last executing test programs:

11.624518377s ago: executing program 2 (id=550):
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x18, 0x1a, &(0x7f0000000140)=ANY=[@ANYBLOB="18000000408f0000000000000200000018110000", @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018010000696c6c2500000000002020207b1af8ff00000000bf"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x402000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
syz_emit_ethernet(0x42, &(0x7f0000000040)={@local, @empty, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "82dc05", 0xc, 0x11, 0xff, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @mcast1, {[], {0x4e22, 0x5e20, 0xc, 0x0, @gue={{0x1, 0x0, 0x2, 0x4, 0x100, @void}}}}}}}}, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(r4, r5, &(0x7f0000036000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, 0x0}], 0x1, 0x49, &(0x7f00000000c0)=[@vmwrite={0x8, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1120008c}], 0x1)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)

10.856940569s ago: executing program 2 (id=554):
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$kcm(0x29, 0x2, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, 0x0, 0x0, 0x1}, 0x94)
syz_usb_connect(0x2, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b"], 0x0)
memfd_create(&(0x7f0000000000)='e\xf4E\x88-\x00', 0x0)
prctl$PR_SET_MM_MAP_SIZE(0x23, 0xf, 0x0)
ptrace$getregset(0x4205, 0x0, 0x4, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000000)={0x0, 0x0, 0x0, &(0x7f0000010040), 0x0, 0xffffffffffffffff, 0x4}, 0x38)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000940)='hugetlb.2MB.usage_in_bytes\x00', 0x26e1, 0x0)
close(r1)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
ioctl$SIOCSIFHWADDR(r1, 0x8b34, &(0x7f0000000000)={'wlan1\x00', @random="000300000020"})

7.1884944s ago: executing program 0 (id=564):
prctl$PR_SET_IO_FLUSHER(0x39, 0x1)
r0 = openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x12)
r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000100), 0x8000, 0x0)
ioctl$SNDCTL_SYNTH_INFO(r1, 0xc08c5102, 0x0)
preadv(r0, 0x0, 0x0, 0xfffffffe, 0x2)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
getsockopt$sock_buf(r2, 0x1, 0x1f, 0x0, &(0x7f0000000240))
ioctl$IMADDTIMER(0xffffffffffffffff, 0x80044940, 0x0)
r3 = bpf$MAP_CREATE(0xb00000000000000, &(0x7f0000004080)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB='\x00'/15, @ANYRES32=0x0, @ANYRES32], 0x50)
setgroups(0x0, 0x0)
getgroups(0x1, &(0x7f0000000080)=[<r4=>0xee00])
setregid(0x0, r4)
fchmodat(0xffffffffffffff9c, &(0x7f0000000300)='.\x00', 0xffffff70)
mkdir(&(0x7f0000000340)='./file0\x00', 0xff0c)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000040)={r3, &(0x7f0000000340)="1a69a25a5612a84eebae41e72700d3f695ea59b762791a345bc295d2d2910260651faa12e16b66dce37f1e135741f50fa1ad1e5b5972fcdc81d38edb0da5f45f8f38bac8883dcff43cc7430cdacc82ac5ba87e3f46c6968a64ce05571cac426851554bfe7a8c6d15d4eaabee064c918001537d98c79ca67162146f170164a5adf36ff2d4993abe233f2b6504f9eef063aae313419f80728d806b", &(0x7f0000000000)=""/10}, 0x20)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x7b, 0x0, 0x0)
connect$unix(r6, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x0, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x15, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
r8 = semget$private(0x0, 0x4000000009, 0x208)
semop(r8, &(0x7f0000000140)=[{0x0, 0x7, 0x1800}, {0x3, 0x400, 0x1000}], 0x2)

6.372354635s ago: executing program 3 (id=565):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, 0x0, 0x4000000)

6.293883294s ago: executing program 3 (id=566):
timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r0=>0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x0)
readv(r1, &(0x7f00000002c0)=[{&(0x7f00000000c0)=""/79, 0x4f}], 0x1)
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, &(0x7f0000000040)={{0x77359400}, {0x77359400}}, 0x0)

6.165504315s ago: executing program 2 (id=567):
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'ip6tnl0\x00', <r1=>0x0})
sendto$packet(r0, &(0x7f00000004c0), 0x0, 0x4, &(0x7f0000000140)={0x11, 0x86dd, r1, 0x1, 0x0, 0x6, @local}, 0x14)

5.926102938s ago: executing program 2 (id=569):
r0 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4800006f6d0f309a17a40e849a8f3428090010faff0000000000000005000000267f3408b11400007d004486bc9e94084686919c50a4acc5f4ee9d5aee518478b921e0a7f081428e228ed20fa55e43a63297b9981596dbc4823e24d53c71189cf328e00af80488d8a851064101f689e45d8dc9", @ANYRES32=0x0, @ANYBLOB="c30c424700000000280012800a00010076786c616e00000018000280140015"], 0x48}}, 0x0)

5.598557451s ago: executing program 2 (id=570):
syz_usb_connect(0x3, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100026dc77640e305030579250102030109021b0002040050080904270700e31ef7000904310800989c26056b5dd4f308d4d2568315c3bc976f0fdae651d8c33996505d931f120e34520d404d552f5cdaa6edb2b95201d55026bc6169519f8b57fd8319e36a098e5e86717adb8fae936e56c3570117451009619c32517ee3fca228532476dd1558ceffda9d61dff877525ab30a376599131b3d01ed0cad71e80533fdfc980489c335c4000a3c7e8555084e75250e9c8675bfb8f882169e562472df45786b758c2cfc4a581e7e2ddde7b1c3c3e191838b7d3aeaa1752a8551c44d0c87cf4bc7b237f9819bffddd9226f24e062cd6a546d7850f84cdc22f547"], 0x0)

5.430464062s ago: executing program 0 (id=573):
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x81c0, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x81c0, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x1, 0x0)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x81, 0x91)
r1 = landlock_create_ruleset(&(0x7f0000000140)={0x4000}, 0x18, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r1, 0x1, &(0x7f0000000180)={0x4000, r0}, 0x0)
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
landlock_restrict_self(r1, 0x0)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x1, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x1, 0x0)
truncate(&(0x7f0000000240)='./file0\x00', 0x1)
ftruncate(r2, 0x1)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'netdevsim0\x00', <r4=>0x0})
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0100000007000000612200000200000000000000", @ANYRES32, @ANYBLOB="5d44f1ec2e2559eeb1c90a5feac6bc39e20027d34d1bbf88f459", @ANYRES32=r4], 0x50)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
getpid()
r5 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_SET_REGS(r7, 0x4090ae82, &(0x7f00000004c0)={[0x5836, 0x5, 0x7, 0xe4e, 0x1, 0x5479, 0x103d, 0x6, 0xffffffff, 0x32a, 0xfffffffffffffffe, 0xffffffff, 0x1, 0x40000000009, 0x2000000000005, 0x6a], 0x2000, 0x808d6})
write$rfkill(0xffffffffffffffff, &(0x7f0000000000)={0x3, 0x2, 0x0, 0x0, 0x1}, 0x8)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
socket$alg(0x26, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)

5.112590851s ago: executing program 3 (id=575):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@gettaction={0x24, 0x32, 0x20, 0x70bd25, 0x25dfdbfe, {}, [@action_gd=@TCA_ACT_TAB={0x10, 0x1, [{0xc, 0x17, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x40}}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x44000}, 0x4048840)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010000d0428bd7000fcdbff2500008000", @ANYRES32=0x0, @ANYBLOB="1000000000000000280012800b0001006272696467650000180002"], 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0)

5.088482096s ago: executing program 1 (id=576):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, 0x0, 0x4000000)

4.995040892s ago: executing program 0 (id=577):
socket$inet6(0xa, 0x4, 0x100)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='net_prio.prioidx\x00', 0x275a, 0x0)
socket(0x15, 0x5, 0x5)
syz_open_dev$tty20(0xc, 0x4, 0x1)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a74000000060a0b0400000000000000000200000048000480440001800a0001006d61746368000000340002801800030003140000a7906e8f58c2052fade1bc2c62cdeb7508000240000000000d00010064657667726f7570000000000900010073797a30000000000900020073797a32"], 0x9c}}, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r3 = socket$inet6(0xa, 0x1, 0x0)
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r4, &(0x7f0000000000)={0x500, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="020300090a0000000000000004000000030006000000000002000000ac1414000000000000000000020001000000000000000002fffffffb030005000000000002"], 0x50}}, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000180)={{{@in6=@mcast2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x8}, {0x0, 0x4, 0x5f8d, 0x400005}, 0xfffffffc, 0x0, 0x1}, {{@in=@local, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00', 0x0, 0x0, 0x0, 0x4}}, 0xe8)
connect$inet6(0xffffffffffffffff, &(0x7f0000000280)={0xa, 0x4e23, 0x0, @loopback, 0x5b1}, 0x5d)
socket$key(0xf, 0x3, 0x2)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f00000001c0)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
recvmsg(r5, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x70cb0}], 0xc}, 0x1f00)
socket$inet_tcp(0x2, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x3, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b40000000000000061112c000000000600000000000000019500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xb682, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x50)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x2, 0xa00, 0x3, 0xfffffffffffffffd, 0x3, 0x0, 0x0, 0xe}, 0x0, &(0x7f0000000300)={0x3ff, 0x7e7, 0x0, 0x9, 0x4, 0x0, 0x7fffffff, 0x3f8}, 0x0, 0x0)
sendmsg$tipc(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0)

4.974988057s ago: executing program 1 (id=579):
r0 = socket$inet(0x2b, 0x801, 0x0)
connect$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @dev}, 0x10)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x2d)
r3 = add_key$fscrypt_v1(&(0x7f0000000540), &(0x7f0000000080)={'fscrypt:', @desc2}, 0x0, 0x0, 0xffffffffffffffff)
r4 = add_key$fscrypt_v1(0x0, &(0x7f0000000040)={'fscrypt:', @auto=[0x63, 0x30, 0x62, 0x39, 0x5, 0x2, 0x64, 0x66, 0x63, 0x35, 0x34, 0x34, 0x66, 0x64, 0x64, 0x32]}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$KEYCTL_MOVE(0x4, r4, r3, 0x0, 0x0)
r5 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$IMDELTIMER(r5, 0x80044941, &(0x7f0000000400)=0x1)
r6 = syz_open_dev$radio(&(0x7f0000000000), 0x1, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
r8 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r8, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f00000000c0)={'ip6gretap0\x00', <r9=>0x0})
sendto$packet(r8, &(0x7f0000000180)="0b036c00e0ff64000200475400f6a13bb10000000800894f4803", 0x100a6, 0x0, &(0x7f0000000140)={0x11, 0x0, r9}, 0x14)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000003c0)={0x3, 0x4, 0x4, 0xa, 0x0, r1, 0x7fffffff, '\x00', r9, 0xffffffffffffffff, 0x1, 0x1, 0x5}, 0x50)
read(r6, 0x0, 0x0)
r10 = request_key(&(0x7f0000000040)='keyring\x00', &(0x7f0000000100)={'syz', 0x2}, &(0x7f0000000140)='sched_switch\x00', 0xfffffffffffffffc)
keyctl$instantiate(0xc, r3, &(0x7f0000000000)=@encrypted_update={'update ', 'ecryptfs', 0x20, 'trusted:', 'sched_switch\x00'}, 0x26, r10)
kexec_load(0x0, 0x1, &(0x7f0000000180)=[{0x0, 0x0, 0x0, 0x41000000}], 0x0)
r11 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1, 0x4, &(0x7f0000000580)=ANY=[@ANYBLOB="180500000000040000000000000000008500000075000000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000}, 0x94)
r12 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_attach_bpf(r12, 0x1, 0x32, &(0x7f0000000080)=r11, 0x4)
r13 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r13}, 0x10)
r14 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000002040)='oom_score_adj\x00')
write$FUSE_NOTIFY_RETRIEVE(r14, &(0x7f00000010c0)={0x30, 0x5, 0x0, {0x0, 0x2, 0x5, 0x6}}, 0x30)
getsockopt$sock_buf(r12, 0x1, 0x1a, 0x0, &(0x7f0000000b00))
listen(r0, 0xffffffff)

4.783034059s ago: executing program 3 (id=580):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = landlock_create_ruleset(&(0x7f00000002c0)={0x2001}, 0x18, 0x0)
landlock_restrict_self(r0, 0x3)
renameat2(0xffffffffffffff9c, &(0x7f0000000000)='./file0/../file0\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_emit_ethernet(0x6a, 0x0, 0x0)
r2 = socket$phonet_pipe(0x23, 0x5, 0x2)
r3 = socket(0x10, 0x803, 0x0)
getsockname$packet(r3, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000001a40)=""/102392, 0x18ff8)
setsockopt$PNPIPE_ENCAP(r2, 0x113, 0x1, 0x0, 0x0)
syz_usb_control_io$hid(r1, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYRESOCT=r1], 0x0}, 0x0)
syz_usb_connect$hid(0x1, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x40, 0x458, 0x5005, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x1, 0x20, 0x9, [{{0x9, 0x4, 0x0, 0x6, 0x2, 0x3, 0x1, 0x1, 0xf9, {0x9, 0x21, 0x6, 0x3, 0x1, {0x22, 0x51a}}, {{{0x9, 0x5, 0x81, 0x3, 0x230, 0x5, 0x7, 0x8}}}}}]}}]}}, &(0x7f0000000480)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x300, 0xf9, 0x7, 0x7, 0x8, 0xb}, 0x5d, &(0x7f0000000100)={0x5, 0xf, 0x5d, 0x6, [@wireless={0xb, 0x10, 0x1, 0x0, 0x0, 0x9, 0x5, 0x7, 0xa}, @ssp_cap={0x20, 0x10, 0xa, 0x5, 0x5, 0x0, 0x0, 0x5, [0x5f00, 0xc0, 0xff0000, 0xff0000, 0xff00c0]}, @ss_container_id={0x14, 0x10, 0x4, 0x6, "3d9390f34028a2bf8f229af91f6a6da2"}, @ptm_cap={0x3}, @ssp_cap={0xc, 0x10, 0xa, 0xe, 0x0, 0x6, 0xf00f, 0x7}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x5, 0x3, 0xf5, 0xb7e3}]}, 0x6, [{0x95, &(0x7f0000000200)=@string={0x95, 0x3, "c434d441295482de8ab46eb200aa59122beda7a3a8053331cdbf9e4771d022d512ca34918bca25d884c806a2feb2ce08b0805042fa6e000712de08a4bd33e81dc18e0e923f19c8511476951179c14db552cf1a675f3debb8b4c49204ce3016a832335deae6c33b48a3c4fd1577f4ae21789cf661754238c6c57916e906bc72c460a8973db940240d65e5ad15ff25cf1bb0f92d"}}, {0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x42a}}, {0x4, &(0x7f00000002c0)=@lang_id={0x4, 0x3, 0x3409}}, {0x4, &(0x7f0000000300)=@lang_id={0x4, 0x3, 0x140a}}, {0x4, &(0x7f0000000340)=@lang_id={0x4, 0x3, 0x340a}}, {0xec, &(0x7f0000000380)=@string={0xec, 0x3, "f00f1f667436a2d19a9bdfa3c9b3e45e20ee49c16e243a0f6fb28084d4ef91800efad07667a06f3939c05d9fa0054d1cdf58a07dc693e035c9e1a56fe2f1caeecae7b34bfe2b06d01ddcd7a19c4b426ba86eb6d3ca45e4e68f65908392ce3f105011f99f51d2aa48b05733da3ec2545745cbe3276c050e6375950709d94b8416ee5b8e003b7668e2ca850bb53fe7ae3e9daa1fe6f1c388506d3ea54720e245e50891d42d8735963b09c7cd5a9c06724a7eb23fb83a90fe35cf39adf22f240f3ca42ba2214da8b5b4180fcd21e0529c3eb83873ff8e74469c7493ee3acca934039a5c5431a45e366441b5"}}]})

3.918656466s ago: executing program 0 (id=582):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'ipvlan0\x00', <r1=>0x0})
r2 = gettid()
r3 = socket(0x10, 0x803, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x600, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010000304f9ffbffffedbdf2500007400", @ANYRES32=r1, @ANYBLOB="049c01000750050008001300", @ANYRES32=r2, @ANYBLOB="1400030076"], 0x3c}, 0x1, 0x0, 0x0, 0x4802}, 0x0)

3.836324698s ago: executing program 4 (id=583):
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB], 0x0, 0x32, 0x0, 0x0, 0x3ff}, 0x28)
syz_open_dev$dri(0x0, 0x9, 0x900)
r1 = accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80800)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, 0x0, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
syz_emit_ethernet(0x62, &(0x7f0000000500)=ANY=[@ANYBLOB="8580f8328988e10e6a070000ab08004e150054006400000202907800000000ffffffff01018611ffffffff0506c6a4180b00037a00020001963f9e150703460000940400000703fe00000014819078ac1414bbd048ffcf373b87b13d4ae7b785e7986748cc33"], 0x0)
add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r2)
r4 = syz_genetlink_get_family_id$l2tp(0x0, r2)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x26)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
r7 = creat(0x0, 0x21f)
mount$nfs(0x0, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000080), 0x409, &(0x7f0000000100)=ANY=[@ANYRES64=r3, @ANYRESHEX=r4, @ANYRESDEC])
mount(&(0x7f0000000180)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000240)='./cgroup\x00', &(0x7f0000000040)='ntfs3\x00', 0x2000008, 0x0)
socket$kcm(0x29, 0x5, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000909000/0x1000)=nil, 0x1000, 0xb, 0x830, r7, 0x0)
write$cgroup_pressure(r0, 0x0, 0x34)
socket$netlink(0x10, 0x3, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000400)=ANY=[@ANYBLOB="2800000043000119fe7fffff000000000a0000000800030087f2615b76fee579830000000c0008010000000000000000"], 0x28}}, 0x0)

3.77079559s ago: executing program 0 (id=584):
r0 = socket(0x2a, 0x2, 0x0)
ioctl$SIOCSIFMTU(r0, 0x541b, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0)
r3 = bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f00000000c0)={0x0, r3}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x3, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, r3, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000000180)=ANY=[@ANYBLOB="611230000000000061134c0000000000bf2000000000000015000200071b1750bd030100000000009500000000000000bc26080000000000bf67000000000000070300000fff0700670200000300000016060a000ee600f0bf050000000000000f650000000000006507f4ff02000000070700004c0040001f75000000000000bf54000000000000070500000300f9ffad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a82983d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf719506d2d6b05fe70305"], &(0x7f0000000100)='GPL\x00'}, 0x94)
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'bridge_slave_0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, 0x0, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000007c0)=@newtfilter={0x48, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r6, {0x0, 0x3}, {}, {0x7}}, [@filter_kind_options=@f_matchall={{0xd}, {0x14, 0x2, [@TCA_MATCHALL_CLASSID={0x8, 0x1, {0x1, 0x5}}, @TCA_MATCHALL_FLAGS={0x8, 0x3, 0x2}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0)
r7 = syz_open_procfs(0x0, &(0x7f0000000000)='net/fib_trie\x00')
r8 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x0, 0x0)
ioctl$TIOCGSID(r7, 0x5429, &(0x7f0000000040))
getdents64(r8, &(0x7f0000001f00)=""/4093, 0xffd)

3.624449045s ago: executing program 1 (id=585):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x20, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x40, 0x0, 0x0, 0x40f00, 0x73cea2d47785b264, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x2a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, <r3=>0x0}, &(0x7f0000000280)=0x5)
setuid(r3)
keyctl$get_persistent(0x16, 0x0, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c0000002d00090027bd70000000000006"], 0x1c}, 0x1, 0x0, 0x0, 0x43885}, 0x84)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000000c0)='percpu_alloc_percpu\x00', r1, 0x0, 0x4}, 0x18)
r5 = memfd_create(&(0x7f0000001ac0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf#2\x99\x1e\xa1`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\f<\x8f\xc1\x99\x89r\xe1?\xbdu\x98\xc3\xf8\xd2Q#\xc6g\xa0\x85\xd6G\x85\x11X\x8d,\x02\xd45\xb8\xca\x97\x9d\xcb\x1e\x80\xd6\xd5>N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec\x8aog\x87BR\x9d\xad\xd4FcB\xda\x95\xc3\xdd\x9d\x8f\x1a\xce\x18\x80\"j\xe1\xba\x1e\x97uX\xccv\xd6\vcz\x92A^\xbc\xceF\xf7\xe5:\xaf\xc5~\xbcJ e\r\x88c\x9d\xb92\xb6i4zq\xb3c\x0f\xb2t\x93\xf2E6b\xfa\xcdJ5\xe3W]`4\xd8D\x05\v\xfc)\xca\xedQ\xd0]Ot\'\xc2tDF\xf9\xa7\xb5(\x83\xa5\x0f\x1d\x1d\x06Dg\x13>\x19\xe85#\aaT\x89=\x104\xd5\x85l\x96\x91\xea\x172P\xb3:\xadZ\xbc\xbe\x00\xf0\x14\x96\xd9M\xd7\x88QZs\xb2\xe1+$jfQodH\x05/y`~7\x16\x02\x00(v\xe6`\"6\xfcgC\xb5\xf0\x13.zj\xc5bj+@\x00\x00\x00\x00\x00\x00\x00.\xd4`=z\xd1n\x8d\x8f\xa5hS\x8e[\xb3\xa3\x87\xb9\xe2_Z\x11\xef\xc2]V\xf3\x03\x94\xb9\xe1\xa68\x8d\\\xe5\xef\xacpM\xf0\xa6\a\x10\xb7\xc0t\x83\\\xf7\x12k\x9f\x10\xd5Z\x19\xc1\xc1\x80\\o\x97\xce=U\xdd\xaa\x1b\x05\x14\x13\xa6\xbd#\xde\x04\xe6$\xec$3\xf6\x97\xc6\xeaSL\xb7A72M\x88k@\xe5\xa3\n&\x1e\xc84\xa9\xe2\xccM\x906\x95xQ-2p\xd62\'\xec\x0f\x13;I\x95fE_\r\xe7\t!A\x05\xe4\x8f\x9e0\xf8/T\x18\xf7\xa1\x9f\xde1\xd5\x80<\xf5\b\xa9\xec\x85\xaeW\xb3\xd8#)bn \xfb\xf2\x88\xfaR\xff\xdd\x80\x96_\xec5\xf0\x1c\a\x8a\x80\x00@=\r8u+%f:\x1e\x82\xfap\xf6\x89\xea\xba\xe3\xbbM%F\xdb\\\xd1eJJ*\xc67\xca\x03\xa3\xf7(\xbb\xecN\xd4\xe7\xf2:u\x8a\b\xd5\v\xca\xfd\\\xd6\xe3\x05\xb3\x03\xd5\xe0\xd2\xf2{\'\x8b\xdf\xa1\xbe}\xb2\xe4y\xbb\xe6\x1f\x10c\xf5WQ\x82\x04\x01C\x83,\x90\x1a\xfa\x8e\x17\x89\xe2\xedX\x8d\rmq\t\xb5$\xb4\x9b\x92z\xd6/-\x13,\xb5%\x8eM/\x04\xa7\x7f\x1b\x85\xf1\xa4X\x17\x1cR14\xfb!\b\x10\xe8\xb2\xd41gK\xe4\xea\xe39d\bL\xe5\x1b\xbd[\x9bWD:\r&\xe9\vn^\xcc\x86\xe3\xce1>3{\xaa{\xbd0P\x9f\xa68\xf5\x82\xb8\x9aD\x9c{\xe6\xf8\xcbD\xb5aJ\xb0\x92\x89\xbc\x82\x1ch\x89\xe7\xdd]q,\xec\xc4\xa5\x93\xe5,\x0e,>/\xaf|\xf0\x01V\x7f\xc9?\xba\x16\xe4$+}5dy\xb1\xef\xf1m\xa5\x94d9\xaf\xcfq\x8b=\x026\xef\r\x91\x18\xc5\xb6\xb9fM\x8ayZ\xbcd\xa5\x8a\x88\x98\xc3\xfc`\xa6\xba\x1f\x17\v$\x88g\xb4\xad\b\xc1\xddW\xa6\xc1\xb7\xb0\xa3\x84Q\x13GoU\xe2\xb7\x03\x9c\xd5\x0f\xa8\x0ef\"\x15\x82\xe7\xbd\xf8\xca\x10f\xfe6h\xe9\xc3\xc2\xa0O:\xac~\x1a\xf7\xbeF\xbe\xe5\xf0\x81\xd6&\xc0<Q8\xbeX\xde\xd6 \xef\x0e\xc2.\x9c=1\x15d\xddIv\x0fh\xe6M(D\xad\xeb\xcfX8\xb9\x8d\xbe(\xd3\x16?x\xbd@\x0f\xf5\xdb\xeb\xd7i*\xea\x86JX\xff;\x96\xbb\xa7\xa8u5R\xa2,\xba\xbc\x01\x12\xb3q,\x9d\xf8\xbdb`\xb3\xc6\x0f\xb3\xac\xc7\xa4O@\x81\xfc\x1a4$\x885\x97\xa9|\x99\x86*.\xda\x96RQ\xe5\xb1\xef\xb7\x10\x99\xd4\xa7\b\xcd\xe9\xa5\xf6wR\xc1\xdfH).\a\x9a\xab\x9e&+\xc4#\x90\xc9%\xb9\xd7o\x86\x13\a\xc0\x01w9u6\xdd\x9fJ^o\x1d\xda\x11?\xc1\xf5\xf7\xff\xec\x916\xceQ\xcfU\x035\x96\x8f\xc7\x84\"2\xef\x02\xcf\a+\x8a\xd1\x11\xb5\xa8\x92\f\xb3R\",\xfc!_&pD\xeb5\xc6\xc8\xff2\xee\x14\x83\x14l\x04\x80\xaa7\x80\xf1\x18\xf5\xa5\xd23\xe5\b\x00\xe8\x9c\xd4\xd0\a\x93#\xb9Z\xc0y\x97<\xe5i\xe9\xe4\xb02Cu\xe1d\r\x0e\xc1\xf1\x81^\xa7\xffz)\x19U\xe5\xd4\xf5@O#W\x8a\xbb3c+\n\x97\xa6\xf7\x90$\xd6*\xd0\x1b\x10\xe4HM:XO\x1b\rx\xc7\x12|\x7fN\xc9\xf9i\xe4\xe5-\x9b\xe407\x9d\xe8\xc6\x90\x9f_Jf\x05\r\x1b\x9af\v\xbcv\x83\xf3j\xaf\xd0Fd\x81\xbe\xbf\by\x7f\xd8X?\n\xf8P&!\x9d0F\x8dp\xf9:?1\xe8T\x13\xfb\x89\xac\\\xd4\xa9\xa3\xac\x80\xddd\xed\xb1I\xfcz\x9aQ\x03\xcdO\xdfn^\xb4\x97\xd1\x8a\x17\x8d\xce\xafg\xa2W|v\xc2\x99\x97X\xd7\x8b\x82Z\xa7\xac\xa4\xb1P\x8c\xfd^\xb8=\xd6Q\x8a\xe2\xed\xaaR\xd9\x1a\xd8\x92\xc8\x1b\xe6f\xd6\xb7rp\x8e\xd7I\xd0lN\xbd\x89\xac&)<\x9d\x8b\xcb\x93p\x90a\xef\xd0?\x02\x93\x83\xb9\xe4b\xfc1@\xde\xd8&\xd0\x8f\xa6G\xe0\xc9\xe9Z\xb4PG\xcf\xed\xf5\x94\x89\x9a\x02\xac\x9d\x1b\x9am\x82L\a,;\xcd\x11,\xf9\xe6\xe1\fa\xfe\xdc\xc0A\xc3\xda\x8f$\x87<\xef\xe2\xc2xP\xfc\xd4\xefX\x8doK\x8aa\x98.\x82!\xf9\rS\x04\xd2\xb4I\x1d=\xf9<\xb0?l\xa5\t\xd1j\"\x1e\xe5\xe0\xad\x14\x97\xde\xa3\x97\x9a\x9bp\'\xd4\xbc', 0x0)
execveat(r5, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)

3.178504093s ago: executing program 1 (id=586):
timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r0=>0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x0)
readv(r1, &(0x7f00000002c0)=[{&(0x7f00000000c0)=""/79, 0x4f}], 0x1)
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, &(0x7f0000000040)={{0x77359400}, {0x77359400}}, 0x0)

3.178124809s ago: executing program 2 (id=587):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x400, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa802, 0x0)
close(r1)
socket$netlink(0x10, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast})
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0xfffffffd, {0x0, 0x0, 0x0, r3, {0xc, 0x6}, {0xd}, {0xb, 0xa}}}, 0x24}}, 0x40004)

3.164771235s ago: executing program 4 (id=588):
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000001c0)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000002c0)=""/76, 0x4c}], 0x1}, 0x40008}], 0x1, 0x0, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x5, 0x8, 0x9, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
process_mrelease(0xffffffffffffffff, 0x0)
openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r0 = socket(0x22, 0x2, 0x3)
getsockopt$packet_buf(r0, 0x107, 0x1, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_PORT_GET(r1, 0x0, 0x0)
setsockopt$packet_drop_memb(r0, 0x107, 0x2, &(0x7f00000003c0)={0x0, 0x1, 0xfffffffffffffc61, @random="00010100"}, 0x10)
r2 = socket(0x2, 0x80805, 0x0)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, &(0x7f0000000040)={0x84, @dev={0xac, 0x14, 0x14, 0x13}, 0x4e20, 0x3, 'wrr\x00', 0x1, 0x2, 0x6e}, 0x2c)
setsockopt$IP_VS_SO_SET_ADDDEST(r2, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010101, 0x4e21, 0x3, 'lc\x00', 0x4, 0x8, 0x77}, {@rand_addr=0x64010102, 0x4e23, 0x2, 0xcd, 0x12d5f, 0x3}}, 0x44)
sendmsg$NL80211_CMD_REGISTER_BEACONS(0xffffffffffffffff, 0x0, 0x810)
r4 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000100), 0x1c180, 0x0)
ioctl$SNDCTL_TMR_TIMEBASE(r4, 0xc0045401, &(0x7f0000000140)=0xf9)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0xbaa}, 0x50)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000240), 0xa7c, r5}, 0x38)

3.104271053s ago: executing program 4 (id=589):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000050}, 0x4000000)

2.578134529s ago: executing program 4 (id=590):
sendmsg$inet(0xffffffffffffffff, 0x0, 0x4000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(0xffffffffffffffff, 0x40182103, &(0x7f0000000080)={0x0, 0x3})
ioctl$SECCOMP_IOCTL_NOTIF_SEND(0xffffffffffffffff, 0xc0182101, &(0x7f0000000280)={0x0, 0xe52a, 0x1})
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_tcp_buf(r1, 0x6, 0x23, &(0x7f00000000c0)=""/32, &(0x7f0000000080)=0x20)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = memfd_create(&(0x7f0000000380)='/dev/loop#\x00', 0x5)
fallocate(r3, 0x3, 0x0, 0x200000)
connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e)
syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmsg$can_j1939(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000000100)=[{{&(0x7f00000003c0)=@hci, 0x80, &(0x7f0000000680)=[{&(0x7f0000000540)=""/66, 0x42}, {&(0x7f0000000440)=""/209, 0xd1}, {&(0x7f00000005c0)=""/91, 0x5b}, {&(0x7f0000000640)=""/40, 0x28}], 0x4}, 0x7f}], 0x1, 0x40, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001580)=ANY=[@ANYBLOB="600000000206030000000000b8791fa80000000014000780080012400000000005001500010000000500010006000000050005000200000005000400000000000900020073797a310000000012000300686173683a6e65742c706f727400000083afd5a770f1c0a9f196e22be8d4680c8a8736f42f9fe88213a864ea569a36778c24816f7e5bb61ef7870ef9ef2a00803f798308bf1e6b0340c85c681a8d3960af8294341b7e8444440c05fcd023eeedafbe"], 0x60}}, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="54000000090601020016000000000000020000000900020073797a310000000005000100070000002c0007800c0077d91d119685e65c5f018008000140ffff084e2200000c000280080001407f000001c3abed33"], 0x54}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)
r6 = syz_open_dev$sg(&(0x7f0000000080), 0x469, 0x40)
ioctl$SCSI_IOCTL_SEND_COMMAND(r6, 0x1, 0xffffffffffffffff)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
prctl$PR_SET_MM(0x23, 0xa, &(0x7f00002d5000/0x2000)=nil)
syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='environ\x00')
openat$rtc(0xffffffffffffff9c, 0x0, 0x100, 0x0)

2.310397206s ago: executing program 1 (id=591):
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x102)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
r0 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0)
ioctl$TIOCGSID(r0, 0x5429, &(0x7f0000000140))
mknodat$null(r0, &(0x7f0000000000)='./file1\x00', 0x400, 0x103)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x1ff)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/profiling', 0x141a82, 0x10)
sendfile(r5, r5, &(0x7f0000000000)=0x7, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x1c, &(0x7f0000000500)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000b7080000000000007b8af8ff00000000b7080000070000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYBLOB="0005000000000000b70500000800000085000000a5000000bf91000000000000b702000000"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000003c0)={0x0, 0x0, 0x401}, 0x10}, 0x94)
bpf$MAP_LOOKUP_BATCH(0x1b, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r6 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$TCPDIAG_GETSOCK(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4c0000001200010003950000000100000a0900004001000000000000000000000000ffff000000"], 0x4c}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[], 0x48)

1.54239663s ago: executing program 3 (id=592):
syz_open_dev$ttys(0xc, 0x2, 0x0)
syz_open_dev$ptys(0xc, 0x3, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = getpgid(0x0)
timer_create(0x1, &(0x7f0000000000)={0x0, 0x18, 0x0, @tid=r1}, &(0x7f00000000c0))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
getpid()
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000280)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='huge=always,mpol=interleave'])
chdir(&(0x7f0000000240)='./file0\x00')
r4 = open(&(0x7f0000000040)='./bus\x00', 0x80242, 0x0)
ftruncate(r4, 0x2007ffc)
sendfile(r4, r4, 0x0, 0x8)
r5 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r0, &(0x7f0000000040)={0x20002000})
epoll_pwait2(r5, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$FBIOPUT_CON2FBMAP(0xffffffffffffffff, 0x4610, &(0x7f00000003c0)={0xa, 0x2})
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x40008d0}, 0x40)
sendmsg$NFT_BATCH(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1462cf350b520158dba01989000000000500000a400000000c0a010400000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d65b0000140000001100010000000000000000000700000a"], 0x68}, 0x1, 0x0, 0x0, 0x24000840}, 0x40)
close(0x3)
epoll_ctl$EPOLL_CTL_MOD(r5, 0x3, r0, &(0x7f0000000240)={0xe})
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="180000000000000000000000000010009500000000000000"], &(0x7f0000000000)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r7}, 0x10)

1.514832357s ago: executing program 0 (id=593):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000cc0)=ANY=[@ANYBLOB="120100004f92b90857152077ebb7000000010902120001000000000904"], 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000180), r2)
sendmsg$NFC_CMD_LLC_SET_PARAMS(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="1309a928f05b6cd1324717b4f83ff6dc41de1d2249923b8c2cc1a5d7c4a91fd18ce89ed841e9a6bde6b3fc180b8a65d200ec6ed2d6", @ANYRES16=r3, @ANYBLOB="010027bd7000fddbdf251000000008000100", @ANYRES32=0x0, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x40880)
syz_usb_control_io(r1, 0x0, &(0x7f0000000080)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000e00)={0x40, 0x13, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r1, 0x0, &(0x7f0000001740)={0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x40, 0x19, 0x2, "0200"}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r1, 0x0, &(0x7f0000000000)={0x2c, &(0x7f0000000140)={0x0, 0x5, 0x1, '\x00'}, 0x0, 0x0, 0x0, 0x0})
listen(r0, 0x3)
r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$bt_BT_DEFER_SETUP(r4, 0x112, 0x7, &(0x7f0000000040), 0x4)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e130100c900", @ANYBLOB=' '], 0x16)

1.407074348s ago: executing program 1 (id=594):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x400, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa802, 0x0)
close(r1)
r2 = syz_open_dev$vim2m(&(0x7f0000000240), 0x2, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r2, 0xc0405602, &(0x7f00000000c0)={0x45, 0x1, 0x2, "6040a7170200ff0120000000fcff00ff1057e31e940000000000000000aeff00", 0x50313134})
r3 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000d6cff0)=[@in={0x2, 0x4e20, @loopback}], 0x10)
sendto$inet(r3, &(0x7f0000000100)='7', 0x1, 0x0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000000300)=[@in6={0xa, 0x4e20, 0x9, @loopback}], 0x1c)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x2c, &(0x7f0000000900)=[@in6={0xa, 0x4e20, 0x0, @loopback}, @in={0x2, 0x4e20, @loopback}]}, &(0x7f0000000000)=0x10)
socket$netlink(0x10, 0x3, 0x0)
r5 = socket(0x2, 0x80805, 0x0)
kexec_load(0x0, 0x2, &(0x7f00000002c0)=[{0x0, 0x0, 0x0, 0x10000}, {0x0, 0x0, 0x3e0000}], 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0xc, &(0x7f0000000040)=@assoc_value={<r6=>0x0}, &(0x7f00000000c0)=0x8)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r5, 0x84, 0x72, &(0x7f0000000180)={r6, 0x9}, 0xc)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast})
r7 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
r9 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000000), 0x35c, 0x0)
preadv(r9, &(0x7f0000000040)=[{&(0x7f00000013c0)=""/4096, 0x5}], 0x1, 0x0, 0x0)
r10 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r10, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0xfffffffd, {0x0, 0x0, 0x0, r8, {0xc, 0x6}, {0xd}, {0xb, 0xa}}}, 0x24}}, 0x40004)
recvmmsg(r10, &(0x7f0000001480)=[{{0x0, 0x0, &(0x7f00000015c0)=[{&(0x7f0000000040)=""/55, 0x37}, {&(0x7f0000001ac0)=""/4096, 0x1000}, {&(0x7f0000000940)=""/74, 0x4a}], 0x3}, 0x5d}], 0x1, 0x10022, 0x0)

1.082357838s ago: executing program 4 (id=595):
r0 = socket$inet(0x2b, 0x801, 0x0)
connect$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @dev}, 0x10)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x2d)
r3 = add_key$fscrypt_v1(&(0x7f0000000540), &(0x7f0000000080)={'fscrypt:', @desc2}, 0x0, 0x0, 0xffffffffffffffff)
r4 = add_key$fscrypt_v1(0x0, &(0x7f0000000040)={'fscrypt:', @auto=[0x63, 0x30, 0x62, 0x39, 0x5, 0x2, 0x64, 0x66, 0x63, 0x35, 0x34, 0x34, 0x66, 0x64, 0x64, 0x32]}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$KEYCTL_MOVE(0x4, r4, r3, 0x0, 0x0)
r5 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$IMDELTIMER(r5, 0x80044941, &(0x7f0000000400)=0x1)
r6 = syz_open_dev$radio(&(0x7f0000000000), 0x1, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
r8 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r8, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f00000000c0)={'ip6gretap0\x00', <r9=>0x0})
sendto$packet(r8, &(0x7f0000000180)="0b036c00e0ff64000200475400f6a13bb10000000800894f4803", 0x100a6, 0x0, &(0x7f0000000140)={0x11, 0x0, r9}, 0x14)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000003c0)={0x3, 0x4, 0x4, 0xa, 0x0, r1, 0x7fffffff, '\x00', r9, 0xffffffffffffffff, 0x1, 0x1, 0x5}, 0x50)
read(r6, 0x0, 0x0)
r10 = request_key(&(0x7f0000000040)='keyring\x00', &(0x7f0000000100)={'syz', 0x2}, &(0x7f0000000140)='sched_switch\x00', 0xfffffffffffffffc)
keyctl$instantiate(0xc, r3, &(0x7f0000000000)=@encrypted_update={'update ', 'ecryptfs', 0x20, 'trusted:', 'sched_switch\x00'}, 0x26, r10)
kexec_load(0x0, 0x1, &(0x7f0000000180)=[{0x0, 0x0, 0x0, 0x41000000}], 0x0)
r11 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1, 0x4, &(0x7f0000000580)=ANY=[@ANYBLOB="180500000000040000000000000000008500000075000000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000}, 0x94)
r12 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_attach_bpf(r12, 0x1, 0x32, &(0x7f0000000080)=r11, 0x4)
r13 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r13}, 0x10)
r14 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000002040)='oom_score_adj\x00')
write$FUSE_NOTIFY_RETRIEVE(r14, &(0x7f00000010c0)={0x30, 0x5, 0x0, {0x0, 0x2, 0x5, 0x6}}, 0x30)
getsockopt$sock_buf(r12, 0x1, 0x1a, 0x0, &(0x7f0000000b00))
listen(r0, 0xffffffff)

242.347597ms ago: executing program 3 (id=596):
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002000)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18)
bind$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x1, @empty}, 0x20)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f0000000000))
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
preadv(r1, &(0x7f0000000080)=[{&(0x7f0000000040)=""/36, 0x24}], 0x1, 0x7, 0x562)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66ba4300b006ee0f01c40f009b27000000b9800000c00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a000000328fe858b660002fb90d090000b800680000ba000000000f30", 0x5a}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

0s ago: executing program 4 (id=597):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0a0000000400e0310000ff0f00000700000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x12, 0xc, &(0x7f0000000300)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000004c0)=ANY=[@ANYRESHEX=r0, @ANYRES16, @ANYRESHEX, @ANYRESHEX=r1, @ANYRES32=r2, @ANYRES16=r2], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x4, 0xfffffffffffffdd0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r3, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r4 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000013c0)=[{&(0x7f00000001c0)="39000000140081ae0000dc676f97daf01e2357f9ffffffffffffff0521018701546fabca1b4e8a06a6580e88370200c54c1960b89c40ebb373", 0x39}], 0x1}, 0x4000)
recvmsg$can_raw(r4, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
r5 = socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r8 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_opts(r8, 0x0, 0x14, 0x0, &(0x7f0000000100))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x50, 0x0, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, &(0x7f0000000340)={{0x0, 0x0, 0x200, 0x0, 'syz0\x00'}, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 'syz1\x00', 0x0})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
rseq(&(0x7f0000000040), 0x20, 0x0, 0x0)
rseq(0x0, 0x0, 0x0, 0x300)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
openat$sequencer2(0xffffff9c, &(0x7f0000000080), 0x143240, 0x0)
setsockopt$MRT6_ADD_MIF(r5, 0x29, 0xca, &(0x7f0000000040)={0x1, 0x1, 0x40}, 0xc)

kernel console output (not intermixed with test programs):

it(1757820989.927:279): avc:  denied  { read write } for  pid=6588 comm="syz.0.155" name="raw-gadget" dev="devtmpfs" ino=820 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  111.408152][   T30] audit: type=1400 audit(1757820989.957:280): avc:  denied  { open } for  pid=6588 comm="syz.0.155" path="/dev/raw-gadget" dev="devtmpfs" ino=820 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  111.431780][   T30] audit: type=1400 audit(1757820989.957:281): avc:  denied  { ioctl } for  pid=6588 comm="syz.0.155" path="/dev/raw-gadget" dev="devtmpfs" ino=820 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  111.744691][ T6597] netlink: 'syz.3.158': attribute type 3 has an invalid length.
[  111.752944][ T6597] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.158'.
[  112.003489][   T43] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  112.181681][ T6604] netlink: 60 bytes leftover after parsing attributes in process `syz.3.161'.
[  112.232882][   T43] usb 1-1: device descriptor read/64, error -71
[  112.500155][   T43] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  112.663513][   T43] usb 1-1: device descriptor read/64, error -71
[  112.786914][   T43] usb usb1-port1: attempt power cycle
[  112.975612][   T30] audit: type=1400 audit(1757820991.497:282): avc:  denied  { remount } for  pid=6609 comm="syz.2.162" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  113.127720][ T6615] netlink: 4 bytes leftover after parsing attributes in process `syz.2.165'.
[  113.160264][   T43] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  113.323261][   T43] usb 1-1: device descriptor read/8, error -71
[  113.570907][   T43] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  113.665141][   T43] usb 1-1: device descriptor read/8, error -71
[  113.796190][   T43] usb usb1-port1: unable to enumerate USB device
[  114.250314][    T9] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  114.411430][    T9] usb 3-1: Using ep0 maxpacket: 8
[  114.683208][ T5956] IPVS: starting estimator thread 0...
[  114.694226][    T9] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  114.723253][    T9] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice= 0.40
[  114.803382][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  114.840215][ T6653] IPVS: using max 78 ests per chain, 187200 per kthread
[  114.849443][ T6654] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  114.889270][ T6652] kvm: pic: level sensitive irq not supported
[  114.889370][ T6652] kvm: pic: non byte read
[  114.910415][    T9] usb 3-1: Product: syz
[  115.049790][    T9] usb 3-1: Manufacturer: syz
[  115.177552][    T9] usb 3-1: SerialNumber: syz
[  115.385743][    T9] usbtest 3-1:1.0: couldn't get endpoints, -22
[  115.400155][    T9] usbtest 3-1:1.0: probe with driver usbtest failed with error -22
[  115.785693][ T6661] FAULT_INJECTION: forcing a failure.
[  115.785693][ T6661] name failslab, interval 1, probability 0, space 0, times 0
[  115.805321][ T6661] CPU: 1 UID: 0 PID: 6661 Comm: syz.4.177 Not tainted syzkaller #0 PREEMPT(full) 
[  115.805335][ T6661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  115.805341][ T6661] Call Trace:
[  115.805345][ T6661]  <TASK>
[  115.805349][ T6661]  dump_stack_lvl+0x16c/0x1f0
[  115.805367][ T6661]  should_fail_ex+0x512/0x640
[  115.805380][ T6661]  ? __kvmalloc_node_noprof+0x124/0x620
[  115.805392][ T6661]  should_failslab+0xc2/0x120
[  115.805404][ T6661]  __kvmalloc_node_noprof+0x137/0x620
[  115.805414][ T6661]  ? bucket_table_alloc.isra.0+0x83/0x460
[  115.805430][ T6661]  ? bucket_table_alloc.isra.0+0x83/0x460
[  115.805443][ T6661]  bucket_table_alloc.isra.0+0x83/0x460
[  115.805457][ T6661]  rhashtable_init_noprof+0x41a/0x7e0
[  115.805472][ T6661]  rhltable_init_noprof+0x20/0x60
[  115.805486][ T6661]  nf_tables_newtable+0xfac/0x1b60
[  115.805499][ T6661]  ? __pfx___nla_validate_parse+0x10/0x10
[  115.805516][ T6661]  ? __pfx_nf_tables_newtable+0x10/0x10
[  115.805528][ T6661]  ? __nla_parse+0x40/0x60
[  115.805545][ T6661]  nfnetlink_rcv_batch+0x18ed/0x2330
[  115.805562][ T6661]  ? __pfx_nfnetlink_rcv_batch+0x10/0x10
[  115.805580][ T6661]  ? avc_has_perm_noaudit+0x149/0x3b0
[  115.805605][ T6661]  ? __nla_parse+0x40/0x60
[  115.805622][ T6661]  nfnetlink_rcv+0x3c1/0x430
[  115.805631][ T6661]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  115.805644][ T6661]  netlink_unicast+0x5a7/0x870
[  115.805660][ T6661]  ? __pfx_netlink_unicast+0x10/0x10
[  115.805673][ T6661]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  115.805691][ T6661]  netlink_sendmsg+0x8d1/0xdd0
[  115.805707][ T6661]  ? __pfx_netlink_sendmsg+0x10/0x10
[  115.805726][ T6661]  ____sys_sendmsg+0xa95/0xc70
[  115.805742][ T6661]  ? copy_msghdr_from_user+0x10a/0x160
[  115.805754][ T6661]  ? __pfx_____sys_sendmsg+0x10/0x10
[  115.805776][ T6661]  ___sys_sendmsg+0x134/0x1d0
[  115.805789][ T6661]  ? __pfx____sys_sendmsg+0x10/0x10
[  115.805817][ T6661]  __sys_sendmsg+0x16d/0x220
[  115.805829][ T6661]  ? __pfx___sys_sendmsg+0x10/0x10
[  115.805850][ T6661]  do_syscall_64+0xcd/0x4e0
[  115.805865][ T6661]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  115.805876][ T6661] RIP: 0033:0x7f52e178eba9
[  115.805884][ T6661] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  115.805893][ T6661] RSP: 002b:00007f52e2578038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  115.805903][ T6661] RAX: ffffffffffffffda RBX: 00007f52e19d5fa0 RCX: 00007f52e178eba9
[  115.805910][ T6661] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[  115.805915][ T6661] RBP: 00007f52e2578090 R08: 0000000000000000 R09: 0000000000000000
[  115.805921][ T6661] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  115.805927][ T6661] R13: 00007f52e19d6038 R14: 00007f52e19d5fa0 R15: 00007ffc4a0a33b8
[  115.805939][ T6661]  </TASK>
[  116.110145][   T30] audit: type=1400 audit(1757820994.647:283): avc:  denied  { read } for  pid=6658 comm="syz.0.175" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  116.257378][   T30] audit: type=1400 audit(1757820994.807:284): avc:  denied  { read write } for  pid=6664 comm="syz.3.178" name="cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1
[  116.324226][   T30] audit: type=1400 audit(1757820994.807:285): avc:  denied  { open } for  pid=6664 comm="syz.3.178" path="/dev/cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1
[  116.381301][   T30] audit: type=1400 audit(1757820994.847:286): avc:  denied  { map } for  pid=6664 comm="syz.3.178" path="/dev/dri/card0" dev="devtmpfs" ino=627 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  116.404670][    C0] vkms_vblank_simulate: vblank timer overrun
[  116.418510][   T30] audit: type=1400 audit(1757820994.847:287): avc:  denied  { execute } for  pid=6664 comm="syz.3.178" path="/dev/dri/card0" dev="devtmpfs" ino=627 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  116.442219][    C0] vkms_vblank_simulate: vblank timer overrun
[  116.450149][   T24] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  116.459642][   T30] audit: type=1400 audit(1757820994.857:288): avc:  denied  { append } for  pid=6668 comm="syz.0.180" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  116.600145][   T24] usb 2-1: Using ep0 maxpacket: 16
[  116.606798][   T24] usb 2-1: config 0 has an invalid descriptor of length 198, skipping remainder of the config
[  116.618702][   T24] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 40, using maximum allowed: 30
[  116.629444][   T24] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 40
[  116.630216][    T9] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  116.642591][   T24] usb 2-1: New USB device found, idVendor=054c, idProduct=05c4, bcdDevice= 0.00
[  116.650013][ T1206] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  116.659062][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  116.679160][   T24] usb 2-1: config 0 descriptor??
[  116.804952][   T43] usb 3-1: USB disconnect, device number 4
[  116.810230][    T9] usb 4-1: Using ep0 maxpacket: 8
[  116.815958][ T1206] usb 1-1: Using ep0 maxpacket: 32
[  116.832618][    T9] usb 4-1: unable to get BOS descriptor or descriptor too short
[  116.845086][ T1206] usb 1-1: config 0 has an invalid interface number: 67 but max is 0
[  116.852297][ T6673] 9pnet_fd: Insufficient options for proto=fd
[  116.857339][   T30] audit: type=1400 audit(1757820995.397:289): avc:  denied  { write } for  pid=6672 comm="syz.2.181" name="001" dev="devtmpfs" ino=739 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  116.890928][ T1206] usb 1-1: config 0 has no interface number 0
[  116.902587][    T9] usb 4-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config
[  116.916585][ T1206] usb 1-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  116.926805][ T1206] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  116.936830][    T9] usb 4-1: New USB device found, idVendor=06cd, idProduct=011c, bcdDevice=14.a4
[  116.951973][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  116.966163][ T1206] usb 1-1: Product: syz
[  116.973306][    T9] usb 4-1: Product: syz
[  116.977465][    T9] usb 4-1: Manufacturer: syz
[  116.988776][ T1206] usb 1-1: Manufacturer: syz
[  116.994875][ T1206] usb 1-1: SerialNumber: syz
[  116.999522][    T9] usb 4-1: SerialNumber: syz
[  117.005161][   T30] audit: type=1400 audit(1757820995.547:290): avc:  denied  { mount } for  pid=6677 comm="syz.2.182" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  117.044847][ T1206] usb 1-1: config 0 descriptor??
[  117.052723][ T1206] smsc95xx v2.0.0
[  117.664536][    T9] keyspan 4-1:128.0: Keyspan 1 port adapter converter detected
[  117.673045][    T9] keyspan 4-1:128.0: found no endpoint descriptor for endpoint 84
[  117.689335][    T9] keyspan 4-1:128.0: found no endpoint descriptor for endpoint 81
[  117.698069][    T9] keyspan 4-1:128.0: found no endpoint descriptor for endpoint 82
[  117.706269][    T9] keyspan 4-1:128.0: found no endpoint descriptor for endpoint 1
[  117.797615][    T9] keyspan 4-1:128.0: found no endpoint descriptor for endpoint 2
[  117.811921][    T9] keyspan 4-1:128.0: found no endpoint descriptor for endpoint 83
[  117.823309][    T9] keyspan 4-1:128.0: found no endpoint descriptor for endpoint 3
[  117.835304][    T9] usb 4-1: Keyspan 1 port adapter converter now attached to ttyUSB0
[  117.851818][   T30] audit: type=1400 audit(1757820996.407:291): avc:  denied  { mount } for  pid=6682 comm="syz.4.183" name="/" dev="nfsd" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfsd_fs_t tclass=filesystem permissive=1
[  117.874131][    T9] usb 4-1: USB disconnect, device number 4
[  117.894401][    T9] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0
[  117.923708][   T30] audit: type=1400 audit(1757820996.467:292): avc:  denied  { unmount } for  pid=5845 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  117.929703][    T9] keyspan 4-1:128.0: device disconnected
[  118.050994][ T6687] overlayfs: upper fs does not support file handles, falling back to index=off.
[  118.271716][ T1206] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): EEPROM read operation timeout
[  118.468930][ T6692] veth3: entered promiscuous mode
[  118.474212][ T6692] veth3: entered allmulticast mode
[  118.488822][    T9] libceph: connect (1)[c::]:6789 error -101
[  118.503493][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  118.813569][   T24] usb 2-1: string descriptor 0 read error: -71
[  118.823707][   T24] usb 2-1: USB disconnect, device number 4
[  118.851759][    T9] libceph: connect (1)[c::]:6789 error -101
[  118.911953][   T43] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  118.924670][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  118.970120][ T5956] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  119.260995][   T43] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[  119.287120][ T6709] netlink: 'syz.1.189': attribute type 1 has an invalid length.
[  119.297166][   T43] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  119.309987][ T5956] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  119.321190][ T5956] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  119.339133][ T6709] 8021q: adding VLAN 0 to HW filter on device bond1
[  119.348638][   T43] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  119.372082][ T5956] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  119.382454][   T43] usb 3-1: Product: syz
[  119.386616][ T5956] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  119.394726][   T43] usb 3-1: Manufacturer: syz
[  119.399317][   T43] usb 3-1: SerialNumber: syz
[  119.408754][ T6699] raw-gadget.3 gadget.4: fail, usb_ep_enable returned -22
[  119.416899][   T43] usb 3-1: config 0 descriptor??
[  119.434318][ T5956] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  119.574157][ T6709] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  119.598439][ T6669] ceph: No mds server is up or the cluster is laggy
[  119.614886][ T6709] ip6tnl1: entered allmulticast mode
[  119.687482][ T6709] 8021q: adding VLAN 0 to HW filter on device bond1
[  119.734904][ T6709] bond1: (slave ip6tnl1): The slave device specified does not support setting the MAC address
[  119.819392][ T1206] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71
[  119.831613][ T6709] bond1: (slave ip6tnl1): Error -95 calling set_mac_address
[  119.857498][ T1206] smsc95xx 1-1:0.67: probe with driver smsc95xx failed with error -71
[  119.887712][ T1206] usb 1-1: USB disconnect, device number 8
[  121.131239][ T6725] netlink: 8 bytes leftover after parsing attributes in process `syz.0.192'.
[  121.214045][   T30] audit: type=1400 audit(1757820999.757:293): avc:  denied  { write } for  pid=6724 comm="syz.0.192" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  121.774302][   T24] usb 5-1: USB disconnect, device number 8
[  121.828958][   T43] usb 3-1: USB disconnect, device number 5
[  122.335098][ T6743] befs: (nullb0): No write support. Marking filesystem read-only
[  122.345760][   T30] audit: type=1400 audit(1757821000.887:294): avc:  denied  { mounton } for  pid=6735 comm="syz.1.196" path="/37/bus" dev="tmpfs" ino=231 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=sock_file permissive=1
[  122.377828][ T6743] befs: (nullb0): invalid magic header
[  122.389440][ T6745] netlink: 12 bytes leftover after parsing attributes in process `syz.1.196'.
[  122.430198][ T1206] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  122.460159][ T5921] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  122.580125][ T1206] usb 4-1: Using ep0 maxpacket: 8
[  122.603872][ T1206] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  122.614490][ T1206] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  122.632563][ T5921] usb 1-1: Using ep0 maxpacket: 8
[  122.654975][ T5921] usb 1-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  122.660668][ T1206] pvrusb2: Hardware description: Terratec Grabster AV400
[  122.750534][ T1206] pvrusb2: **********
[  122.768393][ T5921] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  122.777495][ T1206] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  122.996964][ T5921] pvrusb2: Hardware description: Terratec Grabster AV400
[  123.008094][ T5921] pvrusb2: **********
[  123.008431][ T1206] pvrusb2: Important functionality might not be entirely working.
[  123.021471][ T5921] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  123.035535][ T5921] pvrusb2: Important functionality might not be entirely working.
[  123.042189][ T1206] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  123.134469][ T1206] pvrusb2: **********
[  123.136564][ T5921] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  123.158296][ T2324] pvrusb2: Invalid write control endpoint
[  123.222216][ T5921] pvrusb2: **********
[  123.260720][ T2324] pvrusb2: Invalid write control endpoint
[  123.277389][ T2324] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  123.324758][ T2324] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  123.336186][ T6748] FAULT_INJECTION: forcing a failure.
[  123.336186][ T6748] name failslab, interval 1, probability 0, space 0, times 0
[  123.367778][ T2324] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  123.378843][ T6748] CPU: 0 UID: 0 PID: 6748 Comm: syz.3.198 Not tainted syzkaller #0 PREEMPT(full) 
[  123.378864][ T6748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  123.378872][ T6748] Call Trace:
[  123.378878][ T6748]  <TASK>
[  123.378884][ T6748]  dump_stack_lvl+0x16c/0x1f0
[  123.378916][ T6748]  should_fail_ex+0x512/0x640
[  123.378937][ T6748]  ? fs_reclaim_acquire+0xae/0x150
[  123.378961][ T6748]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  123.378984][ T6748]  should_failslab+0xc2/0x120
[  123.379004][ T6748]  __kmalloc_noprof+0xd2/0x510
[  123.379026][ T6748]  tomoyo_realpath_from_path+0xc2/0x6e0
[  123.379052][ T6748]  ? tomoyo_profile+0x47/0x60
[  123.379071][ T6748]  tomoyo_path_number_perm+0x245/0x580
[  123.379091][ T6748]  ? tomoyo_path_number_perm+0x237/0x580
[  123.379116][ T6748]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  123.379137][ T6748]  ? find_held_lock+0x2b/0x80
[  123.379179][ T6748]  ? find_held_lock+0x2b/0x80
[  123.379197][ T6748]  ? hook_file_ioctl_common+0x145/0x410
[  123.379219][ T6748]  ? __fget_files+0x20e/0x3c0
[  123.379241][ T6748]  security_file_ioctl+0x9b/0x240
[  123.379265][ T6748]  __x64_sys_ioctl+0xb7/0x210
[  123.379291][ T6748]  do_syscall_64+0xcd/0x4e0
[  123.379314][ T6748]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  123.379331][ T6748] RIP: 0033:0x7fe22fb8eba9
[  123.379345][ T6748] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  123.379358][ T6748] RSP: 002b:00007fe230a55038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  123.379372][ T6748] RAX: ffffffffffffffda RBX: 00007fe22fdd6090 RCX: 00007fe22fb8eba9
[  123.379382][ T6748] RDX: 00002000000000c0 RSI: 0000000000000707 RDI: 0000000000000004
[  123.379391][ T6748] RBP: 00007fe230a55090 R08: 0000000000000000 R09: 0000000000000000
[  123.379400][ T6748] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  123.379409][ T6748] R13: 00007fe22fdd6128 R14: 00007fe22fdd6090 R15: 00007ffc87a83668
[  123.379430][ T6748]  </TASK>
[  123.430403][ T2324] pvrusb2: Device being rendered inoperable
[  123.436597][ T6748] ERROR: Out of memory at tomoyo_realpath_from_path.
[  123.441302][ T2324] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  123.560686][ T1206] usb 4-1: USB disconnect, device number 5
[  123.616416][ T5956] usb 1-1: USB disconnect, device number 9
[  123.626512][ T5956] pvrusb2: Device being rendered inoperable
[  123.732952][ T2324] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[  123.743149][ T2324] pvrusb2: Attached sub-driver cx25840
[  123.748843][ T2324] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  123.760584][ T2324] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  124.900397][   T30] audit: type=1400 audit(1757821003.447:295): avc:  denied  { read } for  pid=6757 comm="syz.3.202" name="snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  124.923539][ T5914] usb 2-1: new full-speed USB device number 5 using dummy_hcd
[  125.423711][ T5914] usb 2-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice=11.64
[  125.986865][ T5914] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  126.010208][ T5914] usb 2-1: Product: syz
[  126.014618][   T30] audit: type=1400 audit(1757821003.447:296): avc:  denied  { open } for  pid=6757 comm="syz.3.202" path="/dev/snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  126.048142][ T5914] usb 2-1: Manufacturer: syz
[  126.055378][ T5914] usb 2-1: SerialNumber: syz
[  126.099079][ T6770] netlink: 4400 bytes leftover after parsing attributes in process `syz.3.202'.
[  126.131727][ T5914] usb 2-1: config 0 descriptor??
[  126.157054][ T5914] dvb-usb: found a 'Nebula Electronics uDigiTV DVB-T USB2.0)' in warm state.
[  126.272366][ T5914] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  126.445327][ T5914] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0) error while loading driver (-19)
[  127.139904][ T6768] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  127.147216][ T6768] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  127.159404][ T6768] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  127.169150][ T6768] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  127.175454][ T6768] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  127.184492][ T6768] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  127.195406][ T6768] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  127.215292][ T6768] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  127.225312][ T6768] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  127.258156][ T6768] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  127.269953][ T6768] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  127.289830][ T6768] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  127.412453][   T30] audit: type=1400 audit(1757821005.967:297): avc:  denied  { append } for  pid=6784 comm="syz.0.208" name="comedi2" dev="devtmpfs" ino=1278 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  127.619198][   T30] audit: type=1400 audit(1757821006.067:298): avc:  denied  { shutdown } for  pid=6786 comm="syz.4.209" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  127.640272][ T5956] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  127.642301][   T30] audit: type=1400 audit(1757821006.157:299): avc:  denied  { read } for  pid=6786 comm="syz.4.209" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  127.782861][ T6792] overlayfs: upper fs does not support file handles, falling back to index=off.
[  127.989865][ T5956] usb 3-1: config 0 has an invalid interface number: 252 but max is 0
[  127.998499][ T5169] Bluetooth: hci1: command 0x0c1a tx timeout
[  128.010189][ T5956] usb 3-1: config 0 has no interface number 0
[  128.034904][ T5956] usb 3-1: New USB device found, idVendor=1de1, idProduct=c102, bcdDevice=7d.08
[  128.048365][ T5956] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  128.069969][ T5956] usb 3-1: Product: syz
[  128.074854][ T5956] usb 3-1: Manufacturer: syz
[  128.081243][ T5956] usb 3-1: SerialNumber: syz
[  128.096012][ T5956] usb 3-1: config 0 descriptor??
[  128.102933][ T5956] usb-storage 3-1:0.252: USB Mass Storage device detected
[  128.121049][ T5956] usb-storage 3-1:0.252: device ignored
[  128.322746][   T24] usb 3-1: USB disconnect, device number 6
[  128.416785][    T9] usb 2-1: USB disconnect, device number 5
[  128.654143][ T6807] befs: (nullb0): No write support. Marking filesystem read-only
[  128.663301][ T6807] befs: (nullb0): invalid magic header
[  128.704446][ T6807] netlink: 12 bytes leftover after parsing attributes in process `syz.1.214'.
[  128.718217][ T6809] netlink: 'syz.0.215': attribute type 23 has an invalid length.
[  128.726094][ T6809] netlink: 8 bytes leftover after parsing attributes in process `syz.0.215'.
[  128.750926][ T5914] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  128.827756][ T6811] netlink: 20 bytes leftover after parsing attributes in process `syz.0.216'.
[  128.837936][ T6811] netlink: 20 bytes leftover after parsing attributes in process `syz.0.216'.
[  128.913257][ T5914] usb 4-1: config 0 has no interfaces?
[  128.925555][   T30] audit: type=1400 audit(1757821007.477:300): avc:  denied  { connect } for  pid=6810 comm="syz.0.216" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  128.949199][ T5914] usb 4-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  128.977335][ T5914] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  128.989036][ T6815] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  129.001854][ T5914] usb 4-1: Product: syz
[  129.008848][ T5914] usb 4-1: Manufacturer: syz
[  129.013586][ T5914] usb 4-1: SerialNumber: syz
[  129.025311][ T5914] usb 4-1: config 0 descriptor??
[  129.270212][ T5169] Bluetooth: hci4: command 0x0c1a tx timeout
[  129.271132][ T5914] usb 4-1: USB disconnect, device number 6
[  129.282190][ T5169] Bluetooth: hci3: command 0x0c1a tx timeout
[  129.282231][ T5169] Bluetooth: hci2: command 0x0c1a tx timeout
[  129.595343][ T6825] netlink: 36 bytes leftover after parsing attributes in process `syz.1.220'.
[  129.604566][ T6825] netlink: 36 bytes leftover after parsing attributes in process `syz.1.220'.
[  129.824098][ T6828] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=6828 comm=syz.1.221
[  129.931520][   T30] audit: type=1400 audit(1757821008.487:301): avc:  denied  { create } for  pid=6831 comm="syz.3.223" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  129.985274][   T30] audit: type=1400 audit(1757821008.507:302): avc:  denied  { write } for  pid=6831 comm="syz.3.223" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  130.070660][ T5851] Bluetooth: hci1: command 0x0c1a tx timeout
[  130.509848][   T30] audit: type=1400 audit(1757821009.037:303): avc:  denied  { read write } for  pid=6838 comm="syz.2.226" name="uhid" dev="devtmpfs" ino=1273 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  130.596067][   T30] audit: type=1400 audit(1757821009.037:304): avc:  denied  { open } for  pid=6838 comm="syz.2.226" path="/dev/uhid" dev="devtmpfs" ino=1273 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  130.763569][   T30] audit: type=1400 audit(1757821009.317:305): avc:  denied  { bind } for  pid=6843 comm="syz.1.228" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  130.830647][   T30] audit: type=1400 audit(1757821009.317:306): avc:  denied  { setopt } for  pid=6843 comm="syz.1.228" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  131.127777][ T6855] netlink: 12 bytes leftover after parsing attributes in process `syz.1.232'.
[  131.404282][ T5851] Bluetooth: hci2: command 0x0c1a tx timeout
[  131.404302][ T5169] Bluetooth: hci3: command 0x0c1a tx timeout
[  131.411035][ T5851] Bluetooth: hci4: command 0x0c1a tx timeout
[  132.150121][ T5851] Bluetooth: hci1: command 0x0c1a tx timeout
[  132.410977][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  132.417487][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  133.260249][    T9] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  133.412695][    T9] usb 5-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  133.430311][ T5851] Bluetooth: hci4: command 0x0c1a tx timeout
[  133.430398][   T51] Bluetooth: hci3: command 0x0c1a tx timeout
[  133.436405][ T5851] Bluetooth: hci2: command 0x0c1a tx timeout
[  133.459362][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  133.469935][    T9] usb 5-1: Product: syz
[  133.474423][    T9] usb 5-1: Manufacturer: syz
[  133.479107][    T9] usb 5-1: SerialNumber: syz
[  133.487386][    T9] usb 5-1: config 0 descriptor??
[  133.532538][ T5956] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  133.636920][   T30] kauditd_printk_skb: 2 callbacks suppressed
[  133.636938][   T30] audit: type=1400 audit(1757821012.187:309): avc:  denied  { ioctl } for  pid=6882 comm="syz.3.241" path="/dev/nullb0" dev="devtmpfs" ino=696 ioctlcmd=0x70ca scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  133.720276][ T5956] usb 3-1: Using ep0 maxpacket: 16
[  133.729534][ T5956] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  133.754231][ T5956] usb 3-1: config 0 has no interface number 0
[  133.779409][ T6875] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  133.818445][ T5956] usb 3-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  133.832991][ T5956] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  133.833337][ T6875] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  133.841770][ T5956] usb 3-1: Product: syz
[  133.859103][ T5956] usb 3-1: Manufacturer: syz
[  133.869500][ T5956] usb 3-1: SerialNumber: syz
[  133.954506][ T5990] usb 5-1: USB disconnect, device number 9
[  133.983122][ T5956] usb 3-1: config 0 descriptor??
[  134.035142][ T5956] gspca_main: spca1528-2.14.0 probing 04fc:1528
[  134.066552][   T30] audit: type=1400 audit(1757821012.617:310): avc:  denied  { connect } for  pid=6890 comm="syz.0.245" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  134.093091][ T6891] netlink: 24 bytes leftover after parsing attributes in process `syz.0.245'.
[  134.160009][   T30] audit: type=1400 audit(1757821012.637:311): avc:  denied  { write } for  pid=6890 comm="syz.0.245" laddr=::1 lport=1 faddr=::1 fport=20003 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  134.413808][ T6900] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  134.422776][ T6900] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  134.455829][ T5921] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  134.530340][  T977] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  134.640148][ T5990] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  134.671198][ T5956] gspca_spca1528: reg_w err -71
[  134.690195][ T5956] spca1528 3-1:0.1: probe with driver spca1528 failed with error -71
[  134.710436][  T977] usb 5-1: Using ep0 maxpacket: 8
[  134.718715][  T977] usb 5-1: config index 0 descriptor too short (expected 36, got 18)
[  134.732975][ T5956] usb 3-1: USB disconnect, device number 7
[  134.748405][  T977] usb 5-1: config 179 has an invalid interface number: 65 but max is 0
[  134.762407][ T5921] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[  134.793169][ T5990] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[  134.817670][ T5990] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  134.831685][  T977] usb 5-1: config 179 has no interface number 0
[  134.863603][ T5990] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  134.874459][  T977] usb 5-1: config 179 interface 65 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 23
[  134.913378][  T977] usb 5-1: New USB device found, idVendor=12ab, idProduct=0000, bcdDevice=1e.eb
[  134.935079][  T977] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  134.947131][ T5921] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  134.958091][ T5921] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  134.967266][ T5921] usb 4-1: Product: syz
[  134.996733][ T5921] usb 4-1: Manufacturer: syz
[  135.002005][ T5990] usb 2-1: Product: syz
[  135.006397][ T5990] usb 2-1: Manufacturer: syz
[  135.023494][ T5921] usb 4-1: SerialNumber: syz
[  135.050398][ T5921] usb 4-1: config 0 descriptor??
[  135.085793][ T5990] usb 2-1: SerialNumber: syz
[  135.128115][ T5990] usb 2-1: config 0 descriptor??
[  135.246759][  T977] usb 5-1: USB disconnect, device number 10
[  135.263218][   T30] audit: type=1400 audit(1757821013.797:312): avc:  denied  { setopt } for  pid=6874 comm="syz.4.238" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  135.446461][   T30] audit: type=1400 audit(1757821013.797:313): avc:  denied  { write } for  pid=6874 comm="syz.4.238" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  135.845778][ T6905] FAULT_INJECTION: forcing a failure.
[  135.845778][ T6905] name failslab, interval 1, probability 0, space 0, times 0
[  135.858513][ T6905] CPU: 1 UID: 0 PID: 6905 Comm: syz.0.248 Not tainted syzkaller #0 PREEMPT(full) 
[  135.858535][ T6905] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  135.858541][ T6905] Call Trace:
[  135.858545][ T6905]  <TASK>
[  135.858549][ T6905]  dump_stack_lvl+0x16c/0x1f0
[  135.858567][ T6905]  should_fail_ex+0x512/0x640
[  135.858580][ T6905]  ? fs_reclaim_acquire+0xae/0x150
[  135.858597][ T6905]  ? tomoyo_encode2+0x100/0x3e0
[  135.858612][ T6905]  should_failslab+0xc2/0x120
[  135.858625][ T6905]  __kmalloc_noprof+0xd2/0x510
[  135.858635][ T6905]  ? d_absolute_path+0x136/0x1a0
[  135.858652][ T6905]  tomoyo_encode2+0x100/0x3e0
[  135.858669][ T6905]  tomoyo_encode+0x29/0x50
[  135.858683][ T6905]  tomoyo_realpath_from_path+0x18f/0x6e0
[  135.858703][ T6905]  tomoyo_path_number_perm+0x245/0x580
[  135.858715][ T6905]  ? tomoyo_path_number_perm+0x237/0x580
[  135.858730][ T6905]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  135.858744][ T6905]  ? find_held_lock+0x2b/0x80
[  135.858768][ T6905]  ? find_held_lock+0x2b/0x80
[  135.858780][ T6905]  ? hook_file_ioctl_common+0x145/0x410
[  135.858794][ T6905]  ? __fget_files+0x20e/0x3c0
[  135.858808][ T6905]  security_file_ioctl+0x9b/0x240
[  135.858823][ T6905]  __x64_sys_ioctl+0xb7/0x210
[  135.858844][ T6905]  do_syscall_64+0xcd/0x4e0
[  135.858859][ T6905]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  135.858869][ T6905] RIP: 0033:0x7ff2c4b8eba9
[  135.858877][ T6905] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  135.858887][ T6905] RSP: 002b:00007ff2c5afd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  135.858897][ T6905] RAX: ffffffffffffffda RBX: 00007ff2c4dd5fa0 RCX: 00007ff2c4b8eba9
[  135.858903][ T6905] RDX: 0000200000000040 RSI: 00000000c0405602 RDI: 0000000000000003
[  135.858909][ T6905] RBP: 00007ff2c5afd090 R08: 0000000000000000 R09: 0000000000000000
[  135.858915][ T6905] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  135.858921][ T6905] R13: 00007ff2c4dd6038 R14: 00007ff2c4dd5fa0 R15: 00007ffd0bd1bd48
[  135.858934][ T6905]  </TASK>
[  135.858955][ T6905] ERROR: Out of memory at tomoyo_realpath_from_path.
[  136.275088][   T30] audit: type=1400 audit(1757821014.827:314): avc:  denied  { getopt } for  pid=6906 comm="syz.0.249" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  137.149530][ T6919] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  137.483790][ T5921] usb 4-1: USB disconnect, device number 7
[  137.724095][   T30] audit: type=1400 audit(1757821016.277:315): avc:  denied  { create } for  pid=6922 comm="syz.3.255" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  138.370424][ T5990] usb 2-1: USB disconnect, device number 6
[  138.568227][ T6934] SELinux: security_context_str_to_sid (root) failed with errno=-22
[  138.623346][   T30] audit: type=1400 audit(1757821017.117:316): avc:  denied  { mounton } for  pid=6932 comm="syz.3.259" path="/syzcgroup/unified/syz3" dev="cgroup2" ino=154 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1
[  138.717995][ T6934] overlayfs: missing 'workdir'
[  138.722883][   T30] audit: type=1400 audit(1757821017.267:317): avc:  denied  { mount } for  pid=6932 comm="syz.3.259" name="/" dev="hugetlbfs" ino=12688 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1
[  138.861485][ T6943] netlink: 28 bytes leftover after parsing attributes in process `syz.4.262'.
[  138.891284][ T5852] udevd[5852]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card4/controlC4/../uevent} for writing: No such file or directory
[  138.919892][   T30] audit: type=1400 audit(1757821017.427:318): avc:  denied  { read } for  pid=6942 comm="syz.1.260" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  139.009278][ T6943] netlink: 40 bytes leftover after parsing attributes in process `syz.4.262'.
[  139.040677][ T5921] usb 4-1: new full-speed USB device number 8 using dummy_hcd
[  139.247135][ T5921] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  139.259941][ T5921] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  139.321055][ T5921] usb 4-1: Product: syz
[  139.325716][ T5921] usb 4-1: Manufacturer: syz
[  139.332863][ T5921] usb 4-1: SerialNumber: syz
[  139.464773][ T5921] usb 4-1: config 0 descriptor??
[  139.754813][ T5921] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  139.783269][ T6951] netlink: 8 bytes leftover after parsing attributes in process `syz.1.263'.
[  139.999810][ T6956] syz.2.258 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  141.465941][ T5921] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  141.481134][ T5921] usb 4-1: USB disconnect, device number 8
[  141.890214][   T24] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  142.116337][   T24] usb 2-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config
[  142.240100][   T24] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  142.281282][ T6975] netlink: 8 bytes leftover after parsing attributes in process `syz.4.269'.
[  142.347165][   T24] usb 2-1: config 1 has no interface number 1
[  142.370234][   T24] usb 2-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0
[  142.524081][   T24] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x6 has an invalid bInterval 255, changing to 7
[  142.535251][   T24] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x6 has invalid maxpacket 59378, setting to 1024
[  142.582806][   T24] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  142.612560][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  142.666398][   T24] usb 2-1: Product: syz
[  142.670897][   T24] usb 2-1: Manufacturer: syz
[  142.675818][   T24] usb 2-1: SerialNumber: syz
[  142.683849][ T6982] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  142.949069][   T24] usb 2-1: 2:1 : no or invalid class specific endpoint descriptor
[  142.979004][   T24] usb 2-1: 2:1 : no or invalid class specific endpoint descriptor
[  143.185344][   T24] usb 2-1: USB disconnect, device number 7
[  143.484045][ T7002] overlayfs: upper fs does not support file handles, falling back to index=off.
[  143.626868][   T30] audit: type=1400 audit(1757821022.167:319): avc:  denied  { setopt } for  pid=7004 comm="syz.1.278" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  143.873596][ T7011] befs: (nullb0): No write support. Marking filesystem read-only
[  143.945176][ T7011] befs: (nullb0): invalid magic header
[  144.090716][ T7012] netlink: 12 bytes leftover after parsing attributes in process `syz.4.277'.
[  144.943564][ T7024] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  144.952661][ T7024] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  145.410162][ T5914] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  145.623018][ T7034] overlayfs: missing 'lowerdir'
[  145.658030][ T5914] usb 2-1: Using ep0 maxpacket: 8
[  145.852588][ T5914] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  145.930357][ T5914] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice= 0.40
[  145.943490][ T5914] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  145.952525][ T5914] usb 2-1: Product: syz
[  145.957512][ T5914] usb 2-1: Manufacturer: syz
[  145.964241][ T5914] usb 2-1: SerialNumber: syz
[  146.048710][ T5914] usbtest 2-1:1.0: couldn't get endpoints, -22
[  146.061592][ T5914] usbtest 2-1:1.0: probe with driver usbtest failed with error -22
[  148.173535][ T7058] overlayfs: failed to decode file handle (len=6, type=4347, flags=0, err=-22)
[  148.489541][ T5990] usb 2-1: USB disconnect, device number 8
[  149.130571][ T7067] FAULT_INJECTION: forcing a failure.
[  149.130571][ T7067] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  149.143698][ T7067] CPU: 1 UID: 0 PID: 7067 Comm: syz.1.292 Not tainted syzkaller #0 PREEMPT(full) 
[  149.143720][ T7067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  149.143730][ T7067] Call Trace:
[  149.143735][ T7067]  <TASK>
[  149.143742][ T7067]  dump_stack_lvl+0x16c/0x1f0
[  149.143769][ T7067]  should_fail_ex+0x512/0x640
[  149.143793][ T7067]  _copy_from_user+0x2e/0xd0
[  149.143819][ T7067]  generic_map_update_batch+0x3e9/0x610
[  149.143849][ T7067]  ? __pfx_generic_map_update_batch+0x10/0x10
[  149.143876][ T7067]  ? __pfx_generic_map_update_batch+0x10/0x10
[  149.143900][ T7067]  bpf_map_do_batch+0x5b1/0x680
[  149.143921][ T7067]  __sys_bpf+0x4cf9/0x4de0
[  149.143947][ T7067]  ? __pfx___sys_bpf+0x10/0x10
[  149.143970][ T7067]  ? ksys_write+0x190/0x250
[  149.143992][ T7067]  ? __mutex_unlock_slowpath+0x161/0x7b0
[  149.144030][ T7067]  ? fput+0x9b/0xd0
[  149.144053][ T7067]  ? ksys_write+0x1ac/0x250
[  149.144070][ T7067]  ? __pfx_ksys_write+0x10/0x10
[  149.144092][ T7067]  __x64_sys_bpf+0x78/0xc0
[  149.144114][ T7067]  ? lockdep_hardirqs_on+0x7c/0x110
[  149.144135][ T7067]  do_syscall_64+0xcd/0x4e0
[  149.144159][ T7067]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  149.144176][ T7067] RIP: 0033:0x7fee48f8eba9
[  149.144191][ T7067] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  149.144207][ T7067] RSP: 002b:00007fee49d8c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  149.144223][ T7067] RAX: ffffffffffffffda RBX: 00007fee491d6090 RCX: 00007fee48f8eba9
[  149.144235][ T7067] RDX: 0000000000000038 RSI: 00002000000001c0 RDI: 000000000000001a
[  149.144245][ T7067] RBP: 00007fee49d8c090 R08: 0000000000000000 R09: 0000000000000000
[  149.144254][ T7067] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  149.144264][ T7067] R13: 00007fee491d6128 R14: 00007fee491d6090 R15: 00007ffc9d4e6f08
[  149.144287][ T7067]  </TASK>
[  150.108004][ T7074] netlink: 24 bytes leftover after parsing attributes in process `syz.3.295'.
[  150.307626][   T30] audit: type=1400 audit(1757821028.637:320): avc:  denied  { write } for  pid=7066 comm="syz.0.293" name="loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  150.340265][   T30] audit: type=1400 audit(1757821028.637:321): avc:  denied  { ioctl } for  pid=7066 comm="syz.0.293" path="/dev/loop-control" dev="devtmpfs" ino=646 ioctlcmd=0x4c80 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  150.510515][ T7082] befs: (nullb0): No write support. Marking filesystem read-only
[  150.518968][ T7082] befs: (nullb0): invalid magic header
[  150.539603][ T7082] netlink: 12 bytes leftover after parsing attributes in process `syz.4.296'.
[  151.247261][ T7095] overlayfs: upper fs does not support file handles, falling back to index=off.
[  151.864342][ T7100] netlink: 8 bytes leftover after parsing attributes in process `syz.1.301'.
[  151.874609][ T7100] netlink: 'syz.1.301': attribute type 23 has an invalid length.
[  151.920354][ T7100] netlink: 8 bytes leftover after parsing attributes in process `syz.1.301'.
[  152.019054][ T7100] netlink: 8 bytes leftover after parsing attributes in process `syz.1.301'.
[  152.058600][ T7100] netlink: 'syz.1.301': attribute type 23 has an invalid length.
[  152.112004][ T7100] netlink: 8 bytes leftover after parsing attributes in process `syz.1.301'.
[  152.344956][ T7112] netlink: 20 bytes leftover after parsing attributes in process `syz.3.303'.
[  153.073779][   T30] audit: type=1400 audit(1757821031.617:322): avc:  denied  { connect } for  pid=7118 comm="syz.0.305" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  153.093168][    C1] vkms_vblank_simulate: vblank timer overrun
[  154.252925][ T7137] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7137 comm=syz.2.310
[  154.814101][   T30] audit: type=1400 audit(1757821033.357:323): avc:  denied  { connect } for  pid=7143 comm="syz.1.312" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  155.216390][ T7149] netlink: 48 bytes leftover after parsing attributes in process `syz.2.313'.
[  155.246152][ T7149] netlink: 48 bytes leftover after parsing attributes in process `syz.2.313'.
[  155.420664][ T7155] overlayfs: upper fs does not support file handles, falling back to index=off.
[  155.830670][ T7159] /dev/nullb0: Can't open blockdev
[  155.862522][ T7159] netlink: 12 bytes leftover after parsing attributes in process `syz.2.317'.
[  156.137622][ T7169] FAULT_INJECTION: forcing a failure.
[  156.137622][ T7169] name failslab, interval 1, probability 0, space 0, times 0
[  156.150730][ T7169] CPU: 0 UID: 0 PID: 7169 Comm: syz.4.319 Not tainted syzkaller #0 PREEMPT(full) 
[  156.150753][ T7169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  156.150764][ T7169] Call Trace:
[  156.150769][ T7169]  <TASK>
[  156.150776][ T7169]  dump_stack_lvl+0x16c/0x1f0
[  156.150803][ T7169]  should_fail_ex+0x512/0x640
[  156.150824][ T7169]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  156.150845][ T7169]  should_failslab+0xc2/0x120
[  156.150864][ T7169]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  156.150881][ T7169]  ? mas_alloc_nodes+0x18b/0x8b0
[  156.150903][ T7169]  mas_alloc_nodes+0x18b/0x8b0
[  156.150926][ T7169]  mas_node_count_gfp+0x105/0x130
[  156.150946][ T7169]  mas_preallocate+0x7e0/0xde0
[  156.150974][ T7169]  ? __pfx_mas_preallocate+0x10/0x10
[  156.150995][ T7169]  ? irqentry_exit+0x3b/0x90
[  156.151023][ T7169]  ? __asan_memset+0x23/0x50
[  156.151048][ T7169]  ? init_multi_vma_prep+0x30a/0x650
[  156.151076][ T7169]  commit_merge+0x2a8/0x1030
[  156.151105][ T7169]  ? __pfx_commit_merge+0x10/0x10
[  156.151129][ T7169]  ? __vma_enter_locked+0x163/0x3f0
[  156.151160][ T7169]  ? vma_expand+0x1cd/0x910
[  156.151181][ T7169]  vma_expand+0x3ac/0x910
[  156.151197][ T7169]  ? __pfx_vma_expand+0x10/0x10
[  156.151214][ T7169]  ? can_vma_merge_right+0x3b8/0x530
[  156.151243][ T7169]  vma_merge_new_range+0x2ef/0xa50
[  156.151266][ T7169]  vma_merge_extend+0x25e/0x310
[  156.151281][ T7169]  ? __pfx_vma_merge_extend+0x10/0x10
[  156.151309][ T7169]  ? write_comp_data+0x11/0x90
[  156.151330][ T7169]  do_mremap+0x181e/0x2030
[  156.151351][ T7169]  ? get_pid_task+0x106/0x250
[  156.151371][ T7169]  ? __pfx_do_mremap+0x10/0x10
[  156.151395][ T7169]  ? __pfx___schedule+0x10/0x10
[  156.151411][ T7169]  ? lockdep_hardirqs_on+0x7c/0x110
[  156.151435][ T7169]  __do_sys_mremap+0x119/0x170
[  156.151452][ T7169]  ? __pfx___do_sys_mremap+0x10/0x10
[  156.151468][ T7169]  ? trace_irq_enable.constprop.0+0x2f/0x120
[  156.151491][ T7169]  ? irqentry_exit+0x3b/0x90
[  156.151521][ T7169]  ? __x64_sys_mremap+0x11/0x150
[  156.151537][ T7169]  ? __x64_sys_mremap+0x5b/0x150
[  156.151558][ T7169]  do_syscall_64+0xcd/0x4e0
[  156.151582][ T7169]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  156.151599][ T7169] RIP: 0033:0x7f52e178eba9
[  156.151613][ T7169] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  156.151629][ T7169] RSP: 002b:00007f52e2536038 EFLAGS: 00000246 ORIG_RAX: 0000000000000019
[  156.151645][ T7169] RAX: ffffffffffffffda RBX: 00007f52e19d6180 RCX: 00007f52e178eba9
[  156.151660][ T7169] RDX: 0000000000004000 RSI: 0000000000003000 RDI: 0000200000ff8000
[  156.151671][ T7169] RBP: 00007f52e2536090 R08: 0000200000ffc000 R09: 0000000000000000
[  156.151681][ T7169] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  156.151691][ T7169] R13: 00007f52e19d6218 R14: 00007f52e19d6180 R15: 00007ffc4a0a33b8
[  156.151714][ T7169]  </TASK>
[  156.667923][ T7174] FAULT_INJECTION: forcing a failure.
[  156.667923][ T7174] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  156.682958][ T7174] CPU: 0 UID: 0 PID: 7174 Comm: syz.4.321 Not tainted syzkaller #0 PREEMPT(full) 
[  156.682972][ T7174] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  156.682978][ T7174] Call Trace:
[  156.682982][ T7174]  <TASK>
[  156.682986][ T7174]  dump_stack_lvl+0x16c/0x1f0
[  156.683003][ T7174]  should_fail_ex+0x512/0x640
[  156.683019][ T7174]  _copy_from_user+0x2e/0xd0
[  156.683034][ T7174]  generic_map_update_batch+0x3e9/0x610
[  156.683052][ T7174]  ? __pfx_generic_map_update_batch+0x10/0x10
[  156.683068][ T7174]  ? __pfx_generic_map_update_batch+0x10/0x10
[  156.683083][ T7174]  bpf_map_do_batch+0x5b1/0x680
[  156.683095][ T7174]  __sys_bpf+0x4cf9/0x4de0
[  156.683110][ T7174]  ? __pfx___sys_bpf+0x10/0x10
[  156.683124][ T7174]  ? ksys_write+0x190/0x250
[  156.683137][ T7174]  ? __mutex_unlock_slowpath+0x161/0x7b0
[  156.683158][ T7174]  ? fput+0x9b/0xd0
[  156.683172][ T7174]  ? ksys_write+0x1ac/0x250
[  156.683182][ T7174]  ? __pfx_ksys_write+0x10/0x10
[  156.683194][ T7174]  __x64_sys_bpf+0x78/0xc0
[  156.683208][ T7174]  ? lockdep_hardirqs_on+0x7c/0x110
[  156.683220][ T7174]  do_syscall_64+0xcd/0x4e0
[  156.683234][ T7174]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  156.683245][ T7174] RIP: 0033:0x7f52e178eba9
[  156.683254][ T7174] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  156.683264][ T7174] RSP: 002b:00007f52e2578038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  156.683273][ T7174] RAX: ffffffffffffffda RBX: 00007f52e19d5fa0 RCX: 00007f52e178eba9
[  156.683280][ T7174] RDX: 0000000000000038 RSI: 00002000000001c0 RDI: 000000000000001a
[  156.683286][ T7174] RBP: 00007f52e2578090 R08: 0000000000000000 R09: 0000000000000000
[  156.683292][ T7174] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  156.683298][ T7174] R13: 00007f52e19d6038 R14: 00007f52e19d5fa0 R15: 00007ffc4a0a33b8
[  156.683310][ T7174]  </TASK>
[  156.878709][    C0] vkms_vblank_simulate: vblank timer overrun
[  156.927517][   T30] audit: type=1400 audit(1757821035.467:324): avc:  denied  { name_bind } for  pid=7171 comm="syz.3.320" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1
[  156.968095][ T7177] random: crng reseeded on system resumption
[  157.002034][   T30] audit: type=1400 audit(1757821035.517:325): avc:  denied  { write } for  pid=7176 comm="syz.4.322" name="snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  157.010878][ T7177] =======================================================
[  157.010878][ T7177] WARNING: The mand mount option has been deprecated and
[  157.010878][ T7177]          and is ignored by this kernel. Remove the mand
[  157.010878][ T7177]          option from the mount to silence this warning.
[  157.010878][ T7177] =======================================================
[  157.059768][    C0] vkms_vblank_simulate: vblank timer overrun
[  157.073249][ T5914] kernel write not supported for file bpf-prog (pid: 5914 comm: kworker/0:3)
[  157.083848][   T30] audit: type=1400 audit(1757821035.547:326): avc:  denied  { ioctl } for  pid=7176 comm="syz.4.322" path="/dev/snapshot" dev="devtmpfs" ino=92 ioctlcmd=0x330d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  157.108535][    C0] vkms_vblank_simulate: vblank timer overrun
[  158.246207][ T7201] overlayfs: failed to resolve './file1': -2
[  158.602910][ T7206] binder: 7204:7206 ioctl c00c620f 2000000003c0 returned -22
[  158.755982][   T30] audit: type=1400 audit(1757821037.297:327): avc:  denied  { ioctl } for  pid=7210 comm="syz.0.332" path="socket:[13176]" dev="sockfs" ino=13176 ioctlcmd=0x89e1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  158.957156][ T5851] Bluetooth: hci2: Malformed HCI Event: 0x22
[  158.966953][   T30] audit: type=1400 audit(1757821037.387:328): avc:  denied  { create } for  pid=7207 comm="syz.3.331" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  159.202564][   T30] audit: type=1400 audit(1757821037.487:329): avc:  denied  { create } for  pid=7216 comm="syz.2.333" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  159.342097][ T7224] netlink: 16 bytes leftover after parsing attributes in process `syz.2.334'.
[  159.351858][ T7224] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=4 sclass=netlink_route_socket pid=7224 comm=syz.2.334
[  159.387054][   T30] audit: type=1400 audit(1757821037.937:330): avc:  denied  { mount } for  pid=7210 comm="syz.0.332" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1
[  159.408394][    C0] vkms_vblank_simulate: vblank timer overrun
[  159.880201][    T9] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  160.062339][    T9] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  160.085481][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  160.098517][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  160.110831][    T9] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  160.124847][    T9] usb 1-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  160.134226][    T9] usb 1-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  160.145012][    T9] usb 1-1: Manufacturer: syz
[  160.205286][    T9] usb 1-1: config 0 descriptor??
[  160.267417][ T7235] capability: warning: `syz.2.337' uses deprecated v2 capabilities in a way that may be insecure
[  160.288368][   T30] audit: type=1400 audit(1757821038.837:331): avc:  denied  { connect } for  pid=7233 comm="syz.2.337" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  160.307836][    C0] vkms_vblank_simulate: vblank timer overrun
[  160.314143][   T30] audit: type=1400 audit(1757821038.837:332): avc:  denied  { setopt } for  pid=7233 comm="syz.2.337" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  160.334188][   T30] audit: type=1400 audit(1757821038.837:333): avc:  denied  { write } for  pid=7233 comm="syz.2.337" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  160.827293][    T9] usbhid 1-1:0.0: can't add hid device: -71
[  160.834443][    T9] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  160.856194][    T9] usb 1-1: USB disconnect, device number 10
[  161.024815][ T7248] overlayfs: missing 'workdir'
[  161.220832][ T5921] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  161.380109][ T5921] usb 2-1: Using ep0 maxpacket: 16
[  161.386544][ T5921] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  161.395005][ T5921] usb 2-1: config 0 has no interface number 0
[  161.404553][ T5921] usb 2-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  161.413835][ T5921] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  161.422458][ T5921] usb 2-1: Product: syz
[  161.427115][ T5921] usb 2-1: Manufacturer: syz
[  161.431786][ T5921] usb 2-1: SerialNumber: syz
[  161.469422][ T5921] usb 2-1: config 0 descriptor??
[  161.484909][ T5921] gspca_main: spca1528-2.14.0 probing 04fc:1528
[  161.797883][ T5851] Bluetooth: hci1: Malformed HCI Event: 0x22
[  162.015099][ T7263] netlink: 8 bytes leftover after parsing attributes in process `syz.3.345'.
[  162.026122][ T7263] netlink: 'syz.3.345': attribute type 23 has an invalid length.
[  162.035046][ T7263] netlink: 8 bytes leftover after parsing attributes in process `syz.3.345'.
[  162.055263][ T7263] netlink: 8 bytes leftover after parsing attributes in process `syz.3.345'.
[  162.064104][ T7263] netlink: 'syz.3.345': attribute type 23 has an invalid length.
[  162.072318][ T7263] netlink: 8 bytes leftover after parsing attributes in process `syz.3.345'.
[  162.088418][ T5921] gspca_spca1528: reg_w err -71
[  162.113642][ T5921] spca1528 2-1:0.1: probe with driver spca1528 failed with error -71
[  162.131685][ T5956] usb 3-1: new full-speed USB device number 8 using dummy_hcd
[  162.153326][   T30] kauditd_printk_skb: 1 callbacks suppressed
[  162.153339][   T30] audit: type=1400 audit(1757821040.707:335): avc:  denied  { create } for  pid=7265 comm="syz.4.346" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  162.187651][ T5921] usb 2-1: USB disconnect, device number 9
[  162.342226][ T5956] usb 3-1: config 9 has an invalid interface number: 88 but max is 1
[  162.350895][ T5956] usb 3-1: config 9 contains an unexpected descriptor of type 0x2, skipping
[  162.359573][ T5956] usb 3-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config
[  162.390636][ T5956] usb 3-1: config 9 has 1 interface, different from the descriptor's value: 2
[  162.399503][ T5956] usb 3-1: config 9 has no interface number 0
[  162.405907][ T5956] usb 3-1: config 9 interface 88 altsetting 9 has an invalid descriptor for endpoint zero, skipping
[  162.417214][ T5956] usb 3-1: config 9 interface 88 altsetting 9 has an invalid descriptor for endpoint zero, skipping
[  162.428148][ T5956] usb 3-1: config 9 interface 88 altsetting 9 endpoint 0x6 has invalid wMaxPacketSize 0
[  162.438048][ T5956] usb 3-1: config 9 interface 88 altsetting 9 has 4 endpoint descriptors, different from the interface descriptor's value: 6
[  162.451442][ T5956] usb 3-1: config 9 interface 88 has no altsetting 0
[  162.459956][ T5956] usb 3-1: New USB device found, idVendor=03f0, idProduct=581d, bcdDevice=50.80
[  162.471523][ T5956] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  162.479505][ T5956] usb 3-1: Product: syz
[  162.500775][ T5956] usb 3-1: Manufacturer: syz
[  162.505378][ T5956] usb 3-1: SerialNumber: syz
[  162.865476][ T7260] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  162.894207][ T7260] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  163.317351][ T5956] usb 3-1: USB disconnect, device number 8
[  163.580265][ T7281] binder: 7280:7281 ioctl c00c620f 2000000003c0 returned -22
[  163.742608][ T7287] netlink: 40 bytes leftover after parsing attributes in process `syz.0.351'.
[  165.094111][ T7301] netlink: 8 bytes leftover after parsing attributes in process `syz.2.353'.
[  165.255520][ T7310] netlink: 24 bytes leftover after parsing attributes in process `syz.0.357'.
[  166.294618][ T7326] netlink: 24 bytes leftover after parsing attributes in process `syz.0.360'.
[  166.524958][ T7332] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=7332 comm=syz.2.362
[  166.642948][ T7331] Illegal XDP return value 754689088 on prog  (id 83) dev N/A, expect packet loss!
[  166.893736][ T7326] netlink: 4 bytes leftover after parsing attributes in process `syz.0.360'.
[  167.340402][ T7337] FAULT_INJECTION: forcing a failure.
[  167.340402][ T7337] name failslab, interval 1, probability 0, space 0, times 0
[  167.353339][ T7337] CPU: 0 UID: 0 PID: 7337 Comm: syz.2.363 Not tainted syzkaller #0 PREEMPT(full) 
[  167.353361][ T7337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  167.353370][ T7337] Call Trace:
[  167.353376][ T7337]  <TASK>
[  167.353382][ T7337]  dump_stack_lvl+0x16c/0x1f0
[  167.353406][ T7337]  should_fail_ex+0x512/0x640
[  167.353426][ T7337]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  167.353447][ T7337]  should_failslab+0xc2/0x120
[  167.353466][ T7337]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  167.353484][ T7337]  ? vm_area_dup+0x27/0x8d0
[  167.353510][ T7337]  ? __pfx_shm_may_split+0x10/0x10
[  167.353534][ T7337]  vm_area_dup+0x27/0x8d0
[  167.353559][ T7337]  ? __pfx_shm_may_split+0x10/0x10
[  167.353582][ T7337]  __split_vma+0x18e/0x1070
[  167.353599][ T7337]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  167.353625][ T7337]  ? __pfx___split_vma+0x10/0x10
[  167.353644][ T7337]  ? kernel_text_address+0x8d/0x100
[  167.353679][ T7337]  vms_gather_munmap_vmas+0x1d2/0x1340
[  167.353701][ T7337]  ? __pfx_vms_gather_munmap_vmas+0x10/0x10
[  167.353717][ T7337]  ? __pfx__kstrtoull+0x10/0x10
[  167.353739][ T7337]  ? find_held_lock+0x2b/0x80
[  167.353767][ T7337]  do_vmi_align_munmap+0x27c/0x7d0
[  167.353787][ T7337]  ? __pfx_do_vmi_align_munmap+0x10/0x10
[  167.353839][ T7337]  do_vmi_munmap+0x204/0x3e0
[  167.353859][ T7337]  __vm_munmap+0x19a/0x390
[  167.353879][ T7337]  ? __pfx___vm_munmap+0x10/0x10
[  167.353906][ T7337]  ? __pfx_ksys_write+0x10/0x10
[  167.353930][ T7337]  __x64_sys_munmap+0x59/0x80
[  167.353953][ T7337]  do_syscall_64+0xcd/0x4e0
[  167.353978][ T7337]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  167.353994][ T7337] RIP: 0033:0x7f5312f8eba9
[  167.354008][ T7337] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  167.354024][ T7337] RSP: 002b:00007f5313df4038 EFLAGS: 00000246 ORIG_RAX: 000000000000000b
[  167.354039][ T7337] RAX: ffffffffffffffda RBX: 00007f53131d6090 RCX: 00007f5312f8eba9
[  167.354050][ T7337] RDX: 0000000000000000 RSI: 0000000000001000 RDI: 0000200000ffb000
[  167.354060][ T7337] RBP: 00007f5313df4090 R08: 0000000000000000 R09: 0000000000000000
[  167.354070][ T7337] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  167.354079][ T7337] R13: 00007f53131d6128 R14: 00007f53131d6090 R15: 00007ffe7f7d6c38
[  167.354102][ T7337]  </TASK>
[  167.760506][   T30] audit: type=1400 audit(1757821045.907:336): avc:  denied  { connect } for  pid=7335 comm="syz.2.363" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  168.742247][ T7350] overlayfs: missing 'workdir'
[  168.839401][ T7357] overlayfs: missing 'lowerdir'
[  169.400372][   T43] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  169.680392][   T43] usb 2-1: Using ep0 maxpacket: 16
[  169.687338][   T43] usb 2-1: config index 0 descriptor too short (expected 16456, got 72)
[  169.704064][   T43] usb 2-1: config 0 has an invalid interface number: 125 but max is 1
[  169.724719][   T43] usb 2-1: config 0 has an invalid interface number: 125 but max is 1
[  169.750214][   T43] usb 2-1: config 0 has an invalid interface number: 125 but max is 1
[  169.823294][ T7369] netlink: 24 bytes leftover after parsing attributes in process `syz.0.371'.
[  169.883475][   T43] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2
[  169.904668][   T43] usb 2-1: config 0 has no interface number 0
[  169.950539][   T43] usb 2-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64
[  170.178192][ T7373] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=7373 comm=syz.3.373
[  170.502159][   T43] usb 2-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0
[  170.527152][   T43] usb 2-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0
[  170.539144][   T43] usb 2-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  170.569012][   T43] usb 2-1: config 0 interface 125 has no altsetting 2
[  170.599853][   T43] usb 2-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27
[  170.612919][   T43] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  170.621146][   T43] usb 2-1: Product: syz
[  170.625445][   T43] usb 2-1: Manufacturer: syz
[  170.631639][   T43] usb 2-1: SerialNumber: syz
[  170.646934][   T43] usb 2-1: config 0 descriptor??
[  170.661572][   T43] usb 2-1: selecting invalid altsetting 2
[  170.867086][ T7361] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  170.941029][ T7361] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  171.086853][   T30] audit: type=1400 audit(1757821049.437:337): avc:  denied  { ioctl } for  pid=7363 comm="syz.4.372" path="/dev/rtc0" dev="devtmpfs" ino=921 ioctlcmd=0x700a scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  171.233902][    T9] usb 2-1: USB disconnect, device number 10
[  171.666245][   T30] audit: type=1400 audit(1757821050.217:338): avc:  denied  { setopt } for  pid=7384 comm="syz.3.376" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  171.689376][ T7394] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  171.702291][   T30] audit: type=1400 audit(1757821050.217:339): avc:  denied  { read } for  pid=7384 comm="syz.3.376" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  171.703914][    T9] usb 2-1: new low-speed USB device number 11 using dummy_hcd
[  171.736523][   T30] audit: type=1400 audit(1757821050.237:340): avc:  denied  { mount } for  pid=7393 comm="syz.4.379" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  171.760399][ T5914] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  171.776121][   T30] audit: type=1400 audit(1757821050.307:341): avc:  denied  { mounton } for  pid=7393 comm="syz.4.379" path="/newroot/67/file0" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=dir permissive=1
[  171.807880][   T30] audit: type=1400 audit(1757821050.327:342): avc:  denied  { write } for  pid=7384 comm="syz.3.376" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  171.931854][    T9] usb 2-1: config 0 has an invalid interface number: 207 but max is 0
[  171.940241][    T9] usb 2-1: config 0 has no interface number 0
[  171.946461][    T9] usb 2-1: New USB device found, idVendor=13d8, idProduct=0001, bcdDevice=da.df
[  171.955933][ T5914] usb 1-1: Using ep0 maxpacket: 32
[  171.991464][ T5914] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  172.022936][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  172.033630][ T5914] usb 1-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  172.052933][ T5914] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  172.061047][    T9] usb 2-1: config 0 descriptor??
[  172.066166][ T5914] usb 1-1: Product: syz
[  172.503544][ T5914] usb 1-1: Manufacturer: syz
[  172.508174][ T5914] usb 1-1: SerialNumber: syz
[  172.525814][    T9] usb 2-1: selecting invalid altsetting 3
[  172.539603][    T9] comedi comedi5: could not set alternate setting 3 in high speed
[  172.555210][ T5914] usb 1-1: config 0 descriptor??
[  172.588888][    T9] usbdux 2-1:0.207: driver 'usbdux' failed to auto-configure device.
[  172.598587][ T5914] quatech2 1-1:0.0: Quatech 2nd gen USB to Serial Driver converter detected
[  172.613534][    T9] usbdux 2-1:0.207: probe with driver usbdux failed with error -22
[  172.633519][    T9] usb 2-1: USB disconnect, device number 11
[  172.747021][   T30] audit: type=1400 audit(1757821051.297:343): avc:  denied  { unmount } for  pid=5841 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  172.889127][ T5914] usb 1-1: qt2_setup_urbs - submit read urb failed -8
[  172.897664][ T5914] quatech2 1-1:0.0: probe with driver quatech2 failed with error -8
[  173.171014][ T7414] tipc: Started in network mode
[  173.184729][ T7414] tipc: Node identity e2e34118dcdb, cluster identity 4711
[  173.198360][ T7414] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  173.266617][ T5914] usb 1-1: USB disconnect, device number 11
[  173.282463][ T7415] syzkaller0: entered promiscuous mode
[  173.303371][ T7415] syzkaller0: entered allmulticast mode
[  173.445277][ T7418] syz.3.385 uses obsolete (PF_INET,SOCK_PACKET)
[  173.463150][ T7420] FAULT_INJECTION: forcing a failure.
[  173.463150][ T7420] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  173.480461][ T7420] CPU: 0 UID: 0 PID: 7420 Comm: syz.1.386 Not tainted syzkaller #0 PREEMPT(full) 
[  173.480485][ T7420] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  173.480494][ T7420] Call Trace:
[  173.480499][ T7420]  <TASK>
[  173.480506][ T7420]  dump_stack_lvl+0x16c/0x1f0
[  173.480531][ T7420]  should_fail_ex+0x512/0x640
[  173.480601][ T7420]  _copy_from_user+0x2e/0xd0
[  173.480624][ T7420]  vt_ioctl+0x42e/0x30a0
[  173.480650][ T7420]  ? lockdep_hardirqs_on+0x7c/0x110
[  173.480672][ T7420]  ? __pfx_vt_ioctl+0x10/0x10
[  173.480697][ T7420]  ? tomoyo_path_number_perm+0x18d/0x580
[  173.480726][ T7420]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  173.480746][ T7420]  ? tty_jobctrl_ioctl+0x152/0xe00
[  173.480773][ T7420]  ? __pfx_vt_ioctl+0x10/0x10
[  173.480796][ T7420]  tty_ioctl+0x661/0x1680
[  173.480813][ T7420]  ? __pfx_tty_ioctl+0x10/0x10
[  173.480830][ T7420]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  173.480860][ T7420]  ? hook_file_ioctl_common+0x145/0x410
[  173.480883][ T7420]  ? selinux_file_ioctl+0x180/0x270
[  173.480903][ T7420]  ? selinux_file_ioctl+0xb4/0x270
[  173.480927][ T7420]  ? __pfx_tty_ioctl+0x10/0x10
[  173.480946][ T7420]  __x64_sys_ioctl+0x18e/0x210
[  173.480973][ T7420]  do_syscall_64+0xcd/0x4e0
[  173.480996][ T7420]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  173.481014][ T7420] RIP: 0033:0x7fee48f8eba9
[  173.481028][ T7420] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  173.481044][ T7420] RSP: 002b:00007fee49dad038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  173.481062][ T7420] RAX: ffffffffffffffda RBX: 00007fee491d5fa0 RCX: 00007fee48f8eba9
[  173.481072][ T7420] RDX: 0000200000000540 RSI: 0000000000004b72 RDI: 0000000000000003
[  173.481082][ T7420] RBP: 00007fee49dad090 R08: 0000000000000000 R09: 0000000000000000
[  173.481092][ T7420] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  173.481101][ T7420] R13: 00007fee491d6038 R14: 00007fee491d5fa0 R15: 00007ffc9d4e6f08
[  173.481124][ T7420]  </TASK>
[  173.498315][ T7413] tipc: Resetting bearer <eth:syzkaller0>
[  173.507307][ T7413] tipc: Disabling bearer <eth:syzkaller0>
[  173.515307][ T7418] netdevsim netdevsim3: Direct firmware load for lookup_extent_enter failed with error -2
[  173.768169][ T7418] netdevsim netdevsim3: Falling back to sysfs fallback for: lookup_extent_enter
[  173.777854][   T30] audit: type=1400 audit(1757821052.317:344): avc:  denied  { firmware_load } for  pid=7416 comm="syz.3.385" scontext=system_u:system_r:kernel_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  173.884102][ T7426] netlink: 4 bytes leftover after parsing attributes in process `syz.2.388'.
[  174.167486][ T7426] team0 (unregistering): Port device team_slave_0 removed
[  174.178328][ T7426] team0 (unregistering): Port device team_slave_1 removed
[  175.625785][ T7456] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  175.893204][ T7464] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.397'.
[  176.196200][ T7457] overlayfs: upper fs does not support file handles, falling back to index=off.
[  176.509092][ T1206] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  176.534916][ T7470] netlink: 48 bytes leftover after parsing attributes in process `syz.1.400'.
[  176.597795][ T7470] netlink: 48 bytes leftover after parsing attributes in process `syz.1.400'.
[  176.690909][ T1206] usb 4-1: Using ep0 maxpacket: 8
[  176.751825][ T1206] usb 4-1: config 0 has an invalid interface number: 94 but max is 0
[  176.760428][ T1206] usb 4-1: config 0 has no interface number 0
[  176.766509][ T1206] usb 4-1: New USB device found, idVendor=057c, idProduct=2200, bcdDevice= e.fd
[  176.793495][ T1206] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  177.025087][ T1206] usb 4-1: config 0 descriptor??
[  177.046313][ T1206] bfusb 4-1:0.94: probe with driver bfusb failed with error -5
[  177.130163][   T43] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  177.257399][    T9] usb 4-1: USB disconnect, device number 9
[  177.272349][   T30] audit: type=1400 audit(1757821055.827:345): avc:  denied  { mount } for  pid=7460 comm="syz.4.398" name="/" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[  177.294975][   T43] usb 2-1: Using ep0 maxpacket: 16
[  177.304097][   T30] audit: type=1400 audit(1757821055.857:346): avc:  denied  { mounton } for  pid=7460 comm="syz.4.398" path="/71/file0" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=dir permissive=1
[  177.338698][   T43] usb 2-1: config 4 has an invalid interface number: 51 but max is 0
[  177.346969][   T43] usb 2-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  177.357872][   T43] usb 2-1: config 4 has no interface number 0
[  177.365701][   T43] usb 2-1: config 4 interface 51 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  177.380009][   T43] usb 2-1: config 4 interface 51 has no altsetting 0
[  177.396543][   T43] usb 2-1: New USB device found, idVendor=954f, idProduct=4199, bcdDevice= f.76
[  177.406744][   T43] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  177.415611][   T43] usb 2-1: Product: syz
[  177.419906][   T43] usb 2-1: Manufacturer: syz
[  177.424903][   T43] usb 2-1: SerialNumber: syz
[  177.449219][   T43] cdc_eem 2-1:4.51: probe with driver cdc_eem failed with error -22
[  177.522883][   T30] audit: type=1400 audit(1757821056.067:347): avc:  denied  { unmount } for  pid=5841 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[  177.554012][ T7490] netlink: 'syz.4.406': attribute type 10 has an invalid length.
[  177.580978][ T7490] netlink: 40 bytes leftover after parsing attributes in process `syz.4.406'.
[  177.602587][ T7490] team0: Port device geneve0 added
[  177.698925][ T7494] FAULT_INJECTION: forcing a failure.
[  177.698925][ T7494] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  177.712440][ T7494] CPU: 0 UID: 0 PID: 7494 Comm: syz.2.405 Not tainted syzkaller #0 PREEMPT(full) 
[  177.712463][ T7494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  177.712473][ T7494] Call Trace:
[  177.712478][ T7494]  <TASK>
[  177.712484][ T7494]  dump_stack_lvl+0x16c/0x1f0
[  177.712510][ T7494]  should_fail_ex+0x512/0x640
[  177.712536][ T7494]  _copy_to_user+0x32/0xd0
[  177.712564][ T7494]  simple_read_from_buffer+0xcb/0x170
[  177.712586][ T7494]  proc_fail_nth_read+0x197/0x240
[  177.712608][ T7494]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  177.712631][ T7494]  ? rw_verify_area+0xcf/0x6c0
[  177.712657][ T7494]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  177.712677][ T7494]  vfs_read+0x1e4/0xcf0
[  177.712698][ T7494]  ? __pfx___mutex_lock+0x10/0x10
[  177.712720][ T7494]  ? __pfx_vfs_read+0x10/0x10
[  177.712745][ T7494]  ? __fget_files+0x20e/0x3c0
[  177.712772][ T7494]  ksys_read+0x12a/0x250
[  177.712789][ T7494]  ? __pfx_ksys_read+0x10/0x10
[  177.712807][ T7494]  ? fput+0x9b/0xd0
[  177.712833][ T7494]  do_syscall_64+0xcd/0x4e0
[  177.712858][ T7494]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  177.712875][ T7494] RIP: 0033:0x7f5312f8d5bc
[  177.712890][ T7494] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  177.712906][ T7494] RSP: 002b:00007f5313d6e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  177.712923][ T7494] RAX: ffffffffffffffda RBX: 00007f53131d6180 RCX: 00007f5312f8d5bc
[  177.712935][ T7494] RDX: 000000000000000f RSI: 00007f5313d6e0a0 RDI: 000000000000000d
[  177.712946][ T7494] RBP: 00007f5313d6e090 R08: 0000000000000000 R09: 0000000000000000
[  177.712956][ T7494] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  177.712966][ T7494] R13: 00007f53131d6218 R14: 00007f53131d6180 R15: 00007ffe7f7d6c38
[  177.712989][ T7494]  </TASK>
[  178.094817][   T30] audit: type=1400 audit(1757821056.267:348): avc:  denied  { shutdown } for  pid=7489 comm="syz.4.406" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  178.114715][    C0] vkms_vblank_simulate: vblank timer overrun
[  178.129502][   T30] audit: type=1400 audit(1757821056.267:349): avc:  denied  { create } for  pid=7489 comm="syz.4.406" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  178.191419][   T30] audit: type=1400 audit(1757821056.267:350): avc:  denied  { listen } for  pid=7489 comm="syz.4.406" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  178.410114][    T9] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  178.534291][ T7504] netlink: 8 bytes leftover after parsing attributes in process `syz.4.408'.
[  178.551447][ T7504] netlink: 'syz.4.408': attribute type 23 has an invalid length.
[  178.587303][ T7504] netlink: 8 bytes leftover after parsing attributes in process `syz.4.408'.
[  178.707648][ T7504] netlink: 8 bytes leftover after parsing attributes in process `syz.4.408'.
[  178.876368][ T7504] netlink: 'syz.4.408': attribute type 23 has an invalid length.
[  178.907623][ T7504] netlink: 8 bytes leftover after parsing attributes in process `syz.4.408'.
[  178.940352][    T9] usb 4-1: Using ep0 maxpacket: 32
[  178.947043][    T9] usb 4-1: config index 0 descriptor too short (expected 156, got 27)
[  178.955421][    T9] usb 4-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  178.969780][    T9] usb 4-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  179.011543][    T9] usb 4-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  179.029025][    T9] usb 4-1: config 0 interface 0 has no altsetting 0
[  179.066540][    T9] usb 4-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  179.079023][    T9] usb 4-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  179.117277][    T9] usb 4-1: Product: syz
[  179.124967][    T9] usb 4-1: Manufacturer: syz
[  179.129588][    T9] usb 4-1: SerialNumber: syz
[  179.141301][    T9] usb 4-1: config 0 descriptor??
[  179.187202][    T9] ldusb 4-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  179.345514][   T30] audit: type=1400 audit(1757821057.827:351): avc:  denied  { create } for  pid=7509 comm="syz.4.411" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  179.364697][    C0] vkms_vblank_simulate: vblank timer overrun
[  179.383880][    T9] ldusb 4-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  179.745425][ T7521] netlink: 4 bytes leftover after parsing attributes in process `syz.0.413'.
[  179.754864][ T7521] netlink: 20 bytes leftover after parsing attributes in process `syz.0.413'.
[  179.827333][ T7515] net veth1_virt_wifi »»»»»»: renamed from virt_wifi0
[  179.840186][   T30] audit: type=1400 audit(1757821057.827:352): avc:  denied  { ioctl } for  pid=7509 comm="syz.4.411" path="socket:[15783]" dev="sockfs" ino=15783 ioctlcmd=0x89ea scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  179.864600][    C0] vkms_vblank_simulate: vblank timer overrun
[  179.952824][   T30] audit: type=1400 audit(1757821057.827:353): avc:  denied  { create } for  pid=7509 comm="syz.4.411" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  180.350208][    T9] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  180.501214][    T9] usb 5-1: Using ep0 maxpacket: 32
[  180.508962][    T9] usb 5-1: unable to get BOS descriptor or descriptor too short
[  180.609320][    T9] usb 5-1: config 5 has an invalid interface number: 52 but max is 0
[  180.618349][    T9] usb 5-1: config 5 has no interface number 0
[  180.624839][    T9] usb 5-1: config 5 interface 52 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 1024
[  180.856231][ T7541] vxfs: WRONG superblock magic 00000000 at 1
[  180.863595][ T7541] vxfs: WRONG superblock magic 00000000 at 8
[  180.869600][ T7541] vxfs: can't find superblock.
[  180.919780][   T30] audit: type=1400 audit(1757821059.437:354): avc:  denied  { ioctl } for  pid=7532 comm="syz.0.417" path="socket:[15044]" dev="sockfs" ino=15044 ioctlcmd=0x89f1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  181.014623][    T9] usb 5-1: New USB device found, idVendor=16ca, idProduct=1502, bcdDevice=51.58
[  181.065845][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  181.073797][   T43] usb 2-1: USB disconnect, device number 12
[  181.189711][    T9] usb 5-1: SerialNumber: ь
[  181.209743][ T7527] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[  181.816772][    T9] aircable 5-1:5.52: aircable converter detected
[  181.848123][    T9] usb 5-1: aircable converter now attached to ttyUSB0
[  181.869166][    T9] usb 5-1: USB disconnect, device number 11
[  181.907766][ T7551] befs: (nullb0): No write support. Marking filesystem read-only
[  181.982711][ T7555] netlink: 8 bytes leftover after parsing attributes in process `syz.1.421'.
[  182.000198][ T7551] befs: (nullb0): invalid magic header
[  182.006382][    T9] aircable ttyUSB0: aircable converter now disconnected from ttyUSB0
[  182.024490][ T7556] netlink: 12 bytes leftover after parsing attributes in process `syz.0.420'.
[  182.062234][    T9] aircable 5-1:5.52: device disconnected
[  182.105653][ T7555] netlink: 8 bytes leftover after parsing attributes in process `syz.1.421'.
[  182.257966][ T7563] netlink: 51 bytes leftover after parsing attributes in process `syz.2.422'.
[  182.363534][   T30] audit: type=1400 audit(1757821060.897:355): avc:  denied  { lock } for  pid=7558 comm="syz.2.422" path="/dev/video1" dev="devtmpfs" ino=931 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[  183.861423][   T24] usb 4-1: USB disconnect, device number 10
[  183.869880][   T24] ldusb 4-1:0.0: LD USB Device #0 now disconnected
[  184.543317][   T30] audit: type=1400 audit(1757821063.077:356): avc:  denied  { read } for  pid=7574 comm="syz.1.425" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  184.562916][    C0] vkms_vblank_simulate: vblank timer overrun
[  184.582440][ T7585] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  184.708194][   T24] libceph: connect (1)[c::]:6789 error -101
[  184.725701][   T24] libceph: mon0 (1)[c::]:6789 connect error
[  184.822806][ T7581] ceph: No mds server is up or the cluster is laggy
[  184.875154][ T7593] capability: warning: `syz.0.429' uses 32-bit capabilities (legacy support in use)
[  184.913065][   T30] audit: type=1400 audit(1757821063.457:357): avc:  denied  { shutdown } for  pid=7592 comm="syz.0.429" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  185.190344][   T30] audit: type=1400 audit(1757821063.737:358): avc:  denied  { write } for  pid=7603 comm="syz.2.434" path="socket:[15194]" dev="sockfs" ino=15194 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  185.192510][ T7604] Bluetooth: MGMT ver 1.23
[  185.213920][    C0] vkms_vblank_simulate: vblank timer overrun
[  185.974766][ T5851] Bluetooth: hci2: SCO packet for unknown connection handle 200
[  186.591901][ T7622] netlink: 8 bytes leftover after parsing attributes in process `syz.1.438'.
[  186.709838][ T7624] netlink: 24 bytes leftover after parsing attributes in process `syz.2.437'.
[  186.779413][   T30] audit: type=1400 audit(1757821065.327:359): avc:  denied  { getopt } for  pid=7621 comm="syz.1.438" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  186.980833][   T30] audit: type=1400 audit(1757821065.367:360): avc:  denied  { setattr } for  pid=7621 comm="syz.1.438" name="PNPIPE" dev="sockfs" ino=16138 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  187.080660][ T7628] befs: (nullb0): No write support. Marking filesystem read-only
[  187.100419][ T7628] befs: (nullb0): invalid magic header
[  187.150749][ T7625] netlink: 12 bytes leftover after parsing attributes in process `syz.3.439'.
[  187.387069][ T7638] overlayfs: upper fs does not support file handles, falling back to index=off.
[  187.425172][   T30] audit: type=1400 audit(1757821065.977:361): avc:  denied  { write } for  pid=7633 comm="syz.0.442" name="ptp0" dev="devtmpfs" ino=1265 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  187.693605][ T7637] overlayfs: upper fs does not support file handles, falling back to index=off.
[  188.720105][ T5990] usb 1-1: new full-speed USB device number 12 using dummy_hcd
[  188.756177][ T7665] netlink: 'syz.2.448': attribute type 1 has an invalid length.
[  188.756223][ T7665] netlink: 224 bytes leftover after parsing attributes in process `syz.2.448'.
[  189.037937][   T30] audit: type=1400 audit(1757821067.447:362): avc:  denied  { setopt } for  pid=7658 comm="syz.3.451" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  189.574549][ T5990] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  189.574570][ T5990] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 127, setting to 64
[  189.574584][ T5990] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 65535, setting to 64
[  189.574604][ T5990] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  189.574616][ T5990] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  189.584052][ T7651] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  189.584663][ T7651] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  189.587193][ T5990] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  190.200099][   T30] audit: type=1400 audit(1757821068.737:363): avc:  denied  { write } for  pid=7647 comm="syz.0.446" path="socket:[15264]" dev="sockfs" ino=15264 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  190.300164][ T7676] syz_tun: entered allmulticast mode
[  190.303700][ T7675] syz_tun: left allmulticast mode
[  190.506610][ T7684] FAULT_INJECTION: forcing a failure.
[  190.506610][ T7684] name failslab, interval 1, probability 0, space 0, times 0
[  190.506678][ T7684] CPU: 1 UID: 0 PID: 7684 Comm: syz.3.455 Not tainted syzkaller #0 PREEMPT(full) 
[  190.506699][ T7684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  190.506709][ T7684] Call Trace:
[  190.506715][ T7684]  <TASK>
[  190.506722][ T7684]  dump_stack_lvl+0x16c/0x1f0
[  190.506748][ T7684]  should_fail_ex+0x512/0x640
[  190.506769][ T7684]  ? __kmalloc_noprof+0xbf/0x510
[  190.506790][ T7684]  ? io_cache_alloc_new+0x45/0xf0
[  190.506812][ T7684]  should_failslab+0xc2/0x120
[  190.506832][ T7684]  __kmalloc_noprof+0xd2/0x510
[  190.506856][ T7684]  io_cache_alloc_new+0x45/0xf0
[  190.506880][ T7684]  __io_prep_rw+0x21d/0x1090
[  190.506899][ T7684]  ? __pfx___io_prep_rw+0x10/0x10
[  190.506915][ T7684]  ? mark_held_locks+0x49/0x80
[  190.506941][ T7684]  ? __pfx___io_alloc_req_refill+0x10/0x10
[  190.506976][ T7684]  io_prep_rw+0x24/0x220
[  190.506994][ T7684]  io_prep_readv+0x20/0xa0
[  190.507011][ T7684]  io_submit_sqes+0x850/0x25c0
[  190.507044][ T7684]  __do_sys_io_uring_enter+0xd6a/0x1630
[  190.507068][ T7684]  ? __fget_files+0x20e/0x3c0
[  190.507088][ T7684]  ? __pfx___do_sys_io_uring_enter+0x10/0x10
[  190.507111][ T7684]  ? fput+0x9b/0xd0
[  190.507133][ T7684]  ? ksys_write+0x1ac/0x250
[  190.507158][ T7684]  ? __pfx_ksys_write+0x10/0x10
[  190.507183][ T7684]  do_syscall_64+0xcd/0x4e0
[  190.507208][ T7684]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  190.507225][ T7684] RIP: 0033:0x7fe22fb8eba9
[  190.507240][ T7684] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  190.507256][ T7684] RSP: 002b:00007fe230a55038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  190.507273][ T7684] RAX: ffffffffffffffda RBX: 00007fe22fdd6090 RCX: 00007fe22fb8eba9
[  190.507284][ T7684] RDX: 0000000000000000 RSI: 00000000000047ba RDI: 000000000000000b
[  190.507294][ T7684] RBP: 00007fe230a55090 R08: 0000000000000000 R09: 0000000000000000
[  190.507303][ T7684] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  190.507313][ T7684] R13: 00007fe22fdd6128 R14: 00007fe22fdd6090 R15: 00007ffc87a83668
[  190.507336][ T7684]  </TASK>
[  191.482587][ T1206] usb 1-1: USB disconnect, device number 12
[  191.485608][ T7688] netlink: 8 bytes leftover after parsing attributes in process `syz.1.456'.
[  191.530140][    C0] vkms_vblank_simulate: vblank timer overrun
[  191.541876][   T30] audit: type=1400 audit(1757821070.087:364): avc:  denied  { bind } for  pid=7677 comm="syz.4.453" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  191.541920][   T30] audit: type=1400 audit(1757821070.087:365): avc:  denied  { listen } for  pid=7677 comm="syz.4.453" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  191.813570][    C0] vkms_vblank_simulate: vblank timer overrun
[  191.843491][   T30] audit: type=1400 audit(1757821070.397:366): avc:  denied  { accept } for  pid=7692 comm="syz.1.459" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  192.241191][ T7694] overlayfs: upper fs does not support file handles, falling back to index=off.
[  193.762779][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  193.890175][ T5990] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  193.919329][ T7732] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  194.596840][ T5990] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[  194.611402][ T5990] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  194.623056][ T5990] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  194.635166][ T5990] usb 3-1: Product: syz
[  194.645040][ T5990] usb 3-1: Manufacturer: syz
[  194.656177][ T5990] usb 3-1: SerialNumber: syz
[  194.668247][ T5990] usb 3-1: config 0 descriptor??
[  194.868959][ T7743] netlink: 12 bytes leftover after parsing attributes in process `syz.1.472'.
[  194.880011][ T7744] netlink: 96 bytes leftover after parsing attributes in process `syz.4.471'.
[  196.020192][ T5914] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  196.330186][   T30] audit: type=1400 audit(1757821074.827:367): avc:  denied  { lock } for  pid=7757 comm="syz.3.477" path="socket:[16313]" dev="sockfs" ino=16313 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1
[  196.353763][    C1] vkms_vblank_simulate: vblank timer overrun
[  196.779234][ T5990] usb 3-1: USB disconnect, device number 9
[  196.820294][ T5914] usb 5-1: Using ep0 maxpacket: 8
[  196.834457][ T6744] udevd[6744]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  196.862731][ T5914] usb 5-1: config 0 interface 0 altsetting 3 endpoint 0x81 has invalid wMaxPacketSize 0
[  196.883943][ T5914] usb 5-1: config 0 interface 0 has no altsetting 0
[  196.900174][ T5914] usb 5-1: New USB device found, idVendor=06cb, idProduct=73f6, bcdDevice= 0.00
[  196.927285][ T5914] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  196.943037][ T5914] usb 5-1: config 0 descriptor??
[  196.992189][ T7762] syz_tun: entered allmulticast mode
[  197.413169][ T7761] syz_tun: left allmulticast mode
[  197.593600][ T5914] itetech 0003:06CB:73F6.0001: hidraw0: USB HID v0.00 Device [HID 06cb:73f6] on usb-dummy_hcd.4-1/input0
[  197.615237][ T7756] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  197.643380][ T7756] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  197.685325][ T5914] usb 5-1: USB disconnect, device number 12
[  198.959761][ T7774] fido_id[7774]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory
[  199.084993][ T7791] netlink: 8 bytes leftover after parsing attributes in process `syz.4.485'.
[  199.090425][ T7792] FAULT_INJECTION: forcing a failure.
[  199.090425][ T7792] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  199.198777][ T7792] CPU: 1 UID: 0 PID: 7792 Comm: syz.1.487 Not tainted syzkaller #0 PREEMPT(full) 
[  199.198798][ T7792] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  199.198806][ T7792] Call Trace:
[  199.198810][ T7792]  <TASK>
[  199.198816][ T7792]  dump_stack_lvl+0x16c/0x1f0
[  199.198838][ T7792]  should_fail_ex+0x512/0x640
[  199.198859][ T7792]  _copy_to_user+0x32/0xd0
[  199.198880][ T7792]  simple_read_from_buffer+0xcb/0x170
[  199.198898][ T7792]  proc_fail_nth_read+0x197/0x240
[  199.198915][ T7792]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  199.198935][ T7792]  ? rw_verify_area+0xcf/0x6c0
[  199.198959][ T7792]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  199.198978][ T7792]  vfs_read+0x1e4/0xcf0
[  199.198997][ T7792]  ? __pfx___mutex_lock+0x10/0x10
[  199.199020][ T7792]  ? __pfx_vfs_read+0x10/0x10
[  199.199042][ T7792]  ? __fget_files+0x20e/0x3c0
[  199.199068][ T7792]  ksys_read+0x12a/0x250
[  199.199092][ T7792]  ? __pfx_ksys_read+0x10/0x10
[  199.199110][ T7792]  ? fdget+0x187/0x210
[  199.199132][ T7792]  do_syscall_64+0xcd/0x4e0
[  199.199156][ T7792]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  199.199173][ T7792] RIP: 0033:0x7fee48f8d5bc
[  199.199186][ T7792] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  199.199202][ T7792] RSP: 002b:00007fee49dad030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  199.199218][ T7792] RAX: ffffffffffffffda RBX: 00007fee491d5fa0 RCX: 00007fee48f8d5bc
[  199.199228][ T7792] RDX: 000000000000000f RSI: 00007fee49dad0a0 RDI: 0000000000000003
[  199.199238][ T7792] RBP: 00007fee49dad090 R08: 0000000000000000 R09: 0000000000000000
[  199.199248][ T7792] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  199.199257][ T7792] R13: 00007fee491d6038 R14: 00007fee491d5fa0 R15: 00007ffc9d4e6f08
[  199.199277][ T7792]  </TASK>
[  199.381880][    C1] vkms_vblank_simulate: vblank timer overrun
[  199.422634][ T7791] netlink: 8 bytes leftover after parsing attributes in process `syz.4.485'.
[  199.522425][ T7802] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  200.381677][ T7818] befs: (nullb0): No write support. Marking filesystem read-only
[  200.396351][ T7818] befs: (nullb0): invalid magic header
[  200.407980][ T7818] netlink: 12 bytes leftover after parsing attributes in process `syz.3.494'.
[  200.480249][ T5956] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  200.721692][ T5956] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[  200.766397][ T5956] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  200.895107][ T5956] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  200.957407][ T5956] usb 5-1: Product: syz
[  201.590811][ T5956] usb 5-1: Manufacturer: syz
[  201.693347][ T5956] usb 5-1: SerialNumber: syz
[  201.717983][ T5956] usb 5-1: config 0 descriptor??
[  201.836014][ T7829] FAULT_INJECTION: forcing a failure.
[  201.836014][ T7829] name failslab, interval 1, probability 0, space 0, times 0
[  201.849463][ T7829] CPU: 1 UID: 0 PID: 7829 Comm: syz.0.496 Not tainted syzkaller #0 PREEMPT(full) 
[  201.849487][ T7829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  201.849497][ T7829] Call Trace:
[  201.849503][ T7829]  <TASK>
[  201.849510][ T7829]  dump_stack_lvl+0x16c/0x1f0
[  201.849536][ T7829]  should_fail_ex+0x512/0x640
[  201.849558][ T7829]  ? __kmalloc_noprof+0xbf/0x510
[  201.849578][ T7829]  ? sock_kmalloc+0x111/0x170
[  201.849600][ T7829]  should_failslab+0xc2/0x120
[  201.849620][ T7829]  __kmalloc_noprof+0xd2/0x510
[  201.849643][ T7829]  sock_kmalloc+0x111/0x170
[  201.849669][ T7829]  __tcp_md5_do_add+0x13b/0x530
[  201.849700][ T7829]  tcp_md5_do_add+0xae/0x470
[  201.849722][ T7829]  tcp_v6_parse_md5_keys+0x67b/0x860
[  201.849744][ T7829]  ? __pfx_tcp_v6_parse_md5_keys+0x10/0x10
[  201.849761][ T7829]  ? __lock_acquire+0xb97/0x1ce0
[  201.849810][ T7829]  ? __pfx_tcp_v6_parse_md5_keys+0x10/0x10
[  201.849833][ T7829]  do_tcp_setsockopt+0xb90/0x2640
[  201.849858][ T7829]  ? __pfx_do_tcp_setsockopt+0x10/0x10
[  201.849883][ T7829]  ? sock_has_perm+0x259/0x2f0
[  201.849904][ T7829]  ? __pfx_sock_has_perm+0x10/0x10
[  201.849925][ T7829]  ? selinux_netlbl_socket_setsockopt+0x183/0x470
[  201.849951][ T7829]  ? __pfx_selinux_netlbl_socket_setsockopt+0x10/0x10
[  201.849982][ T7829]  ? find_held_lock+0x2b/0x80
[  201.850007][ T7829]  tcp_setsockopt+0xe2/0x100
[  201.850029][ T7829]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  201.850060][ T7829]  do_sock_setsockopt+0xf0/0x1d0
[  201.850087][ T7829]  __sys_setsockopt+0x1a0/0x230
[  201.850111][ T7829]  __x64_sys_setsockopt+0xbd/0x160
[  201.850129][ T7829]  ? do_syscall_64+0x91/0x4e0
[  201.850152][ T7829]  ? lockdep_hardirqs_on+0x7c/0x110
[  201.850172][ T7829]  do_syscall_64+0xcd/0x4e0
[  201.850195][ T7829]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  201.850213][ T7829] RIP: 0033:0x7ff2c4b8eba9
[  201.850227][ T7829] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  201.850244][ T7829] RSP: 002b:00007ff2c5abb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  201.850262][ T7829] RAX: ffffffffffffffda RBX: 00007ff2c4dd6180 RCX: 00007ff2c4b8eba9
[  201.850273][ T7829] RDX: 000000000000000e RSI: 0000000000000006 RDI: 0000000000000007
[  201.850282][ T7829] RBP: 00007ff2c5abb090 R08: 00000000000000d8 R09: 0000000000000000
[  201.850293][ T7829] R10: 00002000000010c0 R11: 0000000000000246 R12: 0000000000000002
[  201.850302][ T7829] R13: 00007ff2c4dd6218 R14: 00007ff2c4dd6180 R15: 00007ffd0bd1bd48
[  201.850325][ T7829]  </TASK>
[  202.223847][   T30] audit: type=1400 audit(1757821080.777:368): avc:  denied  { read } for  pid=7831 comm="syz.1.497" name="usbmon7" dev="devtmpfs" ino=737 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  202.246970][    C0] vkms_vblank_simulate: vblank timer overrun
[  202.295490][   T30] audit: type=1400 audit(1757821080.777:369): avc:  denied  { open } for  pid=7831 comm="syz.1.497" path="/dev/usbmon7" dev="devtmpfs" ino=737 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  202.384357][   T30] audit: type=1400 audit(1757821080.817:370): avc:  denied  { append } for  pid=7831 comm="syz.1.497" name="001" dev="devtmpfs" ino=739 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  202.834974][ T7846] netlink: 'syz.3.501': attribute type 1 has an invalid length.
[  202.871013][ T7847] netlink: 44 bytes leftover after parsing attributes in process `syz.3.501'.
[  202.925295][ T5956] usb 5-1: USB disconnect, device number 13
[  202.961087][ T7846] 8021q: adding VLAN 0 to HW filter on device bond1
[  203.039832][ T7854] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  203.059389][   T30] audit: type=1400 audit(1757821081.607:371): avc:  denied  { getopt } for  pid=7853 comm="syz.1.503" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  203.079464][    C0] vkms_vblank_simulate: vblank timer overrun
[  203.097027][ T5991] udevd[5991]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  203.171998][ T7847] fuse: Unknown parameter 'fdà 
[  203.171998][ T7847] cç'
[  203.180270][ T7856] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  203.407155][ T7864] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=7864 comm=syz.1.506
[  203.825145][   T30] audit: type=1400 audit(1757821082.377:372): avc:  denied  { bind } for  pid=7855 comm="syz.0.505" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  203.844170][    C0] vkms_vblank_simulate: vblank timer overrun
[  203.873528][ T7868] netlink: 8 bytes leftover after parsing attributes in process `syz.3.507'.
[  203.885385][ T7869] netlink: 4 bytes leftover after parsing attributes in process `syz.0.505'.
[  203.942561][ T7871] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  204.575289][   T30] audit: type=1400 audit(1757821083.047:373): avc:  denied  { name_bind } for  pid=7879 comm="syz.3.512" src=20004 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1
[  206.067095][ T7899] FAULT_INJECTION: forcing a failure.
[  206.067095][ T7899] name failslab, interval 1, probability 0, space 0, times 0
[  206.080234][ T7899] CPU: 0 UID: 0 PID: 7899 Comm: syz.0.514 Not tainted syzkaller #0 PREEMPT(full) 
[  206.080257][ T7899] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  206.080267][ T7899] Call Trace:
[  206.080272][ T7899]  <TASK>
[  206.080279][ T7899]  dump_stack_lvl+0x16c/0x1f0
[  206.080305][ T7899]  should_fail_ex+0x512/0x640
[  206.080326][ T7899]  ? __kmalloc_noprof+0xbf/0x510
[  206.080346][ T7899]  ? sock_kmalloc+0x111/0x170
[  206.080370][ T7899]  should_failslab+0xc2/0x120
[  206.080391][ T7899]  __kmalloc_noprof+0xd2/0x510
[  206.080415][ T7899]  sock_kmalloc+0x111/0x170
[  206.080441][ T7899]  alg_setsockopt+0x390/0xdd0
[  206.080464][ T7899]  ? __pfx_alg_setsockopt+0x10/0x10
[  206.080486][ T7899]  ? selinux_socket_setsockopt+0x6a/0x80
[  206.080509][ T7899]  ? __pfx_alg_setsockopt+0x10/0x10
[  206.080530][ T7899]  do_sock_setsockopt+0xf0/0x1d0
[  206.080558][ T7899]  __sys_setsockopt+0x1a0/0x230
[  206.080583][ T7899]  __x64_sys_setsockopt+0xbd/0x160
[  206.080602][ T7899]  ? do_syscall_64+0x91/0x4e0
[  206.080623][ T7899]  ? lockdep_hardirqs_on+0x7c/0x110
[  206.080644][ T7899]  do_syscall_64+0xcd/0x4e0
[  206.080669][ T7899]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  206.080686][ T7899] RIP: 0033:0x7ff2c4b8eba9
[  206.080701][ T7899] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  206.080718][ T7899] RSP: 002b:00007ff2c5adc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  206.080735][ T7899] RAX: ffffffffffffffda RBX: 00007ff2c4dd6090 RCX: 00007ff2c4b8eba9
[  206.080747][ T7899] RDX: 0000000000000001 RSI: 0000000000000117 RDI: 0000000000000008
[  206.080757][ T7899] RBP: 00007ff2c5adc090 R08: 0000000000000023 R09: 0000000000000000
[  206.080768][ T7899] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000001
[  206.080778][ T7899] R13: 00007ff2c4dd6128 R14: 00007ff2c4dd6090 R15: 00007ffd0bd1bd48
[  206.080802][ T7899]  </TASK>
[  206.278727][    C0] vkms_vblank_simulate: vblank timer overrun
[  206.460785][ T5921] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  206.551094][ T5956] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  206.780158][ T5990] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  207.036095][ T5990] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  207.046435][ T5990] usb 2-1: config 0 has no interfaces?
[  207.055180][ T5990] usb 2-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32
[  207.064673][ T5990] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  207.075481][ T5990] usb 2-1: Product: syz
[  207.082780][ T5990] usb 2-1: Manufacturer: syz
[  207.092388][ T5990] usb 2-1: SerialNumber: syz
[  207.098495][ T5990] usb 2-1: config 0 descriptor??
[  207.110122][ T5921] usb 5-1: Using ep0 maxpacket: 32
[  207.117825][ T5921] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  207.132070][ T5921] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  207.141987][ T5921] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  207.156074][ T5921] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  207.165619][ T5921] usb 5-1: config 0 descriptor??
[  207.171147][ T5956] usb 4-1: Using ep0 maxpacket: 8
[  207.179549][ T5921] hub 5-1:0.0: USB hub found
[  207.185216][ T5956] usb 4-1: config 135 has an invalid interface number: 230 but max is 0
[  207.194214][ T5956] usb 4-1: config 135 has an invalid descriptor of length 0, skipping remainder of the config
[  207.206522][ T5956] usb 4-1: config 135 has no interface number 0
[  207.213463][ T5956] usb 4-1: config 135 interface 230 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  207.229677][ T5956] usb 4-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=3f.3a
[  207.240381][ T5956] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  207.269468][ T5956] usb 4-1: Product: syz
[  207.274282][ T5956] usb 4-1: Manufacturer: syz
[  207.279011][ T5956] usb 4-1: SerialNumber: syz
[  207.290975][ T5956] uvcvideo 4-1:135.230: probe with driver uvcvideo failed with error -22
[  207.340964][   T24] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  207.368105][   T30] audit: type=1400 audit(1757821085.917:374): avc:  denied  { create } for  pid=7913 comm="syz.0.523" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_scsitransport_socket permissive=1
[  207.495100][ T5921] hub 5-1:0.0: config failed, can't read hub descriptor (err -22)
[  207.578024][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  207.589043][   T24] usb 3-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00
[  207.612914][   T30] audit: type=1400 audit(1757821086.167:375): avc:  denied  { write } for  pid=7913 comm="syz.0.523" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_scsitransport_socket permissive=1
[  207.634528][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  207.941794][ T7885] netlink: 28 bytes leftover after parsing attributes in process `syz.4.513'.
[  208.565802][   T24] usb 3-1: config 0 descriptor??
[  208.566976][ T7885] netlink: 196 bytes leftover after parsing attributes in process `syz.4.513'.
[  208.575069][ T5921] hid-generic 0003:046D:C31C.0002: item fetching failed at offset 0/1
[  208.581580][ T7885] netlink: 28 bytes leftover after parsing attributes in process `syz.4.513'.
[  208.731824][ T7921] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  208.745675][   T30] audit: type=1400 audit(1757821087.217:376): avc:  denied  { create } for  pid=7906 comm="syz.1.521" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[  208.872435][ T7921] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  208.903100][ T7885] netlink: 196 bytes leftover after parsing attributes in process `syz.4.513'.
[  210.181336][    T9] usb 4-1: USB disconnect, device number 11
[  210.468164][ T5921] hid-generic 0003:046D:C31C.0002: probe with driver hid-generic failed with error -22
[  210.478345][   T24] lenovo 0003:17EF:6047.0003: hidraw0: USB HID v0.00 Device [HID 17ef:6047] on usb-dummy_hcd.2-1/input0
[  210.500222][   T24] lenovo 0003:17EF:6047.0003: Failed to switch F7/9/11 mode: -71
[  210.508578][   T24] lenovo 0003:17EF:6047.0003: Failed to switch middle button: -71
[  210.519677][ T5921] usb 5-1: USB disconnect, device number 14
[  210.526234][   T24] lenovo 0003:17EF:6047.0003: Fn-lock setting failed: -71
[  210.534362][   T24] lenovo 0003:17EF:6047.0003: Sensitivity setting failed: -71
[  210.547895][   T24] usb 3-1: USB disconnect, device number 10
[  210.749789][ T7936] fido_id[7936]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory
[  210.792441][ T7941] netlink: 68 bytes leftover after parsing attributes in process `syz.3.528'.
[  211.320472][ T7950] netlink: 4 bytes leftover after parsing attributes in process `syz.2.531'.
[  211.582266][ T5921] usb 2-1: USB disconnect, device number 13
[  212.290889][    T9] usb 3-1: new low-speed USB device number 11 using dummy_hcd
[  212.300176][ T5921] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  212.339657][ T7967] binder: 7966:7967 ioctl c00c620f 2000000003c0 returned -22
[  212.460211][ T5921] usb 2-1: Using ep0 maxpacket: 16
[  212.460563][    T9] usb 3-1: device descriptor read/64, error -71
[  212.476263][ T5921] usb 2-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  212.487637][   T24] usb 4-1: new full-speed USB device number 12 using dummy_hcd
[  212.496378][ T5921] usb 2-1: config 0 interface 0 has no altsetting 0
[  212.505275][ T5921] usb 2-1: New USB device found, idVendor=046d, idProduct=c219, bcdDevice= 0.00
[  212.543896][   T30] audit: type=1400 audit(1757821091.097:377): avc:  denied  { read } for  pid=7968 comm="syz.4.537" lport=1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  212.608390][ T5921] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  212.627213][ T5921] usb 2-1: config 0 descriptor??
[  212.687044][   T24] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  212.699351][   T24] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 127, setting to 64
[  212.716691][   T24] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 65535, setting to 64
[  212.728231][   T24] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  212.730573][    T9] usb 3-1: new low-speed USB device number 12 using dummy_hcd
[  212.739738][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  212.799437][   T30] audit: type=1400 audit(1757821091.347:378): avc:  denied  { open } for  pid=7973 comm="syz.0.539" path="/dev/ptyq4" dev="devtmpfs" ino=123 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1
[  212.834385][ T7964] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[  212.844374][ T7964] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[  212.853697][   T30] audit: type=1400 audit(1757821091.407:379): avc:  denied  { append } for  pid=7973 comm="syz.0.539" name="usbmon0" dev="devtmpfs" ino=716 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  212.886054][   T24] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  212.888509][   T30] audit: type=1400 audit(1757821091.437:380): avc:  denied  { ioctl } for  pid=7973 comm="syz.0.539" path="/dev/usbmon0" dev="devtmpfs" ino=716 ioctlcmd=0x9207 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  212.920148][    T9] usb 3-1: device descriptor read/64, error -71
[  212.950526][   T30] audit: type=1400 audit(1757821091.497:381): avc:  denied  { connect } for  pid=7973 comm="syz.0.539" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  212.999346][   T30] audit: type=1400 audit(1757821091.547:382): avc:  denied  { read } for  pid=7973 comm="syz.0.539" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  213.041006][    T9] usb usb3-port1: attempt power cycle
[  213.127109][ T5921] logitech 0003:046D:C219.0004: unknown main item tag 0x0
[  213.184362][   T30] audit: type=1400 audit(1757821091.697:383): avc:  denied  { ioctl } for  pid=7973 comm="syz.0.539" path="/dev/ptyq4" dev="devtmpfs" ino=123 ioctlcmd=0x5423 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1
[  213.187068][ T5921] logitech 0003:046D:C219.0004: unknown main item tag 0x0
[  213.358723][ T5921] logitech 0003:046D:C219.0004: unknown main item tag 0x0
[  213.386765][ T5921] logitech 0003:046D:C219.0004: unknown main item tag 0x0
[  213.390118][    T9] usb 3-1: new low-speed USB device number 13 using dummy_hcd
[  213.394267][ T5921] logitech 0003:046D:C219.0004: unknown main item tag 0x0
[  213.431732][    T9] usb 3-1: device descriptor read/8, error -71
[  213.442457][ T5921] logitech 0003:046D:C219.0004: hidraw0: USB HID v0.05 Device [HID 046d:c219] on usb-dummy_hcd.1-1/input0
[  213.596246][ T5921] logitech 0003:046D:C219.0004: no inputs found
[  213.636650][ T5921] usb 2-1: USB disconnect, device number 14
[  213.670626][ T5914] usb 4-1: USB disconnect, device number 12
[  213.703960][ T7983] netlink: 'syz.4.540': attribute type 1 has an invalid length.
[  213.703981][ T7983] netlink: 224 bytes leftover after parsing attributes in process `syz.4.540'.
[  213.715665][    T9] usb 3-1: new low-speed USB device number 14 using dummy_hcd
[  213.734435][    T9] usb 3-1: device descriptor read/8, error -71
[  213.840421][    T9] usb usb3-port1: unable to enumerate USB device
[  213.842653][ T5851] Bluetooth: hci3: Malformed HCI Event: 0x22
[  214.690178][ T5956] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  214.748775][ T7996] netlink: 8 bytes leftover after parsing attributes in process `syz.2.545'.
[  214.880503][ T5956] usb 2-1: Using ep0 maxpacket: 32
[  215.103479][ T5956] usb 2-1: unable to get BOS descriptor or descriptor too short
[  215.124937][ T5956] usb 2-1: config 5 has an invalid interface number: 52 but max is 0
[  215.140004][ T5956] usb 2-1: config 5 has no interface number 0
[  215.150521][  T977] usb 3-1: new full-speed USB device number 15 using dummy_hcd
[  215.162215][ T5956] usb 2-1: config 5 interface 52 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 1024
[  215.194190][ T5956] usb 2-1: New USB device found, idVendor=16ca, idProduct=1502, bcdDevice=51.58
[  215.222779][ T5956] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  215.231189][ T5956] usb 2-1: SerialNumber: ь
[  215.258189][ T7989] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  215.304131][  T977] usb 3-1: New USB device found, idVendor=0b48, idProduct=3007, bcdDevice=4f.64
[  215.313319][  T977] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  215.327357][  T977] usb 3-1: Product: syz
[  215.334437][  T977] usb 3-1: Manufacturer: syz
[  215.340325][  T977] usb 3-1: SerialNumber: syz
[  215.367557][  T977] usb 3-1: config 0 descriptor??
[  215.384607][  T977] dvb-usb: found a 'Technotrend TT Connect S2-3600' in warm state.
[  215.393245][  T977] pctv452e: pctv452e_power_ctrl: 1
[  215.393245][  T977] 
[  215.401431][  T977] usb 3-1: selecting invalid altsetting 3
[  215.407375][  T977] pctv452e: pctv452e_power_ctrl: Warning set interface returned: -22
[  215.407375][  T977] 
[  215.429100][  T977] dvb-usb: bulk message failed: -22 (5/0)
[  215.462232][  T977] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  215.504243][ T7989] misc userio: Can't change port type on an already running userio instance
[  215.517815][  T977] dvb-usb: Technotrend TT Connect S2-3600 error while loading driver (-19)
[  215.546376][ T7989] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem
[  215.617828][  T977] usb 3-1: USB disconnect, device number 15
[  215.650363][   T30] audit: type=1400 audit(1757821094.197:384): avc:  denied  { create } for  pid=8004 comm="syz.3.547" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmpvc_socket permissive=1
[  216.419957][   T30] audit: type=1400 audit(1757821094.967:385): avc:  denied  { read } for  pid=8020 comm="syz.3.551" name="mouse0" dev="devtmpfs" ino=997 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  216.450873][   T30] audit: type=1400 audit(1757821094.967:386): avc:  denied  { open } for  pid=8020 comm="syz.3.551" path="/dev/input/mouse0" dev="devtmpfs" ino=997 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  217.168686][ T8031] netlink: 12 bytes leftover after parsing attributes in process `syz.0.555'.
[  217.381886][ T5955] usb 3-1: new full-speed USB device number 16 using dummy_hcd
[  217.573960][ T5955] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  217.585925][ T5955] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 127, setting to 64
[  217.613640][ T5955] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 65535, setting to 64
[  217.626499][ T5955] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  217.635972][ T5955] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  217.651839][ T8033] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  217.674412][ T8033] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  217.719407][ T5955] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  219.469114][ T5956] aircable 2-1:5.52: aircable converter detected
[  219.517262][ T5956] usb 2-1: aircable converter now attached to ttyUSB0
[  219.546247][ T5956] usb 2-1: USB disconnect, device number 15
[  219.585058][ T5956] aircable ttyUSB0: aircable converter now disconnected from ttyUSB0
[  219.599034][   T30] audit: type=1400 audit(1757821098.157:387): avc:  denied  { append } for  pid=8047 comm="syz.4.560" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  220.170097][   T30] audit: type=1400 audit(1757821098.517:388): avc:  denied  { bind } for  pid=8050 comm="syz.0.562" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  220.502923][ T5956] aircable 2-1:5.52: device disconnected
[  220.521946][   T30] audit: type=1400 audit(1757821098.517:389): avc:  denied  { name_bind } for  pid=8050 comm="syz.0.562" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1
[  220.587366][   T30] audit: type=1400 audit(1757821098.517:390): avc:  denied  { node_bind } for  pid=8050 comm="syz.0.562" saddr=::1 src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=sctp_socket permissive=1
[  220.613924][ T5990] usb 3-1: USB disconnect, device number 16
[  222.356284][ T8081] FAULT_INJECTION: forcing a failure.
[  222.356284][ T8081] name failslab, interval 1, probability 0, space 0, times 0
[  222.372048][ T8081] CPU: 0 UID: 0 PID: 8081 Comm: syz.4.572 Not tainted syzkaller #0 PREEMPT(full) 
[  222.372072][ T8081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  222.372082][ T8081] Call Trace:
[  222.372088][ T8081]  <TASK>
[  222.372094][ T8081]  dump_stack_lvl+0x16c/0x1f0
[  222.372121][ T8081]  should_fail_ex+0x512/0x640
[  222.372141][ T8081]  ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0
[  222.372167][ T8081]  should_failslab+0xc2/0x120
[  222.372187][ T8081]  kmem_cache_alloc_lru_noprof+0x72/0x3b0
[  222.372204][ T8081]  ? shmem_alloc_inode+0x25/0x50
[  222.372230][ T8081]  ? __pfx_shmem_alloc_inode+0x10/0x10
[  222.372250][ T8081]  shmem_alloc_inode+0x25/0x50
[  222.372269][ T8081]  alloc_inode+0x64/0x240
[  222.372294][ T8081]  new_inode+0x22/0x1c0
[  222.372319][ T8081]  shmem_get_inode+0x19a/0xfb0
[  222.372346][ T8081]  shmem_mknod+0x1a8/0x450
[  222.372373][ T8081]  vfs_mknod+0x5d7/0x8e0
[  222.372394][ T8081]  do_mknodat+0x30f/0x5d0
[  222.372416][ T8081]  ? __pfx_do_mknodat+0x10/0x10
[  222.372432][ T8081]  ? getname_flags.part.0+0x1c5/0x550
[  222.372462][ T8081]  __x64_sys_mknod+0x87/0xb0
[  222.372481][ T8081]  do_syscall_64+0xcd/0x4e0
[  222.372504][ T8081]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  222.372521][ T8081] RIP: 0033:0x7f52e178eba9
[  222.372534][ T8081] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  222.372549][ T8081] RSP: 002b:00007f52e2578038 EFLAGS: 00000246 ORIG_RAX: 0000000000000085
[  222.372565][ T8081] RAX: ffffffffffffffda RBX: 00007f52e19d5fa0 RCX: 00007f52e178eba9
[  222.372576][ T8081] RDX: 0000000000000709 RSI: 000000000000608c RDI: 0000200000000200
[  222.372586][ T8081] RBP: 00007f52e2578090 R08: 0000000000000000 R09: 0000000000000000
[  222.372596][ T8081] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  222.372606][ T8081] R13: 00007f52e19d6038 R14: 00007f52e19d5fa0 R15: 00007ffc4a0a33b8
[  222.372629][ T8081]  </TASK>
[  222.470588][ T5956] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  222.737185][ T8089] netlink: 20 bytes leftover after parsing attributes in process `syz.3.575'.
[  223.011797][ T5956] usb 3-1: config 4 has an invalid interface number: 39 but max is 1
[  223.021687][ T5956] usb 3-1: config 4 has an invalid interface number: 49 but max is 1
[  223.029755][ T5956] usb 3-1: config 4 has no interface number 0
[  223.076202][ T5956] usb 3-1: config 4 has no interface number 1
[  223.496832][ T5956] usb 3-1: config 4 interface 39 has no altsetting 0
[  223.504161][ T5956] usb 3-1: config 4 interface 49 has no altsetting 0
[  223.514115][ T5956] usb 3-1: New USB device found, idVendor=05e3, idProduct=0503, bcdDevice=25.79
[  223.525257][ T5956] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  223.534437][ T5956] usb 3-1: Product: syz
[  223.543434][ T5956] usb 3-1: Manufacturer: syz
[  223.548087][ T5956] usb 3-1: SerialNumber: syz
[  223.777821][ T5914] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  223.789509][ T5956] usb 3-1: USB disconnect, device number 17
[  223.918941][ T8109] v: renamed from ipvlan0
[  223.950249][ T5914] usb 4-1: Using ep0 maxpacket: 16
[  223.958977][ T5914] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  223.986628][ T5914] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  223.999518][ T5914] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  224.035293][ T5914] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  224.102734][ T8115] nfs: Unknown parameter '$'
[  224.136799][ T5914] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  224.149654][ T8115] ntfs3(nbd4): try to read out of volume at offset 0x0
[  224.196183][ T8115] netlink: 12 bytes leftover after parsing attributes in process `syz.4.583'.
[  224.210296][ T5914] usb 4-1: config 0 descriptor??
[  224.429335][ T8121] netlink: 8 bytes leftover after parsing attributes in process `syz.1.585'.
[  225.099297][ T8124] syzkaller0: entered promiscuous mode
[  225.105038][ T8124] syzkaller0: entered allmulticast mode
[  225.122307][   T30] audit: type=1400 audit(1757821103.667:391): avc:  denied  { setopt } for  pid=8103 comm="syz.3.580" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  225.143892][ T8104] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  225.152552][ T8104] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  225.258892][ T5914] usbhid 4-1:0.0: can't add hid device: -71
[  225.276523][ T5914] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  225.302051][ T5914] usb 4-1: USB disconnect, device number 13
[  225.499086][ T8139] overlayfs: failed to resolve './file0': -2
[  226.454629][   T30] audit: type=1400 audit(1757821104.987:392): avc:  denied  { block_suspend } for  pid=8143 comm="syz.3.592" capability=36  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  226.670313][ T5990] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  226.830930][ T5990] usb 1-1: Using ep0 maxpacket: 8
[  226.839542][ T5990] usb 1-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  226.868365][ T5990] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  226.906788][ T5990] usb 1-1: config 0 descriptor??
[  227.208410][ T5990] asix 1-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random
[  227.820379][ T5851] Oops: general protection fault, probably for non-canonical address 0xdffffc000000004b: 0000 [#1] SMP KASAN NOPTI
[  227.820920][ T5990] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  227.832459][ T5851] KASAN: null-ptr-deref in range [0x0000000000000258-0x000000000000025f]
[  227.832482][ T5851] CPU: 1 UID: 0 PID: 5851 Comm: kworker/u9:3 Not tainted syzkaller #0 PREEMPT(full) 
[  227.832504][ T5851] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  227.870363][ T5851] Workqueue: hci4 hci_rx_work
[  227.875031][ T5851] RIP: 0010:kasan_byte_accessible+0x15/0x30
[  227.880917][ T5851] Code: 00 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 48 b8 00 00 00 00 00 fc ff df 48 c1 ef 03 48 01 c7 <0f> b6 07 3c 07 0f 96 c0 c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00
[  227.900509][ T5851] RSP: 0018:ffffc90003f9f728 EFLAGS: 00010286
[  227.906553][ T5851] RAX: dffffc0000000000 RBX: 0000000000000258 RCX: 0000000000000000
[  227.914499][ T5851] RDX: 0000000000000000 RSI: ffffffff8965c0c1 RDI: dffffc000000004b
[  227.922447][ T5851] RBP: 0000000000000258 R08: 0000000000000001 R09: 0000000000000000
[  227.930398][ T5851] R10: ffffc90003f9f818 R11: 0000000000000000 R12: ffffffff8965c0c1
[  227.938350][ T5851] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  227.946305][ T5851] FS:  0000000000000000(0000) GS:ffff8881247b4000(0000) knlGS:0000000000000000
[  227.955214][ T5851] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  227.961775][ T5851] CR2: 0000001b320faff8 CR3: 000000004d9db000 CR4: 00000000003526f0
[  227.969728][ T5851] Call Trace:
[  227.972985][ T5851]  <TASK>
[  227.975898][ T5851]  __kasan_check_byte+0x13/0x50
[  227.980732][ T5851]  lock_acquire+0xfc/0x350
[  227.985128][ T5851]  lock_sock_nested+0x41/0xf0
[  227.989786][ T5851]  ? l2cap_sock_new_connection_cb+0x4c/0x240
[  227.995752][ T5851]  l2cap_sock_new_connection_cb+0x4c/0x240
[  228.001542][ T5851]  l2cap_connect_cfm+0x4c4/0xf80
[  228.006461][ T5851]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  228.011898][ T5851]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  228.017334][ T5851]  le_conn_complete_evt+0x1665/0x1d70
[  228.022687][ T5851]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  228.028383][ T5851]  ? hci_event_packet+0x459/0x11c0
[  228.033475][ T5851]  hci_le_conn_complete_evt+0x23c/0x370
[  228.039005][ T5851]  hci_le_meta_evt+0x357/0x5e0
[  228.043768][ T5851]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  228.049815][ T5851]  hci_event_packet+0x682/0x11c0
[  228.054728][ T5851]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  228.059994][ T5851]  ? __pfx_hci_event_packet+0x10/0x10
[  228.065345][ T5851]  ? kcov_remote_start+0x3c9/0x6d0
[  228.070434][ T5851]  ? lockdep_hardirqs_on+0x7c/0x110
[  228.075611][ T5851]  hci_rx_work+0x2c5/0x16b0
[  228.080094][ T5851]  ? rcu_is_watching+0x12/0xc0
[  228.084839][ T5851]  process_one_work+0x9cc/0x1b70
[  228.089761][ T5851]  ? __pfx_process_one_work+0x10/0x10
[  228.095114][ T5851]  ? assign_work+0x1a0/0x250
[  228.099681][ T5851]  worker_thread+0x6c8/0xf10
[  228.104254][ T5851]  ? __pfx_worker_thread+0x10/0x10
[  228.109342][ T5851]  kthread+0x3c2/0x780
[  228.113386][ T5851]  ? __pfx_kthread+0x10/0x10
[  228.117951][ T5851]  ? rcu_is_watching+0x12/0xc0
[  228.122694][ T5851]  ? __pfx_kthread+0x10/0x10
[  228.127260][ T5851]  ret_from_fork+0x56a/0x730
[  228.131823][ T5851]  ? __pfx_kthread+0x10/0x10
[  228.136388][ T5851]  ret_from_fork_asm+0x1a/0x30
[  228.141132][ T5851]  </TASK>
[  228.144124][ T5851] Modules linked in:
[  228.148920][ T5851] ---[ end trace 0000000000000000 ]---
[  228.157563][ T5851] RIP: 0010:kasan_byte_accessible+0x15/0x30
[  228.163730][ T5851] Code: 00 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 48 b8 00 00 00 00 00 fc ff df 48 c1 ef 03 48 01 c7 <0f> b6 07 3c 07 0f 96 c0 c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00
[  228.183603][ T5851] RSP: 0018:ffffc90003f9f728 EFLAGS: 00010286
[  228.189647][ T5851] RAX: dffffc0000000000 RBX: 0000000000000258 RCX: 0000000000000000
[  228.197696][   T30] audit: type=1400 audit(1757821106.717:393): avc:  denied  { read } for  pid=5200 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[  228.219739][ T5851] RDX: 0000000000000000 RSI: ffffffff8965c0c1 RDI: dffffc000000004b
[  228.228099][ T5851] RBP: 0000000000000258 R08: 0000000000000001 R09: 0000000000000000
[  228.236091][ T5851] R10: ffffc90003f9f818 R11: 0000000000000000 R12: ffffffff8965c0c1
[  228.244208][ T5851] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  228.252201][ T5851] FS:  0000000000000000(0000) GS:ffff8881247b4000(0000) knlGS:0000000000000000
[  228.261150][ T5851] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  228.267709][ T5851] CR2: 0000001b320faff8 CR3: 0000000034503000 CR4: 00000000003526f0
[  228.275846][ T5851] Kernel panic - not syncing: Fatal exception
[  228.282083][ T5851] Kernel Offset: disabled
[  228.286378][ T5851] Rebooting in 86400 seconds..