26dbd505798c208d91eb0aab0fd97537631b8bf81ce0e2241c4272be4ff69b390e4485d574146b76d1fdbf7fc5334906805534cdae1e47240af7761a18fc8bd0a694be47529da98bc0f98eb7db3fc4a74cbb6e486f4de90fbf2452e72c2e1dca44543ad9ad094b8bc861eef1e814662d0b350339e3a510d459c6f83aabd5fd3dcb38224056d761e7df9b482b9905f1e2135c1929be328ecdb69c007a3efd548502c83106f6df1ab1178fac499eda92ad4373155227ec2df150c919d322ecb3ea37e659285f18a3e2f79b59900ca438df3a1381380a12d3ad7678e0a8d3bdfb40651389b4ac8c66138d442d70eafdc2df8b080028006b124e4ebe0d9883ef100f1934e42794146382c1d628fd2ebe5859b6c243824903d056d800975675bb1913142adbc039a9c68c2f146a0e8903447313f5e5549905f397a9b1f21a93b80c4d04a8ea7a29a50fbc5407a9305bba420edf898ea678d6879489c39692c99bb6dacf61f5f97637b94c1031d635b5423b38b9196fafaaf87b2796eadc21466af5a10281e6a808748969d29efb444c99a4cb2111732a792dbca4376a125a68f7cdac065cc6173dc21caafba48c742d9a7df2f771ff2f5725b22c247d4e0c6106f9f5f6929b69929ab37e9a9b326ce618bb702b883b12026f1300f21f2c7440cac8c5f1210a78aa067211d2827f5dcc7578252c2ccc3f67bab9d1bb6939b21b550788ef550acfed4bf50c0b4fb3ca4d2872ee64f95d611a317d9daaf373a10d868680b2226396c95fa2b0ab4d6fce06c3b42cb97d17a7b5089061537fdeb1a53040869f7befca330358fdba86754fc2e46c2113e1484cb37534af8f0408a7ee313778dab49f08229964298f847ea66c4ec319f64b6a12da585bc59e82e0263c507b397d3efee3b4066f4d25566aa1549f6185f6375f84b65fa8945148b90430c86a5b6fdf58d5c812b98d9dc621fd9a3d9f1a577495356516d1cbcf5e8bb8923b54b247225b9c3892b18a9e137f3620c734052af9dc8f1ea36f0d4592d5ee32e35676a84dc891f97456f2ac3a4ab58a42bcdc221a4ac8bb28d428add2fcbe5b110a8afd5d23b31e827bd16167b2d88cae024afc04a722ac0b4d45c52512e6b6f102aac4be21bc89ce246539048370553660500000000000000d19399be6437bf21419304331b4342b2c1db580f0c9bf681fdb8e9fa3e025454197bbc82ef93ee2f385660818ec5127080675a8013766469afe3b1e36e81bf2f04c3a26eaf4517551e734d21ba3bc90e48aea0891792970c39f3f528397e9b7ae190f1760fe5960dc763ee0a17939c60bfcac0a8914be82c749e4fe85d1ac5fa733413468fb8941085e8c4d6e0b6d1e62e20da58440facd640ddbb6c1f694b3ca48757a34c5a11668368711a1d4f3a81d31ac30d71277d7ae77882b6841cfa6289e6cce84a3ad57eeb328f831888ac7d3cfcd3a472a48d903f20cec8c8ae8d0bea04ebf7413ef7693f8ed876e49bd5f89d7e1078208ff62712e330fc0341b9ccf26845578d44b1e0c66d1bebc14742baedfabb8e9a2c8f42730360c72997efe0ce786ff330c2eb6e0ff20896f813c2a515ce76f826c11a1c1588eb369231ddeb4a2f9f9591ecdecc74d20aeb50047beb3ab89a9e4e1b805a20b645c79d0bc5d0247fab8ba46a97a07630b1f1cb69b42b568af746733d2c581f057873d64fe6e659b00b4a26745f5fba1fe7406a86b007936c7cfdac53a4c5b0ea9f6604863c8e3f174eddbb09175f6e13cda9a860cf400ef9ed02b895502ac6e6de6a658249c3c6e8a653517eae2231e56e0f120547923c6549ebc1ed14c623637ce3d96af5c93a32e58e2d9659d8b5b145888b52d9a5b5cb3cdf594eb137bcef2ba068cfd2c6ccf7ab6e5b4ec55e9197bfb91c9b8729f7b50cf0b0326f7ea3e712c77674d48545ca2a86744c3c38f149d69cf811beacf7e5f49c7bfba20f1dcf3d7bc0b9c796016820a46495d244c9606a06fe2e14233eda78d69ae4523ad7b708b0c7ead44d7fd376fed60e3cc2ee25e9600adfbe87ac7c8fb8269aec9459602af0f420becda6120ce7d9626c65ae7f860639e8bf664eb4301ec18add0e436c0356c12ab6b4ca35da2b43c4a8c239fd0b59a2ce94843cdfa1667053165053633b062844dbb0d00070fde74fa3178eb5f1f5fd02e2088d8690379f39ab22c080cdcb29d700bac74fabd8a356fe99afe83a5d99aa5024e9158a299eda6c99b6701e64f1d68e7e2c0c6e88396bb535a02d0948f0a250a6e090041c96d9c9acd6134d44d516fd1010c39e572b86b05bb1326a2a4f23f11181186f9c2a01dc7b58c0129f4b851ca9b1e3dc35db7364e29ef646211796b1651511e041345abce427fa5d6e48b8fb078c8432061a4cc518a8f2a2caf709a5c1473a62112a6650afc64eec12f8f9c08cff1b6fbf7a1209fc8661f62303b7c5d49c1d0b32a9f37e81ed9ab6193816d40995ed49c10b9f5752e04d57535a3d16f06c65d32846c31ec9787ec4a965679eb804e86b45d007f38d8104550770dc6f313bc846e43a14a8c21d0628c744e3e83cb998d1b7acfe996541a8c03852dadf9326444c582b481cae844e4f3fe3d638903b38f24633b63adbad841ac6c4c1169d781a0e271e8a967b1c7e986fcb3a66168e86e3559a44fcfa92452260491da9397659af60453f4cd4be2d15439445ec2b4366a79d3283da912d9d499df1242bd174edc235848caa21d2c997aff0e95c7e5cc0803c90fab84e7be7b37909d0e2f3bc9974e3388acb6800baba183ecc8eea8c71c0d65d669e41f99ceae523b7a6b772f3b8ebba1d2127ccc3ddb7ddcb4ec73cbdc26fc87c3848e258a0b5484d3a13e40ec4e4a65dd92f09e9fe1e3e2f8b96c4e363aa3683860dee62dfcf8823ee4a3593a092e0bd9c4cedacf44a272faa164447b01f46a7795642a40c61b0034a37f0e9b792428a0ddcd144fe8263088eaac8016f8f1cd30b55ac90a8f10d785b7570dd9e639a4a068d3fe98a420b9f72e79de817f676c2a224300d749571ad43f49d1fbe838f4566bc7b5f104c384ad87189213152b644d9fcbdf98bafeee569d640ce9045779f1d90024c023a7480a358dee276fba139c14b4fdb12885240903d0e61dc161659a68f62c92b899007e0f2b65bf0a069e9e57c9b6ae50a3b30dd1003fb0eead73ae2f6010b3b356b4060579a4f29935e1f00c01d12e5f44e8e3163d81dfef7ca8560604240c7e96e4454c6971614df306c768121abb3f628e3f1d2d026f58d1087334c5bdb74d7c949b0ee66a4531ba4e9b922aee3d0f802ed034734507a5913c52966f1f8bd4577840de0253aabc23299dced2a299859c07af9fb0f9c29b6533b9d84d471390d59ab315f5ddb226f6b8dd7889295f0fb1f7bd0adafe4cc520a1e84bf2a59d5b9795aeafc8d6fd66a8228aba8653b98622617ddfeb5d6795c9bd2f35d4a0c386e862675a50e3314c3fbb17aca151c13c7fc8b1d1b72ed0a958537b5ddc9e74bddc2b9571ec3f2b7775b125338d4852a75a63941564c65bb36dfb6bea4aab1ae7a4f285c2177aa98406eb2cc10934aa92d5a9612d4455c84ad200841d289b5c2d5deab0d8e2459598ef183d3dc47f6bad0b9513710600cfa4d69fcd5763cdcc4f2c2b7cd7d4491fd52f4aec82ce846c0988f6f0123e21e900d39c61085e68c9badc350b44004f6c042d64b0d0cbf91ad0592b198f1eeea1e52200bc8e6d62848d6884b10bdde72466039da488be6b340c23148f666f2fe6e032c07dac43586df182aca9116f4600313fa8375c76337ba86bdc391dae6450218f58f047ced64befc6bb5c2a60024669630a6279fedf2fe45e7e19ce582ad96ae0d023eb9b39f5f1e666e73bb038ae38157275be5eb3e7cbc8b05adf53e817646bdc2cfce98e5d162bf7faaca787db8717ab8b27b9e35609c5fb9fe9def07f010df8b43cf5c96851eadfdeff0b7bc5826e7e15490ae9c3d14166ee81bef007070e7981235a673804ad89943ee6b51ac63364f7870e121e6ff23a0c7d179527cd58dd7a4ca37247c2bd9efc79b720bb1ee2d39862e98cb81e93cf5b48d5d02ee8ac737ab504c867a1c49e678300803c94fbe978dea918a1e71b9791ee1e4d30056e86c26a4675a8b090be2365c0b451a13ece52a89a7057fe2052e11c6666eb916d823ea66bf217c320acba3b714910734b2d27c2fa586bd7f7664b0d1422adabad2ce2afc10270057f11940fac1a51d023ce48bd04ea39b7f99381b239fd0ddeea0dce7863ec1f8f6177501746414ecf86e686a340a3148f87a9d7d60a1f2da53436d16fc88d6a4e7c3d55e0dd004cbecc15a5558eb705d82aacb1862ddc251dd5d9cbf1d78f97900ce6e8dab0ea678cb823bd1e7bbd1e927841af08f5427878c19f4f322228f9b36287fc13e7c1293ea875ae73815e052d6c2ebc40df8f7b9d1f76e0b10e35aa160944983d8e6b790df0d9b13f3460657336d81f7d83c0350324b930ec9c7557ce12887f76372e126f504b0980fea27f31a780c05187b9b5353dafc6b101543b24332b96e15bc26b19062e52fa9f86d260ee3a3bc92a133e328407bb85357ee5c45cb87228f44888b14941b5911b050e9319fe88033f830a8490917a9c0572ebbc5492b4e1083a2e3d77215a34abef947b5b9a950e780662de18873e55899c92db3ad3d437e8407890afa6b0c04ef861b8bc85fbbe1bb67b3d9ef001409f84b8ec4f01d861cecc143a805b981ab5cf5b605057b63cb2c84ec358e510a69cd8c33a8a62fe4680d0c980145cc709157832bfaef261cb0466c237376ca2944ce9affffd4b1dc7cc9511da0b34bffb9ac216fb8cf7c6572d95627787720d1ba67c6512fcdb16f6329e9668681c404efebad559f81f05971b5efb6b4cca97ad0346753cc0a40a877242d8a808c602b03dc962cee38e646cb18abb079c70d357c30738a70f55cd3c5956a83a1bfcd6649dd765f16bfe968066345df7380bbc0c16b3b5af513d6458c791343952f33a051c5d711c1f35af1b47f3db9bbfb5c7c636b3a2b52805d606479879be0b404a28ade5649a3185e0f85a85fc15cd824671c2befdd0da509597c87d869f0bd7ad163ad93ca28fc0c4025eccaafe385ec3fc06c54ebcd7b07b6c7e0197c5b9ef886159a1585ae45248f865be760db6f5bc8f868fc6aefd04e34ecb51159e4cdcc2214b42b1ca9caec13ba3e1b2e7a3c736977b226213d265c2873195122adb448088c8b50edd549be41c38ab176807b75e7267f86e4", 0x1000}}, 0x1006)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc5e3ed1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "9001001c551265406c7f306003d8a0f4bd0000000300"}})
socket$nl_netfilter(0x10, 0x3, 0xc)

2.536708912s ago: executing program 2 (id=1290):
iopl(0x3)
socket$can_raw(0x1d, 0x3, 0x1)
r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
socket$inet6(0xa, 0x3, 0x3a)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
socket$inet6_udp(0xa, 0x2, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x4080)
r1 = inotify_init1(0x80000)
ioctl$INOTIFY_IOC_SETNEXTWD(0xffffffffffffffff, 0x541b, 0xfffffffffffffffa)
r2 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000080)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0)
syz_usb_control_io(r2, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000001a80)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x4}}}, 0x24}, 0x1, 0x0, 0x0, 0x48801}, 0x0)
r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x10000000000)
ioctl$FS_IOC_GETVERSION(r3, 0x40025b0c, &(0x7f0000000040))
r4 = io_uring_setup(0x115c, &(0x7f0000000440)={0x0, 0x8270, 0x40, 0x3, 0x117})
io_uring_register$IORING_REGISTER_BUFFERS(r4, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_FILES(r4, 0x1e, &(0x7f0000000000), 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000032680)=""/102392, 0x18ff8)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
socket$nl_route(0x10, 0x3, 0x0)
openat$cgroup_type(r0, 0x0, 0x2, 0x0)
landlock_restrict_self(r1, 0x1)
openat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0)
r6 = syz_open_dev$vim2m(&(0x7f0000000080), 0x7ff, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r6, 0xc0d05605, &(0x7f0000000280)={0x1, @pix_mp={0xfffffff8, 0x93cf, 0x50424752, 0x0, 0x8, [{0x6, 0x5}, {0x9, 0x5}, {0x8, 0x3}, {0x4, 0x9}, {0x2, 0xb68a}, {0x6, 0x7ff}, {0x3, 0x2}, {0x50ad0a9a}], 0x9, 0x7f, 0x2, 0x1}})
gettid()

2.48967505s ago: executing program 0 (id=1291):
r0 = socket(0x2, 0x80805, 0x0)
connect$unix(r0, &(0x7f0000000240)=@file={0xa00, './file0\x00'}, 0x6e)

2.438835624s ago: executing program 3 (id=1292):
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x88000cc, 0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x100004)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000009c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="9feb010018000dc00b462820f51b67e02009d1e1c2539f7f00001000000002e7ff00000000000000000100000000060042060000"], 0x0, 0x2a, 0x0, 0x1, 0xf61}, 0x28)
write$eventfd(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x2, 0x7}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000005580)=""/102392, 0x18ff8)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
setxattr$incfs_metadata(&(0x7f0000000080)='./file0\x00', &(0x7f00000001c0), 0x0, 0x0, 0x0)
getxattr(0x0, 0x0, 0x0, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
r1 = syz_clone(0x80008000, 0x0, 0x0, 0x0, 0x0, 0x0)
process_vm_readv(r1, &(0x7f00000000c0)=[{&(0x7f0000000040)=""/65, 0x41}], 0x1, &(0x7f0000000200)=[{&(0x7f0000000100)=""/193, 0xc1}], 0x1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x15, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="720ac4ff4000007071102b000000000095"], &(0x7f0000000480)='GPL\x00'}, 0x94)

2.247189877s ago: executing program 0 (id=1293):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000280)=@filter={'filter\x00', 0xe, 0x4, 0x388, 0xffffffff, 0x1b8, 0x0, 0xe8, 0xffffffff, 0xffffffff, 0x2b8, 0x2b8, 0x2b8, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@local, @private2, [0xffffffff, 0xffffff00, 0xff00b802, 0xffffff00], [0xff000000, 0xffffff00], 'hsr0\x00', 'bridge_slave_1\x00', {}, {}, 0x3b, 0x7, 0x3, 0x42}, 0x0, 0xa8, 0xe8}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00', 0x0, {[0x9, 0xffffffff, 0x101, 0x1, 0x9, 0x9c, 0x1, 0x81]}}}, {{@ipv6={@empty, @mcast1, [0xff, 0xa2f32ab14db786b7, 0xffffffff], [0xffffffff, 0xffffffff, 0xffffff00, 0xffffffff], 'team_slave_1\x00', 'veth0_to_bond\x00', {0xff}, {}, 0x67, 0x9e, 0x7, 0x20}, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x3}}}, {{@uncond, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@ah={{0x30}, {[0x4d2, 0x4d6], 0x5, 0x8, 0x2}}]}, @common=@unspec=@CONNSECMARK={0x28, 'CONNSECMARK\x00', 0x0, {0x1}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3e8)

1.916419666s ago: executing program 0 (id=1294):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0x10000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@my=0x1})
ioctl$IOCTL_VMCI_QUEUEPAIR_SETVA(r0, 0x7a4, &(0x7f00000000c0)={{@any, 0xffffffff}, 0x0, 0xfffffffffffffffc, 0x2})
write$P9_RSTATu(0xffffffffffffffff, &(0x7f0000000780)=ANY=[@ANYBLOB="1e0200000200000005dd000000000000000000000000000000000000000000008102000000000000000000000000000000001b00046e6f6465767b65766f6f7e0539c60005000037d93a8b92000000380070673effeb09b5351f5bde054000000000187b8200b500002b595fcb14034354b9fd9ef196a5e10000000000885100020008005500f8f669fb716dcf315ecaf385409ac65b9408678c2c3b9e1d52c36fde7ba4a400b4b0b4f174a666a8529a451b3407dbdab2884baf050000000000000047ec21cabf0800000000000000649a37002c016f6465762f6eb17b2300f9daa5ee23266ecf85fea65e42d979a3fde5f475daf03b1172d97badc7095afd76fe4f0441f7f7741eac030000ecff0000dba0c2f7f09ff53c7e4d1ad64f6d4d9d98019f30118447aa9a74f51685f506ae89488d792c4a37f2e1cbbd2482929a0d8972b5cf732ea5b0d723859dba3f93aed3b42ee7cac07de09d1d68a60333a882467d2b31aacdf9188549b1125d6c4c9b18c2fb56c57d7dc626e4390796a1eb48274669ab13f8b11d146059f310e2634d593fec65d529f382066664df244e4c90570a70049f399f061f75b7797ce1fe11ea919609d51a41dd3de304bd7c7ed0a456f0ae12516105c9ce887df5a6e0b6a77d596cf88ba6e5c6397c7d5021d7989528fd1739e1c2d87fff00"/505, @ANYRESDEC=r0, @ANYRESOCT=r0, @ANYRESDEC=r0], 0x21e)
socket(0x2, 0x80805, 0x0)
syz_open_dev$vbi(0x0, 0x1, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x20008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f000001aa40)=""/102400, 0x19000)
socket$netlink(0x10, 0x3, 0xc)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="8400000000010104000000000000000002000000240001801400018008000100ac1414bb08000200ac0314bb0c0002800500010000000000240002801400018008000100ac1414aa08000200ac1414000c0002800500010000000000080007400000000010001700"/116], 0x84}}, 0x0)
sendmsg$IPCTNL_MSG_CT_DELETE(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)=ANY=[@ANYBLOB="1400000002010500000000000000000002200008682b60e1090c083ff84987da6884f96022c588c01b3658b5fd6f701b4b66e6aeaf5d60dab5b5a6f8acdf18f956ee5bce1b2f91f1a546ce5f336729edbd704efdfe76fbf9ddb83559704e091d9d13801f0aa563fd836263245147ad10fca83b1ca9e053beaa4ad2d87d30987483ff45fa0459b526f0c47b8f779443fbce9645bbca12ec8d3c443908dcc420b3723178228dfa4671c2d8a15e70"], 0x14}, 0x1, 0x0, 0x0, 0x2004c895}, 0x40040)
openat$ttyprintk(0xffffffffffffff9c, 0x0, 0x200, 0x0)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000300)=""/47)
r4 = shmget$private(0x0, 0x9000, 0x0, &(0x7f0000ff7000/0x9000)=nil)
r5 = timerfd_create(0x0, 0x0)
timerfd_settime(r5, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0)
readv(r5, &(0x7f0000000000)=[{&(0x7f0000001640)=""/4107, 0x100b}], 0x1)
shmat(r4, &(0x7f0000ffa000/0x3000)=nil, 0x6000)
pipe2$9p(&(0x7f0000000140)={0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x80000)
write$P9_RCLUNK(r6, &(0x7f0000000180)={0x7, 0x79, 0x2}, 0x7)
shmctl$IPC_INFO(r4, 0x3, &(0x7f0000000000)=""/237)
shmctl$SHM_LOCK(0x0, 0xb)
shmctl$IPC_RMID(0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)

1.485603624s ago: executing program 1 (id=1295):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000400850000008200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r5 = accept4(r4, 0x0, 0x0, 0x800)
sendmmsg$alg(r5, &(0x7f0000000040)=[{0x0, 0x0, 0x0}], 0x1, 0x40800)
recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000200)=""/83, 0x53}], 0x1}, 0x0)
r6 = syz_io_uring_setup(0x6244, &(0x7f0000000380)={0x0, 0xaf4e, 0x4000, 0x1, 0x1d8, 0x0, r4}, &(0x7f0000000400), &(0x7f0000000440))
r7 = socket$inet_udplite(0x2, 0x2, 0x88)
r8 = socket$caif_stream(0x25, 0x1, 0x5)
io_uring_register$IORING_REGISTER_FILES(r6, 0x2, &(0x7f0000000480)=[r7, r4, r4, r8, r0, r2, r0], 0x7)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
pipe(&(0x7f0000000000)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff})
r11 = open(&(0x7f0000000000)='./bus\x00', 0x141b42, 0x8)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{0xfff8, 0x5, 0xf, 0x7}, {0x69ed, 0x4, 0x1, 0x6f}]})
pipe(&(0x7f0000000080)={<r12=>0xffffffffffffffff, <r13=>0xffffffffffffffff})
write$binfmt_script(r10, 0x0, 0xb)
getpid()
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r14=>0xffffffffffffffff, <r15=>0xffffffffffffffff})
sendmmsg$unix(r15, &(0x7f00000084c0)=[{{0x0, 0x0, &(0x7f0000000f40)=[{&(0x7f0000000480)="c8858b0407fc12a9be2eddb2", 0xc}], 0x1, 0x0, 0x0, 0x4000004}}], 0x1, 0x0)
recvmmsg(r14, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmmsg$unix(r14, &(0x7f0000000100)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800}}], 0x1, 0x40)
splice(r12, 0x0, r11, 0x0, 0x1000, 0x800000000000000)
splice(r9, 0x0, r13, 0x0, 0x80, 0x0)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000180), 0x2080, 0x0)

1.312084349s ago: executing program 3 (id=1296):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
setsockopt$netlink_NETLINK_PKTINFO(r0, 0x10e, 0x3, &(0x7f0000000040), 0x4)
sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000002d80)={0x0, 0x0, &(0x7f0000002d40)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000000203010200000000000000000000000009000200000000470200000008000340000000000800010001"], 0x30}}, 0x0)
quotactl_fd$Q_SETQUOTA(0xffffffffffffffff, 0xffffffff80000800, 0x0, &(0x7f0000000280)={0x0, 0x0, 0x480000000, 0x0, 0x2, 0x55, 0xfffffffbffffffff, 0x6, 0x7fffffff})
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f0000000000)={0xc, 0x0, <r2=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r1, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r2})
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
pipe2$watch_queue(&(0x7f0000001180)={0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x80)
ioctl$IOC_WATCH_QUEUE_SET_SIZE(r4, 0x5760, 0x6)
close_range(r3, 0xffffffffffffffff, 0x0)

1.306508608s ago: executing program 4 (id=1297):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f00000006c0)=ANY=[@ANYBLOB="18000000000000000047ff00000095000000020000010000db175aa860e6e54900da"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000280)={0x1f, 0x1, 0x2}, 0x6)

1.126734314s ago: executing program 4 (id=1298):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ee}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000002380)={r0, 0x0, 0x2d, 0x0, @val=@netfilter={0x2, 0x4, 0x600, 0x1}}, 0x20)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000002a40)=@newtaction={0x894, 0x30, 0xffff, 0xfffffffe, 0x80, {}, [{0x880, 0x1, [@m_police={0x87c, 0x1, 0x0, 0x0, {{0xb}, {0x850, 0x2, 0x0, 0x1, [[@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x9, 0x5, 0xc4e, 0x3, 0x5, 0xfffffffc, 0x0, 0x0, 0xfffffff7, 0x1000, 0x4c10, 0x5, 0x6, 0x8, 0x3, 0x1, 0x4, 0x8001, 0x5, 0x9, 0x7, 0x9, 0x1, 0x80000001, 0x49, 0x836, 0x6, 0x2, 0x4, 0x5, 0x1, 0x1ff, 0x4, 0x9, 0x3, 0x6e89, 0x7, 0x8, 0x6, 0x8, 0x3, 0x3, 0x3, 0x6, 0x5, 0x80000001, 0x4d, 0x2, 0x3, 0x7, 0x40, 0xe, 0x9, 0x9, 0x5, 0xfffffffd, 0xada8, 0x1, 0x7cf816ed, 0x6, 0x9, 0x1, 0x7f, 0x10001, 0x3ff, 0x8, 0x5, 0x336, 0xc4, 0x5, 0x400, 0xff, 0x1000, 0xfffffff7, 0x7, 0x3, 0x4, 0x1000, 0x4, 0x4, 0xc, 0x4, 0x9, 0x7, 0xd, 0x8, 0x6, 0x8, 0x1, 0x6, 0xfffff2f9, 0x4, 0x2, 0x2f05, 0x6, 0x800, 0x8, 0x5, 0x5, 0x2, 0x5, 0x80000000, 0x6, 0x4, 0x80000001, 0x4, 0x202e, 0x3, 0xfffffffb, 0xe5a, 0xad03, 0x5, 0x4, 0x6, 0x0, 0x6, 0xcec1, 0xffffffff, 0x6, 0x8, 0x4, 0x1, 0x8, 0x5, 0x5, 0xb8, 0xb28, 0x2, 0x5, 0x7fffffff, 0x0, 0x60, 0x9, 0x6, 0x9, 0x4, 0x9, 0x80000001, 0x9, 0x63, 0x7fff, 0x100, 0x412d, 0x98ad, 0x3, 0x7fff, 0xffffffff, 0x16e5, 0x10000, 0x8, 0x80000000, 0xd, 0x7, 0x4ca7, 0x9, 0x6, 0x1, 0x3, 0x13, 0x2, 0x9, 0x6, 0x6, 0x2, 0x5a5a605, 0xc7f, 0xb9f, 0x8, 0x200000a, 0x4, 0x0, 0x4, 0x80000000, 0x58, 0x5, 0x0, 0x9, 0x0, 0xff, 0x80000000, 0x9, 0x1, 0x7b, 0x0, 0x3, 0xffffe209, 0x7, 0x2000000, 0x9, 0x2, 0x800, 0x7, 0xffff, 0x8, 0xadcd, 0x4, 0x7, 0x2, 0x9, 0x8, 0x4, 0x7, 0x2000008, 0x6, 0x400101, 0x600, 0x5, 0xd, 0x9, 0x1, 0x10000, 0x3cba, 0xc, 0x6, 0xab3, 0xa1f2, 0x800, 0x3, 0x1, 0x4, 0x7fffffff, 0x2, 0x0, 0x80000000, 0x3, 0x3, 0x10000, 0x6, 0x2, 0x4, 0xa2d7038, 0xd, 0x0, 0x0, 0x6, 0x0, 0x5, 0x3, 0x40, 0x8, 0xae4b, 0x3, 0x8, 0xe3, 0x7cc9, 0x8001, 0x800, 0xc, 0x2, 0x0, 0x0, 0x8, 0xff, 0x0, 0xe891, 0xe9]}, @TCA_POLICE_RATE={0x404, 0x2, [0x8, 0x6, 0x5, 0x9, 0xffffffdb, 0x6, 0x1, 0x9, 0x34f, 0x4, 0x6, 0x7, 0x986b, 0x40, 0x8, 0xeea, 0x3, 0x9, 0x9, 0x9, 0x7fff, 0x3, 0x86, 0x6, 0x5, 0x532c, 0xfffffffb, 0x0, 0xedba, 0x6, 0x2, 0x8, 0x8001, 0xffff, 0xffff7f6f, 0x6, 0x3, 0x8, 0x4, 0x3, 0x1000, 0x9, 0x5, 0x7, 0x5, 0xfffffffb, 0xfff, 0x5, 0x8, 0x7fe703d2, 0x4, 0x8001, 0x55e, 0x3, 0x7, 0x6, 0xe, 0xe2f6, 0x3, 0xfffffc14, 0x4, 0xfffffff1, 0x2, 0x5, 0x6, 0xc5, 0x0, 0xd, 0x8, 0x5, 0xdcc, 0x300000, 0xffff, 0x10001, 0xfffffffd, 0x5a, 0x1e0000, 0x2, 0x1, 0x0, 0x9, 0x1, 0x4, 0xf, 0x800, 0x1b6, 0x7, 0xf, 0x81c5, 0xfffffffa, 0xd, 0x9, 0xfffffffd, 0x6, 0x10001, 0x1020000, 0x4, 0x22c5, 0x2, 0x2, 0x0, 0x9aa7, 0x14a476c4, 0xd54, 0x1, 0x39e, 0x2, 0x3ff, 0x0, 0x5d02, 0x8, 0x7, 0xff, 0x2dd8, 0x7, 0x3, 0xff, 0x6, 0x3, 0x6, 0x7, 0x713a, 0x9, 0x400, 0x1, 0x4e, 0x80, 0x9, 0x8, 0x8, 0x80000000, 0x8, 0x6, 0x3, 0x5, 0x2, 0x2, 0x6, 0x7fff, 0x4, 0x2, 0x4, 0x2, 0x8, 0x6, 0x1, 0x4, 0x5, 0x2, 0x10, 0x8, 0x0, 0xfe3, 0x8, 0xee, 0x5, 0x8, 0x0, 0x400, 0x7, 0xe45, 0x5, 0x2, 0x80, 0x3, 0x398, 0x40, 0x6, 0x2d4, 0x3, 0x7, 0x6, 0x26, 0x200, 0x1bb, 0x1ff, 0x7, 0x800000, 0x502e, 0x3, 0x8, 0x4, 0x7, 0x80000001, 0xce, 0x9, 0x1, 0x9, 0x1000, 0xffff, 0x7, 0x2, 0x2, 0x5, 0x9, 0x10000000, 0xfffffffd, 0xd, 0x3, 0xdf3, 0x1, 0x910, 0x3ff, 0x9, 0x8, 0x4, 0x1ff, 0x7fff, 0x401, 0x6249d0dd, 0x2e01, 0x1, 0x9, 0x5, 0x7fffffff, 0x361, 0xfffffc05, 0x6, 0x337, 0x28, 0x6, 0x1, 0x6fa, 0x8001, 0x400, 0x0, 0x7, 0xffffffff, 0xfffffff7, 0xfffffff9, 0x7a2, 0x0, 0x8, 0x200, 0xa40, 0x4, 0xfff, 0x1, 0x3, 0x3, 0xf, 0x400, 0x4, 0x4b4, 0x0, 0x7e, 0x5, 0x960, 0x8, 0xff, 0x98e, 0xfffffff9, 0x800, 0x2, 0x9, 0x1a]}, @TCA_POLICE_AVRATE={0x8, 0x4, 0x4}], [@TCA_POLICE_TBF={0x3c, 0x1, {0x81, 0x2, 0x4, 0x8, 0xf, {0xd, 0x0, 0x2, 0x4, 0x0, 0x3}, {0x2, 0x2, 0x5, 0x5a, 0x2, 0x9}, 0x23a, 0x7, 0xd000000}}]]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x894}}, 0x0)

1.051624721s ago: executing program 2 (id=1299):
mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x80, 0x0)
mount$tmpfs(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x94022, &(0x7f0000000140)={[{@usrquota_block_hardlimit={'usrquota_block_hardlimit', 0x3d, [0x32]}}]})
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x4b4b, 0x2)

971.668655ms ago: executing program 3 (id=1300):
r0 = syz_open_dev$usbfs(&(0x7f0000000080), 0x76, 0x103381)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000001c0)={0x0, 0x0})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x4, 0x8001, 0x0, 0xb49, 0x200000000002, 0x7, 0x8, 0x3}, 0x0)
keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, 0xffffffffffffffff, 0x71)
r3 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$FS_IOC_FSSETXATTR(r3, 0x401c5820, &(0x7f0000000000)={0x6, 0x4, 0xd, 0x1})
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r6 = dup3(r5, r4, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1, 0x11, r4, 0xffffffffff)
dup3(r1, r0, 0x80000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000280)={@fd={0x66642a85, 0x0, r6}, @flat=@weak_handle={0x77682a85, 0x100b}, @fda={0x66646185, 0x5, 0x1, 0x18}}, &(0x7f0000000240)={0x0, 0x18, 0x30}}, 0x40}], 0x0, 0x0, 0x0})
r7 = fsmount(r3, 0x0, 0x0)
fchdir(r7)
r8 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80)
ftruncate(r8, 0x2007ffb)
sendfile(r8, r8, 0x0, 0x1000000201005)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0)

871.030059ms ago: executing program 4 (id=1301):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3100000000050005000200000c12000300686173683a6e65742c706f7274"], 0x4c}}, 0x2)
setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x1d, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=ANY=[@ANYBLOB="50000000090601020000000000000000020000000900020073797a31000000000500010007000000280007800c00018008000140ffffffff0500070084000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)
r2 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0)
r3 = gettid()
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2, 0x2}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_DEAUTHENTICATE(r4, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r5 = syz_open_dev$MSR(&(0x7f0000000340), 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
read$msr(r5, &(0x7f0000048040)=""/102392, 0x18ff8)
tkill(r3, 0xb)
getgroups(0xfffffffffffffdb2, 0xfffffffffffffffe)
execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
socket$nl_xfrm(0x10, 0x3, 0x6)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000001100)=@migrate={0xa0, 0x21, 0x1, 0x70bd28, 0x0, {{@in6=@private2, @in=@rand_addr=0x64010102, 0x0, 0x0, 0x0, 0x0, 0xa}, 0x80004}, [@migrate={0x50, 0x11, [{@in=@local, @in=@rand_addr=0x64010102, @in=@multicast2, @in6=@local, 0x3c, 0x4, 0x0, 0x2, 0x2, 0xa}]}]}, 0xa0}, 0x1, 0x0, 0x0, 0x40180}, 0x0)
r7 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/tcp_rfc1337\x00', 0x1, 0x0)
pwritev2(r7, &(0x7f0000000240)=[{&(0x7f0000000280)="0f", 0x1}], 0x1, 0x9, 0x0, 0x0)
mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0)
r8 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$BLKTRACESETUP(r8, 0xc0481273, 0x0)

870.721244ms ago: executing program 2 (id=1302):
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x18140, 0x0)
r1 = syz_io_uring_setup(0x498, &(0x7f0000000200)={0x0, 0x7279, 0x10, 0x2, 0x28e, 0x0, r0}, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000200)={0x0, 0x0, 0xf000, 0x2000, &(0x7f0000f9a000/0x2000)=nil})
r7 = dup(r6)
r8 = userfaultfd(0x801)
ioctl$UFFDIO_API(r8, 0xc018aa3f, &(0x7f0000000280)={0xaa, 0x28})
ioctl$UFFDIO_REGISTER(r8, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x3})
open(0x0, 0x108843, 0x98)
ioctl$KVM_SET_VAPIC_ADDR(r7, 0x4008ae93, &(0x7f00000002c0)=0x10000)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
r9 = getpid()
prctl$PR_SCHED_CORE(0x3e, 0x4, r9, 0x0, &(0x7f0000000000))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x40, 0x0, 0x0, 0x0, 0x91a2, 0x0, 0x0, 0x1})
io_uring_enter(r1, 0x3512, 0x0, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r10 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000004880)='./binderfs2/binder0\x00', 0x800, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r10, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x0, 0x2})
r11 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
io_uring_register$IORING_REGISTER_RING_FDS(r1, 0x14, &(0x7f00000057c0)=[{0x9, 0x1, 0x0, &(0x7f00000047c0)=[{&(0x7f0000000140)=""/118, 0x76}, {&(0x7f0000002540)=""/4096, 0x1000}, {&(0x7f0000000340)=""/173, 0xad}, {&(0x7f00000001c0)=""/30, 0x1e}, {&(0x7f0000003540)=""/249, 0xf9}, {&(0x7f0000000400)=""/115, 0x73}, {&(0x7f0000003640)=""/4096, 0x1000}, {&(0x7f0000004640)=""/147, 0x93}, {&(0x7f0000004700)=""/166, 0xa6}], &(0x7f00000024c0)=[0x2, 0xffffffffffff0000, 0x2, 0x3c, 0x101]}, {0x6, 0x0, 0x0, &(0x7f0000004c40)=[{&(0x7f0000005880)=""/174, 0xae}, {&(0x7f0000004940)=""/170, 0xaa}, {&(0x7f0000004a00)=""/100, 0x64}, {&(0x7f0000004a80)=""/73, 0x49}, {&(0x7f0000004b00)=""/26, 0x1a}, {&(0x7f0000004b40)=""/238, 0xee}], &(0x7f0000004cc0)=[0x9, 0x7fffffff]}, {0x1, 0x0, 0x0, &(0x7f0000004d40)=[{&(0x7f0000004d00)=""/32, 0x20}], &(0x7f0000004d80)=[0x7, 0x40, 0xf, 0x8bb0, 0x5, 0x1, 0x5]}, {0x7, 0x0, 0x0, &(0x7f0000005280)=[{&(0x7f0000004dc0)=""/236, 0xec}, {&(0x7f0000004ec0)=""/250, 0xfa}, {&(0x7f0000004fc0)=""/65, 0x41}, {&(0x7f0000005040)=""/39, 0x27}, {&(0x7f0000005080)=""/166, 0xa6}, {&(0x7f0000005140)=""/61, 0x3d}, {&(0x7f0000005180)=""/196, 0xc4}], &(0x7f0000005300)=[0xdab, 0xb, 0x9, 0xfffffffffffffffc, 0x3, 0x9, 0x0]}, {0x5, 0x0, 0x0, &(0x7f0000005700)=[{&(0x7f0000005340)=""/100, 0x64}, {&(0x7f00000053c0)=""/73, 0x49}, {&(0x7f0000005440)=""/208, 0xd0}, {&(0x7f0000005540)=""/201, 0xc9}, {&(0x7f0000005640)=""/133, 0x85}], &(0x7f0000005780)=[0xe5, 0x2]}], 0x5)
ioctl$BINDER_WRITE_READ(r11, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000002500)=[@increfs], 0x0, 0x0, 0x0})
r12 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
read$FUSE(r12, &(0x7f0000000480)={0x2020}, 0x2020)
ioctl$TUNSETSNDBUF(r0, 0x400454d4, &(0x7f0000000080)=0xa)
ioctl$F2FS_IOC_GET_COMPRESS_OPTION(r0, 0x8002f515, &(0x7f00000000c0))

381.202771ms ago: executing program 1 (id=1303):
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/arp\x00')
preadv(r0, &(0x7f0000000040)=[{&(0x7f0000000200)=""/233, 0xe9}], 0x1, 0xfff, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=@updpolicy={0xbc, 0x19, 0x1, 0x0, 0x0, {{@in6=@private2, @in=@multicast1, 0x0, 0x3, 0x0, 0x0, 0xa, 0x0, 0x20, 0x8}, {0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x1d}, {0x0, 0x0, 0x0, 0x2dd}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, [@tmpl={0x4}]}, 0xbc}, 0x1, 0x0, 0x0, 0x24040185}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000001c0)={'team_slave_1\x00', <r3=>0x0})
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000040)={'team0\x00', <r4=>0x0})
r5 = syz_genetlink_get_family_id$team(&(0x7f00000044c0), 0xffffffffffffffff)
sendmsg$TEAM_CMD_OPTIONS_SET(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)={0x60, r5, 0x1, 0xfffffffc, 0x25dfdc01, {}, [{{0x8, 0x1, r4}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0xffff0001}}, {0x7, 0x6, r3}}}]}}]}, 0x60}}, 0x40000)
r6 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000001c0), 0x680, 0x0)
connect$unix(r0, &(0x7f0000000340)=@file={0x0, './file0\x00'}, 0x6e)
ioctl$TIOCMGET(r6, 0x5415, 0x0)
ioctl$KDGKBLED(r0, 0x4b64, &(0x7f0000000100))
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYRESDEC, @ANYRES32=0x0, @ANYBLOB="03000000000000002000128008000100677265001400028008000600ac14142408000700e000000108000a00", @ANYRES32], 0x48}}, 0x0)

210.996251ms ago: executing program 1 (id=1304):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3100000000050005000200000c12000300686173683a6e65742c706f7274"], 0x4c}}, 0x2)
setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x1d, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=ANY=[@ANYBLOB="50000000090601020000000000000000020000000900020073797a31000000000500010007000000280007800c00018008000140ffffffff0500070084000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)
r2 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0)
r3 = gettid()
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2, 0x2}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_DEAUTHENTICATE(r4, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r5 = syz_open_dev$MSR(&(0x7f0000000340), 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
read$msr(r5, &(0x7f0000048040)=""/102392, 0x18ff8)
tkill(r3, 0xb)
getgroups(0xfffffffffffffdb2, 0xfffffffffffffffe)
execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
socket$nl_xfrm(0x10, 0x3, 0x6)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000001100)=@migrate={0xa0, 0x21, 0x1, 0x70bd28, 0x0, {{@in6=@private2, @in=@rand_addr=0x64010102, 0x0, 0x0, 0x0, 0x0, 0xa}, 0x80004}, [@migrate={0x50, 0x11, [{@in=@local, @in=@rand_addr=0x64010102, @in=@multicast2, @in6=@local, 0x3c, 0x4, 0x0, 0x2, 0x2, 0xa}]}]}, 0xa0}, 0x1, 0x0, 0x0, 0x40180}, 0x0)
r7 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/tcp_rfc1337\x00', 0x1, 0x0)
pwritev2(r7, &(0x7f0000000240)=[{&(0x7f0000000280)="0f", 0x1}], 0x1, 0x9, 0x0, 0x0)
mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0)
r8 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$BLKTRACESETUP(r8, 0xc0481273, 0x0)

131.097838ms ago: executing program 0 (id=1305):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket(0x1, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f0000000400003366"], 0x48)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r3, &(0x7f0000000180), &(0x7f00000000c0)=@tcp6=r2}, 0x20)
sendmmsg$unix(r2, &(0x7f0000001680), 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
r4 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
r5 = openat$binfmt(0xffffffffffffff9c, r4, 0x42, 0x1ff)
close(r5)
execveat$binfmt(0xffffffffffffff9c, r4, 0x0, 0x0, 0x0)
r6 = openat$binfmt(0xffffffffffffff9c, r4, 0x2, 0x0)
close(r6)
execveat$binfmt(0xffffffffffffff9c, r4, 0x0, 0x0, 0x0)
execveat$binfmt(0xffffffffffffff9c, r4, &(0x7f00000004c0)={[&(0x7f0000000000)='\x00', &(0x7f00000003c0)=')!}\x00']}, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001400)=@newlink={0x20, 0x10, 0x49920d862a92153b, 0x800, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1b400}}, 0x20}}, 0x0)
r7 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', <r8=>0x0})
r9 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000040)={0x0, 0xffa1, &(0x7f0000000380)={&(0x7f0000000140)=ANY=[@ANYBLOB="440000001300a7cc4a372eaf541d002007000000", @ANYRES32=r8, @ANYBLOB="00000000100000001c001a80080002802d00ff0008000200", @ANYBLOB="35874207"], 0x44}, 0x1, 0x0, 0x0, 0x50}, 0x0)

87.87961ms ago: executing program 2 (id=1306):
getpid()
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
openat$proc_mixer(0xffffffffffffff9c, 0x0, 0x298f3cc22e12b39a, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x84}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
openat$cgroup_devices(0xffffffffffffffff, 0x0, 0x2, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = fsopen(&(0x7f0000001340)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
r5 = fsmount(r4, 0x1, 0x0)
r6 = openat$cgroup_procs(r5, &(0x7f0000000180)='cgroup.procs\x00', 0x2, 0x0)
pread64(r6, &(0x7f00000000c0)=""/30, 0x1e, 0x800000000004)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f00000000c0)={'comedi_parport\x00', [0x4f27, 0x1f, 0x10000, 0x4, 0x3, 0xcc7, 0x4, 0x80008, 0xe, 0x6, 0x2, 0x1, 0x7, 0x1, 0x6, 0x10000105, 0x0, 0x1a44d, 0x3, 0x3fff7fff, 0x89, 0x10, 0x1, 0x20001e58, 0x80000b, 0xe69, 0x3c, 0x8, 0x6, 0xffffffff, 0xeffffff8]})
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_SIOCETHTOOL(r7, 0x89f1, &(0x7f0000000040)={'nr0\x00', &(0x7f0000000280)=@ethtool_gstrings={0x1b, 0x0, 0x99, "2b4784645a59c2d3e8e82abaaf0399732998a39c8a0f05ccac7e5bcf53603645c0013301e51796890e681e30676fd6d2d998e2167a2df5e04b8cea82e4f2bc8baaf2727b82b920b6c4c12561bda5edf8e05bad8f9cc9e1bea997ab091dc3180eace41265c4d83e9925770ad1e21001fc605b4a31fd7efe40d065b52c9dc53201f531067622506ba0db7353b760f3ba0b737152b1660aa80000"}})
fchdir(r0)
mprotect(&(0x7f000003e000/0x3000)=nil, 0x3000, 0x1)
r8 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r8, 0x89f2, &(0x7f0000000340)={'tunl0\x00', 0x0})

0s ago: executing program 4 (id=1307):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
epoll_create1(0x0)
epoll_create1(0x0)
setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000002a40)='system.posix_acl_default\x00', &(0x7f0000000100), 0x24, 0x0)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000400)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581", @ANYRES8], 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
syz_usb_control_io(r2, &(0x7f0000000b00)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="00000f00000009003d140f3c369197d09647190890"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r3 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0)
syz_open_dev$radio(&(0x7f00000000c0), 0x1, 0x2)
ioctl$HIDIOCGUSAGE(r3, 0xd01c4813, &(0x7f0000000100)={0x2, 0x0, 0x20000, 0x2, 0x0, 0x42})
rmdir(&(0x7f0000000040)='./bus\x00')
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f00000003c0)='GPL\x00'}, 0x90)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000180)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(r5, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="cf00"/18, @ANYRES32=r7, @ANYBLOB="0600120005000000"], 0x24}}, 0x50000)
pselect6(0x40, &(0x7f00000001c0)={0x2, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0xffffffffffffffff, 0x0, 0x9, 0x8, 0x0, 0x7fffffff}, 0x0, 0x0)
connect$vsock_stream(r1, &(0x7f00000003c0)={0x28, 0x0, 0xffffffff, @host}, 0x10)
setsockopt$inet6_int(r0, 0x29, 0x10, 0x0, 0x0)
r8 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r8, 0x10e, 0xc, &(0x7f0000000640)=0x4, 0x4)
sendmsg$netlink(r8, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000040)={0x18, 0x1a, 0x601, 0x70bd2b, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @ipv4=@dev={0xac, 0x14, 0x14, 0x3a}}]}, 0x18}], 0x1, 0x0, 0x0, 0xc25f86718fa98117}, 0x0)

kernel console output (not intermixed with test programs):

T5893] usb 2-1: active config #0 != 1 ??
[  407.484305][ T5959] usb 5-1: USB disconnect, device number 9
[  407.537260][ T9381] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  407.548173][ T9381] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  407.707998][ T9393] netlink: 'syz.0.637': attribute type 1 has an invalid length.
[  407.763346][ T9394] netlink: 4 bytes leftover after parsing attributes in process `syz.0.637'.
[  407.833909][ T9383] 8021q: adding VLAN 0 to HW filter on device bond0
[  407.842168][ T9383] 8021q: adding VLAN 0 to HW filter on device team0
[  407.853944][ T9383] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  407.877234][ T1315] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  407.891532][ T5893] usb 2-1: USB disconnect, device number 7
[  407.893311][ T1315] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  407.931301][   T30] audit: type=1400 audit(1761992687.244:365): avc:  denied  { mount } for  pid=9391 comm="syz.0.637" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1
[  408.062731][ T9406] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1011 sclass=netlink_route_socket pid=9406 comm=syz.0.637
[  408.125312][ T9393] 8021q: adding VLAN 0 to HW filter on device bond12
[  408.431034][ T9394] bond12 (unregistering): Released all slaves
[  408.462479][ T1315] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  408.565670][ T5959] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  408.625270][ T9402] bond12 (unregistering): Released all slaves
[  408.777013][ T5959] usb 5-1: config 1 interface 0 altsetting 127 bulk endpoint 0x81 has invalid maxpacket 64
[  408.787691][ T5959] usb 5-1: config 1 interface 0 altsetting 127 bulk endpoint 0x2 has invalid maxpacket 32
[  408.797684][ T5959] usb 5-1: config 1 interface 0 has no altsetting 0
[  408.883224][ T9420] binder: BINDER_SET_CONTEXT_MGR already set
[  408.889282][ T9420] binder: 9417:9420 ioctl 4018620d 200000004a80 returned -16
[  409.323604][ T9407] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check.
[  409.347006][ T1315] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  409.356111][ T5959] usb 5-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.40
[  409.369558][ T5959] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  409.377740][ T5959] usb 5-1: Product: syz
[  409.382017][ T5959] usb 5-1: Manufacturer: syz
[  409.387400][ T5959] usb 5-1: SerialNumber: syz
[  409.401520][ T9413] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  409.410900][ T9413] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  409.675635][ T9425] bond0: (slave macvlan2): Error -98 calling set_mac_address
[  410.005562][ T5886] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  410.105596][ T5893] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  410.155551][ T5886] usb 1-1: Using ep0 maxpacket: 16
[  410.164310][ T5886] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  410.175723][ T5886] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  410.189322][ T5886] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  410.198866][ T5886] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  410.601317][ T5886] usb 1-1: Product: syz
[  410.606663][ T5893] usb 4-1: Using ep0 maxpacket: 8
[  410.612282][ T5886] usb 1-1: Manufacturer: syz
[  410.623623][ T5893] usb 4-1: config 150 has an invalid interface number: 204 but max is 0
[  410.632484][ T5886] usb 1-1: SerialNumber: syz
[  410.689215][ T5893] usb 4-1: config 150 has no interface number 0
[  410.706482][ T5893] usb 4-1: config 150 interface 204 has no altsetting 0
[  410.718893][ T5893] usb 4-1: New USB device found, idVendor=04e2, idProduct=1424, bcdDevice=c7.eb
[  410.765590][ T5893] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  410.778642][ T5893] usb 4-1: Product: syz
[  410.782873][ T5893] usb 4-1: Manufacturer: syz
[  410.788023][ T5893] usb 4-1: SerialNumber: syz
[  410.918509][ T5886] usb 1-1: 2:1 : invalid UAC_FORMAT_TYPE desc
[  410.946406][ T5886] usb 1-1: USB disconnect, device number 9
[  411.002237][ T9448] binder: 9443:9448 ioctl c0306201 0 returned -14
[  411.646639][ T5959] (unnamed net_device) (uninitialized): Assigned a random MAC address: 16:e1:0d:37:83:bd
[  411.685891][ T5959] rtl8150 5-1:1.0: eth1: rtl8150 is detected
[  411.711985][ T9243] udevd[9243]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  411.734596][   T30] audit: type=1400 audit(1761992691.044:366): avc:  denied  { ioctl } for  pid=9450 comm="syz.2.651" path="socket:[21067]" dev="sockfs" ino=21067 ioctlcmd=0x8983 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  411.799931][   T30] audit: type=1400 audit(1761992691.044:367): avc:  denied  { create } for  pid=9437 comm="syz.3.649" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_nflog_socket permissive=1
[  411.856188][   T30] audit: type=1400 audit(1761992691.174:368): avc:  denied  { read } for  pid=9450 comm="syz.2.651" name="sg0" dev="devtmpfs" ino=753 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  411.910920][   T30] audit: type=1400 audit(1761992691.174:369): avc:  denied  { ioctl } for  pid=9450 comm="syz.2.651" path="/dev/sg0" dev="devtmpfs" ino=753 ioctlcmd=0x2284 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  412.551063][ T5893] usb 4-1: USB disconnect, device number 12
[  412.631902][ T5959] usb 5-1: USB disconnect, device number 10
[  412.832534][   T30] audit: type=1400 audit(1761992692.144:370): avc:  denied  { create } for  pid=9469 comm="syz.4.654" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  412.869548][ T9470] block device autoloading is deprecated and will be removed.
[  412.968290][   T30] audit: type=1400 audit(1761992692.244:371): avc:  denied  { connect } for  pid=9469 comm="syz.4.654" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  413.103240][   T30] audit: type=1400 audit(1761992692.404:372): avc:  denied  { write } for  pid=9483 comm="syz.1.657" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  413.725560][ T5893] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  413.874248][ T9499] x_tables: duplicate underflow at hook 2
[  413.881162][ T5893] usb 5-1: Using ep0 maxpacket: 16
[  413.889812][ T5893] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 856, setting to 64
[  413.913845][ T5893] usb 5-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=7b.55
[  413.985405][ T5893] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  414.012208][ T5893] usb 5-1: Product: syz
[  414.033536][ T5893] usb 5-1: Manufacturer: syz
[  414.051239][ T5893] usb 5-1: SerialNumber: syz
[  414.063330][   T30] audit: type=1400 audit(1761992693.374:373): avc:  denied  { mount } for  pid=9507 comm="syz.0.661" name="/" dev="configfs" ino=143 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1
[  414.090196][ T5893] usb 5-1: config 0 descriptor??
[  414.219130][   T30] audit: type=1400 audit(1761992693.374:374): avc:  denied  { search } for  pid=9507 comm="syz.0.661" name="/" dev="configfs" ino=143 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  414.242191][   T30] audit: type=1400 audit(1761992693.374:375): avc:  denied  { search } for  pid=9507 comm="syz.0.661" name="/" dev="configfs" ino=143 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  414.265621][ T5921] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  414.656186][ T5893] usb 5-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  414.666078][ T5921] usb 4-1: Using ep0 maxpacket: 32
[  414.681072][ T5921] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  414.695932][ T5921] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  415.126744][ T5921] usb 4-1: config 0 descriptor??
[  415.470096][ T5921] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  415.672074][ T5921] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  415.702244][ T9506] netlink: 12 bytes leftover after parsing attributes in process `syz.3.660'.
[  415.720428][ T5921] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  415.721413][ T9534] FAULT_INJECTION: forcing a failure.
[  415.721413][ T9534] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  415.752319][ T5921] usb 4-1: media controller created
[  415.752985][   T12] usb 5-1: Failed to submit usb control message: -110
[  415.774853][   T12] usb 5-1: unable to send the bmi data to the device: -110
[  415.788752][   T12] usb 5-1: unable to get target info from device
[  415.795293][ T9534] CPU: 1 UID: 0 PID: 9534 Comm: syz.1.664 Not tainted syzkaller #0 PREEMPT(full) 
[  415.795315][ T9534] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  415.795325][ T9534] Call Trace:
[  415.795331][ T9534]  <TASK>
[  415.795338][ T9534]  dump_stack_lvl+0x16c/0x1f0
[  415.795369][ T9534]  should_fail_ex+0x512/0x640
[  415.795393][ T9534]  _copy_to_user+0x32/0xd0
[  415.795418][ T9534]  simple_read_from_buffer+0xcb/0x170
[  415.795448][ T9534]  proc_fail_nth_read+0x197/0x240
[  415.795473][ T9534]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  415.795493][ T9534]  ? rw_verify_area+0xcf/0x6c0
[  415.795515][ T9534]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  415.795533][ T9534]  vfs_read+0x1e4/0xcf0
[  415.795551][ T9534]  ? __pfx___mutex_lock+0x10/0x10
[  415.795567][ T9534]  ? __pfx_vfs_read+0x10/0x10
[  415.795590][ T9534]  ? __fget_files+0x20e/0x3c0
[  415.795613][ T9534]  ksys_read+0x12a/0x250
[  415.795627][ T9534]  ? __pfx_ksys_read+0x10/0x10
[  415.795649][ T9534]  do_syscall_64+0xcd/0xfa0
[  415.795677][ T9534]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  415.795694][ T9534] RIP: 0033:0x7f76feb8d9dc
[  415.795708][ T9534] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  415.795728][ T9534] RSP: 002b:00007f76ffae3030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  415.795744][ T9534] RAX: ffffffffffffffda RBX: 00007f76fede5fa0 RCX: 00007f76feb8d9dc
[  415.795755][ T9534] RDX: 000000000000000f RSI: 00007f76ffae30a0 RDI: 0000000000000004
[  415.795764][ T9534] RBP: 00007f76ffae3090 R08: 0000000000000000 R09: 0000000000000000
[  415.795774][ T9534] R10: 0000200000000040 R11: 0000000000000246 R12: 0000000000000001
[  415.795783][ T9534] R13: 00007f76fede6038 R14: 00007f76fede5fa0 R15: 00007fff63d254f8
[  415.795808][ T9534]  </TASK>
[  415.823996][ T5921] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  415.895742][   T12] usb 5-1: could not get target info (-110)
[  416.084427][   T12] usb 5-1: could not probe fw (-110)
[  416.235384][ T5893] usb 5-1: USB disconnect, device number 11
[  416.342465][ T9542] netlink: 8 bytes leftover after parsing attributes in process `syz.4.667'.
[  416.456280][ T5921] az6027: usb out operation failed. (-71)
[  416.466507][ T5921] az6027: usb out operation failed. (-71)
[  416.472291][ T5921] stb0899_attach: Driver disabled by Kconfig
[  416.487949][ T5921] az6027: no front-end attached
[  416.487949][ T5921] 
[  416.609778][ T5921] az6027: usb out operation failed. (-71)
[  416.619851][ T5921] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  416.674486][ T5921] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input5
[  416.697124][ T9550] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4274882444 (136796238208 ns) > initial count (11109752672 ns). Using initial count to start timer.
[  416.843849][ T9557] binder: 9544:9557 ioctl c0306201 0 returned -14
[  416.945030][   T30] kauditd_printk_skb: 4 callbacks suppressed
[  416.945043][   T30] audit: type=1400 audit(1761992696.254:380): avc:  denied  { read } for  pid=5169 comm="acpid" name="event4" dev="devtmpfs" ino=2929 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  416.956376][ T5921] dvb-usb: schedule remote query interval to 400 msecs.
[  418.202415][ T5921] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  418.203223][   T30] audit: type=1400 audit(1761992696.254:381): avc:  denied  { open } for  pid=5169 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=2929 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  418.231263][ T5921] usb 4-1: USB disconnect, device number 13
[  418.239178][   T30] audit: type=1400 audit(1761992696.254:382): avc:  denied  { ioctl } for  pid=5169 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=2929 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  418.347422][ T5921] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  418.795607][   T30] audit: type=1400 audit(1761992697.904:383): avc:  denied  { bind } for  pid=9563 comm="syz.3.672" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  418.853479][   T30] audit: type=1400 audit(1761992698.164:384): avc:  denied  { block_suspend } for  pid=9570 comm="syz.3.674" capability=36  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  419.272870][ T9581] netlink: 16 bytes leftover after parsing attributes in process `syz.1.673'.
[  419.678139][ T9578] IPv6: sit1: Disabled Multicast RS
[  419.691885][ T9578] sit1: entered allmulticast mode
[  420.010485][ T9587] netlink: 32 bytes leftover after parsing attributes in process `syz.4.676'.
[  421.790038][ T9619] tmpfs: Unknown parameter '��swap'
[  421.902556][   T30] audit: type=1400 audit(6056960510.212:385): avc:  denied  { write } for  pid=9620 comm="syz.1.685" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1
[  421.977284][   T43] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  422.053138][   T30] audit: type=1400 audit(6056960510.362:386): avc:  denied  { ioctl } for  pid=9623 comm="syz.0.686" path="socket:[22495]" dev="sockfs" ino=22495 ioctlcmd=0x7452 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  422.155543][   T43] usb 5-1: Using ep0 maxpacket: 8
[  422.166681][   T43] usb 5-1: unable to get BOS descriptor or descriptor too short
[  422.182003][   T43] usb 5-1: config 4 interface 0 has no altsetting 0
[  422.198828][   T43] usb 5-1: string descriptor 0 read error: -22
[  422.205308][   T43] usb 5-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[  422.216919][   T43] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  422.241030][   T43] usb 5-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[  422.263540][   T43] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  422.278617][   T43] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[  422.286704][   T43] usb 5-1: media controller created
[  422.343590][   T43] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  423.964664][   T43] usb 5-1: USB disconnect, device number 12
[  424.146192][   T30] audit: type=1400 audit(6056960512.392:387): avc:  denied  { read } for  pid=9649 comm="syz.3.691" name="autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  424.217926][   T30] audit: type=1400 audit(6056960512.392:388): avc:  denied  { open } for  pid=9649 comm="syz.3.691" path="/dev/autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  424.242819][   T30] audit: type=1400 audit(6056960512.392:389): avc:  denied  { ioctl } for  pid=9649 comm="syz.3.691" path="/dev/autofs" dev="devtmpfs" ino=98 ioctlcmd=0x9373 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  424.811441][ T1943] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  425.687281][ T1943] usb 3-1: New USB device found, idVendor=055f, idProduct=c420, bcdDevice=6a.33
[  425.786536][ T1943] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  425.798094][ T1943] usb 3-1: config 0 descriptor??
[  425.819442][ T1943] gspca_main: sunplus-2.14.0 probing 055f:c420
[  425.856822][ T5886] libceph: connect (1)[c::]:6789 error -101
[  425.864472][ T5886] libceph: mon0 (1)[c::]:6789 connect error
[  425.873454][ T5886] libceph: connect (1)[c::]:6789 error -101
[  425.879788][ T5886] libceph: mon0 (1)[c::]:6789 connect error
[  426.158445][ T5921] libceph: connect (1)[c::]:6789 error -101
[  426.364241][ T1943] gspca_sunplus: reg_w_riv err -110
[  426.376278][ T1943] sunplus 3-1:0.0: probe with driver sunplus failed with error -110
[  426.380371][ T5921] libceph: mon0 (1)[c::]:6789 connect error
[  426.397670][ T5893] libceph: connect (1)[c::]:6789 error -101
[  426.400700][ T1943] libceph: connect (1)[b::]:6789 error -101
[  426.414050][ T1943] libceph: mon0 (1)[b::]:6789 connect error
[  426.420402][ T5893] libceph: mon0 (1)[c::]:6789 connect error
[  426.436612][ T5959] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  426.436817][ T9668] ceph: No mds server is up or the cluster is laggy
[  426.597914][ T9682] binder: 9681:9682 unknown command 4294967295
[  426.604101][ T9682] binder: 9681:9682 ioctl c0306201 200000000080 returned -22
[  426.647257][ T5959] usb 5-1: Using ep0 maxpacket: 32
[  426.664716][ T5959] usb 5-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[  426.683963][ T5959] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  426.692420][   T43] libceph: connect (1)[b::]:6789 error -101
[  426.699424][ T5959] usb 5-1: Product: syz
[  426.703942][ T5959] usb 5-1: Manufacturer: syz
[  426.706315][ T5886] libceph: connect (1)[c::]:6789 error -101
[  426.708888][   T43] libceph: mon0 (1)[b::]:6789 connect error
[  426.720735][ T5959] usb 5-1: SerialNumber: syz
[  426.722639][ T5886] libceph: mon0 (1)[c::]:6789 connect error
[  426.728545][ T5959] usb 5-1: config 0 descriptor??
[  426.746182][ T5959] gspca_main: stk1135-2.14.0 probing 174f:6a31
[  426.851681][   T30] audit: type=1400 audit(6056960515.162:390): avc:  denied  { create } for  pid=9685 comm="syz.1.700" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  426.871710][   T30] audit: type=1400 audit(6056960515.162:391): avc:  denied  { read } for  pid=9685 comm="syz.1.700" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  426.977183][ T9688] netlink: 24 bytes leftover after parsing attributes in process `syz.1.700'.
[  427.369624][ T5886] libceph: connect (1)[c::]:6789 error -101
[  427.375945][ T5886] libceph: mon0 (1)[c::]:6789 connect error
[  427.385714][ T9676] ceph: No mds server is up or the cluster is laggy
[  427.385828][ T9655] ceph: No mds server is up or the cluster is laggy
[  427.408536][   T43] libceph: connect (1)[b::]:6789 error -101
[  427.415158][   T43] libceph: mon0 (1)[b::]:6789 connect error
[  427.507990][ T5893] usb 3-1: USB disconnect, device number 16
[  427.570628][ T5959] gspca_stk1135: reg_w 0x3 err -71
[  427.654422][ T5959] gspca_stk1135: serial bus timeout: status=0x00
[  427.775008][ T5959] gspca_stk1135: Sensor write failed
[  427.791640][ T5959] gspca_stk1135: serial bus timeout: status=0x00
[  427.808658][ T5959] gspca_stk1135: Sensor write failed
[  427.814534][   T30] audit: type=1400 audit(6056960516.122:392): avc:  denied  { relabelfrom } for  pid=9691 comm="syz.2.702" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  427.834399][ T5959] gspca_stk1135: serial bus timeout: status=0x00
[  427.840985][ T5959] gspca_stk1135: Sensor read failed
[  427.846286][ T5959] gspca_stk1135: serial bus timeout: status=0x00
[  427.854983][   T30] audit: type=1400 audit(6056960516.122:393): avc:  denied  { relabelto } for  pid=9691 comm="syz.2.702" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  427.874823][ T5959] gspca_stk1135: Sensor read failed
[  427.884586][ T5959] gspca_stk1135: Detected sensor type unknown (0x0)
[  427.891443][ T5959] gspca_stk1135: serial bus timeout: status=0x00
[  427.897942][ T5959] gspca_stk1135: Sensor read failed
[  427.903253][ T5959] gspca_stk1135: serial bus timeout: status=0x00
[  427.909758][ T5959] gspca_stk1135: Sensor read failed
[  427.915027][ T5959] gspca_stk1135: serial bus timeout: status=0x00
[  427.921564][ T5959] gspca_stk1135: Sensor write failed
[  427.926981][ T5959] gspca_stk1135: serial bus timeout: status=0x00
[  427.933436][ T5959] gspca_stk1135: Sensor write failed
[  427.938858][ T5959] stk1135 5-1:0.0: probe with driver stk1135 failed with error -71
[  427.961290][ T5959] usb 5-1: USB disconnect, device number 13
[  428.203723][   T30] audit: type=1400 audit(6056960516.512:394): avc:  denied  { read write } for  pid=9700 comm="syz.4.705" name="rtc0" dev="devtmpfs" ino=921 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  428.228119][   T30] audit: type=1400 audit(6056960516.512:395): avc:  denied  { open } for  pid=9700 comm="syz.4.705" path="/dev/rtc0" dev="devtmpfs" ino=921 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  428.430889][ T5893] usb 2-1: new full-speed USB device number 8 using dummy_hcd
[  428.697264][ T5893] usb 2-1: config 0 has an invalid interface number: 133 but max is 0
[  428.783695][ T5893] usb 2-1: config 0 has no interface number 0
[  428.830754][ T5893] usb 2-1: config 0 interface 133 altsetting 0 endpoint 0x82 has invalid maxpacket 129, setting to 64
[  428.996429][ T5893] usb 2-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d
[  429.062077][ T5893] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  429.131245][ T5893] usb 2-1: Product: syz
[  429.175311][ T5893] usb 2-1: Manufacturer: syz
[  429.212257][ T5893] usb 2-1: SerialNumber: syz
[  429.270781][ T5893] usb 2-1: config 0 descriptor??
[  429.286272][ T9699] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  429.527706][ T5893] keyspan 2-1:0.133: Keyspan 1 port adapter converter detected
[  429.536875][ T5893] keyspan 2-1:0.133: found no endpoint descriptor for endpoint 81
[  429.547689][ T5893] keyspan 2-1:0.133: found no endpoint descriptor for endpoint 1
[  429.560550][ T5893] keyspan 2-1:0.133: found no endpoint descriptor for endpoint 2
[  429.579449][ T5893] usb 2-1: Keyspan 1 port adapter converter now attached to ttyUSB0
[  429.653765][   T30] audit: type=1400 audit(6056960517.962:396): avc:  denied  { ioctl } for  pid=9707 comm="syz.3.707" path="/dev/infiniband/rdma_cm" dev="devtmpfs" ino=1271 ioctlcmd=0x9434 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1
[  429.822782][ T9718] bridge1: entered promiscuous mode
[  429.886966][ T9718] bridge1: entered allmulticast mode
[  429.940037][ T9718] team0: Port device bridge1 added
[  429.995642][ T5959] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  430.029203][ T5893] usb 2-1: USB disconnect, device number 8
[  430.041317][ T9719] bridge2: entered promiscuous mode
[  430.046731][ T9719] bridge2: entered allmulticast mode
[  430.052905][ T5893] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0
[  430.067665][ T9719] team0: Port device bridge2 added
[  430.083833][ T5893] keyspan 2-1:0.133: device disconnected
[  430.092479][   T30] audit: type=1400 audit(6056960518.412:397): avc:  denied  { listen } for  pid=9722 comm="syz.4.710" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  430.118552][   T30] audit: type=1400 audit(6056960518.412:398): avc:  denied  { accept } for  pid=9722 comm="syz.4.710" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  430.150854][   T30] audit: type=1400 audit(6056960518.462:399): avc:  denied  { ioctl } for  pid=9722 comm="syz.4.710" path="socket:[24803]" dev="sockfs" ino=24803 ioctlcmd=0x89f8 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  430.195904][ T5959] usb 3-1: device descriptor read/64, error -71
[  430.263712][   T30] audit: type=1400 audit(6056960518.462:400): avc:  denied  { write } for  pid=9722 comm="syz.4.710" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  430.467609][ T5959] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  430.800952][ T9734] netlink: 24 bytes leftover after parsing attributes in process `syz.0.712'.
[  431.062071][ T5959] usb 3-1: device descriptor read/64, error -71
[  431.180913][ T5959] usb usb3-port1: attempt power cycle
[  431.190925][ T5893] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  431.213709][ T9739] erspan0: entered promiscuous mode
[  431.219088][ T9739] erspan0: entered allmulticast mode
[  431.345559][ T5893] usb 2-1: Using ep0 maxpacket: 16
[  431.358980][ T5893] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  431.373528][ T5893] usb 2-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  431.384409][ T9744] x_tables: duplicate underflow at hook 2
[  431.393128][ T5893] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  431.424950][ T5893] usb 2-1: config 0 descriptor??
[  431.641664][ T5959] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  431.676135][ T5959] usb 3-1: device descriptor read/8, error -71
[  432.008255][ T5959] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  432.190353][ T5893] mcp2221 0003:04D8:00DD.0005: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.1-1/input0
[  432.226131][ T5959] usb 3-1: device descriptor read/8, error -71
[  432.352862][ T5959] usb usb3-port1: unable to enumerate USB device
[  432.597227][ T5893] usb 2-1: USB disconnect, device number 9
[  433.906933][ T9765] FAULT_INJECTION: forcing a failure.
[  433.906933][ T9765] name failslab, interval 1, probability 0, space 0, times 0
[  433.919698][ T9765] CPU: 1 UID: 0 PID: 9765 Comm: syz.2.722 Not tainted syzkaller #0 PREEMPT(full) 
[  433.919720][ T9765] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  433.919731][ T9765] Call Trace:
[  433.919737][ T9765]  <TASK>
[  433.919744][ T9765]  dump_stack_lvl+0x16c/0x1f0
[  433.919774][ T9765]  should_fail_ex+0x512/0x640
[  433.919793][ T9765]  ? fs_reclaim_acquire+0xae/0x150
[  433.919816][ T9765]  should_failslab+0xc2/0x120
[  433.919837][ T9765]  __kmalloc_noprof+0xdd/0x880
[  433.919862][ T9765]  ? tomoyo_encode2+0x100/0x3e0
[  433.919887][ T9765]  ? tomoyo_encode2+0x100/0x3e0
[  433.919905][ T9765]  tomoyo_encode2+0x100/0x3e0
[  433.919927][ T9765]  tomoyo_encode+0x29/0x50
[  433.919945][ T9765]  tomoyo_realpath_from_path+0x18f/0x6e0
[  433.919969][ T9765]  ? tomoyo_profile+0x47/0x60
[  433.919994][ T9765]  tomoyo_path_number_perm+0x245/0x580
[  433.920020][ T9765]  ? tomoyo_path_number_perm+0x237/0x580
[  433.920050][ T9765]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  433.920078][ T9765]  ? find_held_lock+0x2b/0x80
[  433.920125][ T9765]  ? find_held_lock+0x2b/0x80
[  433.920146][ T9765]  ? hook_file_ioctl_common+0x145/0x410
[  433.920175][ T9765]  ? __fget_files+0x20e/0x3c0
[  433.920198][ T9765]  security_file_ioctl+0x9b/0x240
[  433.920219][ T9765]  __x64_sys_ioctl+0xb7/0x210
[  433.920245][ T9765]  do_syscall_64+0xcd/0xfa0
[  433.920272][ T9765]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  433.920289][ T9765] RIP: 0033:0x7ff816b8efc9
[  433.920304][ T9765] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  433.920321][ T9765] RSP: 002b:00007ff8179f8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  433.920338][ T9765] RAX: ffffffffffffffda RBX: 00007ff816de5fa0 RCX: 00007ff816b8efc9
[  433.920349][ T9765] RDX: 00002000000000c0 RSI: 0000000000008910 RDI: 0000000000000003
[  433.920359][ T9765] RBP: 00007ff8179f8090 R08: 0000000000000000 R09: 0000000000000000
[  433.920368][ T9765] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  433.920378][ T9765] R13: 00007ff816de6038 R14: 00007ff816de5fa0 R15: 00007ffe00e9d528
[  433.920404][ T9765]  </TASK>
[  433.920422][ T9765] ERROR: Out of memory at tomoyo_realpath_from_path.
[  434.530143][ T9768] netlink: 12 bytes leftover after parsing attributes in process `syz.0.723'.
[  434.625818][   T30] audit: type=1400 audit(6056960522.938:401): avc:  denied  { bind } for  pid=9766 comm="syz.0.723" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  434.832782][ T9776] team0: No ports can be present during mode change
[  435.205852][   T30] audit: type=1400 audit(6056960523.528:402): avc:  denied  { ioctl } for  pid=9775 comm="syz.0.727" path="/dev/fuse" dev="devtmpfs" ino=99 ioctlcmd=0xe503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1
[  435.226073][ T9776] netlink: 4 bytes leftover after parsing attributes in process `syz.0.727'.
[  435.621192][   T43] usb 5-1: new full-speed USB device number 14 using dummy_hcd
[  435.818984][ T9783] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  435.889437][ T9784] netlink: 20 bytes leftover after parsing attributes in process `syz.2.729'.
[  436.521006][   T43] usb 5-1: not running at top speed; connect to a high speed hub
[  436.548332][ T9776] team0 (unregistering): Port device team_slave_0 removed
[  436.565820][   T43] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  436.585569][   T43] usb 5-1: config 1 has no interface number 1
[  436.591699][   T43] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  436.607422][   T43] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  436.607730][ T9776] team0 (unregistering): Port device team_slave_1 removed
[  436.616834][   T43] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  436.635579][   T43] usb 5-1: Product: syz
[  436.642417][   T43] usb 5-1: Manufacturer: syz
[  436.728256][   T43] usb 5-1: SerialNumber: syz
[  436.742032][ T9776] team0 (unregistering): Port device batadv1 removed
[  437.575527][ T9804] Invalid source name
[  437.784610][ T9804] netlink: 52 bytes leftover after parsing attributes in process `syz.2.731'.
[  438.025029][ T5893] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  438.232358][   T30] audit: type=1400 audit(6056960526.548:403): avc:  denied  { audit_write } for  pid=9816 comm="syz.2.737" capability=29  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  438.257812][ T5893] usb 1-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac
[  438.284738][ T5893] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  438.285162][   T30] audit: type=1400 audit(6056960526.598:404): avc:  denied  { watch watch_reads } for  pid=9816 comm="syz.2.737" path="/proc/622/ns" dev="proc" ino=25042 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[  438.303371][ T5893] usb 1-1: Product: syz
[  438.339031][ T5893] usb 1-1: Manufacturer: syz
[  438.356799][ T5893] usb 1-1: SerialNumber: syz
[  438.428844][ T5893] usb 1-1: config 0 descriptor??
[  438.440413][ T5893] gspca_main: sunplus-2.14.0 probing 055f:c230
[  439.916057][ T5893] gspca_sunplus: reg_r err -110
[  439.919692][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[  439.920984][ T5893] sunplus 1-1:0.0: probe with driver sunplus failed with error -110
[  439.927273][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[  439.955835][   T30] audit: type=1400 audit(6056960528.268:405): avc:  denied  { create } for  pid=9808 comm="syz.0.735" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  440.038791][   T43] usb 5-1: failed to enable PITCH for EP 0x82
[  440.160381][   T43] usb 5-1: USB disconnect, device number 14
[  440.608177][   T30] audit: type=1400 audit(6056960528.928:406): avc:  denied  { mount } for  pid=9837 comm="syz.2.741" name="/" dev="overlay" ino=752 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  440.742426][ T9840] x_tables: duplicate underflow at hook 2
[  440.887820][   T43] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  440.933486][ T9845] FAULT_INJECTION: forcing a failure.
[  440.933486][ T9845] name failslab, interval 1, probability 0, space 0, times 0
[  440.950664][ T9845] CPU: 0 UID: 0 PID: 9845 Comm: syz.4.745 Not tainted syzkaller #0 PREEMPT(full) 
[  440.950689][ T9845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  440.950699][ T9845] Call Trace:
[  440.950705][ T9845]  <TASK>
[  440.950712][ T9845]  dump_stack_lvl+0x16c/0x1f0
[  440.950743][ T9845]  should_fail_ex+0x512/0x640
[  440.950762][ T9845]  ? __kmalloc_cache_noprof+0x5f/0x780
[  440.950790][ T9845]  should_failslab+0xc2/0x120
[  440.950810][ T9845]  __kmalloc_cache_noprof+0x72/0x780
[  440.950836][ T9845]  ? dev_ethtool+0x1a2/0x5bc0
[  440.950860][ T9845]  ? dev_ethtool+0x1a2/0x5bc0
[  440.950877][ T9845]  dev_ethtool+0x1a2/0x5bc0
[  440.950894][ T9845]  ? __kernel_text_address+0xd/0x40
[  440.950914][ T9845]  ? unwind_get_return_address+0x59/0xa0
[  440.950935][ T9845]  ? arch_stack_walk+0xa6/0x100
[  440.950961][ T9845]  ? __pfx_dev_ethtool+0x10/0x10
[  440.950980][ T9845]  ? stack_trace_save+0x8e/0xc0
[  440.951005][ T9845]  ? __pfx_stack_trace_save+0x10/0x10
[  440.951028][ T9845]  ? stack_depot_save_flags+0x29/0x9c0
[  440.951050][ T9845]  ? __lock_acquire+0xb8a/0x1c90
[  440.951083][ T9845]  ? __lock_acquire+0x622/0x1c90
[  440.951122][ T9845]  ? find_held_lock+0x2b/0x80
[  440.951144][ T9845]  ? avc_has_extended_perms+0x33a/0x1090
[  440.951178][ T9845]  ? __lock_acquire+0x622/0x1c90
[  440.951223][ T9845]  ? find_held_lock+0x2b/0x80
[  440.951245][ T9845]  ? dev_load+0x8e/0x240
[  440.951271][ T9845]  dev_ioctl+0x290/0x10e0
[  440.951295][ T9845]  sock_do_ioctl+0x19d/0x280
[  440.951323][ T9845]  ? __pfx_sock_do_ioctl+0x10/0x10
[  440.951356][ T9845]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  440.951381][ T9845]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  440.951407][ T9845]  sock_ioctl+0x227/0x6b0
[  440.951425][ T9845]  ? __pfx_sock_ioctl+0x10/0x10
[  440.951440][ T9845]  ? hook_file_ioctl_common+0x145/0x410
[  440.951471][ T9845]  ? selinux_file_ioctl+0x180/0x270
[  440.951488][ T9845]  ? selinux_file_ioctl+0xb4/0x270
[  440.951509][ T9845]  ? __pfx_sock_ioctl+0x10/0x10
[  440.951527][ T9845]  __x64_sys_ioctl+0x18e/0x210
[  440.951553][ T9845]  do_syscall_64+0xcd/0xfa0
[  440.951581][ T9845]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  440.951598][ T9845] RIP: 0033:0x7fc818b8efc9
[  440.951613][ T9845] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  440.951629][ T9845] RSP: 002b:00007fc819a42038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  440.951646][ T9845] RAX: ffffffffffffffda RBX: 00007fc818de5fa0 RCX: 00007fc818b8efc9
[  440.951657][ T9845] RDX: 0000200000000180 RSI: 0000000000008946 RDI: 0000000000000003
[  440.951668][ T9845] RBP: 00007fc819a42090 R08: 0000000000000000 R09: 0000000000000000
[  440.951681][ T9845] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  440.951690][ T9845] R13: 00007fc818de6038 R14: 00007fc818de5fa0 R15: 00007ffe907b2bb8
[  440.951715][ T9845]  </TASK>
[  441.295553][   T43] usb 3-1: Using ep0 maxpacket: 16
[  441.344865][   T43] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  441.394676][   T43] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  441.452938][   T43] usb 3-1: config 0 interface 0 has no altsetting 0
[  441.483870][   T43] usb 3-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  441.495256][   T43] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  441.516519][   T43] usb 3-1: config 0 descriptor??
[  441.597081][   T30] audit: type=1326 audit(6056960529.918:407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9851 comm="syz.3.748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff80118efc9 code=0x7ffc0000
[  441.837007][ T5980] usb 1-1: USB disconnect, device number 10
[  441.851155][   T30] audit: type=1326 audit(6056960529.938:408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9851 comm="syz.3.748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff80118efc9 code=0x7ffc0000
[  441.901137][   T30] audit: type=1326 audit(6056960529.938:409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9851 comm="syz.3.748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7ff80118d810 code=0x7ffc0000
[  442.092779][ T9863] fuse: Unknown parameter '0x0000000000000004'
[  442.200949][ T9867] netlink: 'syz.0.750': attribute type 1 has an invalid length.
[  442.287293][ T9838] netlink: 212152 bytes leftover after parsing attributes in process `syz.2.741'.
[  442.287450][ T9867] bond12: entered promiscuous mode
[  442.307996][   T43] usbhid 3-1:0.0: can't add hid device: -71
[  442.315136][   T43] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  442.324495][   T30] audit: type=1326 audit(6056960529.938:410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9851 comm="syz.3.748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7ff8011907f7 code=0x7ffc0000
[  442.358301][   T43] usb 3-1: USB disconnect, device number 21
[  442.373776][ T9867] 8021q: adding VLAN 0 to HW filter on device bond12
[  442.415795][ T9872] audit: audit_backlog=65 > audit_backlog_limit=64
[  442.422526][ T9872] audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=64
[  442.430273][ T9872] audit: backlog limit exceeded
[  442.441466][ T9872] audit: audit_backlog=65 > audit_backlog_limit=64
[  444.159736][ T9894] x_tables: duplicate underflow at hook 1
[  444.442474][ T9899] binder_alloc: 9896: binder_alloc_buf, no vma
[  444.695544][ T5980] usb 3-1: new full-speed USB device number 22 using dummy_hcd
[  444.804532][ T5865] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  444.847094][ T5980] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  445.325631][ T5980] usb 3-1: config 0 has no interface number 0
[  445.331911][ T5980] usb 3-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  445.345532][ T5980] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  445.355645][ T5865] usb 1-1: Using ep0 maxpacket: 16
[  445.362498][ T5865] usb 1-1: New USB device found, idVendor=2001, idProduct=4002, bcdDevice=df.bf
[  445.365170][ T5980] usb 3-1: config 0 descriptor??
[  445.379031][ T5865] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  445.413614][ T5865] usb 1-1: config 0 descriptor??
[  445.420964][ T9915] netlink: 'syz.4.765': attribute type 1 has an invalid length.
[  445.450179][ T5980] usb 3-1: selecting invalid altsetting 1
[  445.464340][ T5980] dvb_ttusb_budget: ttusb_init_controller: error
[  445.491224][ T5980] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  445.558140][ T9915] bond4: entered promiscuous mode
[  445.599611][ T9915] 8021q: adding VLAN 0 to HW filter on device bond4
[  445.624515][ T5980] DVB: Unable to find symbol cx22700_attach()
[  445.662259][ T9917] 8021q: adding VLAN 0 to HW filter on device bond4
[  445.670029][ T9917] bond4: (slave gre1): The slave device specified does not support setting the MAC address
[  445.712657][ T9917] bond4: (slave gre1): Setting fail_over_mac to active for active-backup mode
[  445.756764][ T5980] DVB: Unable to find symbol tda10046_attach()
[  445.764028][ T9917] bond4: (slave gre1): making interface the new active one
[  445.771605][ T5980] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  445.787381][ T9917] gre1: entered promiscuous mode
[  445.806243][ T9917] bond4: (slave gre1): Enslaving as an active interface with an up link
[  446.035668][ T5816] Bluetooth: hci4: command 0x0406 tx timeout
[  446.506271][   T30] kauditd_printk_skb: 81 callbacks suppressed
[  446.506287][   T30] audit: type=1400 audit(6056960534.828:484): avc:  denied  { create } for  pid=9935 comm="syz.4.770" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  446.540507][   T30] audit: type=1400 audit(6056960534.848:485): avc:  denied  { getopt } for  pid=9935 comm="syz.4.770" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  446.640619][ T9904] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  446.652427][ T9904] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  446.694959][ T5865] pegasus 1-1:0.0: can't reset MAC
[  446.746203][ T5865] pegasus 1-1:0.0: probe with driver pegasus failed with error -5
[  446.779148][ T5865] usb 1-1: USB disconnect, device number 11
[  446.931831][   T30] audit: type=1400 audit(6056960535.248:486): avc:  denied  { bind } for  pid=9943 comm="syz.3.772" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  447.135939][ T5865] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  447.153159][   T30] audit: type=1400 audit(6056960535.468:487): avc:  denied  { mount } for  pid=9935 comm="syz.4.770" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  447.317661][ T5865] usb 1-1: device descriptor read/64, error -71
[  447.365544][ T5980] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  447.499977][ T9955] ipvlan2: entered promiscuous mode
[  447.545633][ T5980] usb 4-1: Using ep0 maxpacket: 8
[  447.553132][ T5980] usb 4-1: config 1 interface 0 altsetting 3 endpoint 0x82 has invalid maxpacket 1552, setting to 1024
[  447.564686][ T5980] usb 4-1: config 1 interface 0 altsetting 3 bulk endpoint 0x82 has invalid maxpacket 1024
[  447.576529][ T5865] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  447.577604][ T5980] usb 4-1: config 1 interface 0 altsetting 3 bulk endpoint 0x3 has invalid maxpacket 8
[  447.604392][ T5980] usb 4-1: config 1 interface 0 altsetting 3 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  447.618275][ T5980] usb 4-1: config 1 interface 0 has no altsetting 0
[  447.627284][ T5980] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  447.645062][ T5980] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  447.653901][ T5980] usb 4-1: Product: syz
[  447.658289][ T5980] usb 4-1: Manufacturer: syz
[  447.662870][ T5980] usb 4-1: SerialNumber: syz
[  447.670690][ T9949] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[  447.678940][ T9949] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[  447.716128][ T5865] usb 1-1: device descriptor read/64, error -71
[  447.825823][ T5865] usb usb1-port1: attempt power cycle
[  447.898754][ T5980] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -71
[  447.919762][ T5980] usb 4-1: USB disconnect, device number 14
[  448.242433][ T5865] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  448.807378][ T5865] usb 1-1: device descriptor read/8, error -71
[  449.115784][ T5865] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  449.136057][ T5865] usb 1-1: device descriptor read/8, error -71
[  449.235692][   T30] audit: type=1400 audit(6056960537.528:488): avc:  denied  { create } for  pid=9969 comm="syz.2.780" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  449.256559][ T5865] usb usb1-port1: unable to enumerate USB device
[  449.323178][   T30] audit: type=1400 audit(6056960537.598:489): avc:  denied  { write } for  pid=9969 comm="syz.2.780" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  449.378192][ T9982] netlink: 'syz.1.782': attribute type 4 has an invalid length.
[  449.472458][ T9985] netlink: 'syz.1.782': attribute type 4 has an invalid length.
[  449.583088][ T9987] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  449.603890][ T9984] netlink: 20 bytes leftover after parsing attributes in process `syz.3.783'.
[  451.115644][   T30] audit: type=1326 audit(6056960539.388:490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9989 comm="syz.4.784" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc818b8efc9 code=0x7ffc0000
[  451.310794][T10004] Invalid source name
[  451.314482][   T30] audit: type=1326 audit(6056960539.388:491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9989 comm="syz.4.784" exe="/root/syz-executor" sig=0 arch=c000003e syscall=432 compat=0 ip=0x7fc818b8efc9 code=0x7ffc0000
[  451.476614][T10004] netlink: 52 bytes leftover after parsing attributes in process `syz.2.786'.
[  451.696026][T10007] syzkaller0: entered promiscuous mode
[  451.711794][   T30] audit: type=1326 audit(6056960539.388:492): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9989 comm="syz.4.784" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc818b8efc9 code=0x7ffc0000
[  451.720223][T10007] syzkaller0: entered allmulticast mode
[  452.013433][   T30] audit: type=1326 audit(6056960539.388:493): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9989 comm="syz.4.784" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc818b8efc9 code=0x7ffc0000
[  452.041998][   T30] audit: type=1400 audit(6056960539.588:494): avc:  denied  { append } for  pid=10000 comm="syz.4.787" name="autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  452.293258][   T30] audit: type=1400 audit(6056960540.608:495): avc:  denied  { ioctl } for  pid=10021 comm="syz.3.794" path="socket:[25499]" dev="sockfs" ino=25499 ioctlcmd=0x4944 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  453.237230][   T30] audit: type=1400 audit(6056960541.548:496): avc:  denied  { execute } for  pid=10012 comm="syz.4.791" path="/sys/power/wakeup_count" dev="sysfs" ino=1413 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=file permissive=1
[  453.843605][   T30] audit: type=1400 audit(6056960542.138:497): avc:  denied  { firmware_load } for  pid=10039 comm="syz.0.796" path="/lib/firmware/regulatory.db" dev="sda1" ino=448 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:lib_t tclass=system permissive=1
[  454.082014][T10047] warning: `syz.1.798' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  454.791347][T10045] syz.0.796 (10045) used greatest stack depth: 18808 bytes left
[  455.131670][T10037] netlink: 24 bytes leftover after parsing attributes in process `syz.3.795'.
[  455.533840][   T30] audit: type=1400 audit(6056960543.848:498): avc:  denied  { create } for  pid=10063 comm="syz.4.803" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1
[  455.573513][T10067] netlink: 8 bytes leftover after parsing attributes in process `syz.3.804'.
[  455.594779][   T30] audit: type=1400 audit(6056960543.898:499): avc:  denied  { ioctl } for  pid=10066 comm="syz.3.804" path="socket:[25905]" dev="sockfs" ino=25905 ioctlcmd=0x9411 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  456.781271][ T5886] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  457.120912][ T5886] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  457.154182][ T5886] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  457.165846][ T5886] usb 2-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  457.168432][   T30] audit: type=1400 audit(6056960545.468:500): avc:  denied  { setopt } for  pid=10078 comm="syz.4.808" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  457.306689][ T5886] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  457.316035][ T5886] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  457.324056][ T5886] usb 2-1: Product: syz
[  457.338650][ T5886] usb 2-1: Manufacturer: syz
[  457.343934][ T5886] usb 2-1: SerialNumber: syz
[  457.360562][ T5886] cdc_mbim 2-1:1.0: skipping garbage
[  457.504189][T10082] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  457.530189][T10082] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  457.624325][   T30] audit: type=1400 audit(6056960545.938:501): avc:  denied  { listen } for  pid=10081 comm="syz.2.809" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  458.019430][   T30] audit: type=1400 audit(6056960546.298:502): avc:  denied  { sqpoll } for  pid=10090 comm="syz.0.811" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  458.445322][ T5865] IPVS: starting estimator thread 0...
[  458.451186][ T5825] Bluetooth: hci4: unexpected event for opcode 0x1407
[  458.459745][T10075] netlink: 36 bytes leftover after parsing attributes in process `syz.1.806'.
[  458.471001][ T5886] cdc_mbim 2-1:1.0: bind() failure
[  458.480726][ T5886] usbtest 2-1:1.1: probe with driver usbtest failed with error -71
[  458.503930][ T5886] usb 2-1: USB disconnect, device number 10
[  458.576834][T10095] IPVS: using max 41 ests per chain, 98400 per kthread
[  459.722906][T10110] 9pnet_fd: p9_fd_create_tcp (10110): problem binding to privport
[  459.830415][T10107] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  459.894595][ T5816] Bluetooth: hci5: sending frame failed (-49)
[  459.903202][ T5825] Bluetooth: hci5: Opcode 0x1003 failed: -49
[  460.153024][T10126] netlink: 'syz.4.821': attribute type 1 has an invalid length.
[  460.167141][T10124] NILFS (nullb0): couldn't find nilfs on the device
[  460.224411][T10126] 8021q: adding VLAN 0 to HW filter on device bond5
[  460.368100][   T30] audit: type=1400 audit(6056960548.688:503): avc:  denied  { connect } for  pid=10120 comm="syz.4.821" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  460.387972][ T5886] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  460.397898][   T30] audit: type=1400 audit(6056960548.718:504): avc:  denied  { read } for  pid=10120 comm="syz.4.821" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  460.546982][ T5886] usb 1-1: config 0 has no interfaces?
[  460.563905][ T5886] usb 1-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  460.587461][ T5886] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  460.628542][ T5886] usb 1-1: Product: syz
[  460.635032][ T5886] usb 1-1: Manufacturer: syz
[  460.640189][ T5886] usb 1-1: SerialNumber: syz
[  460.649020][ T5886] usb 1-1: config 0 descriptor??
[  461.082505][ T5980] usb 1-1: USB disconnect, device number 16
[  465.609418][   T30] audit: type=1400 audit(6056960553.928:505): avc:  denied  { create } for  pid=10205 comm="syz.4.839" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  465.722725][T10214] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  467.228118][ T5865] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  467.281911][   T30] audit: type=1400 audit(6056960555.598:506): avc:  denied  { create } for  pid=10229 comm="syz.2.846" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  467.298523][T10230] netlink: 19 bytes leftover after parsing attributes in process `syz.2.846'.
[  467.310332][   T30] audit: type=1400 audit(6056960555.608:507): avc:  denied  { listen } for  pid=10229 comm="syz.2.846" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  467.430162][ T5865] usb 2-1: New USB device found, idVendor=0b05, idProduct=19b6, bcdDevice= 0.00
[  467.583580][T10234] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  467.602499][T10234] netlink: 20 bytes leftover after parsing attributes in process `syz.2.847'.
[  467.726179][ T5865] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  467.941329][ T5865] usb 2-1: config 0 descriptor??
[  468.876261][ T5865] asus 0003:0B05:19B6.0006: hidraw0: USB HID v1.01 Device [HID 0b05:19b6] on usb-dummy_hcd.1-1/input0
[  468.939805][ T5865] asus 0003:0B05:19B6.0006: Asus input not registered
[  468.971665][ T5865] asus 0003:0B05:19B6.0006: probe with driver asus failed with error -12
[  468.972611][T10249] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  469.093043][T10249] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  469.128192][T10260] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  469.172044][T10260] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  469.232681][   T30] audit: type=1400 audit(6056960557.528:508): avc:  denied  { open } for  pid=10224 comm="syz.1.845" path="/dev/ptyq7" dev="devtmpfs" ino=126 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1
[  469.339841][T10259] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  469.355602][T10259] block device autoloading is deprecated and will be removed.
[  469.383785][ T5886] usb 2-1: USB disconnect, device number 11
[  469.414976][   T30] audit: type=1400 audit(6056960557.528:509): avc:  denied  { ioctl } for  pid=10224 comm="syz.1.845" path="/dev/ptyq7" dev="devtmpfs" ino=126 ioctlcmd=0x4b6b scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1
[  469.549486][T10248] veth1_vlan: left promiscuous mode
[  469.577198][T10265] netlink: 8 bytes leftover after parsing attributes in process `syz.4.851'.
[  469.638735][T10277] netlink: 'syz.0.857': attribute type 1 has an invalid length.
[  469.658695][T10265] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pid=10265 comm=syz.4.851
[  469.681962][T10277] bond13: entered promiscuous mode
[  469.687756][T10277] 8021q: adding VLAN 0 to HW filter on device bond13
[  470.037067][T10254] netlink: 8 bytes leftover after parsing attributes in process `syz.4.851'.
[  470.386022][   T30] audit: type=1400 audit(6056960558.618:510): avc:  denied  { write } for  pid=10287 comm="syz.2.858" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  470.921372][   T30] audit: type=1400 audit(6056960559.238:511): avc:  denied  { ioctl } for  pid=10285 comm="syz.4.859" path="socket:[26942]" dev="sockfs" ino=26942 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  471.185096][T10281] netlink: 'syz.1.855': attribute type 10 has an invalid length.
[  471.250289][T10308] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic
[  471.344939][   T30] audit: type=1400 audit(6056960559.638:512): avc:  denied  { write } for  pid=10309 comm="syz.3.863" name="binder0" dev="binder" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  472.792167][T10308] overlayfs: overlapping lowerdir path
[  472.852604][T10316] overlay: Unknown parameter 'fsmagic'
[  472.988051][T10301] netlink: 19 bytes leftover after parsing attributes in process `syz.0.861'.
[  473.014579][T10281] team0: Failed to send port change of device netdevsim0 via netlink (err -105)
[  473.043339][T10281] team0: Failed to send options change via netlink (err -105)
[  473.060901][T10281] team0: Port device netdevsim0 added
[  473.158172][   T30] audit: type=1400 audit(6056960561.478:513): avc:  denied  { remount } for  pid=10319 comm="syz.2.864" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  473.421371][   T30] audit: type=1400 audit(6056960561.738:514): avc:  denied  { write } for  pid=10324 comm="syz.3.866" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  473.572876][   T30] audit: type=1400 audit(6056960561.888:515): avc:  denied  { shutdown } for  pid=10331 comm="syz.1.869" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  475.719129][T10356] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  475.757082][T10355] netlink: 20 bytes leftover after parsing attributes in process `syz.3.870'.
[  475.826819][T10350] netlink: 28 bytes leftover after parsing attributes in process `syz.0.871'.
[  475.894868][T10351] netlink: 28 bytes leftover after parsing attributes in process `syz.0.871'.
[  476.241072][T10362] x_tables: duplicate underflow at hook 2
[  478.033206][   T30] audit: type=1400 audit(6056960566.348:516): avc:  denied  { validate_trans } for  pid=10378 comm="syz.3.879" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[  478.238396][   T30] audit: type=1400 audit(6056960566.558:517): avc:  denied  { ioctl } for  pid=10384 comm="syz.3.881" path="socket:[26457]" dev="sockfs" ino=26457 ioctlcmd=0x89e2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  478.297501][   T30] audit: type=1400 audit(6056960566.588:518): avc:  denied  { write } for  pid=10384 comm="syz.3.881" path="socket:[26453]" dev="sockfs" ino=26453 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  479.023256][   T30] audit: type=1400 audit(6056960567.338:519): avc:  denied  { read write } for  pid=10387 comm="syz.3.882" name="ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  479.134629][   T30] audit: type=1400 audit(6056960567.338:520): avc:  denied  { open } for  pid=10387 comm="syz.3.882" path="/dev/ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  479.195005][   T30] audit: type=1400 audit(6056960567.338:521): avc:  denied  { ioctl } for  pid=10387 comm="syz.3.882" path="/dev/ppp" dev="devtmpfs" ino=709 ioctlcmd=0x743e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  479.288954][T10389] bond3 (unregistering): Released all slaves
[  479.578509][T10404] Invalid source name
[  479.633488][T10404] netlink: 52 bytes leftover after parsing attributes in process `syz.4.886'.
[  480.699899][   T30] audit: type=1400 audit(6056960569.008:522): avc:  denied  { load_policy } for  pid=10407 comm="syz.3.889" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[  480.707935][T10415] SELinux: failed to load policy
[  480.877103][T10424] netlink: 10 bytes leftover after parsing attributes in process `syz.4.890'.
[  480.920826][   T30] audit: type=1400 audit(6056960569.148:523): avc:  denied  { read write } for  pid=10419 comm="syz.4.890" name="file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[  481.014780][   T30] audit: type=1400 audit(6056960569.148:524): avc:  denied  { open } for  pid=10419 comm="syz.4.890" path="/176/file0/file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[  481.075590][   T30] audit: type=1400 audit(6056960569.198:525): avc:  denied  { ioctl } for  pid=10419 comm="syz.4.890" path="/176/file0/file0" dev="fuse" ino=64 ioctlcmd=0x581f scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[  482.769134][T10463] binder: BINDER_SET_CONTEXT_MGR already set
[  482.776428][T10463] binder: 10456:10463 ioctl 4018620d 2000000000c0 returned -16
[  484.445572][ T5959] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  484.735524][ T5959] usb 1-1: Using ep0 maxpacket: 16
[  484.744417][ T5959] usb 1-1: config 0 has an invalid interface number: 214 but max is 0
[  484.752738][ T5959] usb 1-1: config 0 has no interface number 0
[  484.779080][ T5959] usb 1-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid maxpacket 1023, setting to 64
[  485.026176][ T5959] usb 1-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5
[  485.038566][ T5959] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  485.055317][ T5959] usb 1-1: Product: syz
[  485.065031][ T5959] usb 1-1: Manufacturer: syz
[  485.103277][ T5959] usb 1-1: SerialNumber: syz
[  485.201576][ T5959] usb 1-1: config 0 descriptor??
[  485.415935][ T5959] usbtouchscreen 1-1:0.214: Failed to read FW rev: 15
[  485.431730][ T5959] usbtouchscreen 1-1:0.214: probe with driver usbtouchscreen failed with error -5
[  485.446498][   T30] kauditd_printk_skb: 1 callbacks suppressed
[  485.446515][   T30] audit: type=1400 audit(6056960573.718:527): avc:  denied  { map } for  pid=10492 comm="syz.2.908" path="/dev/comedi4" dev="devtmpfs" ino=1280 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  485.502157][   T30] audit: type=1400 audit(6056960573.718:528): avc:  denied  { execute } for  pid=10492 comm="syz.2.908" path="/dev/comedi4" dev="devtmpfs" ino=1280 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  486.293110][   T30] audit: type=1326 audit(6056960574.608:529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10492 comm="syz.2.908" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff816b8efc9 code=0x7ffc0000
[  486.325272][   T30] audit: type=1326 audit(6056960574.608:530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10492 comm="syz.2.908" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff816b8efc9 code=0x7ffc0000
[  486.353382][   T30] audit: type=1326 audit(6056960574.608:531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10492 comm="syz.2.908" exe="/root/syz-executor" sig=0 arch=c000003e syscall=437 compat=0 ip=0x7ff816b8efc9 code=0x7ffc0000
[  486.376844][T10501] batman_adv: batadv0: Adding interface: gretap1
[  486.376865][T10501] batman_adv: batadv0: Interface activated: gretap1
[  486.391747][   T30] audit: type=1326 audit(6056960574.638:532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10492 comm="syz.2.908" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff816b8efc9 code=0x7ffc0000
[  486.415747][   T30] audit: type=1326 audit(6056960574.638:533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10492 comm="syz.2.908" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff816b8efc9 code=0x7ffc0000
[  486.797779][T10514] netlink: 32 bytes leftover after parsing attributes in process `syz.2.910'.
[  486.809566][T10514] netlink: 76 bytes leftover after parsing attributes in process `syz.2.910'.
[  486.833045][ T5980] usb 1-1: USB disconnect, device number 17
[  486.946138][T10516] Invalid source name
[  487.096993][T10517] netlink: 52 bytes leftover after parsing attributes in process `syz.3.911'.
[  488.655694][ T5959] usb 1-1: new low-speed USB device number 18 using dummy_hcd
[  488.857297][ T5959] usb 1-1: No LPM exit latency info found, disabling LPM.
[  488.865363][ T5959] usb 1-1: config 64 has an invalid interface number: 201 but max is 0
[  488.873960][ T5959] usb 1-1: config 64 has no interface number 0
[  488.881163][ T5959] usb 1-1: config 64 interface 201 altsetting 5 endpoint 0x9 has invalid maxpacket 1023, setting to 8
[  488.893477][ T5959] usb 1-1: config 64 interface 201 has no altsetting 0
[  489.471448][T10551] netlink: 12 bytes leftover after parsing attributes in process `syz.3.920'.
[  489.540824][   T30] audit: type=1400 audit(6056960577.788:534): avc:  denied  { write } for  pid=10549 comm="syz.3.920" name="sg0" dev="devtmpfs" ino=753 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  490.867400][T10567] No control pipe specified
[  490.978320][T10566] bridge0: port 2(bridge_slave_1) entered disabled state
[  490.986858][T10566] bridge0: port 1(bridge_slave_0) entered disabled state
[  491.044924][T10566] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  491.057169][T10566] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  491.092550][ T5959] usb 1-1: New USB device found, idVendor=0403, idProduct=fd48, bcdDevice=2d.83
[  491.102161][ T5959] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  491.112050][ T5959] usb 1-1: Product: ᐌ
[  491.203164][ T5959] usb 1-1: Manufacturer: 踓ヶ풭賮銪䇋⫂﾿壚ᬜ⛶቙쳑ੁ↯䷹賹喁뒹咰싵醣ⴽ戡䘀䓏﯈ﰾ㋷쐍榳꣍᳎㲗⨙퀉寔省ᚭ㚍敝糞ᜃ买ｹﯪ꒶㝻鄆룍ᆄ萝꛳ᖉ൸肛裺速礖釙
[  491.300418][T10571] loop8: detected capacity change from 0 to 7
[  491.334196][T10571]  loop8: [CUMANA/ADFS] p1 [Linux] p2 [ADFS] p1 [Linux] p2
[  491.343654][ T5959] usb 1-1: can't set config #64, error -71
[  491.356141][   T50] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  491.365614][T10571] loop8: partition table partially beyond EOD, truncated
[  491.397828][   T50] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  491.407940][ T5959] usb 1-1: USB disconnect, device number 18
[  491.417717][T10571] loop8: p1 size 3651402975 extends beyond EOD, truncated
[  491.461167][   T50] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  491.471342][   T50] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  491.482690][T10571] loop8: p2 start 956478 is beyond EOD, truncated
[  491.698196][T10581] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  491.895611][ T5980] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  492.006465][   T30] audit: type=1400 audit(6056960581.323:535): avc:  denied  { unmount } for  pid=5818 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  492.075522][ T5980] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  492.113323][ T5980] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  492.147539][ T5980] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  492.148372][T10594] FAULT_INJECTION: forcing a failure.
[  492.148372][T10594] name failslab, interval 1, probability 0, space 0, times 0
[  492.177307][ T5980] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  492.245217][T10575] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  492.296843][T10594] CPU: 1 UID: 0 PID: 10594 Comm: syz.1.933 Not tainted syzkaller #0 PREEMPT(full) 
[  492.296867][T10594] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  492.296878][T10594] Call Trace:
[  492.296884][T10594]  <TASK>
[  492.296891][T10594]  dump_stack_lvl+0x16c/0x1f0
[  492.296921][T10594]  should_fail_ex+0x512/0x640
[  492.296940][T10594]  ? kmem_cache_alloc_noprof+0x62/0x6e0
[  492.296968][T10594]  should_failslab+0xc2/0x120
[  492.296993][T10594]  kmem_cache_alloc_noprof+0x75/0x6e0
[  492.297030][T10594]  ? getname_flags.part.0+0x4c/0x550
[  492.297064][T10594]  ? getname_flags.part.0+0x4c/0x550
[  492.297086][T10594]  getname_flags.part.0+0x4c/0x550
[  492.297113][T10594]  getname_flags+0x93/0xf0
[  492.297128][T10594]  user_path_at+0x24/0x60
[  492.297146][T10594]  __do_sys_pivot_root+0x18e/0x1360
[  492.297181][T10594]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  492.297202][T10594]  ? __pfx___do_sys_pivot_root+0x10/0x10
[  492.297230][T10594]  ? arch_syscall_is_vdso_sigreturn+0xb6/0x230
[  492.297258][T10594]  ? syscall_user_dispatch+0x78/0x140
[  492.297284][T10594]  ? do_syscall_64+0xcd/0xfa0
[  492.297316][T10594]  do_syscall_64+0xcd/0xfa0
[  492.297339][T10594]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  492.297355][T10594] RIP: 0033:0x7f76feb8efc9
[  492.297368][T10594] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  492.297383][T10594] RSP: 002b:00007f76ffae3038 EFLAGS: 00000246 ORIG_RAX: 000000000000009b
[  492.297399][T10594] RAX: ffffffffffffffda RBX: 00007f76fede5fa0 RCX: 00007f76feb8efc9
[  492.297410][T10594] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  492.297419][T10594] RBP: 00007f76ffae3090 R08: 0000000000000000 R09: 0000000000000000
[  492.297428][T10594] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  492.297438][T10594] R13: 00007f76fede6038 R14: 00007f76fede5fa0 R15: 00007fff63d254f8
[  492.297464][T10594]  </TASK>
[  492.311264][ T5980] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  492.843755][T10612] netlink: 9 bytes leftover after parsing attributes in process `syz.2.937'.
[  493.308184][T10615] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  493.327643][T10615] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  493.695538][   T43] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  493.975663][   T43] usb 1-1: Using ep0 maxpacket: 16
[  494.004447][   T43] usb 1-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[  494.013703][   T43] usb 1-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[  494.053974][   T43] usb 1-1: Product: syz
[  494.073281][   T43] usb 1-1: Manufacturer: syz
[  494.082945][   T43] usb 1-1: SerialNumber: syz
[  494.299694][   T43] usb 1-1: config 0 descriptor??
[  494.398499][T10627] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  494.411035][   T30] audit: type=1400 audit(6056960583.723:536): avc:  denied  { bind } for  pid=10635 comm="syz.1.945" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  494.483195][ T5886] usb 4-1: USB disconnect, device number 15
[  494.554852][   T43] usb 1-1: USB disconnect, device number 19
[  494.643692][   T30] audit: type=1400 audit(6056960583.723:537): avc:  denied  { connect } for  pid=10635 comm="syz.1.945" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  495.655861][   T30] audit: type=1400 audit(6056960583.723:538): avc:  denied  { getopt } for  pid=10635 comm="syz.1.945" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  497.449762][   T30] audit: type=1400 audit(6056960586.763:539): avc:  denied  { setopt } for  pid=10660 comm="syz.0.950" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  497.471691][T10666] fuse: Bad value for 'fd'
[  497.500487][T10665] netlink: 10 bytes leftover after parsing attributes in process `syz.0.950'.
[  497.520440][T10665] bridge0: port 2(bridge_slave_1) entered disabled state
[  497.539382][T10669] fuse: Bad value for 'fd'
[  499.909181][T10695] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  499.925826][T10694] netlink: 20 bytes leftover after parsing attributes in process `syz.3.955'.
[  500.006574][T10697] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  500.016276][T10697] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  500.051833][   T30] audit: type=1400 audit(6056960589.343:540): avc:  denied  { write } for  pid=10696 comm="syz.2.957" path="socket:[28765]" dev="sockfs" ino=28765 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  500.075070][    C1] vkms_vblank_simulate: vblank timer overrun
[  500.816650][ T5980] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  501.003066][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[  501.009540][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[  501.023244][ T5980] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  501.194930][ T5980] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  501.209872][T10723] syzkaller1: entered promiscuous mode
[  501.243815][T10723] syzkaller1: entered allmulticast mode
[  501.254899][ T5980] usb 5-1: config 0 descriptor??
[  501.313553][ T5980] cp210x 5-1:0.0: cp210x converter detected
[  501.360524][   T30] audit: type=1400 audit(6056960590.643:541): avc:  denied  { module_request } for  pid=10724 comm="syz.1.963" kmod="fs-<NULL>" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  502.249093][   T30] audit: type=1400 audit(6056960591.553:542): avc:  denied  { map } for  pid=10738 comm="syz.0.966" path="socket:[28077]" dev="sockfs" ino=28077 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  502.343797][   T30] audit: type=1400 audit(6056960591.553:543): avc:  denied  { read } for  pid=10738 comm="syz.0.966" path="socket:[28077]" dev="sockfs" ino=28077 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  502.546634][T10747] netlink: 7 bytes leftover after parsing attributes in process `syz.2.967'.
[  502.773529][T10760] cgroup: Name too long
[  502.905157][ T5980] cp210x 5-1:0.0: failed to get vendor val 0x000e size 3: -32
[  503.118914][ T5980] usb 5-1: cp210x converter now attached to ttyUSB0
[  503.279984][T10763] netlink: 'syz.0.970': attribute type 10 has an invalid length.
[  503.303047][T10763] 8021q: adding VLAN 0 to HW filter on device batadv0
[  503.323344][   T43] usb 5-1: USB disconnect, device number 15
[  503.334521][   T43] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  503.353871][   T43] cp210x 5-1:0.0: device disconnected
[  503.361249][T10763] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  503.396781][T10765] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  503.410547][T10765] batman_adv: batadv0: Removing interface: batadv_slave_0
[  503.455698][T10765] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  503.522361][T10765] batman_adv: batadv0: Removing interface: batadv_slave_1
[  503.617088][T10765] bond0: (slave batadv0): Releasing backup interface
[  504.099438][   T43] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  504.326717][   T30] audit: type=1800 audit(6056960593.543:544): pid=10805 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.0.975" name="SYSV00000000" dev="hugetlbfs" ino=3 res=0 errno=0
[  504.787456][   T43] usb 4-1: Using ep0 maxpacket: 32
[  504.795968][   T43] usb 4-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  504.806495][   T43] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  505.482966][T10827] netlink: 1328 bytes leftover after parsing attributes in process `syz.0.981'.
[  505.517267][   T30] audit: type=1326 audit(6056960594.833:545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10823 comm="syz.0.981" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f1aea78efc9 code=0x0
[  505.938046][   T30] audit: type=1400 audit(6056960595.253:546): avc:  denied  { shutdown } for  pid=10853 comm="syz.4.983" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  506.025430][   T30] audit: type=1400 audit(6056960595.283:547): avc:  denied  { getopt } for  pid=10853 comm="syz.4.983" laddr=::1 lport=7 faddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  506.111878][   T30] audit: type=1400 audit(6056960595.423:548): avc:  denied  { create } for  pid=10863 comm="syz.4.985" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  506.365775][ T5980] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  506.479442][T10875] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  506.491439][T10875] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  506.526578][ T5980] usb 5-1: Using ep0 maxpacket: 8
[  506.533942][ T5980] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  506.548331][ T5980] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  506.558494][ T5980] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  506.570129][ T5980] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  506.583238][ T5980] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  506.592454][ T5980] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  506.806413][ T5865] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  506.815313][ T5980] usb 5-1: GET_CAPABILITIES returned 0
[  506.821179][ T5980] usbtmc 5-1:16.0: can't read capabilities
[  506.824236][   T43] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  506.839047][   T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  506.847560][   T43] usb 4-1: Product: ힴᣱ棌甮헣ₛ쟄㗄縣돀폍䒺墱濸峞♒녢햃젾걢ᦙﰙ㵧爲명먊낅䃒彩뉺࣌䖛ᆞ銐椱闙젹퐞ᮤ溓筫耓섓毙棤覹ಹ㬯셐쳂噃䚻짙ꃬ䐳
[  506.878503][   T43] usb 4-1: can't set config #1, error -71
[  506.889661][   T43] usb 4-1: USB disconnect, device number 16
[  506.965496][ T5865] usb 1-1: Using ep0 maxpacket: 16
[  506.972915][ T5865] usb 1-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4
[  506.985076][ T5865] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  507.001221][ T5865] usb 1-1: config 0 descriptor??
[  507.030520][ T5865] gspca_main: sonixj-2.14.0 probing 0471:0327
[  507.105249][T10885] netlink: 8 bytes leftover after parsing attributes in process `syz.4.985'.
[  507.971212][ T5865] gspca_sonixj: reg_w1 err -110
[  507.976880][ T5865] sonixj 1-1:0.0: probe with driver sonixj failed with error -110
[  508.376601][T10896] netlink: 24 bytes leftover after parsing attributes in process `syz.3.995'.
[  508.758113][T10901] netlink: 12 bytes leftover after parsing attributes in process `syz.1.996'.
[  509.024418][T10910] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  509.034401][T10910] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  509.111452][   T30] audit: type=1400 audit(6056960598.383:549): avc:  denied  { ioctl } for  pid=10904 comm="syz.2.998" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=28299 ioctlcmd=0xaa00 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  509.137337][    C1] vkms_vblank_simulate: vblank timer overrun
[  509.242315][ T5980] usb 5-1: USB disconnect, device number 16
[  510.228404][   T43] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  510.257438][T10925] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1004'.
[  510.895295][ T5865] usb 1-1: USB disconnect, device number 20
[  511.091235][   T43] usb 2-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  511.100357][   T43] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  511.115133][   T43] usb 2-1: config 0 descriptor??
[  511.634737][T10941] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  511.811744][T10914] raw_sendmsg: syz.1.1000 forgot to set AF_INET. Fix it!
[  511.822688][T10914] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  511.832412][T10914] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  511.852672][T10914] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  511.861403][T10914] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  511.877307][   T43] usb 2-1: Cannot set autoneg
[  511.886067][   T43] MOSCHIP usb-ethernet driver 2-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71
[  512.069473][   T43] usb 2-1: USB disconnect, device number 12
[  512.103263][T10947] netlink: 10 bytes leftover after parsing attributes in process `syz.2.1010'.
[  512.105289][   T30] audit: type=1400 audit(6056960601.413:550): avc:  denied  { read write } for  pid=10946 comm="syz.2.1010" name="file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[  512.137871][T10947] fuse: Bad value for 'fd'
[  512.178324][   T30] audit: type=1400 audit(6056960601.413:551): avc:  denied  { open } for  pid=10946 comm="syz.2.1010" path="/193/file0/file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[  512.201345][    C1] vkms_vblank_simulate: vblank timer overrun
[  512.215824][   T30] audit: type=1400 audit(6056960601.413:552): avc:  denied  { ioctl } for  pid=10946 comm="syz.2.1010" path="/193/file0/file0" dev="fuse" ino=64 ioctlcmd=0x581f scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[  512.389642][   T30] audit: type=1400 audit(6056960601.623:553): avc:  denied  { append } for  pid=10948 comm="syz.0.1011" name="nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  512.412900][    C1] vkms_vblank_simulate: vblank timer overrun
[  512.584019][   T30] audit: type=1400 audit(6056960601.623:554): avc:  denied  { open } for  pid=10948 comm="syz.0.1011" path="/dev/nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  512.634919][T10962] bridge_slave_0: left allmulticast mode
[  512.641552][T10962] bridge_slave_0: left promiscuous mode
[  512.649922][T10962] bridge0: port 1(bridge_slave_0) entered disabled state
[  513.575245][T10962] bridge_slave_1: left allmulticast mode
[  513.591147][T10962] bridge_slave_1: left promiscuous mode
[  513.599560][T10962] bridge0: port 2(bridge_slave_1) entered disabled state
[  513.610490][T10962] bond0: (slave bond_slave_0): Releasing backup interface
[  513.620875][T10962] bond0: (slave bond_slave_1): Releasing backup interface
[  513.662039][T10962] team0: Port device team_slave_0 removed
[  513.669003][T10962] team0: Port device team_slave_1 removed
[  513.677948][T10962] batman_adv: batadv0: Removing interface: batadv_slave_0
[  513.687424][T10962] batman_adv: batadv0: Removing interface: batadv_slave_1
[  513.695285][T10962] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  513.731295][T10975] erspan0: entered promiscuous mode
[  513.736680][T10975] erspan0: entered allmulticast mode
[  513.785563][   T30] audit: type=1400 audit(6056960603.083:555): avc:  denied  { unmount } for  pid=5818 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1
[  514.477765][T10994] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  514.497781][T10994] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1025'.
[  515.753444][T11009] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=44 sclass=netlink_xfrm_socket pid=11009 comm=syz.3.1029
[  515.862331][   T30] audit: type=1400 audit(6056960605.173:556): avc:  denied  { create } for  pid=11005 comm="syz.4.1028" name=317E6A82998410E5356E223E6A1F0D3E9A31019D46E922F3270CD7CE988CB1B6C16CC51616AA309A scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  515.907566][T11012] netlink: 'syz.1.1033': attribute type 1 has an invalid length.
[  515.935332][T11012] workqueue: Failed to create a rescuer kthread for wq "bond8": -EINTR
[  515.995032][   T30] audit: type=1400 audit(6056960605.303:557): avc:  denied  { unlink } for  pid=5822 comm="syz-executor" name=317E6A82998410E5356E223E6A1F0D3E9A31019D46E922F3270CD7CE988CB1B6C16CC51616AA309A dev="tmpfs" ino=1068 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  516.122413][T11034] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1038'.
[  516.131588][T11034] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1038'.
[  516.166101][T11034] bond6: entered allmulticast mode
[  516.171641][T11034] 8021q: adding VLAN 0 to HW filter on device bond6
[  516.184170][T11034] netlink: 'syz.4.1038': attribute type 10 has an invalid length.
[  516.192981][T11034] bond0: (slave wlan1): Opening slave failed
[  516.802909][T11045] netlink: 'syz.0.1039': attribute type 1 has an invalid length.
[  516.963863][T11051] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1042'.
[  517.019118][T11046] gretap1: entered promiscuous mode
[  517.117517][T11051] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  517.162739][T11051] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  517.252171][T11051] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  517.267236][T11051] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  517.377540][T11064] mkiss: ax0: crc mode is auto.
[  517.498415][T11069] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1047'.
[  517.598099][T11074] can0: slcan on ttyS3.
[  517.656231][T11074] can0 (unregistered): slcan off ttyS3.
[  517.663386][T11074] Falling back ldisc for ttyS3.
[  519.972076][   T30] audit: type=1400 audit(6056960609.133:558): avc:  denied  { bind } for  pid=11102 comm="syz.0.1055" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  520.037856][T11113] x_tables: duplicate underflow at hook 2
[  520.384398][T11124] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  520.412258][T11122] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1058'.
[  521.167503][T11131] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1051'.
[  521.208458][T11130] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1059'.
[  521.228318][T11126] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  521.280182][T11126] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1060'.
[  521.647393][   T30] audit: type=1400 audit(6056960610.893:559): avc:  denied  { create } for  pid=11133 comm="syz.1.1061" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  521.896065][T11151] bridge_slave_1: left allmulticast mode
[  521.909047][T11151] bridge_slave_1: left promiscuous mode
[  521.921609][T11151] bridge0: port 2(bridge_slave_1) entered disabled state
[  522.191578][T11151] bridge_slave_0: left allmulticast mode
[  522.200760][T11151] bridge_slave_0: left promiscuous mode
[  522.211874][T11151] bridge0: port 1(bridge_slave_0) entered disabled state
[  522.615514][   T30] audit: type=1400 audit(6056960611.663:560): avc:  denied  { accept } for  pid=11159 comm="syz.0.1066" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  522.938396][T11157] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  522.968924][T11157] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  523.075163][T11157] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1064'.
[  523.212206][T11171] 9pnet_fd: Insufficient options for proto=fd
[  523.274459][T11173] FAULT_INJECTION: forcing a failure.
[  523.274459][T11173] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  523.332362][T11173] CPU: 0 UID: 0 PID: 11173 Comm: syz.4.1068 Not tainted syzkaller #0 PREEMPT(full) 
[  523.332387][T11173] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  523.332396][T11173] Call Trace:
[  523.332402][T11173]  <TASK>
[  523.332409][T11173]  dump_stack_lvl+0x16c/0x1f0
[  523.332441][T11173]  should_fail_ex+0x512/0x640
[  523.332465][T11173]  _copy_from_user+0x2e/0xd0
[  523.332487][T11173]  copy_from_sockptr_offset+0x15c/0x1b0
[  523.332507][T11173]  ? __pfx_copy_from_sockptr_offset+0x10/0x10
[  523.332527][T11173]  ? __pfx_avc_has_perm+0x10/0x10
[  523.332553][T11173]  do_tcp_setsockopt+0x145/0x2500
[  523.332578][T11173]  ? __pfx_do_tcp_setsockopt+0x10/0x10
[  523.332599][T11173]  ? sock_has_perm+0x259/0x2f0
[  523.332624][T11173]  ? __pfx_sock_has_perm+0x10/0x10
[  523.332655][T11173]  ? selinux_netlbl_socket_setsockopt+0x183/0x470
[  523.332676][T11173]  ? __pfx_selinux_netlbl_socket_setsockopt+0x10/0x10
[  523.332702][T11173]  ? find_held_lock+0x2b/0x80
[  523.332729][T11173]  tcp_setsockopt+0xe2/0x100
[  523.332750][T11173]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  523.332776][T11173]  do_sock_setsockopt+0xf3/0x1d0
[  523.332805][T11173]  __sys_setsockopt+0x1a0/0x230
[  523.332832][T11173]  __x64_sys_setsockopt+0xbd/0x160
[  523.332852][T11173]  ? do_syscall_64+0x91/0xfa0
[  523.332877][T11173]  ? lockdep_hardirqs_on+0x7c/0x110
[  523.332902][T11173]  do_syscall_64+0xcd/0xfa0
[  523.332929][T11173]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  523.332945][T11173] RIP: 0033:0x7fc818b8efc9
[  523.332961][T11173] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  523.332977][T11173] RSP: 002b:00007fc819a42038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  523.332994][T11173] RAX: ffffffffffffffda RBX: 00007fc818de5fa0 RCX: 00007fc818b8efc9
[  523.333006][T11173] RDX: 000000000000000e RSI: 0000000000000006 RDI: 0000000000000003
[  523.333014][T11173] RBP: 00007fc819a42090 R08: 00000000000000d8 R09: 0000000000000000
[  523.333024][T11173] R10: 0000200000000480 R11: 0000000000000246 R12: 0000000000000001
[  523.333033][T11173] R13: 00007fc818de6038 R14: 00007fc818de5fa0 R15: 00007ffe907b2bb8
[  523.333058][T11173]  </TASK>
[  524.185110][T11184] bridge0: port 2(bridge_slave_1) entered disabled state
[  524.192734][T11184] bridge0: port 1(bridge_slave_0) entered disabled state
[  524.235935][   T30] audit: type=1400 audit(6056960613.483:561): avc:  denied  { connect } for  pid=11178 comm="syz.4.1069" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  524.241536][T11184] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1069'.
[  524.261331][   T30] audit: type=1400 audit(6056960613.493:562): avc:  denied  { ioctl } for  pid=11178 comm="syz.4.1069" path="socket:[29778]" dev="sockfs" ino=29778 ioctlcmd=0x894b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  524.336612][   T30] audit: type=1400 audit(6056960613.643:563): avc:  denied  { read write } for  pid=11178 comm="syz.4.1069" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  524.339102][T11165] bridge6: port 1(veth3) entered blocking state
[  524.385656][T11165] bridge6: port 1(veth3) entered disabled state
[  524.407933][   T30] audit: type=1400 audit(6056960613.653:564): avc:  denied  { open } for  pid=11178 comm="syz.4.1069" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  524.438297][T11165] veth3: entered allmulticast mode
[  524.467780][T11165] veth3: entered promiscuous mode
[  525.060494][T11209] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  525.076734][T11208] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1074'.
[  526.149306][T11224] FAULT_INJECTION: forcing a failure.
[  526.149306][T11224] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  526.316546][T11224] CPU: 1 UID: 0 PID: 11224 Comm: syz.4.1079 Not tainted syzkaller #0 PREEMPT(full) 
[  526.316568][T11224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  526.316578][T11224] Call Trace:
[  526.316583][T11224]  <TASK>
[  526.316590][T11224]  dump_stack_lvl+0x16c/0x1f0
[  526.316620][T11224]  should_fail_ex+0x512/0x640
[  526.316641][T11224]  _copy_from_user+0x2e/0xd0
[  526.316656][T11224]  tcp_v4_parse_md5_keys+0x318/0x6b0
[  526.316671][T11224]  ? __pfx_tcp_v4_parse_md5_keys+0x10/0x10
[  526.316698][T11224]  ? __local_bh_enable_ip+0xa4/0x120
[  526.316711][T11224]  ? lockdep_hardirqs_on+0x7c/0x110
[  526.316729][T11224]  do_tcp_setsockopt+0x1a28/0x2500
[  526.316745][T11224]  ? __pfx_do_tcp_setsockopt+0x10/0x10
[  526.316758][T11224]  ? sock_has_perm+0x259/0x2f0
[  526.316775][T11224]  ? __pfx_sock_has_perm+0x10/0x10
[  526.316791][T11224]  ? selinux_netlbl_socket_setsockopt+0x183/0x470
[  526.316803][T11224]  ? __pfx_selinux_netlbl_socket_setsockopt+0x10/0x10
[  526.316819][T11224]  ? find_held_lock+0x2b/0x80
[  526.316840][T11224]  tcp_setsockopt+0xe2/0x100
[  526.316853][T11224]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  526.316884][T11224]  do_sock_setsockopt+0xf3/0x1d0
[  526.316903][T11224]  __sys_setsockopt+0x1a0/0x230
[  526.316918][T11224]  __x64_sys_setsockopt+0xbd/0x160
[  526.316930][T11224]  ? do_syscall_64+0x91/0xfa0
[  526.316946][T11224]  ? lockdep_hardirqs_on+0x7c/0x110
[  526.316961][T11224]  do_syscall_64+0xcd/0xfa0
[  526.316977][T11224]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  526.316988][T11224] RIP: 0033:0x7fc818b8efc9
[  526.316997][T11224] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  526.317007][T11224] RSP: 002b:00007fc819a42038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  526.317017][T11224] RAX: ffffffffffffffda RBX: 00007fc818de5fa0 RCX: 00007fc818b8efc9
[  526.317024][T11224] RDX: 000000000000000e RSI: 0000000000000006 RDI: 0000000000000003
[  526.317030][T11224] RBP: 00007fc819a42090 R08: 00000000000000d8 R09: 0000000000000000
[  526.317035][T11224] R10: 0000200000000480 R11: 0000000000000246 R12: 0000000000000001
[  526.317041][T11224] R13: 00007fc818de6038 R14: 00007fc818de5fa0 R15: 00007ffe907b2bb8
[  526.317056][T11224]  </TASK>
[  528.926813][T11260] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  529.212555][T11269] erspan0: entered promiscuous mode
[  529.226127][T11269] erspan0: entered allmulticast mode
[  529.312955][   T30] audit: type=1326 audit(6056960618.573:565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11251 comm="syz.2.1087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff816b8efc9 code=0x7ffc0000
[  529.345771][   T30] audit: type=1326 audit(6056960618.573:566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11251 comm="syz.2.1087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff816b8efc9 code=0x7ffc0000
[  529.369753][   T30] audit: type=1326 audit(6056960618.573:567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11251 comm="syz.2.1087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=97 compat=0 ip=0x7ff816b8efc9 code=0x7ffc0000
[  529.394181][   T30] audit: type=1326 audit(6056960618.573:568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11251 comm="syz.2.1087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff816b8efc9 code=0x7ffc0000
[  529.429865][T11273] x_tables: duplicate underflow at hook 2
[  529.441538][   T30] audit: type=1326 audit(6056960618.573:569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11251 comm="syz.2.1087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff816b8efc9 code=0x7ffc0000
[  529.472045][   T30] audit: type=1326 audit(6056960618.573:570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11251 comm="syz.2.1087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff816b8efc9 code=0x7ffc0000
[  529.511562][   T30] audit: type=1326 audit(6056960618.573:571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11251 comm="syz.2.1087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff816b8efc9 code=0x7ffc0000
[  529.819937][   T30] audit: type=1326 audit(6056960618.583:572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11251 comm="syz.2.1087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff816b8efc9 code=0x7ffc0000
[  529.910803][   T30] audit: type=1326 audit(6056960618.613:573): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11251 comm="syz.2.1087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff816b8efc9 code=0x7ffc0000
[  530.050767][   T30] audit: type=1326 audit(6056960618.613:574): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11251 comm="syz.2.1087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff816b8efc9 code=0x7ffc0000
[  530.215592][ T5886] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  530.365914][ T5886] usb 1-1: Using ep0 maxpacket: 8
[  530.867923][ T5866] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  530.880733][ T5886] usb 1-1: New USB device found, idVendor=110a, idProduct=1450, bcdDevice=62.cb
[  530.890090][ T5886] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  530.901500][ T5886] usb 1-1: Product: syz
[  530.905972][ T5886] usb 1-1: Manufacturer: syz
[  530.910730][ T5886] usb 1-1: SerialNumber: syz
[  531.025514][ T5866] usb 5-1: Using ep0 maxpacket: 32
[  531.038540][ T5866] usb 5-1: config 0 has an invalid interface number: 51 but max is 0
[  531.049007][ T5866] usb 5-1: config 0 has no interface number 0
[  531.074206][ T5866] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  531.090548][ T5866] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  531.104054][ T5866] usb 5-1: Product: syz
[  531.108520][ T5866] usb 5-1: Manufacturer: syz
[  531.113305][ T5866] usb 5-1: SerialNumber: syz
[  531.124240][ T5866] usb 5-1: config 0 descriptor??
[  531.167576][ T5866] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  531.189731][T11284] bond15: ARP target 5.0.0.0 is already present
[  531.208423][T11284] bond15: option arp_ip_target: invalid value (5)
[  531.219137][T11305] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1099'.
[  531.240031][T11284] bond15 (unregistering): Released all slaves
[  531.240617][T11307] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  531.258767][T11307] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  531.360508][ T5886] mxuport 1-1:254.0: mxuport_send_ctrl_data_urb - usb_control_msg failed (-71)
[  531.369566][ T5866] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  531.372142][ T5866] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  531.390719][T11310] binder: BINDER_SET_CONTEXT_MGR already set
[  531.396814][T11310] binder: 11303:11310 ioctl 4018620d 2000000000c0 returned -16
[  531.405067][ T5886] mxuport 1-1:254.0: mxuport_send_ctrl_data_urb - usb_control_msg failed (-71)
[  532.602280][ T5886] mxuport 1-1:254.0: probe with driver mxuport failed with error -71
[  532.631117][ T5886] usb 1-1: USB disconnect, device number 21
[  532.825301][    C1] usb 5-1: qt2_read_bulk_callback - non-zero urb status: -71
[  532.848207][ T5980] usb 5-1: USB disconnect, device number 17
[  532.879857][ T5980] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  532.912511][ T5980] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  532.935269][ T5980] quatech2 5-1:0.51: device disconnected
[  533.131441][T11324] Invalid source name
[  533.606600][T11330] netlink: 52 bytes leftover after parsing attributes in process `syz.3.1102'.
[  534.038510][T11340] netlink: 7 bytes leftover after parsing attributes in process `syz.1.1105'.
[  534.220614][T11342] netlink: 7 bytes leftover after parsing attributes in process `syz.4.1106'.
[  534.518594][   T30] kauditd_printk_skb: 4 callbacks suppressed
[  534.518605][   T30] audit: type=1400 audit(6056960623.833:579): avc:  denied  { write } for  pid=11327 comm="syz.0.1104" dev="sockfs" ino=30149 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  534.546801][T11336] 9pnet_fd: Insufficient options for proto=fd
[  534.750574][T11348] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  534.865523][   T43] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  535.086820][   T43] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  535.101358][   T43] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  535.125719][   T43] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  535.157406][   T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  535.196326][T11344] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  535.212921][   T43] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  535.672151][T11358] 8021q: adding VLAN 0 to HW filter on device bond15
[  535.868610][T11363] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  535.926353][T11363] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  536.465558][   T43] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  536.635543][   T43] usb 1-1: Using ep0 maxpacket: 8
[  536.641938][   T43] usb 1-1: config 0 has an invalid interface number: 208 but max is 0
[  536.650482][   T43] usb 1-1: config 0 has no interface number 0
[  536.656623][   T43] usb 1-1: New USB device found, idVendor=1de1, idProduct=c102, bcdDevice=4d.89
[  536.665729][   T43] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  537.352309][   T43] usb 1-1: config 0 descriptor??
[  537.383536][   T43] usb-storage 1-1:0.208: USB Mass Storage device detected
[  537.406921][   T43] usb-storage 1-1:0.208: device ignored
[  537.442957][ T5893] usb 4-1: USB disconnect, device number 17
[  537.802844][T11381] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1116'.
[  539.787703][ T5865] usb 1-1: USB disconnect, device number 22
[  540.066185][T11393] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  540.075537][T11393] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  540.426947][   T30] audit: type=1400 audit(6056960629.749:580): avc:  denied  { setopt } for  pid=11404 comm="syz.1.1123" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  541.090466][T11427] netlink: 'syz.0.1131': attribute type 2 has an invalid length.
[  541.100621][T11427] netlink: 'syz.0.1131': attribute type 3 has an invalid length.
[  541.109448][T11427] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1131'.
[  541.316101][ T5893] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  541.434580][T11439] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1384 sclass=netlink_route_socket pid=11439 comm=syz.0.1136
[  541.758507][ T5893] usb 5-1: config 0 has an invalid interface number: 117 but max is 0
[  541.781327][ T5893] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  541.811270][ T5893] usb 5-1: config 0 has no interface number 0
[  541.832743][ T5893] usb 5-1: config 0 interface 117 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  541.851469][ T5893] usb 5-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0
[  541.861136][ T5893] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  541.869356][ T5893] usb 5-1: Product: syz
[  541.873849][ T5893] usb 5-1: Manufacturer: syz
[  541.879935][ T5893] usb 5-1: SerialNumber: syz
[  541.889514][T11450] openvswitch: netlink: IP tunnel dst address not specified
[  541.900510][ T5893] usb 5-1: config 0 descriptor??
[  541.972482][T11447] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  542.143254][   T30] audit: type=1400 audit(6056960631.459:581): avc:  denied  { audit_control } for  pid=11461 comm="syz.3.1144" capability=30  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  542.180099][T11429] netlink: 164 bytes leftover after parsing attributes in process `syz.4.1132'.
[  542.510948][T11474] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  542.531861][T11474] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1148'.
[  544.004504][   T30] audit: type=1400 audit(6056960633.319:582): avc:  denied  { map } for  pid=11497 comm="syz.3.1155" path="/dev/vcs" dev="devtmpfs" ino=14 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tty_device_t tclass=chr_file permissive=1
[  544.074189][   T30] audit: type=1400 audit(6056960633.319:583): avc:  denied  { execute } for  pid=11497 comm="syz.3.1155" path="/dev/vcs" dev="devtmpfs" ino=14 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tty_device_t tclass=chr_file permissive=1
[  544.755508][   T43] usb 5-1: USB disconnect, device number 18
[  545.739782][T11527] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  545.745546][ T5980] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  545.776687][T11526] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1162'.
[  545.987074][ T5980] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  546.295519][ T5980] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  546.305382][ T5980] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  546.314603][ T5980] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  546.382750][   T30] audit: type=1400 audit(6056960635.699:584): avc:  denied  { bind } for  pid=11535 comm="syz.3.1166" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  546.406349][   T30] audit: type=1400 audit(6056960635.719:585): avc:  denied  { remount } for  pid=11535 comm="syz.3.1166" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  546.426832][T11524] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  546.437630][ T5980] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  546.845786][T11554] binder: BINDER_SET_CONTEXT_MGR already set
[  546.851840][T11554] binder: 11541:11554 ioctl 4018620d 2000000000c0 returned -16
[  546.864323][T11554] binder: 11541:11554 ioctl c0306201 0 returned -14
[  548.816273][T11564] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  548.832454][T11564] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1171'.
[  550.366850][ T5921] usb 1-1: USB disconnect, device number 23
[  550.453901][T11569] binder: BINDER_SET_CONTEXT_MGR already set
[  550.471905][T11569] binder: 11568:11569 ioctl 4018620d 2000000002c0 returned -16
[  550.530805][T11569] vlan2: entered promiscuous mode
[  550.595189][T11569] bridge0: entered promiscuous mode
[  550.622038][T11569] vlan2: entered allmulticast mode
[  550.656945][T11569] bridge0: entered allmulticast mode
[  550.880256][T11587] tipc: Failed to remove unknown binding: 66,1,1/0:1957801549/1957801551
[  550.899642][   T30] audit: type=1400 audit(6056960640.219:586): avc:  denied  { map } for  pid=11589 comm="syz.0.1178" path="/proc/1014" dev="proc" ino=31375 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[  550.934423][T11587] tipc: Failed to remove unknown binding: 66,1,1/0:1957801549/1957801551
[  550.952412][   T30] audit: type=1400 audit(6056960640.269:587): avc:  denied  { listen } for  pid=11586 comm="syz.4.1177" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  552.401037][T11617] Invalid source name
[  552.416570][T11623] PKCS7: Unknown OID: [4] 2.19.13055.1334505.0.0.0.0
[  552.843534][T11623] PKCS7: Only support pkcs7_signedData type
[  552.871112][T11631] vlan2: entered promiscuous mode
[  552.876406][T11631] vlan2: entered allmulticast mode
[  553.103129][T11635] UBIFS error (pid: 11635): cannot open "c:::", error -22
[  553.276757][T11635] vxfs: WRONG superblock magic 00000000 at 1
[  553.291401][T11635] vxfs: WRONG superblock magic 00000000 at 8
[  553.297431][T11635] vxfs: can't find superblock.
[  553.527499][ T5921] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  553.615377][T11637] fuse: Bad value for 'fd'
[  554.307261][   T30] audit: type=1400 audit(6056960642.949:588): avc:  denied  { name_connect } for  pid=11628 comm="syz.0.1187" dest=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=sctp_socket permissive=1
[  554.354785][   T30] audit: type=1400 audit(6056960643.649:589): avc:  denied  { write } for  pid=11628 comm="syz.0.1187" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  554.381875][ T5921] usb 4-1: Using ep0 maxpacket: 16
[  554.420707][ T5921] usb 4-1: config 0 has an invalid interface number: 251 but max is 0
[  554.458906][ T5921] usb 4-1: config 0 has no interface number 0
[  554.465148][ T5921] usb 4-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[  554.485776][ T5921] usb 4-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[  554.498035][ T5921] usb 4-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[  554.513167][ T5921] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  554.521616][ T5921] usb 4-1: Product: syz
[  554.525901][ T5921] usb 4-1: Manufacturer: syz
[  554.530495][ T5921] usb 4-1: SerialNumber: syz
[  554.548808][ T5921] usb 4-1: config 0 descriptor??
[  554.554481][T11620] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  554.584370][T11620] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  554.794715][T11620] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  554.802349][T11620] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  555.018526][   T30] audit: type=1400 audit(6056960644.339:590): avc:  denied  { mounton } for  pid=11619 comm="syz.3.1185" path="/253/file1" dev="tmpfs" ino=1354 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=fifo_file permissive=1
[  555.170934][ T5921] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  555.181422][ T5921] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to read software interface selection register: -71
[  555.733791][ T5921] asix 4-1:0.251: probe with driver asix failed with error -71
[  555.797796][ T5921] usb 4-1: USB disconnect, device number 18
[  556.074339][T11682] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1198'.
[  556.086860][   T30] audit: type=1400 audit(6056960645.399:591): avc:  denied  { bind } for  pid=11674 comm="syz.3.1198" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  556.515536][ T5921] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[  556.526631][T11688] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off.
[  556.552495][T11688] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  556.827284][ T5921] usb 1-1: Using ep0 maxpacket: 16
[  556.858980][ T5921] usb 1-1: unable to get BOS descriptor or descriptor too short
[  556.878244][ T5921] usb 1-1: config 8 has an invalid interface number: 34 but max is 0
[  556.903706][ T5921] usb 1-1: config 8 has no interface number 0
[  556.945928][ T5921] usb 1-1: config 8 interface 34 altsetting 2 endpoint 0x2 has invalid maxpacket 1024, setting to 64
[  556.999077][ T5921] usb 1-1: config 8 interface 34 has no altsetting 0
[  557.011516][ T5921] usb 1-1: New USB device found, idVendor=0424, idProduct=c001, bcdDevice=e2.0c
[  557.020905][ T5921] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  557.085245][ T5921] usb 1-1: Product: syz
[  557.178340][ T5921] usb 1-1: Manufacturer: syz
[  557.191408][ T5921] usb 1-1: SerialNumber: syz
[  557.523077][ T5921] usb 1-1: USB disconnect, device number 24
[  557.988066][   T30] audit: type=1400 audit(6056960647.309:592): avc:  denied  { read } for  pid=11703 comm="syz.2.1205" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  559.757561][T11721] macsec1: entered promiscuous mode
[  559.763058][T11721] macsec1: entered allmulticast mode
[  561.113303][T11726] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1210'.
[  561.398361][T11732] SELinux: failed to load policy
[  562.065582][   T43] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  562.160673][T11749] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  562.184105][   T30] audit: type=1400 audit(6056960651.499:593): avc:  denied  { read } for  pid=11748 comm="syz.1.1217" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  562.295827][   T43] usb 4-1: Using ep0 maxpacket: 32
[  562.305079][   T43] usb 4-1: config 0 has an invalid interface number: 67 but max is 0
[  562.331562][   T43] usb 4-1: config 0 has no interface number 0
[  562.438052][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[  562.445655][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[  562.457610][   T43] usb 4-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  562.525521][   T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  562.970785][   T30] audit: type=1400 audit(6056960652.289:594): avc:  denied  { bind } for  pid=11764 comm="syz.4.1219" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  562.990093][    C0] vkms_vblank_simulate: vblank timer overrun
[  563.000912][   T43] usb 4-1: Product: syz
[  563.076650][   T43] usb 4-1: Manufacturer: syz
[  563.092001][   T43] usb 4-1: SerialNumber: syz
[  563.187866][   T43] usb 4-1: config 0 descriptor??
[  563.312971][   T43] smsc95xx v2.0.0
[  563.729686][   T43] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  564.221871][   T43] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  564.474842][   T43] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  564.499896][   T43] smsc95xx 4-1:0.67: probe with driver smsc95xx failed with error -71
[  564.550416][   T43] usb 4-1: USB disconnect, device number 19
[  564.772441][T11791] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1223'.
[  565.017909][T11797] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  565.044749][T11797] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1226'.
[  565.125276][T11801] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  567.615839][   T30] audit: type=1400 audit(6056960656.929:595): avc:  denied  { getopt } for  pid=11834 comm="syz.4.1234" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  567.918234][T11846] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  567.967648][T11846] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  569.175163][T11860] x_tables: duplicate underflow at hook 2
[  569.467798][   T43] libceph: connect (1)[c::]:6789 error -101
[  569.474271][   T43] libceph: mon0 (1)[c::]:6789 connect error
[  570.032215][   T43] libceph: connect (1)[c::]:6789 error -101
[  570.038444][   T43] libceph: mon0 (1)[c::]:6789 connect error
[  570.245953][T11866] ceph: No mds server is up or the cluster is laggy
[  570.251479][ T5886] usb 4-1: new full-speed USB device number 20 using dummy_hcd
[  570.492865][   T30] audit: type=1400 audit(6056960659.769:596): avc:  denied  { write } for  pid=11863 comm="syz.4.1243" name="file0" dev="tmpfs" ino=1301 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  570.518646][   T30] audit: type=1400 audit(6056960659.769:597): avc:  denied  { open } for  pid=11863 comm="syz.4.1243" path="/241/file0" dev="tmpfs" ino=1301 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  570.636124][   T30] audit: type=1400 audit(6056960659.769:598): avc:  denied  { ioctl } for  pid=11863 comm="syz.4.1243" path="/241/file0" dev="tmpfs" ino=1301 ioctlcmd=0x1273 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  570.708263][ T5886] usb 4-1: too many endpoints for config 0 interface 0 altsetting 254: 253, using maximum allowed: 30
[  570.729717][ T5886] usb 4-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0
[  570.780647][T11886] vlan2: entered promiscuous mode
[  570.817570][T11886] bridge0: entered promiscuous mode
[  570.822889][ T5886] usb 4-1: config 0 interface 0 altsetting 254 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  570.841661][T11886] vlan2: entered allmulticast mode
[  570.862454][T11886] bridge0: entered allmulticast mode
[  570.895354][ T5886] usb 4-1: config 0 interface 0 has no altsetting 0
[  570.941360][ T5886] usb 4-1: New USB device found, idVendor=044e, idProduct=120c, bcdDevice= 0.00
[  570.985554][ T5886] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  571.061617][ T5886] usb 4-1: config 0 descriptor??
[  571.061735][T11892] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  571.071791][T11894] netlink: 80 bytes leftover after parsing attributes in process `syz.2.1251'.
[  571.665786][ T5886] hid-alps 0003:044E:120C.0007: hidraw0: USB HID v0.04 Device [HID 044e:120c] on usb-dummy_hcd.3-1/input0
[  572.153489][T11914] x_tables: duplicate underflow at hook 2
[  572.168299][ T5959] usb 4-1: USB disconnect, device number 20
[  572.389637][T11922] syzkaller0: entered promiscuous mode
[  572.395129][T11922] syzkaller0: entered allmulticast mode
[  572.527389][T11922] netlink: 'syz.4.1259': attribute type 10 has an invalid length.
[  572.534771][   T30] audit: type=1800 audit(6056960661.839:599): pid=11918 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.0.1258" name="bus" dev="overlay" ino=1389 res=0 errno=0
[  572.535312][T11922] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1259'.
[  572.568867][T11922] ipvlan1: entered allmulticast mode
[  572.574197][T11922] veth0_vlan: entered allmulticast mode
[  573.208051][T11922] bridge0: port 3(ipvlan1) entered blocking state
[  573.215124][T11922] bridge0: port 3(ipvlan1) entered disabled state
[  573.224409][T11922] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  573.371434][   T30] audit: type=1400 audit(6056960662.689:600): avc:  denied  { getopt } for  pid=11929 comm="syz.2.1261" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  573.392360][T11930] SELinux: ebitmap: truncated map
[  573.416725][T11930] SELinux: failed to load policy
[  573.486086][ T5866] libceph: connect (1)[c::]:6789 error -101
[  573.493083][ T5866] libceph: mon0 (1)[c::]:6789 connect error
[  573.609269][T11939] ceph: No mds server is up or the cluster is laggy
[  573.630920][   T30] audit: type=1400 audit(6056960662.929:601): avc:  denied  { create } for  pid=11938 comm="syz.4.1265" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  573.679255][   T30] audit: type=1400 audit(6056960662.929:602): avc:  denied  { write } for  pid=11938 comm="syz.4.1265" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  573.705603][   T30] audit: type=1400 audit(6056960662.929:603): avc:  denied  { nlmsg_write } for  pid=11938 comm="syz.4.1265" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  573.933455][T11946] A link change request failed with some changes committed already. Interface bond_slave_0 may have been left with an inconsistent configuration, please check.
[  575.967126][   T30] audit: type=1400 audit(6056960665.189:604): avc:  denied  { execmem } for  pid=11959 comm="syz.1.1267" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  576.603542][T11964] x_tables: duplicate underflow at hook 2
[  577.334597][T11978] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  577.395666][T11983] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  578.019690][T11999] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=44 sclass=netlink_xfrm_socket pid=11999 comm=syz.3.1278
[  578.245369][T12004] x_tables: duplicate underflow at hook 2
[  578.586689][   T30] audit: type=1400 audit(6056960667.639:605): avc:  denied  { create } for  pid=12002 comm="syz.3.1280" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  578.606126][    C0] vkms_vblank_simulate: vblank timer overrun
[  578.619056][   T30] audit: type=1400 audit(6056960667.639:606): avc:  denied  { bind } for  pid=12002 comm="syz.3.1280" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  578.638617][   T30] audit: type=1400 audit(6056960667.639:607): avc:  denied  { setopt } for  pid=12002 comm="syz.3.1280" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  579.399770][   T30] audit: type=1400 audit(6056960668.689:608): avc:  denied  { map } for  pid=12013 comm="syz.2.1284" path="/dev/dri/card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  579.433241][   T30] audit: type=1400 audit(6056960668.689:609): avc:  denied  { execute } for  pid=12013 comm="syz.2.1284" path="/dev/dri/card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  579.844666][T12026] No control pipe specified
[  580.206344][T12029] loop8: detected capacity change from 0 to 7
[  580.215098][T12029]  loop8: [CUMANA/ADFS] p1 [Linux] p2 [ADFS] p1 [Linux] p2
[  580.223474][T12029] loop8: partition table partially beyond EOD, truncated
[  580.248640][T12029] loop8: p1 size 3651402975 extends beyond EOD, truncated
[  580.287342][T12029] loop8: p2 start 956478 is beyond EOD, truncated
[  580.431180][T11578] udevd[11578]: inotify_add_watch(7, /dev/loop8p1, 10) failed: No such file or directory
[  580.508462][T12035] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  580.517202][T12035] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  580.907654][T12041] x_tables: duplicate underflow at hook 2
[  580.943953][T12039] ptrace attach of ""[12042] was attempted by "./syz-executor exec"[12039]
[  581.035949][T12043] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  581.045582][   T30] audit: type=1400 audit(6056960671.325:610): avc:  denied  { mounton } for  pid=12018 comm="syz.4.1286" path="/bus" dev="ramfs" ino=33167 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=dir permissive=1
[  581.078810][T12043] overlayfs: failed to set xattr on upper
[  581.255568][T12043] overlayfs: ...falling back to redirect_dir=nofollow.
[  581.265853][T12043] overlayfs: ...falling back to index=off.
[  581.271644][T12043] overlayfs: ...falling back to uuid=null.
[  581.302229][T12043] overlayfs: conflicting lowerdir path
[  581.384757][T12046] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1294'.
[  581.617761][   T30] audit: type=1400 audit(6056960671.935:611): avc:  denied  { read } for  pid=12047 comm="syz.1.1295" name="loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  581.651140][   T30] audit: type=1400 audit(6056960671.935:612): avc:  denied  { open } for  pid=12047 comm="syz.1.1295" path="/dev/loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  581.741569][T12054] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  581.846714][T12058] tmpfs: Cannot change global quota limit on remount
[  582.140767][   T43] libceph: connect (1)[c::]:6789 error -101
[  582.146791][   T43] libceph: mon0 (1)[c::]:6789 connect error
[  582.337756][T12064] ceph: No mds server is up or the cluster is laggy
[  582.420269][   T43] libceph: connect (1)[c::]:6789 error -101
[  582.515908][   T43] libceph: mon0 (1)[c::]:6789 connect error
[  582.968726][ T5980] libceph: connect (1)[c::]:6789 error -101
[  582.995799][ T5980] libceph: mon0 (1)[c::]:6789 connect error
[  583.132030][T12092] ==================================================================
[  583.140110][T12092] BUG: KASAN: slab-use-after-free in sysfs_remove_file_ns+0x63/0x70
[  583.148092][T12092] Read of size 8 at addr ffff8880737a9230 by task syz.2.1306/12092
[  583.155979][T12092] 
[  583.158378][T12092] CPU: 0 UID: 0 PID: 12092 Comm: syz.2.1306 Not tainted syzkaller #0 PREEMPT(full) 
[  583.158400][T12092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  583.158411][T12092] Call Trace:
[  583.158418][T12092]  <TASK>
[  583.158427][T12092]  dump_stack_lvl+0x116/0x1f0
[  583.158458][T12092]  print_report+0xcd/0x630
[  583.158479][T12092]  ? __virt_addr_valid+0x81/0x610
[  583.158506][T12092]  ? __phys_addr+0xe8/0x180
[  583.158532][T12092]  ? sysfs_remove_file_ns+0x63/0x70
[  583.158552][T12092]  kasan_report+0xe0/0x110
[  583.158572][T12092]  ? sysfs_remove_file_ns+0x63/0x70
[  583.158595][T12092]  sysfs_remove_file_ns+0x63/0x70
[  583.158614][T12092]  driver_remove_file+0x4a/0x60
[  583.158636][T12092]  bus_remove_driver+0x224/0x2c0
[  583.158664][T12092]  driver_unregister+0x76/0xb0
[  583.158684][T12092]  comedi_device_detach_locked+0x12f/0xa50
[  583.158710][T12092]  do_devconfig_ioctl+0x555/0x710
[  583.158736][T12092]  ? __mutex_lock+0x344/0x1060
[  583.158753][T12092]  ? __pfx_do_devconfig_ioctl+0x10/0x10
[  583.158788][T12092]  ? find_held_lock+0x2b/0x80
[  583.158812][T12092]  comedi_unlocked_ioctl+0x165d/0x2f00
[  583.158834][T12092]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[  583.158855][T12092]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  583.158879][T12092]  ? do_vfs_ioctl+0x128/0x14f0
[  583.158904][T12092]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  583.158929][T12092]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  583.158955][T12092]  ? irqentry_exit+0x3b/0x90
[  583.158981][T12092]  ? hook_file_ioctl_common+0x145/0x410
[  583.159008][T12092]  ? selinux_file_ioctl+0x180/0x270
[  583.159027][T12092]  ? selinux_file_ioctl+0xb4/0x270
[  583.159047][T12092]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[  583.159066][T12092]  __x64_sys_ioctl+0x18e/0x210
[  583.159091][T12092]  do_syscall_64+0xcd/0xfa0
[  583.159118][T12092]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  583.159136][T12092] RIP: 0033:0x7ff816b8efc9
[  583.159151][T12092] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  583.159169][T12092] RSP: 002b:00007ff8179b6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  583.159187][T12092] RAX: ffffffffffffffda RBX: 00007ff816de6180 RCX: 00007ff816b8efc9
[  583.159199][T12092] RDX: 0000000000000000 RSI: 0000000040946400 RDI: 0000000000000003
[  583.159209][T12092] RBP: 00007ff816c11f91 R08: 0000000000000000 R09: 0000000000000000
[  583.159220][T12092] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  583.159230][T12092] R13: 00007ff816de6218 R14: 00007ff816de6180 R15: 00007ffe00e9d528
[  583.159249][T12092]  </TASK>
[  583.159255][T12092] 
[  583.415772][T12092] Allocated by task 11918:
[  583.420166][T12092]  kasan_save_stack+0x33/0x60
[  583.424842][T12092]  kasan_save_track+0x14/0x30
[  583.429512][T12092]  __kasan_kmalloc+0xaa/0xb0
[  583.434085][T12092]  __kmalloc_noprof+0x32f/0x880
[  583.438929][T12092]  iter_file_splice_write+0x1cc/0x12e0
[  583.444554][T12092]  backing_file_splice_write+0x27f/0x890
[  583.450168][T12092]  ovl_splice_write+0x38d/0x6c0
[  583.455010][T12092]  direct_splice_actor+0x192/0x6c0
[  583.460113][T12092]  splice_direct_to_actor+0x345/0xa30
[  583.465489][T12092]  do_splice_direct+0x174/0x240
[  583.470323][T12092]  do_sendfile+0xb06/0xe50
[  583.474720][T12092]  __x64_sys_sendfile64+0x154/0x220
[  583.479897][T12092]  do_syscall_64+0xcd/0xfa0
[  583.484392][T12092]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  583.490262][T12092] 
[  583.492561][T12092] Freed by task 11918:
[  583.496598][T12092]  kasan_save_stack+0x33/0x60
[  583.501251][T12092]  kasan_save_track+0x14/0x30
[  583.505923][T12092]  __kasan_save_free_info+0x3b/0x60
[  583.511100][T12092]  __kasan_slab_free+0x5f/0x80
[  583.515841][T12092]  kfree+0x2b8/0x6d0
[  583.519719][T12092]  iter_file_splice_write+0x67a/0x12e0
[  583.525155][T12092]  backing_file_splice_write+0x27f/0x890
[  583.530768][T12092]  ovl_splice_write+0x38d/0x6c0
[  583.535598][T12092]  direct_splice_actor+0x192/0x6c0
[  583.540683][T12092]  splice_direct_to_actor+0x345/0xa30
[  583.546030][T12092]  do_splice_direct+0x174/0x240
[  583.550943][T12092]  do_sendfile+0xb06/0xe50
[  583.555344][T12092]  __x64_sys_sendfile64+0x154/0x220
[  583.560521][T12092]  do_syscall_64+0xcd/0xfa0
[  583.565010][T12092]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  583.570886][T12092] 
[  583.573189][T12092] The buggy address belongs to the object at ffff8880737a9200
[  583.573189][T12092]  which belongs to the cache kmalloc-256 of size 256
[  583.587218][T12092] The buggy address is located 48 bytes inside of
[  583.587218][T12092]  freed 256-byte region [ffff8880737a9200, ffff8880737a9300)
[  583.600907][T12092] 
[  583.603210][T12092] The buggy address belongs to the physical page:
[  583.609608][T12092] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x737a8
[  583.618344][T12092] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  583.626814][T12092] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  583.634768][T12092] page_type: f5(slab)
[  583.638728][T12092] raw: 00fff00000000040 ffff88813ffa6b40 0000000000000000 dead000000000001
[  583.647722][T12092] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  583.656283][T12092] head: 00fff00000000040 ffff88813ffa6b40 0000000000000000 dead000000000001
[  583.664927][T12092] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  583.673572][T12092] head: 00fff00000000001 ffffea0001cdea01 00000000ffffffff 00000000ffffffff
[  583.682217][T12092] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[  583.690858][T12092] page dumped because: kasan: bad access detected
[  583.697244][T12092] page_owner tracks the page as allocated
[  583.702931][T12092] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 8734, tgid 8733 (syz.4.474), ts 358512162858, free_ts 112761799110
[  583.724179][T12092]  post_alloc_hook+0x1c0/0x230
[  583.728929][T12092]  get_page_from_freelist+0x10a3/0x3a30
[  583.734458][T12092]  __alloc_frozen_pages_noprof+0x25f/0x2470
[  583.740420][T12092]  alloc_pages_mpol+0x1fb/0x550
[  583.745248][T12092]  new_slab+0x24a/0x360
[  583.749384][T12092]  ___slab_alloc+0xdae/0x1a60
[  583.754040][T12092]  __slab_alloc.constprop.0+0x63/0x110
[  583.759488][T12092]  __kmalloc_noprof+0x501/0x880
[  583.764317][T12092]  io_cache_alloc_new+0x45/0xf0
[  583.769144][T12092]  __io_prep_rw+0x21d/0x1090
[  583.773720][T12092]  io_prep_rw+0x76/0x2c0
[  583.777942][T12092]  io_submit_sqes+0x855/0x2710
[  583.782702][T12092]  __do_sys_io_uring_enter+0xd69/0x1630
[  583.788249][T12092]  do_syscall_64+0xcd/0xfa0
[  583.792750][T12092]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  583.798623][T12092] page last free pid 5184 tgid 5184 stack trace:
[  583.804923][T12092]  __free_frozen_pages+0x7df/0x1160
[  583.810101][T12092]  __put_partials+0x130/0x170
[  583.814767][T12092]  qlist_free_all+0x4d/0x120
[  583.819419][T12092]  kasan_quarantine_reduce+0x195/0x1e0
[  583.824853][T12092]  __kasan_slab_alloc+0x69/0x90
[  583.829693][T12092]  kmem_cache_alloc_noprof+0x250/0x6e0
[  583.835161][T12092]  getname_flags.part.0+0x4c/0x550
[  583.840257][T12092]  getname_flags+0x93/0xf0
[  583.844646][T12092]  do_readlinkat+0xb4/0x3a0
[  583.849170][T12092]  __x64_sys_readlink+0x78/0xc0
[  583.854000][T12092]  do_syscall_64+0xcd/0xfa0
[  583.858487][T12092]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  583.864361][T12092] 
[  583.866668][T12092] Memory state around the buggy address:
[  583.872275][T12092]  ffff8880737a9100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  583.880312][T12092]  ffff8880737a9180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  583.888434][T12092] >ffff8880737a9200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  583.896470][T12092]                                      ^
[  583.902076][T12092]  ffff8880737a9280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  583.910116][T12092]  ffff8880737a9300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  583.918182][T12092] ==================================================================
[  583.926311][    C0] vkms_vblank_simulate: vblank timer overrun
[  583.932781][T12092] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  583.939974][T12092] CPU: 0 UID: 0 PID: 12092 Comm: syz.2.1306 Not tainted syzkaller #0 PREEMPT(full) 
[  583.949319][T12092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  583.959344][T12092] Call Trace:
[  583.962594][T12092]  <TASK>
[  583.965496][T12092]  dump_stack_lvl+0x3d/0x1f0
[  583.970066][T12092]  vpanic+0x640/0x6f0
[  583.974022][T12092]  panic+0xca/0xd0
[  583.977719][T12092]  ? __pfx_panic+0x10/0x10
[  583.982111][T12092]  ? sysfs_remove_file_ns+0x63/0x70
[  583.987326][T12092]  ? preempt_schedule_common+0x44/0xc0
[  583.992807][T12092]  ? preempt_schedule_thunk+0x16/0x30
[  583.998172][T12092]  check_panic_on_warn+0xab/0xb0
[  584.003138][T12092]  end_report+0x107/0x170
[  584.007447][T12092]  kasan_report+0xee/0x110
[  584.011844][T12092]  ? sysfs_remove_file_ns+0x63/0x70
[  584.017016][T12092]  sysfs_remove_file_ns+0x63/0x70
[  584.022025][T12092]  driver_remove_file+0x4a/0x60
[  584.026849][T12092]  bus_remove_driver+0x224/0x2c0
[  584.031762][T12092]  driver_unregister+0x76/0xb0
[  584.036498][T12092]  comedi_device_detach_locked+0x12f/0xa50
[  584.042288][T12092]  do_devconfig_ioctl+0x555/0x710
[  584.047364][T12092]  ? __mutex_lock+0x344/0x1060
[  584.052173][T12092]  ? __pfx_do_devconfig_ioctl+0x10/0x10
[  584.057723][T12092]  ? find_held_lock+0x2b/0x80
[  584.062393][T12092]  comedi_unlocked_ioctl+0x165d/0x2f00
[  584.067841][T12092]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[  584.073627][T12092]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  584.079501][T12092]  ? do_vfs_ioctl+0x128/0x14f0
[  584.084278][T12092]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  584.089284][T12092]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  584.096122][T12092]  ? irqentry_exit+0x3b/0x90
[  584.100714][T12092]  ? hook_file_ioctl_common+0x145/0x410
[  584.106250][T12092]  ? selinux_file_ioctl+0x180/0x270
[  584.111429][T12092]  ? selinux_file_ioctl+0xb4/0x270
[  584.116521][T12092]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[  584.122308][T12092]  __x64_sys_ioctl+0x18e/0x210
[  584.127057][T12092]  do_syscall_64+0xcd/0xfa0
[  584.131550][T12092]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  584.137424][T12092] RIP: 0033:0x7ff816b8efc9
[  584.141818][T12092] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  584.161405][T12092] RSP: 002b:00007ff8179b6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  584.169971][T12092] RAX: ffffffffffffffda RBX: 00007ff816de6180 RCX: 00007ff816b8efc9
[  584.177921][T12092] RDX: 0000000000000000 RSI: 0000000040946400 RDI: 0000000000000003
[  584.185884][T12092] RBP: 00007ff816c11f91 R08: 0000000000000000 R09: 0000000000000000
[  584.193833][T12092] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  584.201783][T12092] R13: 00007ff816de6218 R14: 00007ff816de6180 R15: 00007ffe00e9d528
[  584.209766][T12092]  </TASK>
[  584.212966][T12092] Kernel Offset: disabled
[  584.217262][T12092] Rebooting in 86400 seconds..