last executing test programs:

30m28.895139702s ago: executing program 4 (id=3337):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETTABLE(r0, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000240)={&(0x7f00000000c0)={0x150, 0x1, 0xa, 0x3, 0x0, 0x0, {0x8, 0x0, 0x6}, [@NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x1}, @NFTA_TABLE_USERDATA={0x33, 0x6, "62527a6b314c7cba29dee274c55cff0e77e85afd522dfc198ae0d7ac8c2e1840fb6b930d859545ffc88f1ae00dce3a"}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_TABLE_USERDATA={0xcb, 0x6, "d30ad9597b8c02a79f5b49e8e5e3301356edf2a5cecaae8826d3a3b713736e1a96dd115845b909b06bcd70f57afa6eeea2d9e11cd02053c92b271624bce91db01b14346cfeb41be29d2f5396f5b58b09cf6a5ed49826a784f67bf35c689dbc9a218f825e0a8ac2be2d5fd21695eb07401d3bebc7c4075773171c1ef98641c72802e5965db3080d45c5faa5962044ea1f94b9e58a46004da0c155930221aa01d1a90baae304fae40d4449d5a2ef3a3e50402ff9e25cd61185b503a83a05309b061ac8dea981a1de"}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x5}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x150}, 0x1, 0x0, 0x0, 0x4000}, 0x4008004)

30m28.711520342s ago: executing program 4 (id=3341):
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000006c0)=@newqdisc={0x44, 0x24, 0x3fe3aa0262d8c583, 0x1000000, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x14, 0x2, [@TCA_CAKE_FWMARK={0x8, 0x12, 0x8}, @TCA_CAKE_SPLIT_GSO={0x8}]}}]}, 0x44}}, 0x44)

30m28.089126438s ago: executing program 4 (id=3345):
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x9, 0x5d032, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5})
ioctl$UFFDIO_CONTINUE(r0, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)

30m27.930098944s ago: executing program 4 (id=3346):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='huge=always,size=8'])
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x109041, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x81105a, 0x0)
mount$bind(&(0x7f0000000880)='./file0/../file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x1adc11, 0x0)
mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f0000000080)='./file0/file0/file0\x00', 0x0, 0x887008, 0x0)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r0, &(0x7f0000006b40)={0x2020}, 0x206e)

30m27.061023213s ago: executing program 4 (id=3350):
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x1b, 0x0, 0x0, 0x8000, 0xc018, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @value, @void, @void, @value}, 0x50)
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_open_dev$video4linux(&(0x7f0000000280), 0x9, 0x200)
r2 = gettid()
syz_open_procfs(r2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket(0xf, 0x6, 0x80000)
socket(0x10, 0x3, 0x0)
r3 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x211000, 0x1000}, 0x20)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000009e0000000000000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r4}, 0x10)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000340)={r5, 0x58, &(0x7f0000000500)}, 0x10)
setsockopt$XDP_RX_RING(r3, 0x11b, 0x2, &(0x7f0000000040)=0x20, 0x4)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000440)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000300)={'ipvlan1\x00'})
setsockopt$XDP_UMEM_FILL_RING(r3, 0x11b, 0x5, 0x0, 0x0)
write(r1, &(0x7f0000000000)="24000099cdcd1a720a594e583909040081b8b71e91b3714ca72ef27175db8e3c00000000", 0x24)
writev(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78)
r7 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$EVIOCGPROP(r7, 0x40047438, &(0x7f0000000180)=""/246)
ioctl$PPPIOCSFLAGS1(r7, 0x40047459, &(0x7f0000000100)=0x2002000)

30m25.718004908s ago: executing program 4 (id=3360):
syz_open_procfs(0x0, &(0x7f0000000000)='net/netstat\x00')
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x2, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="180000004736478b2e03bd0000000041317673b03d0000000000000000ea0000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x26, '\x00', 0x0, @fallback=0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = add_key(&(0x7f0000000000)='big_key\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$read(0xb, r0, &(0x7f0000001300)=""/4096, 0xffffffffffffffd2)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000540))
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x2001, 0x0)
clock_adjtime(0x1, &(0x7f0000000440)={0x0, 0x0, 0x8c1f, 0x0, 0x64f, 0x0, 0x400, 0x7, 0x0, 0x0, 0x0, 0x0, 0x8, 0x2, 0x0, 0xffffffffffff2ea6, 0x5, 0x1, 0x0, 0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000000000})
socket$inet_udp(0x2, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prctl$PR_MCE_KILL(0x21, 0x1, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x0, 0x0, 0x30313953, 0x0, 0xa, [{}, {0x10}, {}, {0xfffffffe}, {}, {}, {0x0, 0xfffffffd}]}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x4, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0)
r2 = syz_open_procfs(0x0, 0x0)
mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB="2c77668d25ffffffffffffeccc5135be8556", @ANYRESHEX=r2, @ANYBLOB=',\x00'])
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000000180)=ANY=[@ANYBLOB="611230000000000061134c0000000000bf2000000000000015000200071b1700bd030100000000009500000000000000bc26080000000000bf67000000000000070300000fff0700670200000300000016060a000ee600f0bf050000000000000f650000000000006507f4ff02000000070700004c0040001f75000000000000bf54000000000000070500000300f9ffad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a82983d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf719506d2d6b05fe7030586"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x200)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x44881)
r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
capset(&(0x7f0000000080)={0x20080522}, &(0x7f0000000300)={0x5ae, 0x41, 0x4, 0xc3, 0x1, 0x4})
sendmsg$netlink(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0)

30m24.164278787s ago: executing program 32 (id=3360):
syz_open_procfs(0x0, &(0x7f0000000000)='net/netstat\x00')
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x2, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="180000004736478b2e03bd0000000041317673b03d0000000000000000ea0000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x26, '\x00', 0x0, @fallback=0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = add_key(&(0x7f0000000000)='big_key\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$read(0xb, r0, &(0x7f0000001300)=""/4096, 0xffffffffffffffd2)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000540))
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x2001, 0x0)
clock_adjtime(0x1, &(0x7f0000000440)={0x0, 0x0, 0x8c1f, 0x0, 0x64f, 0x0, 0x400, 0x7, 0x0, 0x0, 0x0, 0x0, 0x8, 0x2, 0x0, 0xffffffffffff2ea6, 0x5, 0x1, 0x0, 0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000000000})
socket$inet_udp(0x2, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prctl$PR_MCE_KILL(0x21, 0x1, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x0, 0x0, 0x30313953, 0x0, 0xa, [{}, {0x10}, {}, {0xfffffffe}, {}, {}, {0x0, 0xfffffffd}]}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x4, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0)
r2 = syz_open_procfs(0x0, 0x0)
mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB="2c77668d25ffffffffffffeccc5135be8556", @ANYRESHEX=r2, @ANYBLOB=',\x00'])
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000000180)=ANY=[@ANYBLOB="611230000000000061134c0000000000bf2000000000000015000200071b1700bd030100000000009500000000000000bc26080000000000bf67000000000000070300000fff0700670200000300000016060a000ee600f0bf050000000000000f650000000000006507f4ff02000000070700004c0040001f75000000000000bf54000000000000070500000300f9ffad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a82983d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf719506d2d6b05fe7030586"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x200)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x44881)
r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
capset(&(0x7f0000000080)={0x20080522}, &(0x7f0000000300)={0x5ae, 0x41, 0x4, 0xc3, 0x1, 0x4})
sendmsg$netlink(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0)

3m38.467336745s ago: executing program 2 (id=10113):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000940)='hugetlb.2MB.usage_in_bytes\x00', 0x26e1, 0x0)
close(r0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
ioctl$SIOCSIFHWADDR(r0, 0x8b34, &(0x7f0000000000)={'wlan1\x00', @random='\x00(\x00\x00\x00 '})

3m38.305988772s ago: executing program 2 (id=10117):
socket$packet(0x11, 0x0, 0x300)
sched_setscheduler(0x0, 0x1, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1000000, 0x80010, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
io_getevents(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0a00000004000000ff0f00000700000000000000", @ANYRES32, @ANYBLOB, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x800, @void, @value}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=@newlink={0x34, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8, 0x1, r6}]}, @IFLA_GROUP={0x8}]}, 0x34}}, 0x24048180)

3m37.336142198s ago: executing program 2 (id=10119):
socket$nl_rdma(0x10, 0x3, 0x14)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x24}}, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000200)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000080)=@newtfilter={0x6c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0xfffa}, {}, {0x1c, 0xfff9}}, [@filter_kind_options=@f_flower={{0xb}, {0x3c, 0x2, [@TCA_FLOWER_ACT={0x38, 0x3, [@m_connmark={0x34, 0x1, 0x0, 0x0, {{0xd}, {0x4}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}]}]}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x2000080d}, 0x24000000)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)

3m36.980824017s ago: executing program 2 (id=10121):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
bind$netlink(r1, &(0x7f0000000200)={0x10, 0x0, 0x0, 0x80065c9}, 0xc)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x42, &(0x7f0000000540)=@raw={'raw\x00', 0x8, 0x3, 0x390, 0x0, 0x43, 0xa0, 0x2f8, 0x98, 0x2f8, 0x178, 0x178, 0x2f8, 0x178, 0x49, 0x0, {[{{@ip={@empty=0x5107, @local, 0x0, 0x0, 'veth0_to_bond\x00', 'ip6erspan0\x00', {0xff}, {}, 0x9}, 0x12a, 0x190, 0x1b0, 0x0, {0x0, 0x7a010000}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x4, 0x0, 'syz0\x00'}}, @common=@ttl={{0x28}, {0x0, 0xa}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0xe0, 0x148, 0x0, {}, [@common=@unspec=@cluster={{0x30}, {0x2, 0x0, 0x1ff}}, @common=@unspec=@connlimit={{0x40}, {[0xffffff00, 0xff, 0xffffff00, 0xff000000], 0x3, 0x1, {0x4413}}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x10, 0x2, 0xaf76, 0x1, '\x00', 'syz0\x00', {0x7fffffff}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x3f0)

3m36.861925986s ago: executing program 2 (id=10122):
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=ANY=[])
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="300000003e000701fcfffffffddbdf25017c0000100036800c00020004001400000000000c000180060006008e"], 0x30}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r3=>0x0})
connect$can_bcm(r2, &(0x7f00000000c0)={0x1d, r3}, 0x10)
sendmsg$can_bcm(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)={0x1, 0x0, 0x0, {0x0, 0x2710}, {0x77359400}, {}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "a5976ac6acd41fd8"}}, 0x48}}, 0x0)
sendmsg$can_bcm(r2, &(0x7f0000003f40)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="0100000000000000ffffffff00000000", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="0000000001000000020000e00f0300001ed4c87b064aab8733f6c03dee792f0300000000000000b4c9104cfa772fe7006d3202f98a7f6db0dcfa59d70ce12d6040c00429d50e7b3a216f93b339186622"], 0x80}}, 0x4000040)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)=0x10)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_BINDTODEVICE_wg(r6, 0x1, 0x19, &(0x7f00000000c0)='wg0\x00', 0x4)
connect$inet(r6, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10)
io_setup(0x7, &(0x7f0000000000)=<r7=>0x0)
io_submit(r7, 0x6, &(0x7f0000001880)=[&(0x7f0000000300)={0x0, 0x0, 0x0, 0x5, 0x800, r0, &(0x7f00000002c0)="09180028cc9298162f506d3baf7fa16552334115acfa185d3e53a430d575c471593ec7", 0x23, 0x9, 0x0, 0x2}, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x8, 0x4, r1, &(0x7f00000004c0)="3ee3e92f7b93677693ba5dedffeb4a8cc41a7a4b6b9a250bd991e76dd0dba8f2ae745940887c2695ad23080dec603b6ba1a36c5ccfb2f21136bb6f0440f359659e98294455ddc086340c9e932bed9299cace8dd1872b925c1fc072c842fa0a7d77bb0a7013874de3829dd7a1f012a52c1907854a6eb682966dec44b84858e67a90a94953cb02320c2a525e6553ab56b8bd8643487c94f2cf0b6bddc5ba5784afb0a56cde08e54256a3c58eb29f8fde8838d3ec1896fe68d588177a913ed5f56a6175a684d8575616acfe", 0xca, 0x70e, 0x0, 0x1, r5}, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x3, 0x1, r4, &(0x7f00000005c0), 0x0, 0x4, 0x0, 0x2, r5}, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x3, 0x2, r0, &(0x7f0000000640)="a389311e967bbdd0ead2d2672b634bd84215ba7f2cdd360bc2841e7ef3a6cb94df8f0c384a8be2f3dfc47a1eac2464403f44dec571a3504efefc61a0d67e430f3b0480483fa0100318742d6ff446bb845fdcaff898be25bd44c3ef63799a8017d85996e2653efb56750b3e9935b903f51488578937100d25719fcbae1374fde5984a6b93a736b6b0974e081074ec5d918fcaa47e27e08c6c4c3ae83be123333f8f9ae8b6941a004c", 0xa8, 0x686, 0x0, 0x0, r5}, &(0x7f0000001740)={0x0, 0x0, 0x0, 0x7, 0x5, r2, &(0x7f0000000740)="15aba96a66ba5012b4bdd8ad563361d4c0553d28517bf1624226f3f675cf46733054918919ff5160046d3e8d18ef92e96529a351c947387231917b74e21b4e3946686ca6c001c884c3c75033955b2c112ee795ec25fe57cad37eeddc49c06ad2f1e628c725602ea42ac8a3370b5769b0fdcbdc8d2ccc0f1da95bd3cce16672f45a346b42fb86914562baeb7c9e3d7f0701dcb38c5f07cf5e6cf2ffae396a599d8781a76d7713c43785d29acb08671c7454a5bd43e96dedf521605462023226ffbbb20729d32ae3366234083edb29ab28d0e6b59f8b99481b3a3251a0f4991e6ad8b8c4245134c601bd1a656f03dbed707ef072db0d9929f952eecca7ccf61225f7a670123c2f8f2b77c1f1ad905a75af39f27163c1eb6a01b7209ce093998904994f07ddb72f032a352e3f89f4dda5ce8babe5cf5e0e6ab2d6abf217e46e053ee772f6827640964b4c8554a59b1361e6e503bbc5de6368545c5ecbc31e98a26ae1c40127b2347258abd65b902f0bbc82f7a6507c47f69bc08f80ec6fc0dcbc6a87bcfc0d954e9065e89d9d89c9e76ac6b306dc0ecb2ca428c0208bd64e70a5ab6a4cb4f5a11a87fc3ca3fec13258e94d43521587fd834b0fc368c67a908386c999b9e5fc88c8335f9972ae535f63d2fd7dfec2432d537223d6723721b209989f6e8c6b147c3b92e1da5fef9664e4fd980559cf9c7de8172c40b970da7a4175232a81e58663642260095f133e4797a4259af58c095ca8c336622e7188fc996be99b9684002e656992e1448de91b7bd46b27cd8e9677a0e69845367a98e0f76f50881e60977ec6b80e2cb274b51de0134e49a603cf59e43114f57e81bc4c3fe177928e6e227f2f751c12350c22f6806c63bf1eed53a2a496b47e9fccd060757fecd6882f697c99579f2ece0e045e52c522942a0dc555cec1c2f7641280a51720b02f1fac9d1093b167ef115320317b82d3920039d9f4f9e45a7a297f47829d2adb336c193be82b2876d766a0d1d2f9338495754612c997e5dcba6c3e90b9d1582d31e940bdc9be99d5ddc1eed65e32109a7c2118cb1c4c99fed4d90e2900bd81841aadc746af421f9dffdb85794297b5cac8e8c5cef4505a44c15ec215706d9660d8a21e60333fde256b6a6c4cb2a7c13cd050360f9a7681a3c433e581823ae6ad23ebf1dfcb3ea2a3b2aba57e74ce68ed40faf96e31a8c00bfdf85940ab2f050bf5bab840ffe80fa9d5e72b1216c1ee1a6a03f2300dea302d3dae159fbb808406b2c7fba583a5cfcce2bd28c0ae05430a98bb588d78e64c2e4a20e6f2726491ad948aac8305eb1a0e474b0aae9306fe06b4ebe48b0078e80ec6bbd472b8d3e563989427eb0e66519030d6baaf533f1f228183e9613283ecb7f7c4d660ad8e64ba409183dc605afdcd7a57f6077723980c330ef80cea6ee659f568973d4604dd7be63017bae5a348d6a1d29b4081ea0ac5d63035c4c9fa51e305c55615fcc9604e84aee44d9727aff3b670b12179436a145e9ae54cb3a663b498a38b1e564b4730c83c64b34a2c585b03b4c9496580d2eb06f2876fc7e36be25d238620bfe9f2926f26815dd35408c96b1036a0d750559f0081c314e9c31f71d8477028ab81ab89b1ee032095777d1272ca97311b8febacd4405e7245693e15025d5509b81d56cb28f853d65431f578e0bfd603d386b2db53985a066737000f8cc90756ed747d9095230d64bb7695fa43d2ddcaf22537a48186e7c990a51bcf2ffca61a24d22cf5aab0ed65fb89231a8605c835b372b1f8e54e56d9ab221cf4328dd79b1f97d4c72be0ab08a09bd6d66b4988c9b8c8d8707b1f0a0bb3c9fec3ff211a1edeacc53d31f06b1deff171294aa696280f304df6c4cac0aee57c046a60f5006af3d2709cfe9f58af0a4c7c40768779ea5166e5c351e10780ffe42b2c3411ddc907e605ec99cd3937b2e7806abde29cc8b775b4ba7a34f576ae2d98ca272d26a70e6eb02d411fe1f654c8e88bdc449422d06dbd7cdae7fd9d97171b4245574c1a6b013d0e98c62029b1e80df1c0a8dbc9d7200b96c62266847f143cf2713a008232d892a7950bd959ee77e1d6f7b8dc1d18db8fe79387531b4feba4d2a95972984a772ce96c7c2b6a6f5f71fd8c57bd542068dcc4b1023e664b48b76e3a6cf83b9a451f458292d25cc4c530643f3c3b6ba11d9e89b2106cac8189aa9c913fbc419d9d2c7004a30b187104592f99b9d06d5dfdce47c11b529da0dba968ed200644b773eb8e8748a72108e24a7fc157fc778e8bdea4aaf7ac421ef1a672a90ec5c0ef2ee1ccf4699bec2447bacdffd0525eb411abdc1cce92023103ca862f14f8999118c438695f828c9e5d214f3ad84ea0ea78830fc8276b959db77c812f6863ea6e189d86b83e9a48caf0721ff60ea1b19b3ded44011f35e80c1cca6a1446c89bb3c9b37abd487f39d887dea703a8dad7d3877893295820c31c0ee9b91d67e0889fc46441d597a8e993cdfe169c408b8d2836230029caef71d4ae74745be2607572763405bc04d9929840c1982d116fcbc14c2073dedd983a93c5d5bc2d469228e01fae33acc07527231683ed6e6f0aaf66d442adf7ec6d9bbe8cd4892c40d4f5408af379f8af804d27c4f62f6db556bab6686bd0ddde21524324d67c0c99f21b0f62530a8456ff4cdef4c711bb31d87d89c79e5decff744fb5230bbaee19ee300b794fddcc88eb82f4a32c142cc63c07c9df0e8902290e6708a3c882443a4342725a1582ae21d776e219f8f309a853b45154dcef68c0bf9a2df51da731d3d8a998a02a86123a57e7cf8d86884db10f801167842eaeb2bf2d67715205d5294fe94683b5bab20b4f758b059ac5feb18ab1f65d403e29d3354000af0f436ee85bf68f6544bbc649f3a059e19f341c36ac38967d0dfa28238958a7d53332d22d94a2a454f4b57fb83687b2759bcc740a64ab036f0642baffdcc513c7e82c47e107552692beae2a2256dcfa2f8a61e0e995f45d1c4ea47c3616cc96df32309c66f1f0ffd6aeee62af3ae617738916b847049439adec061af00381d5889059517872751bb538a300f718e6540f52a474bf864b2ed9c011f81f258c5d9e0b1935330af37ab46d96d2a94a174952228ad941b2d1ce50febf795a63f567898ca101ce6842e33320d05904ace4e1e8c21c7784328cba447c4755a43d89eb9a14b69c464ba198d5a0ed8e313f5d8b88c08cde24ca3962ca937ee21ea0ec2c0887c92e619cf8c994e3f97dc31bff3172cf06520f9af6347ca946dbfc3100bd244cb47be5d260024af8ca43a75c62e0857c36daad05672a1ce71e0d9f7b53959b2eb8335593036f68b1dbd963e86f9211de856dd26e308b4a93e77819942a8b6fa4e543415f076a91220ba955c9ae0d577760420c31b33d20498dcbfaeaceabed2fb75c4b70e5b3e8e198c6901826975976ffc85b27d94a5e622f8f6d92d67328987ee448b5c6d62153b9c0796d4c5153cd79cf8beec05ce6854a74f4fc8e3c20ce2f24cc5dc233215a821579a742ea2f9b48d3da4cf20a82900ccfcd536107eda2b13566b53d060a2149cf4126322c18af417cd94d1481a75fa3169d984800530b05c721663d93774c419fb994830625fb90718116ed4da5844bb93d5d49f44e1a00da2ab832965e03bc8132e4018e44ad99658b66e3c88679a77d02d5c3d3328a52602a964cebe0d79a295d1406592f612c6abd068960b0a7daaf0ea4e81fa2554c6ec8c9fd95d00659316cbaee0c2aa3c11cf07af685788c4a2e32ae7083408a4a8ed6afd50731d5c84502819c4446baa4c1c1f67355b92a9b98a2552bee8086bee0d0b04d6c080d8d52e64a8d06fd8979677a3d12e324c6cfefd745032c83846adfc07ced970ad5e7faafda1401c5368777286096702027757319fa7dcb7a88ecc0454f67a742259104e8b3a77159911771bbb1e317c71b1a68f5ce84d03731e47586cdc8c9ee3e314d61b4e29a23dee4467af2348d9136c59c03affc0c93c6fd5edac4fa206d75dd4f65223f31b66a92850cb7737612a55860bebbcf9ba3fa4adfb02cfeb9687407d8bd60614c94bf69762b63f8167e5eb9b8c94a410ee1f88f8e06b6cf1d44aa259eca0dd55beea8a75c08befd7a3f16e255636d781258de1fa6ee507c407d42d0f28a948ff6007765f7943ed9f2ee4fe368c156173772ffedf954c465dc069503ff8012e83dcc06f3904f003c97fff086a6e711d5fcaae3cdbbc781a8a4062f6f24b986525aa3e4c7761173b90de097a1e2e47e8601317c93d3e70e147f51b8ed068c3f92d6417a5148e71f9ac50a72b5fe97be26d009d8765f268287056b80dc94d5421fd89eb10170634729af4e39b32549eff002695202b1a33c2656e8144c3f4345992ba7db99d7aaccce7cb07a45aaa3c7292cd4679ff83a4abe7e985c759986f1e8e74be477232dc5ada6180b8ba4700560b45799868adc68f76f63c0fe734d4d50670a716a11a4f40374a1906362fc14022375ef82d2153b555b7dfb98143965fbbcc0f244aa0cd21803b925c0d2c74e68c28052d78f8ee029bac98879417cc7b047999e6aabffdd251683e04411a369318b931874bc594d960c9e5822f261d51d00a06b00bd35bd062030505ea2d3290a93e4ed729e26e67bebe3a8dda46480c2cdbbd53d54c95b63cea9ed51905bb82e125dff5b21f9358ba3d297c49c4925c424598240f09d3866accb3a70b4d9d86ea35c0891c2ec50de3484363363005df1b539f1ca2b113aad467d5e886539c01014b4949bdf27127411a2427e2d5e4b3883beebd85baa1e62859ab3c46a670ac120193059fef0f68e9ce44a58ec5952a083923be0007c11f589a6295c01224959e32d07d045d69e1471ea7fdfc9843b45b88e07748f8a88b26801d55c57d009019eb70ad2f5d70b8b8177c1fd7d33289afc81eac903f287f7a8188241428bbed69140282d7162cefb69c0a87e0f1f79c51f333b757d7b56c7d62380ae8660d9e876dfbf12ee0db2fd84630043e937621f0b0a4ae506dcffd9693bc7109efa7bb835cca9ce92192f376963acedd1a244f6fa195190aa2235cd8a93583eabad1f216f08263e077245dd6cdc3b5f293a2c331187247fa236a55ebfcb261818e1865f2231ccc4b23926b9ffff6b6415a5cb97528f05dc82ffc2d87e83584016ec851b425b354bffde3223cd06774799ac87e260d11ba0bc4519a5ddd6986fa1dc49550ad695ed843da367de9df268a047bc7501bfc7df7a12a51bc5eb30298391ae6819202e00afda48074ac4776fe248b9f04c832e2dffba85b2a48c02666e8293ddf1960774a66be9f75a6817f68f90dc25e002aa3ad16565439dfa240b7a24219d3b0eb60e8ab8d1b244d2bb95e8eb5b96a868236a1fc126b5b7aa23d30b379f24a05ee2d973e706b9a2f2b4088d66aac351d43755cd703f45bb49a8be913bd4cf89138d0de9f8b8426be3b64b9f81cb20c2db08e473c479660dbc3add325344bf18fff9c2a589b1914267a9ca7d99a4531af76e218e0d9cf463ec50fcc0cdd3def452ea27d5b78a65ab1647f48a3bb1a975c49b26e83844deef07762b20721a2a3f6962dd8d0d244d2a130afb6fffcdfe8efba1c0febfeae9e53c2658a16158d029955aa7068d86b6be076a5e87ceca312704f989aacd3dcea1fd88e1d7ed0ad90a7cdc2c1ef5492197eee5efbfc12317702d7708f1b761729d83c51919d8e9c053e8d3f010707ad62d1cd9ed90b669da2b43834698136a39b41a2e1266f1edfa4db33a19412b4da72d78a7a1", 0x1000, 0xff, 0x0, 0x2, r5}, &(0x7f0000001840)={0x0, 0x0, 0x0, 0x7, 0x6, r1, &(0x7f0000001780)="eef7f126c2fec90e00241495734fc962e4ff9fa5621bcc0a7848c5f952da20c4c6013bbd45055810d9219e04c3cef746e295490b8415f90454f3a2a95c20b19b03a3982e15b0bb2b66a0654ca62cb163e80513336ce319502c22ddf65eef305bc053f92579e9e851a03bfd6df8ab5f2f72dca6c86505391648804a0dea0c8d5c4ff8", 0x82, 0x0, 0x0, 0x1, r5}])
mlock(&(0x7f0000ffc000/0x3000)=nil, 0x3000)
sendmmsg(r6, &(0x7f0000007fc0), 0x800001d, 0xa00)

3m35.109553893s ago: executing program 2 (id=10130):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000440)='./binderfs/binder0\x00', 0x2, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x0, 0x0)
rt_sigaction(0x9, &(0x7f0000000700)={0x0, 0x0, 0x0, {[0xa2]}}, 0x0, 0x8, &(0x7f0000000800))
socket$inet6(0xa, 0x1, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="6000000002060103000000000000000000000004050001000700000013000300686173683a6e65742c696661636500000900020073797a30000000000500040000000000050005000a00000014000780050015000000000008001240"], 0x60}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f0000000080))
ioctl$PAGEMAP_SCAN(r4, 0xc0606610, &(0x7f0000000480)={0x60, 0x0, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, 0x7, &(0x7f0000000040)=[{}], 0x144, 0x1, 0x0, 0x2, 0x0, 0x2})
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$sock_int(r5, 0x1, 0x10, &(0x7f0000000080)=0xe67, 0x4)
bind$bt_hci(r5, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
recvmmsg(r5, &(0x7f0000000a00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002bc0)=""/4082, 0x1020}, 0x80181}], 0x400000000000039, 0x10000, 0x0)

3m19.762842308s ago: executing program 33 (id=10130):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000440)='./binderfs/binder0\x00', 0x2, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x0, 0x0)
rt_sigaction(0x9, &(0x7f0000000700)={0x0, 0x0, 0x0, {[0xa2]}}, 0x0, 0x8, &(0x7f0000000800))
socket$inet6(0xa, 0x1, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="6000000002060103000000000000000000000004050001000700000013000300686173683a6e65742c696661636500000900020073797a30000000000500040000000000050005000a00000014000780050015000000000008001240"], 0x60}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f0000000080))
ioctl$PAGEMAP_SCAN(r4, 0xc0606610, &(0x7f0000000480)={0x60, 0x0, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, 0x7, &(0x7f0000000040)=[{}], 0x144, 0x1, 0x0, 0x2, 0x0, 0x2})
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$sock_int(r5, 0x1, 0x10, &(0x7f0000000080)=0xe67, 0x4)
bind$bt_hci(r5, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
recvmmsg(r5, &(0x7f0000000a00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002bc0)=""/4082, 0x1020}, 0x80181}], 0x400000000000039, 0x10000, 0x0)

10.640632547s ago: executing program 1 (id=10814):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nfc(&(0x7f0000000040), r0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NFC_CMD_GET_TARGET(r2, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000ac0)={0x14, r1, 0x77aec225886c8f5d, 0x70bd2d, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x20)
r3 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r3, 0x0, &(0x7f00000000c0)=<r4=>0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r5)
sendmsg$NFC_CMD_DEV_UP(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r6, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r4}]}, 0x1c}}, 0x0)
sendmsg$NFC_CMD_START_POLL(r5, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r6, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r4}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0)

8.872925633s ago: executing program 1 (id=10819):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380))
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_MODIFY(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x1c, r3, 0x1, 0x70bd28, 0x25dfdbfc, {}, [@L2TP_ATTR_CONN_ID={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20008080}, 0x4048806)
sched_setscheduler(r1, 0x5, &(0x7f0000000200)=0x7)
add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), 0x0, 0x0, 0xfffffffffffffffe)
r4 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000001180)=ANY=[@ANYBLOB="12010000090003206d0414c34000ffff000109022400010400a000090400000103010100093700086ce82201000905815f"], 0x0)
syz_usb_control_io$hid(r4, &(0x7f00000000c0)={0x24, &(0x7f0000000140)=ANY=[@ANYBLOB="00020c0000000c"], 0x0, 0x0, 0x0}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001f00), 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_usbip_server_init(0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f00000001c0)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1100000000000000000000000100000000000000000000001c000000000000000000000007000000440c07"], 0x38}, 0x0)
unshare(0x2c020400)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x0, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80, @void, @value}, 0x94)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x14, &(0x7f0000000040), 0x0)
close(0xffffffffffffffff)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$ethtool(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_CHANNELS_GET(r7, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010026bd6000000000002d9300000c00018008000100", @ANYRES32], 0x20}, 0x1, 0x0, 0x0, 0xd4}, 0x24008000)

8.710763245s ago: executing program 5 (id=10822):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
socket$nl_rdma(0x10, 0x3, 0x14)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000840}, 0x240080c0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010008020000001800006600000008000300", @ANYRES32=r6, @ANYBLOB="08002600940900000800b700"], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)

7.965277289s ago: executing program 5 (id=10824):
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r1=>0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2)
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0)
sendmsg$NFC_CMD_START_POLL(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0)

7.003454642s ago: executing program 3 (id=10826):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
socket$nl_rdma(0x10, 0x3, 0x14)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000840}, 0x240080c0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010008020000001800006600000008000300", @ANYRES32=r6, @ANYBLOB="08002600940900000800b700"], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
bind$netlink(r7, &(0x7f0000000200)={0x10, 0x0, 0x0, 0x80065c9}, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000440)=@o_path={0x0}, 0x18)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r8 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r8, 0xc004500a, &(0x7f0000000240)=0x3)
read$dsp(r8, &(0x7f0000000300)=""/79, 0x4f)

6.924478579s ago: executing program 5 (id=10827):
sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x24}}, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
getsockopt$inet_int(0xffffffffffffffff, 0x10d, 0xba, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0xffffffffffffff1a, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = gettid()
timer_create(0x8, &(0x7f0000000040)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r2 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0)
readv(r2, &(0x7f0000001140)=[{&(0x7f0000000700)=""/206, 0xce}], 0x1)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
socket$kcm(0x10, 0x2, 0x0)
r3 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VIDIOC_S_FMT(r3, 0xc0d05605, &(0x7f00000001c0)={0x9, @raw_data="aa9fc93b2df81d65fcfb42a66fead6d015c9fe8917575d131c1a182cd561746e2fb051ce4a53653d5a396bd514cae6183adcc6d417cdafe5bb6cff02a3b45a461d33c93f1677f0efbac2bbd2e149dce5caed05f6e18340e58102ef991d0894f4ee1bc9b9d0303e2fcb53176e571b1923c72639c0226f9d0d23786948f11c183f878cce0b67a9e6f1b56255fe6c531551cbc14b35cc28accb18ef196097b292f4033579cf9e88bd7bc7a92345b4ae0a9dd21f2f9852d44e43c97d682d866c4b111e56e0142ec0e7b1"})
landlock_create_ruleset(&(0x7f0000000180)={0x100}, 0x18, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000680), 0x0, 0x0, 0x0, 0x1f00c00e}, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x200000, 0x0)
umount2(&(0x7f00000002c0)='./file0\x00', 0x0)
r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$sock_buf(r4, 0x1, 0x1c, 0x0, &(0x7f00000000c0))
r5 = socket(0x2a, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000), 0x10b402, 0x0)
getsockname$packet(r5, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)

6.152386512s ago: executing program 3 (id=10828):
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r1 = dup(r0)
write$FUSE_BMAP(r1, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r1, &(0x7f0000000440)=ANY=[@ANYBLOB="b0000000000000ab284dc9a94095f54e34f11a5a480d2115805745f8a24d"], 0xb0)
write$FUSE_NOTIFY_RETRIEVE(r1, &(0x7f00000000c0)={0x14c}, 0x137)
chdir(&(0x7f0000000100)='./file0\x00')
chdir(&(0x7f0000000000)='./file0\x00')

6.010832452s ago: executing program 3 (id=10830):
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
ioctl$DRM_IOCTL_CONTROL(r0, 0x40086414, &(0x7f0000000040)={0x2, 0x3f1})
ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000080)=<r1=>0x0)
prctl$PR_SCHED_CORE(0x3e, 0x0, r1, 0x6, &(0x7f00000000c0))
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x200, 0x7ff, 0x0, 'queue0\x00', 0x5})
r2 = landlock_create_ruleset(&(0x7f00000001c0)={0xe001, 0x2, 0x2}, 0x18, 0x0)
kcmp$KCMP_EPOLL_TFD(r1, r1, 0x7, r2, &(0x7f0000000200)={0xffffffffffffffff, r0, 0x4})
prlimit64(r1, 0xa, 0x0, &(0x7f0000000240))
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={@cgroup=<r3=>r0, 0x36, 0x0, 0x1, &(0x7f0000000280)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5, 0x0, &(0x7f00000002c0)=[0x0], &(0x7f0000000300)=[0x0, 0x0, 0x0], &(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x40)
r4 = syz_open_dev$dri(&(0x7f00000003c0), 0xffffffffabaa37d7, 0x1e753ff43a177213)
ioctl$VFAT_IOCTL_READDIR_SHORT(r3, 0x82307202, &(0x7f0000000400)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}])
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000640)={0x4, 0x7f, 0x5b2, 0x5, 0x401}, 0x14)
mount(&(0x7f0000000680)=@filename='./file0\x00', &(0x7f00000006c0)='./file0\x00', &(0x7f0000000700)='bfs\x00', 0x1000, &(0x7f0000000740)='queue0\x00')
ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r0, 0xc08c5336, &(0x7f0000000780)={0x2, 0x9, 0x1, 'queue1\x00', 0x5})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r0, 0xc08c5335, &(0x7f0000000840)={0x9, 0x9, 0x0, 'queue0\x00', 0x1ff})
r5 = syz_create_resource$binfmt(&(0x7f0000000900)='./file0\x00')
r6 = openat$binfmt(0xffffffffffffff9c, r5, 0x41, 0x1ff)
r7 = syz_genetlink_get_family_id$devlink(&(0x7f0000000980), r0)
sendmsg$DEVLINK_CMD_GET(r0, &(0x7f0000000ac0)={&(0x7f0000000940)={0x10, 0x0, 0x0, 0x80100400}, 0xc, &(0x7f0000000a80)={&(0x7f00000009c0)={0xa8, r7, 0x20, 0x70bd28, 0x25dfdbfe, {}, [@pci={{0x8}, {0x11}}, @pci={{0x8}, {0x11}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @pci={{0x8}, {0x11}}]}, 0xa8}, 0x1, 0x0, 0x0, 0x800}, 0x4080)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000b00), 0x20000, 0x0)
pread64(r8, &(0x7f0000000b40)=""/205, 0xcd, 0xb)
ioctl$DRM_IOCTL_DROP_MASTER(r0, 0x641f)
r9 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
ioctl$SNDRV_TIMER_IOCTL_INFO(r9, 0x80e85411, &(0x7f0000000c40)=""/4096)
syz_kvm_setup_syzos_vm$x86(r0, &(0x7f0000bff000/0x400000)=nil)
ioctl$DRM_IOCTL_MODE_GETFB2(r4, 0xc06864ce, &(0x7f0000001c40)={0x0, 0xf, 0xe26, 0x3, 0x3, [0x0, 0x0, <r10=>0x0], [0x5, 0xff, 0x7, 0xf9], [0x3, 0x4, 0x6, 0x3ff], [0x4, 0x1, 0x7, 0x7]})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r4, 0xc00c642d, &(0x7f0000001cc0)={r10})
recvmsg$can_j1939(r0, &(0x7f0000003f00)={&(0x7f0000001d00)=@rc={0x1f, @fixed}, 0x80, &(0x7f0000002ec0)=[{&(0x7f0000001d80)=""/232, 0xe8}, {&(0x7f0000001e80)=""/4096, 0x1000}, {&(0x7f0000002e80)=""/14, 0xe}], 0x3, &(0x7f0000002f00)=""/4096, 0x1000}, 0x20)
setsockopt$IP6T_SO_SET_ADD_COUNTERS(r0, 0x29, 0x41, &(0x7f0000003f40)={'mangle\x00', 0x2, [{}, {}]}, 0x48)
close(r6)

5.88597646s ago: executing program 3 (id=10831):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0xe0a42, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42)
pipe(&(0x7f0000000000))
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_open_dev$loop(0x0, 0x47ffffa, 0x122c42)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
rename(0x0, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000000c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0xe704, r4)
r5 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r5, &(0x7f0000000040)={0xa, 0xe22, 0x0, @rand_addr, 0x99f}, 0x1c)
connect$inet6(r5, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x8000000004)
connect$inet6(r5, 0x0, 0x0)
ptrace$pokeuser(0x6, r4, 0x358, 0x7fffffffefff)
ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000001ac0)={r0, 0x0, {0x0, 0x0, 0x0, 0x1, 0x10000, 0x0, 0x0, 0x11, 0x4, "339f020bbe82b398000000000000000000000d0ec0c1b4e9b1c4369d0338ef2a565ef1e83323691c58d66500", "a9103939c787a16c1ca43f80026d1a8554fe581b59ded130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd29f35239d2", "24431a1e77a68e174f000000000000000010e200", [0x0, 0x8000000000000001]}})
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c09, 0xffffffffffffffff)
r6 = dup(r1)
ioctl$LOOP_CLR_FD(r6, 0x4c01)

5.467601167s ago: executing program 1 (id=10833):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x59, &(0x7f0000000480)={&(0x7f0000000280)=@newtaction={0x70, 0x30, 0xffffffffffffffff, 0x0, 0x40002, {}, [{0x5c, 0x1, [@m_bpf={0x58, 0x1, 0x0, 0x0, {{0x8}, {0x30, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_PARMS={0x18, 0x2, {0x1}}, @TCA_ACT_BPF_FD={0x8, 0x5, r1}, @TCA_ACT_BPF_NAME={0xc, 0x6, './file0\x00'}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x70}}, 0x0)

5.442603056s ago: executing program 5 (id=10834):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0xe0a42, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42)
pipe(&(0x7f0000000000))
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_open_dev$loop(0x0, 0x47ffffa, 0x122c42)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
rename(0x0, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000000c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0xe704, r4)
r5 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r5, &(0x7f0000000040)={0xa, 0xe22, 0x0, @rand_addr, 0x99f}, 0x1c)
connect$inet6(r5, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x8000000004)
connect$inet6(r5, 0x0, 0x0)
ptrace$pokeuser(0x6, r4, 0x358, 0x7fffffffefff)
ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000001ac0)={r0, 0x0, {0x0, 0x0, 0x0, 0x1, 0x10000, 0x0, 0x0, 0x11, 0x4, "339f020bbe82b398000000000000000000000d0ec0c1b4e9b1c4369d0338ef2a565ef1e83323691c58d66500", "a9103939c787a16c1ca43f80026d1a8554fe581b59ded130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd29f35239d2", "24431a1e77a68e174f000000000000000010e200", [0x0, 0x8000000000000001]}})
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c09, 0xffffffffffffffff)
r6 = dup(r1)
ioctl$LOOP_CLR_FD(r6, 0x4c01)

5.040187632s ago: executing program 3 (id=10836):
socket$inet6_sctp(0xa, 0x1, 0x84)
r0 = socket(0xa, 0x3, 0x3a)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd, @void, @value}, 0x94)
socket$inet(0x2, 0x3, 0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10)
modify_ldt$write(0x1, &(0x7f0000000080)={0x800}, 0x10)
r2 = socket$kcm(0xa, 0x5, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b04, &(0x7f0000000040)={'wlan1\x00', @random="2f32458a00"})
rseq(0x0, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x0)
sendmsg$inet6(r4, &(0x7f0000000600)={&(0x7f0000000080)={0xa, 0x4e23, 0x1000000080000, @dev={0xfe, 0x80, '\x00', 0x2a}, 0x7d}, 0x1c, 0x0, 0x0, 0x0, 0x28}, 0x4)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
madvise(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
ioprio_set$pid(0x3, 0x0, 0x2007)
ioctl$TIOCSSOFTCAR(0xffffffffffffffff, 0x5453, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$kcm(r2, &(0x7f0000000600)={&(0x7f0000000100)=@in={0x2, 0x4e21, @remote}, 0x80, &(0x7f0000000000)=[{&(0x7f00000006c0)='@', 0x1}], 0x1, &(0x7f0000000040)=[{0x18, 0x84, 0x0, 'r'}], 0x18}, 0x41)
setsockopt$MRT6_DEL_MIF(r0, 0x29, 0xc8, 0x0, 0xc000000)

5.025471404s ago: executing program 1 (id=10837):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nfc(&(0x7f0000000040), r0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NFC_CMD_GET_TARGET(r2, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000ac0)={0x14, r1, 0x77aec225886c8f5d, 0x70bd2d, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x20)
r3 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r3, 0x0, &(0x7f00000000c0)=<r4=>0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r5)
sendmsg$NFC_CMD_START_POLL(r5, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r6, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r4}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0)

4.542461652s ago: executing program 5 (id=10838):
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
socketpair$unix(0x1, 0xcaa5465d88e6bac0, 0x0, &(0x7f00000000c0))
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="a00000001800090000000000fddbdf251c140000fe00000100000000840013000000000000000a000000000000000000000000000000000000000300000000000000000000000700000000000000070000000f0000000000000f00000000000000000f00000000000000000000000000000000000010000000000300000008000000070000000000000d04000000070000000000000000000000020000000000"], 0xa0}}, 0x20004004)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000000680)=""/102392, 0x18ff8)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'wp256\x00'}, 0x58)
r4 = accept4(r3, 0x0, 0x0, 0x800)
recvmmsg$unix(r4, &(0x7f0000003700)=[{{0x0, 0x700, 0x0, 0x0, 0x0, 0x500}}], 0x600, 0x0, 0x0)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0x4, 0x0, 0x0)

4.485488737s ago: executing program 1 (id=10839):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
socket$nl_rdma(0x10, 0x3, 0x14)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000840}, 0x240080c0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010008020000001800006600000008000300", @ANYRES32=r6, @ANYBLOB="08002600940900000800b700"], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
bind$netlink(r7, &(0x7f0000000200)={0x10, 0x0, 0x0, 0x80065c9}, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000440)=@o_path={0x0}, 0x18)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r8 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r8, 0xc004500a, &(0x7f0000000240)=0x3)
read$dsp(r8, &(0x7f0000000300)=""/79, 0x4f)

4.151201251s ago: executing program 3 (id=10840):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$vcs(0xffffff9c, &(0x7f0000000000), 0x600, 0x0)
openat$drirender128(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
mkdir(&(0x7f0000000340)='./file0\x00', 0x0)
mlock2(&(0x7f0000006000/0x4000)=nil, 0x4000, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x40}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_io_uring_setup(0x7279, &(0x7f0000000080)={0x0, 0x0, 0x13100}, &(0x7f0000000180), &(0x7f00000001c0))
poll(&(0x7f0000000100)=[{0xffffffffffffffff, 0x40}, {r4, 0x80}, {}], 0x35, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
iopl(0x9)
socket$nl_netfilter(0x10, 0x3, 0xc)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffff}, 0x0)
iopl(0x4)
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c)
r5 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x2, 0xe8e80)
r6 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x228, 0x0, 0xe138, 0x198, 0x1c0, 0x198, 0x2a0, 0x358, 0x358, 0x2a0, 0x358, 0x3, 0x0, {[{{@ip={@broadcast, @loopback, 0x0, 0x0, 'pimreg\x00', 'veth0_to_bond\x00'}, 0x0, 0x70, 0xd8}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0x70, 0xb8}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'syz0\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x288)
syz_usb_connect(0x1, 0x3f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000d0918108ac051582588d0000000109022d00010000000009040000030b08000009058d67c87d2a0000090505020000000000"], 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r5, 0xc1105517, &(0x7f0000000840)={{0x400007b, 0x4, 0x4, 0x4, 'syz0\x00', 0x6}, 0x1, 0x20000000, 0x6, r6, 0x0, 0x4, 'syz1\x00', 0x0})
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r5, 0xc0405519, &(0x7f0000000ac0)={0x6, 0x1, 0x9, 0x10, '\x00', 0x35})
getsockopt$inet_mreqsrc(r1, 0x0, 0x28, &(0x7f0000000040)={@dev, @private, @multicast2}, &(0x7f00000000c0)=0xc)
socket(0x2b, 0x6, 0xbaa6)
sendmsg$nl_route(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000005bc0)=@newlink={0x48, 0x10, 0x40b, 0x70bd2b, 0x500, {0x0, 0x0, 0x0, 0x0, 0x24f2}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_MACSEC_CIPHER_SUITE={0xc, 0x4, 0x80c20001000002}, @IFLA_MACSEC_ICV_LEN={0x5, 0x3, 0xc}]}}}]}, 0x48}}, 0x0)
socket$can_raw(0x1d, 0x3, 0x1)
mremap(&(0x7f0000ffa000/0x3000)=nil, 0x1000000000000, 0x2, 0x0, &(0x7f0000ffa000/0x4000)=nil)

3.78817174s ago: executing program 5 (id=10841):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000c80)={'ip6gre0\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001240)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0x4000000, {0x0, 0x0, 0x0, r1, {0x0, 0x1}, {0xffff, 0xffff}, {0xc}}}, 0x24}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
syz_emit_ethernet(0x2a, &(0x7f0000000f80)={@link_local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0xe000, 0x2, 0x11, 0x0, @empty, @empty}, {0x0, 0x0, 0x8}}}}}, 0x0)
r2 = syz_usb_connect(0x0, 0x24, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x4008032, 0xffffffffffffffff, 0x2000)
r3 = semget$private(0x0, 0x4000000009, 0x88)
semctl$SEM_STAT(r3, 0x3, 0x12, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x60600, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0)
socket$igmp(0x2, 0x3, 0x2)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_PRE_FAULT_MEMORY(r8, 0xc040aed5, &(0x7f00000000c0)={0x100000, 0x21d000})
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, 0x0)
syz_usb_control_io$printer(r2, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001cc0)={0x8, 0xf, &(0x7f0000001d80)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x20000006}, {}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)

3.741061747s ago: executing program 1 (id=10842):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000c80)={'ip6gre0\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001240)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0x4000000, {0x0, 0x0, 0x0, r1, {0x0, 0x1}, {0xffff, 0xffff}, {0xc}}}, 0x24}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
syz_emit_ethernet(0x2a, &(0x7f0000000f80)={@link_local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0xe000, 0x2, 0x11, 0x0, @empty, @empty}, {0x0, 0x0, 0x8}}}}}, 0x0)
r2 = syz_usb_connect(0x0, 0x24, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x4008032, 0xffffffffffffffff, 0x2000)
r3 = semget$private(0x0, 0x4000000009, 0x88)
semctl$SEM_STAT(r3, 0x3, 0x12, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x60600, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0)
socket$igmp(0x2, 0x3, 0x2)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_PRE_FAULT_MEMORY(r8, 0xc040aed5, &(0x7f00000000c0)={0x100000, 0x21d000})
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, 0x0)
syz_usb_control_io$printer(r2, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001cc0)={0x8, 0xf, &(0x7f0000001d80)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x20000006}, {}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)

3.534539776s ago: executing program 6 (id=10844):
sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x24}}, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
getsockopt$inet_int(0xffffffffffffffff, 0x10d, 0xba, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0xffffffffffffff1a, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = gettid()
timer_create(0x8, &(0x7f0000000040)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r2 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0)
readv(r2, &(0x7f0000001140)=[{&(0x7f0000000700)=""/206, 0xce}], 0x1)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
socket$kcm(0x10, 0x2, 0x0)
r3 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VIDIOC_S_FMT(r3, 0xc0d05605, &(0x7f00000001c0)={0x9, @raw_data="aa9fc93b2df81d65fcfb42a66fead6d015c9fe8917575d131c1a182cd561746e2fb051ce4a53653d5a396bd514cae6183adcc6d417cdafe5bb6cff02a3b45a461d33c93f1677f0efbac2bbd2e149dce5caed05f6e18340e58102ef991d0894f4ee1bc9b9d0303e2fcb53176e571b1923c72639c0226f9d0d23786948f11c183f878cce0b67a9e6f1b56255fe6c531551cbc14b35cc28accb18ef196097b292f4033579cf9e88bd7bc7a92345b4ae0a9dd21f2f9852d44e43c97d682d866c4b111e56e0142ec0e7b1"})
landlock_create_ruleset(&(0x7f0000000180)={0x100}, 0x18, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000680), 0x0, 0x0, 0x0, 0x1f00c00e}, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x200000, 0x0)
umount2(&(0x7f00000002c0)='./file0\x00', 0x0)
r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$sock_buf(r4, 0x1, 0x1c, 0x0, &(0x7f00000000c0))
r5 = socket(0x2a, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000), 0x10b402, 0x0)
getsockname$packet(r5, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)

3.175561013s ago: executing program 0 (id=10845):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
setsockopt$IP_VS_SO_SET_DELDEST(0xffffffffffffffff, 0x0, 0x488, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x4)
sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet_udplite(0x2, 0x2, 0x88)
mknodat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x81c0, 0x0)
openat$dir(0xffffffffffffff9c, 0x0, 0x1, 0x50)
landlock_create_ruleset(&(0x7f0000000140)={0x4000}, 0x18, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000015000000181100", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
pipe2(&(0x7f0000000840)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="0b0000000500000000040000090000000100", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000000000d100"/28], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000080000000000000000000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r4}, 0x10)
ioctl$sock_SIOCINQ(r2, 0x541b, &(0x7f0000000000))
openat(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x0)

2.807003805s ago: executing program 0 (id=10846):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e85"], &(0x7f0000000180)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = creat(&(0x7f00000001c0)='./file0\x00', 0x0)
close(r0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0xd, &(0x7f0000000040)=0x100000001, 0x1)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
splice(r1, 0x0, r3, 0x0, 0xaf4, 0x0)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x2, 0x0, 0x0)
read$FUSE(r0, &(0x7f000000c400)={0x2020, 0x0, 0x0, 0x0, 0x0, <r4=>0x0}, 0x2020)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(r4, 0x8, &(0x7f00000002c0)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
r6 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r6, 0xc004500a, &(0x7f0000000240)=0x3)
ioctl$SNDCTL_DSP_SPEED(r6, 0xc0045002, &(0x7f00000000c0)=0x10000000)
read$dsp(r6, &(0x7f0000000300)=""/79, 0x4f)
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000380)=@generic={&(0x7f0000000100)='./file0\x00', 0x0, 0x18}, 0x18)

2.573220375s ago: executing program 6 (id=10847):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0xe0a42, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42)
pipe(&(0x7f0000000000))
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_open_dev$loop(0x0, 0x47ffffa, 0x122c42)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
rename(0x0, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000000c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0xe704, r4)
r5 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r5, &(0x7f0000000040)={0xa, 0xe22, 0x0, @rand_addr, 0x99f}, 0x1c)
connect$inet6(r5, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x8000000004)
connect$inet6(r5, 0x0, 0x0)
ptrace$pokeuser(0x6, r4, 0x358, 0x7fffffffefff)
ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000001ac0)={r0, 0x0, {0x0, 0x0, 0x0, 0x1, 0x10000, 0x0, 0x0, 0x11, 0x4, "339f020bbe82b398000000000000000000000d0ec0c1b4e9b1c4369d0338ef2a565ef1e83323691c58d66500", "a9103939c787a16c1ca43f80026d1a8554fe581b59ded130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd29f35239d2", "24431a1e77a68e174f000000000000000010e200", [0x0, 0x8000000000000001]}})
r6 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42)
ioctl$LOOP_CHANGE_FD(r6, 0x4c09, 0xffffffffffffffff)
r7 = dup(r1)
ioctl$LOOP_CLR_FD(r7, 0x4c01)

1.907674159s ago: executing program 6 (id=10848):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan0\x00'})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, 0x0, 0x0)

1.836441249s ago: executing program 0 (id=10849):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nfc(&(0x7f0000000040), r0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NFC_CMD_GET_TARGET(r2, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000ac0)={0x14, r1, 0x77aec225886c8f5d, 0x70bd2d, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x20)
r3 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r3, 0x0, &(0x7f00000000c0)=<r4=>0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r5)
sendmsg$NFC_CMD_START_POLL(r5, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r6, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r4}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0)

1.760442522s ago: executing program 6 (id=10850):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e85"], &(0x7f0000000180)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = creat(&(0x7f00000001c0)='./file0\x00', 0x0)
close(r0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0xd, &(0x7f0000000040)=0x100000001, 0x1)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
splice(r1, 0x0, r3, 0x0, 0xaf4, 0x0)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x2, 0x0, 0x0)
read$FUSE(r0, &(0x7f000000c400)={0x2020, 0x0, 0x0, 0x0, 0x0, <r4=>0x0}, 0x2020)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(r4, 0x8, &(0x7f00000002c0)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
r6 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r6, 0xc004500a, &(0x7f0000000240)=0x3)
ioctl$SNDCTL_DSP_CHANNELS(r6, 0xc0045006, &(0x7f0000000080)=0x7f)
read$dsp(r6, &(0x7f0000000300)=""/79, 0x4f)
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000380)=@generic={&(0x7f0000000100)='./file0\x00', 0x0, 0x18}, 0x18)

1.551514875s ago: executing program 0 (id=10851):
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
socketpair$unix(0x1, 0xcaa5465d88e6bac0, 0x0, &(0x7f00000000c0))
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="a00000001800090000000000fddbdf251c140000fe00000100000000840013000000000000000a000000000000000000000000000000000000000300000000000000000000000700000000000000070000000f0000000000000f00000000000000000f00000000000000000000000000000000000010000000000300000008000000070000000000000d04000000070000000000000000000000020000000000"], 0xa0}}, 0x20004004)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000000680)=""/102392, 0x18ff8)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'wp256\x00'}, 0x58)
r4 = accept4(r3, 0x0, 0x0, 0x800)
recvmmsg$unix(r4, &(0x7f0000003700)=[{{0x0, 0x700, 0x0, 0x0, 0x0, 0x500}}], 0x600, 0x0, 0x0)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0x4, 0x0, 0x0)

1.097897572s ago: executing program 0 (id=10852):
r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000032680)=""/102400, 0x19000)
syz_open_dev$cec(0x0, 0x0, 0x0)
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r2, &(0x7f0000000000)={0x1f, @none}, 0x8)
socket(0x400000000010, 0x3, 0x0)
r3 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r3, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e)
ioctl$PPPIOCGCHAN(r3, 0x80047437, &(0x7f0000001f00))
socket$pppoe(0x18, 0x1, 0x0)
r4 = openat$ppp(0xffffffffffffff9c, 0x0, 0x40a40, 0x0)
ioctl$PPPIOCATTCHAN(r4, 0x40047438, &(0x7f0000000040)=0x2)
ioctl$PPPIOCBRIDGECHAN(r4, 0x40047435, 0x0)
sendmmsg(r3, &(0x7f0000001640)=[{{0x0, 0x0, 0x0}}], 0x34000, 0x0)
epoll_create(0x8)
ioctl$VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x204, 0xa, 0x4, 0x0, 0x1})

321.068142ms ago: executing program 0 (id=10853):
r0 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000), 0x48400, 0x0)
ioctl$FBIOGET_VSCREENINFO(r0, 0x4600, &(0x7f0000000040))
r1 = socket$inet_icmp(0x2, 0x2, 0x1)
getsockopt$bt_hci(r1, 0x0, 0x3, &(0x7f0000000100)=""/101, &(0x7f0000000180)=0x65)
ioctl$SNDCTL_SEQ_GETTIME(r0, 0x80045113, &(0x7f00000001c0))
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000280)={r0, 0x58, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r2=>0x0}}, 0x10)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@bloom_filter={0x1e, 0x4be73fc7, 0x8, 0x2, 0x8000, r0, 0x80000000, '\x00', r2, r0, 0x3, 0x0, 0x2, 0x2, @value=r0, @void, @void, @value}, 0x50)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000340)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-asm\x00'}, 0x58)
ioctl$KVM_RUN(r0, 0xae80, 0x0)
vmsplice(r4, &(0x7f0000000580)=[{&(0x7f00000003c0)="d70b28ee8384f070ee8a651e70df8d82cc8e083fa659caaaf78fd8aae9a48aba9e1dab84b64eee", 0x27}, {&(0x7f0000000400)='#', 0x1}, {&(0x7f0000000440)="e1851d87b6d51aa89704ee09046f5ad56e96b37586b05a10b451132ff19e15891b9dbb91bb9f7c330241eeb5f8d8157cae38107736db414719deea0b9c541924429680ba516025bd267e517a2a4cd6ced9c8a11aa770687fa5550322291cc0d9bb2c5456a1b7ba80c7e47949c66da81fd8a27b8d66949c80b648f0e7f9c9354c9b631160c304fd0e74e2646725fd1ee8d473abd18c3b105e89c739", 0x9b}, {&(0x7f0000000500)="05eb94c8282235ffce13c6aaf858e2443c9583e01377d4ab41b6c3250314efe71887a476ac9eb41b3fbf92f92671cbb74fc6e66541d575a606551773df27b759df70eeaf66c432b95c31d6b041e8347ce03fa5ad51", 0x55}], 0x4, 0xb)
ioctl$sock_TIOCOUTQ(r1, 0x5411, &(0x7f00000005c0))
fsopen(&(0x7f0000000600)='ecryptfs\x00', 0x1)
r5 = openat$cgroup_int(r0, &(0x7f0000000640)='hugetlb.2MB.failcnt\x00', 0x2, 0x0)
write$cgroup_int(r5, &(0x7f0000000680)=0x3ce300000000000, 0x12)
r6 = socket$inet6(0xa, 0x800, 0x1)
r7 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f00000006c0), 0x8000, 0x0)
write$cgroup_type(r7, &(0x7f0000000700), 0x9)
bpf$OBJ_GET_MAP(0x7, &(0x7f0000000780)=@o_path={&(0x7f0000000740)='./file0\x00', 0x0, 0x4018, r4}, 0x18)
set_mempolicy(0x4000, &(0x7f00000007c0)=0xce, 0x5)
listen(r6, 0xf0)
setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f0000000800)={0x4, 0x0, '\x00', [@padn={0x1, 0x3, [0x0, 0x0, 0x0]}]}, 0x10)
syz_emit_vhci(&(0x7f0000000840)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_notify={{0x3b, 0xa}, {@any, 0x4}}}, 0xd)
r8 = syz_genetlink_get_family_id$ethtool(&(0x7f00000008c0), r7)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000000980)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x2002}, 0xc, &(0x7f0000000940)={&(0x7f0000000900)={0x30, r8, 0x4, 0x70bd25, 0x25dfdbfb, {}, [@ETHTOOL_A_DEBUG_HEADER={0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x11}, 0x1)
sendmsg$AUDIT_LIST_RULES(r7, &(0x7f0000000a80)={&(0x7f00000009c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000a40)={&(0x7f0000000a00)={0x10, 0x3f5, 0x2, 0x100, 0x25dfdbfc, "", ["", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x80}, 0x800)
close_range(r0, r3, 0x2)
ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000ac0)={0x1})
syz_usb_connect$uac1(0x2, 0xce, &(0x7f0000000b00)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x10, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xbc, 0x3, 0x1, 0x5, 0x80, 0xa, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0xe330}, [@input_terminal={0xc, 0x24, 0x2, 0x3, 0x201, 0x3, 0x0, 0x1, 0x8, 0x8}, @feature_unit={0xb, 0x24, 0x6, 0x1, 0x1, 0x2, [0xc, 0x7]}, @selector_unit={0x9, 0x24, 0x5, 0x4, 0x82, "be1f6bd8"}, @processing_unit={0xd, 0x24, 0x7, 0x6, 0x1, 0x7, "ac07e2180251"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x3ff, 0xcf, 0x5, 0xf9, {0x7, 0x25, 0x1, 0x1, 0x4, 0xfff}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0xb, 0x24, 0x2, 0x1, 0x1, 0x4, 0x9, 0x7, "851946"}, @format_type_i_discrete={0xe, 0x24, 0x2, 0x1, 0x70, 0x2, 0xa, 0x6, "e779dbb75ced"}, @format_type_ii_discrete={0x10, 0x24, 0x2, 0x2, 0x5, 0x4, 0xc, "712e80476069be"}, @as_header={0x7, 0x24, 0x1, 0xb8, 0x11, 0x2}]}, {{0x9, 0x5, 0x82, 0x9, 0x3ff, 0x3, 0x8, 0x82, {0x7, 0x25, 0x1, 0x0, 0x6, 0x9}}}}}}}]}}, &(0x7f0000000f00)={0xa, &(0x7f0000000c00)={0xa, 0x6, 0x250, 0x7, 0x4, 0x8, 0x10, 0x40}, 0x22, &(0x7f0000000c40)={0x5, 0xf, 0x22, 0x3, [@wireless={0xb, 0x10, 0x1, 0xc, 0x20, 0x8, 0x46, 0x5, 0xfa}, @wireless={0xb, 0x10, 0x1, 0x4, 0x10, 0x17, 0x0, 0x1ff, 0x85}, @ext_cap={0x7, 0x10, 0x2, 0x10, 0x2, 0x8, 0x8719}]}, 0x7, [{0x4, &(0x7f0000000c80)=@lang_id={0x4, 0x3, 0x3009}}, {0x4, &(0x7f0000000cc0)=@lang_id={0x4, 0x3, 0x420}}, {0x9, &(0x7f0000000d00)=@string={0x9, 0x3, "6c5aa43c4bd576"}}, {0x2, &(0x7f0000000d40)=@string={0x2}}, {0x4, &(0x7f0000000d80)=@lang_id={0x4, 0x3, 0x439}}, {0x4, &(0x7f0000000dc0)=@lang_id={0x4, 0x3, 0x2809}}, {0xc8, &(0x7f0000000e00)=@string={0xc8, 0x3, "0e954553ca803c06d309db9490b69ab915ff87caec95fc817eb84e2e156b7cd720c69d6dbb095efdc363dab394b25b30abd95271d1141f950a395cbf62909db9fd75f4782d268a486bda95eff7c20bbc60e652bad367b4a0bae92303013f6ec49274dd3e13ad38199f384d368b1b672f438a10bc81a97201c994e5e58e4c0ca604206dfebc02ce90ecda04d0f7818330042b812a4a7baf1b7e0f87b9dd8c758a4f30b036022cc0d84a9fbedd1d2d3d2849fe0933dfa91b718b3858f3ed0b9cabf7fc5364f0eb"}}]})
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000f80)={0x9, 0x18, 0x5, 0x200, 0x14, "0027353c8a5819be6e141489ba9e93d16173b2"})

182.767324ms ago: executing program 6 (id=10854):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), r0)
sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000004c0)=ANY=[@ANYRES16=r1, @ANYBLOB="01000000000000000000050000000c00020000000000000000000c00060000000000000000000400078008000100", @ANYRES32], 0x38}}, 0x0)

0s ago: executing program 6 (id=10855):
r0 = socket$packet(0x11, 0x2, 0x300)
r1 = socket$packet(0x11, 0x3, 0x300)
lsetxattr$security_ima(0x0, &(0x7f0000000000), 0x0, 0x2, 0x0)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
bind$bt_hci(r2, &(0x7f0000000000)={0x27}, 0x74)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000)={0x0, 0xa004}, 0x4)
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000000)=0x9, 0x4)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000300)={'wg0\x00', <r4=>0x0})
sendto$packet(r0, &(0x7f0000000040)="5525053a27a4f35fc09f37e36f6ff187f7ad32c47abb6de42082c76a42b662c8f639ddee3be55c254fc4eb440d50a7761a8134d52c05797d1b72a7dd244403898e216b88d6c374e070e461e249a2a70c927c18592dbf1b6a2694ea339a869cb3ff77c9168a3b7ea2ed061f35eddd", 0x6e, 0x20000000, 0x0, 0x0)
syz_usb_ep_write(0xffffffffffffffff, 0x81, 0x1, &(0x7f0000000240)="b9")
r5 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0)
ioctl$EVIOCGLED(r5, 0x5452, &(0x7f0000000240)=""/77)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000180)={0x57, 0x0, 0x0, {0xfffe, 0x1}, {0x74, 0x2}, @const={0x6, {0x7f, 0x0, 0x8000, 0xfffd}}})
r6 = syz_open_dev$evdev(&(0x7f00000000c0), 0x78, 0x822b01)
write$char_usb(r6, &(0x7f0000000040)="e2", 0x1068)
sendto$packet(r3, &(0x7f0000000180)="0b03feff4f00021202004788aa96a13bb1000011000088ca1a00", 0x1fffc, 0x0, &(0x7f0000000140)={0x11, 0x0, r4}, 0x14)

kernel console output (not intermixed with test programs):

 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2589.924581][ T8139] RSP: 002b:00007fc94fb17038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2589.924600][ T8139] RAX: ffffffffffffffda RBX: 00007fc94efb5fa0 RCX: 00007fc94ed8e969
[ 2589.924611][ T8139] RDX: 0000200000000b40 RSI: 000000000000227d RDI: 0000000000000003
[ 2589.924622][ T8139] RBP: 00007fc94fb17090 R08: 0000000000000000 R09: 0000000000000000
[ 2589.924633][ T8139] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2589.924643][ T8139] R13: 0000000000000000 R14: 00007fc94efb5fa0 R15: 00007ffcbfbf7568
[ 2589.924669][ T8139]  </TASK>
[ 2589.924678][ T8139] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 2590.273778][ T8144] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10308'.
[ 2590.709793][ T8149] veth0_vlan: entered allmulticast mode
[ 2590.834396][ T8155] FAULT_INJECTION: forcing a failure.
[ 2590.834396][ T8155] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2590.850180][ T8155] CPU: 0 UID: 0 PID: 8155 Comm: syz.3.10310 Not tainted 6.15.0-rc7-syzkaller-00007-g4a95bc121ccd #0 PREEMPT(full) 
[ 2590.850214][ T8155] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 2590.850225][ T8155] Call Trace:
[ 2590.850231][ T8155]  <TASK>
[ 2590.850239][ T8155]  dump_stack_lvl+0x16c/0x1f0
[ 2590.850270][ T8155]  should_fail_ex+0x512/0x640
[ 2590.850300][ T8155]  _copy_from_user+0x2e/0xd0
[ 2590.850328][ T8155]  __sys_bpf+0x21d/0x4d80
[ 2590.850356][ T8155]  ? __pfx___sys_bpf+0x10/0x10
[ 2590.850379][ T8155]  ? ksys_write+0x190/0x240
[ 2590.850411][ T8155]  ? __mutex_unlock_slowpath+0x161/0x6a0
[ 2590.850454][ T8155]  ? fput+0x70/0xf0
[ 2590.850474][ T8155]  ? ksys_write+0x1b9/0x240
[ 2590.850501][ T8155]  ? __pfx_ksys_write+0x10/0x10
[ 2590.850532][ T8155]  __x64_sys_bpf+0x78/0xc0
[ 2590.850556][ T8155]  ? lockdep_hardirqs_on+0x7c/0x110
[ 2590.850581][ T8155]  do_syscall_64+0xcd/0x260
[ 2590.850609][ T8155]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2590.850628][ T8155] RIP: 0033:0x7f648cd8e969
[ 2590.850643][ T8155] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2590.850661][ T8155] RSP: 002b:00007f648dbf3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 2590.850681][ T8155] RAX: ffffffffffffffda RBX: 00007f648cfb6080 RCX: 00007f648cd8e969
[ 2590.850693][ T8155] RDX: 0000000000000038 RSI: 0000200000000100 RDI: 0000000000000018
[ 2590.850704][ T8155] RBP: 00007f648dbf3090 R08: 0000000000000000 R09: 0000000000000000
[ 2590.850715][ T8155] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2590.850726][ T8155] R13: 0000000000000000 R14: 00007f648cfb6080 R15: 00007ffc5b86b948
[ 2590.850751][ T8155]  </TASK>
[ 2591.020692][T22258] usb 1-1: new high-speed USB device number 61 using dummy_hcd
[ 2591.128446][ T8149] veth0_vlan: left promiscuous mode
[ 2591.139844][ T8149] veth0_vlan: entered promiscuous mode
[ 2591.208574][T22258] usb 1-1: Using ep0 maxpacket: 8
[ 2591.220492][T22258] usb 1-1: config 0 interface 0 has no altsetting 0
[ 2591.249737][T22258] usb 1-1: New USB device found, idVendor=0c70, idProduct=f011, bcdDevice= 0.00
[ 2591.313198][T22258] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2591.359478][T22258] usb 1-1: config 0 descriptor??
[ 2591.862891][ T8147] netlink: 8 bytes leftover after parsing attributes in process `syz.0.10309'.
[ 2591.988691][T13404] usb 6-1: new high-speed USB device number 28 using dummy_hcd
[ 2592.127584][ T8174] FAULT_INJECTION: forcing a failure.
[ 2592.127584][ T8174] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2592.143922][ T8174] CPU: 0 UID: 0 PID: 8174 Comm: syz.1.10319 Not tainted 6.15.0-rc7-syzkaller-00007-g4a95bc121ccd #0 PREEMPT(full) 
[ 2592.143952][ T8174] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 2592.143963][ T8174] Call Trace:
[ 2592.143970][ T8174]  <TASK>
[ 2592.143976][ T8174]  dump_stack_lvl+0x16c/0x1f0
[ 2592.144008][ T8174]  should_fail_ex+0x512/0x640
[ 2592.144038][ T8174]  _copy_from_user+0x2e/0xd0
[ 2592.144064][ T8174]  copy_msghdr_from_user+0x98/0x160
[ 2592.144085][ T8174]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 2592.144115][ T8174]  ___sys_sendmsg+0xfe/0x1d0
[ 2592.144136][ T8174]  ? __pfx____sys_sendmsg+0x10/0x10
[ 2592.144193][ T8174]  __sys_sendmsg+0x16d/0x220
[ 2592.144213][ T8174]  ? __pfx___sys_sendmsg+0x10/0x10
[ 2592.144240][ T8174]  ? rcu_is_watching+0x12/0xc0
[ 2592.144268][ T8174]  do_syscall_64+0xcd/0x260
[ 2592.144295][ T8174]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2592.144313][ T8174] RIP: 0033:0x7f161578e969
[ 2592.144328][ T8174] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2592.144345][ T8174] RSP: 002b:00007f16165c3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2592.144362][ T8174] RAX: ffffffffffffffda RBX: 00007f16159b5fa0 RCX: 00007f161578e969
[ 2592.144374][ T8174] RDX: 0000000000008010 RSI: 0000200000000180 RDI: 0000000000000003
[ 2592.144384][ T8174] RBP: 00007f16165c3090 R08: 0000000000000000 R09: 0000000000000000
[ 2592.144395][ T8174] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2592.144405][ T8174] R13: 0000000000000000 R14: 00007f16159b5fa0 R15: 00007ffe089b24c8
[ 2592.144428][ T8174]  </TASK>
[ 2592.315573][T22258] usbhid 1-1:0.0: can't add hid device: -71
[ 2592.329645][T22258] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[ 2592.371193][T13404] usb 6-1: Using ep0 maxpacket: 32
[ 2592.377724][T13404] usb 6-1: config 1 has an invalid interface number: 121 but max is 0
[ 2592.385943][T13404] usb 6-1: config 1 has no interface number 0
[ 2592.394305][T13404] usb 6-1: config 1 interface 121 has no altsetting 0
[ 2592.494725][T13404] usb 6-1: New USB device found, idVendor=2c7c, idProduct=030e, bcdDevice=ce.f2
[ 2592.513485][T13404] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2592.533148][T13404] usb 6-1: Product: syz
[ 2592.537707][T22258] usb 1-1: USB disconnect, device number 61
[ 2592.543833][T13404] usb 6-1: Manufacturer: syz
[ 2592.548455][T13404] usb 6-1: SerialNumber: syz
[ 2593.505394][   T30] audit: type=1400 audit(1747840770.305:3890): avc:  denied  { write } for  pid=8195 comm="syz.3.10323" name="random" dev="devtmpfs" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1
[ 2593.608682][T22258] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[ 2593.779080][T22258] usb 7-1: Using ep0 maxpacket: 8
[ 2593.786200][T22258] usb 7-1: config 0 has an invalid interface number: 31 but max is 0
[ 2593.805131][T22258] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2593.845365][T22258] usb 7-1: config 0 has no interface number 0
[ 2593.858100][T22258] usb 7-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[ 2593.872897][T22258] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2593.881859][T22258] usb 7-1: Product: syz
[ 2594.291001][T22258] usb 7-1: Manufacturer: syz
[ 2594.295656][T22258] usb 7-1: SerialNumber: syz
[ 2594.307257][T22258] usb 7-1: config 0 descriptor??
[ 2594.665683][T22258] usb 7-1: Found UVC 0.04 device syz (046d:08c3)
[ 2594.707605][T22258] usb 7-1: No valid video chain found.
[ 2594.876335][T13404] option 6-1:1.121: GSM modem (1-port) converter detected
[ 2595.244947][T13404] usb 6-1: GSM modem (1-port) converter now attached to ttyUSB0
[ 2595.282840][ T8215] netlink: 8 bytes leftover after parsing attributes in process `syz.0.10330'.
[ 2595.307901][T13404] usb 6-1: USB disconnect, device number 28
[ 2595.520266][T13404] option1 ttyUSB0: GSM modem (1-port) converter now disconnected from ttyUSB0
[ 2595.542315][T13404] option 6-1:1.121: device disconnected
[ 2596.838249][ T8229] FAULT_INJECTION: forcing a failure.
[ 2596.838249][ T8229] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2596.873829][ T8229] CPU: 1 UID: 0 PID: 8229 Comm: syz.3.10334 Not tainted 6.15.0-rc7-syzkaller-00007-g4a95bc121ccd #0 PREEMPT(full) 
[ 2596.873859][ T8229] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 2596.873869][ T8229] Call Trace:
[ 2596.873876][ T8229]  <TASK>
[ 2596.873883][ T8229]  dump_stack_lvl+0x16c/0x1f0
[ 2596.873915][ T8229]  should_fail_ex+0x512/0x640
[ 2596.873942][ T8229]  _copy_from_user+0x2e/0xd0
[ 2596.873968][ T8229]  copy_msghdr_from_user+0x98/0x160
[ 2596.873992][ T8229]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 2596.874020][ T8229]  ___sys_sendmsg+0xfe/0x1d0
[ 2596.874041][ T8229]  ? __pfx____sys_sendmsg+0x10/0x10
[ 2596.874072][ T8229]  ? find_held_lock+0x2b/0x80
[ 2596.874110][ T8229]  __sys_sendmmsg+0x200/0x420
[ 2596.874131][ T8229]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 2596.874167][ T8229]  ? xfd_validate_state+0x5d/0x180
[ 2596.874187][ T8229]  ? rcu_is_watching+0x12/0xc0
[ 2596.874210][ T8229]  __x64_sys_sendmmsg+0x9c/0x100
[ 2596.874228][ T8229]  ? lockdep_hardirqs_on+0x7c/0x110
[ 2596.874251][ T8229]  do_syscall_64+0xcd/0x260
[ 2596.874276][ T8229]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2596.874294][ T8229] RIP: 0033:0x7f648cd8e969
[ 2596.874307][ T8229] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2596.874325][ T8229] RSP: 002b:00007f648dc14038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 2596.874343][ T8229] RAX: ffffffffffffffda RBX: 00007f648cfb5fa0 RCX: 00007f648cd8e969
[ 2596.874355][ T8229] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000004
[ 2596.874371][ T8229] RBP: 00007f648dc14090 R08: 0000000000000000 R09: 0000000000000000
[ 2596.874382][ T8229] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2596.874392][ T8229] R13: 0000000000000000 R14: 00007f648cfb5fa0 R15: 00007ffc5b86b948
[ 2596.874415][ T8229]  </TASK>
[ 2597.254544][T26872] usb 7-1: USB disconnect, device number 2
[ 2598.521228][   T30] audit: type=1400 audit(1747840775.325:3891): avc:  denied  { bind } for  pid=8251 comm="syz.5.10341" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[ 2599.375907][   T30] audit: type=1400 audit(1747840775.385:3892): avc:  denied  { cmd } for  pid=8251 comm="syz.5.10341" path="socket:[164968]" dev="sockfs" ino=164968 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[ 2599.974564][ T8277] netlink: 232 bytes leftover after parsing attributes in process `syz.5.10347'.
[ 2599.994570][ T8277] NCSI netlink: No device for ifindex 0
[ 2600.088786][ T4248] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[ 2600.249003][ T4248] usb 7-1: Using ep0 maxpacket: 16
[ 2600.260345][ T4248] usb 7-1: config 13 has an invalid interface number: 120 but max is 0
[ 2600.273173][ T4248] usb 7-1: config 13 has no interface number 0
[ 2600.294640][ T4248] usb 7-1: config 13 interface 120 has no altsetting 0
[ 2600.313521][ T4248] usb 7-1: New USB device found, idVendor=07c4, idProduct=a000, bcdDevice= 0.07
[ 2600.333795][ T4248] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2600.357294][ T4248] usb 7-1: Product: syz
[ 2600.366130][ T4248] usb 7-1: Manufacturer: syz
[ 2600.382012][ T4248] usb 7-1: SerialNumber: syz
[ 2600.876038][ T8287] netlink: 8 bytes leftover after parsing attributes in process `syz.5.10349'.
[ 2601.285711][ T4248] ums-datafab 7-1:13.120: USB Mass Storage device detected
[ 2601.432952][ T4248] usb 7-1: USB disconnect, device number 3
[ 2601.668608][   T30] audit: type=1326 audit(1747840778.365:3893): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8298 comm="syz.5.10353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc94ed8e969 code=0x7ffc0000
[ 2601.695058][   T30] audit: type=1326 audit(1747840778.365:3894): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8298 comm="syz.5.10353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc94ed8e969 code=0x7ffc0000
[ 2601.724553][   T30] audit: type=1326 audit(1747840778.365:3895): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8298 comm="syz.5.10353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc94ed8e969 code=0x7ffc0000
[ 2601.782939][   T30] audit: type=1326 audit(1747840778.365:3896): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8298 comm="syz.5.10353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc94ed8e969 code=0x7ffc0000
[ 2602.089923][   T30] audit: type=1326 audit(1747840778.365:3897): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8298 comm="syz.5.10353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc94ed8e969 code=0x7ffc0000
[ 2602.166908][   T30] audit: type=1326 audit(1747840778.365:3898): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8298 comm="syz.5.10353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc94ed8e969 code=0x7ffc0000
[ 2602.228635][   T30] audit: type=1326 audit(1747840778.365:3899): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8298 comm="syz.5.10353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc94ed8e969 code=0x7ffc0000
[ 2602.252844][   T30] audit: type=1326 audit(1747840778.365:3900): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8298 comm="syz.5.10353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc94ed8e969 code=0x7ffc0000
[ 2603.547924][ T8329] loop6: detected capacity change from 0 to 128
[ 2603.584071][ T8329] FAULT_INJECTION: forcing a failure.
[ 2603.584071][ T8329] name failslab, interval 1, probability 0, space 0, times 0
[ 2603.654925][ T8329] CPU: 0 UID: 0 PID: 8329 Comm: syz.0.10363 Not tainted 6.15.0-rc7-syzkaller-00007-g4a95bc121ccd #0 PREEMPT(full) 
[ 2603.654947][ T8329] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 2603.654954][ T8329] Call Trace:
[ 2603.654959][ T8329]  <TASK>
[ 2603.654963][ T8329]  dump_stack_lvl+0x16c/0x1f0
[ 2603.654984][ T8329]  should_fail_ex+0x512/0x640
[ 2603.655000][ T8329]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[ 2603.655014][ T8329]  should_failslab+0xc2/0x120
[ 2603.655028][ T8329]  kmem_cache_alloc_noprof+0x6d/0x3b0
[ 2603.655040][ T8329]  ? getname_flags.part.0+0x4c/0x550
[ 2603.655057][ T8329]  getname_flags.part.0+0x4c/0x550
[ 2603.655073][ T8329]  getname_flags+0x93/0xf0
[ 2603.655090][ T8329]  do_sys_openat2+0xb8/0x1d0
[ 2603.655104][ T8329]  ? __pfx_do_sys_openat2+0x10/0x10
[ 2603.655119][ T8329]  ? __fget_files+0x20e/0x3c0
[ 2603.655131][ T8329]  __x64_sys_openat+0x174/0x210
[ 2603.655145][ T8329]  ? __pfx___x64_sys_openat+0x10/0x10
[ 2603.655158][ T8329]  ? ksys_write+0x1b9/0x240
[ 2603.655175][ T8329]  ? rcu_is_watching+0x12/0xc0
[ 2603.655192][ T8329]  do_syscall_64+0xcd/0x260
[ 2603.655210][ T8329]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2603.655222][ T8329] RIP: 0033:0x7f2abdb8d2d0
[ 2603.655231][ T8329] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44
[ 2603.655242][ T8329] RSP: 002b:00007f2abeaa7b70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 2603.655253][ T8329] RAX: ffffffffffffffda RBX: 0000000000122c42 RCX: 00007f2abdb8d2d0
[ 2603.655261][ T8329] RDX: 0000000000122c42 RSI: 00007f2abeaa7c10 RDI: 00000000ffffff9c
[ 2603.655267][ T8329] RBP: 00007f2abeaa7c10 R08: 0000000000000000 R09: 0023706f6f6c2f76
[ 2603.655274][ T8329] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[ 2603.655281][ T8329] R13: 0000000000000000 R14: 00007f2abddb5fa0 R15: 00007fff5ab3a668
[ 2603.655298][ T8329]  </TASK>
[ 2604.859336][   T30] kauditd_printk_skb: 13 callbacks suppressed
[ 2604.859346][   T30] audit: type=1400 audit(1747840781.675:3914): avc:  denied  { connect } for  pid=8352 comm="syz.1.10370" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[ 2604.947847][   T30] audit: type=1400 audit(1747840781.725:3915): avc:  denied  { setopt } for  pid=8352 comm="syz.1.10370" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[ 2605.112591][   T30] audit: type=1400 audit(1747840781.785:3916): avc:  denied  { bind } for  pid=8352 comm="syz.1.10370" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[ 2605.159241][   T30] audit: type=1400 audit(1747840781.845:3917): avc:  denied  { ioctl } for  pid=8352 comm="syz.1.10370" path="/dev/ppp" dev="devtmpfs" ino=709 ioctlcmd=0x7438 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[ 2609.510070][ T8420] netlink: 44 bytes leftover after parsing attributes in process `syz.3.10389'.
[ 2610.862263][ T8429] FAULT_INJECTION: forcing a failure.
[ 2610.862263][ T8429] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2610.948554][ T8429] CPU: 0 UID: 0 PID: 8429 Comm: syz.3.10392 Not tainted 6.15.0-rc7-syzkaller-00007-g4a95bc121ccd #0 PREEMPT(full) 
[ 2610.948583][ T8429] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 2610.948593][ T8429] Call Trace:
[ 2610.948600][ T8429]  <TASK>
[ 2610.948607][ T8429]  dump_stack_lvl+0x16c/0x1f0
[ 2610.948641][ T8429]  should_fail_ex+0x512/0x640
[ 2610.948671][ T8429]  _copy_from_user+0x2e/0xd0
[ 2610.948697][ T8429]  copy_msghdr_from_user+0x98/0x160
[ 2610.948719][ T8429]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 2610.948750][ T8429]  ___sys_sendmsg+0xfe/0x1d0
[ 2610.948771][ T8429]  ? __pfx____sys_sendmsg+0x10/0x10
[ 2610.948821][ T8429]  __sys_sendmsg+0x16d/0x220
[ 2610.948841][ T8429]  ? __pfx___sys_sendmsg+0x10/0x10
[ 2610.948868][ T8429]  ? rcu_is_watching+0x12/0xc0
[ 2610.948897][ T8429]  do_syscall_64+0xcd/0x260
[ 2610.948923][ T8429]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2610.948940][ T8429] RIP: 0033:0x7f648cd8e969
[ 2610.948961][ T8429] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2610.948978][ T8429] RSP: 002b:00007f648dc14038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2610.948997][ T8429] RAX: ffffffffffffffda RBX: 00007f648cfb5fa0 RCX: 00007f648cd8e969
[ 2610.949008][ T8429] RDX: 0000000020008850 RSI: 0000200000000040 RDI: 0000000000000005
[ 2610.949019][ T8429] RBP: 00007f648dc14090 R08: 0000000000000000 R09: 0000000000000000
[ 2610.949031][ T8429] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2610.949041][ T8429] R13: 0000000000000000 R14: 00007f648cfb5fa0 R15: 00007ffc5b86b948
[ 2610.949066][ T8429]  </TASK>
[ 2611.325666][   T30] audit: type=1400 audit(1747840788.135:3918): avc:  denied  { write } for  pid=8433 comm="syz.6.10393" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[ 2611.402208][ T8434] net_ratelimit: 22 callbacks suppressed
[ 2611.402223][ T8434] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check.
[ 2611.701212][T13404] usb 4-1: new high-speed USB device number 61 using dummy_hcd
[ 2611.829364][   T30] audit: type=1400 audit(1747840788.645:3919): avc:  denied  { write } for  pid=8439 comm="syz.6.10395" path="socket:[165212]" dev="sockfs" ino=165212 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[ 2612.218692][T13404] usb 4-1: Using ep0 maxpacket: 32
[ 2612.244630][T13404] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=41.40
[ 2612.286004][T13404] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2612.710584][T13404] usb 4-1: config 0 descriptor??
[ 2612.937493][T13404] dvb-usb: found a 'Elgato EyeTV Sat' in cold state, will try to load a firmware
[ 2612.957797][T13404] usb 4-1: Direct firmware load for dvb-usb-az6027-03.fw failed with error -2
[ 2612.983484][T13404] usb 4-1: Falling back to sysfs fallback for: dvb-usb-az6027-03.fw
[ 2612.983529][   T30] audit: type=1400 audit(1747840789.795:3920): avc:  denied  { firmware_load } for  pid=13404 comm="kworker/0:0" scontext=system_u:system_r:kernel_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[ 2613.433673][   T30] audit: type=1400 audit(1747840790.245:3921): avc:  denied  { connect } for  pid=8448 comm="syz.1.10398" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[ 2613.604868][ T8473] xt_CT: You must specify a L4 protocol and not use inversions on it
[ 2613.673066][   T30] audit: type=1400 audit(1747840790.265:3922): avc:  denied  { append } for  pid=8467 comm="syz.5.10402" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[ 2613.982534][   T30] audit: type=1400 audit(1747840790.265:3923): avc:  denied  { map } for  pid=8467 comm="syz.5.10402" path="/dev/fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[ 2614.006159][    C1] vkms_vblank_simulate: vblank timer overrun
[ 2614.232044][ T8485] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 2614.305806][ T8483] netlink: 8 bytes leftover after parsing attributes in process `syz.3.10404'.
[ 2614.467950][   T30] audit: type=1400 audit(1747840790.265:3924): avc:  denied  { write execute } for  pid=8467 comm="syz.5.10402" path="/dev/fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[ 2614.495447][    C1] vkms_vblank_simulate: vblank timer overrun
[ 2614.777811][   T30] audit: type=1400 audit(1747840790.585:3925): avc:  denied  { create } for  pid=8470 comm="syz.0.10403" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[ 2615.516990][   T30] audit: type=1400 audit(1747840791.465:3926): avc:  denied  { write } for  pid=8488 comm="syz.6.10407" name="cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1
[ 2615.603540][   T30] audit: type=1400 audit(1747840792.275:3927): avc:  denied  { ioctl } for  pid=8487 comm="syz.0.10406" path="/dev/ptp0" dev="devtmpfs" ino=1265 ioctlcmd=0x3d11 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[ 2615.962197][T26866] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[ 2616.141278][T26866] usb 7-1: Using ep0 maxpacket: 32
[ 2616.153484][T26866] usb 7-1: config 0 has an invalid interface number: 51 but max is 0
[ 2616.180571][T26866] usb 7-1: config 0 has no interface number 0
[ 2616.208127][T26866] usb 7-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[ 2616.234202][T26866] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2616.260245][T26866] usb 7-1: Product: syz
[ 2616.273397][T26866] usb 7-1: Manufacturer: syz
[ 2616.286667][T26866] usb 7-1: SerialNumber: syz
[ 2616.304180][T26866] usb 7-1: config 0 descriptor??
[ 2616.322360][T26866] quatech2 7-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[ 2616.553306][T26866] usb 7-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[ 2616.593116][T26866] usb 7-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[ 2617.528738][T26872] usb 1-1: new low-speed USB device number 62 using dummy_hcd
[ 2618.049938][T26872] usb 1-1: device descriptor read/64, error -71
[ 2618.362190][T26872] usb 1-1: new low-speed USB device number 63 using dummy_hcd
[ 2618.704688][    C0] usb 7-1: qt2_read_bulk_callback - non-zero urb status: -71
[ 2618.781948][T26866] usb 7-1: USB disconnect, device number 4
[ 2618.828567][T26872] usb 1-1: device descriptor read/64, error -71
[ 2618.951001][T26872] usb usb1-port1: attempt power cycle
[ 2618.973223][T26866] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[ 2619.382608][T26866] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[ 2619.522372][T26866] quatech2 7-1:0.51: device disconnected
[ 2619.688611][T26872] usb 1-1: new low-speed USB device number 64 using dummy_hcd
[ 2619.697549][ T8540] netlink: 8 bytes leftover after parsing attributes in process `syz.3.10419'.
[ 2619.984364][T26872] usb 1-1: device descriptor read/8, error -71
[ 2620.562453][ T8554] netlink: 4 bytes leftover after parsing attributes in process `syz.5.10423'.
[ 2620.579552][ T8554] netlink: 4 bytes leftover after parsing attributes in process `syz.5.10423'.
[ 2620.598579][ T8554] fuseblk: Unknown parameter 'ÿÿ0xffffffffffffffffÿ'
[ 2621.028332][   T30] kauditd_printk_skb: 1 callbacks suppressed
[ 2621.028349][   T30] audit: type=1400 audit(1747840797.835:3929): avc:  denied  { getopt } for  pid=8555 comm="syz.3.10424" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[ 2621.808926][ T8566] 9pnet_virtio: no channels available for device syz
[ 2623.290080][   T30] audit: type=1400 audit(1747840800.105:3930): avc:  denied  { ioctl } for  pid=8577 comm="syz.1.10430" path="socket:[166689]" dev="sockfs" ino=166689 ioctlcmd=0x5411 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[ 2623.416682][ T8587] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10434'.
[ 2623.588669][T26866] usb 6-1: new high-speed USB device number 29 using dummy_hcd
[ 2623.998651][T16767] usb 1-1: new low-speed USB device number 66 using dummy_hcd
[ 2624.147077][T26866] usb 6-1: Using ep0 maxpacket: 16
[ 2624.216076][T26866] usb 6-1: config 13 has an invalid interface number: 120 but max is 0
[ 2624.241932][T26866] usb 6-1: config 13 has no interface number 0
[ 2624.248158][T26866] usb 6-1: config 13 interface 120 has no altsetting 0
[ 2624.298776][T16767] usb 1-1: device descriptor read/64, error -71
[ 2624.568645][T16767] usb 1-1: new low-speed USB device number 67 using dummy_hcd
[ 2624.634443][ T8601] FAULT_INJECTION: forcing a failure.
[ 2624.634443][ T8601] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2624.647627][ T8601] CPU: 1 UID: 0 PID: 8601 Comm: syz.1.10436 Not tainted 6.15.0-rc7-syzkaller-00007-g4a95bc121ccd #0 PREEMPT(full) 
[ 2624.647653][ T8601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 2624.647665][ T8601] Call Trace:
[ 2624.647671][ T8601]  <TASK>
[ 2624.647679][ T8601]  dump_stack_lvl+0x16c/0x1f0
[ 2624.647713][ T8601]  should_fail_ex+0x512/0x640
[ 2624.647742][ T8601]  _copy_from_user+0x2e/0xd0
[ 2624.647769][ T8601]  copy_msghdr_from_user+0x98/0x160
[ 2624.647791][ T8601]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 2624.647820][ T8601]  ? __pfx___schedule+0x10/0x10
[ 2624.647847][ T8601]  ___sys_sendmsg+0xfe/0x1d0
[ 2624.647870][ T8601]  ? __pfx____sys_sendmsg+0x10/0x10
[ 2624.647923][ T8601]  __sys_sendmsg+0x16d/0x220
[ 2624.647943][ T8601]  ? __pfx___sys_sendmsg+0x10/0x10
[ 2624.647981][ T8601]  do_syscall_64+0xcd/0x260
[ 2624.648010][ T8601]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2624.648029][ T8601] RIP: 0033:0x7f161578e969
[ 2624.648050][ T8601] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2624.648068][ T8601] RSP: 002b:00007f1616581038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2624.648088][ T8601] RAX: ffffffffffffffda RBX: 00007f16159b6160 RCX: 00007f161578e969
[ 2624.648100][ T8601] RDX: 0000000004004010 RSI: 0000200000000000 RDI: 0000000000000004
[ 2624.648112][ T8601] RBP: 00007f1616581090 R08: 0000000000000000 R09: 0000000000000000
[ 2624.648123][ T8601] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2624.648135][ T8601] R13: 0000000000000001 R14: 00007f16159b6160 R15: 00007ffe089b24c8
[ 2624.648161][ T8601]  </TASK>
[ 2624.884316][T26866] usb 6-1: New USB device found, idVendor=07c4, idProduct=a000, bcdDevice= 0.07
[ 2624.893914][T26866] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2624.902414][T26866] usb 6-1: Product: syz
[ 2624.908016][T26866] usb 6-1: Manufacturer: syz
[ 2624.914168][T26866] usb 6-1: SerialNumber: syz
[ 2625.334317][T26866] ums-datafab 6-1:13.120: USB Mass Storage device detected
[ 2625.690842][T26866] usb 6-1: USB disconnect, device number 29
[ 2626.115670][ T8616] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[ 2626.115670][ T8616]    program syz.1.10440 not setting count and/or reply_len properly
[ 2626.328082][   T30] audit: type=1400 audit(1747840802.895:3931): avc:  denied  { connect } for  pid=8614 comm="syz.1.10440" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[ 2627.173197][ T8630] FAULT_INJECTION: forcing a failure.
[ 2627.173197][ T8630] name failslab, interval 1, probability 0, space 0, times 0
[ 2627.192374][ T8630] CPU: 1 UID: 0 PID: 8630 Comm: syz.3.10445 Not tainted 6.15.0-rc7-syzkaller-00007-g4a95bc121ccd #0 PREEMPT(full) 
[ 2627.192405][ T8630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 2627.192415][ T8630] Call Trace:
[ 2627.192421][ T8630]  <TASK>
[ 2627.192429][ T8630]  dump_stack_lvl+0x16c/0x1f0
[ 2627.192458][ T8630]  should_fail_ex+0x512/0x640
[ 2627.192476][ T8630]  ? fs_reclaim_acquire+0xae/0x150
[ 2627.192493][ T8630]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[ 2627.192517][ T8630]  should_failslab+0xc2/0x120
[ 2627.192537][ T8630]  __kmalloc_noprof+0xd2/0x510
[ 2627.192560][ T8630]  tomoyo_realpath_from_path+0xc2/0x6e0
[ 2627.192586][ T8630]  ? tomoyo_profile+0x47/0x60
[ 2627.192598][ T8630]  tomoyo_path_number_perm+0x245/0x580
[ 2627.192613][ T8630]  ? tomoyo_path_number_perm+0x237/0x580
[ 2627.192628][ T8630]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 2627.192643][ T8630]  ? find_held_lock+0x2b/0x80
[ 2627.192688][ T8630]  ? find_held_lock+0x2b/0x80
[ 2627.192707][ T8630]  ? hook_file_ioctl_common+0x145/0x410
[ 2627.192730][ T8630]  ? __fget_files+0x20e/0x3c0
[ 2627.192743][ T8630]  security_file_ioctl+0x9b/0x240
[ 2627.192760][ T8630]  __x64_sys_ioctl+0xb7/0x200
[ 2627.192777][ T8630]  do_syscall_64+0xcd/0x260
[ 2627.192803][ T8630]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2627.192822][ T8630] RIP: 0033:0x7f648cd8e969
[ 2627.192836][ T8630] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2627.192852][ T8630] RSP: 002b:00007f648dc14038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2627.192869][ T8630] RAX: ffffffffffffffda RBX: 00007f648cfb5fa0 RCX: 00007f648cd8e969
[ 2627.192878][ T8630] RDX: 0000200000000180 RSI: 00000000000007b1 RDI: 0000000000000003
[ 2627.192884][ T8630] RBP: 00007f648dc14090 R08: 0000000000000000 R09: 0000000000000000
[ 2627.192891][ T8630] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2627.192897][ T8630] R13: 0000000000000000 R14: 00007f648cfb5fa0 R15: 00007ffc5b86b948
[ 2627.192912][ T8630]  </TASK>
[ 2627.193405][ T8630] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 2627.551147][ T8632] netlink: 8 bytes leftover after parsing attributes in process `syz.5.10446'.
[ 2627.673534][   T30] audit: type=1400 audit(1747840804.485:3932): avc:  denied  { wake_alarm } for  pid=8633 comm="syz.3.10447" capability=35  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 2627.695289][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2629.125530][ T8656] FAULT_INJECTION: forcing a failure.
[ 2629.125530][ T8656] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2629.188676][ T8656] CPU: 1 UID: 0 PID: 8656 Comm: syz.0.10453 Not tainted 6.15.0-rc7-syzkaller-00007-g4a95bc121ccd #0 PREEMPT(full) 
[ 2629.188708][ T8656] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 2629.188719][ T8656] Call Trace:
[ 2629.188726][ T8656]  <TASK>
[ 2629.188733][ T8656]  dump_stack_lvl+0x16c/0x1f0
[ 2629.188767][ T8656]  should_fail_ex+0x512/0x640
[ 2629.188796][ T8656]  _copy_from_user+0x2e/0xd0
[ 2629.188824][ T8656]  copy_msghdr_from_user+0x98/0x160
[ 2629.188846][ T8656]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 2629.188879][ T8656]  ___sys_sendmsg+0xfe/0x1d0
[ 2629.188902][ T8656]  ? __pfx____sys_sendmsg+0x10/0x10
[ 2629.188955][ T8656]  __sys_sendmsg+0x16d/0x220
[ 2629.188977][ T8656]  ? __pfx___sys_sendmsg+0x10/0x10
[ 2629.189014][ T8656]  do_syscall_64+0xcd/0x260
[ 2629.189049][ T8656]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2629.189068][ T8656] RIP: 0033:0x7f2abdb8e969
[ 2629.189084][ T8656] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2629.189100][ T8656] RSP: 002b:00007f2abeaa8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2629.189118][ T8656] RAX: ffffffffffffffda RBX: 00007f2abddb5fa0 RCX: 00007f2abdb8e969
[ 2629.189130][ T8656] RDX: 0000000000000000 RSI: 0000200000000340 RDI: 0000000000000003
[ 2629.189140][ T8656] RBP: 00007f2abeaa8090 R08: 0000000000000000 R09: 0000000000000000
[ 2629.189151][ T8656] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2629.189162][ T8656] R13: 0000000000000000 R14: 00007f2abddb5fa0 R15: 00007fff5ab3a668
[ 2629.189187][ T8656]  </TASK>
[ 2629.418866][T16767] usb 6-1: new high-speed USB device number 30 using dummy_hcd
[ 2629.546687][ T8663] FAULT_INJECTION: forcing a failure.
[ 2629.546687][ T8663] name failslab, interval 1, probability 0, space 0, times 0
[ 2629.562462][ T8663] CPU: 1 UID: 0 PID: 8663 Comm: syz.3.10454 Not tainted 6.15.0-rc7-syzkaller-00007-g4a95bc121ccd #0 PREEMPT(full) 
[ 2629.562489][ T8663] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 2629.562500][ T8663] Call Trace:
[ 2629.562506][ T8663]  <TASK>
[ 2629.562513][ T8663]  dump_stack_lvl+0x16c/0x1f0
[ 2629.562541][ T8663]  should_fail_ex+0x512/0x640
[ 2629.562566][ T8663]  ? __kvmalloc_node_noprof+0x122/0x600
[ 2629.562596][ T8663]  should_failslab+0xc2/0x120
[ 2629.562629][ T8663]  __kvmalloc_node_noprof+0x135/0x600
[ 2629.562655][ T8663]  ? _kstrtoull+0x145/0x200
[ 2629.562671][ T8663]  ? seq_read_iter+0x826/0x12c0
[ 2629.562699][ T8663]  ? seq_read_iter+0x826/0x12c0
[ 2629.562721][ T8663]  seq_read_iter+0x826/0x12c0
[ 2629.562744][ T8663]  ? find_held_lock+0x2b/0x80
[ 2629.562782][ T8663]  seq_read+0x39e/0x4e0
[ 2629.562808][ T8663]  ? __pfx_seq_read+0x10/0x10
[ 2629.562845][ T8663]  ? avc_policy_seqno+0x9/0x20
[ 2629.562867][ T8663]  ? __pfx_seq_read+0x10/0x10
[ 2629.562891][ T8663]  proc_reg_read+0x240/0x330
[ 2629.562912][ T8663]  ? __pfx_proc_reg_read+0x10/0x10
[ 2629.562933][ T8663]  vfs_read+0x1e1/0xc70
[ 2629.562964][ T8663]  ? __pfx___mutex_lock+0x10/0x10
[ 2629.562991][ T8663]  ? __pfx_vfs_read+0x10/0x10
[ 2629.563025][ T8663]  ? __fget_files+0x20e/0x3c0
[ 2629.563050][ T8663]  ksys_read+0x12a/0x240
[ 2629.563076][ T8663]  ? __pfx_ksys_read+0x10/0x10
[ 2629.563110][ T8663]  do_syscall_64+0xcd/0x260
[ 2629.563138][ T8663]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2629.563158][ T8663] RIP: 0033:0x7f648cd8e969
[ 2629.563174][ T8663] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2629.563192][ T8663] RSP: 002b:00007f648dbf3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 2629.563210][ T8663] RAX: ffffffffffffffda RBX: 00007f648cfb6080 RCX: 00007f648cd8e969
[ 2629.563222][ T8663] RDX: 0000000000002020 RSI: 0000200000002dc0 RDI: 0000000000000004
[ 2629.563233][ T8663] RBP: 00007f648dbf3090 R08: 0000000000000000 R09: 0000000000000000
[ 2629.563244][ T8663] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2629.563254][ T8663] R13: 0000000000000000 R14: 00007f648cfb6080 R15: 00007ffc5b86b948
[ 2629.563281][ T8663]  </TASK>
[ 2630.268651][T16767] usb 6-1: Using ep0 maxpacket: 16
[ 2630.275248][T16767] usb 6-1: config 13 has an invalid interface number: 120 but max is 0
[ 2630.283890][T16767] usb 6-1: config 13 has no interface number 0
[ 2630.387689][T16767] usb 6-1: config 13 interface 120 has no altsetting 0
[ 2630.429054][T16767] usb 6-1: New USB device found, idVendor=07c4, idProduct=a000, bcdDevice= 0.07
[ 2630.438638][T16767] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2630.446691][T16767] usb 6-1: Product: syz
[ 2630.456908][T16767] usb 6-1: Manufacturer: syz
[ 2630.461913][T16767] usb 6-1: SerialNumber: syz
[ 2631.015796][ T8672] FAULT_INJECTION: forcing a failure.
[ 2631.015796][ T8672] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2631.029323][ T8672] CPU: 0 UID: 0 PID: 8672 Comm: syz.1.10457 Not tainted 6.15.0-rc7-syzkaller-00007-g4a95bc121ccd #0 PREEMPT(full) 
[ 2631.029348][ T8672] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 2631.029358][ T8672] Call Trace:
[ 2631.029364][ T8672]  <TASK>
[ 2631.029371][ T8672]  dump_stack_lvl+0x16c/0x1f0
[ 2631.029404][ T8672]  should_fail_ex+0x512/0x640
[ 2631.029430][ T8672]  _copy_from_user+0x2e/0xd0
[ 2631.029457][ T8672]  copy_msghdr_from_user+0x98/0x160
[ 2631.029479][ T8672]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 2631.029512][ T8672]  ___sys_sendmsg+0xfe/0x1d0
[ 2631.029534][ T8672]  ? __pfx____sys_sendmsg+0x10/0x10
[ 2631.029587][ T8672]  __sys_sendmsg+0x16d/0x220
[ 2631.029608][ T8672]  ? __pfx___sys_sendmsg+0x10/0x10
[ 2631.029636][ T8672]  ? rcu_is_watching+0x12/0xc0
[ 2631.029666][ T8672]  do_syscall_64+0xcd/0x260
[ 2631.029694][ T8672]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2631.029712][ T8672] RIP: 0033:0x7f161578e969
[ 2631.029728][ T8672] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2631.029745][ T8672] RSP: 002b:00007f16165a2038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2631.029763][ T8672] RAX: ffffffffffffffda RBX: 00007f16159b6080 RCX: 00007f161578e969
[ 2631.029775][ T8672] RDX: 0000000000004000 RSI: 00002000000012c0 RDI: 0000000000000009
[ 2631.029786][ T8672] RBP: 00007f16165a2090 R08: 0000000000000000 R09: 0000000000000000
[ 2631.029796][ T8672] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2631.029806][ T8672] R13: 0000000000000000 R14: 00007f16159b6080 R15: 00007ffe089b24c8
[ 2631.029831][ T8672]  </TASK>
[ 2631.265239][ T8676] netlink: 44 bytes leftover after parsing attributes in process `syz.1.10457'.
[ 2631.290851][T16767] ums-datafab 6-1:13.120: USB Mass Storage device detected
[ 2631.386383][   T30] audit: type=1400 audit(1747840808.095:3933): avc:  denied  { ioctl } for  pid=8667 comm="syz.1.10457" path="socket:[166926]" dev="sockfs" ino=166926 ioctlcmd=0x940e scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[ 2631.577378][T16767] usb 6-1: USB disconnect, device number 30
[ 2631.712768][ T8684] FAULT_INJECTION: forcing a failure.
[ 2631.712768][ T8684] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2631.762001][ T8684] CPU: 0 UID: 0 PID: 8684 Comm: syz.1.10460 Not tainted 6.15.0-rc7-syzkaller-00007-g4a95bc121ccd #0 PREEMPT(full) 
[ 2631.762035][ T8684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 2631.762047][ T8684] Call Trace:
[ 2631.762054][ T8684]  <TASK>
[ 2631.762062][ T8684]  dump_stack_lvl+0x16c/0x1f0
[ 2631.762094][ T8684]  should_fail_ex+0x512/0x640
[ 2631.762125][ T8684]  _copy_from_user+0x2e/0xd0
[ 2631.762154][ T8684]  copy_msghdr_from_user+0x98/0x160
[ 2631.762177][ T8684]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 2631.762210][ T8684]  ___sys_sendmsg+0xfe/0x1d0
[ 2631.762233][ T8684]  ? __pfx____sys_sendmsg+0x10/0x10
[ 2631.762286][ T8684]  __sys_sendmsg+0x16d/0x220
[ 2631.762308][ T8684]  ? __pfx___sys_sendmsg+0x10/0x10
[ 2631.762336][ T8684]  ? rcu_is_watching+0x12/0xc0
[ 2631.762364][ T8684]  do_syscall_64+0xcd/0x260
[ 2631.762388][ T8684]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2631.762405][ T8684] RIP: 0033:0x7f161578e969
[ 2631.762419][ T8684] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2631.762436][ T8684] RSP: 002b:00007f16165c3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2631.762454][ T8684] RAX: ffffffffffffffda RBX: 00007f16159b5fa0 RCX: 00007f161578e969
[ 2631.762466][ T8684] RDX: 0000000000000080 RSI: 00002000000002c0 RDI: 0000000000000003
[ 2631.762477][ T8684] RBP: 00007f16165c3090 R08: 0000000000000000 R09: 0000000000000000
[ 2631.762488][ T8684] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2631.762499][ T8684] R13: 0000000000000000 R14: 00007f16159b5fa0 R15: 00007ffe089b24c8
[ 2631.762524][ T8684]  </TASK>
[ 2632.083591][ T8688] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2632.091086][ T8688] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2632.098756][ T8688] bridge0: entered allmulticast mode
[ 2632.117415][ T8689] bridge_slave_1: left allmulticast mode
[ 2632.124391][ T8689] bridge_slave_1: left promiscuous mode
[ 2632.132599][ T8689] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2632.144551][   T30] audit: type=1400 audit(1747840808.935:3934): avc:  denied  { read } for  pid=8670 comm="syz.3.10458" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[ 2632.199751][ T8689] bridge_slave_0: left allmulticast mode
[ 2632.205438][ T8689] bridge_slave_0: left promiscuous mode
[ 2632.211230][ T8689] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2632.227324][T26872] libceph: connect (1)[c::]:6789 error -101
[ 2632.239488][T26872] libceph: mon0 (1)[c::]:6789 connect error
[ 2632.292517][ T8671] ceph: No mds server is up or the cluster is laggy
[ 2632.512706][T26872] libceph: connect (1)[c::]:6789 error -101
[ 2632.578612][T16767] usb 1-1: new low-speed USB device number 68 using dummy_hcd
[ 2632.670841][T26872] libceph: mon0 (1)[c::]:6789 connect error
[ 2633.036329][ T8714] FAULT_INJECTION: forcing a failure.
[ 2633.036329][ T8714] name failslab, interval 1, probability 0, space 0, times 0
[ 2633.073497][ T8714] CPU: 0 UID: 0 PID: 8714 Comm: syz.1.10466 Not tainted 6.15.0-rc7-syzkaller-00007-g4a95bc121ccd #0 PREEMPT(full) 
[ 2633.073516][ T8714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 2633.073523][ T8714] Call Trace:
[ 2633.073527][ T8714]  <TASK>
[ 2633.073532][ T8714]  dump_stack_lvl+0x16c/0x1f0
[ 2633.073556][ T8714]  should_fail_ex+0x512/0x640
[ 2633.073573][ T8714]  ? fs_reclaim_acquire+0xae/0x150
[ 2633.073589][ T8714]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[ 2633.073607][ T8714]  should_failslab+0xc2/0x120
[ 2633.073619][ T8714]  __kmalloc_noprof+0xd2/0x510
[ 2633.073633][ T8714]  tomoyo_realpath_from_path+0xc2/0x6e0
[ 2633.073652][ T8714]  ? tomoyo_profile+0x47/0x60
[ 2633.073664][ T8714]  tomoyo_path_number_perm+0x245/0x580
[ 2633.073678][ T8714]  ? tomoyo_path_number_perm+0x237/0x580
[ 2633.073694][ T8714]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 2633.073710][ T8714]  ? find_held_lock+0x2b/0x80
[ 2633.073736][ T8714]  ? find_held_lock+0x2b/0x80
[ 2633.073749][ T8714]  ? hook_file_ioctl_common+0x145/0x410
[ 2633.073764][ T8714]  ? __fget_files+0x20e/0x3c0
[ 2633.073778][ T8714]  security_file_ioctl+0x9b/0x240
[ 2633.073795][ T8714]  __x64_sys_ioctl+0xb7/0x200
[ 2633.073812][ T8714]  do_syscall_64+0xcd/0x260
[ 2633.073829][ T8714]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2633.073841][ T8714] RIP: 0033:0x7f161578e969
[ 2633.073851][ T8714] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2633.073862][ T8714] RSP: 002b:00007f16165c3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2633.073873][ T8714] RAX: ffffffffffffffda RBX: 00007f16159b5fa0 RCX: 00007f161578e969
[ 2633.073880][ T8714] RDX: 00002000000000c0 RSI: 00000000c018aa06 RDI: 0000000000000003
[ 2633.073887][ T8714] RBP: 00007f16165c3090 R08: 0000000000000000 R09: 0000000000000000
[ 2633.073894][ T8714] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2633.073900][ T8714] R13: 0000000000000000 R14: 00007f16159b5fa0 R15: 00007ffe089b24c8
[ 2633.073914][ T8714]  </TASK>
[ 2633.073930][ T8714] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 2633.878616][T16767] usb 1-1: device descriptor read/64, error -71
[ 2634.508572][T16767] usb 1-1: new low-speed USB device number 69 using dummy_hcd
[ 2635.570995][ T8744] netlink: 'syz.5.10474': attribute type 39 has an invalid length.
[ 2636.784609][ T8755] netlink: 8 bytes leftover after parsing attributes in process `syz.5.10477'.
[ 2636.824022][ T8755] netlink: 36 bytes leftover after parsing attributes in process `syz.5.10477'.
[ 2638.965919][ T8774] misc userio: No port type given on /dev/userio
[ 2639.091794][ T8785] netlink: 72 bytes leftover after parsing attributes in process `syz.0.10487'.
[ 2640.191267][   T30] audit: type=1400 audit(1747840816.995:3935): avc:  denied  { create } for  pid=8778 comm="syz.5.10482" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[ 2640.266399][T23001] Bluetooth: hci5: Frame reassembly failed (-84)
[ 2640.436306][ T8810] tmpfs: Bad value for 'usrquota_block_hardlimit'
[ 2641.396997][   T30] audit: type=1400 audit(1747840818.205:3936): avc:  denied  { name_connect } for  pid=8813 comm="syz.3.10491" dest=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=sctp_socket permissive=1
[ 2641.418652][    C1] vkms_vblank_simulate: vblank timer overrun
[ 2641.432330][ T8817] FAULT_INJECTION: forcing a failure.
[ 2641.432330][ T8817] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2641.448870][ T8817] CPU: 0 UID: 0 PID: 8817 Comm: syz.5.10493 Not tainted 6.15.0-rc7-syzkaller-00007-g4a95bc121ccd #0 PREEMPT(full) 
[ 2641.448899][ T8817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 2641.448916][ T8817] Call Trace:
[ 2641.448923][ T8817]  <TASK>
[ 2641.448931][ T8817]  dump_stack_lvl+0x16c/0x1f0
[ 2641.448964][ T8817]  should_fail_ex+0x512/0x640
[ 2641.448993][ T8817]  _copy_from_user+0x2e/0xd0
[ 2641.449019][ T8817]  do_sock_getsockopt+0x5f4/0x800
[ 2641.449048][ T8817]  ? __pfx_do_sock_getsockopt+0x10/0x10
[ 2641.449070][ T8817]  ? __fget_files+0x204/0x3c0
[ 2641.449100][ T8817]  __sys_getsockopt+0x12f/0x260
[ 2641.449125][ T8817]  __x64_sys_getsockopt+0xbd/0x160
[ 2641.449143][ T8817]  ? do_syscall_64+0x91/0x260
[ 2641.449169][ T8817]  ? lockdep_hardirqs_on+0x7c/0x110
[ 2641.449193][ T8817]  do_syscall_64+0xcd/0x260
[ 2641.449220][ T8817]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2641.449239][ T8817] RIP: 0033:0x7fc94ed8e969
[ 2641.449254][ T8817] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2641.449272][ T8817] RSP: 002b:00007fc94fb17038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[ 2641.449290][ T8817] RAX: ffffffffffffffda RBX: 00007fc94efb5fa0 RCX: 00007fc94ed8e969
[ 2641.449302][ T8817] RDX: 000000000000007d RSI: 0000000000000084 RDI: 0000000000000003
[ 2641.449313][ T8817] RBP: 00007fc94fb17090 R08: 0000200000000040 R09: 0000000000000000
[ 2641.449324][ T8817] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2641.449334][ T8817] R13: 0000000000000000 R14: 00007fc94efb5fa0 R15: 00007ffcbfbf7568
[ 2641.449359][ T8817]  </TASK>
[ 2642.189394][ T8824] netlink: 48 bytes leftover after parsing attributes in process `syz.5.10496'.
[ 2642.298644][ T8801] Bluetooth: hci5: command 0x1003 tx timeout
[ 2642.298717][ T5126] Bluetooth: hci5: Opcode 0x1003 failed: -110
[ 2642.653206][ T8833] netlink: 'syz.0.10497': attribute type 10 has an invalid length.
[ 2642.666497][ T8833] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 2642.677719][ T8833] bond0: (slave batadv0): Enslaving as an active interface with an up link
[ 2643.816317][ T8846] netlink: 65051 bytes leftover after parsing attributes in process `syz.5.10502'.
[ 2643.833832][   T30] audit: type=1400 audit(1747840820.645:3937): avc:  denied  { listen } for  pid=8845 comm="syz.0.10503" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 2643.875788][   T30] audit: type=1400 audit(1747840820.645:3938): avc:  denied  { accept } for  pid=8845 comm="syz.0.10503" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 2643.935073][   T30] audit: type=1400 audit(1747840820.745:3939): avc:  denied  { bind } for  pid=8844 comm="syz.5.10502" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[ 2644.028105][   T30] audit: type=1400 audit(1747840820.835:3940): avc:  denied  { accept } for  pid=8845 comm="syz.0.10503" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[ 2644.171725][   T30] audit: type=1400 audit(1747840820.875:3941): avc:  denied  { create } for  pid=8851 comm="syz.6.10504" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=key permissive=1
[ 2644.211021][ T8850] vlan3: entered promiscuous mode
[ 2644.216287][ T8850] vlan3: entered allmulticast mode
[ 2644.223188][ T8850] hsr_slave_1: entered allmulticast mode
[ 2644.233938][   T30] audit: type=1400 audit(1747840821.045:3942): avc:  denied  { bind } for  pid=8845 comm="syz.0.10503" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[ 2644.319827][ T8858] SELinux:  Context system_u:object_r:fsadm_exec_t:s0 is not valid (left unmapped).
[ 2645.211615][   T30] audit: type=1400 audit(1747840821.125:3943): avc:  denied  { mount } for  pid=8851 comm="syz.6.10504" name="/" dev="overlay" ino=315 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[ 2645.608747][T26872] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[ 2645.978628][ T8801] Bluetooth: hci4: command 0x0405 tx timeout
[ 2646.082805][   T30] audit: type=1400 audit(1747840821.145:3944): avc:  denied  { relabelto } for  pid=8851 comm="syz.6.10504" name="/" dev="overlay" ino=315 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:fsadm_exec_t:s0"
[ 2646.084215][ T8862] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2646.243194][ T8864] FAULT_INJECTION: forcing a failure.
[ 2646.243194][ T8864] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2646.290096][T26872] usb 7-1: Using ep0 maxpacket: 16
[ 2646.310507][ T8864] CPU: 0 UID: 0 PID: 8864 Comm: syz.5.10508 Not tainted 6.15.0-rc7-syzkaller-00007-g4a95bc121ccd #0 PREEMPT(full) 
[ 2646.310534][ T8864] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 2646.310544][ T8864] Call Trace:
[ 2646.310551][ T8864]  <TASK>
[ 2646.310564][ T8864]  dump_stack_lvl+0x16c/0x1f0
[ 2646.310594][ T8864]  should_fail_ex+0x512/0x640
[ 2646.310621][ T8864]  _copy_to_user+0x32/0xd0
[ 2646.310650][ T8864]  simple_read_from_buffer+0xcb/0x170
[ 2646.310676][ T8864]  proc_fail_nth_read+0x197/0x270
[ 2646.310703][ T8864]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 2646.310731][ T8864]  ? rw_verify_area+0xcf/0x680
[ 2646.310753][ T8864]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 2646.310779][ T8864]  vfs_read+0x1e1/0xc70
[ 2646.310803][ T8864]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[ 2646.310827][ T8864]  ? __pfx___mutex_lock+0x10/0x10
[ 2646.310850][ T8864]  ? __pfx_vfs_read+0x10/0x10
[ 2646.310879][ T8864]  ? __rcu_read_unlock+0x2b4/0x580
[ 2646.310909][ T8864]  ? __fget_files+0x20e/0x3c0
[ 2646.310934][ T8864]  ksys_read+0x12a/0x240
[ 2646.310959][ T8864]  ? __pfx_ksys_read+0x10/0x10
[ 2646.310994][ T8864]  do_syscall_64+0xcd/0x260
[ 2646.311022][ T8864]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2646.311040][ T8864] RIP: 0033:0x7fc94ed8d37c
[ 2646.311054][ T8864] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 2646.311071][ T8864] RSP: 002b:00007fc94cbf6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 2646.311087][ T8864] RAX: ffffffffffffffda RBX: 00007fc94efb6080 RCX: 00007fc94ed8d37c
[ 2646.311097][ T8864] RDX: 000000000000000f RSI: 00007fc94cbf60a0 RDI: 0000000000000007
[ 2646.311108][ T8864] RBP: 00007fc94cbf6090 R08: 0000000000000000 R09: 0000000000000000
[ 2646.311118][ T8864] R10: 0000000000100008 R11: 0000000000000246 R12: 0000000000000001
[ 2646.311129][ T8864] R13: 0000000000000001 R14: 00007fc94efb6080 R15: 00007ffcbfbf7568
[ 2646.311153][ T8864]  </TASK>
[ 2646.526019][   T30] audit: type=1400 audit(1747840821.145:3945): avc:  denied  { associate } for  pid=8851 comm="syz.6.10504" name="file1" dev="tmpfs" ino=315 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="system_u:object_r:fsadm_exec_t:s0"
[ 2646.530359][T26872] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2646.617361][ T8862] tipc: Resetting bearer <eth:team0>
[ 2646.656771][T26872] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2646.689628][ T8870] netlink: 48 bytes leftover after parsing attributes in process `syz.3.10509'.
[ 2646.703491][T26872] usb 7-1: New USB device found, idVendor=0419, idProduct=0001, bcdDevice= 0.00
[ 2646.733180][T26872] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2646.758287][T26872] usb 7-1: config 0 descriptor??
[ 2646.803235][    C0] vcan0: j1939_tp_rxtimer: 0xffff88803680d800: rx timeout, send abort
[ 2646.993235][ T8862] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[ 2647.022441][ T8862] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[ 2647.045363][ T8862] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[ 2647.058282][ T8862] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[ 2647.311549][    C0] vcan0: j1939_tp_rxtimer: 0xffff88803680d800: abort rx timeout. Force session deactivation
[ 2647.388735][T26123] usb 1-1: new high-speed USB device number 70 using dummy_hcd
[ 2647.458720][T16767] usb 6-1: new high-speed USB device number 31 using dummy_hcd
[ 2647.577373][T26123] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2647.577823][   T30] audit: type=1400 audit(1747840824.385:3946): avc:  denied  { setopt } for  pid=8888 comm="syz.1.10514" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[ 2647.948661][T16767] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2648.264552][T26872] usbhid 7-1:0.0: can't add hid device: -71
[ 2648.287028][   T30] audit: type=1400 audit(1747840825.085:3947): avc:  denied  { rmdir } for  pid=7723 comm="syz-executor" name="file1" dev="tmpfs" ino=315 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:fsadm_exec_t:s0"
[ 2648.341888][T26872] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[ 2648.414645][T16767] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2648.424978][T26123] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2648.427474][T26872] usb 7-1: USB disconnect, device number 5
[ 2648.435307][T26123] usb 1-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00
[ 2648.450238][T16767] usb 6-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00
[ 2648.459526][T16767] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2648.468593][T26123] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2648.486191][T16767] usb 6-1: config 0 descriptor??
[ 2648.493076][T26123] usb 1-1: config 0 descriptor??
[ 2649.311606][T26123] hid-steam 0003:28DE:1142.0065: : USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.0-1/input0
[ 2649.468563][T26123] hid-steam 0003:28DE:1142.0065: Steam wireless receiver connected
[ 2649.543560][T26123] hid-steam 0003:28DE:1142.0066: hidraw0: USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.0-1/input0
[ 2649.578302][T26123] usb 1-1: USB disconnect, device number 70
[ 2649.607375][T26123] hid-steam 0003:28DE:1142.0065: Steam wireless receiver disconnected
[ 2649.713637][T16767] usbhid 6-1:0.0: can't add hid device: -71
[ 2649.780987][T16767] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[ 2650.022511][T16767] usb 6-1: USB disconnect, device number 31
[ 2650.136520][   T30] audit: type=1400 audit(1747840826.945:3948): avc:  denied  { audit_write } for  pid=8906 comm="syz.6.10520" capability=29  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[ 2650.157762][    C1] vkms_vblank_simulate: vblank timer overrun
[ 2651.294860][ T8919] netlink: 48 bytes leftover after parsing attributes in process `syz.6.10520'.
[ 2651.314829][   T30] audit: type=1400 audit(1747840828.105:3949): avc:  denied  { bind } for  pid=8906 comm="syz.6.10520" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[ 2652.128786][ T4248] usb 7-1: new full-speed USB device number 6 using dummy_hcd
[ 2652.297050][ T4248] usb 7-1: config 0 has an invalid interface number: 175 but max is 0
[ 2652.322268][ T4248] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2652.333795][ T4248] usb 7-1: config 0 has no interface number 0
[ 2652.343230][ T4248] usb 7-1: config 0 interface 175 altsetting 0 has an endpoint descriptor with address 0xBC, changing to 0x8C
[ 2652.356162][ T4248] usb 7-1: config 0 interface 175 altsetting 0 endpoint 0x8C has an invalid bInterval 0, changing to 10
[ 2652.536515][ T4248] usb 7-1: config 0 interface 175 altsetting 0 endpoint 0x8C has invalid wMaxPacketSize 0
[ 2652.546765][ T4248] usb 7-1: config 0 interface 175 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 16
[ 2652.565991][ T4248] usb 7-1: New USB device found, idVendor=05e0, idProduct=0600, bcdDevice=f9.9b
[ 2652.575237][ T4248] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2652.583842][ T4248] usb 7-1: Product: syz
[ 2652.728945][T16767] usb 6-1: new high-speed USB device number 32 using dummy_hcd
[ 2653.052508][ T4248] usb 7-1: Manufacturer: syz
[ 2653.060298][ T4248] usb 7-1: SerialNumber: syz
[ 2653.089970][ T4248] usb 7-1: config 0 descriptor??
[ 2653.296337][ T4248] symbolserial 7-1:0.175: symbol converter detected
[ 2653.477808][ T4248] usb 7-1: symbol converter now attached to ttyUSB0
[ 2653.549346][ T4248] usb 7-1: USB disconnect, device number 6
[ 2653.669283][ T4248] symbol ttyUSB0: symbol converter now disconnected from ttyUSB0
[ 2653.767958][ T4248] symbolserial 7-1:0.175: device disconnected
[ 2654.049755][T16767] usb 6-1: too many endpoints for config 4 interface 0 altsetting 0: 101, using maximum allowed: 30
[ 2654.702582][T16767] usb 6-1: config 4 interface 0 altsetting 0 has an endpoint descriptor with address 0xF8, changing to 0x88
[ 2654.871570][T16767] usb 6-1: config 4 interface 0 altsetting 0 endpoint 0x88 has invalid maxpacket 15441, setting to 64
[ 2654.971800][T16767] usb 6-1: config 4 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 101
[ 2654.998573][T16767] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[ 2655.084812][ T8943] FAULT_INJECTION: forcing a failure.
[ 2655.084812][ T8943] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2655.098022][ T8943] CPU: 0 UID: 0 PID: 8943 Comm: syz.1.10529 Not tainted 6.15.0-rc7-syzkaller-00007-g4a95bc121ccd #0 PREEMPT(full) 
[ 2655.098047][ T8943] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 2655.098054][ T8943] Call Trace:
[ 2655.098060][ T8943]  <TASK>
[ 2655.098065][ T8943]  dump_stack_lvl+0x16c/0x1f0
[ 2655.098086][ T8943]  should_fail_ex+0x512/0x640
[ 2655.098105][ T8943]  _copy_from_user+0x2e/0xd0
[ 2655.098122][ T8943]  __sys_bpf+0x21d/0x4d80
[ 2655.098139][ T8943]  ? __pfx___sys_bpf+0x10/0x10
[ 2655.098154][ T8943]  ? ksys_write+0x190/0x240
[ 2655.098174][ T8943]  ? __mutex_unlock_slowpath+0x161/0x6a0
[ 2655.098200][ T8943]  ? fput+0x70/0xf0
[ 2655.098212][ T8943]  ? ksys_write+0x1b9/0x240
[ 2655.098228][ T8943]  ? __pfx_ksys_write+0x10/0x10
[ 2655.098247][ T8943]  __x64_sys_bpf+0x78/0xc0
[ 2655.098262][ T8943]  ? lockdep_hardirqs_on+0x7c/0x110
[ 2655.098277][ T8943]  do_syscall_64+0xcd/0x260
[ 2655.098295][ T8943]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2655.098307][ T8943] RIP: 0033:0x7f161578e969
[ 2655.098316][ T8943] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2655.098327][ T8943] RSP: 002b:00007f16165a2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 2655.098338][ T8943] RAX: ffffffffffffffda RBX: 00007f16159b6080 RCX: 00007f161578e969
[ 2655.098345][ T8943] RDX: 0000000000000090 RSI: 0000200000000840 RDI: 0000000000000005
[ 2655.098352][ T8943] RBP: 00007f16165a2090 R08: 0000000000000000 R09: 0000000000000000
[ 2655.098359][ T8943] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2655.098365][ T8943] R13: 0000000000000000 R14: 00007f16159b6080 R15: 00007ffe089b24c8
[ 2655.098379][ T8943]  </TASK>
[ 2655.383795][T16767] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2655.674221][T16767] usb 6-1: can't set config #4, error -71
[ 2655.684662][T16767] usb 6-1: USB disconnect, device number 32
[ 2655.752251][ T8951] serio: Serial port ttyS3
[ 2655.781198][   T30] audit: type=1400 audit(1747840832.595:3950): avc:  denied  { write } for  pid=8952 comm="syz.5.10532" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[ 2659.150634][ T8982] tmpfs: Unknown parameter '01777777777777777777777'
[ 2660.026172][ T8997] FAULT_INJECTION: forcing a failure.
[ 2660.026172][ T8997] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2660.083775][ T8997] CPU: 1 UID: 0 PID: 8997 Comm: syz.6.10542 Not tainted 6.15.0-rc7-syzkaller-00007-g4a95bc121ccd #0 PREEMPT(full) 
[ 2660.083803][ T8997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 2660.083813][ T8997] Call Trace:
[ 2660.083818][ T8997]  <TASK>
[ 2660.083825][ T8997]  dump_stack_lvl+0x16c/0x1f0
[ 2660.083855][ T8997]  should_fail_ex+0x512/0x640
[ 2660.083882][ T8997]  _copy_from_user+0x2e/0xd0
[ 2660.083908][ T8997]  do_futimesat+0xe5/0x200
[ 2660.083927][ T8997]  ? __pfx_do_futimesat+0x10/0x10
[ 2660.083948][ T8997]  ? ksys_write+0x1b9/0x240
[ 2660.083982][ T8997]  do_syscall_64+0xcd/0x260
[ 2660.084009][ T8997]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2660.084028][ T8997] RIP: 0033:0x7f2d0618e969
[ 2660.084042][ T8997] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2660.084060][ T8997] RSP: 002b:00007f2d07004038 EFLAGS: 00000246 ORIG_RAX: 00000000000000eb
[ 2660.084078][ T8997] RAX: ffffffffffffffda RBX: 00007f2d063b6080 RCX: 00007f2d0618e969
[ 2660.084099][ T8997] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000200000000180
[ 2660.084110][ T8997] RBP: 00007f2d07004090 R08: 0000000000000000 R09: 0000000000000000
[ 2660.084120][ T8997] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2660.084131][ T8997] R13: 0000000000000001 R14: 00007f2d063b6080 R15: 00007ffc29273178
[ 2660.084155][ T8997]  </TASK>
[ 2660.372014][ T8993] FAULT_INJECTION: forcing a failure.
[ 2660.372014][ T8993] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2660.386125][ T8993] CPU: 0 UID: 0 PID: 8993 Comm: syz.0.10544 Not tainted 6.15.0-rc7-syzkaller-00007-g4a95bc121ccd #0 PREEMPT(full) 
[ 2660.386152][ T8993] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 2660.386161][ T8993] Call Trace:
[ 2660.386166][ T8993]  <TASK>
[ 2660.386171][ T8993]  dump_stack_lvl+0x16c/0x1f0
[ 2660.386191][ T8993]  should_fail_ex+0x512/0x640
[ 2660.386212][ T8993]  _copy_from_user+0x2e/0xd0
[ 2660.386230][ T8993]  io_submit_one+0xbb/0x1da0
[ 2660.386249][ T8993]  ? __lock_acquire+0xaa4/0x1ba0
[ 2660.386270][ T8993]  ? __pfx_io_submit_one+0x10/0x10
[ 2660.386292][ T8993]  ? __might_fault+0xe3/0x190
[ 2660.386303][ T8993]  ? __might_fault+0x13b/0x190
[ 2660.386317][ T8993]  ? __x64_sys_io_submit+0x1a9/0x350
[ 2660.386327][ T8993]  __x64_sys_io_submit+0x1a9/0x350
[ 2660.386339][ T8993]  ? __pfx___x64_sys_io_submit+0x10/0x10
[ 2660.386349][ T8993]  ? fput+0x70/0xf0
[ 2660.386368][ T8993]  do_syscall_64+0xcd/0x260
[ 2660.386385][ T8993]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2660.386398][ T8993] RIP: 0033:0x7f2abdb8e969
[ 2660.386413][ T8993] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2660.386424][ T8993] RSP: 002b:00007f2abeaa8038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[ 2660.386435][ T8993] RAX: ffffffffffffffda RBX: 00007f2abddb5fa0 RCX: 00007f2abdb8e969
[ 2660.386443][ T8993] RDX: 0000200000000700 RSI: 000000000000140b RDI: 00007f2abea45000
[ 2660.386450][ T8993] RBP: 00007f2abeaa8090 R08: 0000000000000000 R09: 0000000000000000
[ 2660.386456][ T8993] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2660.386463][ T8993] R13: 0000000000000000 R14: 00007f2abddb5fa0 R15: 00007fff5ab3a668
[ 2660.386478][ T8993]  </TASK>
[ 2661.335196][ T9017] IPVS: length: 119 != 8
[ 2662.590223][   T30] audit: type=1400 audit(1747840839.235:3951): avc:  denied  { bind } for  pid=9027 comm="syz.5.10552" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[ 2662.949358][   T30] audit: type=1400 audit(1747840839.315:3952): avc:  denied  { listen } for  pid=9027 comm="syz.5.10552" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[ 2663.256647][ T9038] netlink: 256 bytes leftover after parsing attributes in process `syz.5.10555'.
[ 2663.952868][   T30] audit: type=1400 audit(1747840840.765:3953): avc:  denied  { write } for  pid=9054 comm="syz.3.10560" name="ptp0" dev="devtmpfs" ino=1265 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[ 2665.046183][T31133] usb 1-1: new low-speed USB device number 71 using dummy_hcd
[ 2665.603950][T31133] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2665.615585][T31133] usb 1-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8d.58
[ 2665.618579][T26872] usb 6-1: new high-speed USB device number 33 using dummy_hcd
[ 2665.626033][T31133] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2665.645011][T31133] usb 1-1: config 0 descriptor??
[ 2665.719402][T16767] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[ 2665.935273][T26872] usb 6-1: config index 0 descriptor too short (expected 23569, got 27)
[ 2665.956211][T26872] usb 6-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[ 2666.439042][T26872] usb 6-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[ 2666.448541][T16767] usb 7-1: Using ep0 maxpacket: 8
[ 2666.455758][T16767] usb 7-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[ 2666.465893][T16767] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2666.491340][T26872] usb 6-1: Manufacturer: syz
[ 2666.496745][T16767] usb 7-1: config 0 descriptor??
[ 2666.521979][T26872] usb 6-1: config 0 descriptor??
[ 2666.648559][T26872] rc_core: IR keymap rc-hauppauge not found
[ 2666.795303][T26872] Registered IR keymap rc-empty
[ 2666.947798][T16767] asix 7-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[ 2667.769441][T16767] asix 7-1:0.0: probe with driver asix failed with error -71
[ 2667.781764][T16767] usb 7-1: USB disconnect, device number 7
[ 2667.919091][T26872] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0
[ 2668.208429][T26872] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0/input221
[ 2668.669855][   T30] audit: type=1400 audit(1747840845.485:3954): avc:  denied  { read } for  pid=5170 comm="acpid" name="event4" dev="devtmpfs" ino=5275 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 2668.709508][   T30] audit: type=1400 audit(1747840845.485:3955): avc:  denied  { open } for  pid=5170 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=5275 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 2668.742282][T26872] usb 6-1: USB disconnect, device number 33
acpid: input device has been disconnected, fd 3
[ 2668.846557][   T30] audit: type=1400 audit(1747840845.485:3956): avc:  denied  { ioctl } for  pid=5170 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=5275 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 2670.243530][ T9115] FAULT_INJECTION: forcing a failure.
[ 2670.243530][ T9115] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2670.256657][ T9115] CPU: 1 UID: 0 PID: 9115 Comm: syz.6.10574 Not tainted 6.15.0-rc7-syzkaller-00007-g4a95bc121ccd #0 PREEMPT(full) 
[ 2670.256684][ T9115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 2670.256695][ T9115] Call Trace:
[ 2670.256702][ T9115]  <TASK>
[ 2670.256710][ T9115]  dump_stack_lvl+0x16c/0x1f0
[ 2670.256742][ T9115]  should_fail_ex+0x512/0x640
[ 2670.256771][ T9115]  _copy_from_user+0x2e/0xd0
[ 2670.256800][ T9115]  copy_msghdr_from_user+0x98/0x160
[ 2670.256821][ T9115]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 2670.256849][ T9115]  ? __pfx___pv_queued_spin_lock_slowpath+0x10/0x10
[ 2670.256882][ T9115]  ___sys_sendmsg+0xfe/0x1d0
[ 2670.256903][ T9115]  ? __pfx____sys_sendmsg+0x10/0x10
[ 2670.256956][ T9115]  __sys_sendmsg+0x16d/0x220
[ 2670.256977][ T9115]  ? __pfx___sys_sendmsg+0x10/0x10
[ 2670.257014][ T9115]  do_syscall_64+0xcd/0x260
[ 2670.257043][ T9115]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2670.257062][ T9115] RIP: 0033:0x7f2d0618e969
[ 2670.257077][ T9115] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2670.257095][ T9115] RSP: 002b:00007f2d06fe3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2670.257113][ T9115] RAX: ffffffffffffffda RBX: 00007f2d063b6160 RCX: 00007f2d0618e969
[ 2670.257125][ T9115] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000006
[ 2670.257136][ T9115] RBP: 00007f2d06fe3090 R08: 0000000000000000 R09: 0000000000000000
[ 2670.257147][ T9115] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2670.257158][ T9115] R13: 0000000000000000 R14: 00007f2d063b6160 R15: 00007ffc29273178
[ 2670.257184][ T9115]  </TASK>
[ 2670.488744][T26872] usb 6-1: new high-speed USB device number 34 using dummy_hcd
[ 2670.672740][T26872] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[ 2670.688982][T26872] usb 6-1: config 0 has no interface number 0
[ 2670.718125][T26872] usb 6-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[ 2670.869299][T26872] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2670.877808][T26872] usb 6-1: Product: syz
[ 2670.902358][T31133] usb 1-1: USB disconnect, device number 71
[ 2670.902431][T26872] usb 6-1: Manufacturer: syz
[ 2670.913399][T26872] usb 6-1: SerialNumber: syz
[ 2670.979311][T26872] usb 6-1: config 0 descriptor??
[ 2671.196955][T26872] usb 6-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state
[ 2671.348799][T26872] usb 6-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[ 2671.368691][T26872] dvbdev: DVB: registering new adapter (E3C EC168 reference design)
[ 2671.376880][T26872] usb 6-1: media controller created
[ 2671.430687][T26872] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 2672.224724][ T9135] netlink: 'syz.1.10580': attribute type 4 has an invalid length.
[ 2672.258053][ T9135] netlink: 'syz.1.10580': attribute type 11 has an invalid length.
[ 2672.275638][ T9137] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2672.373477][ T9141] FAULT_INJECTION: forcing a failure.
[ 2672.373477][ T9141] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2672.388372][ T9141] CPU: 1 UID: 0 PID: 9141 Comm: syz.0.10581 Not tainted 6.15.0-rc7-syzkaller-00007-g4a95bc121ccd #0 PREEMPT(full) 
[ 2672.388399][ T9141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 2672.388409][ T9141] Call Trace:
[ 2672.388415][ T9141]  <TASK>
[ 2672.388423][ T9141]  dump_stack_lvl+0x16c/0x1f0
[ 2672.388457][ T9141]  should_fail_ex+0x512/0x640
[ 2672.388485][ T9141]  _copy_from_user+0x2e/0xd0
[ 2672.388513][ T9141]  copy_msghdr_from_user+0x98/0x160
[ 2672.388534][ T9141]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 2672.388562][ T9141]  ? __lock_acquire+0x5ca/0x1ba0
[ 2672.388593][ T9141]  ___sys_recvmsg+0xdb/0x1a0
[ 2672.388612][ T9141]  ? __pfx____sys_recvmsg+0x10/0x10
[ 2672.388652][ T9141]  __sys_recvmsg+0x16a/0x220
[ 2672.388666][ T9141]  ? __pfx___sys_recvmsg+0x10/0x10
[ 2672.388683][ T9141]  ? rcu_is_watching+0x12/0xc0
[ 2672.388701][ T9141]  do_syscall_64+0xcd/0x260
[ 2672.388719][ T9141]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2672.388731][ T9141] RIP: 0033:0x7f2abdb8e969
[ 2672.388741][ T9141] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2672.388753][ T9141] RSP: 002b:00007f2abeaa8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[ 2672.388765][ T9141] RAX: ffffffffffffffda RBX: 00007f2abddb5fa0 RCX: 00007f2abdb8e969
[ 2672.388772][ T9141] RDX: 0000000000000000 RSI: 00002000000005c0 RDI: 0000000000000004
[ 2672.388779][ T9141] RBP: 00007f2abeaa8090 R08: 0000000000000000 R09: 0000000000000000
[ 2672.388785][ T9141] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2672.388792][ T9141] R13: 0000000000000000 R14: 00007f2abddb5fa0 R15: 00007fff5ab3a668
[ 2672.388806][ T9141]  </TASK>
[ 2672.621645][T26872] i2c i2c-1: ec100: i2c rd failed=-110 reg=33
[ 2673.164641][T26872] usb 6-1: USB disconnect, device number 34
[ 2673.394717][ T9146] loop6: detected capacity change from 0 to 128
[ 2673.413791][   T30] audit: type=1326 audit(1747840850.215:3957): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9145 comm="syz.5.10583" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc94ed8e969 code=0x0
[ 2673.436667][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2673.447852][ T9150] netlink: 8 bytes leftover after parsing attributes in process `syz.6.10584'.
[ 2673.556414][ T9147] Invalid logical block size (-1)
[ 2676.715929][   T30] audit: type=1400 audit(1747840853.525:3958): avc:  denied  { read } for  pid=9187 comm="syz.5.10594" name="snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[ 2676.739001][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2676.856449][ T9199] FAULT_INJECTION: forcing a failure.
[ 2676.856449][ T9199] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2676.977893][ T9188] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 2677.023943][ T9188] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 2677.030428][ T9188] Bluetooth: hci4: Opcode 0x0406 failed: -4
[ 2677.041251][ T9199] CPU: 0 UID: 0 PID: 9199 Comm: syz.5.10594 Not tainted 6.15.0-rc7-syzkaller-00007-g4a95bc121ccd #0 PREEMPT(full) 
[ 2677.041281][ T9199] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 2677.041293][ T9199] Call Trace:
[ 2677.041300][ T9199]  <TASK>
[ 2677.041307][ T9199]  dump_stack_lvl+0x16c/0x1f0
[ 2677.041339][ T9199]  should_fail_ex+0x512/0x640
[ 2677.041370][ T9199]  _copy_from_user+0x2e/0xd0
[ 2677.041397][ T9199]  copy_msghdr_from_user+0x98/0x160
[ 2677.041419][ T9199]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 2677.041443][ T9199]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[ 2677.041467][ T9199]  ? lockdep_hardirqs_on+0x7c/0x110
[ 2677.041492][ T9199]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[ 2677.041519][ T9199]  ___sys_sendmsg+0xfe/0x1d0
[ 2677.041541][ T9199]  ? __pfx____sys_sendmsg+0x10/0x10
[ 2677.041596][ T9199]  __sys_sendmsg+0x16d/0x220
[ 2677.041617][ T9199]  ? __pfx___sys_sendmsg+0x10/0x10
[ 2677.041655][ T9199]  do_syscall_64+0xcd/0x260
[ 2677.041683][ T9199]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2677.041702][ T9199] RIP: 0033:0x7fc94ed8e969
[ 2677.041718][ T9199] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2677.041736][ T9199] RSP: 002b:00007fc94cbd5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2677.041754][ T9199] RAX: ffffffffffffffda RBX: 00007fc94efb6160 RCX: 00007fc94ed8e969
[ 2677.041766][ T9199] RDX: 0000000000000080 RSI: 0000200000000100 RDI: 0000000000000006
[ 2677.041777][ T9199] RBP: 00007fc94cbd5090 R08: 0000000000000000 R09: 0000000000000000
[ 2677.041788][ T9199] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2677.041798][ T9199] R13: 0000000000000000 R14: 00007fc94efb6160 R15: 00007ffcbfbf7568
[ 2677.041824][ T9199]  </TASK>
[ 2677.223107][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2677.371604][T13404] dvb-usb: did not find the firmware file 'dvb-usb-az6027-03.fw' (status -110). You can use <kernel_dir>/scripts/get_dvb_firmware to get the firmware
[ 2677.408678][T13404] dvb_usb_az6027 4-1:0.0: probe with driver dvb_usb_az6027 failed with error -110
[ 2677.420237][T13404] usb 4-1: USB disconnect, device number 61
[ 2677.721332][ T9188] Bluetooth: hci4: Opcode 0x0406 failed: -4
[ 2677.734351][ T9204] netlink: 8 bytes leftover after parsing attributes in process `syz.3.10597'.
[ 2678.858596][ T8801] Bluetooth: hci1: command 0x0c1a tx timeout
[ 2678.878625][ T5967] usb 7-1: new low-speed USB device number 8 using dummy_hcd
[ 2679.098586][ T8801] Bluetooth: hci4: command 0x0405 tx timeout
[ 2679.240509][   T30] audit: type=1400 audit(1747840856.055:3959): avc:  denied  { append } for  pid=9215 comm="syz.3.10599" name="random" dev="devtmpfs" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1
[ 2679.408681][ T9222] netlink: 108 bytes leftover after parsing attributes in process `syz.3.10599'.
[ 2679.463918][ T9222] vcan0: entered promiscuous mode
[ 2679.487696][ T9222] vcan0: entered allmulticast mode
[ 2681.096261][   T30] audit: type=1400 audit(1747840857.905:3960): avc:  denied  { write } for  pid=9238 comm="syz.0.10604" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[ 2681.180432][ T8801] Bluetooth: hci4: command 0x0405 tx timeout
[ 2681.205121][   T30] audit: type=1400 audit(1747840857.955:3961): avc:  denied  { read } for  pid=9242 comm="syz.6.10605" path="socket:[169165]" dev="sockfs" ino=169165 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[ 2682.302520][ T9259] netlink: 8 bytes leftover after parsing attributes in process `syz.5.10609'.
[ 2682.444517][T16767] usb 4-1: new high-speed USB device number 62 using dummy_hcd
[ 2682.748942][ T5967] usb 1-1: new high-speed USB device number 72 using dummy_hcd
[ 2682.984685][ T5967] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2682.995919][ T5967] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2683.005856][ T5967] usb 1-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00
[ 2683.015823][ T5967] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2683.026394][ T5967] usb 1-1: config 0 descriptor??
[ 2683.058555][T16767] usb 4-1: Using ep0 maxpacket: 32
[ 2683.065324][T16767] usb 4-1: config 1 has an invalid interface number: 121 but max is 0
[ 2683.073665][T16767] usb 4-1: config 1 has no interface number 0
[ 2683.079919][T16767] usb 4-1: config 1 interface 121 has no altsetting 0
[ 2683.088804][T16767] usb 4-1: New USB device found, idVendor=2c7c, idProduct=030e, bcdDevice=ce.f2
[ 2683.097868][T16767] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2683.105995][T16767] usb 4-1: Product: syz
[ 2683.110494][T16767] usb 4-1: Manufacturer: syz
[ 2683.115090][T16767] usb 4-1: SerialNumber: syz
[ 2683.258733][ T8801] Bluetooth: hci4: command 0x0405 tx timeout
[ 2683.872339][ T5967] usbhid 1-1:0.0: can't add hid device: -71
[ 2683.878387][ T5967] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[ 2683.888692][ T5967] usb 1-1: USB disconnect, device number 72
[ 2684.418870][T31133] usb 6-1: new high-speed USB device number 35 using dummy_hcd
[ 2684.438535][ T5967] usb 1-1: new full-speed USB device number 73 using dummy_hcd
[ 2684.581115][T31133] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[ 2684.592229][T13404] usb 7-1: new low-speed USB device number 9 using dummy_hcd
[ 2684.601301][T31133] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2684.612513][T31133] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2684.627397][T31133] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[ 2684.642421][ T5967] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 2684.656483][T31133] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[ 2684.666153][T31133] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[ 2684.675597][T31133] usb 6-1: Manufacturer: syz
[ 2684.684709][T31133] usb 6-1: config 0 descriptor??
[ 2684.697615][ T5967] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2684.721006][ T5967] usb 1-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[ 2684.741142][ T5967] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2684.763341][ T5967] usb 1-1: config 0 descriptor??
[ 2684.975260][ T9280] netlink: 'syz.0.10616': attribute type 1 has an invalid length.
[ 2684.985368][ T9280] netlink: 224 bytes leftover after parsing attributes in process `syz.0.10616'.
[ 2685.100509][T31133] appleir 0003:05AC:8243.0067: unknown main item tag 0x0
[ 2685.108363][T31133] appleir 0003:05AC:8243.0067: No inputs registered, leaving
[ 2685.120027][T31133] appleir 0003:05AC:8243.0067: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.5-1/input0
[ 2685.176356][T16767] option 4-1:1.121: GSM modem (1-port) converter detected
[ 2685.191920][T16767] usb 4-1: GSM modem (1-port) converter now attached to ttyUSB0
[ 2685.204065][T16767] usb 4-1: USB disconnect, device number 62
[ 2685.215407][T16767] option1 ttyUSB0: GSM modem (1-port) converter now disconnected from ttyUSB0
[ 2685.217796][ T5967] elan 0003:04F3:0755.0068: failed to start in urb: -90
[ 2685.225064][T16767] option 4-1:1.121: device disconnected
[ 2685.243642][ T5967] elan 0003:04F3:0755.0068: hidraw1: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.0-1/input0
[ 2685.360854][ T9276] netlink: 28 bytes leftover after parsing attributes in process `syz.5.10614'.
[ 2685.374685][T31133] usb 6-1: USB disconnect, device number 35
[ 2685.422855][T16767] usb 1-1: USB disconnect, device number 73
[ 2686.903736][ T9300] mkiss: ax0: crc mode is auto.
[ 2686.914967][ T9300] FAULT_INJECTION: forcing a failure.
[ 2686.914967][ T9300] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2686.928716][ T9300] CPU: 1 UID: 0 PID: 9300 Comm: syz.3.10620 Not tainted 6.15.0-rc7-syzkaller-00007-g4a95bc121ccd #0 PREEMPT(full) 
[ 2686.928744][ T9300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 2686.928754][ T9300] Call Trace:
[ 2686.928761][ T9300]  <TASK>
[ 2686.928768][ T9300]  dump_stack_lvl+0x16c/0x1f0
[ 2686.928798][ T9300]  should_fail_ex+0x512/0x640
[ 2686.928828][ T9300]  _copy_from_user+0x2e/0xd0
[ 2686.928856][ T9300]  copy_msghdr_from_user+0x98/0x160
[ 2686.928878][ T9300]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 2686.928906][ T9300]  ? __pfx___pv_queued_spin_lock_slowpath+0x10/0x10
[ 2686.928937][ T9300]  ___sys_sendmsg+0xfe/0x1d0
[ 2686.928959][ T9300]  ? __pfx____sys_sendmsg+0x10/0x10
[ 2686.929012][ T9300]  __sys_sendmsg+0x16d/0x220
[ 2686.929033][ T9300]  ? __pfx___sys_sendmsg+0x10/0x10
[ 2686.929070][ T9300]  do_syscall_64+0xcd/0x260
[ 2686.929098][ T9300]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2686.929117][ T9300] RIP: 0033:0x7f648cd8e969
[ 2686.929132][ T9300] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2686.929150][ T9300] RSP: 002b:00007f648dbd2038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2686.929168][ T9300] RAX: ffffffffffffffda RBX: 00007f648cfb6160 RCX: 00007f648cd8e969
[ 2686.929179][ T9300] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000008
[ 2686.929189][ T9300] RBP: 00007f648dbd2090 R08: 0000000000000000 R09: 0000000000000000
[ 2686.929200][ T9300] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2686.929211][ T9300] R13: 0000000000000000 R14: 00007f648cfb6160 R15: 00007ffc5b86b948
[ 2686.929236][ T9300]  </TASK>
[ 2687.863288][ T9305] netlink: 8 bytes leftover after parsing attributes in process `syz.0.10621'.
[ 2688.016341][ T9307] Falling back ldisc for ptm1.
[ 2688.084382][   T30] audit: type=1400 audit(1747840864.885:3962): avc:  denied  { unmount } for  pid=3182 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[ 2688.608569][   T30] audit: type=1400 audit(1747840865.415:3963): avc:  denied  { setopt } for  pid=9315 comm="syz.3.10625" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[ 2689.145279][T13404] usb 7-1: device descriptor read/all, error -71
[ 2689.425590][ T9321] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 2689.434638][ T9321] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 2690.924972][ T9356] FAULT_INJECTION: forcing a failure.
[ 2690.924972][ T9356] name failslab, interval 1, probability 0, space 0, times 0
[ 2690.937813][ T9356] CPU: 0 UID: 0 PID: 9356 Comm: syz.3.10635 Not tainted 6.15.0-rc7-syzkaller-00007-g4a95bc121ccd #0 PREEMPT(full) 
[ 2690.937841][ T9356] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 2690.937852][ T9356] Call Trace:
[ 2690.937859][ T9356]  <TASK>
[ 2690.937866][ T9356]  dump_stack_lvl+0x16c/0x1f0
[ 2690.937900][ T9356]  should_fail_ex+0x512/0x640
[ 2690.937926][ T9356]  ? __kmalloc_cache_noprof+0x57/0x3e0
[ 2690.937956][ T9356]  should_failslab+0xc2/0x120
[ 2690.937978][ T9356]  __kmalloc_cache_noprof+0x6a/0x3e0
[ 2690.938004][ T9356]  ? percpu_ref_init+0xec/0x410
[ 2690.938028][ T9356]  ? __pfx_free_ioctx_reqs+0x10/0x10
[ 2690.938053][ T9356]  percpu_ref_init+0xec/0x410
[ 2690.938073][ T9356]  ? __init_waitqueue_head+0xca/0x150
[ 2690.938099][ T9356]  ioctx_alloc+0x3bc/0x2060
[ 2690.938123][ T9356]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 2690.938159][ T9356]  ? find_held_lock+0x2b/0x80
[ 2690.938182][ T9356]  ? __pfx_ioctx_alloc+0x10/0x10
[ 2690.938207][ T9356]  ? __might_fault+0x13b/0x190
[ 2690.938236][ T9356]  __x64_sys_io_setup+0xc9/0x210
[ 2690.938266][ T9356]  do_syscall_64+0xcd/0x260
[ 2690.938302][ T9356]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2690.938321][ T9356] RIP: 0033:0x7f648cd8e969
[ 2690.938337][ T9356] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2690.938355][ T9356] RSP: 002b:00007f648dc14038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ce
[ 2690.938374][ T9356] RAX: ffffffffffffffda RBX: 00007f648cfb5fa0 RCX: 00007f648cd8e969
[ 2690.938386][ T9356] RDX: 0000000000000000 RSI: 00002000000004c0 RDI: 00000000000083ab
[ 2690.938397][ T9356] RBP: 00007f648dc14090 R08: 0000000000000000 R09: 0000000000000000
[ 2690.938408][ T9356] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2690.938418][ T9356] R13: 0000000000000000 R14: 00007f648cfb5fa0 R15: 00007ffc5b86b948
[ 2690.938447][ T9356]  </TASK>
[ 2691.173731][   T30] audit: type=1400 audit(1747840867.985:3964): avc:  denied  { setattr } for  pid=9354 comm="syz.3.10635" name="NETLINK" dev="sockfs" ino=169509 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 2691.237268][ T9361] FAULT_INJECTION: forcing a failure.
[ 2691.237268][ T9361] name failslab, interval 1, probability 0, space 0, times 0
[ 2691.256512][ T9361] CPU: 1 UID: 0 PID: 9361 Comm: syz.0.10636 Not tainted 6.15.0-rc7-syzkaller-00007-g4a95bc121ccd #0 PREEMPT(full) 
[ 2691.256545][ T9361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 2691.256556][ T9361] Call Trace:
[ 2691.256563][ T9361]  <TASK>
[ 2691.256570][ T9361]  dump_stack_lvl+0x16c/0x1f0
[ 2691.256603][ T9361]  should_fail_ex+0x512/0x640
[ 2691.256629][ T9361]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[ 2691.256650][ T9361]  should_failslab+0xc2/0x120
[ 2691.256670][ T9361]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[ 2691.256687][ T9361]  ? __alloc_skb+0x2b2/0x380
[ 2691.256711][ T9361]  __alloc_skb+0x2b2/0x380
[ 2691.256730][ T9361]  ? __pfx___alloc_skb+0x10/0x10
[ 2691.256752][ T9361]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[ 2691.256781][ T9361]  netlink_alloc_large_skb+0x69/0x130
[ 2691.256806][ T9361]  netlink_sendmsg+0x6a1/0xdd0
[ 2691.256833][ T9361]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 2691.256867][ T9361]  ____sys_sendmsg+0xa95/0xc70
[ 2691.256893][ T9361]  ? copy_msghdr_from_user+0x10a/0x160
[ 2691.256913][ T9361]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 2691.256950][ T9361]  ___sys_sendmsg+0x134/0x1d0
[ 2691.256973][ T9361]  ? __pfx____sys_sendmsg+0x10/0x10
[ 2691.257026][ T9361]  __sys_sendmsg+0x16d/0x220
[ 2691.257054][ T9361]  ? __pfx___sys_sendmsg+0x10/0x10
[ 2691.257083][ T9361]  ? rcu_is_watching+0x12/0xc0
[ 2691.257114][ T9361]  do_syscall_64+0xcd/0x260
[ 2691.257144][ T9361]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2691.257163][ T9361] RIP: 0033:0x7f2abdb8e969
[ 2691.257180][ T9361] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2691.257198][ T9361] RSP: 002b:00007f2abeaa8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2691.257217][ T9361] RAX: ffffffffffffffda RBX: 00007f2abddb5fa0 RCX: 00007f2abdb8e969
[ 2691.257229][ T9361] RDX: 0000000000000004 RSI: 0000200000001180 RDI: 0000000000000003
[ 2691.257240][ T9361] RBP: 00007f2abeaa8090 R08: 0000000000000000 R09: 0000000000000000
[ 2691.257251][ T9361] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2691.257262][ T9361] R13: 0000000000000000 R14: 00007f2abddb5fa0 R15: 00007fff5ab3a668
[ 2691.257286][ T9361]  </TASK>
[ 2691.260067][ T8801] Bluetooth: hci1: command 0x0c1a tx timeout
[ 2691.498676][ T8801] Bluetooth: hci4: command 0x0405 tx timeout
[ 2692.010814][ T9371] netlink: 8 bytes leftover after parsing attributes in process `syz.0.10638'.
[ 2692.053732][ T9376] netlink: 24 bytes leftover after parsing attributes in process `syz.6.10641'.
[ 2692.157873][ T9379] netlink: 24 bytes leftover after parsing attributes in process `syz.6.10642'.
[ 2692.278542][T13404] usb 4-1: new low-speed USB device number 63 using dummy_hcd
[ 2693.888755][ T5967] usb 1-1: new high-speed USB device number 74 using dummy_hcd
[ 2693.968024][T13404] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2694.001238][T13404] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8D has invalid maxpacket 32200, setting to 8
[ 2694.016766][T13404] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 2694.091616][ T5967] usb 1-1: Using ep0 maxpacket: 8
[ 2694.124001][ T5967] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2694.152460][ T5967] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF9, changing to 0x89
[ 2694.179644][T13404] usb 4-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8d.58
[ 2694.193507][ T5967] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7
[ 2694.193767][T13404] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2694.334892][ T5967] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 59391, setting to 1024
[ 2694.905458][ T5967] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 255, changing to 11
[ 2694.934187][ T5967] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid maxpacket 59391, setting to 1024
[ 2694.945385][   T30] audit: type=1400 audit(1747840871.245:3965): avc:  denied  { write } for  pid=9401 comm="syz.5.10649" path="socket:[169599]" dev="sockfs" ino=169599 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[ 2695.048600][T26872] usb 7-1: new low-speed USB device number 11 using dummy_hcd
[ 2695.059334][ T5967] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 2695.074816][ T5967] usb 1-1: New USB device found, idVendor=0bc7, idProduct=0008, bcdDevice=4f.c8
[ 2695.084257][ T5967] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2695.093057][ T5967] usb 1-1: Product: syz
[ 2695.097370][ T5967] usb 1-1: Manufacturer: syz
[ 2695.102040][ T5967] usb 1-1: SerialNumber: syz
[ 2695.108114][ T5967] usb 1-1: config 0 descriptor??
[ 2695.115007][ T9391] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[ 2695.122530][ T9391] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[ 2695.131763][ T5967] ati_remote 1-1:0.0: ati_remote_probe: Unexpected endpoint_out
[ 2695.182196][T13404] usb 4-1: config 0 descriptor??
[ 2695.210087][T26872] usb 7-1: Invalid ep0 maxpacket: 64
[ 2695.292927][T13404] usb 4-1: can't set config #0, error -71
[ 2695.300397][T13404] usb 4-1: USB disconnect, device number 63
[ 2695.467988][T26872] usb 7-1: new low-speed USB device number 12 using dummy_hcd
[ 2695.520845][T16767] usb 6-1: new high-speed USB device number 36 using dummy_hcd
[ 2695.624319][ T5967] usb 1-1: USB disconnect, device number 74
[ 2695.688577][T26872] usb 7-1: Invalid ep0 maxpacket: 64
[ 2695.694091][T26872] usb usb7-port1: attempt power cycle
[ 2695.749974][T16767] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[ 2695.764616][T16767] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2695.776602][T16767] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2695.788796][T16767] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[ 2695.805905][T16767] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[ 2695.817446][T16767] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[ 2695.834912][T16767] usb 6-1: Manufacturer: syz
[ 2695.841388][T16767] usb 6-1: config 0 descriptor??
[ 2695.858749][T13404] usb 4-1: new full-speed USB device number 64 using dummy_hcd
[ 2696.098712][T26872] usb 7-1: new low-speed USB device number 13 using dummy_hcd
[ 2696.449166][T26872] usb 7-1: Invalid ep0 maxpacket: 64
[ 2696.493930][T13404] usb 4-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[ 2696.519174][T13404] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2696.550954][T13404] usb 4-1: config 0 descriptor??
[ 2696.595263][T26872] usb 7-1: new low-speed USB device number 14 using dummy_hcd
[ 2696.912474][T13404] [drm] vendor descriptor length:e0 data:00 00 00 00 00 00 00 00 00 00 00
[ 2696.922363][T26872] usb 7-1: Invalid ep0 maxpacket: 64
[ 2696.934933][T13404] [drm:udl_init] *ERROR* Unrecognized vendor firmware descriptor
[ 2696.935353][T26872] usb usb7-port1: unable to enumerate USB device
[ 2696.958259][T16767] appleir 0003:05AC:8243.0069: unknown main item tag 0x0
[ 2696.979894][T13404] [drm] Initialized udl 0.0.1 for 4-1:0.0 on minor 2
[ 2696.986719][T13404] [drm] Initialized udl on minor 2
[ 2696.992472][T16767] appleir 0003:05AC:8243.0069: No inputs registered, leaving
[ 2697.003361][T16767] appleir 0003:05AC:8243.0069: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.5-1/input0
[ 2697.244526][T13404] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[ 2697.252801][T13404] udl 4-1:0.0: [drm] Cannot find any crtc or sizes
[ 2697.445556][T13404] usb 4-1: USB disconnect, device number 64
[ 2697.458641][T16767] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffed
[ 2697.466669][T16767] udl 4-1:0.0: [drm] Cannot find any crtc or sizes
[ 2697.931290][T26872] usb 6-1: USB disconnect, device number 36
[ 2698.430389][ T9437] netlink: 4 bytes leftover after parsing attributes in process `syz.3.10658'.
[ 2698.442063][ T9437] netlink: 'syz.3.10658': attribute type 4 has an invalid length.
[ 2698.959408][ T9449] FAULT_INJECTION: forcing a failure.
[ 2698.959408][ T9449] name failslab, interval 1, probability 0, space 0, times 0
[ 2698.984283][ T9449] CPU: 0 UID: 0 PID: 9449 Comm: syz.0.10659 Not tainted 6.15.0-rc7-syzkaller-00007-g4a95bc121ccd #0 PREEMPT(full) 
[ 2698.984301][ T9449] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 2698.984308][ T9449] Call Trace:
[ 2698.984313][ T9449]  <TASK>
[ 2698.984318][ T9449]  dump_stack_lvl+0x16c/0x1f0
[ 2698.984338][ T9449]  should_fail_ex+0x512/0x640
[ 2698.984354][ T9449]  ? fs_reclaim_acquire+0xae/0x150
[ 2698.984371][ T9449]  ? tomoyo_encode2+0x100/0x3e0
[ 2698.984387][ T9449]  should_failslab+0xc2/0x120
[ 2698.984399][ T9449]  __kmalloc_noprof+0xd2/0x510
[ 2698.984410][ T9449]  ? d_absolute_path+0x136/0x1a0
[ 2698.984427][ T9449]  tomoyo_encode2+0x100/0x3e0
[ 2698.984445][ T9449]  tomoyo_encode+0x29/0x50
[ 2698.984461][ T9449]  tomoyo_realpath_from_path+0x18f/0x6e0
[ 2698.984482][ T9449]  tomoyo_mount_acl+0x1ae/0x850
[ 2698.984497][ T9449]  ? kernel_text_address+0x8d/0x100
[ 2698.984510][ T9449]  ? __kernel_text_address+0xd/0x40
[ 2698.984522][ T9449]  ? unwind_get_return_address+0x59/0xa0
[ 2698.984537][ T9449]  ? arch_stack_walk+0xa6/0x100
[ 2698.984552][ T9449]  ? __pfx_tomoyo_mount_acl+0x10/0x10
[ 2698.984584][ T9449]  ? tomoyo_domain+0xbb/0x150
[ 2698.984594][ T9449]  ? tomoyo_profile+0x47/0x60
[ 2698.984606][ T9449]  tomoyo_mount_permission+0x16d/0x420
[ 2698.984622][ T9449]  ? tomoyo_mount_permission+0x14f/0x420
[ 2698.984638][ T9449]  ? __pfx_tomoyo_mount_permission+0x10/0x10
[ 2698.984663][ T9449]  security_sb_mount+0x9b/0x260
[ 2698.984679][ T9449]  path_mount+0x128/0x1f20
[ 2698.984693][ T9449]  ? kmem_cache_free+0x2d4/0x4d0
[ 2698.984710][ T9449]  ? __pfx_path_mount+0x10/0x10
[ 2698.984724][ T9449]  ? putname+0x154/0x1a0
[ 2698.984738][ T9449]  __x64_sys_mount+0x28d/0x310
[ 2698.984751][ T9449]  ? __pfx___x64_sys_mount+0x10/0x10
[ 2698.984762][ T9449]  ? rcu_is_watching+0x12/0xc0
[ 2698.984780][ T9449]  do_syscall_64+0xcd/0x260
[ 2698.984798][ T9449]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2698.984809][ T9449] RIP: 0033:0x7f2abdb8e969
[ 2698.984819][ T9449] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2698.984830][ T9449] RSP: 002b:00007f2abea66038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2698.984841][ T9449] RAX: ffffffffffffffda RBX: 00007f2abddb6160 RCX: 00007f2abdb8e969
[ 2698.984848][ T9449] RDX: 0000200000000200 RSI: 00002000000001c0 RDI: 0000000000000000
[ 2698.984855][ T9449] RBP: 00007f2abea66090 R08: 0000200000000340 R09: 0000000000000000
[ 2698.984862][ T9449] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001
[ 2698.984868][ T9449] R13: 0000000000000000 R14: 00007f2abddb6160 R15: 00007fff5ab3a668
[ 2698.984882][ T9449]  </TASK>
[ 2698.984894][ T9449] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 2699.459327][T16767] usb 6-1: new low-speed USB device number 37 using dummy_hcd
[ 2699.941821][ T9457] batman_adv: batadv0: Adding interface: dummy0
[ 2699.948129][ T9457] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2699.974200][ T9457] batman_adv: batadv0: Interface activated: dummy0
[ 2700.312096][T16767] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2700.322651][T16767] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8D has invalid maxpacket 32200, setting to 8
[ 2700.334020][T16767] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 2700.347394][T16767] usb 6-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8d.58
[ 2700.356493][T16767] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2700.436737][T16767] usb 6-1: config 0 descriptor??
[ 2700.448826][ T9446] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[ 2700.717516][ T9462] netlink: 21 bytes leftover after parsing attributes in process `syz.3.10665'.
[ 2700.925388][   T30] audit: type=1400 audit(1747840877.705:3966): avc:  denied  { map } for  pid=9464 comm="syz.0.10666" path="socket:[169746]" dev="sockfs" ino=169746 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1
[ 2701.722166][   T30] audit: type=1400 audit(1747840877.805:3967): avc:  denied  { listen } for  pid=9464 comm="syz.0.10666" lport=59468 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[ 2702.307925][   T30] audit: type=1400 audit(1747840879.115:3968): avc:  denied  { write } for  pid=9478 comm="syz.0.10669" name="/" dev="9p" ino=17889801302421081418 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[ 2703.391815][ T9491] netlink: 24 bytes leftover after parsing attributes in process `syz.6.10674'.
[ 2704.014551][T26872] usb 6-1: USB disconnect, device number 37
[ 2704.028313][T31133] libceph: connect (1)[c::]:6789 error -101
[ 2704.034572][T31133] libceph: mon0 (1)[c::]:6789 connect error
[ 2704.042792][ T9501] netlink: 8 bytes leftover after parsing attributes in process `syz.0.10673'.
[ 2704.567962][T31133] libceph: connect (1)[c::]:6789 error -101
[ 2704.575965][ T9498] ceph: No mds server is up or the cluster is laggy
[ 2704.583437][T31133] libceph: mon0 (1)[c::]:6789 connect error
[ 2705.513432][ T9518] loop6: detected capacity change from 0 to 128
[ 2705.758840][T26872] usb 6-1: new high-speed USB device number 38 using dummy_hcd
[ 2705.948841][T26872] usb 6-1: Using ep0 maxpacket: 16
[ 2705.964576][T26872] usb 6-1: config 13 has an invalid interface number: 120 but max is 0
[ 2705.985145][T26872] usb 6-1: config 13 has no interface number 0
[ 2706.011569][T26872] usb 6-1: config 13 interface 120 has no altsetting 0
[ 2706.028828][T31133] usb 7-1: new full-speed USB device number 15 using dummy_hcd
[ 2706.031321][T26872] usb 6-1: New USB device found, idVendor=07c4, idProduct=a000, bcdDevice= 0.07
[ 2706.315904][T26872] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2706.324138][T26872] usb 6-1: Product: syz
[ 2706.328304][T26872] usb 6-1: Manufacturer: syz
[ 2706.369801][T26872] usb 6-1: SerialNumber: syz
[ 2706.529996][T31133] usb 7-1: config 0 has an invalid interface number: 56 but max is 0
[ 2706.538220][T31133] usb 7-1: config 0 has no interface number 0
[ 2706.555767][T31133] usb 7-1: New USB device found, idVendor=0b48, idProduct=3007, bcdDevice=4f.64
[ 2706.959140][T31133] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2706.968535][T31133] usb 7-1: Product: syz
[ 2706.972794][T31133] usb 7-1: Manufacturer: syz
[ 2706.977315][T26872] ums-datafab 6-1:13.120: USB Mass Storage device detected
[ 2706.977442][T31133] usb 7-1: SerialNumber: syz
[ 2706.993767][T31133] usb 7-1: config 0 descriptor??
[ 2707.010523][T31133] dvb-usb: found a 'Technotrend TT Connect S2-3600' in warm state.
[ 2707.041654][T31133] pctv452e: pctv452e_power_ctrl: 1
[ 2707.041654][T31133] 
[ 2707.052198][T31133] pctv452e: pctv452e_power_ctrl: Warning set interface returned: -22
[ 2707.052198][T31133] 
[ 2707.062675][T31133] dvb-usb: bulk message failed: -22 (5/0)
[ 2707.074611][T26872] usb 6-1: USB disconnect, device number 38
[ 2707.076749][T31133] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[ 2707.479811][T31133] dvb-usb: Technotrend TT Connect S2-3600 error while loading driver (-19)
[ 2707.502286][T31133] usb 7-1: USB disconnect, device number 15
[ 2709.195338][ T9560] loop6: detected capacity change from 0 to 128
[ 2709.328792][   T30] audit: type=1326 audit(1747840886.015:3969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9555 comm="syz.6.10691" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2d0618e969 code=0x0
[ 2709.378611][ T9562] Invalid logical block size (-1)
[ 2709.629093][T31133] usb 1-1: new high-speed USB device number 75 using dummy_hcd
[ 2709.688687][T26872] usb 6-1: new low-speed USB device number 39 using dummy_hcd
[ 2710.092687][T31133] usb 1-1: Using ep0 maxpacket: 16
[ 2710.099890][T31133] usb 1-1: config 0 interface 0 altsetting 13 endpoint 0x81 has an invalid bInterval 238, changing to 11
[ 2710.111920][T31133] usb 1-1: config 0 interface 0 altsetting 13 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2710.121776][T31133] usb 1-1: config 0 interface 0 altsetting 13 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 2710.134776][T31133] usb 1-1: config 0 interface 0 has no altsetting 0
[ 2710.141419][T31133] usb 1-1: New USB device found, idVendor=044e, idProduct=120b, bcdDevice= 0.00
[ 2710.158719][T31133] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2710.619705][T31133] usb 1-1: config 0 descriptor??
[ 2710.798683][T13404] usb 7-1: new high-speed USB device number 16 using dummy_hcd
[ 2711.049200][T13404] usb 7-1: Using ep0 maxpacket: 32
[ 2711.069406][T13404] usb 7-1: config 1 interface 0 altsetting 13 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[ 2711.095985][ T9559] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2711.273223][ T9559] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2711.282563][T13404] usb 7-1: config 1 interface 0 has no altsetting 0
[ 2711.300216][T31133] hid-alps 0003:044E:120B.006A: hidraw0: USB HID v0.00 Device [HID 044e:120b] on usb-dummy_hcd.0-1/input0
[ 2711.315468][T13404] usb 7-1: language id specifier not provided by device, defaulting to English
[ 2711.337266][T13404] usb 7-1: New USB device found, idVendor=056a, idProduct=00de, bcdDevice= 0.40
[ 2711.359223][T13404] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2711.375561][T13404] usb 7-1: Product: syz
[ 2711.387285][T13404] usb 7-1: Manufacturer: syz
[ 2711.399350][T13404] usb 7-1: SerialNumber: syz
[ 2712.107390][T26872] usb 6-1: device descriptor read/all, error -71
[ 2712.358608][T26123] usb 4-1: new high-speed USB device number 65 using dummy_hcd
[ 2712.508768][T26123] usb 4-1: Using ep0 maxpacket: 16
[ 2712.525197][T26123] usb 4-1: config 13 has an invalid interface number: 120 but max is 0
[ 2712.536107][T26123] usb 4-1: config 13 has no interface number 0
[ 2712.543974][T26123] usb 4-1: config 13 interface 120 has no altsetting 0
[ 2712.561135][T26123] usb 4-1: New USB device found, idVendor=07c4, idProduct=a000, bcdDevice= 0.07
[ 2712.570450][T26123] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2712.578717][T26123] usb 4-1: Product: syz
[ 2712.582945][T26123] usb 4-1: Manufacturer: syz
[ 2712.587558][T26123] usb 4-1: SerialNumber: syz
[ 2712.870439][T26123] ums-datafab 4-1:13.120: USB Mass Storage device detected
[ 2712.926081][T26123] usb 4-1: USB disconnect, device number 65
[ 2712.928280][ T5967] usb 1-1: USB disconnect, device number 75
[ 2713.038243][T13404] usbhid 7-1:1.0: can't add hid device: -71
[ 2713.051571][T13404] usbhid 7-1:1.0: probe with driver usbhid failed with error -71
[ 2713.063486][T13404] usb 7-1: USB disconnect, device number 16
[ 2713.284051][ T9607] FAULT_INJECTION: forcing a failure.
[ 2713.284051][ T9607] name failslab, interval 1, probability 0, space 0, times 0
[ 2713.298613][ T9607] CPU: 0 UID: 0 PID: 9607 Comm: syz.0.10702 Not tainted 6.15.0-rc7-syzkaller-00007-g4a95bc121ccd #0 PREEMPT(full) 
[ 2713.298640][ T9607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 2713.298651][ T9607] Call Trace:
[ 2713.298657][ T9607]  <TASK>
[ 2713.298664][ T9607]  dump_stack_lvl+0x16c/0x1f0
[ 2713.298693][ T9607]  should_fail_ex+0x512/0x640
[ 2713.298718][ T9607]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[ 2713.298739][ T9607]  should_failslab+0xc2/0x120
[ 2713.298758][ T9607]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[ 2713.298775][ T9607]  ? __alloc_skb+0x2b2/0x380
[ 2713.298799][ T9607]  __alloc_skb+0x2b2/0x380
[ 2713.298825][ T9607]  ? __pfx___alloc_skb+0x10/0x10
[ 2713.298847][ T9607]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[ 2713.298875][ T9607]  netlink_alloc_large_skb+0x69/0x130
[ 2713.298900][ T9607]  netlink_sendmsg+0x6a1/0xdd0
[ 2713.298927][ T9607]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 2713.298959][ T9607]  ____sys_sendmsg+0xa95/0xc70
[ 2713.298986][ T9607]  ? copy_msghdr_from_user+0x10a/0x160
[ 2713.299005][ T9607]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 2713.299042][ T9607]  ___sys_sendmsg+0x134/0x1d0
[ 2713.299063][ T9607]  ? __pfx____sys_sendmsg+0x10/0x10
[ 2713.299116][ T9607]  __sys_sendmsg+0x16d/0x220
[ 2713.299137][ T9607]  ? __pfx___sys_sendmsg+0x10/0x10
[ 2713.299164][ T9607]  ? rcu_is_watching+0x12/0xc0
[ 2713.299194][ T9607]  do_syscall_64+0xcd/0x260
[ 2713.299221][ T9607]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2713.299239][ T9607] RIP: 0033:0x7f2abdb8e969
[ 2713.299254][ T9607] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2713.299272][ T9607] RSP: 002b:00007f2abeaa8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2713.299289][ T9607] RAX: ffffffffffffffda RBX: 00007f2abddb5fa0 RCX: 00007f2abdb8e969
[ 2713.299301][ T9607] RDX: 0000000000000000 RSI: 0000200000000900 RDI: 0000000000000003
[ 2713.299311][ T9607] RBP: 00007f2abeaa8090 R08: 0000000000000000 R09: 0000000000000000
[ 2713.299322][ T9607] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2713.299333][ T9607] R13: 0000000000000000 R14: 00007f2abddb5fa0 R15: 00007fff5ab3a668
[ 2713.299357][ T9607]  </TASK>
[ 2713.943395][ T9613] loop6: detected capacity change from 0 to 128
[ 2714.558990][ T5967] usb 4-1: new high-speed USB device number 66 using dummy_hcd
[ 2714.938653][ T5967] usb 4-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[ 2714.947770][ T5967] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2714.989453][ T5967] usb 4-1: Product: syz
[ 2715.011136][ T5967] usb 4-1: Manufacturer: syz
[ 2715.018161][ T5967] usb 4-1: SerialNumber: syz
[ 2715.041584][ T5967] usb 4-1: config 0 descriptor??
[ 2715.068545][ T5967] ch341 4-1:0.0: ch341-uart converter detected
[ 2715.333349][ T5967] usb 4-1: failed to receive control message: -71
[ 2715.341164][ T5967] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71
[ 2715.351651][ T5967] usb 4-1: USB disconnect, device number 66
[ 2715.361944][ T5967] ch341 4-1:0.0: device disconnected
[ 2717.088600][T13404] usb 7-1: new low-speed USB device number 17 using dummy_hcd
[ 2717.864132][T13404] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2717.870845][ T9661] netlink: 8 bytes leftover after parsing attributes in process `syz.3.10716'.
[ 2717.874677][T13404] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8D has invalid maxpacket 32200, setting to 8
[ 2717.895227][T13404] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x5 is Bulk; changing to Interrupt
[ 2717.919977][T13404] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 2717.962645][T13404] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 2718.158584][T13404] usb 7-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8d.58
[ 2718.367046][T13404] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2718.411430][T13404] usb 7-1: config 0 descriptor??
[ 2719.035268][ T9679] netlink: 'syz.3.10723': attribute type 23 has an invalid length.
[ 2719.888641][T13404] usb 7-1: can't set config #0, error -71
[ 2719.992306][ T9686] netlink: 'syz.5.10725': attribute type 7 has an invalid length.
[ 2720.002351][ T9686] netlink: 8 bytes leftover after parsing attributes in process `syz.5.10725'.
[ 2720.088537][T13404] usb 7-1: USB disconnect, device number 17
[ 2720.252298][ T9689] sp0: Synchronizing with TNC
[ 2721.906722][ T9721] netlink: 12 bytes leftover after parsing attributes in process `syz.3.10732'.
[ 2722.903589][ T9731] fuse: Bad value for 'user_id'
[ 2722.911026][ T9731] fuse: Bad value for 'user_id'
[ 2723.418386][ T9746] CUSE: unknown device info "ÿ
"
[ 2723.428564][ T9746] CUSE: zero length info key specified
[ 2723.610959][ T9746] netlink: 'syz.5.10737': attribute type 1 has an invalid length.
[ 2723.825314][ T9753] tmpfs: Bad value for 'mpol'
[ 2724.199739][T13404] usb 7-1: new high-speed USB device number 18 using dummy_hcd
[ 2724.500111][T13404] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 2724.516815][T13404] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 2724.548620][ T5967] usb 4-1: new low-speed USB device number 67 using dummy_hcd
[ 2725.088604][T13404] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 2725.098895][T13404] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 2725.111918][T13404] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 2725.144310][T13404] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2725.595748][T13404] usb 7-1: config 0 descriptor??
[ 2725.968823][T26872] usb 6-1: new high-speed USB device number 41 using dummy_hcd
[ 2726.151841][T13404] plantronics 0003:047F:FFFF.006B: ignoring exceeding usage max
[ 2726.161618][T13404] plantronics 0003:047F:FFFF.006B: No inputs registered, leaving
[ 2726.191883][T13404] plantronics 0003:047F:FFFF.006B: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0
[ 2726.389996][T26872] usb 6-1: Using ep0 maxpacket: 16
[ 2727.200432][T26872] usb 6-1: config 13 has an invalid interface number: 120 but max is 0
[ 2727.212516][T26872] usb 6-1: config 13 has no interface number 0
[ 2727.219124][T26872] usb 6-1: config 13 interface 120 has no altsetting 0
[ 2727.231184][T26872] usb 6-1: New USB device found, idVendor=07c4, idProduct=a000, bcdDevice= 0.07
[ 2727.240400][T26872] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2727.248704][T26872] usb 6-1: Product: syz
[ 2727.262016][T26872] usb 6-1: Manufacturer: syz
[ 2727.266742][T26872] usb 6-1: SerialNumber: syz
[ 2727.471925][ T4248] usb 7-1: USB disconnect, device number 18
[ 2728.195453][T26872] ums-datafab 6-1:13.120: USB Mass Storage device detected
[ 2728.415617][T26872] usb 6-1: USB disconnect, device number 41
[ 2731.968679][T31133] usb 1-1: new high-speed USB device number 76 using dummy_hcd
[ 2732.244412][T31133] usb 1-1: Using ep0 maxpacket: 16
[ 2732.271432][ T5967] usb 6-1: new low-speed USB device number 42 using dummy_hcd
[ 2732.443956][T31133] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2732.475862][T31133] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2732.695486][T31133] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 2733.158262][T31133] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 2733.242486][T31133] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2733.279811][T31133] usb 1-1: config 0 descriptor??
[ 2733.466571][ T5967] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2733.481507][ T5967] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8D has invalid maxpacket 32200, setting to 8
[ 2733.494844][ T5967] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x5 is Bulk; changing to Interrupt
[ 2733.505079][ T5967] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 2733.518024][ T5967] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 2733.532939][ T5967] usb 6-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8d.58
[ 2733.543153][ T5967] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2733.554934][ T5967] usb 6-1: config 0 descriptor??
[ 2733.561985][ T9854] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[ 2733.956197][ T9847] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2733.998121][ T9847] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2734.598987][ T9875] loop6: detected capacity change from 0 to 128
[ 2734.611854][   T30] audit: type=1326 audit(1747840911.425:3970): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9873 comm="syz.3.10769" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f648cd8e969 code=0x0
[ 2734.768617][ T9877] Invalid logical block size (-1)
[ 2734.794382][T31133] usbhid 1-1:0.0: can't add hid device: -71
[ 2734.801379][T31133] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[ 2734.815876][T31133] usb 1-1: USB disconnect, device number 76
[ 2735.227850][   T30] audit: type=1326 audit(1747840912.025:3971): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9879 comm="syz.6.10770" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2d0618e969 code=0x0
[ 2735.298530][ T9880] Invalid logical block size (-1)
[ 2736.119003][ T9897] netlink: 48 bytes leftover after parsing attributes in process `syz.6.10774'.
[ 2737.270464][T31133] usb 6-1: USB disconnect, device number 42
[ 2738.988862][   T30] audit: type=1400 audit(1747840915.055:3972): avc:  denied  { write } for  pid=9919 comm="syz.3.10782" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[ 2739.418713][ T9928] netlink: 'syz.6.10781': attribute type 23 has an invalid length.
[ 2740.126426][ T9932] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 2740.171314][   T30] audit: type=1326 audit(1747840916.985:3973): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9930 comm="syz.3.10783" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f648cd8e969 code=0x0
[ 2740.236665][ T9931] tipc: Disabling bearer <eth:syzkaller0>
[ 2740.256199][ T9940] netlink: 48 bytes leftover after parsing attributes in process `syz.6.10787'.
[ 2741.018840][ T5967] usb 6-1: new high-speed USB device number 43 using dummy_hcd
[ 2741.218690][ T5967] usb 6-1: Using ep0 maxpacket: 16
[ 2741.244670][ T5967] usb 6-1: config 13 has an invalid interface number: 120 but max is 0
[ 2741.272021][ T5967] usb 6-1: config 13 has no interface number 0
[ 2741.298341][ T5967] usb 6-1: config 13 interface 120 has no altsetting 0
[ 2741.327946][ T5967] usb 6-1: New USB device found, idVendor=07c4, idProduct=a000, bcdDevice= 0.07
[ 2741.340165][ T5967] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2741.357811][ T5967] usb 6-1: Product: syz
[ 2741.363873][ T5967] usb 6-1: Manufacturer: syz
[ 2741.369940][ T5967] usb 6-1: SerialNumber: syz
[ 2741.796521][ T5967] ums-datafab 6-1:13.120: USB Mass Storage device detected
[ 2742.052653][ T5967] usb 6-1: USB disconnect, device number 43
[ 2742.528678][ T4248] usb 1-1: new high-speed USB device number 77 using dummy_hcd
[ 2742.739855][ T4248] usb 1-1: Using ep0 maxpacket: 16
[ 2742.746763][ T4248] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 16
[ 2742.771053][ T4248] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2742.782898][ T4248] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2742.860862][ T4248] usb 1-1: Product: syz
[ 2742.865038][ T4248] usb 1-1: Manufacturer: syz
[ 2742.869678][ T4248] usb 1-1: SerialNumber: syz
[ 2744.027440][ T4248] cdc_ncm 1-1:1.0: bind() failure
[ 2744.046871][ T4248] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found
[ 2744.073181][ T4248] cdc_ncm 1-1:1.1: bind() failure
[ 2744.082638][ T4248] usb 1-1: USB disconnect, device number 77
[ 2745.412352][ T4248] kernel write not supported for file bpf-map (pid: 4248 comm: kworker/1:2)
[ 2745.809248][ T4248] usb 4-1: new high-speed USB device number 68 using dummy_hcd
[ 2745.998642][ T4248] usb 4-1: Using ep0 maxpacket: 16
[ 2746.007776][ T4248] usb 4-1: config 13 has an invalid interface number: 120 but max is 0
[ 2746.017043][ T4248] usb 4-1: config 13 has no interface number 0
[ 2746.024460][ T4248] usb 4-1: config 13 interface 120 has no altsetting 0
[ 2746.033519][ T4248] usb 4-1: New USB device found, idVendor=07c4, idProduct=a000, bcdDevice= 0.07
[ 2746.042740][ T4248] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2746.050930][ T4248] usb 4-1: Product: syz
[ 2746.055136][ T4248] usb 4-1: Manufacturer: syz
[ 2746.059891][ T4248] usb 4-1: SerialNumber: syz
[ 2746.290959][ T4248] ums-datafab 4-1:13.120: USB Mass Storage device detected
[ 2746.718605][ T4248] usb 4-1: USB disconnect, device number 68
[ 2747.336454][T31133] IPVS: starting estimator thread 0...
[ 2747.428532][T10047] IPVS: using max 37 ests per chain, 88800 per kthread
[ 2747.686207][T10055] netlink: 48 bytes leftover after parsing attributes in process `syz.0.10811'.
[ 2748.814111][   T30] audit: type=1400 audit(1747840925.625:3974): avc:  denied  { mount } for  pid=10068 comm="syz.0.10815" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[ 2748.849666][T10076] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[ 2749.235280][T10083] loop6: detected capacity change from 0 to 128
[ 2749.245273][   T30] audit: type=1326 audit(1747840926.055:3975): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10082 comm="syz.3.10818" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f648cd8e969 code=0x0
[ 2749.289595][   T30] audit: type=1326 audit(1747840926.105:3976): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10080 comm="syz.5.10817" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc94ed8e969 code=0x0
[ 2749.588520][T26123] usb 7-1: new low-speed USB device number 19 using dummy_hcd
[ 2749.700047][   T30] audit: type=1400 audit(1747840926.515:3977): avc:  denied  { unmount } for  pid=3182 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[ 2752.426079][T26123] usb 7-1: device descriptor read/all, error -71
[ 2752.525455][   T30] audit: type=1400 audit(1747840929.335:3978): avc:  denied  { ioctl } for  pid=10135 comm="syz.3.10830" path="socket:[172486]" dev="sockfs" ino=172486 ioctlcmd=0x5411 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[ 2752.748434][T10139] loop6: detected capacity change from 0 to 128
[ 2752.961266][   T30] audit: type=1326 audit(1747840929.575:3979): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10137 comm="syz.3.10831" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f648cd8e969 code=0x0
[ 2753.013828][T10143] macvlan2: entered promiscuous mode
[ 2753.505053][   T30] audit: type=1326 audit(1747840930.255:3980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10146 comm="syz.5.10834" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc94ed8e969 code=0x0
[ 2756.041607][T10199] loop6: detected capacity change from 0 to 128
[ 2756.559918][T10199] Invalid logical block size (-1)
[ 2757.338709][T31133] usb 4-1: new low-speed USB device number 69 using dummy_hcd
[ 2757.768210][   T30] audit: type=1400 audit(1747840934.285:3981): avc:  denied  { write } for  pid=10226 comm="syz.0.10852" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[ 2757.798833][T31133] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2757.809029][T31133] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8D has invalid maxpacket 32200, setting to 8
[ 2758.056271][T31133] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x5 is Bulk; changing to Interrupt
[ 2758.147560][T31133] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 2758.189982][T31133] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 2758.278664][T31133] usb 4-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8d.58
[ 2758.289574][   T30] audit: type=1400 audit(1747840935.105:3982): avc:  denied  { getopt } for  pid=10230 comm="syz.0.10853" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[ 2758.374782][T31133] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2758.379150][   T30] audit: type=1400 audit(1747840935.125:3983): avc:  denied  { ioctl } for  pid=10230 comm="syz.0.10853" path="socket:[172676]" dev="sockfs" ino=172676 ioctlcmd=0x5411 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[ 2758.452566][T31133] usb 4-1: config 0 descriptor??
[ 2758.639747][   T30] audit: type=1400 audit(1747840935.455:3984): avc:  denied  { bind } for  pid=10237 comm="syz.6.10855" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[ 2758.644633][T10238] 
[ 2758.661467][T10238] =====================================================
[ 2758.668372][T10238] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected
[ 2758.675802][T10238] 6.15.0-rc7-syzkaller-00007-g4a95bc121ccd #0 Not tainted
[ 2758.678458][ T4248] usb 1-1: new full-speed USB device number 78 using dummy_hcd
[ 2758.682879][T10238] -----------------------------------------------------
[ 2758.697316][T10238] syz.6.10855/10238 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
[ 2758.705109][T10238] ffff888031ee3360 (&new->fa_lock){....}-{3:3}, at: kill_fasync+0x138/0x510
[ 2758.713784][T10238] 
[ 2758.713784][T10238] and this task is already holding:
[ 2758.721135][T10238] ffff8880258eb028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0x10e/0x9b0
[ 2758.730942][T10238] which would create a new lock dependency:
[ 2758.736798][T10238]  (&client->buffer_lock){....}-{3:3} -> (&new->fa_lock){....}-{3:3}
[ 2758.744858][T10238] 
[ 2758.744858][T10238] but this new dependency connects a SOFTIRQ-irq-safe lock:
[ 2758.754279][T10238]  (&dev->event_lock#2){..-.}-{3:3}
[ 2758.754300][T10238] 
[ 2758.754300][T10238] ... which became SOFTIRQ-irq-safe at:
[ 2758.767145][T10238]   lock_acquire+0x179/0x350
[ 2758.771720][T10238]   _raw_spin_lock_irqsave+0x3a/0x60
[ 2758.776980][T10238]   input_inject_event+0x9f/0x390
[ 2758.781981][T10238]   led_set_brightness+0x217/0x290
[ 2758.787071][T10238]   led_trigger_event+0xda/0x270
[ 2758.791989][T10238]   kbd_bh+0x21b/0x300
[ 2758.796041][T10238]   tasklet_action_common+0x284/0x400
[ 2758.801390][T10238]   handle_softirqs+0x216/0x8e0
[ 2758.806213][T10238]   run_ksoftirqd+0x3a/0x60
[ 2758.810693][T10238]   smpboot_thread_fn+0x3f7/0xae0
[ 2758.815697][T10238]   kthread+0x3c2/0x780
[ 2758.819823][T10238]   ret_from_fork+0x45/0x80
[ 2758.824300][T10238]   ret_from_fork_asm+0x1a/0x30
[ 2758.829130][T10238] 
[ 2758.829130][T10238] to a SOFTIRQ-irq-unsafe lock:
[ 2758.836123][T10238]  (tasklist_lock){.+.+}-{3:3}
[ 2758.836140][T10238] 
[ 2758.836140][T10238] ... which became SOFTIRQ-irq-unsafe at:
[ 2758.848718][T10238] ...
[ 2758.848723][T10238]   lock_acquire+0x179/0x350
[ 2758.855842][T10238]   _raw_read_lock+0x5f/0x70
[ 2758.860408][T10238]   __do_wait+0x105/0x890
[ 2758.864724][T10238]   do_wait+0x21e/0x5a0
[ 2758.868859][T10238]   kernel_wait+0x9f/0x160
[ 2758.873245][T10238]   call_usermodehelper_exec_work+0xf1/0x170
[ 2758.879200][T10238]   process_one_work+0x9cf/0x1b70
[ 2758.884206][T10238]   worker_thread+0x6c8/0xf10
[ 2758.888854][T10238]   kthread+0x3c2/0x780
[ 2758.892983][T10238]   ret_from_fork+0x45/0x80
[ 2758.897455][T10238]   ret_from_fork_asm+0x1a/0x30
[ 2758.902297][T10238] 
[ 2758.902297][T10238] other info that might help us debug this:
[ 2758.902297][T10238] 
[ 2758.912512][T10238] Chain exists of:
[ 2758.912512][T10238]   &dev->event_lock#2 --> &client->buffer_lock --> tasklist_lock
[ 2758.912512][T10238] 
[ 2758.926051][T10238]  Possible interrupt unsafe locking scenario:
[ 2758.926051][T10238] 
[ 2758.934344][T10238]        CPU0                    CPU1
[ 2758.939696][T10238]        ----                    ----
[ 2758.945044][T10238]   lock(tasklist_lock);
[ 2758.949263][T10238]                                local_irq_disable();
[ 2758.955985][T10238]                                lock(&dev->event_lock#2);
[ 2758.963157][T10238]                                lock(&client->buffer_lock);
[ 2758.970508][T10238]   <Interrupt>
[ 2758.973932][T10238]     lock(&dev->event_lock#2);
[ 2758.978770][T10238] 
[ 2758.978770][T10238]  *** DEADLOCK ***
[ 2758.978770][T10238] 
[ 2758.986883][T10238] 7 locks held by syz.6.10855/10238:
[ 2758.992138][T10238]  #0: ffff88802aad6118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_write+0x206/0x750
[ 2759.001245][T10238]  #1: ffff88801ffc5230 (&dev->event_lock#2){..-.}-{3:3}, at: input_inject_event+0x9f/0x390
[ 2759.011399][T10238]  #2: ffffffff8e3bfc00 (rcu_read_lock){....}-{1:3}, at: input_inject_event+0xbb/0x390
[ 2759.021039][T10238]  #3: ffffffff8e3bfc00 (rcu_read_lock){....}-{1:3}, at: input_pass_values+0x80/0x890
[ 2759.030659][T10238]  #4: ffffffff8e3bfc00 (rcu_read_lock){....}-{1:3}, at: evdev_events+0x7b/0x390
[ 2759.039783][T10238]  #5: ffff8880258eb028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0x10e/0x9b0
[ 2759.050035][T10238]  #6: ffffffff8e3bfc00 (rcu_read_lock){....}-{1:3}, at: kill_fasync+0x62/0x510
[ 2759.059069][T10238] 
[ 2759.059069][T10238] the dependencies between SOFTIRQ-irq-safe lock and the holding lock:
[ 2759.069448][T10238]  -> (&dev->event_lock#2){..-.}-{3:3} {
[ 2759.075070][T10238]     IN-SOFTIRQ-W at:
[ 2759.079121][T10238]                       lock_acquire+0x179/0x350
[ 2759.085443][T10238]                       _raw_spin_lock_irqsave+0x3a/0x60
[ 2759.092449][T10238]                       input_inject_event+0x9f/0x390
[ 2759.099192][T10238]                       led_set_brightness+0x217/0x290
[ 2759.106020][T10238]                       led_trigger_event+0xda/0x270
[ 2759.112666][T10238]                       kbd_bh+0x21b/0x300
[ 2759.118449][T10238]                       tasklet_action_common+0x284/0x400
[ 2759.125535][T10238]                       handle_softirqs+0x216/0x8e0
[ 2759.132098][T10238]                       run_ksoftirqd+0x3a/0x60
[ 2759.138312][T10238]                       smpboot_thread_fn+0x3f7/0xae0
[ 2759.145048][T10238]                       kthread+0x3c2/0x780
[ 2759.150913][T10238]                       ret_from_fork+0x45/0x80
[ 2759.157125][T10238]                       ret_from_fork_asm+0x1a/0x30
[ 2759.163703][T10238]     INITIAL USE at:
[ 2759.167665][T10238]                      lock_acquire+0x179/0x350
[ 2759.173883][T10238]                      _raw_spin_lock_irqsave+0x3a/0x60
[ 2759.180795][T10238]                      input_inject_event+0x9f/0x390
[ 2759.187444][T10238]                      led_set_brightness+0x217/0x290
[ 2759.194184][T10238]                      kbd_led_trigger_activate+0xcb/0x110
[ 2759.201352][T10238]                      led_trigger_set+0x59a/0xc50
[ 2759.207832][T10238]                      led_trigger_set_default+0x1bd/0x2a0
[ 2759.215008][T10238]                      led_classdev_register_ext+0x7b8/0xa10
[ 2759.222352][T10238]                      input_leds_connect+0x552/0x8e0
[ 2759.229100][T10238]                      input_attach_handler.isra.0+0x181/0x260
[ 2759.236615][T10238]                      input_register_device+0xa84/0x1130
[ 2759.243696][T10238]                      atkbd_connect+0x5da/0xa20
[ 2759.249998][T10238]                      serio_driver_probe+0x74/0xb0
[ 2759.256557][T10238]                      really_probe+0x23e/0xa90
[ 2759.262770][T10238]                      __driver_probe_device+0x1de/0x440
[ 2759.269765][T10238]                      driver_probe_device+0x4c/0x1b0
[ 2759.276497][T10238]                      __driver_attach+0x283/0x580
[ 2759.282978][T10238]                      bus_for_each_dev+0x13b/0x1d0
[ 2759.289541][T10238]                      serio_handle_event+0x247/0xa50
[ 2759.296273][T10238]                      process_one_work+0x9cf/0x1b70
[ 2759.302925][T10238]                      worker_thread+0x6c8/0xf10
[ 2759.309234][T10238]                      kthread+0x3c2/0x780
[ 2759.315010][T10238]                      ret_from_fork+0x45/0x80
[ 2759.321141][T10238]                      ret_from_fork_asm+0x1a/0x30
[ 2759.327622][T10238]   }
[ 2759.330181][T10238]   ... key      at: [<ffffffff9ae4c140>] __key.7+0x0/0x40
[ 2759.337355][T10238] -> (&client->buffer_lock){....}-{3:3} {
[ 2759.343058][T10238]    INITIAL USE at:
[ 2759.346921][T10238]                    lock_acquire+0x179/0x350
[ 2759.352964][T10238]                    _raw_spin_lock+0x2e/0x40
[ 2759.359005][T10238]                    evdev_pass_values+0x10e/0x9b0
[ 2759.365478][T10238]                    evdev_events+0x1bb/0x390
[ 2759.371518][T10238]                    input_pass_values+0x6c4/0x890
[ 2759.377990][T10238]                    input_handle_event+0xf00/0x14d0
[ 2759.384639][T10238]                    input_inject_event+0x1cd/0x390
[ 2759.391218][T10238]                    evdev_write+0x457/0x750
[ 2759.397183][T10238]                    vfs_write+0x25f/0x1180
[ 2759.403063][T10238]                    ksys_write+0x205/0x240
[ 2759.408934][T10238]                    do_syscall_64+0xcd/0x260
[ 2759.414979][T10238]                    entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2759.422412][T10238]  }
[ 2759.424896][T10238]  ... key      at: [<ffffffff9ae4c5c0>] __key.1+0x0/0x40
[ 2759.431975][T10238]  ... acquired at:
[ 2759.435746][T10238]    _raw_spin_lock+0x2e/0x40
[ 2759.440407][T10238]    evdev_pass_values+0x10e/0x9b0
[ 2759.445501][T10238]    evdev_events+0x1bb/0x390
[ 2759.450151][T10238]    input_pass_values+0x6c4/0x890
[ 2759.455234][T10238]    input_handle_event+0xf00/0x14d0
[ 2759.460504][T10238]    input_inject_event+0x1cd/0x390
[ 2759.465678][T10238]    evdev_write+0x457/0x750
[ 2759.470244][T10238]    vfs_write+0x25f/0x1180
[ 2759.474726][T10238]    ksys_write+0x205/0x240
[ 2759.479223][T10238]    do_syscall_64+0xcd/0x260
[ 2759.483896][T10238]    entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2759.489935][T10238] 
[ 2759.492231][T10238] 
[ 2759.492231][T10238] the dependencies between the lock to be acquired
[ 2759.492238][T10238]  and SOFTIRQ-irq-unsafe lock:
[ 2759.505694][T10238]   -> (tasklist_lock){.+.+}-{3:3} {
[ 2759.510965][T10238]      HARDIRQ-ON-R at:
[ 2759.515100][T10238]                         lock_acquire+0x179/0x350
[ 2759.521580][T10238]                         _raw_read_lock+0x5f/0x70
[ 2759.528058][T10238]                         __do_wait+0x105/0x890
[ 2759.534280][T10238]                         do_wait+0x21e/0x5a0
[ 2759.540329][T10238]                         kernel_wait+0x9f/0x160
[ 2759.548711][T10238]                         call_usermodehelper_exec_work+0xf1/0x170
[ 2759.556576][T10238]                         process_one_work+0x9cf/0x1b70
[ 2759.563484][T10238]                         worker_thread+0x6c8/0xf10
[ 2759.570055][T10238]                         kthread+0x3c2/0x780
[ 2759.576094][T10238]                         ret_from_fork+0x45/0x80
[ 2759.582480][T10238]                         ret_from_fork_asm+0x1a/0x30
[ 2759.589220][T10238]      SOFTIRQ-ON-R at:
[ 2759.593348][T10238]                         lock_acquire+0x179/0x350
[ 2759.599828][T10238]                         _raw_read_lock+0x5f/0x70
[ 2759.606308][T10238]                         __do_wait+0x105/0x890
[ 2759.612527][T10238]                         do_wait+0x21e/0x5a0
[ 2759.618583][T10238]                         kernel_wait+0x9f/0x160
[ 2759.624880][T10238]                         call_usermodehelper_exec_work+0xf1/0x170
[ 2759.632919][T10238]                         process_one_work+0x9cf/0x1b70
[ 2759.639828][T10238]                         worker_thread+0x6c8/0xf10
[ 2759.646386][T10238]                         kthread+0x3c2/0x780
[ 2759.652423][T10238]                         ret_from_fork+0x45/0x80
[ 2759.658817][T10238]                         ret_from_fork_asm+0x1a/0x30
[ 2759.665559][T10238]      INITIAL USE at:
[ 2759.669615][T10238]                        lock_acquire+0x179/0x350
[ 2759.676007][T10238]                        _raw_write_lock_irq+0x36/0x50
[ 2759.682840][T10238]                        copy_process+0x3f09/0x91b0
[ 2759.689413][T10238]                        kernel_clone+0xfc/0x960
[ 2759.695734][T10238]                        user_mode_thread+0xc7/0x110
[ 2759.702418][T10238]                        rest_init+0x23/0x2b0
[ 2759.708459][T10238]                        start_kernel+0x3e9/0x4d0
[ 2759.714846][T10238]                        x86_64_start_reservations+0x18/0x30
[ 2759.722188][T10238]                        x86_64_start_kernel+0xb0/0xc0
[ 2759.729008][T10238]                        common_startup_64+0x13e/0x148
[ 2759.735832][T10238]      INITIAL READ USE at:
[ 2759.740312][T10238]                             lock_acquire+0x179/0x350
[ 2759.747154][T10238]                             _raw_read_lock+0x5f/0x70
[ 2759.754004][T10238]                             __do_wait+0x105/0x890
[ 2759.760641][T10238]                             do_wait+0x21e/0x5a0
[ 2759.767058][T10238]                             kernel_wait+0x9f/0x160
[ 2759.773713][T10238]                             call_usermodehelper_exec_work+0xf1/0x170
[ 2759.781944][T10238]                             process_one_work+0x9cf/0x1b70
[ 2759.789213][T10238]                             worker_thread+0x6c8/0xf10
[ 2759.796120][T10238]                             kthread+0x3c2/0x780
[ 2759.802508][T10238]                             ret_from_fork+0x45/0x80
[ 2759.809246][T10238]                             ret_from_fork_asm+0x1a/0x30
[ 2759.816345][T10238]    }
[ 2759.818999][T10238]    ... key      at: [<ffffffff8e00c098>] tasklist_lock+0x18/0x40
[ 2759.826871][T10238]    ... acquired at:
[ 2759.830826][T10238]    _raw_read_lock+0x5f/0x70
[ 2759.835497][T10238]    send_sigurg+0xed/0xc80
[ 2759.839979][T10238]    sk_send_sigurg+0x76/0x360
[ 2759.844722][T10238]    unix_stream_sendmsg+0xe77/0x1160
[ 2759.850106][T10238]    ____sys_sendmsg+0xa95/0xc70
[ 2759.855050][T10238]    ___sys_sendmsg+0x134/0x1d0
[ 2759.859903][T10238]    __sys_sendmsg+0x16d/0x220
[ 2759.864660][T10238]    do_syscall_64+0xcd/0x260
[ 2759.869319][T10238]    entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2759.875372][T10238] 
[ 2759.877671][T10238]  -> (&f_owner->lock){....}-{3:3} {
[ 2759.882955][T10238]     INITIAL USE at:
[ 2759.886908][T10238]                      lock_acquire+0x179/0x350
[ 2759.893130][T10238]                      _raw_write_lock_irq+0x36/0x50
[ 2759.899784][T10238]                      __f_setown+0x61/0x3c0
[ 2759.905738][T10238]                      f_setown+0x122/0x290
[ 2759.911604][T10238]                      sock_ioctl+0x467/0x6b0
[ 2759.917663][T10238]                      __x64_sys_ioctl+0x190/0x200
[ 2759.924140][T10238]                      do_syscall_64+0xcd/0x260
[ 2759.930378][T10238]                      entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2759.937995][T10238]     INITIAL READ USE at:
[ 2759.942389][T10238]                           lock_acquire+0x179/0x350
[ 2759.949050][T10238]                           _raw_read_lock_irqsave+0x74/0x90
[ 2759.956419][T10238]                           send_sigurg+0x5f/0xc80
[ 2759.962913][T10238]                           sk_send_sigurg+0x76/0x360
[ 2759.969654][T10238]                           unix_stream_sendmsg+0xe77/0x1160
[ 2759.977006][T10238]                           ____sys_sendmsg+0xa95/0xc70
[ 2759.983920][T10238]                           ___sys_sendmsg+0x134/0x1d0
[ 2759.990742][T10238]                           __sys_sendmsg+0x16d/0x220
[ 2759.997475][T10238]                           do_syscall_64+0xcd/0x260
[ 2760.004132][T10238]                           entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2760.012181][T10238]   }
[ 2760.014741][T10238]   ... key      at: [<ffffffff9ab6d040>] __key.1+0x0/0x40
[ 2760.021925][T10238]   ... acquired at:
[ 2760.025788][T10238]    _raw_read_lock_irqsave+0x74/0x90
[ 2760.031138][T10238]    send_sigio+0x31/0x3e0
[ 2760.035534][T10238]    kill_fasync+0x214/0x510
[ 2760.040116][T10238]    sock_wake_async+0x132/0x160
[ 2760.045033][T10238]    unix_release_sock+0xb7d/0x12e0
[ 2760.050226][T10238]    unix_release+0x91/0xf0
[ 2760.054720][T10238]    __sock_release+0xb0/0x270
[ 2760.059478][T10238]    sock_close+0x1c/0x30
[ 2760.063791][T10238]    __fput+0x3ff/0xb70
[ 2760.067923][T10238]    task_work_run+0x150/0x240
[ 2760.072679][T10238]    syscall_exit_to_user_mode+0x27b/0x2a0
[ 2760.078467][T10238]    do_syscall_64+0xda/0x260
[ 2760.083139][T10238]    entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2760.089181][T10238] 
[ 2760.091490][T10238] -> (&new->fa_lock){....}-{3:3} {
[ 2760.096585][T10238]    INITIAL USE at:
[ 2760.100453][T10238]                    lock_acquire+0x179/0x350
[ 2760.106501][T10238]                    _raw_write_lock_irq+0x36/0x50
[ 2760.112978][T10238]                    fasync_remove_entry+0xb2/0x1e0
[ 2760.119554][T10238]                    fasync_helper+0xaf/0xd0
[ 2760.125508][T10238]                    vcs_fasync+0x53/0xa0
[ 2760.131221][T10238]                    __fput+0x96b/0xb70
[ 2760.136741][T10238]                    task_work_run+0x150/0x240
[ 2760.142873][T10238]                    syscall_exit_to_user_mode+0x27b/0x2a0
[ 2760.150052][T10238]                    do_syscall_64+0xda/0x260
[ 2760.156099][T10238]                    entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2760.163530][T10238]    INITIAL READ USE at:
[ 2760.167844][T10238]                         lock_acquire+0x179/0x350
[ 2760.174324][T10238]                         _raw_read_lock_irqsave+0x74/0x90
[ 2760.181499][T10238]                         kill_fasync+0x138/0x510
[ 2760.187888][T10238]                         sock_wake_async+0x132/0x160
[ 2760.194637][T10238]                         unix_release_sock+0xb7d/0x12e0
[ 2760.201650][T10238]                         unix_release+0x91/0xf0
[ 2760.207955][T10238]                         __sock_release+0xb0/0x270
[ 2760.214517][T10238]                         sock_close+0x1c/0x30
[ 2760.220645][T10238]                         __fput+0x3ff/0xb70
[ 2760.226599][T10238]                         task_work_run+0x150/0x240
[ 2760.233173][T10238]                         syscall_exit_to_user_mode+0x27b/0x2a0
[ 2760.240791][T10238]                         do_syscall_64+0xda/0x260
[ 2760.247277][T10238]                         entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2760.255144][T10238]  }
[ 2760.257618][T10238]  ... key      at: [<ffffffff9ab6d000>] __key.0+0x0/0x40
[ 2760.264702][T10238]  ... acquired at:
[ 2760.268479][T10238]    lock_acquire+0x179/0x350
[ 2760.273135][T10238]    _raw_read_lock_irqsave+0x74/0x90
[ 2760.278487][T10238]    kill_fasync+0x138/0x510
[ 2760.283053][T10238]    evdev_pass_values+0x619/0x9b0
[ 2760.288140][T10238]    evdev_events+0x1bb/0x390
[ 2760.292794][T10238]    input_pass_values+0x6c4/0x890
[ 2760.297881][T10238]    input_handle_event+0xf00/0x14d0
[ 2760.303142][T10238]    input_inject_event+0x1cd/0x390
[ 2760.308316][T10238]    evdev_write+0x457/0x750
[ 2760.312881][T10238]    vfs_write+0x25f/0x1180
[ 2760.317364][T10238]    ksys_write+0x205/0x240
[ 2760.321845][T10238]    do_syscall_64+0xcd/0x260
[ 2760.326503][T10238]    entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2760.332543][T10238] 
[ 2760.334841][T10238] 
[ 2760.334841][T10238] stack backtrace:
[ 2760.340704][T10238] CPU: 0 UID: 0 PID: 10238 Comm: syz.6.10855 Not tainted 6.15.0-rc7-syzkaller-00007-g4a95bc121ccd #0 PREEMPT(full) 
[ 2760.340721][T10238] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 2760.340728][T10238] Call Trace:
[ 2760.340732][T10238]  <TASK>
[ 2760.340739][T10238]  dump_stack_lvl+0x116/0x1f0
[ 2760.340757][T10238]  check_irq_usage+0x7dc/0x920
[ 2760.340777][T10238]  ? check_path.constprop.0+0x24/0x50
[ 2760.340796][T10238]  ? __lock_acquire+0x1189/0x1ba0
[ 2760.340813][T10238]  __lock_acquire+0x1189/0x1ba0
[ 2760.340833][T10238]  lock_acquire+0x179/0x350
[ 2760.340850][T10238]  ? kill_fasync+0x138/0x510
[ 2760.340865][T10238]  _raw_read_lock_irqsave+0x74/0x90
[ 2760.340881][T10238]  ? kill_fasync+0x138/0x510
[ 2760.340894][T10238]  kill_fasync+0x138/0x510
[ 2760.340908][T10238]  evdev_pass_values+0x619/0x9b0
[ 2760.340924][T10238]  evdev_events+0x1bb/0x390
[ 2760.340938][T10238]  input_pass_values+0x6c4/0x890
[ 2760.340953][T10238]  input_handle_event+0xf00/0x14d0
[ 2760.340967][T10238]  ? _copy_from_user+0x59/0xd0
[ 2760.340986][T10238]  input_inject_event+0x1cd/0x390
[ 2760.341002][T10238]  evdev_write+0x457/0x750
[ 2760.341017][T10238]  ? __pfx_evdev_write+0x10/0x10
[ 2760.341032][T10238]  ? bpf_lsm_file_permission+0x9/0x10
[ 2760.341049][T10238]  ? security_file_permission+0x71/0x210
[ 2760.341068][T10238]  ? rw_verify_area+0xcf/0x680
[ 2760.341084][T10238]  vfs_write+0x25f/0x1180
[ 2760.341100][T10238]  ? __pfx_evdev_write+0x10/0x10
[ 2760.341127][T10238]  ? __pfx_vfs_write+0x10/0x10
[ 2760.341143][T10238]  ? find_held_lock+0x2b/0x80
[ 2760.341156][T10238]  ? __fget_files+0x204/0x3c0
[ 2760.341167][T10238]  ? __fget_files+0x20e/0x3c0
[ 2760.341179][T10238]  ksys_write+0x205/0x240
[ 2760.341196][T10238]  ? __pfx_ksys_write+0x10/0x10
[ 2760.341212][T10238]  ? rcu_is_watching+0x12/0xc0
[ 2760.341228][T10238]  do_syscall_64+0xcd/0x260
[ 2760.341245][T10238]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2760.341260][T10238] RIP: 0033:0x7f2d0618e969
[ 2760.341272][T10238] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2760.341283][T10238] RSP: 002b:00007f2d07025038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 2760.341295][T10238] RAX: ffffffffffffffda RBX: 00007f2d063b5fa0 RCX: 00007f2d0618e969
[ 2760.341303][T10238] RDX: 0000000000001068 RSI: 0000200000000040 RDI: 0000000000000008
[ 2760.341309][T10238] RBP: 00007f2d06210ab1 R08: 0000000000000000 R09: 0000000000000000
[ 2760.341316][T10238] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2760.341323][T10238] R13: 0000000000000000 R14: 00007f2d063b5fa0 R15: 00007ffc29273178
[ 2760.341334][T10238]  </TASK>
[ 2760.598166][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2760.791451][T31133] usb 4-1: can't set config #0, error -71
[ 2760.798656][T31133] usb 4-1: USB disconnect, device number 69
[ 2760.880518][ T4248] usb 1-1: not running at top speed; connect to a high speed hub
[ 2760.892613][ T4248] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 2760.901424][ T4248] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 2760.911631][ T4248] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 2760.922093][ T4248] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 2760.931279][ T4248] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2760.939769][ T4248] usb 1-1: Product: 婬㲤핋
[ 2760.944433][ T4248] usb 1-1: Manufacturer: Р
[ 2761.656648][ T4248] usb 1-1: 0:2 : does not exist
[ 2761.668562][ T4248] usb 1-1: USB disconnect, device number 78