last executing test programs:

13.944463192s ago: executing program 3 (id=1793):
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'bridge_slave_1\x00'})
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000540)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_disconnect(r0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000ac0)=ANY=[], 0x19c}}, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='blkio.bfq.io_merged\x00', 0x275a, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="180100001700000000000000a54b0000850000007500000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @fallback=0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000000c0)='signal_generate\x00', r5}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000480)='rpcgss_bad_seqno\x00', r5, 0x0, 0x1000}, 0x18)
mq_timedreceive(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
write$cgroup_subtree(r4, &(0x7f0000000100)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r4, 0x0)
getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r3, 0x84, 0x72, &(0x7f0000000200)={0x0, 0xf8, 0x10}, &(0x7f0000000240)=0xc)
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f00000000c0)={0xc})
ioctl$EVIOCGMASK(r1, 0x5b03, 0x0)
read$char_usb(r1, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x4)
r6 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r6}, &(0x7f00000002c0)=<r7=>0x0)
timer_settime(r7, 0x0, &(0x7f0000000280), 0x0)
r8 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
sendmmsg$sock(r8, &(0x7f0000000780)=[{{&(0x7f0000000380)=@l2tp6={0xa, 0x0, 0x7, @dev={0xfe, 0x80, '\x00', 0x2c}, 0xffffffff, 0x3}, 0x80, 0x0}}, {{&(0x7f0000000700)=@generic={0x29, "614c06bbfd6e6b14be0221900c10288e41ad012d4d8b480c79331b4d9c1b2bd2dfa03978e2b856f30cde619287b5449ec9f9e54e290863aadee8ffd47f18ea906d006a6c6166d4ca2adaa8165eeb5afe8407d7d332d2409562fd2179b696ee2e48f77da7073a39c0c67d97efbf2f7933a5a2e59f947c7bf01357c1ea6cb6"}, 0x80, 0x0}}, {{&(0x7f0000000400)=@isdn={0x22, 0xe1, 0xfb, 0xf9, 0x3}, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000600)="73924e44351c277e0d26c7e606bc264fbd4c4544481396b55f5a9ccbc2043202336e180420f24fe669b53d4cdc06d135106cb5b82fea3447c1f1a76b7310874331bf8b67222efbb8dc96783ae18fcbb1c8e785ed4f8b861965c13d04da3f6b46aeb97a9a707665dbce1a74518dc11e72d0ed7b2f3948474f4cb1f6c05c357d4ac5bb5c8473ea94431955c588e07bf3a47c2b277c2436fd844e5164faadf87a3742a76f856f64b4b6e20beece4c61cf654634569655220b5973c3cfe2726f4496c09a65223365d823ba84248c553a305a17a18d975f8988de17bd1099e2bd8d4d50e8", 0xe2}], 0x1, &(0x7f0000000480)}}], 0x3, 0x44)
socket$kcm(0x10, 0x2, 0x0)
bind$bt_hci(r4, &(0x7f0000000040)={0x1f, 0x2, 0x6}, 0x6)
socket$kcm(0x10, 0x2, 0x0)

10.372665432s ago: executing program 3 (id=1807):
pipe2$watch_queue(&(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80)
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESOCT], 0x0)
r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bind$bt_l2cap(r1, &(0x7f00000001c0)={0x1f, 0x0, @none, 0xffff}, 0xe)
connect$bt_l2cap(r3, &(0x7f0000000240)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe)
preadv(r2, 0x0, 0x0, 0x2, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x20)
close_range(r0, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000100)={0x20071026}, &(0x7f0000000140)={0x8})
r5 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
r6 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r6, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='./file0/file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x89101a, 0x0)
mount$bind(&(0x7f00000000c0)='.\x00', &(0x7f0000000080)='./file0/file0\x00', 0x0, 0x42001, 0x0)
umount2(&(0x7f0000000100)='./file0/file0\x00', 0xb)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r5, 0xc0285700, &(0x7f0000000080)={0x0, "4fcb813dd28b42bee2b094a3de6dbfd30a74457bcd1cfd5feffe5c019f45d57f", <r7=>0xffffffffffffffff})
ioctl$SYNC_IOC_MERGE(r7, 0xc0303e03, &(0x7f0000000180)={"b645563c45bcc7e181fad43c40fc603ebaf6ab65a29e23546aad0281b3aff5eb", r7})
r8 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r8, 0xffffffffffffffff, 0x0)
r9 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r10 = fcntl$dupfd(r9, 0x0, r9)
read$snapshot(r10, 0x0, 0xffffffbf)
read$FUSE(r10, 0x0, 0x0)

8.317092168s ago: executing program 3 (id=1816):
r0 = syz_io_uring_setup(0xb62, &(0x7f00000000c0)={0x0, 0x5c6, 0x800, 0x1, 0x201}, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000002180)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f0000000300)=@IORING_OP_WRITEV={0x2, 0x14, 0x4007, @fd, 0x6, &(0x7f0000000680)=[{0x0}, {0xfffffffffffffffd}], 0x2, 0x1, 0x1})
io_uring_enter(r0, 0x47ba, 0x0, 0x0, 0x0, 0x0)

7.696776995s ago: executing program 2 (id=1819):
r0 = gettid()
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r2, 0x6, 0x1e, &(0x7f0000000400)=0x400000001, 0x4)
setsockopt$inet6_tcp_int(r2, 0x6, 0x2000000000000022, &(0x7f0000000140)=0x1, 0x4)
connect$inet6(r2, &(0x7f0000000100)={0xa, 0x0, 0xfffffffd, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
io_setup(0x6, &(0x7f0000000680)=<r3=>0x0)
io_submit(r3, 0x1, &(0x7f0000000040)=[&(0x7f0000000000)={0x180a, 0x0, 0x3, 0x1, 0x0, r2, 0x0, 0x3}])
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1c, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r4, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
rt_sigtimedwait(&(0x7f0000000080)={[0x3ff]}, 0x0, 0x0, 0x8)
tkill(r0, 0x7)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001e00)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff4070000000000000480000000000e1ff95000000000000002ba7e1d30cb599e83f040000f300000000bd01212fb56f040026fbfefc41056bd8174b79ed317142fa9ea4158123751c5c652fbc1626cca2a2ad75806150ae0209e62f51ee988e6e06c8206ac6939fc404000000c788b277be1cb79b0a4dcf23d410f6accd3641110bec4e90a634199e07f8f6eb968f200e011ea665c45a3449abe802f5ab3e89cf6cfdffffffb8580218ce740068720000074e8b1715807ea0ca469e46968eea3fd2f73902ebcfcf49822775985bf313405b367e81c700000040000000000000000000005335000000143ea70c2ab40c7cb70c943a6d60d7c4900282e147d08e0af4b29df814f5691db43a5c00000004000000000089faff01210cce39bf405f1e846c12423a164a33e680846f26ad03dd65873d9f87463ad6f7c2e8ee1a39244960b318778f2a047f6d5bc24fef5d7d6155102b1ced1e8019e63c850af895abba14f6fbd7fb5e2a431ab914040000000000010092c9f4609646b6c5c29647d2f950a959cf9938d6dfcb8ed2cbdc2ba9d580609e31c3fa90812a533ce206e7e57a79d6fce424c2200af6c7784a1975fa807de38a3a61e44a9ecab19bdfb15a32a4fd67ce446adb431d07db79240acaf091231b986e77d05d988d6efdffdf48dca02113a38300cabf2b5543ffc166955709009e000000000061629d1822f720ec23812770d72c700a44e113d17088fdd00600000f7889b8c7044f56ff030000000000006cd4970400cac6f45a6922ded2e29514af463f747c08f4010586903500000000000000000000be34cf652e28e700000000000000b24478a78a0f9d640dd782ac0cbc46903243d0d0f4bc7f253d0500000032daaf281c450e64c33aac8ff7e7d1c94c450503009688b008c370494f6734b771546d9552d3bb2da0d000000000000000009125c97f0000f5e1671bc5eb7739daa7820a91cb0e732df2ae1d39c747e00a4fbfe8942fa859cd28bdaa1509309926c77fbcb15ec58b42b4cbaf5a6b649dd5f13cd776e6c7c4b5c4b0de20e033b378553ead4c8cc530b62c36364e6505992209bdbc6203da7a3797246a6adef071102f0aa2c40095ddd05176f5cb8bd99e1ba0f9568f3e3876bba7bf973334e7919a080000000000000004fb996ad919f7e9672ce107000000ad882f2aead166c94500be902ee7dabc768eb9ec13e434aae9df81ecaf5f744f22f2e45afe2c9e8632276cffe5f1fc215c0797d0244cf1ce269d10525745caaa3f77d1b80116cb9a384002421d898913c45a9ac091a0116f4693133138583da5e10b434697b0443b7b4ddfb3ace29e16e5a881336aad0974269a1025e2a9a135c045a17e9a61c3b064e679508af1aec2926627b43bba1229a7466bdca64f514b7911458da09fe8681916d408d753226a83ae2434ccd3fc508216aea86833030f569d61dc998620fcf4eeb92e7bc511df63c53b82514493b8f3c74f44ba184d40e87612024da1a1ebe316923865f037c01d71b5de81121046d84b18acb5cbea7eecad9b6dd46ed83515cd911e0e5f00019be25b5910a3193e90be231a05fd82e6003969c3f081ff1d0eb50a04d14644234828cbb5aaa0ece702abdd425fa25ae04a2315c89064df633700000000d9e5953ea67310993d01000000000000003ac753358791b1490273ca535e05b11d815237743a5b79ad45de2a3c91257f02c2f30f5513662809073710937ed0055b238f466e1442f8ec7a5b394228035039ceeb452dca75f9ff5332b4c4777a58a0aa9a821667c68549e9da89ad4218cea744b332ab232a09cf1ec375627074ce2d3d7619936768a84a1465fff4eedba55955434f132ab7b8840558b3f918d675a79907a72a8252cd3fbaea5d3006a03507838231a335ae759ed25534f2e90a7def4b3d4af7fd47ab1a701e4b7a7dfc1d12775ed0a31bc7b5855880aa767e68196c7aa5ac115724b6cb8fcebb67719eccd87b06b38566cf61ad2f307a79d2ce9801837bf0bd3af0271de700eef2795d28cb0017000000000000000000e052d93194121b774d21a0317d0346078400004652c769fd3d3e661a2fb511164f1502ab2ac4eb3f19c042163e0bdb88b82de384a8055e8b1e24294b0546cce481ff5618b7b9585dbb64d66debf219fa479abf22f3d64fe82e466ea6f27859946e72f80bb1c9cfcde57b79625e2979fe689a5a246cbbdf6ad488f43f46b2536f175f46dfb27d522946727024de0c59ca3305e66825715e5e4cd5b54c1b05c09f04337a76a30373baac3ecec91fd546eb7c32dbecb18a308a0004be94dfab28c2a51dc856df00000000000000000000dfa4c12254f041804f7f7074356789b1d4dd55f3e045a48241a4ce04d06acb2cf11eab759ba78da5d00f26126d4cf2c73e5f94030000000000000000000000c301985d603403592486204054be3fdda91f9e315886941928e5a8bc1a00e69a98c0a8f7192f6ee93cc4124cf4e7610915efc08c834a44e1d685d6835a40b5bc615949cbcd98d0e68d7eef5d32d5fcc7923d7544fa492aa38717481c55e86dcd7816ad8940bd1995369d89ae6eadeb9117e8b94ab422c8d62fc9dfffeb13b4858875dccdbc89572231ef5d6df6a9c55f8df763c7c64da7cc017e1ef90ed4cb9fe6d19b11d4d38239d318016e622b9683b7e46be64dc097982e23462392a0cd05afb2e060fd42ef00dfbd057311aab94f307d10c7a1af0d8e5a0fcb547475d13c0000000000000000f1cc97103d714d1af45790517c4a0f5c6a5024e3359e8d83e3f6edf9e2afb5ab59c7b2b45cfb0a3c1303a98e4ed531ac11cca1cd744b431de74c7cd6533adaa8ec749061b2959d53da626aa189781dc1be4d5c81aebc0cada819895b377d6cf0a7878ba99864ae84464744c605646caf2e06b13eba7ba10acf77d91b2297e9573abb0a4da534d735a223626402b308daf7835780fa6f4e410000000000fb00000000000000000000b14952139bd4bdbccc5e334c49584655c4fce8c5bb7c54664aef6d78429d358aa54b4b49926c4be9ee4659153d9f9f5d07cc4efdab2c5f4503148d0255d0b748366dafe042d78479c21d832e1431ed6d646d13e8e7230300920a5642bbed1dee9b46b6f02e572024ccf3c8edd82660e5d74c52be71d780c300000000d0267ac40d1130a9000000000045f50812a1a0530b02baed19f4c977ac0d397ed6371ec589bf5943690250bdfa5b676d5d53d2ab3aeee1a6910c1a33b6c06c93386768f8b1bb27ec31cffbd4f5c7b0c2e14e4fc6c2f089ab08567254e93780afdddefb3f0d2143ad73c0bf2467859049d46dc5aa91f918a307e7dcaaccd6cbe66e8a04d201392a487f681f82528a800e27d65200ae10e1b5d39a29d8a2c8ed2dfa77e21249b45806733e674a9e8e72ad1cb0d3bfadb00a18a5008ea1e4c8fb93d311f52a476c576a3f65c9bdd4e4b870aed4cb9906a8aa25986e6e30be249d9911114b42b2fb51168e56000a62b794c193f7797ebeb7f8b91c70b6e720af06ecfcfb89a2d5a25f"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000540)={r5, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000380)="b9e403c6630d698cb8a00b04339c", 0x0, 0x7ec, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
mlockall(0x3)
r6 = socket(0x10, 0x3, 0x0)
getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r7=>0x0}, &(0x7f0000cab000)=0xc)
setuid(r7)
io_setup(0x202, &(0x7f0000000200))
r8 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="1b0000000000000000000000f7c2000000000000800bb70ddac4991ce08d6a83b40f8b67122bd2efcc1960eeedfcd363c2176968c5f2be3cade0185553973ac8fb00d59b32521d0b837cd70c2acc95d6219cc5425c3f130c32d87d23c659bd83ac73a390a55e87ed63f113700144c1248507059885bcbbc569ff39b96ee8c5df475af040b3038f7dbbe7d148910c7de247", @ANYRES32=0x1, @ANYBLOB="001000"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0400"/28], 0x50)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r6, 0x89f0, &(0x7f0000000180)={'erspan0\x00', &(0x7f00000000c0)={'syztnl1\x00', <r9=>0x0, 0x40, 0x7, 0x800, 0x2, {{0x1e, 0x4, 0x2, 0x0, 0x78, 0x67, 0x0, 0x1, 0x2f, 0x0, @broadcast, @loopback, {[@generic={0x89, 0x7, "0a427f5130"}, @lsrr={0x83, 0xb, 0x75, [@multicast1, @multicast1]}, @lsrr={0x83, 0x1b, 0xf9, [@initdev={0xac, 0x1e, 0x0, 0x0}, @multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, @remote, @multicast2]}, @noop, @lsrr={0x83, 0x23, 0xd5, [@multicast2, @multicast2, @empty, @multicast2, @broadcast, @rand_addr=0x64010100, @dev={0xac, 0x14, 0x14, 0x39}, @dev={0xac, 0x14, 0x14, 0x3a}]}, @lsrr={0x83, 0x13, 0x9b, [@remote, @initdev={0xac, 0x1e, 0x0, 0x0}, @rand_addr=0x64010100, @empty]}]}}}}})
pipe(&(0x7f0000000040)={<r10=>0xffffffffffffffff})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r11=>0xffffffffffffffff})
splice(r10, 0x0, r11, 0x0, 0x25a5, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="f02995338f9751b9d0749370477407cb1e000000", @ANYRES32=r8, @ANYBLOB="0100"/20, @ANYRES32=r9, @ANYRES32, @ANYBLOB="0100000003000000040000000400000000000000", @ANYRES32=r10, @ANYBLOB='\x00\x00\x00\x00'], 0x50)
readv(0xffffffffffffffff, 0x0, 0x0)

7.627208763s ago: executing program 3 (id=1820):
r0 = socket$packet(0x11, 0x3, 0x300)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
utimes(0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_io_uring_setup(0x71e5, &(0x7f0000000140)={0x0, 0x8c92, 0x40, 0x7, 0x20b}, &(0x7f0000000080), &(0x7f00000001c0)=<r2=>0x0)
r3 = io_uring_setup(0x1de0, &(0x7f0000000440))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r3, 0x1b, 0x20000002, r4)
syz_io_uring_submit(0x0, r2, &(0x7f0000000200)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x1, 0x2000, @fd=r1, 0xa, 0x0, 0x0, 0x1, 0x1, {0x2, r4}})
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), r1)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r6=>0x0})
syz_usb_connect(0x0, 0x17f, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000b2c6d9400a1a0201b17a0102030109026d0101000000000904000004b76cea000a240100000002010208240800000000c90624060000e705240000000d240f0100000000000000000007241400000600bc241300231ffb4f78aae041c5f916dc54ea75ab53091576f793d10faf992cbf1f8241debae05c0b9479da7f36e008bd521df9096b"], 0x0)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
syz_emit_ethernet(0x86, &(0x7f0000000480)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x50, 0x3a, 0x0, @remote, @local, {[], @pkt_toobig={0x8, 0x2, 0x0, 0x0, {0x0, 0x6, "000810", 0x0, 0x11, 0x0, @mcast1, @private2, [@dstopts={0x0, 0x0, '\x00', [@ra={0x5, 0x11, 0x1}]}], "fb36eeca6fad50b375a22a584d16ca55"}}}}}}}, 0x0)
setsockopt$inet6_MCAST_MSFILTER(r7, 0x29, 0x30, 0x0, 0x210)
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000000c0)=ANY=[@ANYBLOB="98030000", @ANYRES16=r5, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r6, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff080211000001bae9ee14d4284d73c826d8bce62cb84c8b765cbac71c46bc4718", @ANYRES16=r1], 0x398}}, 0x0)

6.7691298s ago: executing program 0 (id=1825):
r0 = socket(0x23, 0x805, 0x0)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x1a}, 0x10}, 0x1c)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @private2}, 0x1c)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x4, 0xe, &(0x7f0000000bc0)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x43, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000100), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'batadv0\x00'})
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wg2\x00'})
syz_genetlink_get_family_id$team(0x0, 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x141e000000000000, 0x0, 0x0)
keyctl$clear(0x7, 0x0)
r2 = socket$inet6(0xa, 0x802, 0x0)
setsockopt$inet6_buf(r2, 0x29, 0x39, &(0x7f0000000040)="ff0204000000000100000000000000000000000000000205", 0x18)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x15, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x5, 0x0, 0x7, 0x9, 0x0, 0x2, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9, 0xfe00}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x0, 0x2}, {0x3, 0x0, 0x6, 0xa, 0x9, 0xfe04, 0xe1}, {0x7, 0x1, 0xb, 0x7, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x9}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, @sk_reuseport, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000500)={r4, 0xe0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000140)=[0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd8, 0x8, 0x0, 0x0}}, 0x10)
r5 = openat$cuse(0xffffffffffffff9c, &(0x7f0000001f80), 0x2, 0x0)
write$FUSE_NOTIFY_DELETE(r5, &(0x7f0000001fc0)=ANY=[@ANYBLOB="450000000600"/15], 0x45)
sendto$inet6(r2, 0x0, 0x0, 0x40, &(0x7f0000000040)={0xa, 0x4e20, 0x1, @empty, 0x400000}, 0x1c)

6.447252648s ago: executing program 0 (id=1827):
r0 = syz_open_dev$video4linux(&(0x7f0000000000), 0x401, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(r0, 0xc0305602, &(0x7f0000000040)={0xe7, 0x8})

6.237400282s ago: executing program 0 (id=1830):
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x60)
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
setns(r1, 0x24020000)
syz_clone(0x1f2506000, 0x0, 0x16, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

6.166533639s ago: executing program 1 (id=1832):
r0 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000000)=0x20)
mmap$dsp(&(0x7f0000ff9000/0x2000)=nil, 0x2000, 0x100000f, 0x11, r0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x800000001, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x1)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$packet(0x11, 0x2, 0x300)
setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x1, &(0x7f0000000040)=0x91, 0x4)
socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000240), 0x48040, 0x0)
preadv(r2, &(0x7f0000001300)=[{&(0x7f0000019880)=""/102380, 0x18fec}, {0x0}, {&(0x7f0000000e40)=""/190, 0xbe}, {0x0}, {0x0}, {&(0x7f0000001100)=""/217, 0xd9}], 0x6, 0x5, 0xfffffff8)

5.394834655s ago: executing program 2 (id=1834):
r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000016c0), 0x20840, 0x0)
ioctl$SOUND_MIXER_READ_VOLUME(r0, 0x40086603, &(0x7f0000000040)) (fail_nth: 2)

5.135505607s ago: executing program 0 (id=1835):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200130002000000da16c167d803f1f805000600200000000a00060000000000ff0000000000000000001ffeff0001000003f1dc7f7c6e7c0200010000000000004000020000000005000500000000000a"], 0x80}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400008a, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000340)={0x0, r1}, 0x8)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
sendmsg$key(r0, &(0x7f0000000000)={0x9, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x2, 0x9, 0x0, 0x9, 0x2, 0x0, 0x0, 0x25dfdbff}, 0x10}}, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000740), 0x0, 0x0)
pselect6(0x40, &(0x7f0000000000)={0x100, 0x779, 0x401, 0x2, 0xa, 0x2, 0x3, 0x8}, &(0x7f0000000040)={0xcc0f, 0x10001, 0x1, 0xb, 0x2, 0x9, 0x5, 0x917}, &(0x7f0000000080)={0x5, 0x2, 0xf, 0x8, 0x2, 0x26, 0x401, 0x4}, &(0x7f00000000c0)={0x0, 0x3938700}, &(0x7f0000000140)={&(0x7f0000000100)={[0xf]}, 0x8})
ioctl$SYNC_IOC_MERGE(0xffffffffffffffff, 0xc0303e03, &(0x7f0000000180)={"cf44f9a5ee5791a549fd3a79a7b4e744809063891bba0664b5289b914c609cbb", 0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f00000001c0)={0x2000, "a5cc960b41717577f5dc7dc6ed97b338d6036a23640b29a88521bc2e0e6f4cd3", <r5=>0xffffffffffffffff})
ioctl$SYNC_IOC_MERGE(r4, 0xc0303e03, &(0x7f0000000200)={"49bab03ef491d7d2e129cc10a269708184e1c49f747331515aa3d0c7014dd0df", r5})
ioctl$SNDCTL_DSP_SUBDIVIDE(r3, 0xc0045009, &(0x7f0000000780)=0x8001)
ioctl$SYNC_IOC_FILE_INFO(r5, 0xc0383e04, &(0x7f0000000300)={""/32, 0x0, 0x0, 0x2, 0x0, &(0x7f0000000240)=[{}, {}]})

5.112657025s ago: executing program 1 (id=1836):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=@newqdisc={0xf0, 0x24, 0x800, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0xb, 0xfff3}, {0xfff1, 0x3}, {0xd, 0xe}}, [@TCA_STAB={0x21, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0xb, 0x58, 0x1, 0xffffff03, 0x4, 0x6, 0x3, 0x9}}, {0x16, 0x2, [0x6, 0x7, 0x0, 0x2, 0x3, 0x5, 0x24c, 0xf001, 0xe0]}}, {{0x1c, 0x1, {0xb, 0x6, 0x2, 0x1, 0x0, 0x7, 0x6, 0x3}}, {0xa, 0x2, [0x6, 0x7, 0x6]}}, {{0x1c, 0x1, {0x7, 0x6, 0x8000, 0x46dd, 0x1, 0x9, 0xc, 0x7}}, {0x12, 0x2, [0x7fff, 0xa3, 0x6, 0x0, 0xb007, 0x3cb6, 0x2f3]}}]}, @qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x3, 0xffffffc0, 0x1}}}}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x2}, @TCA_RATE={0x6, 0x5, {0x75, 0x6}}, @TCA_STAB={0x4b}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x4}]}, 0xf0}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
add_key$keyring(&(0x7f00000003c0), 0x0, 0x0, 0x0, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_io_uring_setup(0x10d, &(0x7f0000000400)={0x0, 0xd3b2, 0x200, 0x0, 0x90}, &(0x7f00000001c0), &(0x7f0000000380))
r3 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r3, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB, @ANYRES32=r4, @ANYBLOB="0000000000000000b702000020000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
r5 = landlock_create_ruleset(&(0x7f0000000040)={0x10, 0x2, 0x2}, 0x18, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r5, 0x1, &(0x7f00000001c0)={0x802, r4}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r6 = getpid()
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)

4.749054203s ago: executing program 2 (id=1837):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=@newtaction={0x70, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x5c, 0x1, [@m_tunnel_key={0x58, 0x1, 0x0, 0x0, {{0xf}, {0x28, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0x0, 0x0, 0x700}, 0x1}}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0x3, @empty}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x70}}, 0x0)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0)
sendmsg$BATADV_CMD_GET_GATEWAYS(r1, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000080)={&(0x7f0000000100)={0x48, 0x0, 0x20, 0x70bd28, 0x25dfdbfb, {}, [@BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x1}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @local}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x8b}]}, 0x48}, 0x1, 0x0, 0x0, 0x40}, 0x4000011)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x15, &(0x7f0000000200)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b7080000000000047b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000100850000000100000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000006d00000095"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = socket$pptp(0x18, 0x1, 0x2)
bind$pptp(r2, &(0x7f0000000000)={0x18, 0x2, {0x0, @local}}, 0x1e)
connect$pptp(r2, &(0x7f0000000080)={0x18, 0x2, {0x0, @broadcast}}, 0x1e)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f00000015c0), 0x0, 0x0)
ioctl$PPPIOCATTCHAN(r3, 0x40047438, &(0x7f0000000040)=0x1)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(0x0, r8)
r9 = socket$kcm(0xa, 0x3, 0x3a)
sendmsg$kcm(r9, &(0x7f0000000080)={&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @loopback={0x0, 0xac14140c}, 0xff000000}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000140)="8bcd", 0xffe3}], 0x1, 0x0, 0x0, 0x900}, 0x60)
ioctl$PPPIOCSFLAGS1(r3, 0x40047459, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="4800000010001fff0000056800080000faff0000", @ANYRES32=0x0, @ANYBLOB="c30c424700000000280012800a00010076786c616e00000018000280140010", @ANYRES8=0x0, @ANYBLOB="fe"], 0x48}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x0)

4.718004634s ago: executing program 0 (id=1838):
r0 = socket(0x23, 0x805, 0x0)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x1a}, 0x10}, 0x1c)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @private2}, 0x1c)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x4, 0xe, &(0x7f0000000bc0)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x43, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000100), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'batadv0\x00'})
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wg2\x00'})
syz_genetlink_get_family_id$team(0x0, 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x141e000000000000, 0x0, 0x0)
keyctl$clear(0x7, 0x0)
r2 = socket$inet6(0xa, 0x802, 0x0)
setsockopt$inet6_buf(r2, 0x29, 0x39, &(0x7f0000000040)="ff0204000000000100000000000000000000000000000205", 0x18)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x15, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x5, 0x0, 0x7, 0x9, 0x0, 0x2, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9, 0xfe00}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x0, 0x2}, {0x3, 0x0, 0x6, 0xa, 0x9, 0xfe04, 0xe1}, {0x7, 0x1, 0xb, 0x7, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x9}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, @sk_reuseport, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000500)={r4, 0xe0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000140)=[0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd8, 0x8, 0x0, 0x0}}, 0x10)
r5 = openat$cuse(0xffffffffffffff9c, &(0x7f0000001f80), 0x2, 0x0)
write$FUSE_NOTIFY_DELETE(r5, &(0x7f0000001fc0)=ANY=[@ANYBLOB="450000000600"/15], 0x45)
sendto$inet6(r2, 0x0, 0x0, 0x40, &(0x7f0000000040)={0xa, 0x4e20, 0x1, @empty, 0x400000}, 0x1c)

4.716366451s ago: executing program 3 (id=1839):
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, 0x0, 0x1a3)
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f00020000000905050200de7e001009058b1e20"], 0x0)
r1 = socket$inet_sctp(0x2, 0x800000000000001, 0x84)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r2, &(0x7f0000000100)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r2, 0x0)
setsockopt$inet_sctp_SCTP_RTOINFO(r1, 0x84, 0x0, 0x0, 0x0)
r3 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r3, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
r4 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc)=<r5=>0x0)
timer_settime(r5, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
ioperm(0x0, 0x7, 0x7)
prctl$PR_SET_IO_FLUSHER(0x43, 0x1)
prctl$PR_SET_IO_FLUSHER(0x43, 0x0)
listen(r3, 0x8)
r6 = accept4(r3, 0x0, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r6, 0x84, 0x1f, 0x0, &(0x7f0000000040))
syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r7 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$FS_IOC_GETVERSION(r7, 0xc0145b0d, 0x0)

3.489719155s ago: executing program 2 (id=1840):
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r1 = fcntl$dupfd(r0, 0x0, r0)
write$tun(r1, &(0x7f0000000800)=ANY=[@ANYBLOB="0101c008ff0308"], 0x24d) (fail_nth: 2)

3.488674902s ago: executing program 4 (id=1841):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff}, 0x111}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f00000002c0)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f0000000280)=0x1, r1, 0x0, 0x2, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, 0x0, 0x0)

3.250210105s ago: executing program 4 (id=1842):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000140)={'batadv0\x00', <r2=>0x0})
sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f0000004340)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)={0x1c, r1, 0x331, 0x70bd2d, 0xa6ff, {0xb}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r2}]}, 0x1c}}, 0x0)

3.17086743s ago: executing program 1 (id=1843):
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000180)={0x0, 0xd000})
ioctl$KVM_NMI(r4, 0xae9a)
prctl$PR_SET_THP_DISABLE(0x29, 0x8)
r5 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x1000002, 0x4018831, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f0000000180)="5e73663bf4082f7c6cbecbf09d6dd7be5a06dfd64563f329c16f799d1836bfc45a7badc8faed24bb77c848723a43602d1fe0d236c062e105ec77ffd00fb243c3111dda42112650cc", 0x0, 0xfe2a)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r6 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000), 0x72d000, 0x0)
ioctl$SOUND_MIXER_READ_VOLUME(r6, 0x40086603, &(0x7f0000000040))
sendmsg$NFNL_MSG_ACCT_GET_CTRZERO(r2, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000400)={0xf8, 0x2, 0x7, 0x401, 0x0, 0x0, {0xb, 0x0, 0x4}, [@NFACCT_FILTER={0x4c, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x10000}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x1}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0xfff}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0xffff3808}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x7}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x9b}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x3}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0xf914}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x6}]}, @NFACCT_FILTER={0x3c, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x24ea}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x101}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x9494}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x1}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x3}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x9b7}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x2}]}, @NFACCT_PKTS={0xc, 0x2, 0x1, 0x0, 0x6}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x2}, @NFACCT_PKTS={0xc, 0x2, 0x1, 0x0, 0xfffffffffffffff8}, @NFACCT_FILTER={0x34, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x4}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0xc}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0xf}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x4}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x8}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x9}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}]}, 0xf8}, 0x1, 0x0, 0x0, 0x20040841}, 0x12)

3.16614878s ago: executing program 2 (id=1844):
socket$kcm(0x29, 0x2, 0x0)
r0 = syz_open_dev$video(&(0x7f0000000580), 0x7, 0x0)
ioctl$VIDIOC_TRY_EXT_CTRLS(r0, 0xc0205648, &(0x7f0000000080)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000200)={0x980912, 0x0, '\x00', @string=0x0}})
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff}, 0x13f}}, 0x20)
r3 = socket(0x2, 0x80805, 0x0)
ioctl$sock_inet6_tcp_SIOCINQ(r3, 0x541b, &(0x7f0000000400))
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$fou(&(0x7f0000000540), 0xffffffffffffffff)
sendmsg$FOU_CMD_ADD(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r6, @ANYBLOB="010002000000ea40427f003c00000100001c0500040001002000"], 0x1c}}, 0x0)
sendmsg$FOU_CMD_ADD(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=ANY=[@ANYBLOB="24000047e43235c45dfbf79ab85b0104e36c2970057260c3061a3913270c4e112ab2322a3d55333a0d01", @ANYRES16=r6, @ANYBLOB="01000000000000000000010000000500040001000000050002000a000000"], 0x24}, 0x1, 0x0, 0x0, 0x20040091}, 0x4000)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r1, &(0x7f0000000140)={0x15, 0x110, 0xfa00, {r2, 0x0, 0x30, 0x30, 0x0, @in6={0x1b, 0x0, 0x0, @empty}, @ib={0x1b, 0x0, 0x0, {"0e000000000000000000000004000001"}}}}, 0x118)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x8000, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x2)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x7, 0x13, r9, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="1400026e00"], 0x14}}, 0x0)
ioctl$KVM_SET_REGS(r9, 0x4090ae82, &(0x7f0000000480)={[0x3, 0x5, 0x25c, 0x0, 0x5, 0x1c00000, 0x4, 0x4, 0xfffffffff7fffffa, 0x0, 0x4, 0x0, 0x6, 0x4, 0x0, 0xffffffffffffffff], 0x4000, 0x65201})
ioctl$KVM_RUN(r9, 0xae80, 0x0)
write$RDMA_USER_CM_CMD_LISTEN(r1, &(0x7f0000000340)={0x7, 0x8, 0xfa00, {r2}}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r10 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r10, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r11=>0xffffffffffffffff, <r12=>0xffffffffffffffff})
connect$unix(r11, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r12, &(0x7f0000000000), 0x651, 0x0)

3.160040956s ago: executing program 4 (id=1845):
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@bloom_filter={0x1e, 0x0, 0x6, 0x9, 0x0, 0x1, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x7, @void, @value, @void, @value}, 0x50)
bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x3)
syz_open_dev$I2C(&(0x7f0000000040), 0x0, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, 0x0, 0x0)
shmctl$IPC_RMID(0x0, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ptrace$setregs(0xf, r0, 0x2, &(0x7f0000000200)="ec927915dcc3c743c488a56f2ce92f0ba46cea04c150a009339f984733e36ca49270bc04144480c234490a272005a5af12f470068b390bdcf5b886131982334cb1b828865b01f4ec21471efc7530163bb1ce027ce10e7426cde44e3a90e2e82445b8398a86c245bd0859a5d31535f02a2984de871968e72f4828fc3c2e0672e599d14352973b50bd97d44aa033cb145bd38083259cf81c70bf800a03837cc26bf0087ddbcb0e81f9")
r3 = shmget$private(0x0, 0x2000, 0x200, &(0x7f0000ffe000/0x2000)=nil)
shmctl$IPC_INFO(r3, 0x3, &(0x7f0000019340)=""/161)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000140)=0x7)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000080)=0xff)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IPT_SO_SET_REPLACE(r4, 0x9003000000000000, 0x40, &(0x7f0000000b40)=@raw={'raw\x00', 0x2, 0x3, 0x2c8, 0x0, 0x178, 0x178, 0x178, 0x178, 0x230, 0x230, 0x230, 0x230, 0x230, 0x3, 0x0, {[{{@uncond, 0x0, 0x158, 0x178, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'kmp\x00', "d9d9e63590ab5471c46924e95540949f0cd7e2b0a94d71d9d944acb7f0a1297674a95b30cee19db4c1725572ba928385b1635c89b58ae9a0e1ea500b26f006da3fa8a134552f7980e92de5a784cd4f46e799e191835d7d5ea776f04bef524e22f0bb6ed4b00f44ceb936943e13fa1caa6b4b159c673db1efa9a08b1ddc74ce6c", 0x43, 0x3}}, @common=@inet=@socket3={{0x28}, 0x51}]}, @unspec=@NOTRACK={0x20}}, {{@uncond, 0x0, 0x98, 0xb8, 0x0, {}, [@common=@inet=@set2={{0x28}}]}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x328)

2.73197349s ago: executing program 0 (id=1846):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x40080000000008b}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0)
ioctl$TUNGETFILTER(r1, 0x801054db, 0x0)
r2 = socket(0x40000000015, 0x5, 0x40001)
r3 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000d5e9bd40eb030200c0ba050000010902115c01000000000904000001b504b100090581"], 0x0)
syz_usb_control_io$hid(r3, 0x0, &(0x7f0000000580)={0x2c, &(0x7f0000000c80)=ANY=[], 0x0, 0x0, 0x0, 0x0})
ftruncate(0xffffffffffffffff, 0x8800000)
mremap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x3000, 0x7, &(0x7f0000ff3000/0x3000)=nil)
syz_usb_control_io(r3, 0x0, &(0x7f0000000ac0)={0x84, &(0x7f0000000680)={0x40, 0x12, 0x4, "b7a32401"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
bind$inet(r2, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x57)
sendmsg$xdp(r2, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x20004000)
iopl(0x3)
recvmmsg(r2, 0x0, 0x0, 0x2, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0)
prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000ffc000/0x4000)=nil)
mprotect(&(0x7f0000ffc000/0x4000)=nil, 0x4004, 0x5)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r4 = add_key$user(&(0x7f0000000200), &(0x7f0000000580)={'syz', 0x3}, &(0x7f0000000400)="f4", 0x1, 0xfffffffffffffffe)
r5 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000040)={r4, r5, r5}, &(0x7f00000002c0)=""/250, 0xfa, &(0x7f00000001c0)={&(0x7f0000000080)={'nhpoly1305-generic\x00'}})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f0000000300)={'wg0\x00', &(0x7f0000000380)=@ethtool_eee={0x25, 0x1ff, 0x80000000, 0x9, 0x2, 0x7f, 0xa9, 0x800, [0x1, 0x7a]}})

2.135395881s ago: executing program 1 (id=1847):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c)
sendto$inet6(r1, &(0x7f0000000500)="a4", 0x34000, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)
close(r1)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prlimit64(0x0, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r5 = add_key$keyring(&(0x7f0000000340), &(0x7f00000004c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r5, &(0x7f0000000240)='asymmetric\x00', &(0x7f0000000500)=@chain)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f00000000c0)={'syz', 0x0}, &(0x7f0000000100)={0x1, 0x0, @c}, 0x29, r5)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000340), r6)
sendmsg$IEEE802154_SCAN_REQ(r6, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14, r7, 0x1, 0x70bd2a, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x4008010)

1.968542464s ago: executing program 4 (id=1848):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x1, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
ioprio_set$pid(0x1, 0x0, 0x4000)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0)

1.411058064s ago: executing program 2 (id=1849):
r0 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000280)=ANY=[@ANYBLOB="1201fb0019030320d8120100792002ec000109021b0001000003000904000001785ecc00090585020004"], 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff, @void, @value}, 0x94)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x1, 0x803, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001900)=@newlink={0x58, 0x10, 0xf11, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1b, 0x1f}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r3}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x58}, 0x1, 0x0, 0x0, 0x4000004}, 0x0)
r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$SMC_PNETID_ADD(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)={0x2c, r0, 0x1, 0x0, 0x0, {}, [@SMC_PNETID_NAME={0x9, 0x1, 'syz0\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz1\x00'}]}, 0x2c}}, 0x0)
r5 = add_key$user(&(0x7f00000003c0), &(0x7f0000000080)={'syz', 0x3}, &(0x7f00000000c0)='R', 0x1, 0xfffffffffffffffd)
r6 = add_key$user(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x1}, &(0x7f0000000200)='e', 0x1, 0xfffffffffffffffe)
r7 = add_key$user(&(0x7f0000000240), &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="60cd153f5954e3b7cefddfbed84b91d3d9a9fd43dd92f43358ada528c9975f6a54460d82bfed69629ca866d8c96bcfa57faa0d6331c47570853a59d9c3a0115e550c32a738277dac34c4f099d5baf5375003b36317e98386e681a1aa460047b346ce5323723800283a5bbb1414629063c33634e02855543b4c7c8959c4bcba5fd364f3ef6f17ea7ff6abd4c5f19a620098fcac44ba30b9fa29c34e67aef6f4d42ed06c8f61c9e9094c5d46e8e24bce13d71a1f0c09dbc7b73a7ad36e7f288650", 0xc0, 0xfffffffffffffffe)
keyctl$dh_compute(0x17, &(0x7f0000000100)={r5, r6, r7}, &(0x7f0000000140)=""/245, 0xf5, &(0x7f0000000340)={&(0x7f0000000280)={'sm3\x00'}})
sendmsg$SMC_PNETID_DEL(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000400)=ANY=[@ANYBLOB="14000000", @ANYRES16=r0, @ANYBLOB="270e29bd700000000000040702004aa598784a592c73e8436f888b7d2bd0b74bb47ff0446e184fa5a118d811a967c88fd1f191cc5d4906596477661774033dd50e6fb6bc3c04d9b720211dfd5a88d5eebf463657738f3bc1b8da3e1ab5d8813abcecc6d0e5a770899092ea85465e250c853f1ce0465b40e482f9d62ec5ec8355e3bab14d582152495a6c5b6936f1555fde25341125b5e9cae6836a5b566bddd145b935507793209289c81968fbdbe81fc781be92eb000a926921d80d38d2edc9"], 0x14}, 0x1, 0x40030000000000, 0x0, 0x2000084}, 0x8810)
r8 = socket$inet6_icmp(0xa, 0x2, 0x3a)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f00000000c0)={'wlan0\x00'})
mkdir(&(0x7f0000000040)='./file0\x00', 0x102)

1.363739217s ago: executing program 4 (id=1850):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
r1 = openat$binfmt(0xffffffffffffff9c, 0x0, 0x41, 0x1ff)
write$binfmt_elf64(r1, &(0x7f0000000080)=ANY=[@ANYRES16=r0, @ANYRES16=r0, @ANYRES16=r0, @ANYRES16=r0], 0x78)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'vcan0\x00', <r2=>0x0})
sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x4091, 0x0, 0x0)
syz_open_procfs(0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x5)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f00000001c0)={0x5813}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4010}, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$ITER_CREATE(0x21, &(0x7f0000000180)={r3}, 0x8)
sched_setaffinity(0x0, 0x0, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc040}, 0x4044051)
request_key(&(0x7f0000000000)='asymmetric\x00', &(0x7f0000000040)={'syz', 0x1}, &(0x7f0000000080)='\x00', 0xffffffffffffffff)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0)
futex(&(0x7f000000cffc), 0xc, 0x1, &(0x7f0000000000), &(0x7f0000048000)=0x1, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYRESOCT=r2, @ANYRESHEX=r2, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00ab6400"/16], 0x48)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0x15, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000fcffffff000000008000000018150000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000002e00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000200000085000000a600000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000001000000850000008200000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
close(r4)
pipe2$watch_queue(&(0x7f0000000040), 0x80)
execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0)

980.556915ms ago: executing program 1 (id=1851):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=@newtaction={0x70, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x5c, 0x1, [@m_tunnel_key={0x58, 0x1, 0x0, 0x0, {{0xf}, {0x28, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0x0, 0x0, 0x700}, 0x1}}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0x3, @empty}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x70}}, 0x0)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0)
sendmsg$BATADV_CMD_GET_GATEWAYS(r1, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000080)={&(0x7f0000000100)={0x48, 0x0, 0x20, 0x70bd28, 0x25dfdbfb, {}, [@BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x1}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @local}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x8b}]}, 0x48}, 0x1, 0x0, 0x0, 0x40}, 0x4000011)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x15, &(0x7f0000000200)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b7080000000000047b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000100850000000100000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000006d00000095"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = socket$pptp(0x18, 0x1, 0x2)
bind$pptp(r2, &(0x7f0000000000)={0x18, 0x2, {0x0, @local}}, 0x1e)
connect$pptp(r2, &(0x7f0000000080)={0x18, 0x2, {0x0, @broadcast}}, 0x1e)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f00000015c0), 0x0, 0x0)
ioctl$PPPIOCATTCHAN(r3, 0x40047438, &(0x7f0000000040)=0x1)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(0x0, r8)
r9 = socket$kcm(0xa, 0x3, 0x3a)
sendmsg$kcm(r9, &(0x7f0000000080)={&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @loopback={0x0, 0xac14140c}, 0xff000000}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000140)="8bcd", 0xffe3}], 0x1, 0x0, 0x0, 0x900}, 0x60)
ioctl$PPPIOCSFLAGS1(r3, 0x40047459, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="4800000010001fff0000056800080000faff0000", @ANYRES32=0x0, @ANYBLOB="c30c424700000000280012800a00010076786c616e00000018000280140010", @ANYRES8=0x0, @ANYBLOB="fe"], 0x48}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x0)

198.122102ms ago: executing program 3 (id=1852):
syz_clone3(0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
open(0x0, 0x48141, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r3, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="b4050000200080006110600000000000c60000000000000095000000000000009f33ef60916e6e893f1eeb0be20000d072f5b89c3043c47c896ce0bc8731fa595b6b4d45ef26dcca5582054d54d53cd2b6db714e4b94bdae214fa68a0557eb3c5ca683a4b6fc89398f2b9000f224891060017c4700de60beac671e8e8fdecb03588aa6007e71f871ab5c2ff88afc6002084e5b52710aeee835cf0d78e45f70983826fb8579c1fb47d2c5553d2ccb5fc5b51fe6b174ebd9907dcff414ed55b0d18a93ee341ab59016f81860324b800300000000000092d9c5fe34ccb80a61ffcb3363073fd8962823ee45f5d7394e9510f4a801efdf008499d7aca1afac6c702cfabe8a9c55c8dafcdb110036e14c1035cafdfef6a358cbfadb3579a285580a3c080d4e0a48d7bdc38a0437c8c1b3aa408a"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r5 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f00000003c0)=ANY=[@ANYRES32=r5, @ANYRES32=r4, @ANYBLOB="2600000000000000000000000a53acffd6273ae9e9369faf336425513865a14f", @ANYRES32, @ANYRES64=0x0], 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000a80)={r5, &(0x7f0000000940), 0x0}, 0x20)
clock_settime(0x0, &(0x7f0000003c80)={0x77359400})
ustat(0xfffffffeffffffff, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000003700)=ANY=[@ANYBLOB="4400000010003b150000000000", @ANYBLOB="0000000000000000240012"], 0x44}}, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYBLOB="9feb0100180000000000000024000017f82677000000000000000900000000030000009c020000000200000000004db69d690021000000050000000000001bd869b59363b3ea69f36369100f5419eb334869845394409076035e15fa150f573f8ef2db905cfd8b3f5efa06ed3d7a965332d54c39ec3e22154c39"], 0x0, 0x3e, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)

141.084992ms ago: executing program 4 (id=1853):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'nhpoly1305-avx2\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="8a", 0x440)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmsg$nl_netfilter(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000000e07010125bd7000fcdbdf25000000434bcaf80dd4ae0e3a65db2cfdce96ff7d45b6bdd28ee042b9ffb6293d637111f12d9479d06afb2bb0e392753fc034f5a690d1ae29538a1cfa3bf0b67dbac09a2ab48486f07d5e0ae05830e39c978e0d982b3358cceae1f5aa572839e31b910e9a050e79d1552f42978996802a50fef8f3dad0c369cf5dd994e294af9d8c36d8e983971451a22d4f436209ffc04ec93ec30737f2dbd355665a599d54c0039349a11573e9143c"], 0xffffff70}, 0x1, 0x0, 0x0, 0x20005080}, 0x80)
syz_open_dev$hidraw(&(0x7f0000000080), 0x0, 0x418000)
r2 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000090000082502000000000000000109025c00020100f92a0904000001020900000524060001053408fa6e0d240f0100000000000d000a0006471a010000190581"], 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_usb_disconnect(r2)
r3 = syz_open_dev$usbfs(&(0x7f0000000240), 0xb, 0x101301)
r4 = dup(r3)
fanotify_mark(r4, 0x2, 0x40001002, r4, &(0x7f0000000100)='./file0\x00')
ioctl$USBDEVFS_DROP_PRIVILEGES(r4, 0x4004551e, &(0x7f0000000000)=0x7)
ioctl$USBDEVFS_IOCTL(r3, 0xc0105512, &(0x7f0000000200))
r5 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$sock_linger(r5, 0x1, 0x3c, &(0x7f0000000100)={0x200000000000001}, 0x8)
sendmmsg$inet6(r5, &(0x7f0000000200)=[{{&(0x7f00000002c0)={0xa, 0x4e22, 0x1000003f, @mcast2, 0xd}, 0x1c, 0x0}}], 0x1, 0x4040884)
syz_usb_connect$uac1(0x1, 0x8a, &(0x7f0000000240)=ANY=[@ANYBLOB="12015002000000406b1d0101400001cf2a9edc8e018c3c76da06eced0203010902780003010000390904000000010100000a24010100090201020904010000010200000904010101010200000905010910008001080725010009000109040200000102000009040201010102000012240202ff010200070eec72bc8f6778944f072401820700000905829a6ae697c4e14dce23896020be4bb031c9c7dffe492f2253a1d7226cf2739bc41e0914728009b5c4a51ef8507b82ddb766a731"], 0x0)

0s ago: executing program 1 (id=1854):
syz_clone3(0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
open(0x0, 0x48141, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r3, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="b4050000200080006110600000000000c60000000000000095000000000000009f33ef60916e6e893f1eeb0be20000d072f5b89c3043c47c896ce0bc8731fa595b6b4d45ef26dcca5582054d54d53cd2b6db714e4b94bdae214fa68a0557eb3c5ca683a4b6fc89398f2b9000f224891060017c4700de60beac671e8e8fdecb03588aa6007e71f871ab5c2ff88afc6002084e5b52710aeee835cf0d78e45f70983826fb8579c1fb47d2c5553d2ccb5fc5b51fe6b174ebd9907dcff414ed55b0d18a93ee341ab59016f81860324b800300000000000092d9c5fe34ccb80a61ffcb3363073fd8962823ee45f5d7394e9510f4a801efdf008499d7aca1afac6c702cfabe8a9c55c8dafcdb110036e14c1035cafdfef6a358cbfadb3579a285580a3c080d4e0a48d7bdc38a0437c8c1b3aa408a"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r5 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f00000003c0)=ANY=[@ANYRES32=r5, @ANYRES32=r4, @ANYBLOB="2600000000000000000000000a53acffd6273ae9e9369faf336425513865a14f", @ANYRES32, @ANYRES64=0x0], 0x10) (fail_nth: 2)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000a80)={r5, &(0x7f0000000940), 0x0}, 0x20)
clock_settime(0x0, &(0x7f0000003c80)={0x77359400})
ustat(0xfffffffeffffffff, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000003700)=ANY=[@ANYBLOB="4400000010003b150000000000", @ANYBLOB="0000000000000000240012"], 0x44}}, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYBLOB="9feb0100180000000000000024000017f82677000000000000000900000000030000009c020000000200000000004db69d690021000000050000000000001bd869b59363b3ea69f36369100f5419eb334869845394409076035e15fa150f573f8ef2db905cfd8b3f5efa06ed3d7a965332d54c39ec3e22154c39"], 0x0, 0x3e, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)

kernel console output (not intermixed with test programs):

rb error = -90
[  478.890633][ T5816] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  478.912880][ T5816] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0
[  478.925552][ T5816] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input33
[  479.080746][T10784] usb 5-1: new high-speed USB device number 42 using dummy_hcd
[  479.103042][ T5816] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  479.143479][ T5816] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  479.174152][ T5816] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  479.211013][ T5816] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  479.241101][ T5816] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  479.250696][T10784] usb 5-1: Using ep0 maxpacket: 16
[  479.267991][T10784] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  479.315448][T10784] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  479.328704][T10784] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  479.339298][T10784] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  479.349714][ T5816] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  479.357310][T10784] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  479.370596][ T5816] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  479.379336][T10784] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  479.389512][T10784] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  479.397914][ T5816] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  479.405939][T10784] usb 5-1: Manufacturer: syz
[  479.413665][T10784] usb 5-1: config 0 descriptor??
[  479.430619][ T5816] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  479.451032][ T5816] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  479.571500][ T5816] mceusb 2-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  479.876734][ T5816] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  479.915236][ T5816] usb 2-1: USB disconnect, device number 30
[  480.120842][T10784] rc_core: IR keymap rc-hauppauge not found
[  480.126909][T10784] Registered IR keymap rc-empty
[  480.135159][T10784] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  480.177794][T10784] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  480.221184][T10784] rc rc1: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc1
[  480.233646][T10784] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc1/input34
[  480.937707][T10784] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  480.962759][T10784] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  480.990831][T10784] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  481.021649][T10784] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  481.139539][T10784] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  481.174056][T10784] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  481.304553][T10784] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  481.330624][T10784] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  481.592363][T11353] xt_TPROXY: Can be used only with -p tcp or -p udp
[  482.102588][T10784] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  482.200562][T10784] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  482.231231][T10784] mceusb 5-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  482.240301][T10784] mceusb 5-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  482.373596][T10784] usb 5-1: USB disconnect, device number 42
[  483.192613][T11362] netlink: 168 bytes leftover after parsing attributes in process `syz.4.1509'.
[  485.463095][   T29] kauditd_printk_skb: 56 callbacks suppressed
[  485.463109][   T29] audit: type=1326 audit(1734071745.404:829): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11375 comm="syz.1.1514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f246f985d19 code=0x7fc00000
[  485.500654][   T29] audit: type=1326 audit(1734071745.404:830): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11375 comm="syz.1.1514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f246f985d19 code=0x7fc00000
[  485.643870][T11386] syz.3.1515: attempt to access beyond end of device
[  485.643870][T11386] loop3: rw=0, sector=2, nr_sectors = 1 limit=0
[  485.650567][   T29] audit: type=1326 audit(1734071745.404:831): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11375 comm="syz.1.1514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f246f985d19 code=0x7fc00000
[  485.710006][   T29] audit: type=1326 audit(1734071745.404:832): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11375 comm="syz.1.1514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f246f985d19 code=0x7fc00000
[  485.710527][T11386] hfs: can't find a HFS filesystem on dev loop3
[  486.026881][T11396] netlink: 188 bytes leftover after parsing attributes in process `syz.0.1516'.
[  486.079441][T11396] netlink: 'syz.0.1516': attribute type 1 has an invalid length.
[  486.136350][T11393] netlink: 188 bytes leftover after parsing attributes in process `syz.2.1517'.
[  486.175381][T11393] netlink: 'syz.2.1517': attribute type 1 has an invalid length.
[  486.440643][T11401] syz.4.1520: attempt to access beyond end of device
[  486.440643][T11401] loop4: rw=0, sector=2, nr_sectors = 1 limit=0
[  486.464249][T11401] hfs: can't find a HFS filesystem on dev loop4
[  486.490560][T10784] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[  486.710710][ T5825] usb 5-1: new high-speed USB device number 43 using dummy_hcd
[  486.730627][T10784] usb 4-1: Using ep0 maxpacket: 16
[  486.845350][T10784] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  486.880546][ T5825] usb 5-1: Using ep0 maxpacket: 16
[  486.880689][T10784] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  486.897075][ T5825] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  486.906737][T10784] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  486.910497][ T5825] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  486.927057][T10784] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  486.947493][T10784] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  486.972920][ T5825] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  487.000517][ T5825] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  487.010646][T10784] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  487.020437][ T5825] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  487.029855][T10784] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  487.051313][T10784] usb 4-1: Manufacturer: syz
[  487.131559][T10784] usb 4-1: config 0 descriptor??
[  487.194346][ T5825] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  487.203666][ T5825] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  487.211725][ T5825] usb 5-1: Manufacturer: syz
[  487.231193][ T5825] usb 5-1: config 0 descriptor??
[  488.020526][ T5825] rc_core: IR keymap rc-hauppauge not found
[  488.026827][ T5825] Registered IR keymap rc-empty
[  488.269292][T10784] rc_core: IR keymap rc-hauppauge not found
[  488.314104][T11421] xt_TPROXY: Can be used only with -p tcp or -p udp
[  488.987832][ T5825] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  489.003553][T10784] Registered IR keymap rc-empty
[  489.008497][T10784] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  489.010557][ T5825] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  489.036568][T10784] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  489.205892][ T5825] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0
[  489.208614][T11425] overlayfs: failed to resolve './bus': -2
[  489.218721][ T5825] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input35
[  489.241570][ T5825] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  489.258661][T10784] rc rc1: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc1
[  489.260848][ T5825] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  489.271069][T10784] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc1/input36
[  489.320598][ T5825] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  489.340541][ T5825] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  489.368271][ T5825] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  489.404643][T10784] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  489.582501][ T5825] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  489.616989][ T5825] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  489.643901][T10784] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  489.650539][ T5825] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  489.710744][ T5825] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  489.730925][ T5825] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  489.750755][T10784] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  489.758333][T10645] usb 1-1: new high-speed USB device number 30 using dummy_hcd
[  489.790091][T10784] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  489.828541][ T5825] mceusb 5-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  489.861890][T10784] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  489.993896][T10784] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  490.100578][T10784] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  490.100599][ T5825] mceusb 5-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  490.120647][T10784] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  490.150638][T10784] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  490.177124][T10784] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  490.184576][ T5825] usb 5-1: USB disconnect, device number 43
[  490.231937][T10645] usb 1-1: Using ep0 maxpacket: 16
[  490.243475][T10784] mceusb 4-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  490.243821][T10645] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  490.262842][T10645] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  490.273862][T10645] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  490.283780][T10645] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  490.328570][T10784] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  490.338097][T10645] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  490.354520][T10784] usb 4-1: USB disconnect, device number 32
[  490.386015][T10645] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  490.400837][T10645] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  490.409823][T10645] usb 1-1: Manufacturer: syz
[  490.712207][T10645] usb 1-1: config 0 descriptor??
[  490.738359][T11445] netlink: 168 bytes leftover after parsing attributes in process `syz.1.1530'.
[  491.670155][T10645] rc_core: IR keymap rc-hauppauge not found
[  491.680321][T10645] Registered IR keymap rc-empty
[  491.685330][T10645] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  491.710560][T10645] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  491.730562][T10784] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[  491.730876][T10645] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0
[  491.752045][T10645] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input37
[  491.773908][T10645] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  491.833621][T10645] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  491.860551][T10645] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  491.880719][T10645] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  491.900540][T10784] usb 4-1: Using ep0 maxpacket: 32
[  491.909266][T10784] usb 4-1: config 0 has no interfaces?
[  491.914859][T10784] usb 4-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7
[  491.924290][T10784] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  491.942940][T10645] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  491.953149][T10784] usb 4-1: config 0 descriptor??
[  491.990723][T10645] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  492.020728][T10645] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  492.040875][T10645] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  492.100553][T10645] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  492.241533][T10645] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  492.829087][T10645] mceusb 1-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  492.840722][T10645] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  492.896096][T10645] usb 1-1: USB disconnect, device number 30
[  494.354214][T11471] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  494.377856][ T5816] usb 4-1: USB disconnect, device number 33
[  494.596929][T11488] sp0: Synchronizing with TNC
[  494.610986][T11487] overlayfs: missing 'lowerdir'
[  494.657982][T11488] xt_socket: unknown flags 0x50
[  495.073541][T11490] netlink: 188 bytes leftover after parsing attributes in process `syz.4.1540'.
[  495.086532][T11490] netlink: 'syz.4.1540': attribute type 1 has an invalid length.
[  495.393188][T11499] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1544'.
[  497.667619][T11522] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1549'.
[  497.800999][T11523] xt_TPROXY: Can be used only with -p tcp or -p udp
[  498.865571][   T29] audit: type=1400 audit(1734071758.164:833): avc:  denied  { map } for  pid=11530 comm="syz.0.1551" path="/dev/binderfs/binder0" dev="binder" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  498.889369][   T29] audit: type=1400 audit(1734071758.164:834): avc:  denied  { map } for  pid=11530 comm="syz.0.1551" path="socket:[35950]" dev="sockfs" ino=35950 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1
[  499.452261][T11541] FAULT_INJECTION: forcing a failure.
[  499.452261][T11541] name failslab, interval 1, probability 0, space 0, times 0
[  499.495819][T11541] CPU: 0 UID: 0 PID: 11541 Comm: syz.1.1553 Not tainted 6.13.0-rc2-syzkaller-00130-g150b567e0d57 #0
[  499.506634][T11541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[  499.517142][T11541] Call Trace:
[  499.520433][T11541]  <TASK>
[  499.523363][T11541]  dump_stack_lvl+0x16c/0x1f0
[  499.528058][T11541]  should_fail_ex+0x497/0x5b0
[  499.532757][T11541]  ? fs_reclaim_acquire+0xae/0x150
[  499.537892][T11541]  should_failslab+0xc2/0x120
[  499.542580][T11541]  kmem_cache_alloc_node_noprof+0x72/0x3c0
[  499.548398][T11541]  ? __alloc_skb+0x2b1/0x380
[  499.553014][T11541]  __alloc_skb+0x2b1/0x380
[  499.557444][T11541]  ? __pfx___alloc_skb+0x10/0x10
[  499.562398][T11541]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  499.568392][T11541]  netlink_alloc_large_skb+0x69/0x130
[  499.573776][T11541]  netlink_sendmsg+0x689/0xd70
[  499.578550][T11541]  ? __pfx_netlink_sendmsg+0x10/0x10
[  499.583853][T11541]  ____sys_sendmsg+0xaaf/0xc90
[  499.588630][T11541]  ? copy_msghdr_from_user+0x10b/0x160
[  499.594101][T11541]  ? __pfx_____sys_sendmsg+0x10/0x10
[  499.599405][T11541]  ___sys_sendmsg+0x135/0x1e0
[  499.604094][T11541]  ? __pfx____sys_sendmsg+0x10/0x10
[  499.609305][T11541]  ? __pfx_lock_release+0x10/0x10
[  499.614316][T11541]  ? trace_lock_acquire+0x14e/0x1f0
[  499.619512][T11541]  ? __fget_files+0x206/0x3a0
[  499.624180][T11541]  __sys_sendmsg+0x16e/0x220
[  499.628762][T11541]  ? __pfx___sys_sendmsg+0x10/0x10
[  499.633880][T11541]  do_syscall_64+0xcd/0x250
[  499.638373][T11541]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  499.644253][T11541] RIP: 0033:0x7f246f985d19
[  499.648652][T11541] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  499.668247][T11541] RSP: 002b:00007f24706f0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  499.676646][T11541] RAX: ffffffffffffffda RBX: 00007f246fb75fa0 RCX: 00007f246f985d19
[  499.684603][T11541] RDX: 0000000000000000 RSI: 0000000020000340 RDI: 0000000000000003
[  499.692555][T11541] RBP: 00007f24706f0090 R08: 0000000000000000 R09: 0000000000000000
[  499.700508][T11541] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  499.708460][T11541] R13: 0000000000000000 R14: 00007f246fb75fa0 R15: 00007ffc7147e878
[  499.716425][T11541]  </TASK>
[  499.798752][T11543] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1554'.
[  500.199218][T11563] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1555'.
[  500.437143][T11565] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1558'.
[  501.360813][T10645] usb 1-1: new high-speed USB device number 31 using dummy_hcd
[  501.510824][T10645] usb 1-1: device descriptor read/64, error -71
[  501.601278][ T1292] ieee802154 phy0 wpan0: encryption failed: -22
[  501.607607][ T1292] ieee802154 phy1 wpan1: encryption failed: -22
[  501.860528][T10645] usb 1-1: new high-speed USB device number 32 using dummy_hcd
[  502.028257][   T29] audit: type=1400 audit(1734071761.964:835): avc:  denied  { lock } for  pid=11580 comm="syz.4.1563" path="socket:[35127]" dev="sockfs" ino=35127 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  502.357649][T10645] usb 1-1: device descriptor read/64, error -71
[  502.465485][T11584] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  502.505952][T10645] usb usb1-port1: attempt power cycle
[  503.729525][T11598] netlink: 188 bytes leftover after parsing attributes in process `syz.4.1567'.
[  503.780046][T11601] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1569'.
[  503.790627][T11598] netlink: 'syz.4.1567': attribute type 1 has an invalid length.
[  504.226675][T11610] sp0: Synchronizing with TNC
[  504.273169][T11610] xt_socket: unknown flags 0x50
[  505.170553][T10645] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  505.340658][T10645] usb 3-1: Using ep0 maxpacket: 16
[  505.414578][T10645] usb 3-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4
[  505.511261][T10645] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  505.588829][T11634] overlayfs: failed to resolve './bus': -2
[  505.914804][T10784] usb 1-1: new high-speed USB device number 34 using dummy_hcd
[  505.919685][T10645] usb 3-1: config 0 descriptor??
[  506.232519][T10645] gspca_main: sonixj-2.14.0 probing 0471:0327
[  506.390535][T10784] usb 1-1: Using ep0 maxpacket: 8
[  506.396959][T10784] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[  506.405636][T10784] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  506.415737][T10784] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  506.425529][T10784] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  506.436360][T10645] gspca_sonixj: reg_r err -32
[  506.436842][T10784] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  506.441451][T10645] sonixj 3-1:0.0: probe with driver sonixj failed with error -32
[  506.454250][T10784] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  506.471676][T10784] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  506.848899][T10784] usb 1-1: usb_control_msg returned -32
[  506.860694][T10784] usbtmc 1-1:16.0: can't read capabilities
[  507.025400][   T29] audit: type=1400 audit(1734071766.964:836): avc:  denied  { create } for  pid=11647 comm="syz.3.1580" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  507.046978][   T29] audit: type=1400 audit(1734071766.984:837): avc:  denied  { write } for  pid=11647 comm="syz.3.1580" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  507.070997][   T29] audit: type=1400 audit(1734071767.014:838): avc:  denied  { ioctl } for  pid=11647 comm="syz.3.1580" path="socket:[36115]" dev="sockfs" ino=36115 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  507.095606][    C0] vkms_vblank_simulate: vblank timer overrun
[  507.176995][T11655] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1582'.
[  507.339072][T11661] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[  507.405177][T10645] usb 3-1: USB disconnect, device number 27
[  508.428914][T10784] usb 1-1: USB disconnect, device number 34
[  508.915276][T11676] netlink: 148 bytes leftover after parsing attributes in process `syz.1.1585'.
[  508.960569][ T5816] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  509.530741][ T5816] usb 3-1: Using ep0 maxpacket: 32
[  509.547506][ T5816] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  509.558775][ T5816] usb 3-1: config 0 has no interfaces?
[  509.604139][ T5816] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  509.613558][ T5816] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  509.622849][ T5816] usb 3-1: Product: syz
[  509.631561][ T5816] usb 3-1: Manufacturer: syz
[  509.674103][ T5816] usb 3-1: SerialNumber: syz
[  509.694239][ T5816] usb 3-1: config 0 descriptor??
[  510.413886][ T2146] usb 3-1: USB disconnect, device number 28
[  510.700338][T11694] vivid-007: disconnect
[  510.897122][T11692] vivid-007: reconnect
[  510.980338][T11696] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1593'.
[  511.992049][   T29] audit: type=1400 audit(1734071771.934:839): avc:  denied  { read } for  pid=11706 comm="syz.3.1598" dev="nsfs" ino=4026533086 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  512.072455][   T29] audit: type=1400 audit(1734071771.954:840): avc:  denied  { open } for  pid=11706 comm="syz.3.1598" path="net:[4026533086]" dev="nsfs" ino=4026533086 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  512.241045][   T29] audit: type=1400 audit(1734071771.954:841): avc:  denied  { create } for  pid=11706 comm="syz.3.1598" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  512.261674][   T29] audit: type=1400 audit(1734071771.984:842): avc:  denied  { bind } for  pid=11706 comm="syz.3.1598" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  512.281559][   T29] audit: type=1400 audit(1734071771.984:843): avc:  denied  { create } for  pid=11706 comm="syz.3.1598" anonclass=[io_uring] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  512.311357][   T29] audit: type=1400 audit(1734071771.994:844): avc:  denied  { map } for  pid=11706 comm="syz.3.1598" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=35470 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  512.337942][   T29] audit: type=1400 audit(1734071771.994:845): avc:  denied  { read write } for  pid=11706 comm="syz.3.1598" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=35470 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  513.084847][T11723] overlayfs: failed to resolve './bus': -2
[  513.095833][   T29] audit: type=1400 audit(1734071771.994:846): avc:  denied  { create } for  pid=11706 comm="syz.3.1598" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  513.128057][T11716] can0: slcan on ttyS3.
[  513.130686][   T29] audit: type=1400 audit(1734071772.034:847): avc:  denied  { read } for  pid=5172 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[  513.194614][   T29] audit: type=1400 audit(1734071772.034:848): avc:  denied  { search } for  pid=5172 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  513.221666][   T29] audit: type=1400 audit(1734071772.034:849): avc:  denied  { append } for  pid=5172 comm="syslogd" name="messages" dev="tmpfs" ino=9 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  513.900986][T11716] can0 (unregistered): slcan off ttyS3.
[  514.778791][T11742] vivid-007: disconnect
[  515.213820][T11740] vivid-007: reconnect
[  517.159710][   T29] kauditd_printk_skb: 59 callbacks suppressed
[  517.159725][   T29] audit: type=1400 audit(1734071777.094:909): avc:  denied  { read } for  pid=11758 comm="syz.3.1609" name="event2" dev="devtmpfs" ino=928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  517.261172][   T29] audit: type=1400 audit(1734071777.154:910): avc:  denied  { open } for  pid=11758 comm="syz.3.1609" path="/dev/input/event2" dev="devtmpfs" ino=928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  517.324634][   T29] audit: type=1400 audit(1734071777.154:911): avc:  denied  { watch watch_reads } for  pid=11766 comm="syz.1.1611" path="/316/file1" dev="tmpfs" ino=1731 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  517.409640][   T29] audit: type=1400 audit(1734071777.254:912): avc:  denied  { read } for  pid=11763 comm="syz.2.1610" name="card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  517.490554][   T29] audit: type=1400 audit(1734071777.254:913): avc:  denied  { open } for  pid=11763 comm="syz.2.1610" path="/dev/dri/card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  517.548249][   T29] audit: type=1400 audit(1734071777.254:914): avc:  denied  { module_request } for  pid=11763 comm="syz.2.1610" kmod="net-pf-16-proto-16-family-" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  517.667554][   T29] audit: type=1400 audit(1734071777.314:915): avc:  denied  { ioctl } for  pid=11763 comm="syz.2.1610" path="socket:[35741]" dev="sockfs" ino=35741 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  517.696602][   T29] audit: type=1400 audit(1734071777.344:916): avc:  denied  { sys_module } for  pid=11763 comm="syz.2.1610" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  517.734517][   T29] audit: type=1400 audit(1734071777.454:917): avc:  denied  { create } for  pid=11775 comm="syz.2.1613" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  517.933494][   T29] audit: type=1400 audit(1734071777.464:918): avc:  denied  { create } for  pid=11775 comm="syz.2.1613" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  518.754205][T11786] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  519.994397][T11802] xt_TPROXY: Can be used only with -p tcp or -p udp
[  521.545933][T11819] overlayfs: missing 'lowerdir'
[  522.124025][T11821] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1623'.
[  522.275712][   T29] kauditd_printk_skb: 20 callbacks suppressed
[  522.275727][   T29] audit: type=1400 audit(1734071782.214:937): avc:  denied  { mount } for  pid=11828 comm="syz.4.1627" name="/" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[  522.304078][    C1] vkms_vblank_simulate: vblank timer overrun
[  522.313803][   T29] audit: type=1400 audit(1734071782.214:938): avc:  denied  { mounton } for  pid=11828 comm="syz.4.1627" path="/333/file0" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=dir permissive=1
[  522.336386][    C1] vkms_vblank_simulate: vblank timer overrun
[  522.360763][   T29] audit: type=1400 audit(1734071782.214:939): avc:  denied  { mount } for  pid=11828 comm="syz.4.1627" name="/" dev="overlay" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  522.389593][    C1] vkms_vblank_simulate: vblank timer overrun
[  522.444926][T11835] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1628'.
[  522.982305][T11845] netlink: 188 bytes leftover after parsing attributes in process `syz.3.1630'.
[  522.984727][   T29] audit: type=1400 audit(1734071782.914:940): avc:  denied  { write } for  pid=11839 comm="syz.3.1630" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  523.010467][T11845] netlink: 'syz.3.1630': attribute type 1 has an invalid length.
[  523.188503][T11848] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1632'.
[  523.202741][   T29] audit: type=1400 audit(1734071783.124:941): avc:  denied  { unmount } for  pid=5812 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  523.445477][   T29] audit: type=1400 audit(1734071783.164:942): avc:  denied  { unmount } for  pid=5812 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[  524.239968][   T29] audit: type=1400 audit(1734071784.174:943): avc:  denied  { write } for  pid=11856 comm="syz.2.1634" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  524.266209][T11857] FAULT_INJECTION: forcing a failure.
[  524.266209][T11857] name failslab, interval 1, probability 0, space 0, times 0
[  524.299685][T11857] CPU: 1 UID: 0 PID: 11857 Comm: syz.2.1634 Not tainted 6.13.0-rc2-syzkaller-00130-g150b567e0d57 #0
[  524.310514][T11857] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[  524.320576][T11857] Call Trace:
[  524.323856][T11857]  <TASK>
[  524.326785][T11857]  dump_stack_lvl+0x16c/0x1f0
[  524.331479][T11857]  should_fail_ex+0x497/0x5b0
[  524.336168][T11857]  should_failslab+0xc2/0x120
[  524.340857][T11857]  kmem_cache_alloc_noprof+0x6e/0x3d0
[  524.346238][T11857]  ? skb_clone+0x190/0x3f0
[  524.350688][T11857]  skb_clone+0x190/0x3f0
[  524.354937][T11857]  netlink_deliver_tap+0xabd/0xd30
[  524.360078][T11857]  netlink_unicast+0x5e1/0x7f0
[  524.364866][T11857]  ? __pfx_netlink_unicast+0x10/0x10
[  524.370164][T11857]  netlink_sendmsg+0x8b8/0xd70
[  524.374941][T11857]  ? __pfx_netlink_sendmsg+0x10/0x10
[  524.380245][T11857]  ____sys_sendmsg+0xaaf/0xc90
[  524.385016][T11857]  ? copy_msghdr_from_user+0x10b/0x160
[  524.390498][T11857]  ? __pfx_____sys_sendmsg+0x10/0x10
[  524.395867][T11857]  ? __lock_acquire+0xcc5/0x3c40
[  524.400804][T11857]  ___sys_sendmsg+0x135/0x1e0
[  524.405477][T11857]  ? __pfx____sys_sendmsg+0x10/0x10
[  524.410677][T11857]  ? trace_lock_acquire+0x14e/0x1f0
[  524.415882][T11857]  __sys_sendmmsg+0x201/0x420
[  524.420555][T11857]  ? __pfx___sys_sendmmsg+0x10/0x10
[  524.425751][T11857]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  524.431729][T11857]  ? fput+0x67/0x440
[  524.435618][T11857]  ? ksys_write+0x1ba/0x250
[  524.440115][T11857]  ? __pfx_ksys_write+0x10/0x10
[  524.444955][T11857]  __x64_sys_sendmmsg+0x9c/0x100
[  524.449903][T11857]  ? lockdep_hardirqs_on+0x7c/0x110
[  524.455090][T11857]  do_syscall_64+0xcd/0x250
[  524.459589][T11857]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  524.465474][T11857] RIP: 0033:0x7ff905385d19
[  524.469894][T11857] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  524.489492][T11857] RSP: 002b:00007ff90624a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  524.497892][T11857] RAX: ffffffffffffffda RBX: 00007ff905575fa0 RCX: 00007ff905385d19
[  524.505851][T11857] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004
[  524.513809][T11857] RBP: 00007ff90624a090 R08: 0000000000000000 R09: 0000000000000000
[  524.521782][T11857] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  524.529744][T11857] R13: 0000000000000000 R14: 00007ff905575fa0 R15: 00007ffcd438b7a8
[  524.537712][T11857]  </TASK>
[  524.680591][T10784] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[  524.708681][T11864] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1637'.
[  524.832891][T11866] sctp: [Deprecated]: syz.4.1638 (pid 11866) Use of struct sctp_assoc_value in delayed_ack socket option.
[  524.832891][T11866] Use struct sctp_sack_info instead
[  524.859041][   T29] audit: type=1400 audit(1734071784.794:944): avc:  denied  { create } for  pid=11869 comm="syz.2.1639" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  524.861587][T10784] usb 2-1: Using ep0 maxpacket: 8
[  524.878897][   T29] audit: type=1400 audit(1734071784.794:945): avc:  denied  { ioctl } for  pid=11869 comm="syz.2.1639" path="socket:[37173]" dev="sockfs" ino=37173 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  524.920180][   T29] audit: type=1400 audit(1734071784.804:946): avc:  denied  { connect } for  pid=11869 comm="syz.2.1639" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  524.960358][T10784] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  524.990648][T10784] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  525.048888][T10784] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  525.076393][T10784] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  525.076458][T11879] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1643'.
[  525.110567][T10784] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  525.137686][T10784] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  525.280703][ T5816] usb 5-1: new high-speed USB device number 44 using dummy_hcd
[  525.396553][T10784] usb 2-1: GET_CAPABILITIES returned 0
[  525.402671][T10784] usbtmc 2-1:16.0: can't read capabilities
[  525.430620][ T5816] usb 5-1: Using ep0 maxpacket: 16
[  525.440848][ T5816] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  525.451273][ T5816] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  525.462634][ T5816] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  525.474054][ T5816] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  525.484057][ T5816] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  525.499201][ T5816] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  525.508624][ T5816] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  525.517061][ T5816] usb 5-1: Manufacturer: syz
[  525.523145][ T5816] usb 5-1: config 0 descriptor??
[  525.661754][T10784] usb 2-1: USB disconnect, device number 31
[  525.964433][T11887] FAULT_INJECTION: forcing a failure.
[  525.964433][T11887] name failslab, interval 1, probability 0, space 0, times 0
[  526.084507][T11887] CPU: 0 UID: 0 PID: 11887 Comm: syz.0.1645 Not tainted 6.13.0-rc2-syzkaller-00130-g150b567e0d57 #0
[  526.095326][T11887] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[  526.105401][T11887] Call Trace:
[  526.108702][T11887]  <TASK>
[  526.111640][T11887]  dump_stack_lvl+0x16c/0x1f0
[  526.116307][T11887]  should_fail_ex+0x497/0x5b0
[  526.120973][T11887]  should_failslab+0xc2/0x120
[  526.125661][T11887]  kmem_cache_alloc_noprof+0x6e/0x3d0
[  526.131021][T11887]  ? skb_clone+0x190/0x3f0
[  526.135434][T11887]  skb_clone+0x190/0x3f0
[  526.139669][T11887]  netlink_deliver_tap+0xabd/0xd30
[  526.144786][T11887]  netlink_unicast+0x5e1/0x7f0
[  526.149666][T11887]  ? __pfx_netlink_unicast+0x10/0x10
[  526.155070][T11887]  netlink_sendmsg+0x8b8/0xd70
[  526.159851][T11887]  ? __pfx_netlink_sendmsg+0x10/0x10
[  526.165170][T11887]  ____sys_sendmsg+0xaaf/0xc90
[  526.169915][T11887]  ? copy_msghdr_from_user+0x10b/0x160
[  526.175354][T11887]  ? __pfx_____sys_sendmsg+0x10/0x10
[  526.180625][T11887]  ___sys_sendmsg+0x135/0x1e0
[  526.185473][T11887]  ? __pfx____sys_sendmsg+0x10/0x10
[  526.190682][T11887]  ? __pfx_lock_release+0x10/0x10
[  526.195695][T11887]  ? trace_lock_acquire+0x14e/0x1f0
[  526.200882][T11887]  ? __fget_files+0x206/0x3a0
[  526.205552][T11887]  __sys_sendmsg+0x16e/0x220
[  526.210136][T11887]  ? __pfx___sys_sendmsg+0x10/0x10
[  526.215248][T11887]  do_syscall_64+0xcd/0x250
[  526.219731][T11887]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  526.225601][T11887] RIP: 0033:0x7f6379185d19
[  526.229990][T11887] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  526.249576][T11887] RSP: 002b:00007f6379f3e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  526.257967][T11887] RAX: ffffffffffffffda RBX: 00007f6379375fa0 RCX: 00007f6379185d19
[  526.265915][T11887] RDX: 0000000000000000 RSI: 0000000020000380 RDI: 0000000000000003
[  526.273877][T11887] RBP: 00007f6379f3e090 R08: 0000000000000000 R09: 0000000000000000
[  526.281837][T11887] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  526.289780][T11887] R13: 0000000000000000 R14: 00007f6379375fa0 R15: 00007ffdfcb47ac8
[  526.297749][T11887]  </TASK>
[  526.408274][ T5816] rc_core: IR keymap rc-hauppauge not found
[  526.415918][ T5816] Registered IR keymap rc-empty
[  526.425202][ T5816] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  526.559432][ T5816] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  526.600775][ T5816] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0
[  526.626640][ T5816] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input38
[  526.639657][T11893] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1648'.
[  526.716080][ T5816] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  526.734528][T11900] dccp_v6_rcv: dropped packet with invalid checksum
[  526.740626][ T5816] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  526.745354][T11898] bridge0: port 3(syz_tun) entered blocking state
[  526.760635][ T5816] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  526.776761][T11898] bridge0: port 3(syz_tun) entered disabled state
[  526.783580][ T5816] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  526.794095][T11898] syz_tun: entered allmulticast mode
[  526.802560][T11898] syz_tun: entered promiscuous mode
[  526.808690][T11898] bridge0: port 3(syz_tun) entered blocking state
[  526.816661][T11898] bridge0: port 3(syz_tun) entered forwarding state
[  526.825302][ T5816] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  526.851765][ T5816] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  526.870546][ T5816] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  526.878462][T11898] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  526.970890][ T5816] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  527.000865][ T5816] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  527.040657][ T5816] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  527.065702][ T5816] mceusb 5-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  527.067824][T11906] netlink: 188 bytes leftover after parsing attributes in process `syz.2.1651'.
[  527.086598][ T5816] mceusb 5-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  527.102533][ T5816] usb 5-1: USB disconnect, device number 44
[  527.114185][T11906] netlink: 'syz.2.1651': attribute type 1 has an invalid length.
[  528.734389][T11930] netlink: 'syz.4.1657': attribute type 2 has an invalid length.
[  528.873937][   T29] kauditd_printk_skb: 12 callbacks suppressed
[  528.873969][   T29] audit: type=1400 audit(1734071788.814:959): avc:  denied  { ioctl } for  pid=11924 comm="syz.3.1656" path="socket:[37348]" dev="sockfs" ino=37348 ioctlcmd=0x42d4 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  528.949450][T11929] hsr0: entered allmulticast mode
[  528.957327][T11929] hsr_slave_0: entered allmulticast mode
[  528.965430][T11929] hsr_slave_1: entered allmulticast mode
[  528.979395][T11929] hsr_slave_0: left promiscuous mode
[  528.990308][T11929] hsr_slave_1: left promiscuous mode
[  529.058023][T11929] hsr0 (unregistering): left allmulticast mode
[  529.190573][ T5816] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  530.055104][   T29] audit: type=1400 audit(1734071789.784:960): avc:  denied  { ioctl } for  pid=11933 comm="syz.1.1661" path="socket:[36564]" dev="sockfs" ino=36564 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  530.089378][   T29] audit: type=1400 audit(1734071789.804:961): avc:  denied  { mounton } for  pid=11933 comm="syz.1.1661" path="/proc/1090/task" dev="proc" ino=37361 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[  530.112208][   T29] audit: type=1400 audit(1734071789.814:962): avc:  denied  { mount } for  pid=11933 comm="syz.1.1661" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  530.146690][ T5816] usb 4-1: Using ep0 maxpacket: 8
[  530.154510][ T5816] usb 4-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[  530.212574][T11941] audit: audit_lost=2 audit_rate_limit=0 audit_backlog_limit=64
[  530.223751][ T5816] usb 4-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[  530.244650][ T5816] usb 4-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[  530.267930][T11941] audit: out of memory in audit_log_start
[  530.272268][ T5816] usb 4-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  530.291033][ T5816] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  530.301510][   T29] audit: type=1400 audit(1734071790.244:963): avc:  denied  { execute } for  pid=11939 comm="syz.1.1662" path="/dev/audio1" dev="devtmpfs" ino=1290 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sound_device_t tclass=chr_file permissive=1
[  530.348634][ T5816] usb 4-1: Product: syz
[  530.353477][ T5816] usb 4-1: Manufacturer: syz
[  530.440237][ T5816] usb 4-1: SerialNumber: syz
[  530.568870][T11950] netlink: 'syz.4.1664': attribute type 2 has an invalid length.
[  531.087034][ T5816] adutux 4-1:168.0: interrupt endpoints not found
[  531.180235][ T5816] usb 4-1: USB disconnect, device number 34
[  531.429568][   T29] audit: type=1400 audit(1734071791.364:964): avc:  denied  { write } for  pid=11954 comm="syz.1.1668" name="001" dev="devtmpfs" ino=742 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  531.453528][   T29] audit: type=1400 audit(1734071791.394:965): avc:  denied  { append } for  pid=11954 comm="syz.1.1668" name="001" dev="devtmpfs" ino=742 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  531.773540][    T8] usb 5-1: new high-speed USB device number 45 using dummy_hcd
[  531.797043][   T29] audit: type=1400 audit(1734071791.734:966): avc:  denied  { write } for  pid=11954 comm="syz.1.1668" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  531.950782][    T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  531.970761][    T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  531.987736][    T8] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[  531.997373][T11963] xt_TPROXY: Can be used only with -p tcp or -p udp
[  532.045533][    T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  532.059084][    T8] usb 5-1: config 0 descriptor??
[  532.803288][    T8] pyra 0003:1E7D:2CF6.0005: unknown main item tag 0x0
[  532.810163][    T8] pyra 0003:1E7D:2CF6.0005: unknown main item tag 0x0
[  532.823966][    T8] pyra 0003:1E7D:2CF6.0005: unknown main item tag 0x0
[  532.830897][    T8] pyra 0003:1E7D:2CF6.0005: unknown main item tag 0x0
[  532.837679][    T8] pyra 0003:1E7D:2CF6.0005: unknown main item tag 0x0
[  532.844628][    T8] pyra 0003:1E7D:2CF6.0005: unknown main item tag 0x0
[  532.868296][    T8] pyra 0003:1E7D:2CF6.0005: unknown main item tag 0x0
[  533.241694][    T8] pyra 0003:1E7D:2CF6.0005: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.4-1/input0
[  533.246129][T11982] lo speed is unknown, defaulting to 1000
[  533.296647][T11982] lo speed is unknown, defaulting to 1000
[  533.307167][T11982] lo speed is unknown, defaulting to 1000
[  533.729731][    T8] pyra 0003:1E7D:2CF6.0005: couldn't init struct pyra_device
[  533.737379][    T8] pyra 0003:1E7D:2CF6.0005: couldn't install mouse
[  533.752075][T11982] infiniband s
z1: set active
[  533.757975][ T5816] lo speed is unknown, defaulting to 1000
[  533.766833][    T8] pyra 0003:1E7D:2CF6.0005: probe with driver pyra failed with error -71
[  533.776010][T11982] infiniband s
z1: added lo
[  533.807205][    T8] usb 5-1: USB disconnect, device number 45
[  533.862991][T11982] RDS/IB: s
z1: added
[  533.869340][T11982] smc: adding ib device s
z1 with port count 1
[  533.876626][T11982] smc:    ib device s
z1 port 1 has pnetid 
[  533.887442][ T5816] lo speed is unknown, defaulting to 1000
[  533.902349][T11982] lo speed is unknown, defaulting to 1000
[  534.051257][   T29] kauditd_printk_skb: 2 callbacks suppressed
[  534.051271][   T29] audit: type=1400 audit(1734071793.994:969): avc:  denied  { mounton } for  pid=11989 comm="syz.2.1675" path="/346/file0" dev="tmpfs" ino=1911 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  534.162623][T11982] lo speed is unknown, defaulting to 1000
[  534.353526][T11982] lo speed is unknown, defaulting to 1000
[  534.440884][T12004] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1679'.
[  534.450730][ T2146] usb 1-1: new high-speed USB device number 35 using dummy_hcd
[  534.484801][T11982] lo speed is unknown, defaulting to 1000
[  534.574420][T11982] lo speed is unknown, defaulting to 1000
[  534.590507][ T2146] usb 1-1: device descriptor read/64, error -71
[  535.211684][    T8] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[  535.227429][   T29] audit: type=1400 audit(1734071795.164:970): avc:  denied  { create } for  pid=12008 comm="syz.1.1682" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  535.417654][ T2146] usb 1-1: new high-speed USB device number 36 using dummy_hcd
[  535.425794][    T8] usb 4-1: Using ep0 maxpacket: 16
[  535.612465][    T8] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  535.622870][    T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  535.645036][    T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  535.664898][T12015] FAULT_INJECTION: forcing a failure.
[  535.664898][T12015] name failslab, interval 1, probability 0, space 0, times 0
[  535.677856][    T8] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  535.688646][    T8] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  535.723158][ T2146] usb 1-1: device descriptor read/64, error -71
[  535.731661][T12015] CPU: 0 UID: 0 PID: 12015 Comm: syz.2.1684 Not tainted 6.13.0-rc2-syzkaller-00130-g150b567e0d57 #0
[  535.742435][T12015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[  535.752470][T12015] Call Trace:
[  535.755726][T12015]  <TASK>
[  535.758633][T12015]  dump_stack_lvl+0x16c/0x1f0
[  535.763291][T12015]  should_fail_ex+0x497/0x5b0
[  535.767951][T12015]  ? fs_reclaim_acquire+0xae/0x150
[  535.773049][T12015]  should_failslab+0xc2/0x120
[  535.777701][T12015]  __kmalloc_noprof+0xcb/0x510
[  535.782441][T12015]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  535.788051][T12015]  tomoyo_realpath_from_path+0xb9/0x720
[  535.793575][T12015]  ? tomoyo_path_number_perm+0x235/0x590
[  535.799181][T12015]  ? tomoyo_path_number_perm+0x235/0x590
[  535.804787][T12015]  tomoyo_path_number_perm+0x248/0x590
[  535.810218][T12015]  ? tomoyo_path_number_perm+0x235/0x590
[  535.815823][T12015]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  535.821787][T12015]  ? __pfx_lock_release+0x10/0x10
[  535.826786][T12015]  ? trace_lock_acquire+0x14e/0x1f0
[  535.831963][T12015]  ? lock_acquire+0x2f/0xb0
[  535.836454][T12015]  ? __fget_files+0x40/0x3a0
[  535.841020][T12015]  ? __fget_files+0x206/0x3a0
[  535.845671][T12015]  security_file_ioctl+0x9b/0x240
[  535.850672][T12015]  __x64_sys_ioctl+0xb7/0x200
[  535.855328][T12015]  do_syscall_64+0xcd/0x250
[  535.859821][T12015]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  535.861356][ T2146] usb usb1-port1: attempt power cycle
[  535.865715][T12015] RIP: 0033:0x7ff905385d19
[  535.875494][T12015] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  535.895089][T12015] RSP: 002b:00007ff90624a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  535.903494][T12015] RAX: ffffffffffffffda RBX: 00007ff905575fa0 RCX: 00007ff905385d19
[  535.911444][T12015] RDX: 0000000020000080 RSI: 00000000c0285629 RDI: 0000000000000003
[  535.919390][T12015] RBP: 00007ff90624a090 R08: 0000000000000000 R09: 0000000000000000
[  535.927337][T12015] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  535.935282][T12015] R13: 0000000000000000 R14: 00007ff905575fa0 R15: 00007ffcd438b7a8
[  535.943235][T12015]  </TASK>
[  536.688897][    T8] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  536.704352][    T8] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  536.705064][T12015] ERROR: Out of memory at tomoyo_realpath_from_path.
[  536.719340][    T8] usb 4-1: Manufacturer: syz
[  536.725494][    T8] usb 4-1: config 0 descriptor??
[  536.954560][ T2146] usb 1-1: new high-speed USB device number 37 using dummy_hcd
[  537.022647][ T5825] usb 5-1: new high-speed USB device number 46 using dummy_hcd
[  537.063954][ T2146] usb 1-1: device descriptor read/8, error -71
[  537.190700][ T5825] usb 5-1: Using ep0 maxpacket: 8
[  537.229893][ T5825] usb 5-1: config 0 has an invalid interface number: 186 but max is 0
[  537.328569][ T5825] usb 5-1: config 0 has no interface number 0
[  537.380823][ T2146] usb 1-1: new high-speed USB device number 38 using dummy_hcd
[  537.415655][ T5825] usb 5-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5
[  537.443453][ T5825] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  537.460681][    T8] rc_core: IR keymap rc-hauppauge not found
[  537.461126][ T5825] usb 5-1: Product: syz
[  537.466666][    T8] Registered IR keymap rc-empty
[  537.466722][    T8] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  537.471381][ T2146] usb 1-1: device descriptor read/8, error -71
[  537.491319][    T8] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  537.491755][ T5825] usb 5-1: Manufacturer: syz
[  537.504714][ T5825] usb 5-1: SerialNumber: syz
[  537.513459][ T5825] usb 5-1: config 0 descriptor??
[  537.527590][ T5825] iowarrior 5-1:0.186: no interrupt-in endpoint found
[  537.528072][    T8] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0
[  537.567145][    T8] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input39
[  537.672475][ T2146] usb usb1-port1: unable to enumerate USB device
[  537.736787][T12035] FAULT_INJECTION: forcing a failure.
[  537.736787][T12035] name failslab, interval 1, probability 0, space 0, times 0
[  537.768733][T12035] CPU: 1 UID: 0 PID: 12035 Comm: syz.2.1690 Not tainted 6.13.0-rc2-syzkaller-00130-g150b567e0d57 #0
[  537.779557][T12035] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[  537.789622][T12035] Call Trace:
[  537.792900][T12035]  <TASK>
[  537.795839][T12035]  dump_stack_lvl+0x16c/0x1f0
[  537.800540][T12035]  should_fail_ex+0x497/0x5b0
[  537.805237][T12035]  should_failslab+0xc2/0x120
[  537.809900][T12035]  kmem_cache_alloc_noprof+0x6e/0x3d0
[  537.815259][T12035]  ? skb_clone+0x190/0x3f0
[  537.819656][T12035]  skb_clone+0x190/0x3f0
[  537.823901][T12035]  netlink_deliver_tap+0xabd/0xd30
[  537.829025][T12035]  netlink_unicast+0x5e1/0x7f0
[  537.833794][T12035]  ? __pfx_netlink_unicast+0x10/0x10
[  537.839061][T12035]  netlink_sendmsg+0x8b8/0xd70
[  537.843805][T12035]  ? __pfx_netlink_sendmsg+0x10/0x10
[  537.849073][T12035]  ____sys_sendmsg+0xaaf/0xc90
[  537.853816][T12035]  ? copy_msghdr_from_user+0x10b/0x160
[  537.859254][T12035]  ? __pfx_____sys_sendmsg+0x10/0x10
[  537.864523][T12035]  ___sys_sendmsg+0x135/0x1e0
[  537.869194][T12035]  ? __pfx____sys_sendmsg+0x10/0x10
[  537.872200][    T8] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  537.874380][T12035]  ? __pfx_lock_release+0x10/0x10
[  537.874405][T12035]  ? trace_lock_acquire+0x14e/0x1f0
[  537.874439][T12035]  ? __fget_files+0x206/0x3a0
[  537.881658][   T29] audit: type=1400 audit(1734071797.764:971): avc:  denied  { read } for  pid=12025 comm="syz.0.1688" name="autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  537.886528][T12035]  __sys_sendmsg+0x16e/0x220
[  537.886560][T12035]  ? __pfx___sys_sendmsg+0x10/0x10
[  537.891851][   T29] audit: type=1400 audit(1734071797.764:972): avc:  denied  { open } for  pid=12025 comm="syz.0.1688" path="/dev/autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  537.896398][T12035]  do_syscall_64+0xcd/0x250
[  537.896428][T12035]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  537.920005][   T29] audit: type=1400 audit(1734071797.764:973): avc:  denied  { ioctl } for  pid=12025 comm="syz.0.1688" path="/dev/autofs" dev="devtmpfs" ino=98 ioctlcmd=0x9378 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  537.924047][T12035] RIP: 0033:0x7ff905385d19
[  537.924066][T12035] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  537.924084][T12035] RSP: 002b:00007ff90624a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  537.924105][T12035] RAX: ffffffffffffffda RBX: 00007ff905575fa0 RCX: 00007ff905385d19
[  537.924118][T12035] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003
[  537.930612][    T8] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  537.952683][T12035] RBP: 00007ff90624a090 R08: 0000000000000000 R09: 0000000000000000
[  537.952700][T12035] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  537.952711][T12035] R13: 0000000000000000 R14: 00007ff905575fa0 R15: 00007ffcd438b7a8
[  537.952736][T12035]  </TASK>
[  538.005477][T12037] FAULT_INJECTION: forcing a failure.
[  538.005477][T12037] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  538.086212][T12037] CPU: 1 UID: 0 PID: 12037 Comm: syz.1.1689 Not tainted 6.13.0-rc2-syzkaller-00130-g150b567e0d57 #0
[  538.096981][T12037] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[  538.107072][T12037] Call Trace:
[  538.110396][T12037]  <TASK>
[  538.113341][T12037]  dump_stack_lvl+0x16c/0x1f0
[  538.118040][T12037]  should_fail_ex+0x497/0x5b0
[  538.122745][T12037]  strncpy_from_user+0x3b/0x2d0
[  538.127624][T12037]  getname_flags.part.0+0x8f/0x550
[  538.132757][T12037]  getname+0x8d/0xe0
[  538.136653][T12037]  do_sys_openat2+0x104/0x1e0
[  538.141339][T12037]  ? __pfx_do_sys_openat2+0x10/0x10
[  538.146545][T12037]  ? __fget_files+0x206/0x3a0
[  538.151226][T12037]  __x64_sys_openat+0x175/0x210
[  538.156100][T12037]  ? __pfx___x64_sys_openat+0x10/0x10
[  538.161492][T12037]  ? ksys_write+0x1ba/0x250
[  538.166013][T12037]  do_syscall_64+0xcd/0x250
[  538.170526][T12037]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  538.176424][T12037] RIP: 0033:0x7f246f985d19
[  538.180838][T12037] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  538.200443][T12037] RSP: 002b:00007f246d7f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  538.208859][T12037] RAX: ffffffffffffffda RBX: 00007f246fb76160 RCX: 00007f246f985d19
[  538.216826][T12037] RDX: 0000000000000000 RSI: 0000000020000040 RDI: ffffffffffffff9c
[  538.224797][T12037] RBP: 00007f246d7f6090 R08: 0000000000000000 R09: 0000000000000000
[  538.232775][T12037] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  538.240751][T12037] R13: 0000000000000000 R14: 00007f246fb76160 R15: 00007ffc7147e878
[  538.248735][T12037]  </TASK>
[  538.270851][    T8] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  538.290761][    T8] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  538.371726][    T8] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  538.435664][    T8] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  538.460656][    T8] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  538.510781][    T8] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  538.530632][    T8] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  538.721020][    T8] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  538.741570][    T8] mceusb 4-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  538.751063][    T8] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  538.793276][    T8] usb 4-1: USB disconnect, device number 35
[  539.745669][T10784] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  539.755740][ T5816] usb 5-1: USB disconnect, device number 46
[  539.837819][ T2146] usb 1-1: new high-speed USB device number 39 using dummy_hcd
[  539.858985][   T29] audit: type=1400 audit(1734071799.794:974): avc:  denied  { create } for  pid=12048 comm="syz.3.1694" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  539.878897][   T29] audit: type=1400 audit(1734071799.794:975): avc:  denied  { bind } for  pid=12048 comm="syz.3.1694" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  539.898419][   T29] audit: type=1400 audit(1734071799.794:976): avc:  denied  { name_bind } for  pid=12048 comm="syz.3.1694" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=dccp_socket permissive=1
[  539.919453][   T29] audit: type=1400 audit(1734071799.794:977): avc:  denied  { node_bind } for  pid=12048 comm="syz.3.1694" saddr=::1 src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=dccp_socket permissive=1
[  539.942043][   T29] audit: type=1400 audit(1734071799.794:978): avc:  denied  { listen } for  pid=12048 comm="syz.3.1694" laddr=::1 lport=20000 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  539.963543][   T29] audit: type=1400 audit(1734071799.794:979): avc:  denied  { connect } for  pid=12048 comm="syz.3.1694" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  539.983261][   T29] audit: type=1400 audit(1734071799.794:980): avc:  denied  { name_connect } for  pid=12048 comm="syz.3.1694" dest=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=dccp_socket permissive=1
[  540.004645][   T29] audit: type=1400 audit(1734071799.864:981): avc:  denied  { read } for  pid=12050 comm="syz.1.1695" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  540.011292][ T2146] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16
[  540.027547][   T29] audit: type=1400 audit(1734071799.864:982): avc:  denied  { open } for  pid=12050 comm="syz.1.1695" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  540.055594][ T2146] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64
[  540.061469][   T29] audit: type=1400 audit(1734071799.974:983): avc:  denied  { accept } for  pid=12048 comm="syz.3.1694" laddr=::1 lport=20000 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  540.104141][ T2146] usb 1-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32
[  540.114616][ T2146] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  540.134618][ T2146] usb 1-1: Product: syz
[  540.149082][ T2146] usb 1-1: Manufacturer: syz
[  540.157143][ T2146] usb 1-1: SerialNumber: syz
[  540.239031][T10784] usb 3-1: config 0 has an invalid interface number: 146 but max is 0
[  540.247342][T10784] usb 3-1: config 0 has no interface number 0
[  540.253517][T10784] usb 3-1: config 0 interface 146 altsetting 0 endpoint 0x4 has invalid maxpacket 512, setting to 64
[  540.278442][T10784] usb 3-1: config 0 interface 146 altsetting 0 endpoint 0xD has an invalid bInterval 0, changing to 7
[  540.315052][ T2146] usb 1-1: config 0 descriptor??
[  540.315828][T10784] usb 3-1: New USB device found, idVendor=06e1, idProduct=a155, bcdDevice=fe.98
[  540.321017][T12026] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  540.336518][T12026] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  540.355803][T10784] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  540.363899][T10784] usb 3-1: Product: syz
[  540.368075][T10784] usb 3-1: Manufacturer: syz
[  540.372781][T10784] usb 3-1: SerialNumber: syz
[  540.379763][T10784] usb 3-1: config 0 descriptor??
[  540.387331][T10784] radio-si470x 3-1:0.146: could not find interrupt in endpoint
[  540.395019][T10784] radio-si470x 3-1:0.146: probe with driver radio-si470x failed with error -5
[  540.843849][T10784] usbhid 3-1:0.146: couldn't find an input interrupt endpoint
[  540.876684][ T2146] dm9601 1-1:0.0: probe with driver dm9601 failed with error -71
[  540.890845][ T2146] usb 1-1: USB disconnect, device number 39
[  541.070725][    T8] usb 4-1: new high-speed USB device number 36 using dummy_hcd
[  541.320742][    T8] usb 4-1: Using ep0 maxpacket: 32
[  541.357223][    T8] usb 4-1: config 0 has no interfaces?
[  541.370613][    T8] usb 4-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7
[  541.440415][    T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  541.459909][    T8] usb 4-1: config 0 descriptor??
[  541.755796][    T8] usb 3-1: USB disconnect, device number 29
[  541.964086][T12083] binder: 12082:12083 ioctl 5000940a 20000340 returned -22
[  542.303728][T12084] xt_TPROXY: Can be used only with -p tcp or -p udp
[  542.908023][    T8] usb 4-1: USB disconnect, device number 36
[  543.301362][T12095] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1707'.
[  543.371885][T12106] syz.2.1712: attempt to access beyond end of device
[  543.371885][T12106] loop2: rw=0, sector=2, nr_sectors = 1 limit=0
[  543.420502][T12106] hfs: can't find a HFS filesystem on dev loop2
[  543.465442][T12107] vivid-007: disconnect
[  543.604728][T10645] usb 1-1: new high-speed USB device number 40 using dummy_hcd
[  543.766401][T10645] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  543.790533][T10645] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  543.806547][T12099] vivid-007: reconnect
[  543.818019][T10645] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[  543.847488][T10645] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  543.868756][T10645] usb 1-1: config 0 descriptor??
[  543.876673][T12113] netlink: 'syz.3.1714': attribute type 1 has an invalid length.
[  544.040664][    T8] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[  544.463679][    T8] usb 3-1: Using ep0 maxpacket: 16
[  544.476869][    T8] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  544.487161][    T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  544.498648][    T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  544.500302][T10645] pyra 0003:1E7D:2CF6.0006: unknown main item tag 0x0
[  544.516396][T10645] pyra 0003:1E7D:2CF6.0006: unknown main item tag 0x0
[  544.523631][T10645] pyra 0003:1E7D:2CF6.0006: unknown main item tag 0x0
[  544.533927][T10645] pyra 0003:1E7D:2CF6.0006: unknown main item tag 0x0
[  544.541363][T10645] pyra 0003:1E7D:2CF6.0006: unknown main item tag 0x0
[  544.548264][T10645] pyra 0003:1E7D:2CF6.0006: unknown main item tag 0x0
[  544.558398][T10645] pyra 0003:1E7D:2CF6.0006: unknown main item tag 0x0
[  544.602079][T10645] pyra 0003:1E7D:2CF6.0006: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.0-1/input0
[  544.633971][    T8] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  544.702241][    T8] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  544.781334][    T8] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  544.799851][    T8] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  544.809912][    T8] usb 3-1: Manufacturer: syz
[  544.898133][    T8] usb 3-1: config 0 descriptor??
[  545.082149][T10645] pyra 0003:1E7D:2CF6.0006: couldn't init struct pyra_device
[  545.096572][T10645] pyra 0003:1E7D:2CF6.0006: couldn't install mouse
[  545.105915][T10645] pyra 0003:1E7D:2CF6.0006: probe with driver pyra failed with error -71
[  545.120833][T10645] usb 1-1: USB disconnect, device number 40
[  545.874777][   T29] kauditd_printk_skb: 14 callbacks suppressed
[  545.874794][   T29] audit: type=1400 audit(1734071805.814:998): avc:  denied  { ioctl } for  pid=12136 comm="syz.1.1720" path="/dev/dri/card1" dev="devtmpfs" ino=628 ioctlcmd=0x640d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  545.907051][    T8] rc_core: IR keymap rc-hauppauge not found
[  545.915393][    T8] Registered IR keymap rc-empty
[  545.923214][T12137] trusted_key: encrypted_key: keylen for the ecryptfs format must be equal to 64 bytes
[  545.936531][    T8] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  546.025096][    T8] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  546.051758][    T8] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0
[  546.127610][    T8] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input40
[  546.312668][    T8] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  546.453693][    T8] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  546.758286][    T8] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  546.805014][   T29] audit: type=1400 audit(1734071806.734:999): avc:  denied  { execheap } for  pid=12139 comm="syz.3.1722" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  546.824562][    T8] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  546.860549][    T8] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  546.925278][    T8] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  546.992236][    T8] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  547.012361][T12153] FAULT_INJECTION: forcing a failure.
[  547.012361][T12153] name failslab, interval 1, probability 0, space 0, times 0
[  547.050574][T12153] CPU: 1 UID: 0 PID: 12153 Comm: syz.3.1726 Not tainted 6.13.0-rc2-syzkaller-00130-g150b567e0d57 #0
[  547.061344][T12153] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[  547.071373][T12153] Call Trace:
[  547.074626][T12153]  <TASK>
[  547.077531][T12153]  dump_stack_lvl+0x16c/0x1f0
[  547.082201][T12153]  should_fail_ex+0x497/0x5b0
[  547.086854][T12153]  ? fs_reclaim_acquire+0xae/0x150
[  547.091945][T12153]  should_failslab+0xc2/0x120
[  547.096597][T12153]  kmem_cache_alloc_noprof+0x6e/0x3d0
[  547.101944][T12153]  ? vm_area_dup+0x21/0x2f0
[  547.106423][T12153]  vm_area_dup+0x21/0x2f0
[  547.110726][T12153]  __split_vma+0x181/0x1160
[  547.115310][T12153]  ? __pfx___split_vma+0x10/0x10
[  547.120226][T12153]  vms_gather_munmap_vmas+0x38b/0x1730
[  547.125664][T12153]  ? __pfx_vms_gather_munmap_vmas+0x10/0x10
[  547.131545][T12153]  ? mas_walk+0x6a6/0x910
[  547.135854][T12153]  __mmap_region+0x31d/0x2670
[  547.140509][T12153]  ? hlock_class+0x4e/0x130
[  547.144988][T12153]  ? __lock_acquire+0xcc5/0x3c40
[  547.149897][T12153]  ? __pfx___mmap_region+0x10/0x10
[  547.154992][T12153]  ? __pfx___lock_acquire+0x10/0x10
[  547.160164][T12153]  ? lock_acquire+0x2f/0xb0
[  547.164639][T12153]  ? avc_has_perm_noaudit+0x61/0x3a0
[  547.169903][T12153]  ? find_held_lock+0x2d/0x110
[  547.174656][T12153]  ? mm_get_unmapped_area+0x95/0xe0
[  547.179833][T12153]  ? shmem_get_unmapped_area+0x183/0xa20
[  547.185457][T12153]  ? cap_mmap_addr+0x53/0x320
[  547.190107][T12153]  mmap_region+0x127/0x320
[  547.194511][T12153]  do_mmap+0xc00/0xfc0
[  547.198555][T12153]  vm_mmap_pgoff+0x1ba/0x360
[  547.203120][T12153]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  547.208204][T12153]  ? __fget_files+0x206/0x3a0
[  547.212855][T12153]  ksys_mmap_pgoff+0x32c/0x5c0
[  547.217588][T12153]  ? __pfx_ksys_write+0x10/0x10
[  547.222419][T12153]  __x64_sys_mmap+0x125/0x190
[  547.227073][T12153]  do_syscall_64+0xcd/0x250
[  547.231551][T12153]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  547.237420][T12153] RIP: 0033:0x7f2159385d19
[  547.241825][T12153] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  547.261425][T12153] RSP: 002b:00007f215a20c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  547.269818][T12153] RAX: ffffffffffffffda RBX: 00007f2159575fa0 RCX: 00007f2159385d19
[  547.277761][T12153] RDX: 000000000000000b RSI: 0000000000400000 RDI: 0000000020200000
[  547.285703][T12153] RBP: 00007f215a20c090 R08: 0000000000000003 R09: 0000000000000000
[  547.293645][T12153] R10: 0000000000002012 R11: 0000000000000246 R12: 0000000000000001
[  547.301587][T12153] R13: 0000000000000000 R14: 00007f2159575fa0 R15: 00007ffd1346e9a8
[  547.309537][T12153]  </TASK>
[  547.312626][    C1] vkms_vblank_simulate: vblank timer overrun
[  547.359643][    T8] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  547.402175][    T8] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  547.420628][    T8] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  547.441271][    T8] mceusb 3-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  547.448173][T12165] 9pnet_fd: Insufficient options for proto=fd
[  547.450360][    T8] mceusb 3-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  547.468304][    T8] usb 3-1: USB disconnect, device number 30
[  547.730699][ T2146] usb 5-1: new high-speed USB device number 47 using dummy_hcd
[  547.738543][T10645] usb 4-1: new high-speed USB device number 37 using dummy_hcd
[  547.890788][ T2146] usb 5-1: Using ep0 maxpacket: 8
[  547.900724][ T2146] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  547.912934][T10645] usb 4-1: Using ep0 maxpacket: 32
[  547.925825][   T29] audit: type=1400 audit(1734071807.864:1000): avc:  denied  { write } for  pid=5172 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  547.947314][    C1] vkms_vblank_simulate: vblank timer overrun
[  547.986997][T10645] usb 4-1: config index 0 descriptor too short (expected 49410, got 36)
[  548.011512][ T2146] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  548.035540][T10645] usb 4-1: config 12 has too many interfaces: 127, using maximum allowed: 32
[  548.079732][ T2146] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  548.099332][   T29] audit: type=1400 audit(1734071807.894:1001): avc:  denied  { remove_name } for  pid=5172 comm="syslogd" name="messages" dev="tmpfs" ino=9 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  548.100980][T10645] usb 4-1: config 12 contains an unexpected descriptor of type 0x2, skipping
[  548.122325][   T29] audit: type=1400 audit(1734071807.894:1002): avc:  denied  { rename } for  pid=5172 comm="syslogd" name="messages" dev="tmpfs" ino=9 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  548.137099][ T2146] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  548.153558][    T8] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  548.167351][T10645] usb 4-1: config 12 has an invalid descriptor of length 0, skipping remainder of the config
[  548.178121][   T29] audit: type=1400 audit(1734071807.894:1003): avc:  denied  { add_name } for  pid=5172 comm="syslogd" name="messages.0" dev="tmpfs" ino=8 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  548.206057][   T29] audit: type=1400 audit(1734071807.894:1004): avc:  denied  { unlink } for  pid=5172 comm="syslogd" name="messages.0" dev="tmpfs" ino=8 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  548.206547][ T2146] usb 5-1: config 0 descriptor??
[  548.228831][   T29] audit: type=1400 audit(1734071807.914:1005): avc:  denied  { create } for  pid=5172 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  548.234349][T10645] usb 4-1: config 12 has 0 interfaces, different from the descriptor's value: 127
[  548.254747][   T29] audit: type=1400 audit(1734071808.144:1006): avc:  denied  { connect } for  pid=12172 comm="syz.0.1733" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  548.266316][T10645] usb 4-1: config index 1 descriptor too short (expected 49410, got 36)
[  548.290174][   T29] audit: type=1400 audit(1734071808.224:1007): avc:  denied  { append } for  pid=12172 comm="syz.0.1733" name="loop6" dev="devtmpfs" ino=653 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  548.292456][T10645] usb 4-1: config 12 has too many interfaces: 127, using maximum allowed: 32
[  548.315977][    C1] vkms_vblank_simulate: vblank timer overrun
[  548.331171][T10645] usb 4-1: config 12 contains an unexpected descriptor of type 0x2, skipping
[  548.340007][T10645] usb 4-1: config 12 has an invalid descriptor of length 0, skipping remainder of the config
[  548.340600][    T8] usb 3-1: Using ep0 maxpacket: 16
[  548.354309][T10645] usb 4-1: config 12 has 0 interfaces, different from the descriptor's value: 127
[  548.357706][    T8] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  548.367574][T10645] usb 4-1: config index 2 descriptor too short (expected 49410, got 36)
[  548.393217][T10645] usb 4-1: config 12 has too many interfaces: 127, using maximum allowed: 32
[  548.410753][T10645] usb 4-1: config 12 contains an unexpected descriptor of type 0x2, skipping
[  548.419690][T10645] usb 4-1: config 12 has an invalid descriptor of length 0, skipping remainder of the config
[  548.431568][    T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  548.442580][    T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  548.452346][    T8] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  548.462205][    T8] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  548.475546][T10645] usb 4-1: config 12 has 0 interfaces, different from the descriptor's value: 127
[  548.478432][    T8] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  548.506570][T10645] usb 4-1: config index 3 descriptor too short (expected 49410, got 36)
[  548.510475][    T8] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  548.515469][T10645] usb 4-1: config 12 has too many interfaces: 127, using maximum allowed: 32
[  548.533788][    T8] usb 3-1: Manufacturer: syz
[  548.539936][    T8] usb 3-1: config 0 descriptor??
[  548.547039][ T2146] iowarrior 5-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  548.572274][T12178] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1734'.
[  548.580808][ T2146] usb 5-1: USB disconnect, device number 47
[  548.588091][T10645] usb 4-1: config 12 contains an unexpected descriptor of type 0x2, skipping
[  548.608995][T10645] usb 4-1: config 12 has an invalid descriptor of length 0, skipping remainder of the config
[  548.629707][T10645] usb 4-1: config 12 has 0 interfaces, different from the descriptor's value: 127
[  548.651664][T10645] usb 4-1: New USB device found, idVendor=2c42, idProduct=0102, bcdDevice= 0.00
[  548.662517][T10645] usb 4-1: New USB device strings: Mfr=16, Product=0, SerialNumber=9
[  548.680701][T10645] usb 4-1: Manufacturer: syz
[  548.690758][T10645] usb 4-1: SerialNumber: syz
[  548.730563][ T5825] usb 1-1: new high-speed USB device number 41 using dummy_hcd
[  548.810761][    T8] rc_core: IR keymap rc-hauppauge not found
[  548.825001][    T8] Registered IR keymap rc-empty
[  548.840625][    T8] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  548.861276][    T8] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  548.880582][ T5825] usb 1-1: Using ep0 maxpacket: 8
[  548.888609][ T5825] usb 1-1: config 5 has an invalid interface number: 161 but max is 1
[  548.900947][    T8] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0
[  548.907196][ T5825] usb 1-1: config 5 contains an unexpected descriptor of type 0x1, skipping
[  548.923744][    T8] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input41
[  548.950118][ T5825] usb 1-1: config 5 contains an unexpected descriptor of type 0x1, skipping
[  548.959829][ T5825] usb 1-1: config 5 has an invalid interface number: 16 but max is 1
[  548.968121][ T5825] usb 1-1: config 5 has an invalid interface number: 35 but max is 1
[  548.968229][    T8] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  548.978057][ T5825] usb 1-1: config 5 contains an unexpected descriptor of type 0x2, skipping
[  548.994224][ T5825] usb 1-1: config 5 has 3 interfaces, different from the descriptor's value: 2
[  549.005203][ T5825] usb 1-1: config 5 has no interface number 0
[  549.011439][ T5825] usb 1-1: config 5 has no interface number 1
[  549.017687][ T5825] usb 1-1: config 5 has no interface number 2
[  549.020590][    T8] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  549.023935][ T5825] usb 1-1: config 5 interface 161 altsetting 0 endpoint 0xB has an invalid bInterval 146, changing to 7
[  549.042263][ T5825] usb 1-1: config 5 interface 161 altsetting 0 has a duplicate endpoint with address 0x5, skipping
[  549.053387][ T5825] usb 1-1: config 5 interface 161 altsetting 0 endpoint 0x7 has invalid maxpacket 512, setting to 64
[  549.061158][    T8] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  549.064353][ T5825] usb 1-1: config 5 interface 161 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  549.083629][ T5825] usb 1-1: config 5 interface 161 altsetting 0 endpoint 0xC has an invalid bInterval 152, changing to 11
[  549.098497][ T5825] usb 1-1: config 5 interface 161 altsetting 0 has a duplicate endpoint with address 0x9, skipping
[  549.111186][    T8] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  549.129795][ T5825] usb 1-1: config 5 interface 161 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0
[  549.141674][    T8] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  549.160789][ T5825] usb 1-1: config 5 interface 161 altsetting 0 has a duplicate endpoint with address 0x7, skipping
[  549.171953][    T8] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  549.177476][ T5825] usb 1-1: config 5 interface 161 altsetting 0 has a duplicate endpoint with address 0x8, skipping
[  549.200557][ T5825] usb 1-1: too many endpoints for config 5 interface 16 altsetting 8: 102, using maximum allowed: 30
[  549.200767][    T8] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  549.226513][ T5825] usb 1-1: config 5 interface 16 altsetting 8 has 0 endpoint descriptors, different from the interface descriptor's value: 102
[  549.240728][    T8] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  549.243997][ T5825] usb 1-1: config 5 interface 35 altsetting 0 has a duplicate endpoint with address 0x6, skipping
[  549.262989][    T8] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  549.290579][    T8] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  549.305897][ T5825] usb 1-1: config 5 interface 35 altsetting 0 has a duplicate endpoint with address 0x7, skipping
[  549.319162][ T5825] usb 1-1: config 5 interface 35 altsetting 0 has a duplicate endpoint with address 0x7, skipping
[  549.334596][    T8] mceusb 3-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  549.350162][ T5825] usb 1-1: config 5 interface 35 altsetting 0 has a duplicate endpoint with address 0x7, skipping
[  549.360481][    T8] mceusb 3-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  549.365687][ T5825] usb 1-1: config 5 interface 35 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  549.376125][    T8] usb 3-1: USB disconnect, device number 31
[  549.559950][ T5825] usb 1-1: config 5 interface 35 altsetting 0 has a duplicate endpoint with address 0xB, skipping
[  549.570706][ T5825] usb 1-1: config 5 interface 35 altsetting 0 has a duplicate endpoint with address 0x2, skipping
[  549.586664][ T5825] usb 1-1: config 5 interface 16 has no altsetting 0
[  549.603902][ T5825] usb 1-1: Dual-Role OTG device on HNP port
[  549.610291][ T5825] usb 1-1: New USB device found, idVendor=05ac, idProduct=0245, bcdDevice=b5.bc
[  550.180770][ T5825] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  550.188926][ T5825] usb 1-1: Product: 、
[  550.375341][T12222] syz.4.1738: attempt to access beyond end of device
[  550.375341][T12222] nbd4: rw=0, sector=1, nr_sectors = 1 limit=0
[  550.388556][T12222] VFS: could not find a valid V7 on nbd4.
[  550.592112][ T5825] usb 1-1: Manufacturer: 쏐ꋊ琥첬ὣ䞶쵫ᔒ쫨ꊰꜨ㡻䜮⁸褾냼砵芬渕㚳馈资ꃄ啭㪆﩮㕘礭ހ퍹ꯜȽʘ]⃄ᕘ㴛﫨쾠䮺䛺蔾卹怅䔌ﻚ䟰뵎ℎ监া綬絟⭕ꌍꞀ
[  550.592187][T12174] Bluetooth: hci4: command 0x0c1a tx timeout
[  550.611837][ T5825] usb 1-1: SerialNumber: ﻠ꿌棫㍶茫༭닧ijڅ㖰
[  550.883472][ T2146] usb 4-1: USB disconnect, device number 37
[  550.918927][T12230] overlayfs: failed to resolve './bus': -2
[  551.315968][T12235] lo speed is unknown, defaulting to 1000
[  551.566189][   T29] kauditd_printk_skb: 18 callbacks suppressed
[  551.566207][   T29] audit: type=1400 audit(1734071811.504:1026): avc:  denied  { mount } for  pid=12232 comm="syz.4.1741" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  551.679742][ T5825] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:5.161/input/input42
[  551.693454][ T5175] bcm5974 1-1:5.161: could not read from device
[  551.934738][ T5175] bcm5974 1-1:5.161: could not read from device
[  552.041104][ T2146] usb 4-1: new high-speed USB device number 38 using dummy_hcd
[  552.072156][ T5175] bcm5974 1-1:5.161: could not read from device
[  552.091571][ T5175] bcm5974 1-1:5.161: could not read from device
[  552.119651][ T5825] usb 1-1: USB disconnect, device number 41
[  552.250390][T12258] 9pnet_fd: Insufficient options for proto=fd
[  552.260253][ T2146] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  552.291869][ T2146] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  552.331791][ T2146] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  552.345408][ T5816] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[  552.368721][ T2146] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  552.390311][ T2146] usb 4-1: SerialNumber: syz
[  552.502687][ T5816] usb 3-1: Using ep0 maxpacket: 8
[  552.607749][ T5816] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  552.730538][ T5816] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  552.740661][ T5816] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  552.750608][ T5816] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  552.763634][ T5816] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  552.772893][ T5816] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  552.854397][   T29] audit: type=1400 audit(1734071812.794:1027): avc:  denied  { bind } for  pid=12246 comm="syz.3.1744" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  552.881214][ T2146] usb 4-1: 0:2 : does not exist
[  552.886379][ T2146] usb 4-1: unit 5 not found!
[  552.891879][   T29] audit: type=1400 audit(1734071812.814:1028): avc:  denied  { write } for  pid=12246 comm="syz.3.1744" path="socket:[38291]" dev="sockfs" ino=38291 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  552.947542][ T2146] usb 4-1: USB disconnect, device number 38
[  553.054547][ T5816] usb 3-1: GET_CAPABILITIES returned 0
[  553.060224][ T5816] usbtmc 3-1:16.0: can't read capabilities
[  553.266198][ T2146] usb 3-1: USB disconnect, device number 32
[  555.151117][T12296] FAULT_INJECTION: forcing a failure.
[  555.151117][T12296] name failslab, interval 1, probability 0, space 0, times 0
[  555.178205][T12298] FAULT_INJECTION: forcing a failure.
[  555.178205][T12298] name failslab, interval 1, probability 0, space 0, times 0
[  555.185832][T12295] sp0: Synchronizing with TNC
[  555.191034][T12296] CPU: 1 UID: 0 PID: 12296 Comm: syz.0.1756 Not tainted 6.13.0-rc2-syzkaller-00130-g150b567e0d57 #0
[  555.204996][T12295] xt_socket: unknown flags 0x50
[  555.206330][T12296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[  555.221244][T12296] Call Trace:
[  555.224509][T12296]  <TASK>
[  555.227421][T12296]  dump_stack_lvl+0x16c/0x1f0
[  555.232083][T12296]  should_fail_ex+0x497/0x5b0
[  555.236740][T12296]  ? fs_reclaim_acquire+0xae/0x150
[  555.241833][T12296]  should_failslab+0xc2/0x120
[  555.246488][T12296]  kmem_cache_alloc_node_noprof+0x72/0x3c0
[  555.252286][T12296]  ? __alloc_skb+0x2b1/0x380
[  555.256860][T12296]  __alloc_skb+0x2b1/0x380
[  555.261264][T12296]  ? __pfx___alloc_skb+0x10/0x10
[  555.266179][T12296]  ? selinux_socket_getpeersec_dgram+0x1a5/0x370
[  555.272497][T12296]  ? __pfx_selinux_socket_getpeersec_dgram+0x10/0x10
[  555.279150][T12296]  netlink_alloc_large_skb+0x69/0x130
[  555.284502][T12296]  netlink_sendmsg+0x689/0xd70
[  555.289246][T12296]  ? __pfx_netlink_sendmsg+0x10/0x10
[  555.294513][T12296]  ____sys_sendmsg+0xaaf/0xc90
[  555.299256][T12296]  ? copy_msghdr_from_user+0x10b/0x160
[  555.304695][T12296]  ? __pfx_____sys_sendmsg+0x10/0x10
[  555.309961][T12296]  ___sys_sendmsg+0x135/0x1e0
[  555.314632][T12296]  ? __pfx____sys_sendmsg+0x10/0x10
[  555.319815][T12296]  ? __pfx_lock_release+0x10/0x10
[  555.324817][T12296]  ? trace_lock_acquire+0x14e/0x1f0
[  555.329999][T12296]  ? __fget_files+0x206/0x3a0
[  555.334657][T12296]  __sys_sendmsg+0x16e/0x220
[  555.339230][T12296]  ? __pfx___sys_sendmsg+0x10/0x10
[  555.344343][T12296]  do_syscall_64+0xcd/0x250
[  555.348827][T12296]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  555.354711][T12296] RIP: 0033:0x7f6379185d19
[  555.359102][T12296] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  555.378686][T12296] RSP: 002b:00007f6379f3e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  555.387077][T12296] RAX: ffffffffffffffda RBX: 00007f6379375fa0 RCX: 00007f6379185d19
[  555.395026][T12296] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003
[  555.402971][T12296] RBP: 00007f6379f3e090 R08: 0000000000000000 R09: 0000000000000000
[  555.410917][T12296] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  555.418862][T12296] R13: 0000000000000000 R14: 00007f6379375fa0 R15: 00007ffdfcb47ac8
[  555.426813][T12296]  </TASK>
[  555.440526][T12298] CPU: 1 UID: 0 PID: 12298 Comm: syz.1.1757 Not tainted 6.13.0-rc2-syzkaller-00130-g150b567e0d57 #0
[  555.451322][T12298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[  555.461354][T12298] Call Trace:
[  555.464607][T12298]  <TASK>
[  555.467512][T12298]  dump_stack_lvl+0x16c/0x1f0
[  555.472168][T12298]  should_fail_ex+0x497/0x5b0
[  555.476824][T12298]  should_failslab+0xc2/0x120
[  555.481478][T12298]  kmem_cache_alloc_noprof+0x6e/0x3d0
[  555.486822][T12298]  ? skb_clone+0x190/0x3f0
[  555.491214][T12298]  skb_clone+0x190/0x3f0
[  555.495430][T12298]  netlink_deliver_tap+0xabd/0xd30
[  555.500520][T12298]  netlink_unicast+0x5e1/0x7f0
[  555.505261][T12298]  ? __pfx_netlink_unicast+0x10/0x10
[  555.510525][T12298]  netlink_sendmsg+0x8b8/0xd70
[  555.515264][T12298]  ? __pfx_netlink_sendmsg+0x10/0x10
[  555.520530][T12298]  ____sys_sendmsg+0xaaf/0xc90
[  555.525269][T12298]  ? copy_msghdr_from_user+0x10b/0x160
[  555.530715][T12298]  ? __pfx_____sys_sendmsg+0x10/0x10
[  555.535981][T12298]  ___sys_sendmsg+0x135/0x1e0
[  555.540647][T12298]  ? __pfx____sys_sendmsg+0x10/0x10
[  555.545857][T12298]  ? __pfx_lock_release+0x10/0x10
[  555.550858][T12298]  ? trace_lock_acquire+0x14e/0x1f0
[  555.556038][T12298]  ? __fget_files+0x206/0x3a0
[  555.560692][T12298]  __sys_sendmsg+0x16e/0x220
[  555.565264][T12298]  ? __pfx___sys_sendmsg+0x10/0x10
[  555.570362][T12298]  do_syscall_64+0xcd/0x250
[  555.574845][T12298]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  555.580719][T12298] RIP: 0033:0x7f246f985d19
[  555.585109][T12298] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  555.604691][T12298] RSP: 002b:00007f24706f0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  555.613079][T12298] RAX: ffffffffffffffda RBX: 00007f246fb75fa0 RCX: 00007f246f985d19
[  555.621025][T12298] RDX: 0000000020000004 RSI: 00000000200007c0 RDI: 0000000000000003
[  555.628970][T12298] RBP: 00007f24706f0090 R08: 0000000000000000 R09: 0000000000000000
[  555.636917][T12298] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  555.644864][T12298] R13: 0000000000000000 R14: 00007f246fb75fa0 R15: 00007ffc7147e878
[  555.652816][T12298]  </TASK>
[  556.280545][ T5825] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  556.472003][ T5825] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  556.486226][ T5825] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  556.496764][ T5825] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  556.505995][ T5825] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  556.514203][ T5825] usb 2-1: SerialNumber: syz
[  556.755846][ T5825] usb 2-1: 0:2 : does not exist
[  556.761812][ T5825] usb 2-1: unit 5 not found!
[  556.786767][ T5825] usb 2-1: USB disconnect, device number 32
[  558.487917][   T29] audit: type=1400 audit(1734071818.424:1029): avc:  denied  { name_connect } for  pid=12337 comm="syz.4.1769" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=sctp_socket permissive=1
[  558.539293][   T29] audit: type=1400 audit(1734071818.474:1030): avc:  denied  { read } for  pid=12337 comm="syz.4.1769" lport=37061 faddr=fe80::bb scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  558.592600][T12343] netlink: 18 bytes leftover after parsing attributes in process `syz.4.1769'.
[  558.604036][T12343] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12343 comm=syz.4.1769
[  558.640698][   T29] audit: type=1400 audit(1734071818.584:1031): avc:  denied  { getopt } for  pid=12345 comm="syz.3.1771" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  559.329048][T12363] syz.3.1777: attempt to access beyond end of device
[  559.329048][T12363] loop3: rw=0, sector=2, nr_sectors = 1 limit=0
[  559.342046][T12363] hfs: can't find a HFS filesystem on dev loop3
[  559.510656][ T5825] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  559.640766][ T2146] usb 4-1: new high-speed USB device number 39 using dummy_hcd
[  559.728031][T12372] vivid-007: disconnect
[  559.770644][ T5825] usb 2-1: device descriptor read/64, error -71
[  559.782725][    T8] usb 5-1: new high-speed USB device number 48 using dummy_hcd
[  559.810626][ T2146] usb 4-1: Using ep0 maxpacket: 16
[  560.139273][ T2146] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  560.139407][T12369] vivid-007: reconnect
[  560.149761][ T2146] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  560.174655][ T2146] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  560.184877][ T2146] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  560.191653][    T8] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  560.195063][ T2146] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  560.220199][    T8] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  560.220371][ T2146] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  560.238965][ T2146] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  560.248101][ T2146] usb 4-1: Manufacturer: syz
[  560.259249][    T8] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  560.259588][ T2146] usb 4-1: config 0 descriptor??
[  560.273888][    T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  560.282970][    T8] usb 5-1: SerialNumber: syz
[  560.370839][ T5825] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  560.653930][    T8] usb 5-1: 0:2 : does not exist
[  560.669072][    T8] usb 5-1: unit 5 not found!
[  560.684042][ T5825] usb 2-1: device descriptor read/64, error -71
[  560.697293][ T2146] rc_core: IR keymap rc-hauppauge not found
[  560.703934][ T2146] Registered IR keymap rc-empty
[  560.704154][    T8] usb 5-1: USB disconnect, device number 48
[  560.708866][ T2146] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  560.740635][ T2146] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  560.764041][ T2146] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0
[  560.781728][ T2146] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input43
[  560.811482][ T5825] usb usb2-port1: attempt power cycle
[  560.858315][ T2146] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  560.892118][ T2146] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  560.911213][ T2146] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  560.951344][ T2146] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  560.953390][T12386] vivid-007: disconnect
[  560.971367][ T2146] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  561.096775][ T2146] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  561.162290][ T5825] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  561.170764][ T2146] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  561.200713][ T2146] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  561.215414][T12383] vivid-007: reconnect
[  561.225849][ T5825] usb 2-1: device descriptor read/8, error -71
[  561.232786][ T2146] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  561.260583][ T2146] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  561.292580][ T2146] mceusb 4-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  561.292602][ T2146] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  561.302680][ T2146] usb 4-1: USB disconnect, device number 39
[  561.489097][   T29] audit: type=1400 audit(1734071821.414:1032): avc:  denied  { shutdown } for  pid=12388 comm="syz.2.1784" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  561.581762][T12399] netlink: 108 bytes leftover after parsing attributes in process `syz.4.1787'.
[  561.600542][ T5825] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[  561.620932][ T5825] usb 2-1: device descriptor read/8, error -71
[  561.740747][ T5825] usb usb2-port1: unable to enumerate USB device
[  561.852509][T12401] sp0: Synchronizing with TNC
[  561.884739][T12401] xt_socket: unknown flags 0x50
[  562.140573][   T29] audit: type=1400 audit(1734071822.084:1033): avc:  denied  { ioctl } for  pid=12408 comm="syz.2.1791" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=38500 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  562.166660][    C1] vkms_vblank_simulate: vblank timer overrun
[  562.184153][   T29] audit: type=1400 audit(1734071822.114:1034): avc:  denied  { write } for  pid=12410 comm="syz.0.1792" name="if_inet6" dev="proc" ino=4026533382 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1
[  562.184746][T12411] x_tables: ip6_tables: icmp6 match: only valid for protocol 58
[  562.228148][   T29] audit: type=1400 audit(1734071822.164:1035): avc:  denied  { bind } for  pid=12408 comm="syz.2.1791" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  562.248215][    C1] vkms_vblank_simulate: vblank timer overrun
[  562.265005][   T29] audit: type=1400 audit(1734071822.164:1036): avc:  denied  { connect } for  pid=12408 comm="syz.2.1791" lport=47 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  562.285739][   T29] audit: type=1400 audit(1734071822.174:1037): avc:  denied  { unmount } for  pid=5813 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  562.380597][   T29] audit: type=1400 audit(1734071822.304:1038): avc:  denied  { name_bind } for  pid=12410 comm="syz.0.1792" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1
[  562.793025][T10784] usb 4-1: new high-speed USB device number 40 using dummy_hcd
[  562.806566][T12421] 9pnet_fd: Insufficient options for proto=fd
[  562.811161][T12423] syz.2.1797: attempt to access beyond end of device
[  562.811161][T12423] loop2: rw=0, sector=2, nr_sectors = 1 limit=0
[  562.835363][T12423] hfs: can't find a HFS filesystem on dev loop2
[  562.955621][T10784] usb 4-1: Using ep0 maxpacket: 8
[  562.981299][T12420] team0 (unregistering): Port device team_slave_0 removed
[  562.993931][T12420] team0 (unregistering): Port device team_slave_1 removed
[  563.011669][T10784] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[  563.025988][T10784] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  563.030662][ T1292] ieee802154 phy0 wpan0: encryption failed: -22
[  563.042105][ T1292] ieee802154 phy1 wpan1: encryption failed: -22
[  563.066894][T10784] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  563.099214][T10784] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  563.128411][T10784] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  563.160520][T10784] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  563.192873][T10784] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  563.288170][T12428] FAULT_INJECTION: forcing a failure.
[  563.288170][T12428] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  563.322448][T12428] CPU: 1 UID: 0 PID: 12428 Comm: syz.4.1798 Not tainted 6.13.0-rc2-syzkaller-00130-g150b567e0d57 #0
[  563.333262][T12428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[  563.343320][T12428] Call Trace:
[  563.346681][T12428]  <TASK>
[  563.349609][T12428]  dump_stack_lvl+0x16c/0x1f0
[  563.354295][T12428]  should_fail_ex+0x497/0x5b0
[  563.358984][T12428]  _copy_from_user+0x2e/0xd0
[  563.363585][T12428]  alg_setsockopt+0x77f/0xee0
[  563.368270][T12428]  ? __pfx_alg_setsockopt+0x10/0x10
[  563.373489][T12428]  ? selinux_socket_setsockopt+0x6a/0x80
[  563.379130][T12428]  ? __pfx_alg_setsockopt+0x10/0x10
[  563.384332][T12428]  do_sock_setsockopt+0x222/0x480
[  563.389360][T12428]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  563.394914][T12428]  ? lock_acquire+0x2f/0xb0
[  563.399432][T12428]  __sys_setsockopt+0x1a0/0x230
[  563.404316][T12428]  __x64_sys_setsockopt+0xbd/0x160
[  563.409455][T12428]  ? do_syscall_64+0x91/0x250
[  563.414141][T12428]  ? lockdep_hardirqs_on+0x7c/0x110
[  563.419341][T12428]  do_syscall_64+0xcd/0x250
[  563.423854][T12428]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  563.429757][T12428] RIP: 0033:0x7f92b8985d19
[  563.434174][T12428] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  563.453775][T12428] RSP: 002b:00007f92b9865038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  563.462175][T12428] RAX: ffffffffffffffda RBX: 00007f92b8b75fa0 RCX: 00007f92b8985d19
[  563.470145][T12428] RDX: 0000000000000001 RSI: 0000000000000117 RDI: 0000000000000003
[  563.478114][T12428] RBP: 00007f92b9865090 R08: 0000000000000022 R09: 0000000000000000
[  563.480517][    T8] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[  563.486064][T12428] R10: 0000000020000300 R11: 0000000000000246 R12: 0000000000000001
[  563.501603][T12428] R13: 0000000000000000 R14: 00007f92b8b75fa0 R15: 00007ffd11d95808
[  563.509603][T12428]  </TASK>
[  563.512690][    C1] vkms_vblank_simulate: vblank timer overrun
[  563.565165][  T969] kernel write not supported for file /1227/attr/keycreate (pid: 969 comm: kworker/0:2)
[  563.592985][   T29] kauditd_printk_skb: 3 callbacks suppressed
[  563.592996][   T29] audit: type=1400 audit(1734071823.534:1042): avc:  denied  { getopt } for  pid=12429 comm="syz.4.1799" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  563.629610][T10784] usb 4-1: usb_control_msg returned -32
[  563.635440][T10784] usbtmc 4-1:16.0: can't read capabilities
[  563.641660][    T8] usb 3-1: Using ep0 maxpacket: 16
[  563.652003][    T8] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  563.666783][    T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  563.692692][    T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  563.704006][    T8] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  563.706500][T12432] netlink: 212 bytes leftover after parsing attributes in process `syz.4.1800'.
[  563.714512][    T8] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  563.737375][    T8] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  563.749146][    T8] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  563.766810][    T8] usb 3-1: Manufacturer: syz
[  563.773465][    T8] usb 3-1: config 0 descriptor??
[  564.503498][   T29] audit: type=1400 audit(1734071824.444:1043): avc:  denied  { create } for  pid=12412 comm="syz.3.1793" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  564.524125][   T29] audit: type=1400 audit(1734071824.444:1044): avc:  denied  { write } for  pid=12412 comm="syz.3.1793" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  564.530510][    T8] rc_core: IR keymap rc-hauppauge not found
[  564.550644][    T8] Registered IR keymap rc-empty
[  564.556099][    T8] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  564.581244][    T8] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  564.600750][    T8] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0
[  564.613507][    T8] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input44
[  564.627451][    T8] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  564.722226][    T8] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  564.740713][    T8] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  564.762017][    T8] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  564.793243][    T8] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  564.820663][    T8] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  564.840819][    T8] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  564.869470][    T8] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  564.890636][    T8] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  564.921996][    T8] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  564.960940][    T8] mceusb 3-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  564.970376][    T8] mceusb 3-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  564.982382][    T8] usb 3-1: USB disconnect, device number 33
[  565.159754][T12453] netlink: 188 bytes leftover after parsing attributes in process `syz.0.1804'.
[  565.172182][T12453] netlink: 'syz.0.1804': attribute type 1 has an invalid length.
[  565.538827][ T2146] usb 4-1: USB disconnect, device number 40
[  566.227113][   T29] audit: type=1400 audit(1734071826.164:1045): avc:  denied  { ioctl } for  pid=12462 comm="syz.2.1810" path="socket:[39357]" dev="sockfs" ino=39357 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  566.251818][    C1] vkms_vblank_simulate: vblank timer overrun
[  566.260504][ T2146] usb 4-1: new high-speed USB device number 41 using dummy_hcd
[  566.584960][ T2146] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  566.797365][   T29] audit: type=1400 audit(1734071826.184:1046): avc:  denied  { getopt } for  pid=12462 comm="syz.2.1810" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  566.823182][ T2146] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  566.833739][ T2146] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[  566.842869][ T2146] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  566.877390][ T2146] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  566.973618][ T2146] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  566.982767][ T2146] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  566.991500][ T2146] usb 4-1: Product: syz
[  566.995673][ T2146] usb 4-1: Manufacturer: syz
[  567.028563][ T2146] cdc_wdm 4-1:1.0: skipping garbage
[  567.033970][ T2146] cdc_wdm 4-1:1.0: skipping garbage
[  567.041904][ T2146] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device
[  567.050598][ T2146] cdc_wdm 4-1:1.0: Unknown control protocol
[  567.301813][   T29] audit: type=1400 audit(1734071827.154:1047): avc:  denied  { create } for  pid=12471 comm="syz.2.1813" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  567.610610][   T29] audit: type=1400 audit(1734071827.164:1048): avc:  denied  { connect } for  pid=12471 comm="syz.2.1813" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  567.648936][   T29] audit: type=1400 audit(1734071827.584:1049): avc:  denied  { read write } for  pid=12456 comm="syz.3.1807" name="sg0" dev="devtmpfs" ino=747 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  567.650697][ T2146] usb 4-1: USB disconnect, device number 41
[  567.673249][    T8] usb 5-1: new high-speed USB device number 49 using dummy_hcd
[  567.696515][   T29] audit: type=1400 audit(1734071827.584:1050): avc:  denied  { open } for  pid=12456 comm="syz.3.1807" path="/dev/sg0" dev="devtmpfs" ino=747 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  567.867924][T12484] 9pnet_fd: Insufficient options for proto=fd
[  567.885133][    T8] usb 5-1: Using ep0 maxpacket: 8
[  567.923338][T12486] FAULT_INJECTION: forcing a failure.
[  567.923338][T12486] name failslab, interval 1, probability 0, space 0, times 0
[  567.936100][   T29] audit: type=1400 audit(1734071827.864:1051): avc:  denied  { create } for  pid=12485 comm="syz.2.1818" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  567.956413][    T8] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  567.968993][    T8] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  567.982851][T12486] CPU: 0 UID: 0 PID: 12486 Comm: syz.2.1818 Not tainted 6.13.0-rc2-syzkaller-00130-g150b567e0d57 #0
[  567.993653][T12486] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[  568.003727][T12486] Call Trace:
[  568.007013][T12486]  <TASK>
[  568.009947][T12486]  dump_stack_lvl+0x16c/0x1f0
[  568.014637][T12486]  should_fail_ex+0x497/0x5b0
[  568.019330][T12486]  ? fs_reclaim_acquire+0xae/0x150
[  568.024461][T12486]  should_failslab+0xc2/0x120
[  568.029153][T12486]  __kmalloc_noprof+0xcb/0x510
[  568.033930][T12486]  ? rcu_is_watching+0x12/0xc0
[  568.038712][T12486]  tomoyo_encode2+0x100/0x3e0
[  568.043406][T12486]  tomoyo_encode+0x29/0x50
[  568.047813][T12486]  tomoyo_realpath_from_path+0x19d/0x720
[  568.053435][T12486]  ? tomoyo_path_number_perm+0x235/0x590
[  568.059055][T12486]  tomoyo_path_number_perm+0x248/0x590
[  568.064512][T12486]  ? tomoyo_path_number_perm+0x235/0x590
[  568.070138][T12486]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  568.076132][T12486]  ? __pfx_lock_release+0x10/0x10
[  568.081236][T12486]  ? trace_lock_acquire+0x14e/0x1f0
[  568.086537][T12486]  ? lock_acquire+0x2f/0xb0
[  568.091051][T12486]  ? __fget_files+0x40/0x3a0
[  568.095634][T12486]  ? __fget_files+0x206/0x3a0
[  568.100341][T12486]  security_file_ioctl+0x9b/0x240
[  568.105367][T12486]  __x64_sys_ioctl+0xb7/0x200
[  568.110041][T12486]  do_syscall_64+0xcd/0x250
[  568.114538][T12486]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  568.120423][T12486] RIP: 0033:0x7ff905385d19
[  568.124836][T12486] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  568.144447][T12486] RSP: 002b:00007ff90624a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  568.152855][T12486] RAX: ffffffffffffffda RBX: 00007ff905575fa0 RCX: 00007ff905385d19
[  568.160819][T12486] RDX: 0000000000000000 RSI: 0000000000005411 RDI: 0000000000000003
[  568.168796][T12486] RBP: 00007ff90624a090 R08: 0000000000000000 R09: 0000000000000000
[  568.176784][T12486] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  568.184752][T12486] R13: 0000000000000000 R14: 00007ff905575fa0 R15: 00007ffcd438b7a8
[  568.192724][T12486]  </TASK>
[  568.203327][    T8] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  568.213101][T12486] ERROR: Out of memory at tomoyo_realpath_from_path.
[  568.230710][    T8] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  568.270586][    T8] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  568.297007][    T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  568.561812][    T8] usb 5-1: GET_CAPABILITIES returned 0
[  568.575824][    T8] usbtmc 5-1:16.0: can't read capabilities
[  568.776816][    T8] usb 5-1: USB disconnect, device number 49
[  569.012694][   T29] kauditd_printk_skb: 1 callbacks suppressed
[  569.012712][   T29] audit: type=1400 audit(1734071828.954:1053): avc:  denied  { create } for  pid=12497 comm="syz.1.1822" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  569.067393][   T29] audit: type=1400 audit(1734071828.974:1054): avc:  denied  { bind } for  pid=12497 comm="syz.1.1822" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  569.166969][   T29] audit: type=1400 audit(1734071829.104:1055): avc:  denied  { relabelfrom } for  pid=12503 comm="syz.0.1824" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  569.195073][   T29] audit: type=1400 audit(1734071829.104:1056): avc:  denied  { relabelto } for  pid=12503 comm="syz.0.1824" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  569.430808][    T8] usb 4-1: new high-speed USB device number 42 using dummy_hcd
[  569.646191][T12511] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1826'.
[  569.708919][    T8] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 4
[  569.723264][   T29] audit: type=1400 audit(1734071829.644:1057): avc:  denied  { read } for  pid=12512 comm="syz.4.1828" name="usbmon0" dev="devtmpfs" ino=716 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  569.759053][    T8] usb 4-1: Dual-Role OTG device on HNP port
[  569.766491][    T8] usb 4-1: New USB device found, idVendor=1a0a, idProduct=0102, bcdDevice=7a.b1
[  569.780622][   T29] audit: type=1400 audit(1734071829.644:1058): avc:  denied  { open } for  pid=12512 comm="syz.4.1828" path="/dev/usbmon0" dev="devtmpfs" ino=716 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  569.787169][    T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  569.850577][    T8] usb 4-1: Product: syz
[  569.854943][   T29] audit: type=1400 audit(1734071829.684:1059): avc:  denied  { ioctl } for  pid=12512 comm="syz.4.1828" path="/dev/usbmon0" dev="devtmpfs" ino=716 ioctlcmd=0x9207 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  569.860047][    T8] usb 4-1: Manufacturer: syz
[  569.934006][   T29] audit: type=1400 audit(1734071829.834:1060): avc:  denied  { write } for  pid=12516 comm="syz.4.1829" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  569.940533][    T8] usb 4-1: SerialNumber: syz
[  569.970671][T12521] lo speed is unknown, defaulting to 1000
[  569.991279][    T8] usb 4-1: config 0 descriptor??
[  570.002283][   T29] audit: type=1400 audit(1734071829.834:1061): avc:  denied  { nlmsg_write } for  pid=12516 comm="syz.4.1829" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  570.015720][    T8] usb_ehset_test 4-1:0.0: probe with driver usb_ehset_test failed with error -32
[  570.052788][   T29] audit: type=1400 audit(1734071829.864:1062): avc:  denied  { create } for  pid=12520 comm="syz.0.1830" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1
[  570.492641][T12500] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1820'.
[  570.517356][    T8] usb 4-1: USB disconnect, device number 42
[  570.988507][T12534] FAULT_INJECTION: forcing a failure.
[  570.988507][T12534] name failslab, interval 1, probability 0, space 0, times 0
[  571.020677][T12534] CPU: 0 UID: 0 PID: 12534 Comm: syz.2.1834 Not tainted 6.13.0-rc2-syzkaller-00130-g150b567e0d57 #0
[  571.031465][T12534] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[  571.041498][T12534] Call Trace:
[  571.044754][T12534]  <TASK>
[  571.047662][T12534]  dump_stack_lvl+0x16c/0x1f0
[  571.052320][T12534]  should_fail_ex+0x497/0x5b0
[  571.056974][T12534]  ? fs_reclaim_acquire+0xae/0x150
[  571.062067][T12534]  should_failslab+0xc2/0x120
[  571.066720][T12534]  __kmalloc_noprof+0xcb/0x510
[  571.071459][T12534]  ? d_absolute_path+0x137/0x1b0
[  571.076375][T12534]  ? rcu_is_watching+0x12/0xc0
[  571.081121][T12534]  tomoyo_encode2+0x100/0x3e0
[  571.085777][T12534]  tomoyo_encode+0x29/0x50
[  571.090166][T12534]  tomoyo_realpath_from_path+0x19d/0x720
[  571.095779][T12534]  tomoyo_path_number_perm+0x248/0x590
[  571.101212][T12534]  ? tomoyo_path_number_perm+0x235/0x590
[  571.106820][T12534]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  571.112797][T12534]  ? __pfx_lock_release+0x10/0x10
[  571.117819][T12534]  ? trace_lock_acquire+0x14e/0x1f0
[  571.123016][T12534]  ? lock_acquire+0x2f/0xb0
[  571.127498][T12534]  ? __fget_files+0x40/0x3a0
[  571.132067][T12534]  ? __fget_files+0x206/0x3a0
[  571.136719][T12534]  security_file_ioctl+0x9b/0x240
[  571.141721][T12534]  __x64_sys_ioctl+0xb7/0x200
[  571.146382][T12534]  do_syscall_64+0xcd/0x250
[  571.150885][T12534]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  571.156754][T12534] RIP: 0033:0x7ff905385d19
[  571.161144][T12534] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  571.180743][T12534] RSP: 002b:00007ff90624a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  571.189138][T12534] RAX: ffffffffffffffda RBX: 00007ff905575fa0 RCX: 00007ff905385d19
[  571.197096][T12534] RDX: 0000000020000040 RSI: 0000000040086603 RDI: 0000000000000003
[  571.205058][T12534] RBP: 00007ff90624a090 R08: 0000000000000000 R09: 0000000000000000
[  571.213004][T12534] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  571.220951][T12534] R13: 0000000000000000 R14: 00007ff905575fa0 R15: 00007ffcd438b7a8
[  571.228910][T12534]  </TASK>
[  571.246138][T12534] ERROR: Out of memory at tomoyo_realpath_from_path.
[  572.664365][T12551] FAULT_INJECTION: forcing a failure.
[  572.664365][T12551] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  572.677647][T12551] CPU: 1 UID: 0 PID: 12551 Comm: syz.2.1840 Not tainted 6.13.0-rc2-syzkaller-00130-g150b567e0d57 #0
[  572.688424][T12551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[  572.698591][T12551] Call Trace:
[  572.701880][T12551]  <TASK>
[  572.704822][T12551]  dump_stack_lvl+0x16c/0x1f0
[  572.709522][T12551]  should_fail_ex+0x497/0x5b0
[  572.714220][T12551]  _copy_from_user+0x2e/0xd0
[  572.718832][T12551]  sg_write+0x776/0xe00
[  572.723012][T12551]  ? __pfx_sg_write+0x10/0x10
[  572.727707][T12551]  ? __pfx___schedule+0x10/0x10
[  572.732594][T12551]  ? __pfx_sg_write+0x10/0x10
[  572.737290][T12551]  vfs_write+0x24c/0x1150
[  572.741619][T12551]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  572.747417][T12551]  ? rcu_preempt_deferred_qs_irqrestore+0x505/0xb80
[  572.753995][T12551]  ? __pfx_vfs_write+0x10/0x10
[  572.758743][T12551]  ? rcu_is_watching+0x12/0xc0
[  572.763501][T12551]  ? __rcu_read_unlock+0x2b4/0x580
[  572.768602][T12551]  ? __fget_files+0x206/0x3a0
[  572.773269][T12551]  ksys_write+0x12b/0x250
[  572.777584][T12551]  ? __pfx_ksys_write+0x10/0x10
[  572.782426][T12551]  do_syscall_64+0xcd/0x250
[  572.786924][T12551]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  572.792809][T12551] RIP: 0033:0x7ff905385d19
[  572.797211][T12551] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  572.816806][T12551] RSP: 002b:00007ff90624a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  572.825206][T12551] RAX: ffffffffffffffda RBX: 00007ff905575fa0 RCX: 00007ff905385d19
[  572.833163][T12551] RDX: 000000000000024d RSI: 0000000020000800 RDI: 0000000000000004
[  572.841135][T12551] RBP: 00007ff90624a090 R08: 0000000000000000 R09: 0000000000000000
[  572.849091][T12551] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  572.857045][T12551] R13: 0000000000000000 R14: 00007ff905575fa0 R15: 00007ffcd438b7a8
[  572.865012][T12551]  </TASK>
[  572.931459][T10784] usb 4-1: new high-speed USB device number 43 using dummy_hcd
[  573.184070][T10784] usb 4-1: Using ep0 maxpacket: 8
[  573.292390][T10784] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  573.317660][T10784] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  573.376205][T10784] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  573.391143][T10784] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  573.404775][T10784] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  573.415617][T10784] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  573.573852][T12568] sp0: Synchronizing with TNC
[  573.914779][T12568] xt_socket: unknown flags 0x50
[  574.020805][   T29] kauditd_printk_skb: 3 callbacks suppressed
[  574.020841][   T29] audit: type=1400 audit(1734071833.924:1066): avc:  denied  { listen } for  pid=12542 comm="syz.3.1839" lport=51644 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  574.057570][   T29] audit: type=1400 audit(1734071833.994:1067): avc:  denied  { accept } for  pid=12542 comm="syz.3.1839" lport=51644 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  574.139061][T10784] usb 4-1: usb_control_msg returned -32
[  574.150576][T10784] usbtmc 4-1:16.0: can't read capabilities
[  574.168750][T10784] usb 4-1: USB disconnect, device number 43
[  574.724708][  T969] usb 1-1: new high-speed USB device number 42 using dummy_hcd
[  575.129156][  T969] usb 1-1: config index 0 descriptor too short (expected 23569, got 27)
[  575.140640][  T969] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  575.165768][  T969] usb 1-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  575.174976][  T969] usb 1-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  575.183369][  T969] usb 1-1: Manufacturer: syz
[  575.189507][  T969] usb 1-1: config 0 descriptor??
[  575.301841][ T5825] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[  575.350573][  T969] rc_core: IR keymap rc-hauppauge not found
[  575.356614][  T969] Registered IR keymap rc-empty
[  575.363006][  T969] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0
[  575.864708][  T969] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input45
[  575.914356][ T5825] usb 3-1: Using ep0 maxpacket: 32
[  575.927445][ T5825] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  575.943093][ T5825] usb 3-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=20.79
[  575.952358][ T5825] usb 3-1: New USB device strings: Mfr=2, Product=236, SerialNumber=0
[  575.967751][ T5825] usb 3-1: Product: syz
[  576.122480][ T5825] usb 3-1: Manufacturer: syz
[  576.132480][ T5825] usb 3-1: config 0 descriptor??
[  576.138051][T12587] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  576.339306][T12608] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1852'.
[  681.180392][    C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[  681.180411][    C0] rcu: 	(detected by 0, t=10502 jiffies, g=44629, q=154 ncpus=2)
[  681.180427][    C0] rcu: All QSes seen, last rcu_preempt kthread activity 10500 (4295005224-4294994724), jiffies_till_next_fqs=1, root ->qsmask 0x0
[  681.180445][    C0] rcu: rcu_preempt kthread starved for 10500 jiffies! g44629 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
[  681.180465][    C0] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[  681.180474][    C0] rcu: RCU grace-period kthread stack dump:
[  681.180481][    C0] task:rcu_preempt     state:R  running task     stack:28160 pid:17    tgid:17    ppid:2      flags:0x00004000
[  681.180544][    C0] Call Trace:
[  681.180550][    C0]  <TASK>
[  681.180562][    C0]  __schedule+0xe58/0x5ad0
[  681.180588][    C0]  ? __pfx___lock_acquire+0x10/0x10
[  681.180622][    C0]  ? __pfx___schedule+0x10/0x10
[  681.180643][    C0]  ? schedule+0x298/0x350
[  681.180661][    C0]  ? __pfx_lock_release+0x10/0x10
[  681.180687][    C0]  ? lock_acquire+0x2f/0xb0
[  681.180705][    C0]  ? schedule+0x1fd/0x350
[  681.180727][    C0]  schedule+0xe7/0x350
[  681.180747][    C0]  schedule_timeout+0x124/0x280
[  681.180774][    C0]  ? __pfx_schedule_timeout+0x10/0x10
[  681.180802][    C0]  ? __pfx_process_timeout+0x10/0x10
[  681.180833][    C0]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  681.180854][    C0]  ? prepare_to_swait_event+0xf3/0x470
[  681.180880][    C0]  rcu_gp_fqs_loop+0x1eb/0xb00
[  681.180905][    C0]  ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[  681.180925][    C0]  ? rcu_gp_init+0xc82/0x1630
[  681.180949][    C0]  ? _raw_spin_unlock_irq+0x2e/0x50
[  681.180975][    C0]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  681.180998][    C0]  rcu_gp_kthread+0x271/0x380
[  681.181020][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  681.181043][    C0]  ? lockdep_hardirqs_on+0x7c/0x110
[  681.181066][    C0]  ? __kthread_parkme+0x148/0x220
[  681.181093][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  681.181116][    C0]  kthread+0x2c1/0x3a0
[  681.181138][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  681.181157][    C0]  ? __pfx_kthread+0x10/0x10
[  681.181182][    C0]  ret_from_fork+0x45/0x80
[  681.181201][    C0]  ? __pfx_kthread+0x10/0x10
[  681.181224][    C0]  ret_from_fork_asm+0x1a/0x30
[  681.181261][    C0]  </TASK>
[  681.181269][    C0] rcu: Stack dump where RCU GP kthread last ran:
[  681.181277][    C0] Sending NMI from CPU 0 to CPUs 1:
[  681.181298][    C1] NMI backtrace for cpu 1
[  681.181307][    C1] CPU: 1 UID: 0 PID: 12608 Comm: syz.3.1852 Not tainted 6.13.0-rc2-syzkaller-00130-g150b567e0d57 #0
[  681.181322][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[  681.181330][    C1] RIP: 0010:write_comp_data+0x11/0x90
[  681.181347][    C1] Code: cc cc cc cc 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 49 89 d2 49 89 f8 49 89 f1 65 48 8b 15 ef d4 69 7e <65> 8b 05 f0 d4 69 7e a9 00 01 ff 00 74 1d f6 c4 01 74 67 a9 00 00
[  681.181359][    C1] RSP: 0018:ffffc90000a18d50 EFLAGS: 00000046
[  681.181371][    C1] RAX: 0000000000000001 RBX: ffff888057e3c000 RCX: ffffffff8908622a
[  681.181380][    C1] RDX: ffff888025862440 RSI: 0000000000000000 RDI: 0000000000000001
[  681.181388][    C1] RBP: ffff888036c7b401 R08: 0000000000000001 R09: 0000000000000000
[  681.181396][    C1] R10: 0000000000000001 R11: 0000000000000002 R12: 0000000000000002
[  681.181405][    C1] R13: ffff888036c7b400 R14: ffff888057e3c340 R15: ffff888036c7bc00
[  681.181414][    C1] FS:  00007f215a1ca6c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
[  681.181429][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  681.181439][    C1] CR2: 0000001b2fbdf320 CR3: 0000000030dc2000 CR4: 00000000003526f0
[  681.181448][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  681.181456][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  681.181465][    C1] Call Trace:
[  681.181469][    C1]  <NMI>
[  681.181474][    C1]  ? nmi_cpu_backtrace+0x1d8/0x390
[  681.181495][    C1]  ? nmi_cpu_backtrace_handler+0xc/0x20
[  681.181508][    C1]  ? nmi_handle+0x1ac/0x5d0
[  681.181523][    C1]  ? write_comp_data+0x11/0x90
[  681.181537][    C1]  ? default_do_nmi+0x6a/0x160
[  681.181555][    C1]  ? exc_nmi+0x170/0x1e0
[  681.181573][    C1]  ? end_repeat_nmi+0xf/0x53
[  681.181591][    C1]  ? __netif_schedule+0x3a/0x2f0
[  681.181606][    C1]  ? write_comp_data+0x11/0x90
[  681.181621][    C1]  ? write_comp_data+0x11/0x90
[  681.181636][    C1]  ? write_comp_data+0x11/0x90
[  681.181651][    C1]  </NMI>
[  681.181655][    C1]  <IRQ>
[  681.181660][    C1]  __netif_schedule+0x3a/0x2f0
[  681.181673][    C1]  advance_sched+0x6a7/0xc60
[  681.181690][    C1]  ? __pfx_advance_sched+0x10/0x10
[  681.181701][    C1]  __hrtimer_run_queues+0x20a/0xae0
[  681.181721][    C1]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  681.181737][    C1]  ? read_tsc+0x9/0x20
[  681.181756][    C1]  hrtimer_interrupt+0x392/0x8e0
[  681.181776][    C1]  __sysvec_apic_timer_interrupt+0x10f/0x400
[  681.181793][    C1]  sysvec_apic_timer_interrupt+0x9f/0xc0
[  681.181807][    C1]  </IRQ>
[  681.181811][    C1]  <TASK>
[  681.181816][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  681.181832][    C1] RIP: 0010:console_flush_all+0x9a4/0xc60
[  681.181851][    C1] Code: 00 e8 d0 15 28 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 8e 66 20 00 48 85 db 0f 85 55 01 00 00 e8 10 64 20 00 fb 4c 89 e0 <48> c1 e8 03 42 80 3c 38 00 0f 84 11 ff ff ff 4c 89 e7 e8 65 1e 83
[  681.181862][    C1] RSP: 0018:ffffc900038def88 EFLAGS: 00000202
[  681.181872][    C1] RAX: ffffffff8ee91af8 RBX: 0000000000000000 RCX: ffffffff81799f62
[  681.181881][    C1] RDX: ffff888025862440 RSI: ffffffff81799f70 RDI: 0000000000002792
[  681.181890][    C1] RBP: 0000000000000000 R08: 0000000000000007 R09: 0000000000000000
[  681.181897][    C1] R10: 0000000000000000 R11: 0000000000009e44 R12: ffffffff8ee91af8
[  681.181906][    C1] R13: ffffffff8ee91aa0 R14: ffffc900038df018 R15: dffffc0000000000
[  681.181917][    C1]  ? console_flush_all+0x992/0xc60
[  681.181933][    C1]  ? console_flush_all+0x9a0/0xc60
[  681.181951][    C1]  ? console_flush_all+0x9a0/0xc60
[  681.181969][    C1]  ? __pfx_console_flush_all+0x10/0x10
[  681.181988][    C1]  ? printk_percpu_data_ready+0x9/0x20
[  681.182003][    C1]  ? nbcon_get_cpu_emergency_nesting+0x3b/0x50
[  681.182022][    C1]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  681.182038][    C1]  console_unlock+0xd9/0x210
[  681.182054][    C1]  ? __pfx_console_unlock+0x10/0x10
[  681.182070][    C1]  ? lock_acquire+0x2f/0xb0
[  681.182084][    C1]  ? vprintk+0x7f/0xa0
[  681.182101][    C1]  ? __down_trylock_console_sem+0xb0/0x140
[  681.182117][    C1]  vprintk_emit+0x424/0x6f0
[  681.182134][    C1]  ? __pfx_vprintk_emit+0x10/0x10
[  681.182151][    C1]  ? __pfx_lock_release+0x10/0x10
[  681.182164][    C1]  ? trace_lock_acquire+0x14e/0x1f0
[  681.182184][    C1]  vprintk+0x7f/0xa0
[  681.182201][    C1]  _printk+0xc8/0x100
[  681.182215][    C1]  ? __pfx__printk+0x10/0x10
[  681.182229][    C1]  ? ___ratelimit+0x24c/0x570
[  681.182243][    C1]  ? __pfx____ratelimit+0x10/0x10
[  681.182257][    C1]  ? __nla_validate_parse+0x66e/0x2880
[  681.182277][    C1]  __nla_validate_parse+0x753/0x2880
[  681.182293][    C1]  ? __pfx___nla_validate_parse+0x10/0x10
[  681.182311][    C1]  __nla_parse+0x40/0x60
[  681.182325][    C1]  rtnl_newlink+0x186/0x1d60
[  681.182343][    C1]  ? hlock_class+0x4e/0x130
[  681.182360][    C1]  ? __lock_acquire+0xcc5/0x3c40
[  681.182374][    C1]  ? __pfx_rtnl_newlink+0x10/0x10
[  681.182393][    C1]  ? __pfx___lock_acquire+0x10/0x10
[  681.182406][    C1]  ? cred_has_capability.isra.0+0x192/0x2f0
[  681.182423][    C1]  ? __pfx_cred_has_capability.isra.0+0x10/0x10
[  681.182440][    C1]  ? find_held_lock+0x2d/0x110
[  681.182459][    C1]  ? rtnetlink_rcv_msg+0x93a/0xea0
[  681.182476][    C1]  ? __pfx_lock_release+0x10/0x10
[  681.182489][    C1]  ? trace_lock_acquire+0x14e/0x1f0
[  681.182514][    C1]  ? __pfx_rtnl_newlink+0x10/0x10
[  681.182532][    C1]  rtnetlink_rcv_msg+0x95b/0xea0
[  681.182550][    C1]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  681.182572][    C1]  netlink_rcv_skb+0x16b/0x440
[  681.182590][    C1]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  681.182607][    C1]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  681.182629][    C1]  ? rcu_is_watching+0x12/0xc0
[  681.182648][    C1]  netlink_unicast+0x53c/0x7f0
[  681.182666][    C1]  ? __pfx_netlink_unicast+0x10/0x10
[  681.182685][    C1]  netlink_sendmsg+0x8b8/0xd70
[  681.182702][    C1]  ? __pfx_netlink_sendmsg+0x10/0x10
[  681.182722][    C1]  ____sys_sendmsg+0xaaf/0xc90
[  681.182738][    C1]  ? copy_msghdr_from_user+0x10b/0x160
[  681.182757][    C1]  ? __pfx_____sys_sendmsg+0x10/0x10
[  681.182777][    C1]  ___sys_sendmsg+0x135/0x1e0
[  681.182796][    C1]  ? __pfx____sys_sendmsg+0x10/0x10
[  681.182818][    C1]  ? __pfx_lock_release+0x10/0x10
[  681.182831][    C1]  ? trace_lock_acquire+0x14e/0x1f0
[  681.182852][    C1]  ? __fget_files+0x206/0x3a0
[  681.182869][    C1]  __sys_sendmsg+0x16e/0x220
[  681.182887][    C1]  ? __pfx___sys_sendmsg+0x10/0x10
[  681.182905][    C1]  ? __x64_sys_futex+0x1e1/0x4c0
[  681.182925][    C1]  do_syscall_64+0xcd/0x250
[  681.182941][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  681.182958][    C1] RIP: 0033:0x7f2159385d19
[  681.182969][    C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  681.182980][    C1] RSP: 002b:00007f215a1ca038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  681.182992][    C1] RAX: ffffffffffffffda RBX: 00007f2159576160 RCX: 00007f2159385d19
[  681.183000][    C1] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000008
[  681.183008][    C1] RBP: 00007f2159401a20 R08: 0000000000000000 R09: 0000000000000000
[  681.183016][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  681.183024][    C1] R13: 0000000000000000 R14: 00007f2159576160 R15: 00007ffd1346e9a8
[  681.183036][    C1]  </TASK>
[  816.417273][    C0] watchdog: BUG: soft lockup - CPU#0 stuck for 226s! [kworker/u8:8:3634]
[  816.417302][    C0] Modules linked in:
[  816.417314][    C0] irq event stamp: 22214334
[  816.417322][    C0] hardirqs last  enabled at (22214333): [<ffffffff8b29224b>] irqentry_exit+0x3b/0x90
[  816.417356][    C0] hardirqs last disabled at (22214334): [<ffffffff8b2909ce>] sysvec_apic_timer_interrupt+0xe/0xc0
[  816.417380][    C0] softirqs last  enabled at (22214332): [<ffffffff815c517b>] handle_softirqs+0x5bb/0x8f0
[  816.417406][    C0] softirqs last disabled at (22214305): [<ffffffff815c5649>] __irq_exit_rcu+0x109/0x170
[  816.417434][    C0] CPU: 0 UID: 0 PID: 3634 Comm: kworker/u8:8 Not tainted 6.13.0-rc2-syzkaller-00130-g150b567e0d57 #0
[  816.417456][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[  816.417470][    C0] Workqueue: events_unbound toggle_allocation_gate
[  816.417494][    C0] RIP: 0010:smp_call_function_many_cond+0x458/0x1300
[  816.417523][    C0] Code: 0c 00 85 ed 74 4d 48 b8 00 00 00 00 00 fc ff df 4d 89 f4 4c 89 f5 49 c1 ec 03 83 e5 07 49 01 c4 83 c5 03 e8 aa 0d 0c 00 f3 90 <41> 0f b6 04 24 40 38 c5 7c 08 84 c0 0f 85 a7 0c 00 00 8b 43 08 31
[  816.417541][    C0] RSP: 0018:ffffc9000deb7998 EFLAGS: 00000293
[  816.417558][    C0] RAX: 0000000000000000 RBX: ffff8880b8744a40 RCX: ffffffff818df5fc
[  816.417571][    C0] RDX: ffff88803386a440 RSI: ffffffff818df5d6 RDI: 0000000000000005
[  816.417585][    C0] RBP: 0000000000000003 R08: 0000000000000005 R09: 0000000000000000
[  816.417597][    C0] R10: 0000000000000001 R11: 0000000000000006 R12: ffffed10170e8949
[  816.417608][    C0] R13: 0000000000000001 R14: ffff8880b8744a48 R15: ffff8880b863fe40
[  816.417621][    C0] FS:  0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
[  816.417641][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  816.417654][    C0] CR2: 00007f92b9842fe0 CR3: 000000000df7e000 CR4: 00000000003526f0
[  816.417667][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  816.417678][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  816.417691][    C0] Call Trace:
[  816.417698][    C0]  <IRQ>
[  816.417709][    C0]  ? watchdog_timer_fn+0x570/0x7d0
[  816.417736][    C0]  ? __pfx_watchdog_timer_fn+0x10/0x10
[  816.417759][    C0]  ? __hrtimer_run_queues+0x5fb/0xae0
[  816.417791][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  816.417814][    C0]  ? read_tsc+0x9/0x20
[  816.417848][    C0]  ? hrtimer_interrupt+0x392/0x8e0
[  816.417882][    C0]  ? __sysvec_apic_timer_interrupt+0x10f/0x400
[  816.417905][    C0]  ? sysvec_apic_timer_interrupt+0x9f/0xc0
[  816.417924][    C0]  </IRQ>
[  816.417931][    C0]  <TASK>
[  816.417939][    C0]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  816.417969][    C0]  ? smp_call_function_many_cond+0x47c/0x1300
[  816.417992][    C0]  ? smp_call_function_many_cond+0x456/0x1300
[  816.418016][    C0]  ? smp_call_function_many_cond+0x458/0x1300
[  816.418040][    C0]  ? smp_call_function_many_cond+0x456/0x1300
[  816.418064][    C0]  ? __pfx_do_sync_core+0x10/0x10
[  816.418091][    C0]  ? __pfx_do_sync_core+0x10/0x10
[  816.418117][    C0]  on_each_cpu_cond_mask+0x40/0x90
[  816.418142][    C0]  text_poke_bp_batch+0x22b/0x760
[  816.418171][    C0]  ? __pfx_text_poke_bp_batch+0x10/0x10
[  816.418193][    C0]  ? __jump_label_patch+0x1db/0x400
[  816.418222][    C0]  ? arch_jump_label_transform_queue+0xc0/0x120
[  816.418253][    C0]  text_poke_finish+0x30/0x40
[  816.418275][    C0]  arch_jump_label_transform_apply+0x1c/0x30
[  816.418300][    C0]  jump_label_update+0x1d7/0x400
[  816.418328][    C0]  static_key_enable_cpuslocked+0x1b7/0x270
[  816.418355][    C0]  static_key_enable+0x1a/0x20
[  816.418377][    C0]  toggle_allocation_gate+0xfc/0x260
[  816.418398][    C0]  ? __pfx_toggle_allocation_gate+0x10/0x10
[  816.418417][    C0]  ? trace_lock_acquire+0x14e/0x1f0
[  816.418444][    C0]  ? process_one_work+0x921/0x1ba0
[  816.418464][    C0]  ? lock_acquire+0x2f/0xb0
[  816.418482][    C0]  ? process_one_work+0x921/0x1ba0
[  816.418504][    C0]  process_one_work+0x9c5/0x1ba0
[  816.418531][    C0]  ? __pfx_nsim_dev_trap_report_work+0x10/0x10
[  816.418560][    C0]  ? __pfx_process_one_work+0x10/0x10
[  816.418578][    C0]  ? rcu_is_watching+0x12/0xc0
[  816.418608][    C0]  ? assign_work+0x1a0/0x250
[  816.418629][    C0]  worker_thread+0x6c8/0xf00
[  816.418655][    C0]  ? __kthread_parkme+0x148/0x220
[  816.418680][    C0]  ? __pfx_worker_thread+0x10/0x10
[  816.418699][    C0]  kthread+0x2c1/0x3a0
[  816.418720][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  816.418740][    C0]  ? __pfx_kthread+0x10/0x10
[  816.418763][    C0]  ret_from_fork+0x45/0x80
[  816.418780][    C0]  ? __pfx_kthread+0x10/0x10
[  816.418803][    C0]  ret_from_fork_asm+0x1a/0x30
[  816.418839][    C0]  </TASK>
[  816.418848][    C0] Sending NMI from CPU 0 to CPUs 1:
[  816.418874][    C1] NMI backtrace for cpu 1
[  816.418883][    C1] CPU: 1 UID: 0 PID: 12608 Comm: syz.3.1852 Not tainted 6.13.0-rc2-syzkaller-00130-g150b567e0d57 #0
[  816.418898][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[  816.418905][    C1] RIP: 0010:advance_sched+0x126/0xc60
[  816.418921][    C1] Code: 48 89 44 24 30 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 84 0a 00 00 49 8b 46 e8 48 89 04 24 e8 8a 38 e8 01 <31> ff 89 c3 89 c6 e8 2f 25 59 f8 85 db 0f 85 44 06 00 00 e8 e2 22
[  816.418932][    C1] RSP: 0018:ffffc90000a18d80 EFLAGS: 00000046
[  816.418943][    C1] RAX: 0000000000000001 RBX: 0000000000000001 RCX: ffffffff8940e784
[  816.418951][    C1] RDX: 1ffff1100afc7865 RSI: ffffffff8940e055 RDI: 0000000000000005
[  816.418960][    C1] RBP: 000000000003d90c R08: 0000000000000005 R09: 0000000000000000
[  816.418968][    C1] R10: 0000000000000001 R11: 0000000000000002 R12: ffff888057e3c340
[  816.418976][    C1] R13: ffff8880b872cb00 R14: ffff888057e3c340 R15: ffffffff8940df60
[  816.418986][    C1] FS:  00007f215a1ca6c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
[  816.419001][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  816.419010][    C1] CR2: 0000001b2fbdf320 CR3: 0000000030dc2000 CR4: 00000000003526f0
[  816.419019][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  816.419027][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  816.419036][    C1] Call Trace:
[  816.419042][    C1]  <NMI>
[  816.419047][    C1]  ? nmi_cpu_backtrace+0x1d8/0x390
[  816.419070][    C1]  ? nmi_cpu_backtrace_handler+0xc/0x20
[  816.419083][    C1]  ? nmi_handle+0x1ac/0x5d0
[  816.419098][    C1]  ? advance_sched+0x126/0xc60
[  816.419111][    C1]  ? default_do_nmi+0x6a/0x160
[  816.419132][    C1]  ? exc_nmi+0x170/0x1e0
[  816.419150][    C1]  ? end_repeat_nmi+0xf/0x53
[  816.419166][    C1]  ? __pfx_advance_sched+0x10/0x10
[  816.419179][    C1]  ? advance_sched+0x824/0xc60
[  816.419191][    C1]  ? advance_sched+0xf5/0xc60
[  816.419204][    C1]  ? advance_sched+0x126/0xc60
[  816.419216][    C1]  ? advance_sched+0x126/0xc60
[  816.419229][    C1]  ? advance_sched+0x126/0xc60
[  816.419241][    C1]  </NMI>
[  816.419245][    C1]  <IRQ>
[  816.419251][    C1]  ? timerqueue_del+0x83/0x150
[  816.419270][    C1]  ? do_raw_spin_unlock+0x172/0x230
[  816.419287][    C1]  ? __pfx_advance_sched+0x10/0x10
[  816.419299][    C1]  __hrtimer_run_queues+0x20a/0xae0
[  816.419318][    C1]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  816.419334][    C1]  ? read_tsc+0x9/0x20
[  816.419353][    C1]  hrtimer_interrupt+0x392/0x8e0
[  816.419379][    C1]  __sysvec_apic_timer_interrupt+0x10f/0x400
[  816.419396][    C1]  sysvec_apic_timer_interrupt+0x9f/0xc0
[  816.419411][    C1]  </IRQ>
[  816.419415][    C1]  <TASK>
[  816.419420][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  816.419437][    C1] RIP: 0010:console_flush_all+0x9a4/0xc60
[  816.419456][    C1] Code: 00 e8 d0 15 28 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 8e 66 20 00 48 85 db 0f 85 55 01 00 00 e8 10 64 20 00 fb 4c 89 e0 <48> c1 e8 03 42 80 3c 38 00 0f 84 11 ff ff ff 4c 89 e7 e8 65 1e 83
[  816.419467][    C1] RSP: 0018:ffffc900038def88 EFLAGS: 00000202
[  816.419477][    C1] RAX: ffffffff8ee91af8 RBX: 0000000000000000 RCX: ffffffff81799f62
[  816.419486][    C1] RDX: ffff888025862440 RSI: ffffffff81799f70 RDI: 0000000000002792
[  816.419495][    C1] RBP: 0000000000000000 R08: 0000000000000007 R09: 0000000000000000
[  816.419502][    C1] R10: 0000000000000000 R11: 0000000000009e44 R12: ffffffff8ee91af8
[  816.419511][    C1] R13: ffffffff8ee91aa0 R14: ffffc900038df018 R15: dffffc0000000000
[  816.419523][    C1]  ? console_flush_all+0x992/0xc60
[  816.419539][    C1]  ? console_flush_all+0x9a0/0xc60
[  816.419558][    C1]  ? console_flush_all+0x9a0/0xc60
[  816.419576][    C1]  ? __pfx_console_flush_all+0x10/0x10
[  816.419595][    C1]  ? printk_percpu_data_ready+0x9/0x20
[  816.419611][    C1]  ? nbcon_get_cpu_emergency_nesting+0x3b/0x50
[  816.419630][    C1]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  816.419648][    C1]  console_unlock+0xd9/0x210
[  816.419664][    C1]  ? __pfx_console_unlock+0x10/0x10
[  816.419680][    C1]  ? lock_acquire+0x2f/0xb0
[  816.419694][    C1]  ? vprintk+0x7f/0xa0
[  816.419712][    C1]  ? __down_trylock_console_sem+0xb0/0x140
[  816.419728][    C1]  vprintk_emit+0x424/0x6f0
[  816.419745][    C1]  ? __pfx_vprintk_emit+0x10/0x10
[  816.419762][    C1]  ? __pfx_lock_release+0x10/0x10
[  816.419775][    C1]  ? trace_lock_acquire+0x14e/0x1f0
[  816.419795][    C1]  vprintk+0x7f/0xa0
[  816.419813][    C1]  _printk+0xc8/0x100
[  816.419827][    C1]  ? __pfx__printk+0x10/0x10
[  816.419841][    C1]  ? ___ratelimit+0x24c/0x570
[  816.419856][    C1]  ? __pfx____ratelimit+0x10/0x10
[  816.419870][    C1]  ? __nla_validate_parse+0x66e/0x2880
[  816.419887][    C1]  __nla_validate_parse+0x753/0x2880
[  816.419903][    C1]  ? __pfx___nla_validate_parse+0x10/0x10
[  816.419920][    C1]  __nla_parse+0x40/0x60
[  816.419934][    C1]  rtnl_newlink+0x186/0x1d60
[  816.419954][    C1]  ? hlock_class+0x4e/0x130
[  816.419970][    C1]  ? __lock_acquire+0xcc5/0x3c40
[  816.419985][    C1]  ? __pfx_rtnl_newlink+0x10/0x10
[  816.420004][    C1]  ? __pfx___lock_acquire+0x10/0x10
[  816.420018][    C1]  ? cred_has_capability.isra.0+0x192/0x2f0
[  816.420036][    C1]  ? __pfx_cred_has_capability.isra.0+0x10/0x10
[  816.420053][    C1]  ? find_held_lock+0x2d/0x110
[  816.420071][    C1]  ? rtnetlink_rcv_msg+0x93a/0xea0
[  816.420089][    C1]  ? __pfx_lock_release+0x10/0x10
[  816.420102][    C1]  ? trace_lock_acquire+0x14e/0x1f0
[  816.420123][    C1]  ? __pfx_rtnl_newlink+0x10/0x10
[  816.420140][    C1]  rtnetlink_rcv_msg+0x95b/0xea0
[  816.420159][    C1]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  816.420181][    C1]  netlink_rcv_skb+0x16b/0x440
[  816.420201][    C1]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  816.420219][    C1]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  816.420239][    C1]  ? rcu_is_watching+0x12/0xc0
[  816.420258][    C1]  netlink_unicast+0x53c/0x7f0
[  816.420276][    C1]  ? __pfx_netlink_unicast+0x10/0x10
[  816.420295][    C1]  netlink_sendmsg+0x8b8/0xd70
[  816.420313][    C1]  ? __pfx_netlink_sendmsg+0x10/0x10
[  816.420333][    C1]  ____sys_sendmsg+0xaaf/0xc90
[  816.420350][    C1]  ? copy_msghdr_from_user+0x10b/0x160
[  816.420373][    C1]  ? __pfx_____sys_sendmsg+0x10/0x10
[  816.420393][    C1]  ___sys_sendmsg+0x135/0x1e0
[  816.420413][    C1]  ? __pfx____sys_sendmsg+0x10/0x10
[  816.420436][    C1]  ? __pfx_lock_release+0x10/0x10
[  816.420449][    C1]  ? trace_lock_acquire+0x14e/0x1f0
[  816.420471][    C1]  ? __fget_files+0x206/0x3a0
[  816.420489][    C1]  __sys_sendmsg+0x16e/0x220
[  816.420508][    C1]  ? __pfx___sys_sendmsg+0x10/0x10
[  816.420526][    C1]  ? __x64_sys_futex+0x1e1/0x4c0
[  816.420546][    C1]  do_syscall_64+0xcd/0x250
[  816.420562][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  816.420579][    C1] RIP: 0033:0x7f2159385d19
[  816.420591][    C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  816.420603][    C1] RSP: 002b:00007f215a1ca038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  816.420616][    C1] RAX: ffffffffffffffda RBX: 00007f2159576160 RCX: 00007f2159385d19
[  816.420626][    C1] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000008
[  816.420634][    C1] RBP: 00007f2159401a20 R08: 0000000000000000 R09: 0000000000000000
[  816.420643][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  816.420651][    C1] R13: 0000000000000000 R14: 00007f2159576160 R15: 00007ffd1346e9a8
[  816.420665][    C1]  </TASK>
[  816.420870][    C0] Kernel panic - not syncing: softlockup: hung tasks
[  816.420883][    C0] CPU: 0 UID: 0 PID: 3634 Comm: kworker/u8:8 Tainted: G             L     6.13.0-rc2-syzkaller-00130-g150b567e0d57 #0
[  816.420907][    C0] Tainted: [L]=SOFTLOCKUP
[  816.420914][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[  816.420925][    C0] Workqueue: events_unbound toggle_allocation_gate
[  816.420944][    C0] Call Trace:
[  816.420950][    C0]  <IRQ>
[  816.420957][    C0]  dump_stack_lvl+0x3d/0x1f0
[  816.420979][    C0]  panic+0x71d/0x800
[  816.421005][    C0]  ? __pfx_panic+0x10/0x10
[  816.421027][    C0]  ? __pfx__printk+0x10/0x10
[  816.421048][    C0]  ? __irq_work_queue_local+0xdd/0x460
[  816.421071][    C0]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  816.421089][    C0]  ? irq_work_queue+0x2a/0x80
[  816.421108][    C0]  ? watchdog_timer_fn+0x5f2/0x7d0
[  816.421134][    C0]  ? watchdog_timer_fn+0x5e5/0x7d0
[  816.421158][    C0]  watchdog_timer_fn+0x603/0x7d0
[  816.421181][    C0]  ? __pfx_watchdog_timer_fn+0x10/0x10
[  816.421202][    C0]  __hrtimer_run_queues+0x5fb/0xae0
[  816.421232][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  816.421253][    C0]  ? read_tsc+0x9/0x20
[  816.421281][    C0]  hrtimer_interrupt+0x392/0x8e0
[  816.421314][    C0]  __sysvec_apic_timer_interrupt+0x10f/0x400
[  816.421336][    C0]  sysvec_apic_timer_interrupt+0x9f/0xc0
[  816.421355][    C0]  </IRQ>
[  816.421361][    C0]  <TASK>
[  816.421368][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  816.421389][    C0] RIP: 0010:smp_call_function_many_cond+0x458/0x1300
[  816.421413][    C0] Code: 0c 00 85 ed 74 4d 48 b8 00 00 00 00 00 fc ff df 4d 89 f4 4c 89 f5 49 c1 ec 03 83 e5 07 49 01 c4 83 c5 03 e8 aa 0d 0c 00 f3 90 <41> 0f b6 04 24 40 38 c5 7c 08 84 c0 0f 85 a7 0c 00 00 8b 43 08 31
[  816.421428][    C0] RSP: 0018:ffffc9000deb7998 EFLAGS: 00000293
[  816.421442][    C0] RAX: 0000000000000000 RBX: ffff8880b8744a40 RCX: ffffffff818df5fc
[  816.421453][    C0] RDX: ffff88803386a440 RSI: ffffffff818df5d6 RDI: 0000000000000005
[  816.421465][    C0] RBP: 0000000000000003 R08: 0000000000000005 R09: 0000000000000000
[  816.421475][    C0] R10: 0000000000000001 R11: 0000000000000006 R12: ffffed10170e8949
[  816.421487][    C0] R13: 0000000000000001 R14: ffff8880b8744a48 R15: ffff8880b863fe40
[  816.421505][    C0]  ? smp_call_function_many_cond+0x47c/0x1300
[  816.421528][    C0]  ? smp_call_function_many_cond+0x456/0x1300
[  816.421553][    C0]  ? smp_call_function_many_cond+0x456/0x1300
[  816.421576][    C0]  ? __pfx_do_sync_core+0x10/0x10
[  816.421603][    C0]  ? __pfx_do_sync_core+0x10/0x10
[  816.421624][    C0]  on_each_cpu_cond_mask+0x40/0x90
[  816.421648][    C0]  text_poke_bp_batch+0x22b/0x760
[  816.421676][    C0]  ? __pfx_text_poke_bp_batch+0x10/0x10
[  816.421697][    C0]  ? __jump_label_patch+0x1db/0x400
[  816.421724][    C0]  ? arch_jump_label_transform_queue+0xc0/0x120
[  816.421754][    C0]  text_poke_finish+0x30/0x40
[  816.421776][    C0]  arch_jump_label_transform_apply+0x1c/0x30
[  816.421800][    C0]  jump_label_update+0x1d7/0x400
[  816.421826][    C0]  static_key_enable_cpuslocked+0x1b7/0x270
[  816.421851][    C0]  static_key_enable+0x1a/0x20
[  816.421874][    C0]  toggle_allocation_gate+0xfc/0x260
[  816.421894][    C0]  ? __pfx_toggle_allocation_gate+0x10/0x10
[  816.421913][    C0]  ? trace_lock_acquire+0x14e/0x1f0
[  816.421938][    C0]  ? process_one_work+0x921/0x1ba0
[  816.421957][    C0]  ? lock_acquire+0x2f/0xb0
[  816.421974][    C0]  ? process_one_work+0x921/0x1ba0
[  816.421996][    C0]  process_one_work+0x9c5/0x1ba0
[  816.422022][    C0]  ? __pfx_nsim_dev_trap_report_work+0x10/0x10
[  816.422048][    C0]  ? __pfx_process_one_work+0x10/0x10
[  816.422066][    C0]  ? rcu_is_watching+0x12/0xc0
[  816.422094][    C0]  ? assign_work+0x1a0/0x250
[  816.422120][    C0]  worker_thread+0x6c8/0xf00
[  816.422147][    C0]  ? __kthread_parkme+0x148/0x220
[  816.422170][    C0]  ? __pfx_worker_thread+0x10/0x10
[  816.422189][    C0]  kthread+0x2c1/0x3a0
[  816.422209][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  816.422226][    C0]  ? __pfx_kthread+0x10/0x10
[  816.422249][    C0]  ret_from_fork+0x45/0x80
[  816.422264][    C0]  ? __pfx_kthread+0x10/0x10
[  816.422287][    C0]  ret_from_fork_asm+0x1a/0x30
[  816.422320][    C0]  </TASK>
[  817.501576][    C0] Shutting down cpus with NMI
[  817.501842][    C0] Kernel Offset: disabled