last executing test programs:

13.767020283s ago: executing program 2 (id=1409):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x18, 0x0, 0x0, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x1f00, 0x80, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, @void, @value}, 0x94)
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_MCAST_MSFILTER(r1, 0x29, 0x30, &(0x7f0000000b00)={0xb, {{0xa, 0x0, 0x0, @mcast2}}, 0x2000000}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000200)='contention_begin\x00', r0}, 0x10)
r2 = socket$xdp(0x2c, 0x3, 0x0)
r3 = syz_open_procfs(0xffffffffffffffff, 0x0)
preadv(r3, 0x0, 0x0, 0x4b5, 0x0)
io_uring_enter(r3, 0x557e, 0xceaf, 0x3, &(0x7f00000002c0)={[0xfa2]}, 0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
rename(&(0x7f0000000200)='./file0\x00', 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0)
r5 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0x6d89}, &(0x7f0000000440)=<r6=>0x0, &(0x7f0000000040)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f00000004c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x28, 0x2, r2, 0x0, 0x0, 0x0, 0x60, 0x1, {0x2}})
io_uring_enter(r5, 0x8aa, 0x0, 0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x1, 0x3, 0x261, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000140)={0xffffffffffffffff, &(0x7f0000000300), 0x0}, 0x20)
getsockopt$XDP_STATISTICS(r2, 0x11b, 0x8, &(0x7f0000003140), &(0x7f0000000040)=0x30)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000080), 0x4)
keyctl$session_to_parent(0x12)

11.054364079s ago: executing program 0 (id=1415):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000740)={0x2, <r1=>0x0}, 0x8)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/consoles\x00', 0x0, 0x0)
ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f0000000200)={r2, 0x0, {0x0, 0x0, 0x0, 0x400003d, 0x9, 0x0, 0x0, 0x8, 0x1c, "a5bff80066ef507540a2a54fcaf1860b5a61f8e207db0000930200000000000000cf61f3164a3790887d279d4afc7cfd1762729912aabe49227900", "c943e1db06869da66fb3d998ba914272ca193f8dd5ecfdc81f22af8042677e0b2543667e306c360ce82f41f7d0431065868f4a367fb9ec6ec8cbf57917653a8a", "f7a78adde4baffaed544f59b58ae3151b9dd0fe9ca443e8ae600", [0xfffffffffffffffd]}})
read$FUSE(r2, &(0x7f0000002180)={0x2020, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}, 0x2020)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x1c, 0x0, 0x0, 0x0, 0x5, 0x6c, &(0x7f0000000540)=""/108, 0x41000, 0x43, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x8, &(0x7f00000006c0)={0x0, 0x4}, 0x8, 0x10, 0x0, 0x0, r1, r2, 0x0, 0x0, 0x0, 0x10, 0xb, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffd}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = socket$nl_route(0x10, 0x3, 0x0)
wait4(r3, &(0x7f0000000040), 0x8, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @wireguard={{0xe}, {0x4}}}, @IFLA_MASTER={0x8, 0x3}]}, 0x40}, 0x1, 0xd}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_usb_control_io(0xffffffffffffffff, &(0x7f0000000700)={0x2c, &(0x7f0000000380)={0x0, 0x0, 0x2, {0x2}}, 0x0, 0x0, 0x0, 0x0}, 0x0)

10.467446901s ago: executing program 0 (id=1419):
socket$key(0xf, 0x3, 0x2)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r0, 0x3)
syz_emit_ethernet(0x4a, &(0x7f0000000080)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "2a8435", 0x14, 0x6, 0x0, @empty, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x4, 0x5, 0xc2}}}}}}}, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000500)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "8a9646", 0x14, 0x6, 0x0, @empty, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x7}}}}}}}, 0x0)

10.444696172s ago: executing program 1 (id=1420):
socket$netlink(0x10, 0x3, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f0000000680)=ANY=[@ANYBLOB="6d907bd12f9106bcbcc0858cd0583f151d846d681a341de2827eaea9624bcb1cbe1acdcf44e10c1e9dbed3938490742a37b594dfbce7f01e51902653cf9b92db9f1ea02b6327319c97a212f9b14c3e80a24c4d886da220f4aef18090b9a0aa64919507995857dd09dc22252a59ead7debe91a21aa777597d8576b4ab69cfd993b21c3a3aadaad02954a9eb616b10d7787b7a7b11d5136538a1aed9264219c64a7cb0e14b51c52ea6cf3795a6944a0b6bd57060b0441c620b0c6f7877000760c340fe567746fdb3f3c1cdd5aef8", @ANYRES8=0x0], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x5, 0x4}, 0x8, 0x10, &(0x7f0000000240)={0x3, 0x5, 0x4, 0x6}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
socket$nl_netfilter(0x10, 0x3, 0xc)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000040)=0x454e, 0x4)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0x0)
mount$9p_virtio(&(0x7f00000001c0), 0x0, 0x0, 0x0, &(0x7f0000000840)=ANY=[])
chdir(&(0x7f0000000280)='./file0\x00')
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000012c0)={{0x14}, [@NFT_MSG_NEWRULE={0x44, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x18, 0x4, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @redir={{0xa}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x6c}, 0x1, 0x0, 0x0, 0x4}, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb0800450000280003400000069078ac1414bbac1414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c1e008309780000"], 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000002c0)=[@in6={0xa, 0x0, 0x0, @private0}]}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_serviced\x00', 0x275a, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000008f40)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x14850}, 0x0)

10.354470613s ago: executing program 2 (id=1421):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$pppl2tp(0x18, 0x1, 0x1)
getsockopt$bt_BT_SECURITY(r3, 0x111, 0xe, 0x0, 0xffffffffffffff5e)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r4 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
close(r4)
r5 = socket(0x28, 0x5, 0x0)
connect$vsock_stream(r5, &(0x7f0000000080), 0x10)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r6}, 0x0, &(0x7f0000000080)=r4}, 0x20)
recvfrom$unix(r5, 0x0, 0x0, 0x2, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r7, 0x6, 0x21, 0x0, 0x0)
setsockopt$inet6_tcp_int(r7, 0x6, 0x1, &(0x7f0000000100), 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r8, &(0x7f0000000300)=[{&(0x7f0000000200)="580000001500add427323b472545b4560a117fff0b0082001b59000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1)
getsockopt$inet_int(0xffffffffffffffff, 0x10d, 0xaf, &(0x7f0000000080), 0x0)
socket$kcm(0x29, 0x6, 0x0)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)

10.344213243s ago: executing program 0 (id=1422):
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet_udp(0x2, 0x2, 0x0)
accept$netrom(0xffffffffffffffff, &(0x7f00000001c0)={{0x3, @null}, [@remote, @bcast, @netrom, @bcast, @rose, @netrom, @null, @null]}, &(0x7f0000000100)=0x48)
syz_usbip_server_init(0x4)
syz_usbip_server_init(0x4)
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
write$tun(r0, 0x0, 0x0)
write$sndseq(0xffffffffffffffff, &(0x7f0000000180)=[{0x0, 0xc6, 0x0, 0x0, @tick, {0x0, 0x80}, {0x2}, @raw32={[0x4]}}], 0x1c)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000800)={0x6, 0xf, &(0x7f0000000600)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x45, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10001, @void, @value}, 0x94)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000dc0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r1, 0x1, 0x4c, &(0x7f0000000300), 0xd)
bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x15, 0x10, &(0x7f0000000280)=ANY=[], &(0x7f0000000140)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xd353, @void, @value}, 0x94)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x8, 0x100008f}, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/asound/seq/clients\x00', 0x0, 0x0)
write$binfmt_elf64(r2, &(0x7f0000000580)=ANY=[], 0x78)
recvmmsg(r1, &(0x7f0000000500)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=""/8, 0xc}}], 0x4b, 0x0, 0x0)

9.271967108s ago: executing program 2 (id=1423):
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, 0x0, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
r1 = syz_usb_connect(0x3, 0x5d8, &(0x7f0000000780)={{0x12, 0x1, 0x300, 0x57, 0x60, 0xb4, 0x8, 0x1a8d, 0x1008, 0x68e4, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c6, 0x4, 0x2, 0x2, 0xd0, 0x0, [{{0x9, 0x4, 0xb5, 0x9, 0x6, 0xff, 0x87, 0x61, 0x3, [@cdc_ecm={{0x9, 0x24, 0x6, 0x0, 0x0, "0f4d2bff"}, {0x5}, {0xd, 0x24, 0xf, 0x1, 0x1, 0x4, 0x6, 0x8}, [@obex={0x5, 0x24, 0x15, 0x8}, @acm={0x4, 0x24, 0x2, 0x9}, @mbim={0xc, 0x24, 0x1b, 0x401, 0x0, 0x5, 0x2, 0x4, 0x4}]}], [{{0x9, 0x5, 0x7, 0xc, 0x400, 0x5, 0x64, 0x7, [@generic={0x37, 0xf, "351834b9a07992a778719c86425f852bbdfdff0099414c347050fd01402f3d12a97c8ceb41b4ae3886fbff6622896ff0ce5111f510"}, @generic={0x19, 0x11, "b74d7adc1c18d40f0b8a54988b0b7226980f15f756e866"}]}}, {{0x9, 0x5, 0x6, 0x0, 0x8, 0x40, 0x40, 0x9, [@uac_iso={0x7, 0x25, 0x1, 0x82}]}}, {{0x9, 0x5, 0x3, 0x0, 0x400, 0xe, 0xc3, 0x8, [@generic={0x82, 0x8, "f5cd2b0f3c6cb95f71e10d376c040710fbdc98a43d933acb48fba61ce8c040ed8934e83b473481af3a8cad7ea5d47c9d81523fd97ea2ea2f348174dd5092592e35286dbe93c6f6e496ca975b905f8457415976e9137dd3ced80b5ae7a4b8aa5e9761c3b3612eb3b0adf646e66ed8854e0f9eefbea93058474a43526dcf9bcc60"}, @generic={0x7, 0x9, "ab4cd1a4f6"}]}}, {{0x9, 0x5, 0x7, 0x3, 0x20, 0xe5, 0x1, 0xc0, [@generic={0xbf, 0x7, "ed0ae35d99de61f938a8acfe8e00be31323eb65f241332831385280093242073e18819f97ac07e3cb0c90820603ded588ff148eb85412c72f657ffdf692e0a7b6c76d1d912bd54d2ddc8ea63ed651aa5b156f2498cc07b3c72e89a159ec594fa320d2e202721ac47ba30076c09718fc53295705fea9c83fa430578b53f9901b70ba838de2eefd241600bc644418095b820879976b7e80fcbda330c5ee6da6a365041daa73f4161d176eb6867f5a937a40aeb3d161fb6c7e42b167572c3"}]}}, {{0x9, 0x5, 0x6, 0x11, 0x200, 0x5, 0x1, 0x3, [@generic={0xb, 0x4, "5638641a03726b6382"}]}}, {{0x9, 0x5, 0xf, 0x3, 0x20, 0x8, 0xff, 0x2, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x8, 0x7}]}}]}}, {{0x9, 0x4, 0x7, 0xff, 0x1, 0x50, 0x9a, 0x80, 0x0, [@uac_as={[@format_type_ii_discrete={0x11, 0x24, 0x2, 0x2, 0x7, 0x7, 0x36, "3038a26878089945"}, @format_type_i_discrete={0xc, 0x24, 0x2, 0x1, 0x4, 0x1, 0x9, 0x7, "962ab5bd"}, @format_type_i_continuous={0x9, 0x24, 0x2, 0x1, 0xb, 0x3, 0x5, 0xc, "", "eb"}, @format_type_i_continuous={0xc, 0x24, 0x2, 0x1, 0x6, 0x4, 0x5, 0x0, "aa4d", "25ca"}]}], [{{0x9, 0x5, 0x3, 0x10, 0x20, 0x5, 0x81, 0x6, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x8a, 0x3}]}}]}}, {{0x9, 0x4, 0x6b, 0x32, 0x1, 0xf0, 0x30, 0x2c, 0x7, [@cdc_ecm={{0xa, 0x24, 0x6, 0x0, 0x0, "b8fbbffbf4"}, {0x5, 0x24, 0x0, 0x6}, {0xd, 0x24, 0xf, 0x1, 0x3d, 0x3, 0x6f, 0x10}, [@country_functional={0x10, 0x24, 0x7, 0x5, 0x7, [0xb, 0xd, 0xff, 0x5, 0xc]}, @dmm={0x7, 0x24, 0x14, 0x4, 0x4f}, @ncm={0x6, 0x24, 0x1a, 0x5, 0xc}, @ncm={0x6, 0x24, 0x1a, 0x5, 0x2c}, @call_mgmt={0x5, 0x24, 0x1, 0x1, 0x3}, @call_mgmt={0x5, 0x24, 0x1, 0x2}]}], [{{0x9, 0x5, 0xa, 0x0, 0x10, 0x7, 0x1, 0x90, [@generic={0xf2, 0x31, "5adf9918147d57350480468b09c79f1def49e51ed0dadd62be6896e0f4f0b78f5f195f4f341ed54036e28e9ecee0435cb72672a92c084851d2fa75f5b6b2db58aa32874bc895c5010ba3d172d54977b105cbff93a3fe3c55d5521d2af88d3b11a821db7b487ac06d88203459c88538e16653d40d92810294bff929cc04a6906c89ef9c063f5298779d603aa11dc3c36ce01beb746a728fa6bc308f87b0069997eac37715d304340840abbc342c66b1e50fbbd29ab62c916ed4ac949e894b65e8ca17f16d3395189b33e6f1e647b45c19cb134fe3e4d050f73a813957671ff73888dfe3f63205434de1ea60c590360979"}]}}]}}, {{0x9, 0x4, 0xd4, 0x0, 0x3, 0xff, 0x0, 0x0, 0x5, [@uac_control={{0xa, 0x24, 0x1, 0x40, 0x5}, [@selector_unit={0xb, 0x24, 0x5, 0x6, 0x80, "996ae0473b94"}]}], [{{0x9, 0x5, 0x0, 0x10, 0x40, 0x6, 0x0, 0x6, [@generic={0xe2, 0x30, "9f0467089bcffd78e2815ed35ffc97fa4c5f3e8e88f57bb24f5875eabbaeda0470f72623dc87f610b405b660f6ae39d503228453acd8a0ae6512129cfeed6b9927c798a26c3b407ae33092611504d79d3d63923e2a9916aa6f5f766cd87ec027198b0ab08729f5d31f79a8282623007d9878dc661a507b41a9b43ab4a8982c229a970d32db77d9e18d9f262fa8612aa4c2bbd361dc0f211927b94f473089cd25ed8b9f572da0672bdad50cf7e0138e032370b9b589474ff546734764995bb8e6cec3308889cc3f5595e24d7f43895abc552a4bef3d03666d1395c14c713d4514"}]}}, {{0x9, 0x5, 0xf, 0x8, 0x200, 0x8, 0x7f, 0x8, [@generic={0x9c, 0x10, "3f79fec05f4470e7329018597437af6bc2e835e712f63ab66253a587a0c2eb7d2ed86d134b8c2cbb3452528ecef52787863d3cd72b2f8a45ec42844c07b5477f3c7a1e81cdb7ad64e49674e3224c022042d5f3860910a8329d04e777ade6b51498092a2dbaa9acb54bbff5a9b9b4549db3d163a53e4ddfe731485a7dc802d05a43b9ee5d0ec3ab48faadd16530c82b039721777e18342616c48f"}, @generic={0x48, 0x3, "c7848c8cb6600b78bf117d2c87238a1aa5b53a300fdd4ca29c47bb69d456c9705be20622d7e21b112efa413133acfba07a3973eaae7e8166356fa271b14317038ce74b3e638d"}]}}, {{0x9, 0x5, 0x2, 0xc, 0x7a6, 0x7, 0x2, 0x9, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x3, 0x401}]}}]}}]}}]}}, &(0x7f0000000d80)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x310, 0x8, 0x3, 0x8d, 0x8, 0x40}, 0xd6, &(0x7f0000000100)={0x5, 0xf, 0xd6, 0x3, [@generic={0xb6, 0x10, 0xa, "735a43043fdddf812f80eb8724071c5a9cc320d54847e8196b8cf861cd70d262f26149c6882cc8678040abfac4534d9372f4ec0323388939e72a083738abb31078d4b4d9370370a319df34463a7019ec9d8bba5d8c8bb43e5095d93f658772795cc71211dd26e290d9325d44121f2724a50e048dabbd869ad08238d397deca908311f15148f939a79bf65473ba1ce3ae8eb476b90b2181c52713378ee6f237a2b3585c273f1ba4a3f6b4b47e72f984adcc0b4a"}, @ptm_cap={0x3}, @ssp_cap={0x18, 0x10, 0xa, 0x0, 0x3, 0x3, 0xf, 0x3, [0xc0, 0xff3f0f, 0x3f]}]}, 0x8, [{0x4, &(0x7f0000000200)=@lang_id={0x4, 0x3, 0x82c}}, {0xbf, &(0x7f0000000300)=@string={0xbf, 0x3, "3da4ae89541c0ba1d16aa9ce54e9c38867f0403862b5b512f4a3e488f182622b88e5c76ac39e259e27537084b9debbcb3bb78f19a4a263596b03097c648c133f1466f5c092ce7d7b4d1ca0a14fe22e32f29c7fa6ea0a0e594ec6b49b0a805eed6c1cb08f8af45e77fa603702583a5c196f19c0ddd786fef09290ee29d56d09e5d841b885f88ee7abb132c56598237d9718fc0a5b5db28480cbb420cf9eeb95816304cbaa3c2b77c5b5b08c58d41d507b065946e38a876d71169e07daa8"}}, {0x4b, &(0x7f0000000240)=@string={0x4b, 0x3, "6765f89575866bf80a6fd7a133b0fee5e5af9fb383505f15a3078c83baadf070f56c98b0364fc8ffe6eaeee5af33133d98212f1caac6b2c90af4782fe6752ce8c28eee12bd52eaafc8"}}, {0x77, &(0x7f00000003c0)=@string={0x77, 0x3, "6c5b9623b53271633db449e8dd88dd8da12f74a4ba4f90c2693d73a987319ee419b2c509edb65c536f16ce53be1c39bffa904d626b9ad6b675cfc2f572850dfd29f503208c395e1f545af7603b3612497b294ca378f71f25d282b391caf479ea028e6e57a4d596a64efa3a1b357f494053c8a6687a"}}, {0x8a, &(0x7f0000000440)=@string={0x8a, 0x3, "f152dc5776559ed58925833b7dd846225a9f9d35e89e225c64c22033420710c2fd557f8e58d30e8faf61974b061a561715506f0e18e3895ba110e099ac6afc00c93828afe5018b362a46a2ab7817bd9a2c79fd971a9528ce81801db8477e7e13d47007f54f85bd6248e6c56927b494e4dd7d759ff61066745b2674270821544d790b25313493d489"}}, {0xdf, &(0x7f0000000500)=@string={0xdf, 0x3, "01e8966a1ef6f96ee13ed7fe1dc985ab102b995c9c6bbc457e9efa1add977ab89106ebbfde81da6929226cae54758cba341f4ca39f4a6f675c58061d8a9c7ff3e18ec8b05a3265364354441d6699b1aae05669c125c5a12e8f20d6d1e21a8cdbdaacd538c625971abc76dc168a7435c26873bc44754eab9fef5e050c8f7f35821e30b10354f45c58bb0368dde9f01b44cd4c56c16f76403e84cacc554e0042c71e4c156911c4091b99d832fcfbcc1226d6fa78ce12768771665340a2cbbad0bd713369ed935a265284520b700e6bff28a307ff684c5e3e62303d12bfe6"}}, {0xee, &(0x7f0000000600)=@string={0xee, 0x3, "f903fede8991d7933b1b3ec54db16fa6522c5a9a8e09ce741360e27bb46d57b28f8ec563171200dad9e4e9ced24795d6766e01632965d11015efd5e30278255f937cf972407349c8394bea8bd3041369c756b4bfc56cc84fd85580eced96bbd7dee5ff6ca93fe79743cd33064d2b6d069ee1b36023ae9da409c1a0b4894fe41b43931e0a0ea2290b1dc1054687d4db6b9c1613ac70adc9b8a1908edc9461ec1fbbe2d212c80dc7d9af589659f1ebd058d5a681c54a66e166b92c5ee10a7d54a2eda1b1b9cfb27651ce46f6a1f17839e6441f981da28ffd9583dac16b5371e7bc7c4873082dac07bba7a60848"}}, {0x4, &(0x7f0000000700)=@lang_id={0x4, 0x3, 0xc04}}]})
syz_usb_control_io$hid(r1, &(0x7f0000000fc0)={0x24, &(0x7f0000000e00)={0x40, 0x30, 0x78, {0x78, 0x31, "08e99427015299768207b1cd8026bc00535e17e9aaa2cacba05c99b889fd6a41aa099d21b1fd6f02f25b4e19c1ae9058fe8cc6f701660f0e2f717dbfad93119a7b61c0806638e3705601babfa4dda7516a7935c3ce859b94d1513c2bc7feac3331346463d8b64db0a660159edd2b2c5e0b92db737b6c"}}, &(0x7f0000000e80)={0x0, 0x3, 0x95, @string={0x95, 0x3, "2c559c0900a95a928fdb7c07df693a35600fb5a02f89c75321c705389f9cc14065e2565cf49586d9d6eb2550e403684f960c6b5e811d81306920e0cde332d9e5cc5e218601b32b81aa36aad792f892b55eab0bafc6765afd4196279f29112dcc52e6bc7ce5beb5bc4b7471996535a115d95a79c1bdc1b4cd9b65c1b336887eb6548fbc1f704e9bc96d9f10001186b2d575c958"}}, &(0x7f0000000f40)={0x0, 0x22, 0x12, {[@global=@item_012={0x2, 0x1, 0xfd2929195538ec8d, "77c4"}, @main=@item_012={0x2, 0x0, 0xc, "b0c2"}, @local=@item_4={0x3, 0x2, 0x9, "3abcc319"}, @main=@item_012={0x0, 0x0, 0x9}, @global=@item_012={0x2, 0x1, 0x3, "acfc"}, @main=@item_012={0x2, 0x0, 0xa, "eee1"}]}}, &(0x7f0000000f80)={0x0, 0x21, 0x9, {0x9, 0x21, 0x6, 0x9, 0x1, {0x22, 0xfb5}}}}, &(0x7f0000001240)={0x2c, &(0x7f0000001000)={0x0, 0xd, 0xe9, "b8c72e6bf190761d92b64d60559b0b5c3a63a3c49e6d290f2ba2a5ca52ebe1e26094f48caf1270fc101b5a13efc472a1d4a92d380a1bb9024e28af40a53cd19a232675f16bcb2b5c69c8adee13d3305e47ec6a40d4e62561c825b3f74a8c1b4776d0a23e29b9d41883085f582de5b0e50938effdd028556b7e75ec04ff76fa978e34953d4bd386ce7ca74bbe570d28734e0f29363de4bab57d2f26cb6ee11c030777636a09646882bf79e738c448d9effeb514392fad70545a0e349d9e0a18089a40ebfa75d4aa643a37ab1bfae96ef22225db6885dc9464c1866e72a26db021ac9c0cf00604478de1"}, &(0x7f0000001100)={0x0, 0xa, 0x1, 0xfc}, &(0x7f0000001140)={0x0, 0x8, 0x1, 0x7}, &(0x7f0000001180)={0x20, 0x1, 0x5f, "e5fc6ac8b565bd7a3b4adfe835034f5e5bb4d7e63b8b24b42d7975bec3ef1c3d15941c5d6e850d891ce7f7b55e1aceea8f92da893ba9ec9ca204719cdd198ba5bfdfa1f6a7c015aecc9ba7d96c3c4f1e6527defcf04c9ce6390052a150765d"}, &(0x7f0000001200)={0x20, 0x3, 0x1, 0xff}})
mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f0000001280), 0x4001, &(0x7f00000002c0)=ANY=[@ANYBLOB='max=0'])

9.212023374s ago: executing program 1 (id=1425):
socket$inet_smc(0x2b, 0x1, 0x0)
epoll_create1(0x0)
openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000fe050000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='sched_switch\x00', r3, 0x0, 0xffffffffffffffff}, 0x50)
syz_usb_connect$hid(0x4, 0x36, 0x0, 0x0)
syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x5885}, &(0x7f0000000340)=<r4=>0x0, &(0x7f0000000280))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
epoll_create1(0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000000080)='H', 0x1}], 0x1}, 0x0)
bind$bt_hci(r5, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
write$bt_hci(r5, &(0x7f0000000080)=ANY=[], 0x6)

7.575376304s ago: executing program 4 (id=1428):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x577b43, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e22, @multicast2}, 0x10)
ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000000)={0xb, @sdr})
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_SET(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=ANY=[], 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x4008001)
syz_open_dev$vim2m(&(0x7f0000000080), 0x7, 0x2)
pipe(&(0x7f0000000580))
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_open_dev$vbi(&(0x7f0000000000), 0x3, 0x2)
syz_open_dev$cec(&(0x7f0000000200), 0x0, 0x82)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000140))
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
r6 = getpid()
sched_setscheduler(r6, 0x3, &(0x7f0000000200)=0x4)
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f0000000000)=ANY=[@ANYRES16], &(0x7f0000000080)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
dup3(r4, r3, 0x0)
ioctl$BINDER_GET_NODE_DEBUG_INFO(r4, 0xc018620b, &(0x7f0000000240)={0x1})

6.568300017s ago: executing program 4 (id=1430):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000740)={0x2, <r1=>0x0}, 0x8)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/consoles\x00', 0x0, 0x0)
ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f0000000200)={r2, 0x0, {0x0, 0x0, 0x0, 0x400003d, 0x9, 0x0, 0x0, 0x8, 0x1c, "a5bff80066ef507540a2a54fcaf1860b5a61f8e207db0000930200000000000000cf61f3164a3790887d279d4afc7cfd1762729912aabe49227900", "c943e1db06869da66fb3d998ba914272ca193f8dd5ecfdc81f22af8042677e0b2543667e306c360ce82f41f7d0431065868f4a367fb9ec6ec8cbf57917653a8a", "f7a78adde4baffaed544f59b58ae3151b9dd0fe9ca443e8ae600", [0xfffffffffffffffd]}})
read$FUSE(r2, &(0x7f0000002180)={0x2020, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}, 0x2020)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x1c, 0x0, 0x0, 0x0, 0x5, 0x6c, &(0x7f0000000540)=""/108, 0x41000, 0x43, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x8, &(0x7f00000006c0)={0x0, 0x4}, 0x8, 0x10, 0x0, 0x0, r1, r2, 0x0, 0x0, 0x0, 0x10, 0xb, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffd}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = socket$nl_route(0x10, 0x3, 0x0)
wait4(r3, &(0x7f0000000040), 0x8, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @wireguard={{0xe}, {0x4}}}, @IFLA_MASTER={0x8, 0x3}]}, 0x40}, 0x1, 0xd}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_usb_control_io(0xffffffffffffffff, &(0x7f0000000700)={0x2c, &(0x7f0000000380)={0x0, 0x0, 0x2, {0x2}}, 0x0, 0x0, 0x0, 0x0}, 0x0)

6.554607367s ago: executing program 0 (id=1431):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000495"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r1}, 0x10)
r2 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x802, 0x0)
mmap$binder(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x1, 0x11, r2, 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000100)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$sysctl(0xffffffffffffff9c, 0x0, 0x1, 0x0)
r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x109842, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r4, 0xc0045005, &(0x7f0000000000)=0x3)
mmap$dsp(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000002, 0x8012, r4, 0x0)
writev(r4, 0x0, 0x0)
prctl$PR_SET_MM(0x23, 0xb, &(0x7f0000ffd000/0x1000)=nil)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
ioctl$TUNSETCARRIER(0xffffffffffffffff, 0x400454e2, &(0x7f0000000100))
ioctl$sock_bt_hci(r0, 0x400448cb, 0x0)

6.035499202s ago: executing program 1 (id=1434):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$can_bcm(0x1d, 0x2, 0x2)
seccomp$SECCOMP_GET_ACTION_AVAIL(0x2, 0x0, 0x0)
syz_open_dev$sndctrl(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, 0xffffffffffffffff, 0x10, &(0x7f00000002c0)={0x9})
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x20051, 0xffffffffffffffff, 0xce9e1000)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = fsopen(&(0x7f0000000080)='binder\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r4, 0x6, 0x0, 0x0, 0x0)
recvmmsg(r2, &(0x7f0000001840)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000340)=""/26, 0x1a}, {0x0, 0x38}], 0x2}, 0xe208}], 0x1, 0x40012023, 0x0)
connect$can_bcm(r2, &(0x7f00000000c0), 0x10)
r5 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000080)={'vcan0\x00', <r6=>0x0})
sendmsg$can_bcm(r2, &(0x7f0000000280)={&(0x7f0000000040)={0x1d, r6}, 0x10, &(0x7f0000000180)={&(0x7f0000000200)={0x1, 0x27, 0x2, {0x0, 0x2710}, {0x0, 0x2710}, {}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "c4f40c848d97a447"}}, 0x48}}, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
syz_open_procfs$namespace(0x0, &(0x7f0000000100)='ns/user\x00')

5.910131596s ago: executing program 4 (id=1435):
r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TCFLSH(r1, 0x540b, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
getdents64(r2, 0x0, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r5, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000bc0)={0xb0, r5, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x72, 0xe, {{{}, {}, @device_b, @device_b}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @val={0x3, 0x1}, @void, @void, @val={0x5, 0x3}, @void, @val={0x2a, 0x1}, @void, @val={0x2d, 0x1a, {0x800, 0x1, 0x2, 0x0, {0x1, 0x6, 0x0, 0x10, 0x0, 0x1, 0x1, 0x2, 0x1}, 0x400, 0x7f, 0x3}}, @val={0x72, 0x6}, @val={0x71, 0x7}, @val={0x76, 0x6}}}, @NL80211_ATTR_FTM_RESPONDER={0x8, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x971}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0xb0}, 0x1, 0x0, 0x0, 0x10}, 0x40)
sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000340)={&(0x7f0000000100), 0xc, &(0x7f00000002c0)={&(0x7f00000001c0)={0xec, r3, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_MESH_ID={0xa}, @mon_options=[@NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @device_b}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @broadcast}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa}, @NL80211_ATTR_MNTR_FLAGS={0x18, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_PLCPFAIL={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}]}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @device_b}], @NL80211_ATTR_4ADDR={0x5}, @mon_options=[@NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @device_b}, @NL80211_ATTR_MNTR_FLAGS={0xc, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_PLCPFAIL={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}]}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @device_b}], @NL80211_ATTR_4ADDR={0x5}, @mon_options=[@NL80211_ATTR_MNTR_FLAGS={0x14, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}, @NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}]}, @NL80211_ATTR_MNTR_FLAGS={0x18, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}]}], @NL80211_ATTR_4ADDR={0x5}, @NL80211_ATTR_4ADDR={0x5}]}, 0xec}, 0x1, 0x0, 0x0, 0x40000}, 0x24000010)
r7 = dup3(r0, r1, 0x0)
r8 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r7}, 0x2c, {'wfdno', 0x3d, r8}})

5.581084381s ago: executing program 3 (id=1436):
socket$netlink(0x10, 0x3, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f0000000680)=ANY=[@ANYBLOB="6d907bd12f9106bcbcc0858cd0583f151d846d681a341de2827eaea9624bcb1cbe1acdcf44e10c1e9dbed3938490742a37b594dfbce7f01e51902653cf9b92db9f1ea02b6327319c97a212f9b14c3e80a24c4d886da220f4aef18090b9a0aa64919507995857dd09dc22252a59ead7debe91a21aa777597d8576b4ab69cfd993b21c3a3aadaad02954a9eb616b10d7787b7a7b11d5136538a1aed9264219c64a7cb0e14b51c52ea6cf3795a6944a0b6bd57060b0441c620b0c6f7877000760c340fe567746fdb3f3c1cdd5aef8", @ANYRES8=0x0], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x5, 0x4}, 0x8, 0x10, &(0x7f0000000240)={0x3, 0x5, 0x4, 0x6}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
socket$nl_netfilter(0x10, 0x3, 0xc)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000040)=0x454e, 0x4)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0x0)
mount$9p_virtio(&(0x7f00000001c0), 0x0, 0x0, 0x0, &(0x7f0000000840)=ANY=[])
chdir(&(0x7f0000000280)='./file0\x00')
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000012c0)={{0x14}, [@NFT_MSG_NEWRULE={0x44, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x18, 0x4, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @redir={{0xa}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x6c}, 0x1, 0x0, 0x0, 0x4}, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb0800450000280003400000069078ac1414bbac1414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c1e008309780000"], 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000002c0)=[@in6={0xa, 0x0, 0x0, @private0}]}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_serviced\x00', 0x275a, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000008f40)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x14850}, 0x0)

5.140179284s ago: executing program 3 (id=1437):
r0 = fsopen(&(0x7f0000000100)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x2, &(0x7f00000003c0)='K[\':\x00', &(0x7f0000000500)="2850915b46bb19b1d39d7ebd4539afdbe9d2702a7eba1cc6d6be9f1076455a5b524ef97e061a52616ce434c54df92a0d67883141219f0e41451c93d0ae02463bf6c99273ef47a6bbe064cec049744ef90b86b8c69b75fbbf8416bb56bb80e2f964202d1ed7b19a3eb178f9a6d0417569d00e89dfea862d67f444455f0a6afb4c0d824f9a44d58f44bd07065f6dc1649dc03bc38a695bd7408231c937985d91ecc2c7c01ead61e45d2c9f25", 0xab)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000002c0), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r1, r4, 0x0, 0x5, &(0x7f0000000300)='ceph\x00'}, 0x30)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = fanotify_init(0x0, 0x800)
ioctl$TUNSETOFFLOAD(r5, 0x541b, 0x87376f29c30fe949)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r6 = syz_open_procfs(0x0, 0x0)
pread64(r6, &(0x7f0000000080)=""/254, 0xfe, 0x10000000001100)
r7 = openat$nci(0xffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r7, 0x0, &(0x7f00000000c0)=<r8=>0x0)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NFC_CMD_DEV_UP(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, 0x0, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r8}]}, 0x1c}}, 0x0)
read$nci(r7, &(0x7f0000000200)=""/100, 0x64)
write$nci(r7, &(0x7f0000000280)=@NCI_OP_CORE_RESET_RSP, 0x6)
write$nci(r7, &(0x7f0000000340)=@NCI_OP_CORE_INIT_RSP, 0x14)
sendmsg$NFC_CMD_START_POLL(r9, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x14, 0x0, 0x1, 0x123, 0x234}, 0x14}}, 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f00000000c0)='source', &(0x7f0000000000)='::,\n-&\xf5\xcc\xd7\x06f\xcdY\xb9\xc7\x9d\xb2a\r\xd7\xef\xc5\x112i\x88\n\x13.\xd6\xfa\xd5?\xc7\xfd&\x8d*\xbb\xa7&,\xe9\xa3\'\x91>C\x1b\x15\x87\xeb\xfe\x1c\x9d\\C\xfeI\'\xae\x8fKHq\x89\x83\xbb\x9dC\xd6Hy\x04\xa4\xb6\x88\xdb\xa1b\xae\xa7\x87\xcc\xc7\xa4\xdc\n:///\x00\x00\x00\x85^\x00\x0f\bu\x01\xab\x8c\x95?\x90\x8d_r\xe7\r\'-06,\xff\x84x\'+\xd5\xd4?[e\x19\xa3\\J\xe9\x8a\xb9\xe4r\x93\xb3\xd3J \x06\x03\xae', 0xfeffffff00000000)

4.90723514s ago: executing program 4 (id=1438):
chdir(0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x101c42, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x0, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000005, 0x12, r1, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@newlink={0x48, 0x10, 0x1, 0x0, 0xfffffffe, {0x0, 0x0, 0x0, 0x0, 0x8}, [@IFLA_VFINFO_LIST={0x14, 0x16, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, [@IFLA_VF_LINK_STATE={0xc, 0x5, {0x81000000, 0x9}}]}]}, @IFLA_IFNAME={0x14, 0x3, 'ipvlan0\x00'}]}, 0x48}}, 0x0)
ioctl$BLKROSET(r0, 0x125d, &(0x7f00000011c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f00009f0000/0x4000)=nil, 0x4000, 0x13)
stat(&(0x7f0000000c00)='./bus\x00', &(0x7f00000004c0))

4.251234378s ago: executing program 2 (id=1439):
socket$key(0xf, 0x3, 0x2)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000400)='fd/4\x00')
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0xfffffffffffffffe}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet6_IPV6_HOPOPTS(0xffffffffffffffff, 0x29, 0x36, 0x0, 0x18)
syz_emit_ethernet(0x1a, &(0x7f0000000500)={@broadcast, @empty, @val={@void}, {@llc_tr={0x11, {@snap={0x0, 0x0, "f2", "95b02d"}}}}}, 0x0)
r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$F2FS_IOC_START_VOLATILE_WRITE(r2, 0x40186f40, 0x20000502)
getsockopt$inet_buf(r1, 0x0, 0x30, 0x0, &(0x7f0000000140)=0x90)
r3 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x16)
fcntl$getownex(r3, 0x10, &(0x7f0000000040)={0x0, <r4=>0x0})
ptrace$setopts(0x4206, r4, 0x863e, 0x0)
ioctl$sock_FIOSETOWN(r1, 0x8901, &(0x7f00000000c0))
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000002c0), 0x4)
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000001c0)={{{@in6=@loopback, @in6=@local}}, {{@in=@multicast1}, 0x0, @in6}}, &(0x7f0000000000)=0xe8)
getsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x29, &(0x7f0000000000)=""/145, &(0x7f0000695ffc)=0x24b)
socket$inet6(0xa, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x420000008b}, 0x0)

4.129580416s ago: executing program 3 (id=1440):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0x8604}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x0, 0x0)
add_key$keyring(&(0x7f0000000180), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$keyring(&(0x7f0000000100), &(0x7f0000000240)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe)
socket$nl_xfrm(0x10, 0x3, 0x6)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000600)=@newtaction={0x5c, 0x30, 0xb, 0x0, 0x0, {}, [{0x48, 0x1, [@m_ct={0x44, 0x1, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x0, 0x3, 0xe}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x5c}}, 0x0)
r4 = socket$inet6(0xa, 0x3, 0x7)
socket$inet6_udplite(0xa, 0x2, 0x88)
connect$inet6(r4, &(0x7f00000000c0)={0xa, 0x0, 0x4, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@dev={0xfe, 0x80, '\x00', 0x39}, @in6=@loopback, 0x4e21, 0x0, 0x4e20, 0x0, 0xa, 0x0, 0x20}, {0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x4, 0x3}, {0x2000000000000000}, 0x0, 0x6e6bb9, 0x1}, {{@in=@broadcast, 0xfffffffc, 0x33}, 0x0, @in=@empty, 0x0, 0x3, 0x1, 0x7}}, 0xe8)
ftruncate(0xffffffffffffffff, 0x51a9497)
sendmmsg(r4, &(0x7f0000000480), 0x2e9, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@mpls_getroute={0x1c, 0x1a, 0x9e8a232eead7a86d, 0x0, 0x0, {0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd00}}, 0x1c}}, 0x0)
getsockopt$inet_sctp6_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f00000000c0)={0x0, 0x27}, &(0x7f0000000100)=0x8)

3.504229017s ago: executing program 3 (id=1441):
socket$nl_generic(0x10, 0x3, 0x10)
openat$mixer(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5)
r2 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000140))
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x0, &(0x7f0000000100), 0xc06620, 0x4)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x8010, 0xffffffffffffffff, 0x0)
syz_io_uring_complete(r3)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r4 = inotify_init()
r5 = creat(&(0x7f0000000100)='./file0\x00', 0x0)
inotify_add_watch(r4, &(0x7f0000000240)='./file0\x00', 0x8c7)
write$binfmt_elf32(r5, &(0x7f0000000040)=ANY=[], 0x69)
socket$isdn(0x22, 0x3, 0x23)
mknod(&(0x7f0000000080)='./bus\x00', 0x1000, 0x0)
r6 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0)
r7 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
tee(r6, r7, 0x3, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x0, &(0x7f00000000c0), 0xc06620, 0x4)
ioctl$UFFDIO_COPY(r2, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000adb000/0x2000)=nil, &(0x7f0000fee000/0x11000)=nil, 0x2000})
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)

3.393044714s ago: executing program 2 (id=1442):
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
r1 = add_key$user(&(0x7f0000000080), &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000540)="0706675823b8a37f19b37e0f9f120663b78a6a322f28cb301825eddc42c667fc68923d7df9f4c1843c5f11b63d2684fff43955079736fa4c80100487c31c09706b6bf145eb1baf416d2681491bd6a3098fe1a6741d65b085b4075db8419d9e6d17b1eec4dfb860a71d61af753459bcc5ea1f20d6c1c74afda3b0c08bf98886eaac01b08aa753b8727f25773c98cd6a78c06b758992b03b81e2e09cf103dc16a5658a3b58626b457ee4773d41b3548f2258a2e11cc22555da4ef9035cbfe8dc1e", 0xc0, r0)
r2 = add_key$user(&(0x7f0000000180), &(0x7f0000000340)={'syz', 0x3}, &(0x7f0000000140)="04", 0x1, 0xfffffffffffffffe)
keyctl$dh_compute(0x17, &(0x7f00000001c0)={r2, r1, r2}, &(0x7f0000000240)=""/249, 0xf9, &(0x7f0000000400)={&(0x7f0000000100)={'poly1305\x00'}})
r3 = socket(0xa, 0x5, 0xf5cd)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r4 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000380)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
ppoll(&(0x7f0000000200)=[{r4}], 0x1, 0x0, 0x0, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
sync_file_range(r5, 0x0, 0x0, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="1e00000003000000fcffffff000000000c000000", @ANYRES32, @ANYBLOB='\a\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0100000002000000000000000e000000000000000000000000ea0000"], 0x50)
ioctl$FS_IOC_FSGETXATTR(r6, 0x801c581f, 0x0)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000bc0)={{0x1, 0x1, 0x18, <r7=>r3, {0x2}}, './file0\x00'})
r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
ioctl$TCSETS(r8, 0x5402, &(0x7f0000004500)={0x0, 0x0, 0x0, 0x0, 0x0, "1241b72d7fffff5b000f000000462200"})
write$binfmt_aout(r8, &(0x7f0000000080)=ANY=[], 0xff2e)
ioctl$TCSETS(r8, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000279600"})
r9 = syz_open_pts(r8, 0x0)
ioctl$TCSETS(r9, 0x5402, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1ff, 0x0, "f937267f0f7ba57603a6a12e3f0a7f64c64c56"})
r10 = dup(r9)
read$FUSE(r10, &(0x7f0000000380)={0x2020}, 0x2020)
read$FUSE(r10, &(0x7f0000004540)={0x2020}, 0x2020)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000c80)={0x11, 0x14, &(0x7f0000000440)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x2}, {}, {}, [@map_idx_val={0x18, 0x0, 0x6, 0x0, 0x9, 0x0, 0x0, 0x0, 0x3}, @generic={0x40, 0x6, 0x7, 0xe1, 0x8}, @map_val={0x18, 0x3, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000500)='GPL\x00', 0x9, 0xb1, &(0x7f0000000600)=""/177, 0x40f00, 0x42, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000a80)={0x1, 0x5}, 0x8, 0x10, &(0x7f0000000ac0)={0x0, 0x6, 0xa, 0x1ff}, 0x10, 0x0, 0x0, 0x2, &(0x7f0000000c00)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r4, r3, r5, r6, r7, r10], &(0x7f0000000c40)=[{0x0, 0x3, 0x0, 0xd}, {0x1, 0x2, 0x5}], 0x10, 0x58, @void, @value}, 0x94)
r11 = syz_open_dev$evdev(&(0x7f0000000140), 0x0, 0x0)
ioctl$EVIOCGREP(r11, 0x40044591, 0x0)
r12 = syz_open_dev$evdev(&(0x7f0000000180), 0x0, 0x0)
ioctl$EVIOCSKEYCODE_V2(r12, 0x80104592, &(0x7f0000000040)={0x0, 0x0, 0x0, 0xfffffffe, "00207d2000000000201b14700c1e0ac74f000000001200000000000900"})
ioctl$BTRFS_IOC_ADD_DEV(r11, 0x5000940a, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r3, 0x0, 0x80, 0x0, 0x3c0)

3.27404909s ago: executing program 4 (id=1443):
socket$key(0xf, 0x3, 0x2)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
setsockopt$inet6_int(r0, 0x29, 0x8, &(0x7f0000000000)=0x3, 0x4)
syz_emit_ethernet(0x4a, &(0x7f0000000080)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "2a8435", 0x14, 0x6, 0x0, @empty, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x4, 0x5, 0xc2}}}}}}}, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0x6046, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
dup2(r1, r0)
syz_emit_ethernet(0x4a, &(0x7f0000000500)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "8a9646", 0x14, 0x6, 0x0, @empty, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x7}}}}}}}, 0x0)

3.119911269s ago: executing program 4 (id=1444):
r0 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000340)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$SO_BINDTODEVICE(r1, 0x1, 0x49, 0x0, 0x20000000)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000040), 0x208e24b)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f00000002c0)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r3}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000076100f04ddea67b3b8140085000000030000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180), &(0x7f0000000200), 0x3, r4}, 0x38)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000c00)={&(0x7f0000000100)='kmem_cache_free\x00', r5}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_LINK_SET(r7, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000080)={0x40, r8, 0x601, 0x0, 0x0, {}, [@TIPC_NLA_PUBL={0x2c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x3}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x1}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x100}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x9}]}]}, 0x40}}, 0x0)
sendmsg$TIPC_NL_NET_SET(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000740)={0x38, r8, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_NET={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x101}, @TIPC_NLA_NET_NODEID={0xc}]}]}, 0x38}}, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x104202, 0x0)
r9 = fsopen(&(0x7f0000000200)='cramfs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r9, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040), 0x0)
r10 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
connect$llc(r10, &(0x7f00000001c0)={0x1a, 0x0, 0x0, 0x8, 0x0, 0x0, @dev}, 0x10)
sendmsg$sock(r10, &(0x7f00000002c0)={&(0x7f0000005440)=@caif, 0x80, 0x0, 0x0, &(0x7f0000005580)}, 0x8001)
sendfile(r10, r2, 0x0, 0xffefffff)

2.755694926s ago: executing program 1 (id=1445):
r0 = socket$inet6_dccp(0xa, 0x6, 0x0)
write(r0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, 0x0, 0x32002, 0x12)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000100)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000000)={0x73622a85, 0x110a, 0x3})
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
socket$inet6_udp(0xa, 0x2, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x2001, 0x0)
clock_adjtime(0xffffffd3, &(0x7f0000000340)={0x9, 0x0, 0x1, 0x0, 0x0, 0x1, 0x40, 0x0, 0x0, 0xfc, 0x0, 0x0, 0x0, 0x3, 0x4777, 0x0, 0x8, 0x4, 0x101, 0xff, 0x0, 0x0, 0x4, 0x2, 0x0, 0x2})
dup3(r3, r2, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r5 = io_uring_setup(0x497c, &(0x7f00000001c0)={0x0, 0x2b557, 0x80})
pipe2$watch_queue(&(0x7f00000002c0)={0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x80)
ioctl$IOC_WATCH_QUEUE_SET_SIZE(r6, 0x5760, 0x5e)
close_range(r5, 0xffffffffffffffff, 0x0)

2.678714139s ago: executing program 0 (id=1446):
r0 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000340)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$SO_BINDTODEVICE(r1, 0x1, 0x49, 0x0, 0x20000000)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000040), 0x208e24b)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f00000002c0)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r3}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000076100f04ddea67b3b8140085000000030000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180), &(0x7f0000000200), 0x3, r4}, 0x38)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000c00)={&(0x7f0000000100)='kmem_cache_free\x00', r5}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_LINK_SET(r7, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000080)={0x40, r8, 0x601, 0x0, 0x0, {}, [@TIPC_NLA_PUBL={0x2c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x3}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x1}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x100}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x9}]}]}, 0x40}}, 0x0)
sendmsg$TIPC_NL_NET_SET(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000740)={0x38, r8, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_NET={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x101}, @TIPC_NLA_NET_NODEID={0xc}]}]}, 0x38}}, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x104202, 0x0)
fsopen(&(0x7f0000000200)='cramfs\x00', 0x0)
r9 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
connect$llc(r9, &(0x7f00000001c0)={0x1a, 0x0, 0x0, 0x8, 0x0, 0x0, @dev}, 0x10)
sendmsg$sock(r9, &(0x7f00000002c0)={&(0x7f0000005440)=@caif, 0x80, 0x0, 0x0, &(0x7f0000005580)}, 0x8001)
sendfile(r9, r2, 0x0, 0xffefffff)

2.600918697s ago: executing program 3 (id=1447):
socket$nl_generic(0x10, 0x3, 0x10)
openat$mixer(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000000240)=[{{0x0, 0xfffffffffffffea7, 0x0, 0x0, 0x0, 0xfffffffffffffec8}}], 0x4000000000002c5, 0x2, 0x0)
r3 = socket(0x2, 0x3, 0x80000000002)
setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000140)='veth1_virt_wifi\x00', 0x10)
sendto$unix(r3, 0x0, 0xa00, 0x0, &(0x7f0000000180)=@abs={0x0, 0x0, 0x10000e0}, 0x6e)
socket$nl_netfilter(0x10, 0x3, 0xc)
timer_create(0x7, &(0x7f0000000280)={0x0, 0x4, 0x4, @thr={&(0x7f0000000340)="50890ef26c678aade6e41c14b0ec1d18b12cfb1678f2285203d559794b69cf4c17148cd0891e9501f7a048243d27c7de7def4c84ae95a126d9fccf6e6c15d70a41d3ea34a22ca852f907928209e976363aed6d78cbe64113a48a0231ca33361ed456cb", &(0x7f00000003c0)="dc49d093fae1d6dc5985ae15351a82dd13409e23ebd2ea88aaa9be9ace9804be98ec7b3a6084bc4fd4560882ad18bb8264d58e4401667d58a845b90c553bdef896784f876154dad64cb06e3c77f4011d2f439a4429e36b3335718f22d8f335d6c2dfdf"}}, &(0x7f0000000440))
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0)
socket$netlink(0x10, 0x3, 0x0)

2.353482298s ago: executing program 2 (id=1448):
socketpair$unix(0x1, 0x3, 0x0, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000fe050000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={0x0, r3, 0x0, 0xffffffffffffffff}, 0x18)
syz_usb_connect$hid(0x4, 0x36, 0x0, 0x0)
syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x5885}, &(0x7f0000000340)=<r4=>0x0, &(0x7f0000000280))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
epoll_create1(0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000000080)='H', 0x1}], 0x1}, 0x0)
bind$bt_hci(r5, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
write$bt_hci(r5, &(0x7f0000000080)=ANY=[], 0x6)

1.334867641s ago: executing program 3 (id=1449):
socket$inet_tcp(0x2, 0x1, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x3)
syz_open_procfs(0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x800000001, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x1)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
gettid()
socket$key(0xf, 0x3, 0x2)
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x4000)=nil, 0x4000, &(0x7f0000000000)='--\x00')
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0)

758.922078ms ago: executing program 0 (id=1450):
r0 = fsopen(&(0x7f0000000100)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x2, &(0x7f00000003c0)='K[\':\x00', &(0x7f0000000500)="2850915b46bb19b1d39d7ebd4539afdbe9d2702a7eba1cc6d6be9f1076455a5b524ef97e061a52616ce434c54df92a0d67883141219f0e41451c93d0ae02463bf6c99273ef47a6bbe064cec049744ef90b86b8c69b75fbbf8416bb56bb80e2f964202d1ed7b19a3eb178f9a6d0417569d00e89dfea862d67f444455f0a6afb4c0d824f9a44d58f44bd07065f6dc1649dc03bc38a695bd7408231c937985d91ecc2c7c01ead61e45d2c9f25", 0xab)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000002c0), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r1, r4, 0x0, 0x5, &(0x7f0000000300)='ceph\x00'}, 0x30)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = fanotify_init(0x0, 0x800)
ioctl$TUNSETOFFLOAD(r5, 0x541b, 0x87376f29c30fe949)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r6 = syz_open_procfs(0x0, 0x0)
pread64(r6, &(0x7f0000000080)=""/254, 0xfe, 0x10000000001100)
r7 = openat$nci(0xffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r7, 0x0, &(0x7f00000000c0)=<r8=>0x0)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NFC_CMD_DEV_UP(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, 0x0, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r8}]}, 0x1c}}, 0x0)
read$nci(r7, &(0x7f0000000200)=""/100, 0x64)
write$nci(r7, &(0x7f0000000280)=@NCI_OP_CORE_RESET_RSP, 0x6)
write$nci(r7, &(0x7f0000000340)=@NCI_OP_CORE_INIT_RSP, 0x14)
sendmsg$NFC_CMD_START_POLL(r9, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x14, 0x0, 0x1, 0x123, 0x234}, 0x14}}, 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f00000000c0)='source', &(0x7f0000000000)='::,\n-&\xf5\xcc\xd7\x06f\xcdY\xb9\xc7\x9d\xb2a\r\xd7\xef\xc5\x112i\x88\n\x13.\xd6\xfa\xd5?\xc7\xfd&\x8d*\xbb\xa7&,\xe9\xa3\'\x91>C\x1b\x15\x87\xeb\xfe\x1c\x9d\\C\xfeI\'\xae\x8fKHq\x89\x83\xbb\x9dC\xd6Hy\x04\xa4\xb6\x88\xdb\xa1b\xae\xa7\x87\xcc\xc7\xa4\xdc\n:///\x00\x00\x00\x85^\x00\x0f\bu\x01\xab\x8c\x95?\x90\x8d_r\xe7\r\'-06,\xff\x84x\'+\xd5\xd4?[e\x19\xa3\\J\xe9\x8a\xb9\xe4r\x93\xb3\xd3J \x06\x03\xae', 0xfeffffff00000000)

497.902793ms ago: executing program 1 (id=1451):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0x8604}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x0, 0x0)
add_key$keyring(&(0x7f0000000180), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$keyring(&(0x7f0000000100), &(0x7f0000000240)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe)
socket$nl_xfrm(0x10, 0x3, 0x6)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000600)=@newtaction={0x5c, 0x30, 0xb, 0x0, 0x0, {}, [{0x48, 0x1, [@m_ct={0x44, 0x1, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x0, 0x3, 0xe}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x5c}}, 0x0)
r4 = socket$inet6(0xa, 0x3, 0x7)
socket$inet6_udplite(0xa, 0x2, 0x88)
connect$inet6(r4, &(0x7f00000000c0)={0xa, 0x0, 0x4, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@dev={0xfe, 0x80, '\x00', 0x39}, @in6=@loopback, 0x4e21, 0x0, 0x4e20, 0x0, 0xa, 0x0, 0x20}, {0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x4, 0x3}, {0x2000000000000000}, 0x0, 0x6e6bb9, 0x1}, {{@in=@broadcast, 0xfffffffc, 0x33}, 0x0, @in=@empty, 0x0, 0x3, 0x1, 0x7}}, 0xe8)
ftruncate(0xffffffffffffffff, 0x51a9497)
sendmmsg(r4, &(0x7f0000000480), 0x2e9, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@mpls_getroute={0x1c, 0x1a, 0x9e8a232eead7a86d, 0x0, 0x0, {0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd00}}, 0x1c}}, 0x0)
getsockopt$inet_sctp6_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f00000000c0)={0x0, 0x27}, &(0x7f0000000100)=0x8)

0s ago: executing program 1 (id=1452):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv4_newrule={0x2c, 0x20, 0x1, 0x0, 0x0, {0x2, 0x20}, [@FRA_DST={0x8, 0x1, @local}, @FRA_GENERIC_POLICY=@FRA_IP_PROTO={0x5, 0x16, 0x2f}]}, 0x2c}}, 0x0)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x3a, 0x40, 0x0, 0x0)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000240)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000300)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r5 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
newfstatat(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, <r6=>0x0}, 0x400)
mount$bpf(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0x82000, &(0x7f00000003c0)={[{@gid}, {@mode={'mode', 0x3d, 0xc3a}}, {@mode={'mode', 0x3d, 0x400}}, {@gid={'gid', 0x3d, r6}}], [{@hash}, {@seclabel}, {@dont_appraise}, {@smackfsfloor={'smackfsfloor', 0x3d, '/dev/nullb0\x00'}}, {@dont_appraise}]})
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000080)=@bpf_lsm={0xd, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x1b, r5, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bind$inet(r1, 0x0, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x248000, 0x0)
connect$inet(r1, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10)
r7 = syz_open_procfs(0x0, &(0x7f0000000240)='gid_map\x00')
writev(r7, 0x0, 0x0)
shutdown(r1, 0x1)
socket$kcm(0x29, 0x7, 0x0)

kernel console output (not intermixed with test programs):

emulating exchange as write
[  276.295548][ T5878] usb 3-1: Using ep0 maxpacket: 16
[  276.302300][ T5878] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  276.323551][ T5878] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  276.378545][ T5878] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  276.418619][ T5878] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  276.444605][ T5878] usb 3-1: config 0 descriptor??
[  276.486011][   T29] audit: type=1400 audit(1730768452.039:422): avc:  denied  { nlmsg_write } for  pid=8457 comm="syz.3.650" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  277.216771][ T5878] usbhid 3-1:0.0: can't add hid device: -71
[  277.327010][ T5878] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  277.477069][ T5878] usb 3-1: USB disconnect, device number 5
[  278.589709][ T8482] sg_write: data in/out 25/70 bytes for SCSI command 0x5-- guessing data in;
[  278.589709][ T8482]    program syz.1.657 not setting count and/or reply_len properly
[  279.115413][ T8491] rdma_rxe: rxe_newlink: failed to add team_slave_1
[  279.123469][ T8491] netlink: 56 bytes leftover after parsing attributes in process `syz.0.659'.
[  279.614672][ T8501] FAULT_INJECTION: forcing a failure.
[  279.614672][ T8501] name failslab, interval 1, probability 0, space 0, times 0
[  279.642345][ T8501] CPU: 1 UID: 0 PID: 8501 Comm: syz.0.662 Not tainted 6.12.0-rc6-syzkaller-00005-g557329bcecc2 #0
[  279.652983][ T8501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  279.663054][ T8501] Call Trace:
[  279.666339][ T8501]  <TASK>
[  279.669272][ T8501]  dump_stack_lvl+0x16c/0x1f0
[  279.673962][ T8501]  should_fail_ex+0x497/0x5b0
[  279.678647][ T8501]  ? fs_reclaim_acquire+0xae/0x150
[  279.683767][ T8501]  should_failslab+0xc2/0x120
[  279.688455][ T8501]  __kmalloc_noprof+0xcb/0x400
[  279.693224][ T8501]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  279.698867][ T8501]  tomoyo_realpath_from_path+0xb9/0x720
[  279.704427][ T8501]  ? tomoyo_path_number_perm+0x232/0x590
[  279.710075][ T8501]  tomoyo_path_number_perm+0x245/0x590
[  279.715542][ T8501]  ? tomoyo_path_number_perm+0x232/0x590
[  279.721182][ T8501]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  279.727220][ T8501]  ? trace_lock_acquire+0x14a/0x1d0
[  279.732456][ T8501]  ? lock_acquire+0x2f/0xb0
[  279.736974][ T8501]  ? __fget_files+0x40/0x3f0
[  279.741590][ T8501]  ? __fget_files+0x244/0x3f0
[  279.746290][ T8501]  security_file_ioctl+0x9b/0x240
[  279.751327][ T8501]  __x64_sys_ioctl+0xbb/0x220
[  279.756037][ T8501]  do_syscall_64+0xcd/0x250
[  279.760569][ T8501]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  279.766487][ T8501] RIP: 0033:0x7f4f9457e719
[  279.770909][ T8501] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  279.790529][ T8501] RSP: 002b:00007f4f952a2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  279.799042][ T8501] RAX: ffffffffffffffda RBX: 00007f4f94736058 RCX: 00007f4f9457e719
[  279.807022][ T8501] RDX: 0000000020000000 RSI: 00000000c0984124 RDI: 0000000000000006
[  279.815001][ T8501] RBP: 00007f4f952a2090 R08: 0000000000000000 R09: 0000000000000000
[  279.822980][ T8501] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  279.830962][ T8501] R13: 0000000000000001 R14: 00007f4f94736058 R15: 00007fff170b2d28
[  279.838979][ T8501]  </TASK>
[  279.914952][ T8501] ERROR: Out of memory at tomoyo_realpath_from_path.
[  281.208165][   T29] audit: type=1400 audit(1730768456.709:423): avc:  denied  { mounton } for  pid=8522 comm="syz.1.668" path="/dev/binderfs" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  281.244824][   T29] audit: type=1400 audit(1730768456.799:424): avc:  denied  { append } for  pid=8522 comm="syz.1.668" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  281.954184][ T8535] sg_write: data in/out 25/70 bytes for SCSI command 0x5-- guessing data in;
[  281.954184][ T8535]    program syz.0.671 not setting count and/or reply_len properly
[  283.135560][   T29] audit: type=1804 audit(1730768458.639:425): pid=8540 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.1.672" name="/newroot/149/file0/bus" dev="ramfs" ino=18496 res=1 errno=0
[  283.205441][   T29] audit: type=1800 audit(1730768458.689:426): pid=8540 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.1.672" name="bus" dev="ramfs" ino=18496 res=0 errno=0
[  283.454155][   T29] audit: type=1400 audit(1730768459.009:427): avc:  denied  { unmount } for  pid=5823 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[  286.452835][   T29] audit: type=1400 audit(1730768461.629:428): avc:  denied  { read } for  pid=8572 comm="syz.2.681" name="autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  286.594910][   T29] audit: type=1400 audit(1730768461.639:429): avc:  denied  { open } for  pid=8572 comm="syz.2.681" path="/dev/autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  286.635650][ T8581] sg_write: data in/out 25/70 bytes for SCSI command 0x5-- guessing data in;
[  286.635650][ T8581]    program syz.0.683 not setting count and/or reply_len properly
[  286.675482][   T29] audit: type=1400 audit(1730768461.639:430): avc:  denied  { ioctl } for  pid=8572 comm="syz.2.681" path="/dev/autofs" dev="devtmpfs" ino=98 ioctlcmd=0x937e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  288.018318][ T8595] netlink: 20 bytes leftover after parsing attributes in process `syz.0.686'.
[  289.121763][   T29] audit: type=1400 audit(1730768464.659:431): avc:  denied  { map } for  pid=8604 comm="syz.3.691" path="/dev/sg0" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  290.001592][   T29] audit: type=1326 audit(1730768465.549:432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8626 comm="syz.0.694" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f9457e719 code=0x7ffc0000
[  290.024838][    C1] vkms_vblank_simulate: vblank timer overrun
[  290.041398][   T29] audit: type=1326 audit(1730768465.549:433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8626 comm="syz.0.694" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f9457e719 code=0x7ffc0000
[  290.066018][   T29] audit: type=1326 audit(1730768465.549:434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8626 comm="syz.0.694" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4f9457e719 code=0x7ffc0000
[  290.089299][    C1] vkms_vblank_simulate: vblank timer overrun
[  290.096216][   T29] audit: type=1326 audit(1730768465.559:435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8626 comm="syz.0.694" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f9457e719 code=0x7ffc0000
[  290.122362][   T29] audit: type=1326 audit(1730768465.559:436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8626 comm="syz.0.694" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4f9457e719 code=0x7ffc0000
[  290.170364][   T29] audit: type=1326 audit(1730768465.559:437): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8626 comm="syz.0.694" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f9457e719 code=0x7ffc0000
[  290.443010][ T8642] syz2: rxe_newlink: already configured on team_slave_1
[  290.824518][   T29] audit: type=1326 audit(1730768465.559:438): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8626 comm="syz.0.694" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f9457e719 code=0x7ffc0000
[  290.865588][   T29] audit: type=1326 audit(1730768465.589:439): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8626 comm="syz.0.694" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f4f9457e719 code=0x7ffc0000
[  290.888771][    C1] vkms_vblank_simulate: vblank timer overrun
[  290.895891][   T29] audit: type=1326 audit(1730768465.589:440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8626 comm="syz.0.694" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f9457e719 code=0x7ffc0000
[  293.327055][   T25] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  294.321995][ T8675] netlink: 40 bytes leftover after parsing attributes in process `syz.4.707'.
[  294.435128][   T25] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 184, using maximum allowed: 30
[  294.446282][   T25] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  294.458297][   T25] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  294.468289][   T25] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 184
[  294.490791][   T25] usb 3-1: New USB device found, idVendor=056a, idProduct=0303, bcdDevice= 0.00
[  294.506183][   T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  294.654109][   T25] usb 3-1: config 0 descriptor??
[  294.881920][ T8660] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  294.906665][ T8660] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  295.025924][   T25] usb 3-1: USB disconnect, device number 6
[  295.467282][   T29] kauditd_printk_skb: 24 callbacks suppressed
[  295.467300][   T29] audit: type=1400 audit(1730768471.019:465): avc:  denied  { nlmsg_read } for  pid=8691 comm="syz.0.710" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  295.648492][ T8701] rdma_rxe: rxe_newlink: failed to add team_slave_1
[  296.573520][   T29] audit: type=1400 audit(1730768472.099:466): avc:  denied  { append } for  pid=8715 comm="syz.2.716" name="sg0" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  296.687240][ T8722] rdma_rxe: rxe_newlink: failed to add team_slave_1
[  296.695391][ T8722] netlink: 56 bytes leftover after parsing attributes in process `syz.4.717'.
[  297.379337][ T5907] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  297.581925][ T5907] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[  297.737786][ T5907] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  297.956011][ T5907] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  297.964638][ T5907] usb 3-1: Product: syz
[  297.969851][ T5907] usb 3-1: Manufacturer: syz
[  297.974618][ T5907] usb 3-1: SerialNumber: syz
[  299.003318][ T5907] cdc_ncm 3-1:1.0: failed to get mac address
[  299.012179][ T5907] cdc_ncm 3-1:1.0: bind() failure
[  299.030275][ T5907] cdc_ncm 3-1:1.1: probe with driver cdc_ncm failed with error -71
[  299.042157][ T5907] cdc_mbim 3-1:1.1: probe with driver cdc_mbim failed with error -71
[  299.055639][ T5907] usbtest 3-1:1.1: probe with driver usbtest failed with error -71
[  299.780034][ T5907] usb 3-1: USB disconnect, device number 7
[  299.975994][ T8754] netlink: 56 bytes leftover after parsing attributes in process `syz.4.726'.
[  301.656574][   T29] audit: type=1400 audit(1730768477.209:467): avc:  denied  { read } for  pid=8769 comm="syz.2.731" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  301.723909][   T29] audit: type=1400 audit(1730768477.229:468): avc:  denied  { open } for  pid=8769 comm="syz.2.731" path="/149/file0" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  301.732595][ T8773] FAULT_INJECTION: forcing a failure.
[  301.732595][ T8773] name failslab, interval 1, probability 0, space 0, times 0
[  301.755979][   T29] audit: type=1800 audit(1730768477.239:469): pid=8770 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.2.731" name="/" dev="9p" ino=2 res=0 errno=0
[  301.771464][ T8773] CPU: 0 UID: 0 PID: 8773 Comm: syz.4.732 Not tainted 6.12.0-rc6-syzkaller-00005-g557329bcecc2 #0
[  301.783701][   T25] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  301.789233][ T8773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  301.789251][ T8773] Call Trace:
[  301.810076][ T8773]  <TASK>
[  301.813015][ T8773]  dump_stack_lvl+0x16c/0x1f0
[  301.817711][ T8773]  should_fail_ex+0x497/0x5b0
[  301.822405][ T8773]  ? fs_reclaim_acquire+0xae/0x150
[  301.823655][   T29] audit: type=1400 audit(1730768477.309:470): avc:  denied  { unmount } for  pid=5832 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  301.827512][ T8773]  should_failslab+0xc2/0x120
[  301.827541][ T8773]  kmem_cache_alloc_noprof+0x6e/0x2f0
[  301.827563][ T8773]  ? getname_flags.part.0+0x4c/0x550
[  301.827585][ T8773]  ? vfs_write+0x306/0x1150
[  301.827615][ T8773]  getname_flags.part.0+0x4c/0x550
[  301.827642][ T8773]  getname+0x8d/0xe0
[  301.827669][ T8773]  do_sys_openat2+0x104/0x1e0
[  301.881211][ T8773]  ? __pfx_do_sys_openat2+0x10/0x10
[  301.886436][ T8773]  ? __fget_files+0x244/0x3f0
[  301.891146][ T8773]  __x64_sys_openat+0x175/0x210
[  301.896013][ T8773]  ? __pfx___x64_sys_openat+0x10/0x10
[  301.901375][ T8773]  ? ksys_write+0x1ad/0x260
[  301.905874][ T8773]  do_syscall_64+0xcd/0x250
[  301.910372][ T8773]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  301.916290][ T8773] RIP: 0033:0x7f2ffb57e719
[  301.920696][ T8773] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  301.940297][ T8773] RSP: 002b:00007f2ffc3a6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  301.948702][ T8773] RAX: ffffffffffffffda RBX: 00007f2ffb735f80 RCX: 00007f2ffb57e719
[  301.956660][ T8773] RDX: 0000000000000000 RSI: 0000000020000180 RDI: ffffffffffffff9c
[  301.964618][ T8773] RBP: 00007f2ffc3a6090 R08: 0000000000000000 R09: 0000000000000000
[  301.972575][ T8773] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  301.980530][ T8773] R13: 0000000000000000 R14: 00007f2ffb735f80 R15: 00007ffc46557cd8
[  301.988503][ T8773]  </TASK>
[  301.991618][    C0] vkms_vblank_simulate: vblank timer overrun
[  302.004142][   T25] usb 1-1: Using ep0 maxpacket: 16
[  302.014434][   T25] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  302.022461][   T25] usb 1-1: config 0 has no interface number 0
[  302.046313][   T25] usb 1-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  302.088635][   T25] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  302.097328][   T25] usb 1-1: Product: syz
[  302.159080][ T8780] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 3976
[  302.188394][   T29] audit: type=1400 audit(1730768477.709:471): avc:  denied  { write } for  pid=8779 comm="syz.4.735" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  302.268050][   T25] usb 1-1: Manufacturer: syz
[  302.272796][   T25] usb 1-1: SerialNumber: syz
[  302.285095][   T25] usb 1-1: config 0 descriptor??
[  302.293251][   T25] gspca_main: spca1528-2.14.0 probing 04fc:1528
[  302.433211][   T29] audit: type=1400 audit(1730768477.869:472): avc:  denied  { mount } for  pid=8785 comm="syz.4.736" name="/" dev="configfs" ino=1247 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1
[  302.749786][   T29] audit: type=1400 audit(1730768478.039:473): avc:  denied  { search } for  pid=8785 comm="syz.4.736" name="/" dev="configfs" ino=1247 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  302.916201][   T29] audit: type=1400 audit(1730768478.469:474): avc:  denied  { write } for  pid=8785 comm="syz.4.736" name="/" dev="configfs" ino=1247 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  302.927553][   T25] gspca_spca1528: reg_w err -110
[  302.967739][   T29] audit: type=1400 audit(1730768478.499:475): avc:  denied  { add_name } for  pid=8785 comm="syz.4.736" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  303.053242][   T25] spca1528 1-1:0.1: probe with driver spca1528 failed with error -110
[  303.056076][   T29] audit: type=1400 audit(1730768478.499:476): avc:  denied  { create } for  pid=8785 comm="syz.4.736" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:configfs_t tclass=file permissive=1
[  303.081455][    C0] vkms_vblank_simulate: vblank timer overrun
[  304.210829][ T8803] netlink: 56 bytes leftover after parsing attributes in process `syz.4.739'.
[  304.339240][ T8804] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  304.378800][ T8804] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  304.427071][ T5878] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  304.898753][ T5878] usb 2-1: Using ep0 maxpacket: 32
[  304.920923][ T5878] usb 2-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[  304.951841][ T5878] usb 2-1: New USB device found, idVendor=3344, idProduct=22f0, bcdDevice=ef.4d
[  304.976654][ T5878] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  305.101728][ T5878] usb 2-1: Product: syz
[  305.134477][ T5878] usb 2-1: Manufacturer: syz
[  305.179237][ T5878] usb 2-1: SerialNumber: syz
[  306.580146][ T5875] usb 1-1: USB disconnect, device number 3
[  307.664990][ T8828] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.746'.
[  307.704270][ T5878] usb 2-1: selecting invalid altsetting 1
[  307.928850][ T5878] LME2510(C): Firmware Status: 00 00 00 00 00 00
[  307.928951][ T5878] dvb_usb_lmedm04 2-1:2.0: probe with driver dvb_usb_lmedm04 failed with error -22
[  307.977130][ T5878] usb 2-1: USB disconnect, device number 2
[  309.208612][   T29] kauditd_printk_skb: 1 callbacks suppressed
[  309.208635][   T29] audit: type=1400 audit(1730768484.759:478): avc:  denied  { mounton } for  pid=8847 comm="syz.0.754" path="/syzcgroup/unified/syz0" dev="cgroup2" ino=38 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1
[  309.305375][ T8854] netlink: 56 bytes leftover after parsing attributes in process `syz.1.751'.
[  309.849636][ T8849] netlink: 8 bytes leftover after parsing attributes in process `syz.0.754'.
[  309.867482][ T8849] bridge2: entered allmulticast mode
[  310.523555][ T5828] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  310.873538][ T5828] usb 1-1: Using ep0 maxpacket: 8
[  311.657088][ T5828] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  311.666388][ T5828] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  311.849383][ T5828] usb 1-1: Product: syz
[  311.863035][ T5828] usb 1-1: Manufacturer: syz
[  311.867831][ T5828] usb 1-1: SerialNumber: syz
[  311.874659][ T5828] usb 1-1: config 0 descriptor??
[  312.072094][   T29] audit: type=1400 audit(1730768487.579:479): avc:  denied  { mount } for  pid=8883 comm="syz.3.761" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[  312.526386][ T5828] dvb_usb_rtl28xxu 1-1:0.0: chip type detection failed -71
[  312.533751][ T5828] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  312.549634][ T5828] usb 1-1: USB disconnect, device number 4
[  312.679464][   T29] audit: type=1326 audit(1730768488.229:480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8888 comm="syz.3.763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f871f97e719 code=0x7ffc0000
[  312.771059][   T29] audit: type=1326 audit(1730768488.229:481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8888 comm="syz.3.763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f871f97e719 code=0x7ffc0000
[  313.198281][   T29] audit: type=1326 audit(1730768488.249:482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8888 comm="syz.3.763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=119 compat=0 ip=0x7f871f97e719 code=0x7ffc0000
[  313.603624][   T29] audit: type=1326 audit(1730768488.249:483): auid=4294967295 uid=0 gid=60929 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8888 comm="syz.3.763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f871f97e719 code=0x7ffc0000
[  313.686763][   T29] audit: type=1326 audit(1730768488.249:484): auid=4294967295 uid=0 gid=60929 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8888 comm="syz.3.763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f871f97e719 code=0x7ffc0000
[  313.758454][   T29] audit: type=1326 audit(1730768488.259:485): auid=4294967295 uid=0 gid=60929 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8888 comm="syz.3.763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f871f97e719 code=0x7ffc0000
[  313.811051][   T29] audit: type=1326 audit(1730768488.259:486): auid=4294967295 uid=0 gid=60929 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8888 comm="syz.3.763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f871f97e719 code=0x7ffc0000
[  313.844159][   T29] audit: type=1326 audit(1730768488.259:487): auid=4294967295 uid=0 gid=60929 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8888 comm="syz.3.763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f871f97e719 code=0x7ffc0000
[  314.462447][ T8910] netlink: 16 bytes leftover after parsing attributes in process `syz.3.769'.
[  317.145281][ T8941] netlink: 4 bytes leftover after parsing attributes in process `syz.1.778'.
[  317.276349][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[  317.289574][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[  317.834430][ T8948] autofs: Unknown parameter './file1'
[  317.908128][   T29] kauditd_printk_skb: 3 callbacks suppressed
[  317.908145][   T29] audit: type=1326 audit(1730768493.459:491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8949 comm="syz.1.782" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff74357e719 code=0x0
[  317.936910][    C0] vkms_vblank_simulate: vblank timer overrun
[  319.381170][   T29] audit: type=1400 audit(1730768494.929:492): avc:  denied  { map } for  pid=8963 comm="syz.4.784" path="socket:[21600]" dev="sockfs" ino=21600 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  319.492888][ T8965] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5)
[  319.499847][ T8965] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  319.519951][ T8974] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  319.547483][   T29] audit: type=1400 audit(1730768495.099:493): avc:  denied  { read } for  pid=8969 comm="syz.0.785" name="nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  319.585369][ T8965] vhci_hcd vhci_hcd.0: Device attached
[  319.679216][ T8965] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  319.694886][ T8965] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  319.737613][   T29] audit: type=1400 audit(1730768495.099:494): avc:  denied  { open } for  pid=8969 comm="syz.0.785" path="/dev/nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  319.771583][ T8965] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  320.117996][   T29] audit: type=1400 audit(1730768495.239:495): avc:  denied  { ioctl } for  pid=8969 comm="syz.0.785" path="/dev/nvram" dev="devtmpfs" ino=623 ioctlcmd=0x7040 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  320.146551][ T8974] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  320.165391][   T29] audit: type=1400 audit(1730768495.719:496): avc:  denied  { getopt } for  pid=8967 comm="syz.1.786" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  320.173212][ T8965] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  320.233662][ T5878] vhci_hcd: vhci_device speed not set
[  320.250216][ T8965] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  320.261328][ T8965] batadv_slave_0: entered promiscuous mode
[  320.292821][ T8966] vhci_hcd: connection closed
[  320.294567][ T5878] usb 41-1: new full-speed USB device number 2 using vhci_hcd
[  320.308161][ T2123] vhci_hcd: stop threads
[  320.317802][ T2123] vhci_hcd: release socket
[  320.347295][ T2123] vhci_hcd: disconnect device
[  321.641059][ T9000] netlink: 8 bytes leftover after parsing attributes in process `syz.2.791'.
[  322.101715][ T9011] warning: `syz.0.795' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  323.608593][ T9029] rdma_rxe: rxe_newlink: failed to add team_slave_1
[  323.617848][ T9029] netlink: 56 bytes leftover after parsing attributes in process `syz.4.801'.
[  324.723479][ T5875] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  324.797510][ T9034] FAULT_INJECTION: forcing a failure.
[  324.797510][ T9034] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  324.813014][ T9034] CPU: 1 UID: 0 PID: 9034 Comm: syz.4.803 Not tainted 6.12.0-rc6-syzkaller-00005-g557329bcecc2 #0
[  324.823610][ T9034] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  324.833667][ T9034] Call Trace:
[  324.836926][ T9034]  <TASK>
[  324.839842][ T9034]  dump_stack_lvl+0x16c/0x1f0
[  324.844505][ T9034]  should_fail_ex+0x497/0x5b0
[  324.849165][ T9034]  _copy_to_user+0x32/0xd0
[  324.853564][ T9034]  simple_read_from_buffer+0xd0/0x160
[  324.858919][ T9034]  proc_fail_nth_read+0x198/0x270
[  324.863927][ T9034]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  324.869463][ T9034]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  324.874990][ T9034]  vfs_read+0x1df/0xbe0
[  324.879144][ T9034]  ? __fget_files+0x23a/0x3f0
[  324.883803][ T9034]  ? fdget_pos+0x24c/0x360
[  324.888203][ T9034]  ? __pfx_lock_release+0x10/0x10
[  324.893217][ T9034]  ? trace_lock_acquire+0x14a/0x1d0
[  324.898405][ T9034]  ? __pfx_vfs_read+0x10/0x10
[  324.903064][ T9034]  ? __pfx___mutex_lock+0x10/0x10
[  324.908070][ T9034]  ? __fget_files+0x244/0x3f0
[  324.912734][ T9034]  ksys_read+0x12f/0x260
[  324.916976][ T9034]  ? __pfx_ksys_read+0x10/0x10
[  324.921745][ T9034]  do_syscall_64+0xcd/0x250
[  324.926238][ T9034]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  324.932121][ T9034] RIP: 0033:0x7f2ffb57d15c
[  324.936523][ T9034] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48
[  324.956115][ T9034] RSP: 002b:00007f2ffc3a6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  324.964515][ T9034] RAX: ffffffffffffffda RBX: 00007f2ffb735f80 RCX: 00007f2ffb57d15c
[  324.972468][ T9034] RDX: 000000000000000f RSI: 00007f2ffc3a60a0 RDI: 0000000000000003
[  324.980421][ T9034] RBP: 00007f2ffc3a6090 R08: 0000000000000000 R09: 0000000000000000
[  324.988369][ T9034] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  324.996319][ T9034] R13: 0000000000000000 R14: 00007f2ffb735f80 R15: 00007ffc46557cd8
[  325.004341][ T9034]  </TASK>
[  325.007481][    C1] vkms_vblank_simulate: vblank timer overrun
[  325.280785][ T5875] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  325.291882][ T5875] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  325.303496][ T5875] usb 4-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[  325.322833][ T5875] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  325.377759][ T5875] usb 4-1: config 0 descriptor??
[  325.456313][ T5878] vhci_hcd: vhci_device speed not set
[  326.146869][   T29] audit: type=1400 audit(1730768501.669:497): avc:  denied  { watch watch_reads } for  pid=9046 comm="syz.0.807" path="/173/file0" dev="tmpfs" ino=943 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=fifo_file permissive=1
[  326.204115][ T9055] tipc: Invalid UDP bearer configuration
[  326.204153][ T9055] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  326.245713][   T29] audit: type=1400 audit(1730768501.749:498): avc:  denied  { write } for  pid=9054 comm="syz.1.808" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  326.252763][ T9055] syzkaller0: entered allmulticast mode
[  326.314117][ T9055] syz_tun: VLAN not yet supported
[  326.386731][ T9024] kAFS: unparsable volume name
[  326.418331][ T9024] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  326.437476][ T9024] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  327.671841][ T9076] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  329.156462][ T5875] usbhid 4-1:0.0: can't add hid device: -71
[  329.162612][ T5875] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  329.191699][ T9089] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  329.200709][ T9089] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  329.880625][ T5875] usb 4-1: USB disconnect, device number 5
[  331.515029][ T9113] rdma_rxe: rxe_newlink: failed to add team_slave_1
[  331.522854][ T9113] netlink: 56 bytes leftover after parsing attributes in process `syz.3.817'.
[  332.282556][ T9117] FAULT_INJECTION: forcing a failure.
[  332.282556][ T9117] name failslab, interval 1, probability 0, space 0, times 0
[  332.393874][ T9117] CPU: 1 UID: 0 PID: 9117 Comm: syz.0.818 Not tainted 6.12.0-rc6-syzkaller-00005-g557329bcecc2 #0
[  332.404509][ T9117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  332.414579][ T9117] Call Trace:
[  332.417877][ T9117]  <TASK>
[  332.420820][ T9117]  dump_stack_lvl+0x16c/0x1f0
[  332.425524][ T9117]  should_fail_ex+0x497/0x5b0
[  332.430234][ T9117]  should_failslab+0xc2/0x120
[  332.434935][ T9117]  kmem_cache_alloc_noprof+0x6e/0x2f0
[  332.440327][ T9117]  ? nf_hook+0x3bf/0x6d0
[  332.444588][ T9117]  ? dst_alloc+0x99/0x1a0
[  332.448942][ T9117]  dst_alloc+0x99/0x1a0
[  332.453126][ T9117]  ? __copy_skb_header+0x1de/0x5a0
[  332.458262][ T9117]  rt_dst_clone+0x5a/0x860
[  332.462705][ T9117]  ip_mc_finish_output+0xaf/0x620
[  332.467756][ T9117]  ip_mc_output+0x5e1/0x6a0
[  332.472288][ T9117]  ? __pfx_ip_mc_output+0x10/0x10
[  332.477342][ T9117]  ip_send_skb+0x326/0x560
[  332.481778][ T9117]  udp_send_skb+0x6f1/0x1510
[  332.486369][ T9117]  udp_sendmsg+0x142e/0x2b70
[  332.490949][ T9117]  ? trace_lock_acquire+0x14a/0x1d0
[  332.496149][ T9117]  ? lockdep_hardirqs_on+0x7c/0x110
[  332.501341][ T9117]  ? lock_acquire+0x2f/0xb0
[  332.505825][ T9117]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  332.511360][ T9117]  ? __pfx_udp_sendmsg+0x10/0x10
[  332.516291][ T9117]  ? __pfx_avc_has_perm+0x10/0x10
[  332.521310][ T9117]  ? sock_has_perm+0x25d/0x2f0
[  332.526065][ T9117]  ? __pfx_sock_has_perm+0x10/0x10
[  332.531171][ T9117]  ? __pfx_udp_sendmsg+0x10/0x10
[  332.536099][ T9117]  ? inet_sendmsg+0x105/0x140
[  332.541317][ T9117]  inet_sendmsg+0x105/0x140
[  332.545823][ T9117]  ____sys_sendmsg+0x98c/0xc90
[  332.550583][ T9117]  ? copy_msghdr_from_user+0x10b/0x160
[  332.556048][ T9117]  ? __pfx_____sys_sendmsg+0x10/0x10
[  332.561330][ T9117]  ? __pfx___lock_acquire+0x10/0x10
[  332.566514][ T9117]  ___sys_sendmsg+0x135/0x1e0
[  332.571179][ T9117]  ? __pfx____sys_sendmsg+0x10/0x10
[  332.576458][ T9117]  ? lock_acquire+0x2f/0xb0
[  332.580954][ T9117]  ? __fget_files+0x40/0x3f0
[  332.585551][ T9117]  ? fdget+0x176/0x210
[  332.589628][ T9117]  __sys_sendmmsg+0x1a1/0x450
[  332.594294][ T9117]  ? __pfx___sys_sendmmsg+0x10/0x10
[  332.599476][ T9117]  ? __schedule+0xe5d/0x5740
[  332.604063][ T9117]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  332.610037][ T9117]  ? fput+0x30/0x390
[  332.613950][ T9117]  ? ksys_write+0x1ad/0x260
[  332.618444][ T9117]  __x64_sys_sendmmsg+0x9c/0x100
[  332.623369][ T9117]  ? lockdep_hardirqs_on+0x7c/0x110
[  332.628559][ T9117]  do_syscall_64+0xcd/0x250
[  332.633046][ T9117]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  332.638927][ T9117] RIP: 0033:0x7f4f9457e719
[  332.643323][ T9117] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  332.662917][ T9117] RSP: 002b:00007f4f952c3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  332.671324][ T9117] RAX: ffffffffffffffda RBX: 00007f4f94735f80 RCX: 00007f4f9457e719
[  332.679283][ T9117] RDX: 0000000000000001 RSI: 0000000020007180 RDI: 0000000000000003
[  332.687239][ T9117] RBP: 00007f4f952c3090 R08: 0000000000000000 R09: 0000000000000000
[  332.695221][ T9117] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  332.703195][ T9117] R13: 0000000000000000 R14: 00007f4f94735f80 R15: 00007fff170b2d28
[  332.711167][ T9117]  </TASK>
[  334.386313][ T9150] sg_write: data in/out 25/70 bytes for SCSI command 0x5-- guessing data in;
[  334.386313][ T9150]    program syz.3.826 not setting count and/or reply_len properly
[  336.810692][ T9175] syz2: rxe_newlink: already configured on team_slave_1
[  336.819650][ T9175] netlink: 56 bytes leftover after parsing attributes in process `syz.2.831'.
[  338.713128][   T29] audit: type=1400 audit(1730768514.259:499): avc:  denied  { append } for  pid=9189 comm="syz.0.835" name="dlm-control" dev="devtmpfs" ino=94 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  338.832162][   T29] audit: type=1400 audit(1730768514.349:500): avc:  denied  { execute } for  pid=9189 comm="syz.0.835" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=21239 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[  338.884607][   T29] audit: type=1400 audit(1730768514.429:501): avc:  denied  { read } for  pid=9185 comm="syz.3.834" name="cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1
[  338.908642][   T29] audit: type=1400 audit(1730768514.429:502): avc:  denied  { open } for  pid=9185 comm="syz.3.834" path="/dev/cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1
[  339.583523][  T965] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  339.733583][  T965] usb 1-1: Using ep0 maxpacket: 8
[  339.748601][  T965] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  340.277380][  T965] usb 1-1: config 0 has no interface number 0
[  340.313593][  T965] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  340.324721][  T965] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  340.361109][  T965] usb 1-1: New USB device found, idVendor=0af0, idProduct=6751, bcdDevice=75.8b
[  340.376137][  T965] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  340.380530][ T9212] sg_write: data in/out 25/70 bytes for SCSI command 0x5-- guessing data in;
[  340.380530][ T9212]    program syz.2.840 not setting count and/or reply_len properly
[  340.387256][  T965] usb 1-1: config 0 descriptor??
[  340.411529][  T965] hso 1-1:0.1: Failed to find BULK IN ep
[  340.684133][  T965] usb 1-1: USB disconnect, device number 5
[  341.621996][ T9221] netlink: 8 bytes leftover after parsing attributes in process `syz.1.845'.
[  343.740443][ T9258] sg_write: data in/out 25/70 bytes for SCSI command 0x5-- guessing data in;
[  343.740443][ T9258]    program syz.3.854 not setting count and/or reply_len properly
[  345.848595][   T29] audit: type=1400 audit(1730768521.349:503): avc:  denied  { module_request } for  pid=9279 comm="syz.4.862" kmod="netdev-wlan0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  347.848041][ T9330] rdma_rxe: rxe_newlink: failed to add team_slave_1
[  347.855367][ T9330] netlink: 56 bytes leftover after parsing attributes in process `syz.3.872'.
[  351.752142][ T9357] FAULT_INJECTION: forcing a failure.
[  351.752142][ T9357] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  351.777434][ T9357] CPU: 0 UID: 0 PID: 9357 Comm: syz.3.879 Not tainted 6.12.0-rc6-syzkaller-00005-g557329bcecc2 #0
[  351.788069][ T9357] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  351.798131][ T9357] Call Trace:
[  351.801399][ T9357]  <TASK>
[  351.804316][ T9357]  dump_stack_lvl+0x16c/0x1f0
[  351.809001][ T9357]  should_fail_ex+0x497/0x5b0
[  351.813682][ T9357]  _copy_from_user+0x2e/0xd0
[  351.818271][ T9357]  copy_msghdr_from_user+0x99/0x160
[  351.823462][ T9357]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  351.829268][ T9357]  ? __pfx___lock_acquire+0x10/0x10
[  351.834488][ T9357]  ___sys_sendmsg+0xff/0x1e0
[  351.839095][ T9357]  ? __pfx____sys_sendmsg+0x10/0x10
[  351.844287][ T9357]  ? lock_acquire+0x2f/0xb0
[  351.848779][ T9357]  ? __fget_files+0x40/0x3f0
[  351.853373][ T9357]  ? fdget+0x176/0x210
[  351.857437][ T9357]  __sys_sendmsg+0x117/0x1f0
[  351.862064][ T9357]  ? __pfx___sys_sendmsg+0x10/0x10
[  351.867176][ T9357]  ? __fget_files+0x244/0x3f0
[  351.871855][ T9357]  do_syscall_64+0xcd/0x250
[  351.876358][ T9357]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  351.882246][ T9357] RIP: 0033:0x7f871f97e719
[  351.886645][ T9357] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  351.906239][ T9357] RSP: 002b:00007f87207b7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  351.914646][ T9357] RAX: ffffffffffffffda RBX: 00007f871fb35f80 RCX: 00007f871f97e719
[  351.922620][ T9357] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003
[  351.930578][ T9357] RBP: 00007f87207b7090 R08: 0000000000000000 R09: 0000000000000000
[  351.938540][ T9357] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  351.946505][ T9357] R13: 0000000000000000 R14: 00007f871fb35f80 R15: 00007ffd78d5d9f8
[  351.954483][ T9357]  </TASK>
[  352.158030][   T29] audit: type=1400 audit(1730768527.709:504): avc:  denied  { write } for  pid=9359 comm="syz.4.881" path="socket:[22684]" dev="sockfs" ino=22684 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  352.423820][   T29] audit: type=1400 audit(1730768527.969:505): avc:  denied  { create } for  pid=9359 comm="syz.4.881" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  352.443514][   T29] audit: type=1400 audit(1730768527.969:506): avc:  denied  { setopt } for  pid=9359 comm="syz.4.881" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  352.770827][ T9378] sg_write: data in/out 25/70 bytes for SCSI command 0x5-- guessing data in;
[  352.770827][ T9378]    program syz.4.885 not setting count and/or reply_len properly
[  353.090317][ T9384] syz2: rxe_newlink: already configured on team_slave_1
[  353.099072][ T9384] netlink: 56 bytes leftover after parsing attributes in process `syz.2.886'.
[  353.903566][ T5875] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  354.164596][ T5875] usb 5-1: Using ep0 maxpacket: 8
[  354.299427][ T5875] usb 5-1: config 2 has an invalid interface number: 181 but max is 3
[  354.446131][ T5875] usb 5-1: config 2 has an invalid interface number: 86 but max is 3
[  354.531895][ T5875] usb 5-1: config 2 has an invalid interface number: 7 but max is 3
[  354.652579][ T5875] usb 5-1: config 2 has an invalid interface number: 107 but max is 3
[  354.663633][ T5875] usb 5-1: config 2 has an invalid interface number: 212 but max is 3
[  354.673119][ T5875] usb 5-1: config 2 has an invalid descriptor of length 235, skipping remainder of the config
[  354.718272][ T5875] usb 5-1: config 2 has 5 interfaces, different from the descriptor's value: 4
[  354.727877][ T5875] usb 5-1: config 2 has no interface number 0
[  354.735091][ T5875] usb 5-1: config 2 has no interface number 1
[  354.783850][ T5875] usb 5-1: config 2 has no interface number 2
[  354.790136][ T5875] usb 5-1: config 2 has no interface number 3
[  354.796502][ T5875] usb 5-1: config 2 has no interface number 4
[  354.984049][ T5875] usb 5-1: config 2 interface 181 altsetting 9 endpoint 0x7 has invalid maxpacket 1024, setting to 64
[  354.995435][ T5875] usb 5-1: config 2 interface 181 altsetting 9 endpoint 0x3 has invalid maxpacket 1024, setting to 64
[  355.006825][ T5875] usb 5-1: config 2 interface 181 altsetting 9 has a duplicate endpoint with address 0x7, skipping
[  355.017946][ T5875] usb 5-1: config 2 interface 181 altsetting 9 has a duplicate endpoint with address 0x6, skipping
[  355.029029][ T5875] usb 5-1: config 2 interface 181 altsetting 9 has 5 endpoint descriptors, different from the interface descriptor's value: 6
[  355.042476][ T5875] usb 5-1: too many endpoints for config 2 interface 86 altsetting 56: 100, using maximum allowed: 30
[  355.054094][ T5875] usb 5-1: config 2 interface 86 altsetting 56 has 1 endpoint descriptor, different from the interface descriptor's value: 100
[  355.067772][ T5875] usb 5-1: config 2 interface 7 altsetting 255 has a duplicate endpoint with address 0x3, skipping
[  355.079380][ T5875] usb 5-1: config 2 interface 212 altsetting 0 has a duplicate endpoint with address 0x6, skipping
[  355.090532][ T5875] usb 5-1: config 2 interface 212 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  355.103863][ T5875] usb 5-1: config 2 interface 181 has no altsetting 0
[  355.110937][ T5875] usb 5-1: config 2 interface 86 has no altsetting 0
[  355.118015][ T5875] usb 5-1: config 2 interface 7 has no altsetting 0
[  355.124909][ T5875] usb 5-1: config 2 interface 107 has no altsetting 0
[  355.183458][ T5875] usb 5-1: Dual-Role OTG device on HNP port
[  355.192217][ T5875] usb 5-1: New USB device found, idVendor=1a8d, idProduct=1008, bcdDevice=68.e4
[  355.223197][ T5875] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  355.241981][ T5875] usb 5-1: Product: 敧闸虵漊ꇗ뀳꿥뎟傃ᕟޣ莌궺烰泵나伶￈㎯㴓↘ᰯ욪즲⽸痦軂ዮ劽꿪
[  355.273240][   T29] audit: type=1400 audit(1730768530.819:507): avc:  denied  { ioctl } for  pid=9400 comm="syz.2.892" path="socket:[22820]" dev="sockfs" ino=22820 ioctlcmd=0x89e3 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  355.645989][ T5875] usb 5-1: Manufacturer: ꐽ覮᱔ꄋ櫑캩裃㡀땢ኵꏴ裤英⭢櫇黃鸥匧葰쮻뜻ᦏꊤ奣ͫ簉豤㼓昔샵캒筽ᱍꆠ㈮鳲ꙿ૪夎왎鮴耊ᱬ辰睞惺ȷ㩘ᥜ᥯蛗邒⧮淕䇘薸軸ꯧ㊱旅⎘靽ﰘ嬊뉝肄듋켠膕ѣ꫋⬼앷낵墌ᷔ筐夆螊煭鸖
[  355.674038][ T5875] usb 5-1: SerialNumber: 孬⎖㊵捱됽裝距⾡ꑴ侺슐㵩ꥳㆇ눙৅뛭卜ᙯ収Ჾ뼹郺才驫뛖콵蕲ﴍ 㦌὞婔惷㘻䤒⥻ꍌ┟苒醳踂坮햤Ꚗ祈ᬺ缵䁉졓梦
[  356.559256][ T5875] option 5-1:2.181: GSM modem (1-port) converter detected
[  356.741740][ T5875] option 5-1:2.212: GSM modem (1-port) converter detected
[  356.794154][ T5875] usb 5-1: USB disconnect, device number 6
[  356.821998][ T5875] option 5-1:2.181: device disconnected
[  356.832278][ T5875] option 5-1:2.212: device disconnected
[  356.899393][ T9406] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  356.993099][ T9424] sg_write: data in/out 25/70 bytes for SCSI command 0x5-- guessing data in;
[  356.993099][ T9424]    program syz.3.897 not setting count and/or reply_len properly
[  357.955735][   T25] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  358.334478][ T9445] netlink: 'syz.3.904': attribute type 10 has an invalid length.
[  358.374568][   T25] usb 1-1: config 0 has an invalid interface number: 69 but max is 0
[  358.382706][   T25] usb 1-1: config 0 has no interface number 0
[  358.401108][   T25] usb 1-1: config 0 interface 69 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 1023
[  358.701800][   T25] usb 1-1: config 0 interface 69 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  358.957082][   T25] usb 1-1: New USB device found, idVendor=0c4b, idProduct=0100, bcdDevice=d7.ca
[  359.060008][   T25] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  359.108331][   T25] usb 1-1: Product: syz
[  359.112558][   T25] usb 1-1: Manufacturer: syz
[  359.121999][   T25] usb 1-1: SerialNumber: syz
[  359.130107][   T25] usb 1-1: config 0 descriptor??
[  359.140853][ T9433] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  359.312717][   T25] cyberjack 1-1:0.69: Reiner SCT Cyberjack USB card reader converter detected
[  359.610376][   T25] usb 1-1: Reiner SCT Cyberjack USB card reader converter now attached to ttyUSB0
[  360.046247][ T9474] sg_write: data in/out 25/70 bytes for SCSI command 0x5-- guessing data in;
[  360.046247][ T9474]    program syz.4.914 not setting count and/or reply_len properly
[  360.234036][   T25] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  360.413683][   T25] usb 3-1: Using ep0 maxpacket: 16
[  360.423868][   T25] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  360.440466][   T25] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  360.449764][   T25] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  360.483469][   T25] usb 3-1: Product: syz
[  360.496744][   T25] usb 3-1: Manufacturer: syz
[  360.515892][   T25] usb 3-1: SerialNumber: syz
[  360.553323][   T25] usb 3-1: config 0 descriptor??
[  360.583769][   T25] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  360.595427][   T25] em28xx 3-1:0.0: DVB interface 0 found: bulk
[  361.293339][   T25] em28xx 3-1:0.0: unknown em28xx chip ID (0)
[  362.379952][ T9471] loop8: detected capacity change from 0 to 16384
[  362.391669][   T29] audit: type=1400 audit(1730768537.929:508): avc:  denied  { append } for  pid=9470 comm="syz.2.913" name="loop8" dev="devtmpfs" ino=655 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  362.449552][ T9471] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  362.481111][ T9471] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  363.318151][   T25] em28xx 3-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  363.331664][   T25] em28xx 3-1:0.0: board has no eeprom
[  363.340850][ T5828] usb 1-1: USB disconnect, device number 6
[  363.485862][ T5828] cyberjack ttyUSB0: Reiner SCT Cyberjack USB card reader converter now disconnected from ttyUSB0
[  363.501216][ T5828] cyberjack 1-1:0.69: device disconnected
[  363.784198][   T25] em28xx 3-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  363.815457][   T25] em28xx 3-1:0.0: dvb set to bulk mode.
[  363.821976][ T5920] em28xx 3-1:0.0: Binding DVB extension
[  363.842778][   T25] usb 3-1: USB disconnect, device number 8
[  364.088571][ T9512] rdma_rxe: rxe_newlink: failed to add team_slave_1
[  364.096443][ T9512] netlink: 56 bytes leftover after parsing attributes in process `syz.4.922'.
[  364.121770][   T25] em28xx 3-1:0.0: Disconnecting em28xx
[  365.261352][ T5920] em28xx 3-1:0.0: Registering input extension
[  365.355057][   T25] em28xx 3-1:0.0: Closing input extension
[  365.385841][   T29] audit: type=1400 audit(1730768540.939:509): avc:  denied  { getopt } for  pid=9517 comm="syz.0.926" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  365.442554][   T25] em28xx 3-1:0.0: Freeing device
[  367.154896][ T9534] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  368.394566][ T5920] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  368.409356][ T5920] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  368.426707][ T5920] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  368.450079][ T5920] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  368.489207][ T5920] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  368.526834][   T29] audit: type=1400 audit(1730768544.079:510): avc:  denied  { ioctl } for  pid=9566 comm="syz.2.937" path="/dev/uhid" dev="devtmpfs" ino=1273 ioctlcmd=0x6609 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  368.555121][ T5920] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  368.596506][ T5920] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  369.169416][ T5920] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  369.203081][ T5920] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  369.218306][ T5920] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  369.230311][ T5920] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  369.415780][   T29] audit: type=1400 audit(1730768544.939:511): avc:  denied  { remount } for  pid=9586 comm="syz.1.940" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  369.464316][ T5920] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  369.662716][ T5920] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  369.670348][ T5920] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  369.688926][ T5920] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  369.703760][ T5920] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  369.741692][ T5920] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  369.779479][ T5920] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  369.921668][ T5920] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  369.935188][ T5920] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  369.942753][ T5920] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  369.953570][ T5920] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  369.961157][ T5920] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  370.523544][ T5920] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  370.535465][ T5920] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  370.545567][ T5920] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  370.553720][ T5920] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  370.571597][ T5920] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  370.585347][ T5920] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  370.629384][ T5920] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  370.643559][ T5920] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  370.660559][ T5920] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  370.672772][ T5920] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  370.680854][ T5920] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  370.720265][ T5920] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  370.751725][ T5920] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  370.929690][ T5920] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  370.937752][ T5920] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  370.945774][ T5920] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  370.953198][ T5920] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  370.960711][ T5920] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  370.968211][ T5920] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  370.975741][ T5920] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  370.988561][ T5920] hid-generic 0000:0000:0000.0004: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[  374.077961][ T9629] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR
[  374.118212][ T9630] libceph: resolve '
[  374.118212][ T9630] -&���f�Y�ǝ�a���2i�
[  374.118212][ T9630] .���?��&�*��&' (ret=-3): failed
[  374.260944][ T9625] capability: warning: `syz.1.951' uses 32-bit capabilities (legacy support in use)
[  375.803568][   T29] audit: type=1400 audit(1730768551.269:512): avc:  denied  { mount } for  pid=9639 comm="syz.3.956" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  375.812011][  T965] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  376.468780][   T29] audit: type=1804 audit(1730768552.019:513): pid=9650 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.0.957" name="/newroot/205/file0/bus" dev="ramfs" ino=24769 res=1 errno=0
[  376.871377][   T29] audit: type=1800 audit(1730768552.369:514): pid=9650 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.0.957" name="bus" dev="ramfs" ino=24769 res=0 errno=0
[  377.893672][ T9667] syz2: rxe_newlink: already configured on team_slave_1
[  377.901366][ T9667] netlink: 56 bytes leftover after parsing attributes in process `syz.2.962'.
[  378.665461][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[  379.012323][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[  381.613604][ T9713] syz2: rxe_newlink: already configured on team_slave_1
[  381.622254][ T9713] netlink: 56 bytes leftover after parsing attributes in process `syz.2.975'.
[  384.949765][   T29] audit: type=1400 audit(1730768560.499:515): avc:  denied  { ioctl } for  pid=9748 comm="syz.2.983" path="socket:[24257]" dev="sockfs" ino=24257 ioctlcmd=0x8983 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  385.776672][    T8] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  386.009663][    T8] usb 3-1: Using ep0 maxpacket: 8
[  386.039099][ T9761] tipc: Started in network mode
[  386.044827][ T9761] tipc: Node identity bee885119fae, cluster identity 4711
[  386.053470][ T9761] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  386.061886][    T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  386.073307][    T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  386.083165][    T8] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  386.096152][    T8] usb 3-1: New USB device found, idVendor=04d8, idProduct=c002, bcdDevice= 0.00
[  386.105452][    T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  386.115758][    T8] usb 3-1: config 0 descriptor??
[  386.126936][ T9760] tipc: Disabling bearer <eth:syzkaller0>
[  386.347854][   T29] audit: type=1400 audit(1730768561.899:516): avc:  denied  { bind } for  pid=9748 comm="syz.2.983" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  386.455981][ T9772] FAULT_INJECTION: forcing a failure.
[  386.455981][ T9772] name failslab, interval 1, probability 0, space 0, times 0
[  386.509604][ T9772] CPU: 1 UID: 0 PID: 9772 Comm: syz.1.989 Not tainted 6.12.0-rc6-syzkaller-00005-g557329bcecc2 #0
[  386.520250][ T9772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  386.530303][ T9772] Call Trace:
[  386.533582][ T9772]  <TASK>
[  386.536502][ T9772]  dump_stack_lvl+0x16c/0x1f0
[  386.541181][ T9772]  should_fail_ex+0x497/0x5b0
[  386.545851][ T9772]  ? fs_reclaim_acquire+0xae/0x150
[  386.550961][ T9772]  should_failslab+0xc2/0x120
[  386.555640][ T9772]  kmem_cache_alloc_noprof+0x6e/0x2f0
[  386.561009][ T9772]  ? getname_flags.part.0+0x4c/0x550
[  386.566292][ T9772]  getname_flags.part.0+0x4c/0x550
[  386.571402][ T9772]  getname_flags+0x93/0xf0
[  386.575819][ T9772]  __x64_sys_rename+0x58/0xa0
[  386.580498][ T9772]  do_syscall_64+0xcd/0x250
[  386.585001][ T9772]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  386.590893][ T9772] RIP: 0033:0x7ff74357e719
[  386.595299][ T9772] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  386.614902][ T9772] RSP: 002b:00007ff7419f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000052
[  386.623305][ T9772] RAX: ffffffffffffffda RBX: 00007ff743736130 RCX: 00007ff74357e719
[  386.631265][ T9772] RDX: 0000000000000000 RSI: 0000000020000800 RDI: 00000000200001c0
[  386.639227][ T9772] RBP: 00007ff7419f6090 R08: 0000000000000000 R09: 0000000000000000
[  386.647193][ T9772] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  386.655166][ T9772] R13: 0000000000000000 R14: 00007ff743736130 R15: 00007ffcf3c8dbe8
[  386.663157][ T9772]  </TASK>
[  387.133445][    T8] usbhid 3-1:0.0: can't add hid device: -71
[  387.294523][    T8] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  387.350426][    T8] usb 3-1: USB disconnect, device number 9
[  390.984606][ T9812] IPv6: sit1: Disabled Multicast RS
[  390.990335][ T9812] sit1: entered allmulticast mode
[  393.769792][ T9861] rdma_rxe: rxe_newlink: failed to add team_slave_1
[  393.778941][ T9861] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1014'.
[  395.225502][ T9875] dccp_invalid_packet: pskb_may_pull failed
[  395.943829][ T5878] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  396.128343][ T5878] usb 2-1: Using ep0 maxpacket: 32
[  396.137379][ T5878] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  396.153845][ T5878] usb 2-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  396.163277][ T5878] usb 2-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  396.173564][ T5878] usb 2-1: Product: syz
[  396.177831][ T5878] usb 2-1: Manufacturer: syz
[  396.182501][ T5878] usb 2-1: SerialNumber: syz
[  396.189192][ T5878] usb 2-1: config 0 descriptor??
[  396.197067][ T9872] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  396.412802][   T29] audit: type=1400 audit(1730768571.959:517): avc:  denied  { read } for  pid=9871 comm="syz.1.1017" name="rtc0" dev="devtmpfs" ino=921 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  396.444591][   T29] audit: type=1400 audit(1730768571.979:518): avc:  denied  { ioctl } for  pid=9871 comm="syz.1.1017" path="/dev/rtc0" dev="devtmpfs" ino=921 ioctlcmd=0x7003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  396.558032][ T5878] usb 2-1: USB disconnect, device number 4
[  398.572817][ T9915] dccp_invalid_packet: pskb_may_pull failed
[  399.023522][ T9903] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(10)
[  399.030157][ T9903] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  399.038128][ T9903] vhci_hcd vhci_hcd.0: Device attached
[  399.038383][ T9904] vhci_hcd: connection closed
[  399.047545][   T52] vhci_hcd: stop threads
[  399.073478][   T52] vhci_hcd: release socket
[  399.085506][   T52] vhci_hcd: disconnect device
[  400.005002][ T9939] IPVS: set_ctl: invalid protocol: 0 255.255.255.255:20000
[  400.062442][ T9941] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1035'.
[  400.082696][ T9941] lo: entered promiscuous mode
[  400.111236][ T9941] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  402.685548][ T9959] netlink: 228 bytes leftover after parsing attributes in process `syz.1.1041'.
[  402.695057][ T9959] netlink: 228 bytes leftover after parsing attributes in process `syz.1.1041'.
[  403.070606][ T9968] dccp_invalid_packet: pskb_may_pull failed
[  403.169144][   T52] bridge0: port 2(bridge_slave_1) entered disabled state
[  404.798242][ T9980] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  406.688415][T10011] FAULT_INJECTION: forcing a failure.
[  406.688415][T10011] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  406.701660][T10011] CPU: 1 UID: 0 PID: 10011 Comm: syz.2.1054 Not tainted 6.12.0-rc6-syzkaller-00005-g557329bcecc2 #0
[  406.712436][T10011] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  406.722495][T10011] Call Trace:
[  406.725837][T10011]  <TASK>
[  406.728774][T10011]  dump_stack_lvl+0x16c/0x1f0
[  406.733460][T10011]  should_fail_ex+0x497/0x5b0
[  406.738156][T10011]  _copy_from_iter+0x2a1/0x1560
[  406.743018][T10011]  ? lockdep_hardirqs_on+0x7c/0x110
[  406.748233][T10011]  ? __pfx__copy_from_iter+0x10/0x10
[  406.753524][T10011]  ? __virt_addr_valid+0x1a4/0x590
[  406.758669][T10011]  ? __virt_addr_valid+0x5e/0x590
[  406.763702][T10011]  ? __phys_addr_symbol+0x30/0x80
[  406.768735][T10011]  ? __check_object_size+0x488/0x710
[  406.774045][T10011]  hci_sock_sendmsg+0x46d/0x25e0
[  406.779022][T10011]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[  406.784395][T10011]  sock_write_iter+0x4fe/0x5b0
[  406.789156][T10011]  ? __pfx_sock_write_iter+0x10/0x10
[  406.794442][T10011]  ? bpf_lsm_file_permission+0x9/0x10
[  406.799822][T10011]  ? security_file_permission+0x71/0x210
[  406.805448][T10011]  vfs_write+0x5ae/0x1150
[  406.809776][T10011]  ? __pfx_sock_write_iter+0x10/0x10
[  406.815058][T10011]  ? __pfx_vfs_write+0x10/0x10
[  406.819816][T10011]  ? __rcu_read_unlock+0x2b4/0x580
[  406.824933][T10011]  ksys_write+0x1fa/0x260
[  406.829254][T10011]  ? __pfx_ksys_write+0x10/0x10
[  406.834102][T10011]  do_syscall_64+0xcd/0x250
[  406.838594][T10011]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  406.844498][T10011] RIP: 0033:0x7fe0b237e719
[  406.848897][T10011] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  406.868496][T10011] RSP: 002b:00007fe0b31f0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  406.876898][T10011] RAX: ffffffffffffffda RBX: 00007fe0b2536130 RCX: 00007fe0b237e719
[  406.884879][T10011] RDX: 000000000000000d RSI: 0000000020000000 RDI: 000000000000000a
[  406.892853][T10011] RBP: 00007fe0b31f0090 R08: 0000000000000000 R09: 0000000000000000
[  406.900822][T10011] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  406.908792][T10011] R13: 0000000000000000 R14: 00007fe0b2536130 R15: 00007ffc4625ddb8
[  406.916767][T10011]  </TASK>
[  407.010599][   T29] audit: type=1400 audit(1730768582.489:519): avc:  denied  { read } for  pid=10012 comm="syz.4.1055" dev="sockfs" ino=26626 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  407.053102][T10010] FAULT_INJECTION: forcing a failure.
[  407.053102][T10010] name failslab, interval 1, probability 0, space 0, times 0
[  407.093246][T10010] CPU: 1 UID: 0 PID: 10010 Comm: syz.1.1043 Not tainted 6.12.0-rc6-syzkaller-00005-g557329bcecc2 #0
[  407.105543][T10010] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  407.115615][T10010] Call Trace:
[  407.118907][T10010]  <TASK>
[  407.121841][T10010]  dump_stack_lvl+0x16c/0x1f0
[  407.126540][T10010]  should_fail_ex+0x497/0x5b0
[  407.131227][T10010]  ? __pfx_xa_load+0x10/0x10
[  407.135829][T10010]  should_failslab+0xc2/0x120
[  407.140530][T10010]  __kmalloc_noprof+0xcb/0x400
[  407.145306][T10010]  ? find_held_lock+0x2d/0x110
[  407.150085][T10010]  memcg_list_lru_alloc+0x24d/0xa90
[  407.155310][T10010]  ? __pfx_lock_release+0x10/0x10
[  407.160355][T10010]  ? trace_lock_acquire+0x14a/0x1d0
[  407.165596][T10010]  ? __pfx_memcg_list_lru_alloc+0x10/0x10
[  407.171347][T10010]  ? get_mem_cgroup_from_objcg+0x14c/0x620
[  407.177189][T10010]  zswap_store+0x5e8/0x1fe0
[  407.181725][T10010]  ? swap_swapcount+0x18e/0x220
[  407.186602][T10010]  ? __pfx_zswap_store+0x10/0x10
[  407.191553][T10010]  ? _raw_spin_unlock+0x28/0x50
[  407.196422][T10010]  ? swap_swapcount+0x13c/0x220
[  407.201286][T10010]  ? __pfx_swap_swapcount+0x10/0x10
[  407.206498][T10010]  ? const_folio_flags.constprop.0+0x56/0x150
[  407.212571][T10010]  ? swp_swap_info+0xcf/0x130
[  407.217257][T10010]  ? __pfx_swp_swap_info+0x10/0x10
[  407.222384][T10010]  swap_writepage+0x3b6/0x990
[  407.227079][T10010]  pageout+0x3b2/0xaa0
[  407.231161][T10010]  ? __pfx_pageout+0x10/0x10
[  407.235785][T10010]  ? __pfx_try_to_unmap_one+0x10/0x10
[  407.241159][T10010]  ? __pfx_folio_not_mapped+0x10/0x10
[  407.243900][T10016] dccp_invalid_packet: pskb_may_pull failed
[  407.246525][T10010]  ? __pfx_folio_lock_anon_vma_read+0x10/0x10
[  407.258651][T10010]  ? folio_mark_dirty+0xd8/0x150
[  407.263610][T10010]  shrink_folio_list+0x3025/0x42d0
[  407.268754][T10010]  ? __pfx_shrink_folio_list+0x10/0x10
[  407.274240][T10010]  ? __lock_acquire+0x163e/0x3ce0
[  407.279277][T10010]  ? hlock_class+0x4e/0x130
[  407.283794][T10010]  ? hlock_class+0x4e/0x130
[  407.288307][T10010]  ? mark_lock+0xb5/0xc60
[  407.292641][T10010]  ? __pfx_mark_lock+0x10/0x10
[  407.297417][T10010]  ? __pfx___lock_acquire+0x10/0x10
[  407.302632][T10010]  ? __pfx_mark_lock+0x10/0x10
[  407.307434][T10010]  ? __lock_acquire+0x163e/0x3ce0
[  407.312487][T10010]  reclaim_folio_list+0xd8/0x3a0
[  407.317456][T10010]  ? __pfx___lock_acquire+0x10/0x10
[  407.322684][T10010]  ? __pfx_reclaim_folio_list+0x10/0x10
[  407.328258][T10010]  ? rcu_is_watching+0x12/0xc0
[  407.333042][T10010]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  407.338436][T10010]  ? find_held_lock+0x2d/0x110
[  407.343306][T10010]  ? find_held_lock+0x2d/0x110
[  407.348091][T10010]  reclaim_pages+0x481/0x650
[  407.352702][T10010]  ? __pfx_reclaim_pages+0x10/0x10
[  407.357825][T10010]  ? __pfx___might_resched+0x10/0x10
[  407.363132][T10010]  madvise_cold_or_pageout_pte_range+0x13ae/0x20d0
[  407.369660][T10010]  ? __pfx_madvise_cold_or_pageout_pte_range+0x10/0x10
[  407.376538][T10010]  ? __pfx_madvise_cold_or_pageout_pte_range+0x10/0x10
[  407.383409][T10010]  walk_pgd_range+0xb8e/0x18d0
[  407.388197][T10010]  ? mt_find+0x4c8/0xa20
[  407.392451][T10010]  ? __pfx_mt_find+0x10/0x10
[  407.397053][T10010]  ? __lock_acquire+0x163e/0x3ce0
[  407.402089][T10010]  ? __pfx_walk_pgd_range+0x10/0x10
[  407.407313][T10010]  __walk_page_range+0x637/0x770
[  407.412271][T10010]  ? find_vma+0xc0/0x140
[  407.416525][T10010]  ? __pfx_find_vma+0x10/0x10
[  407.417955][T10018] netlink: 'syz.3.1057': attribute type 3 has an invalid length.
[  407.421202][T10010]  ? walk_page_test+0x9b/0x180
[  407.421236][T10010]  walk_page_range+0x55a/0x940
[  407.438445][T10010]  ? __pfx_walk_page_range+0x10/0x10
[  407.443763][T10010]  madvise_pageout+0x326/0x820
[  407.448553][T10010]  ? __pfx_madvise_pageout+0x10/0x10
[  407.453878][T10010]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  407.459801][T10010]  madvise_vma_behavior+0x58c/0x19e0
[  407.465115][T10010]  ? __pfx_madvise_vma_behavior+0x10/0x10
[  407.470862][T10010]  ? find_vma_prev+0xdb/0x160
[  407.475549][T10010]  ? __pfx_find_vma_prev+0x10/0x10
[  407.480680][T10010]  ? __pfx_rwsem_read_trylock+0x10/0x10
[  407.486240][T10010]  ? do_madvise+0x3cd/0x700
[  407.490734][T10010]  ? __pfx_madvise_vma_behavior+0x10/0x10
[  407.496442][T10010]  madvise_walk_vmas+0x1cf/0x2c0
[  407.501367][T10010]  ? __pfx_madvise_walk_vmas+0x10/0x10
[  407.506824][T10010]  ? __mutex_unlock_slowpath+0x164/0x650
[  407.512453][T10010]  do_madvise+0x29d/0x700
[  407.516765][T10010]  ? __pfx_do_madvise+0x10/0x10
[  407.521600][T10010]  ? ksys_write+0x1ad/0x260
[  407.526088][T10010]  ? __pfx_ksys_write+0x10/0x10
[  407.530926][T10010]  __x64_sys_madvise+0xa9/0x110
[  407.535765][T10010]  ? lockdep_hardirqs_on+0x7c/0x110
[  407.540951][T10010]  do_syscall_64+0xcd/0x250
[  407.545437][T10010]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  407.551317][T10010] RIP: 0033:0x7ff74357e719
[  407.555711][T10010] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  407.575302][T10010] RSP: 002b:00007ff7442b5038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c
[  407.583708][T10010] RAX: ffffffffffffffda RBX: 00007ff743735f80 RCX: 00007ff74357e719
[  407.591696][T10010] RDX: 0000000000000015 RSI: 0000000000600003 RDI: 0000000020000000
[  407.599652][T10010] RBP: 00007ff7442b5090 R08: 0000000000000000 R09: 0000000000000000
[  407.607611][T10010] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  407.615595][T10010] R13: 0000000000000000 R14: 00007ff743735f80 R15: 00007ffcf3c8dbe8
[  407.623994][T10010]  </TASK>
[  410.022404][T10049] bridge0: port 1(bridge_slave_0) entered disabled state
[  415.851775][T10125] rdma_rxe: rxe_newlink: failed to add team_slave_1
[  415.859846][T10125] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1088'.
[  418.106550][T10155] FAULT_INJECTION: forcing a failure.
[  418.106550][T10155] name failslab, interval 1, probability 0, space 0, times 0
[  418.119711][T10155] CPU: 0 UID: 0 PID: 10155 Comm: syz.4.1098 Not tainted 6.12.0-rc6-syzkaller-00005-g557329bcecc2 #0
[  418.130494][T10155] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  418.140559][T10155] Call Trace:
[  418.143845][T10155]  <TASK>
[  418.146781][T10155]  dump_stack_lvl+0x16c/0x1f0
[  418.151474][T10155]  should_fail_ex+0x497/0x5b0
[  418.156161][T10155]  ? fs_reclaim_acquire+0xae/0x150
[  418.161282][T10155]  should_failslab+0xc2/0x120
[  418.165970][T10155]  __kmalloc_cache_noprof+0x6b/0x300
[  418.171266][T10155]  ? fuse_get_tree+0x78/0x600
[  418.175955][T10155]  ? cap_capable+0x1cf/0x240
[  418.180562][T10155]  fuse_get_tree+0x78/0x600
[  418.185075][T10155]  ? security_capable+0x7e/0x260
[  418.190029][T10155]  vfs_get_tree+0x8f/0x380
[  418.194467][T10155]  path_mount+0x14e6/0x1f20
[  418.198978][T10155]  ? kmem_cache_free+0x152/0x4b0
[  418.203925][T10155]  ? __pfx_path_mount+0x10/0x10
[  418.208786][T10155]  ? putname+0x12e/0x170
[  418.213038][T10155]  __x64_sys_mount+0x294/0x320
[  418.217812][T10155]  ? __pfx___x64_sys_mount+0x10/0x10
[  418.223112][T10155]  do_syscall_64+0xcd/0x250
[  418.227629][T10155]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  418.233536][T10155] RIP: 0033:0x7f2ffb57e719
[  418.237962][T10155] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  418.257585][T10155] RSP: 002b:00007f2ffc364038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  418.266011][T10155] RAX: ffffffffffffffda RBX: 00007f2ffb736130 RCX: 00007f2ffb57e719
[  418.273989][T10155] RDX: 0000000020000000 RSI: 00000000200020c0 RDI: 0000000000000000
[  418.281964][T10155] RBP: 00007f2ffc364090 R08: 0000000000000000 R09: 0000000000000000
[  418.289940][T10155] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  418.297918][T10155] R13: 0000000000000000 R14: 00007f2ffb736130 R15: 00007ffc46557cd8
[  418.305917][T10155]  </TASK>
[  418.309025][    C0] vkms_vblank_simulate: vblank timer overrun
[  418.825700][   T29] audit: type=1400 audit(1730768594.379:520): avc:  denied  { mount } for  pid=10148 comm="syz.1.1099" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  420.369899][T10176] rdma_rxe: rxe_newlink: failed to add team_slave_1
[  420.378093][T10176] netlink: 56 bytes leftover after parsing attributes in process `syz.4.1104'.
[  421.403727][T10180] sg_write: data in/out 25/70 bytes for SCSI command 0x5-- guessing data in;
[  421.403727][T10180]    program syz.1.1103 not setting count and/or reply_len properly
[  421.406583][   T29] audit: type=1400 audit(1730768596.959:521): avc:  denied  { connect } for  pid=10181 comm="syz.4.1106" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  421.498849][T10182] tipc: Started in network mode
[  421.531483][T10182] tipc: Node identity 7, cluster identity 4711
[  421.546014][T10182] tipc: Node number set to 7
[  421.895057][   T29] audit: type=1400 audit(1730768597.439:522): avc:  denied  { connect } for  pid=10187 comm="syz.4.1108" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  421.985137][   T29] audit: type=1400 audit(1730768597.499:523): avc:  denied  { write } for  pid=10187 comm="syz.4.1108" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  424.131844][T10220] rdma_rxe: rxe_newlink: failed to add team_slave_1
[  424.141543][T10220] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1116'.
[  424.762066][T10217] FAULT_INJECTION: forcing a failure.
[  424.762066][T10217] name failslab, interval 1, probability 0, space 0, times 0
[  424.827667][T10217] CPU: 0 UID: 0 PID: 10217 Comm: syz.2.1114 Not tainted 6.12.0-rc6-syzkaller-00005-g557329bcecc2 #0
[  424.838475][T10217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  424.848521][T10217] Call Trace:
[  424.851793][T10217]  <TASK>
[  424.854715][T10217]  dump_stack_lvl+0x16c/0x1f0
[  424.859385][T10217]  should_fail_ex+0x497/0x5b0
[  424.864068][T10217]  ? fs_reclaim_acquire+0xae/0x150
[  424.869192][T10217]  should_failslab+0xc2/0x120
[  424.873872][T10217]  kmem_cache_alloc_noprof+0x6e/0x2f0
[  424.879244][T10217]  ? __kvm_mmu_topup_memory_cache+0x18f/0x600
[  424.885307][T10217]  __kvm_mmu_topup_memory_cache+0x18f/0x600
[  424.891197][T10217]  mmu_topup_memory_caches+0x22/0xd0
[  424.896481][T10217]  kvm_mmu_load+0xda/0x20d0
[  424.900989][T10217]  ? mark_held_locks+0x9f/0xe0
[  424.905741][T10217]  ? kvm_apic_has_interrupt+0xb6/0x190
[  424.911218][T10217]  ? __pfx_kvm_apic_has_interrupt+0x10/0x10
[  424.917125][T10217]  ? vmx_flush_tlb_guest+0x113/0x2e0
[  424.922431][T10217]  ? __pfx_vmx_flush_tlb_guest+0x10/0x10
[  424.928073][T10217]  ? __pfx_kvm_mmu_load+0x10/0x10
[  424.933096][T10217]  ? kvm_cpu_has_injectable_intr+0x9b/0x1a0
[  424.938986][T10217]  ? kvm_check_and_inject_events+0x57f/0x12e0
[  424.945054][T10217]  ? __pfx_record_steal_time+0x1/0x10
[  424.950423][T10217]  vcpu_run+0x337c/0x4f80
[  424.954748][T10217]  ? __pfx_vmx_vcpu_load_vmcs+0x10/0x10
[  424.960295][T10217]  ? __pfx_vcpu_run+0x10/0x10
[  424.964962][T10217]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  424.970582][T10217]  ? rcu_is_watching+0x12/0xc0
[  424.975358][T10217]  ? trace_lock_acquire+0x14a/0x1d0
[  424.980549][T10217]  ? __local_bh_enable_ip+0xa4/0x120
[  424.985828][T10217]  ? kvm_arch_vcpu_ioctl_run+0x14d/0x1730
[  424.991549][T10217]  ? kvm_arch_vcpu_ioctl_run+0x447/0x1730
[  424.997278][T10217]  kvm_arch_vcpu_ioctl_run+0x447/0x1730
[  425.002836][T10217]  kvm_vcpu_ioctl+0x6c7/0x1510
[  425.007599][T10217]  ? do_vfs_ioctl+0x513/0x1990
[  425.012359][T10217]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  425.017560][T10217]  ? ioctl_has_perm.constprop.0.isra.0+0x2f3/0x460
[  425.024054][T10217]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  425.030895][T10217]  ? trace_lock_acquire+0x14a/0x1d0
[  425.036096][T10217]  ? selinux_file_ioctl+0x180/0x270
[  425.041293][T10217]  ? selinux_file_ioctl+0xb4/0x270
[  425.046830][T10217]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  425.052029][T10217]  __x64_sys_ioctl+0x18f/0x220
[  425.056790][T10217]  do_syscall_64+0xcd/0x250
[  425.061284][T10217]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  425.067172][T10217] RIP: 0033:0x7fe0b237e719
[  425.071575][T10217] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  425.091171][T10217] RSP: 002b:00007fe0b3232038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  425.099575][T10217] RAX: ffffffffffffffda RBX: 00007fe0b2535f80 RCX: 00007fe0b237e719
[  425.107550][T10217] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006
[  425.115509][T10217] RBP: 00007fe0b3232090 R08: 0000000000000000 R09: 0000000000000000
[  425.123468][T10217] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  425.131428][T10217] R13: 0000000000000000 R14: 00007fe0b2535f80 R15: 00007ffc4625ddb8
[  425.139399][T10217]  </TASK>
[  425.271295][   T29] audit: type=1400 audit(1730768600.819:524): avc:  denied  { map } for  pid=10226 comm="syz.0.1119" path="socket:[26235]" dev="sockfs" ino=26235 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  425.295213][   T29] audit: type=1400 audit(1730768600.819:525): avc:  denied  { read } for  pid=10226 comm="syz.0.1119" path="socket:[26235]" dev="sockfs" ino=26235 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  425.319335][   T29] audit: type=1400 audit(1730768600.839:526): avc:  denied  { getopt } for  pid=10226 comm="syz.0.1119" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  425.853856][   T29] audit: type=1400 audit(1730768601.089:527): avc:  denied  { read } for  pid=10226 comm="syz.0.1119" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  431.257795][T10260] ubi0: attaching mtd0
[  431.264239][T10260] ubi0 error: ubi_attach_mtd_dev: bad VID header (8454144) or data offsets (8454208)
[  431.761801][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  433.496758][T10281] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1133'.
[  433.532183][   T29] audit: type=1400 audit(1730768609.049:528): avc:  denied  { setopt } for  pid=10280 comm="syz.3.1133" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  433.589996][T10299] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1133'.
[  433.800738][T10308] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1139'.
[  433.855263][T10308] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1139'.
[  433.888492][T10310] rdma_rxe: rxe_newlink: failed to add team_slave_1
[  434.488398][T10310] netlink: 56 bytes leftover after parsing attributes in process `syz.4.1138'.
[  437.498425][T10354] 9pnet_fd: Insufficient options for proto=fd
[  437.623225][   T29] audit: type=1400 audit(1730768613.169:529): avc:  denied  { accept } for  pid=10361 comm="syz.3.1156" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=udp_socket permissive=1
[  437.877687][T10360] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  438.143505][ T5875] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  438.333526][ T5875] usb 1-1: Using ep0 maxpacket: 8
[  438.354526][ T5875] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[  438.391830][ T5875] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  438.406418][ T5875] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  438.453573][ T5875] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  438.478264][ T5875] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  438.519246][ T5875] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  438.529504][ T5875] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  438.760337][ T5875] usb 1-1: usb_control_msg returned -32
[  438.766121][ T5875] usbtmc 1-1:16.0: can't read capabilities
[  440.105922][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[  440.112236][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[  440.153542][T10295] usb 3-1: new full-speed USB device number 10 using dummy_hcd
[  440.320313][T10295] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  440.341619][T10295] usb 3-1: config 0 has no interfaces?
[  440.350749][T10295] usb 3-1: New USB device found, idVendor=0bda, idProduct=0139, bcdDevice=b4.99
[  440.363316][T10295] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  440.373037][T10295] usb 3-1: Product: syz
[  440.383590][T10295] usb 3-1: Manufacturer: syz
[  440.388229][T10295] usb 3-1: SerialNumber: syz
[  440.416237][T10396] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  440.419604][T10295] usb 3-1: config 0 descriptor??
[  440.521733][T10401] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5)
[  440.528273][T10401] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  440.538949][T10401] vhci_hcd vhci_hcd.0: Device attached
[  440.550137][T10401] vhci_hcd vhci_hcd.0: pdev(4) rhport(1) sockfd(7)
[  440.556669][T10401] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  440.565615][T10401] vhci_hcd vhci_hcd.0: Device attached
[  440.736954][ T5874] vhci_hcd: vhci_device speed not set
[  440.841595][ T5874] usb 41-1: new full-speed USB device number 3 using vhci_hcd
[  440.849853][T10406] vhci_hcd vhci_hcd.0: pdev(4) rhport(2) sockfd(15)
[  440.856471][T10406] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  440.867563][T10406] vhci_hcd vhci_hcd.0: Device attached
[  441.019362][T10406] vhci_hcd vhci_hcd.0: pdev(4) rhport(3) sockfd(17)
[  441.026030][T10406] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  441.034574][T10406] vhci_hcd vhci_hcd.0: Device attached
[  441.139129][T10410] vhci_hcd: connection closed
[  441.141116][   T52] vhci_hcd: stop threads
[  441.155041][   T52] vhci_hcd: release socket
[  441.159746][T10408] vhci_hcd: connection closed
[  441.160739][T10404] vhci_hcd: connection closed
[  441.163564][T10402] vhci_hcd: connection reset by peer
[  441.171865][T10295] usb 1-1: USB disconnect, device number 7
[  441.178109][   T52] vhci_hcd: disconnect device
[  441.189648][   T29] audit: type=1400 audit(1730768616.749:530): avc:  denied  { write } for  pid=10412 comm="syz.1.1166" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  441.208661][   T52] vhci_hcd: stop threads
[  441.214603][T10413] audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=64
[  441.222385][T10413] audit: out of memory in audit_log_start
[  441.237178][   T52] vhci_hcd: release socket
[  441.250740][   T52] vhci_hcd: disconnect device
[  441.269385][   T52] vhci_hcd: stop threads
[  441.304713][   T52] vhci_hcd: release socket
[  441.320657][   T52] vhci_hcd: disconnect device
[  441.336861][   T52] vhci_hcd: stop threads
[  441.348562][   T52] vhci_hcd: release socket
[  441.406139][   T52] vhci_hcd: disconnect device
[  441.639053][   T29] audit: type=1400 audit(1730768617.169:531): avc:  denied  { mount } for  pid=10416 comm="syz.0.1168" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  441.732859][ T5875] usb 3-1: USB disconnect, device number 10
[  441.800978][   T29] audit: type=1400 audit(1730768617.349:532): avc:  denied  { unmount } for  pid=5824 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  441.990156][T10430] syz2: rxe_newlink: already configured on team_slave_1
[  441.999059][T10430] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1171'.
[  443.307340][T10439] bridge0: port 1(bridge_slave_0) entered disabled state
[  443.799870][   T29] audit: type=1400 audit(1730768619.349:533): avc:  denied  { listen } for  pid=10460 comm="syz.1.1178" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  443.823593][ T5875] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  443.841610][   T29] audit: type=1400 audit(1730768619.359:534): avc:  denied  { accept } for  pid=10460 comm="syz.1.1178" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  443.984886][ T5875] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  444.006268][ T5875] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  444.052219][ T5875] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  444.089936][ T5875] usb 4-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00
[  444.102737][ T5875] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  444.127843][ T5875] usb 4-1: config 0 descriptor??
[  444.793353][ T5875] acrux 0003:1A34:0802.0005: hidraw0: USB HID v0.00 Device [HID 1a34:0802] on usb-dummy_hcd.3-1/input0
[  444.805283][ T5875] acrux 0003:1A34:0802.0005: no inputs found
[  444.813335][ T5875] acrux 0003:1A34:0802.0005: Failed to enable force feedback support, error: -19
[  445.026315][ T5907] usb 4-1: USB disconnect, device number 6
[  445.229907][T10458] FAULT_INJECTION: forcing a failure.
[  445.229907][T10458] name failslab, interval 1, probability 0, space 0, times 0
[  445.243670][ T5875] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  445.261515][T10458] CPU: 1 UID: 0 PID: 10458 Comm: syz.3.1177 Not tainted 6.12.0-rc6-syzkaller-00005-g557329bcecc2 #0
[  445.272330][T10458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  445.282406][T10458] Call Trace:
[  445.285698][T10458]  <TASK>
[  445.288641][T10458]  dump_stack_lvl+0x16c/0x1f0
[  445.293348][T10458]  should_fail_ex+0x497/0x5b0
[  445.298051][T10458]  ? fs_reclaim_acquire+0xae/0x150
[  445.303191][T10458]  should_failslab+0xc2/0x120
[  445.307898][T10458]  __kmalloc_cache_noprof+0x6b/0x300
[  445.313201][T10458]  ? create_io_worker+0xcc/0x5f0
[  445.318179][T10458]  ? create_io_worker+0x49/0x5f0
[  445.323135][T10458]  create_io_worker+0xcc/0x5f0
[  445.327926][T10458]  io_wq_enqueue+0x664/0xb30
[  445.332634][T10458]  ? __pfx_io_wq_enqueue+0x10/0x10
[  445.337779][T10458]  ? __pfx_io_wq_work_match_item+0x10/0x10
[  445.343622][T10458]  ? io_prep_async_work+0x654/0x770
[  445.348943][T10458]  io_queue_iowq+0x259/0x4e0
[  445.353562][T10458]  ? io_issue_sqe+0x1d3/0x13d0
[  445.358350][T10458]  io_queue_async+0x251/0x4b0
[  445.363047][T10458]  io_req_task_submit+0x1e0/0x210
[  445.368089][T10458]  ? __pfx_io_req_task_submit+0x10/0x10
[  445.373701][T10458]  io_handle_tw_list+0x4c3/0x540
[  445.378662][T10458]  ? __pfx_io_handle_tw_list+0x10/0x10
[  445.384139][T10458]  ? lock_acquire.part.0+0x11b/0x380
[  445.389526][T10458]  ? find_held_lock+0x2d/0x110
[  445.394411][T10458]  tctx_task_work_run+0xa9/0x370
[  445.399377][T10458]  tctx_task_work+0x7b/0xd0
[  445.404080][T10458]  ? __pfx_tctx_task_work+0x10/0x10
[  445.409321][T10458]  ? _raw_spin_unlock_irq+0x23/0x50
[  445.414814][T10458]  ? lockdep_hardirqs_on+0x7c/0x110
[  445.415299][ T5875] usb 2-1: config 0 interface 0 altsetting 253 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  445.420032][T10458]  task_work_run+0x14e/0x250
[  445.420090][T10458]  ? __pfx_task_work_run+0x10/0x10
[  445.440800][T10458]  ? __mutex_unlock_slowpath+0x164/0x650
[  445.446559][T10458]  get_signal+0x1ca/0x2770
[  445.451014][T10458]  ? __pfx_get_signal+0x10/0x10
[  445.455897][T10458]  ? fput+0x30/0x390
[  445.459826][T10458]  ? __do_sys_io_uring_enter+0x4a7/0x1170
[  445.465753][T10458]  arch_do_signal_or_restart+0x90/0x7e0
[  445.466774][ T5875] usb 2-1: config 0 interface 0 altsetting 253 endpoint 0x81 has invalid wMaxPacketSize 0
[  445.471314][T10458]  ? __fget_files+0x244/0x3f0
[  445.471356][T10458]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  445.471396][T10458]  ? ksys_write+0x1ad/0x260
[  445.496660][T10458]  ? __pfx_ksys_write+0x10/0x10
[  445.501551][T10458]  syscall_exit_to_user_mode+0x150/0x2a0
[  445.507244][T10458]  do_syscall_64+0xda/0x250
[  445.511777][T10458]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  445.517698][T10458] RIP: 0033:0x7f871f97e719
[  445.522134][T10458] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  445.529065][ T5875] usb 2-1: config 0 interface 0 has no altsetting 0
[  445.541745][T10458] RSP: 002b:00007f87207b7038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  445.541773][T10458] RAX: 0000000000000001 RBX: 00007f871fb35f80 RCX: 00007f871f97e719
[  445.541785][T10458] RDX: 0000000000000000 RSI: 000000000000184c RDI: 0000000000000003
[  445.541796][T10458] RBP: 00007f87207b7090 R08: 0000000000000000 R09: 0000000000000000
[  445.541807][T10458] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  445.541819][T10458] R13: 0000000000000000 R14: 00007f871fb35f80 R15: 00007ffd78d5d9f8
[  445.541847][T10458]  </TASK>
[  445.775525][ T5875] usb 2-1: New USB device found, idVendor=056a, idProduct=0035, bcdDevice= 0.00
[  445.813560][ T5875] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  445.834620][ T5875] usb 2-1: config 0 descriptor??
[  446.017836][ T5874] vhci_hcd: vhci_device speed not set
[  446.425654][T10490] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  446.461929][T10490] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  446.490071][   T29] audit: type=1400 audit(1730768622.039:535): avc:  denied  { bind } for  pid=10488 comm="syz.3.1186" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  446.520712][   T29] audit: type=1400 audit(1730768622.039:536): avc:  denied  { listen } for  pid=10488 comm="syz.3.1186" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  446.551365][   T29] audit: type=1400 audit(1730768622.039:537): avc:  denied  { accept } for  pid=10488 comm="syz.3.1186" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  447.110180][ T5875] usbhid 2-1:0.0: can't add hid device: -71
[  447.116598][ T5875] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  447.140666][ T5875] usb 2-1: USB disconnect, device number 5
[  447.239360][T10500] mmap: syz.2.1190 (10500) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  447.282595][   T29] audit: type=1400 audit(1730768622.829:538): avc:  denied  { accept } for  pid=10498 comm="syz.2.1190" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  447.601925][T10516] netlink: 'syz.2.1196': attribute type 9 has an invalid length.
[  447.988665][T10521] rdma_rxe: rxe_newlink: failed to add team_slave_1
[  447.993239][T10516] macvlan1: entered promiscuous mode
[  447.997294][T10521] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1195'.
[  449.004978][T10534] libceph: resolve '
[  449.004978][T10534] -&���f�Y�ǝ�a���2i�
[  449.004978][T10534] .���?��&�*��&' (ret=-3): failed
[  449.054562][T10533] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR
[  449.131047][T10545] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1205'.
[  451.092241][   T29] audit: type=1400 audit(1730768626.559:539): avc:  denied  { watch_reads } for  pid=10562 comm="syz.3.1211" path="/221" dev="tmpfs" ino=1186 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  451.684346][   T29] audit: type=1400 audit(1730768627.229:540): avc:  denied  { setopt } for  pid=10562 comm="syz.3.1211" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  451.718980][   T29] audit: type=1400 audit(1730768627.229:541): avc:  denied  { connect } for  pid=10562 comm="syz.3.1211" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  451.836551][T10580] syz2: rxe_newlink: already configured on team_slave_1
[  452.369203][T10580] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1213'.
[  452.629193][T10587] rdma_rxe: rxe_newlink: failed to add team_slave_1
[  452.637204][T10587] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1215'.
[  453.133621][    T8] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  453.345125][    T8] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  453.355590][    T8] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[  453.396348][    T8] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 121
[  453.426223][    T8] usb 3-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  453.443515][    T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  453.480863][    T8] usb 3-1: Product: syz
[  453.485572][    T8] usb 3-1: Manufacturer: syz
[  453.490200][    T8] usb 3-1: SerialNumber: syz
[  453.516690][    T8] usb 3-1: config 0 descriptor??
[  453.532592][T10585] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  453.542099][T10585] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  453.574467][    T8] usb 3-1: ucan: probing device on interface #0
[  453.580463][ T5907] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  453.713606][ T5907] usb 5-1: device descriptor read/64, error -71
[  453.973819][ T5907] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  454.463627][ T5907] usb 5-1: device descriptor read/64, error -71
[  454.496527][T10600] xt_CT: You must specify a L4 protocol and not use inversions on it
[  454.563990][ T5878] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  454.597475][ T5907] usb usb5-port1: attempt power cycle
[  454.710856][    T8] usb 3-1: ucan: could not read protocol version, ret=-110
[  454.719515][    T8] usb 3-1: ucan: probe failed; try to update the device firmware
[  454.825032][ T5878] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  454.888673][ T5878] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  454.917392][ T5878] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  454.950355][ T5878] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  454.971150][T10602] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[  454.995553][ T5878] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  455.761907][T10622] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  455.775434][T10622] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  456.121404][ T5878] usb 3-1: USB disconnect, device number 11
[  456.251199][    T8] usb 1-1: USB disconnect, device number 8
[  456.465407][T10638] rdma_rxe: rxe_newlink: failed to add team_slave_1
[  456.473371][T10638] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1230'.
[  458.742088][T10662] libceph: resolve '
[  458.742088][T10662] -&���f�Y�ǝ�a���2i�
[  458.742088][T10662] .���?��&�*��&' (ret=-3): failed
[  463.584469][   T29] audit: type=1400 audit(1730768639.139:542): avc:  denied  { create } for  pid=10738 comm="syz.4.1258" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  463.633859][    T8] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  463.650796][   T29] audit: type=1400 audit(1730768639.139:543): avc:  denied  { write } for  pid=10738 comm="syz.4.1258" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  463.841331][    T8] usb 1-1: Using ep0 maxpacket: 8
[  463.853624][ T5878] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  463.869980][    T8] usb 1-1: config 2 has an invalid interface number: 181 but max is 3
[  464.467866][    T8] usb 1-1: config 2 has an invalid interface number: 86 but max is 3
[  464.476121][    T8] usb 1-1: config 2 has an invalid interface number: 7 but max is 3
[  464.484179][    T8] usb 1-1: config 2 has an invalid interface number: 107 but max is 3
[  464.493031][    T8] usb 1-1: config 2 has an invalid interface number: 212 but max is 3
[  464.501313][    T8] usb 1-1: config 2 has an invalid descriptor of length 235, skipping remainder of the config
[  464.511735][    T8] usb 1-1: config 2 has 5 interfaces, different from the descriptor's value: 4
[  464.520791][    T8] usb 1-1: config 2 has no interface number 0
[  464.526960][    T8] usb 1-1: config 2 has no interface number 1
[  464.533044][    T8] usb 1-1: config 2 has no interface number 2
[  464.539444][    T8] usb 1-1: config 2 has no interface number 3
[  464.545592][    T8] usb 1-1: config 2 has no interface number 4
[  464.551713][    T8] usb 1-1: config 2 interface 181 altsetting 9 endpoint 0x7 has invalid maxpacket 1024, setting to 64
[  464.562775][    T8] usb 1-1: config 2 interface 181 altsetting 9 endpoint 0x3 has invalid maxpacket 1024, setting to 64
[  464.573802][    T8] usb 1-1: config 2 interface 181 altsetting 9 has a duplicate endpoint with address 0x7, skipping
[  464.584668][    T8] usb 1-1: config 2 interface 181 altsetting 9 has a duplicate endpoint with address 0x6, skipping
[  464.595457][    T8] usb 1-1: config 2 interface 181 altsetting 9 has 5 endpoint descriptors, different from the interface descriptor's value: 6
[  464.608517][    T8] usb 1-1: too many endpoints for config 2 interface 86 altsetting 56: 100, using maximum allowed: 30
[  464.619589][    T8] usb 1-1: config 2 interface 86 altsetting 56 has 1 endpoint descriptor, different from the interface descriptor's value: 100
[  464.632784][    T8] usb 1-1: config 2 interface 7 altsetting 255 has a duplicate endpoint with address 0x3, skipping
[  464.643661][    T8] usb 1-1: config 2 interface 212 altsetting 0 has a duplicate endpoint with address 0x6, skipping
[  464.654359][    T8] usb 1-1: config 2 interface 212 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  464.667357][    T8] usb 1-1: config 2 interface 181 has no altsetting 0
[  464.674138][    T8] usb 1-1: config 2 interface 86 has no altsetting 0
[  464.680881][    T8] usb 1-1: config 2 interface 7 has no altsetting 0
[  464.687536][    T8] usb 1-1: config 2 interface 107 has no altsetting 0
[  464.805748][    T8] usb 1-1: Dual-Role OTG device on HNP port
[  464.812043][    T8] usb 1-1: New USB device found, idVendor=1a8d, idProduct=1008, bcdDevice=68.e4
[  464.821229][ T5878] usb 5-1: Using ep0 maxpacket: 16
[  464.826623][    T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  464.838152][ T5878] usb 5-1: config 0 has an invalid interface number: 68 but max is 0
[  464.847108][ T5878] usb 5-1: config 0 has no interface number 0
[  464.853512][    T8] usb 1-1: Product: 敧闸虵漊ꇗ뀳꿥뎟傃ᕟޣ莌궺烰泵나伶￈㎯㴓↘ᰯ욪즲⽸痦軂ዮ劽꿪
[  464.877073][ T5878] usb 5-1: config 0 interface 68 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 1023
[  464.897560][    T8] usb 1-1: Manufacturer: ꐽ覮᱔ꄋ櫑캩裃㡀땢ኵꏴ裤英⭢櫇黃鸥匧葰쮻뜻ᦏꊤ奣ͫ簉豤㼓昔샵캒筽ᱍꆠ㈮鳲ꙿ૪夎왎鮴耊ᱬ辰睞惺ȷ㩘ᥜ᥯蛗邒⧮淕䇘薸軸ꯧ㊱旅⎘靽ﰘ嬊뉝肄듋켠膕ѣ꫋⬼앷낵墌ᷔ筐夆螊煭鸖
[  464.945090][ T5878] usb 5-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=dc.c4
[  464.954542][ T5878] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  464.962657][ T5878] usb 5-1: Product: syz
[  464.983559][ T5878] usb 5-1: Manufacturer: syz
[  464.990086][    T8] usb 1-1: SerialNumber: 孬⎖㊵捱됽裝距⾡ꑴ侺슐㵩ꥳㆇ눙৅뛭卜ᙯ収Ჾ뼹郺才驫뛖콵蕲ﴍ 㦌὞婔惷㘻䤒⥻ꍌ┟苒醳踂坮햤Ꚗ祈ᬺ缵䁉졓梦
[  465.021295][ T5878] usb 5-1: SerialNumber: syz
[  465.039275][ T5878] usb 5-1: config 0 descriptor??
[  465.047176][T10739] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  465.435200][ T5878] usb 5-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  465.455562][ T2123] usb 5-1: Failed to submit usb control message: -71
[  465.462702][ T2123] usb 5-1: unable to send the bmi data to the device: -71
[  465.481253][ T5878] usb 5-1: USB disconnect, device number 10
[  465.515137][ T2123] usb 5-1: unable to get target info from device
[  465.521971][ T2123] usb 5-1: could not get target info (-71)
[  465.528595][ T2123] usb 5-1: could not probe fw (-71)
[  465.848371][    T8] option 1-1:2.181: GSM modem (1-port) converter detected
[  465.873346][    T8] option 1-1:2.212: GSM modem (1-port) converter detected
[  465.904876][    T8] usb 1-1: USB disconnect, device number 9
[  465.916276][    T8] option 1-1:2.181: device disconnected
[  465.956959][    T8] option 1-1:2.212: device disconnected
[  466.735629][T10760] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  468.568038][T10797] sg_write: data in/out 25/70 bytes for SCSI command 0x5-- guessing data in;
[  468.568038][T10797]    program syz.1.1276 not setting count and/or reply_len properly
[  468.928344][  T965] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  469.693544][  T965] usb 3-1: Using ep0 maxpacket: 8
[  469.701416][T10815] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1281'.
[  469.706206][  T965] usb 3-1: config 2 has an invalid interface number: 181 but max is 3
[  469.764827][  T965] usb 3-1: config 2 has an invalid interface number: 86 but max is 3
[  469.789906][  T965] usb 3-1: config 2 has an invalid interface number: 7 but max is 3
[  469.803910][  T965] usb 3-1: config 2 has an invalid interface number: 107 but max is 3
[  469.812467][  T965] usb 3-1: config 2 has an invalid interface number: 212 but max is 3
[  470.100152][  T965] usb 3-1: config 2 has an invalid descriptor of length 235, skipping remainder of the config
[  470.143234][  T965] usb 3-1: config 2 has 5 interfaces, different from the descriptor's value: 4
[  470.152508][  T965] usb 3-1: config 2 has no interface number 0
[  470.158833][  T965] usb 3-1: config 2 has no interface number 1
[  470.165026][  T965] usb 3-1: config 2 has no interface number 2
[  470.171291][  T965] usb 3-1: config 2 has no interface number 3
[  470.177582][  T965] usb 3-1: config 2 has no interface number 4
[  470.183986][  T965] usb 3-1: config 2 interface 181 altsetting 9 endpoint 0x7 has invalid maxpacket 1024, setting to 64
[  470.195226][  T965] usb 3-1: config 2 interface 181 altsetting 9 endpoint 0x3 has invalid maxpacket 1024, setting to 64
[  470.206295][  T965] usb 3-1: config 2 interface 181 altsetting 9 has a duplicate endpoint with address 0x7, skipping
[  470.217090][  T965] usb 3-1: config 2 interface 181 altsetting 9 has a duplicate endpoint with address 0x6, skipping
[  470.227944][  T965] usb 3-1: config 2 interface 181 altsetting 9 has 5 endpoint descriptors, different from the interface descriptor's value: 6
[  470.241415][  T965] usb 3-1: too many endpoints for config 2 interface 86 altsetting 56: 100, using maximum allowed: 30
[  470.256352][  T965] usb 3-1: config 2 interface 86 altsetting 56 has 1 endpoint descriptor, different from the interface descriptor's value: 100
[  470.273493][  T965] usb 3-1: config 2 interface 7 altsetting 255 has a duplicate endpoint with address 0x3, skipping
[  470.285067][  T965] usb 3-1: config 2 interface 212 altsetting 0 has a duplicate endpoint with address 0x6, skipping
[  470.297212][  T965] usb 3-1: config 2 interface 212 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  470.310535][  T965] usb 3-1: config 2 interface 181 has no altsetting 0
[  470.320472][  T965] usb 3-1: config 2 interface 86 has no altsetting 0
[  470.327319][  T965] usb 3-1: config 2 interface 7 has no altsetting 0
[  470.338524][  T965] usb 3-1: config 2 interface 107 has no altsetting 0
[  470.442659][  T965] usb 3-1: Dual-Role OTG device on HNP port
[  470.451486][  T965] usb 3-1: New USB device found, idVendor=1a8d, idProduct=1008, bcdDevice=68.e4
[  470.460903][  T965] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  470.498303][  T965] usb 3-1: Product: 敧闸虵漊ꇗ뀳꿥뎟傃ᕟޣ莌궺烰泵나伶￈㎯㴓↘ᰯ욪즲⽸痦軂ዮ劽꿪
[  470.844287][  T965] usb 3-1: Manufacturer: ꐽ覮᱔ꄋ櫑캩裃㡀땢ኵꏴ裤英⭢櫇黃鸥匧葰쮻뜻ᦏꊤ奣ͫ簉豤㼓昔샵캒筽ᱍꆠ㈮鳲ꙿ૪夎왎鮴耊ᱬ辰睞惺ȷ㩘ᥜ᥯蛗邒⧮淕䇘薸軸ꯧ㊱旅⎘靽ﰘ嬊뉝肄듋켠膕ѣ꫋⬼앷낵墌ᷔ筐夆螊煭鸖
[  470.875868][  T965] usb 3-1: SerialNumber: 孬⎖㊵捱됽裝距⾡ꑴ侺슐㵩ꥳㆇ눙৅뛭卜ᙯ収Ჾ뼹郺才驫뛖콵蕲ﴍ 㦌὞婔惷㘻䤒⥻ꍌ┟苒醳踂坮햤Ꚗ祈ᬺ缵䁉졓梦
[  471.450474][  T965] option 3-1:2.181: GSM modem (1-port) converter detected
[  471.481021][  T965] option 3-1:2.212: GSM modem (1-port) converter detected
[  471.511968][  T965] usb 3-1: USB disconnect, device number 12
[  471.522827][T10846] tipc: Cannot configure node identity twice
[  471.534245][  T965] option 3-1:2.181: device disconnected
[  471.571219][T10846] tipc: Cannot configure node identity twice
[  471.587687][  T965] option 3-1:2.212: device disconnected
[  473.417064][T10875] syz2: rxe_newlink: already configured on team_slave_1
[  473.426854][T10875] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1295'.
[  474.248524][T10863] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  474.352861][T10884] syz2: rxe_newlink: already configured on team_slave_1
[  474.361425][T10884] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1298'.
[  476.322172][T10906] tipc: Started in network mode
[  476.373669][T10906] tipc: Node identity 101, cluster identity 4711
[  476.380144][T10906] tipc: Node number set to 257
[  476.389984][T10906] tipc: Cannot configure node identity twice
[  478.325950][T10931] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1310'.
[  479.052995][T10945] dccp_invalid_packet: pskb_may_pull failed
[  479.089534][   T29] audit: type=1400 audit(1730768654.639:544): avc:  denied  { accept } for  pid=10926 comm="syz.0.1311" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  481.940779][T10982] libceph: resolve '
[  481.940779][T10982] -&���f�Y�ǝ�a���2i�
[  481.940779][T10982] .���?��&�*��&' (ret=-3): failed
[  482.265520][ T5907] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  482.301365][T10986] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  482.406126][T10993] netlink: 56 bytes leftover after parsing attributes in process `syz.4.1325'.
[  482.517410][ T5907] usb 4-1: Using ep0 maxpacket: 8
[  482.932365][ T5907] usb 4-1: config 2 has an invalid interface number: 181 but max is 3
[  482.947302][T10999] dccp_invalid_packet: pskb_may_pull failed
[  482.966952][ T5907] usb 4-1: config 2 has an invalid interface number: 86 but max is 3
[  482.994819][ T5907] usb 4-1: config 2 has an invalid interface number: 7 but max is 3
[  483.003677][ T5907] usb 4-1: config 2 has an invalid interface number: 107 but max is 3
[  483.029672][ T5907] usb 4-1: config 2 has an invalid interface number: 212 but max is 3
[  483.049829][ T5907] usb 4-1: config 2 has an invalid descriptor of length 235, skipping remainder of the config
[  483.076107][ T5907] usb 4-1: config 2 has 5 interfaces, different from the descriptor's value: 4
[  483.095748][ T5907] usb 4-1: config 2 has no interface number 0
[  483.102351][ T5907] usb 4-1: config 2 has no interface number 1
[  483.111540][ T5907] usb 4-1: config 2 has no interface number 2
[  483.118111][ T5907] usb 4-1: config 2 has no interface number 3
[  483.124628][ T5907] usb 4-1: config 2 has no interface number 4
[  483.131124][ T5907] usb 4-1: config 2 interface 181 altsetting 9 endpoint 0x7 has invalid maxpacket 1024, setting to 64
[  483.142605][ T5907] usb 4-1: config 2 interface 181 altsetting 9 endpoint 0x3 has invalid maxpacket 1024, setting to 64
[  483.445818][ T5907] usb 4-1: config 2 interface 181 altsetting 9 has a duplicate endpoint with address 0x7, skipping
[  483.463538][ T5907] usb 4-1: config 2 interface 181 altsetting 9 has a duplicate endpoint with address 0x6, skipping
[  483.480275][ T5907] usb 4-1: config 2 interface 181 altsetting 9 has 5 endpoint descriptors, different from the interface descriptor's value: 6
[  483.494646][ T5907] usb 4-1: too many endpoints for config 2 interface 86 altsetting 56: 100, using maximum allowed: 30
[  483.518768][ T5907] usb 4-1: config 2 interface 86 altsetting 56 has 1 endpoint descriptor, different from the interface descriptor's value: 100
[  483.539955][ T5907] usb 4-1: config 2 interface 7 altsetting 255 has a duplicate endpoint with address 0x3, skipping
[  483.560834][ T5907] usb 4-1: config 2 interface 212 altsetting 0 has a duplicate endpoint with address 0x6, skipping
[  483.578613][ T5907] usb 4-1: config 2 interface 212 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  483.595048][ T5907] usb 4-1: config 2 interface 181 has no altsetting 0
[  483.603509][ T5907] usb 4-1: config 2 interface 86 has no altsetting 0
[  483.617818][ T5907] usb 4-1: config 2 interface 7 has no altsetting 0
[  483.628491][ T5907] usb 4-1: config 2 interface 107 has no altsetting 0
[  483.687481][ T5907] usb 4-1: string descriptor 0 read error: -71
[  483.713483][ T5907] usb 4-1: Dual-Role OTG device on HNP port
[  483.813560][ T5907] usb 4-1: can't set HNP mode: -71
[  484.850814][T11026] vhci_hcd vhci_hcd.0: pdev(0) rhport(1) sockfd(8)
[  484.857369][T11026] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  484.864800][T11019] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5)
[  484.871344][T11019] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  484.955804][T11019] vhci_hcd vhci_hcd.0: Device attached
[  485.125064][T11026] vhci_hcd vhci_hcd.0: Device attached
[  485.290903][ T5875] vhci_hcd: vhci_device speed not set
[  485.975182][ T5875] usb 33-1: new full-speed USB device number 2 using vhci_hcd
[  486.009777][T11028] vhci_hcd: connection closed
[  486.141579][   T12] vhci_hcd: stop threads
[  486.151317][   T12] vhci_hcd: release socket
[  486.156680][   T12] vhci_hcd: disconnect device
[  486.165770][T11023] vhci_hcd: connection reset by peer
[  486.171290][   T12] vhci_hcd: stop threads
[  486.182262][   T12] vhci_hcd: release socket
[  486.191815][   T12] vhci_hcd: disconnect device
[  486.381515][T11048] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1340'.
[  488.882694][T11101] libceph: resolve '
[  488.882694][T11101] -&���f�Y�ǝ�a���2i�
[  488.882694][T11101] .���?��&�*��&' (ret=-3): failed
[  489.523620][T11108] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5)
[  489.530179][T11108] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  489.580250][T11108] vhci_hcd vhci_hcd.0: Device attached
[  489.630270][   T29] audit: type=1400 audit(1730768665.169:545): avc:  denied  { nlmsg_read } for  pid=11102 comm="syz.3.1358" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  489.683908][T11113] vhci_hcd vhci_hcd.0: pdev(2) rhport(1) sockfd(8)
[  489.690464][T11113] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  489.712503][T11119] FAULT_INJECTION: forcing a failure.
[  489.712503][T11119] name failslab, interval 1, probability 0, space 0, times 0
[  489.725506][T11119] CPU: 1 UID: 0 PID: 11119 Comm: syz.0.1356 Not tainted 6.12.0-rc6-syzkaller-00005-g557329bcecc2 #0
[  489.736284][T11119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  489.746360][T11119] Call Trace:
[  489.749639][T11119]  <TASK>
[  489.752587][T11119]  dump_stack_lvl+0x16c/0x1f0
[  489.757293][T11119]  should_fail_ex+0x497/0x5b0
[  489.761997][T11119]  ? fs_reclaim_acquire+0xae/0x150
[  489.767128][T11119]  should_failslab+0xc2/0x120
[  489.771828][T11119]  __kmalloc_noprof+0xcb/0x400
[  489.776611][T11119]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  489.782255][T11119]  tomoyo_realpath_from_path+0xb9/0x720
[  489.787814][T11119]  ? tomoyo_path_number_perm+0x232/0x590
[  489.793457][T11119]  tomoyo_path_number_perm+0x245/0x590
[  489.798920][T11119]  ? tomoyo_path_number_perm+0x232/0x590
[  489.804603][T11119]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  489.810589][T11119]  ? find_held_lock+0x2d/0x110
[  489.815376][T11119]  ? __pfx_lock_release+0x10/0x10
[  489.820425][T11119]  ? rcu_is_watching+0x12/0xc0
[  489.825204][T11119]  ? __rcu_read_unlock+0x2b4/0x580
[  489.830333][T11119]  ? __fget_files+0x244/0x3f0
[  489.835038][T11119]  security_file_ioctl+0x9b/0x240
[  489.840081][T11119]  __x64_sys_ioctl+0xbb/0x220
[  489.844860][T11119]  do_syscall_64+0xcd/0x250
[  489.849465][T11119]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  489.855373][T11119] RIP: 0033:0x7f4f9457e719
[  489.859796][T11119] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  489.879856][T11119] RSP: 002b:00007f4f929f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  489.888290][T11119] RAX: ffffffffffffffda RBX: 00007f4f94736130 RCX: 00007f4f9457e719
[  489.896271][T11119] RDX: 0000000020000380 RSI: 00000000000089e0 RDI: 0000000000000003
[  489.904247][T11119] RBP: 00007f4f929f6090 R08: 0000000000000000 R09: 0000000000000000
[  489.912224][T11119] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  489.920198][T11119] R13: 0000000000000000 R14: 00007f4f94736130 R15: 00007fff170b2d28
[  489.928191][T11119]  </TASK>
[  489.931770][T11119] ERROR: Out of memory at tomoyo_realpath_from_path.
[  489.975276][T11113] vhci_hcd vhci_hcd.0: Device attached
[  489.983780][   T29] audit: type=1400 audit(1730768665.489:546): avc:  denied  { ioctl } for  pid=11099 comm="syz.0.1356" path="socket:[30669]" dev="sockfs" ino=30669 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  490.064088][    T8] vhci_hcd: vhci_device speed not set
[  490.123627][    T8] usb 37-1: new full-speed USB device number 2 using vhci_hcd
[  490.327060][T11110] vhci_hcd: connection reset by peer
[  490.333053][T11115] vhci_hcd: connection closed
[  490.338886][ T4366] vhci_hcd: stop threads
[  490.348311][ T4366] vhci_hcd: release socket
[  490.354170][ T4366] vhci_hcd: disconnect device
[  490.359202][ T4366] vhci_hcd: stop threads
[  490.363924][ T4366] vhci_hcd: release socket
[  490.368533][ T4366] vhci_hcd: disconnect device
[  491.412410][   T29] audit: type=1804 audit(1730768666.869:547): pid=11142 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.3.1365" name="/newroot/254/bus/bus" dev="overlay" ino=1372 res=1 errno=0
[  491.740285][ T5875] vhci_hcd: vhci_device speed not set
[  492.062127][T11149] ubi0: attaching mtd0
[  492.066614][T11149] ubi0 error: ubi_attach_mtd_dev: bad VID header (8454144) or data offsets (8454208)
[  492.288080][   T29] audit: type=1804 audit(1730768666.879:548): pid=11142 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.3.1365" name="/newroot/254/bus/bus" dev="overlay" ino=1372 res=1 errno=0
[  492.430717][   T29] audit: type=1800 audit(1730768666.929:549): pid=11142 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.3.1365" name="file2" dev="overlay" ino=1374 res=0 errno=0
[  493.872051][T11175] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[  493.878570][T11175] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  494.024435][T11175] vhci_hcd vhci_hcd.0: Device attached
[  494.059264][T11181] vhci_hcd vhci_hcd.0: pdev(3) rhport(1) sockfd(7)
[  494.065905][T11181] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  494.075878][T11180] xt_CT: You must specify a L4 protocol and not use inversions on it
[  494.091920][   T29] audit: type=1400 audit(1730768669.639:550): avc:  denied  { read } for  pid=11178 comm="syz.1.1375" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  494.143676][T11181] vhci_hcd vhci_hcd.0: Device attached
[  494.203588][ T5874] vhci_hcd: vhci_device speed not set
[  494.263587][ T5874] usb 39-1: new full-speed USB device number 2 using vhci_hcd
[  494.385030][T11185] dccp_invalid_packet: pskb_may_pull failed
[  495.141396][T11176] vhci_hcd: connection reset by peer
[  495.147145][T11182] vhci_hcd: connection closed
[  495.147454][ T6145] vhci_hcd: stop threads
[  495.193619][ T6145] vhci_hcd: release socket
[  495.199709][ T6145] vhci_hcd: disconnect device
[  495.215951][    T8] vhci_hcd: vhci_device speed not set
[  495.250604][ T6145] vhci_hcd: stop threads
[  495.257299][ T6145] vhci_hcd: release socket
[  495.280078][ T6145] vhci_hcd: disconnect device
[  496.041632][T11201] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1380'.
[  496.746996][T11205] overlayfs: failed to resolve './file1': -2
[  499.483272][ T5874] vhci_hcd: vhci_device speed not set
[  501.545398][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[  501.551774][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[  502.689180][T11269] libceph: resolve '
[  502.689180][T11269] -&���f�Y�ǝ�a���2i�
[  502.689180][T11269] .���?��&�*��&' (ret=-3): failed
[  502.771539][ T5875] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  502.995712][ T5875] usb 4-1: Using ep0 maxpacket: 8
[  503.032282][ T5875] usb 4-1: config 2 has an invalid interface number: 181 but max is 3
[  503.084739][ T5875] usb 4-1: config 2 has an invalid interface number: 86 but max is 3
[  503.092920][ T5875] usb 4-1: config 2 has an invalid interface number: 7 but max is 3
[  503.126358][ T5875] usb 4-1: config 2 has an invalid interface number: 107 but max is 3
[  503.134717][ T5875] usb 4-1: config 2 has an invalid interface number: 212 but max is 3
[  503.142966][ T5875] usb 4-1: config 2 has an invalid descriptor of length 235, skipping remainder of the config
[  503.153658][ T5875] usb 4-1: config 2 has 5 interfaces, different from the descriptor's value: 4
[  503.162675][ T5875] usb 4-1: config 2 has no interface number 0
[  503.168975][ T5875] usb 4-1: config 2 has no interface number 1
[  503.175146][ T5875] usb 4-1: config 2 has no interface number 2
[  503.181237][ T5875] usb 4-1: config 2 has no interface number 3
[  503.187353][ T5875] usb 4-1: config 2 has no interface number 4
[  503.193642][ T5875] usb 4-1: config 2 interface 181 altsetting 9 endpoint 0x7 has invalid maxpacket 1024, setting to 64
[  503.204674][ T5875] usb 4-1: config 2 interface 181 altsetting 9 endpoint 0x3 has invalid maxpacket 1024, setting to 64
[  503.215712][ T5875] usb 4-1: config 2 interface 181 altsetting 9 has a duplicate endpoint with address 0x7, skipping
[  503.226486][ T5875] usb 4-1: config 2 interface 181 altsetting 9 has a duplicate endpoint with address 0x6, skipping
[  503.237260][ T5875] usb 4-1: config 2 interface 181 altsetting 9 has 5 endpoint descriptors, different from the interface descriptor's value: 6
[  503.250632][ T5875] usb 4-1: too many endpoints for config 2 interface 86 altsetting 56: 100, using maximum allowed: 30
[  503.261675][ T5875] usb 4-1: config 2 interface 86 altsetting 56 has 1 endpoint descriptor, different from the interface descriptor's value: 100
[  503.274892][ T5875] usb 4-1: config 2 interface 7 altsetting 255 has a duplicate endpoint with address 0x3, skipping
[  503.285768][ T5875] usb 4-1: config 2 interface 212 altsetting 0 has a duplicate endpoint with address 0x6, skipping
[  503.296551][ T5875] usb 4-1: config 2 interface 212 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  503.309635][ T5875] usb 4-1: config 2 interface 181 has no altsetting 0
[  503.316470][ T5875] usb 4-1: config 2 interface 86 has no altsetting 0
[  503.323182][ T5875] usb 4-1: config 2 interface 7 has no altsetting 0
[  503.329872][ T5875] usb 4-1: config 2 interface 107 has no altsetting 0
[  503.340453][ T5875] usb 4-1: Dual-Role OTG device on HNP port
[  503.347215][ T5875] usb 4-1: New USB device found, idVendor=1a8d, idProduct=1008, bcdDevice=68.e4
[  503.680077][ T5875] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  503.725275][ T5875] usb 4-1: Product: 敧闸虵漊ꇗ뀳꿥뎟傃ᕟޣ莌궺烰泵나伶￈㎯㴓↘ᰯ욪즲⽸痦軂ዮ劽꿪
[  503.752651][ T5875] usb 4-1: Manufacturer: ꐽ覮᱔ꄋ櫑캩裃㡀땢ኵꏴ裤英⭢櫇黃鸥匧葰쮻뜻ᦏꊤ奣ͫ簉豤㼓昔샵캒筽ᱍꆠ㈮鳲ꙿ૪夎왎鮴耊ᱬ辰睞惺ȷ㩘ᥜ᥯蛗邒⧮淕䇘薸軸ꯧ㊱旅⎘靽ﰘ嬊뉝肄듋켠膕ѣ꫋⬼앷낵墌ᷔ筐夆螊煭鸖
[  503.984541][T11292] ubi0: attaching mtd0
[  503.988748][T11292] ubi0 error: ubi_attach_mtd_dev: bad VID header (8454144) or data offsets (8454208)
[  504.010225][ T5875] usb 4-1: SerialNumber: 孬⎖㊵捱됽裝距⾡ꑴ侺슐㵩ꥳㆇ눙৅뛭卜ᙯ収Ჾ뼹郺才驫뛖콵蕲ﴍ 㦌὞婔惷㘻䤒⥻ꍌ┟苒醳踂坮햤Ꚗ祈ᬺ缵䁉졓梦
[  504.727600][ T5875] option 4-1:2.181: GSM modem (1-port) converter detected
[  504.835426][ T5875] option 4-1:2.212: GSM modem (1-port) converter detected
[  504.858648][ T5875] usb 4-1: USB disconnect, device number 9
[  504.901536][ T5875] option 4-1:2.181: device disconnected
[  504.912825][ T5875] option 4-1:2.212: device disconnected
[  509.327625][T11359] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5)
[  509.334188][T11359] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  509.341953][T11359] vhci_hcd vhci_hcd.0: Device attached
[  509.483757][T11359] vhci_hcd vhci_hcd.0: pdev(0) rhport(1) sockfd(7)
[  509.490277][T11359] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  509.508243][T11359] vhci_hcd vhci_hcd.0: Device attached
[  510.159420][ T5875] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  510.203483][T11362] vhci_hcd: connection closed
[  510.203807][T11366] vhci_hcd: connection closed
[  510.213761][   T52] vhci_hcd: stop threads
[  510.222806][   T52] vhci_hcd: release socket
[  510.227599][   T52] vhci_hcd: disconnect device
[  510.247848][   T52] vhci_hcd: stop threads
[  510.252205][   T52] vhci_hcd: release socket
[  510.256916][   T52] vhci_hcd: disconnect device
[  510.274683][   T25] vhci_hcd: vhci_device speed not set
[  510.333525][ T5875] usb 3-1: Using ep0 maxpacket: 8
[  510.395541][ T5875] usb 3-1: config 2 has an invalid interface number: 181 but max is 3
[  510.486731][ T5875] usb 3-1: config 2 has an invalid interface number: 86 but max is 3
[  510.714128][ T5875] usb 3-1: config 2 has an invalid interface number: 7 but max is 3
[  510.753574][ T5875] usb 3-1: config 2 has an invalid interface number: 107 but max is 3
[  510.761956][ T5875] usb 3-1: config 2 has an invalid interface number: 212 but max is 3
[  510.771896][ T5875] usb 3-1: config 2 has an invalid descriptor of length 235, skipping remainder of the config
[  510.788854][ T5875] usb 3-1: config 2 has 5 interfaces, different from the descriptor's value: 4
[  510.803296][ T5875] usb 3-1: config 2 has no interface number 0
[  510.840298][ T5875] usb 3-1: config 2 has no interface number 1
[  510.847656][ T5875] usb 3-1: config 2 has no interface number 2
[  510.862190][ T5875] usb 3-1: config 2 has no interface number 3
[  510.890319][ T5875] usb 3-1: config 2 has no interface number 4
[  510.902036][ T5875] usb 3-1: config 2 interface 181 altsetting 9 endpoint 0x7 has invalid maxpacket 1024, setting to 64
[  510.918368][ T5875] usb 3-1: config 2 interface 181 altsetting 9 endpoint 0x3 has invalid maxpacket 1024, setting to 64
[  510.929726][ T5875] usb 3-1: config 2 interface 181 altsetting 9 has a duplicate endpoint with address 0x7, skipping
[  510.940746][ T5875] usb 3-1: config 2 interface 181 altsetting 9 has a duplicate endpoint with address 0x6, skipping
[  510.951747][ T5875] usb 3-1: config 2 interface 181 altsetting 9 has 5 endpoint descriptors, different from the interface descriptor's value: 6
[  510.965131][ T5875] usb 3-1: too many endpoints for config 2 interface 86 altsetting 56: 100, using maximum allowed: 30
[  510.976413][ T5875] usb 3-1: config 2 interface 86 altsetting 56 has 1 endpoint descriptor, different from the interface descriptor's value: 100
[  510.989998][ T5875] usb 3-1: config 2 interface 7 altsetting 255 has a duplicate endpoint with address 0x3, skipping
[  511.000873][ T5875] usb 3-1: config 2 interface 212 altsetting 0 has a duplicate endpoint with address 0x6, skipping
[  511.011805][ T5875] usb 3-1: config 2 interface 212 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  511.024921][ T5875] usb 3-1: config 2 interface 181 has no altsetting 0
[  511.032043][ T5875] usb 3-1: config 2 interface 86 has no altsetting 0
[  511.038873][ T5875] usb 3-1: config 2 interface 7 has no altsetting 0
[  511.045644][ T5875] usb 3-1: config 2 interface 107 has no altsetting 0
[  511.540870][ T5875] usb 3-1: Dual-Role OTG device on HNP port
[  511.561515][ T5875] usb 3-1: New USB device found, idVendor=1a8d, idProduct=1008, bcdDevice=68.e4
[  511.758373][ T5875] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  511.920303][ T5875] usb 3-1: Product: 敧闸虵漊ꇗ뀳꿥뎟傃ᕟޣ莌궺烰泵나伶￈㎯㴓↘ᰯ욪즲⽸痦軂ዮ劽꿪
[  511.959651][ T5875] usb 3-1: Manufacturer: ꐽ覮᱔ꄋ櫑캩裃㡀땢ኵꏴ裤英⭢櫇黃鸥匧葰쮻뜻ᦏꊤ奣ͫ簉豤㼓昔샵캒筽ᱍꆠ㈮鳲ꙿ૪夎왎鮴耊ᱬ辰睞惺ȷ㩘ᥜ᥯蛗邒⧮淕䇘薸軸ꯧ㊱旅⎘靽ﰘ嬊뉝肄듋켠膕ѣ꫋⬼앷낵墌ᷔ筐夆螊煭鸖
[  511.988326][ T5875] usb 3-1: SerialNumber: 孬⎖㊵捱됽裝距⾡ꑴ侺슐㵩ꥳㆇ눙৅뛭卜ᙯ収Ჾ뼹郺才驫뛖콵蕲ﴍ 㦌὞婔惷㘻䤒⥻ꍌ┟苒醳踂坮햤Ꚗ祈ᬺ缵䁉졓梦
[  512.707178][ T5875] option 3-1:2.181: GSM modem (1-port) converter detected
[  512.738841][ T5875] option 3-1:2.212: GSM modem (1-port) converter detected
[  512.774696][ T5875] usb 3-1: USB disconnect, device number 13
[  512.810459][T11390] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  512.818318][ T5875] option 3-1:2.181: device disconnected
[  512.844411][ T5875] option 3-1:2.212: device disconnected
[  514.210548][T11415] libceph: resolve '
[  514.210548][T11415] -&���f�Y�ǝ�a���2i�
[  514.210548][T11415] .���?��&�*��&' (ret=-3): failed
[  514.272962][T11414] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR
[  514.710531][T11426] ubi0: attaching mtd0
[  514.724880][T11426] ubi0 error: ubi_attach_mtd_dev: bad VID header (8454144) or data offsets (8454208)
[  515.973922][T11449] tipc: Started in network mode
[  515.978992][T11449] tipc: Node identity 101, cluster identity 4711
[  515.993555][T11449] tipc: Node number set to 257
[  516.008812][T11449] tipc: Cannot configure node identity twice
[  516.268524][T11456] raw_sendmsg: syz.3.1447 forgot to set AF_INET. Fix it!
[  518.656048][T11474] libceph: resolve '
[  518.656048][T11474] -&���f�Y�ǝ�a���2i�
[  518.656048][T11474] .���?��&�*��&' (ret=-3): failed
[  518.913515][    C1] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN NOPTI
[  518.926316][    C1] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
[  518.934722][    C1] CPU: 1 UID: 0 PID: 11469 Comm: syz.0.1450 Not tainted 6.12.0-rc6-syzkaller-00005-g557329bcecc2 #0
[  518.945471][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  518.955515][    C1] RIP: 0010:llc_conn_state_process+0xa14/0x14c0
[  518.961765][    C1] Code: 8b 98 a0 01 00 00 e8 fb c0 74 f8 45 84 e4 0f 84 85 08 00 00 e8 0d bf 74 f8 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e a3 09 00 00 48 8b 44 24 08 c7
[  518.981396][    C1] RSP: 0018:ffffc90000a18bd0 EFLAGS: 00010246
[  518.982757][T11470] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_tx_wq": -EINTR
[  518.987459][    C1] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff8918bc35
[  518.987479][    C1] RDX: 0000000000000000 RSI: ffffffff8918bc43 RDI: 0000000000000001
[  518.987491][    C1] RBP: ffff888034832140 R08: 0000000000000001 R09: 0000000000000000
[  518.987504][    C1] R10: 0000000000000002 R11: 0000000000000000 R12: 0000000000000002
[  518.987516][    C1] R13: ffffffff8c9f5190 R14: ffff888066f7c000 R15: ffffffff8c9f5140
[  518.987530][    C1] FS:  00007f4f952a26c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
[  518.987554][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  518.987569][    C1] CR2: 0000001b2fb12ff8 CR3: 0000000028d48000 CR4: 00000000003526f0
[  518.987583][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  518.987597][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  519.075715][    C1] Call Trace:
[  519.078975][    C1]  <IRQ>
[  519.081797][    C1]  ? die_addr+0x3b/0xa0
[  519.085940][    C1]  ? exc_general_protection+0x155/0x230
[  519.091470][    C1]  ? asm_exc_general_protection+0x26/0x30
[  519.097176][    C1]  ? llc_conn_state_process+0x9f5/0x14c0
[  519.102809][    C1]  ? llc_conn_state_process+0xa03/0x14c0
[  519.108883][    C1]  ? llc_conn_state_process+0xa14/0x14c0
[  519.114521][    C1]  llc_conn_tmr_common_cb+0x452/0x8e0
[  519.119912][    C1]  call_timer_fn+0x1a0/0x610
[  519.124493][    C1]  ? __pfx_llc_conn_ack_tmr_cb+0x10/0x10
[  519.130133][    C1]  ? __pfx_call_timer_fn+0x10/0x10
[  519.135245][    C1]  ? __pfx_lock_release+0x10/0x10
[  519.140269][    C1]  ? mark_held_locks+0x9f/0xe0
[  519.145012][    C1]  ? __pfx_llc_conn_ack_tmr_cb+0x10/0x10
[  519.150629][    C1]  ? __pfx_llc_conn_ack_tmr_cb+0x10/0x10
[  519.156264][    C1]  __run_timers+0x6e8/0x930
[  519.160756][    C1]  ? __pfx___run_timers+0x10/0x10
[  519.165765][    C1]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  519.171393][    C1]  ? rcu_is_watching+0x12/0xc0
[  519.176195][    C1]  ? lock_acquire+0x2f/0xb0
[  519.180717][    C1]  ? run_timer_base+0x109/0x190
[  519.185578][    C1]  run_timer_base+0x111/0x190
[  519.190251][    C1]  ? __pfx_run_timer_base+0x10/0x10
[  519.195449][    C1]  run_timer_softirq+0x1a/0x40
[  519.200215][    C1]  handle_softirqs+0x213/0x8f0
[  519.204982][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  519.210269][    C1]  irq_exit_rcu+0xbb/0x120
[  519.214680][    C1]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  519.220314][    C1]  </IRQ>
[  519.223230][    C1]  <TASK>
[  519.226147][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  519.232135][    C1] RIP: 0010:_raw_spin_unlock_irqrestore+0x31/0x80
[  519.238547][    C1] Code: f5 53 48 8b 74 24 10 48 89 fb 48 83 c7 18 e8 a6 d2 44 f6 48 89 df e8 be 4f 45 f6 f7 c5 00 02 00 00 75 23 9c 58 f6 c4 02 75 37 <bf> 01 00 00 00 e8 e5 58 36 f6 65 8b 05 f6 11 de 74 85 c0 74 16 5b
[  519.258144][    C1] RSP: 0018:ffffc9000300f7f8 EFLAGS: 00000246
[  519.264200][    C1] RAX: 0000000000000002 RBX: ffff88801234e1c0 RCX: 1ffffffff2dce5ca
[  519.272161][    C1] RDX: 0000000000000000 RSI: ffffffff8b6cd040 RDI: ffffffff8bd1b2c0
[  519.280123][    C1] RBP: 0000000000000286 R08: 0000000000000001 R09: fffffbfff2dc5b9e
[  519.288170][    C1] R10: ffffffff96e2dcf7 R11: 0000000000000000 R12: 0000000000000002
[  519.296127][    C1] R13: ffff88801234e200 R14: ffff88801234dba8 R15: ffff88801234e028
[  519.304095][    C1]  __unix_dgram_recvmsg+0x32a/0xe50
[  519.309296][    C1]  ? __pfx___unix_dgram_recvmsg+0x10/0x10
[  519.315012][    C1]  ? __pfx___lock_acquire+0x10/0x10
[  519.320204][    C1]  ? find_held_lock+0x2d/0x110
[  519.324963][    C1]  ? __might_fault+0x13b/0x190
[  519.329726][    C1]  unix_dgram_recvmsg+0xd0/0x110
[  519.334664][    C1]  ____sys_recvmsg+0x5f8/0x6b0
[  519.339428][    C1]  ? __pfx_____sys_recvmsg+0x10/0x10
[  519.344711][    C1]  ? kfree+0x274/0x4b0
[  519.348771][    C1]  ? __pfx___lock_acquire+0x10/0x10
[  519.353962][    C1]  ___sys_recvmsg+0x115/0x1a0
[  519.358626][    C1]  ? __pfx____sys_recvmsg+0x10/0x10
[  519.363812][    C1]  ? find_held_lock+0x2d/0x110
[  519.368573][    C1]  ? lock_acquire+0x2f/0xb0
[  519.373060][    C1]  ? __pfx___might_resched+0x10/0x10
[  519.378337][    C1]  ? __might_fault+0xe3/0x190
[  519.383035][    C1]  do_recvmmsg+0x2ba/0x750
[  519.387444][    C1]  ? __pfx_do_recvmmsg+0x10/0x10
[  519.392388][    C1]  ? do_user_addr_fault+0xdc7/0x13f0
[  519.397671][    C1]  ? reacquire_held_locks+0x20b/0x4c0
[  519.403031][    C1]  ? do_futex+0x123/0x350
[  519.407357][    C1]  ? __x64_sys_futex+0x1e1/0x4c0
[  519.412290][    C1]  __x64_sys_recvmmsg+0x239/0x290
[  519.417310][    C1]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  519.422846][    C1]  do_syscall_64+0xcd/0x250
[  519.427339][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  519.433245][    C1] RIP: 0033:0x7f4f9457e719
[  519.437644][    C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  519.457241][    C1] RSP: 002b:00007f4f952a2038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  519.465645][    C1] RAX: ffffffffffffffda RBX: 00007f4f94736058 RCX: 00007f4f9457e719
[  519.473605][    C1] RDX: 0000000000010106 RSI: 00000000200000c0 RDI: 0000000000000005
[  519.481561][    C1] RBP: 00007f4f945f139e R08: 0000000000000000 R09: 0000000000000000
[  519.489519][    C1] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000
[  519.497563][    C1] R13: 0000000000000000 R14: 00007f4f94736058 R15: 00007fff170b2d28
[  519.505546][    C1]  </TASK>
[  519.508723][    C1] Modules linked in:
[  519.512660][    C1] ---[ end trace 0000000000000000 ]---
[  519.518138][    C1] RIP: 0010:llc_conn_state_process+0xa14/0x14c0
[  519.524487][    C1] Code: 8b 98 a0 01 00 00 e8 fb c0 74 f8 45 84 e4 0f 84 85 08 00 00 e8 0d bf 74 f8 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e a3 09 00 00 48 8b 44 24 08 c7
[  519.544160][    C1] RSP: 0018:ffffc90000a18bd0 EFLAGS: 00010246
[  519.550248][    C1] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff8918bc35
[  519.558256][    C1] RDX: 0000000000000000 RSI: ffffffff8918bc43 RDI: 0000000000000001
[  519.566258][    C1] RBP: ffff888034832140 R08: 0000000000000001 R09: 0000000000000000
[  519.574266][    C1] R10: 0000000000000002 R11: 0000000000000000 R12: 0000000000000002
[  519.582256][    C1] R13: ffffffff8c9f5190 R14: ffff888066f7c000 R15: ffffffff8c9f5140
[  519.590284][    C1] FS:  00007f4f952a26c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
[  519.599264][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  519.605888][    C1] CR2: 0000001b2fb12ff8 CR3: 0000000028d48000 CR4: 00000000003526f0
[  519.613940][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  519.621920][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  519.630037][    C1] Kernel panic - not syncing: Fatal exception in interrupt
[  519.637448][    C1] Kernel Offset: disabled
[  519.641755][    C1] Rebooting in 86400 seconds..