last executing test programs:

2m21.399447324s ago: executing program 1 (id=102):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000bc0)=@base={0xb, 0x0, 0x0, 0x2, 0x185, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x10000, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000400000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000044000500000000000000000000000000000000000000000033"], 0xfc}}, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000200)=ANY=[@ANYBLOB="ec000000210001002dbd7000fedbdf25fe880000000000000000000000000101ac1414bb0000000000000000000000004e240002000700010a0080a000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="af6b6e00010000009c0011001901010000000000000000000000000020010000000000000000000000000001ac14143e0000000000c8b10000000000ac1414bb000000000000000000000000fffcff00073500000a00020000000000000000000000020000000000ac1e01010000000000000000000000000a010102000000000000000000000000fe80000000000000000000000000002f33"], 0xec}}, 0x20000000)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
syz_open_procfs(0x0, &(0x7f0000000000)='ns\x00')
sendmsg$sock(0xffffffffffffffff, &(0x7f0000000880)={0x0, 0x0, &(0x7f00000007c0)=[{0x0}, {0x0}], 0x2}, 0x4)
syz_usb_connect(0x0, 0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005520f010402038b14201040000010902380001000000"], 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
r6 = dup(r5)
ioctl$KVM_SET_MSRS(r6, 0xc008ae88, &(0x7f00000000c0)=ANY=[@ANYBLOB="8200"])

2m17.16632625s ago: executing program 1 (id=118):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES16=0x0, @ANYBLOB="36b8c5d949c048d102000100000008000100", @ANYRES32, @ANYBLOB="c00002"], 0x5c}, 0x1, 0xf000, 0x0, 0x8c1}, 0x20040)
sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000000300)=ANY=[@ANYBLOB="180100002d000100000000000000000008"], 0x118}], 0x1, 0x0, 0x0, 0x40}, 0x0)

2m17.032110523s ago: executing program 1 (id=120):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x200, 0x0)
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_GET_NESTED_STATE(r3, 0xc080aebe, &(0x7f000000a100)={{0x0, 0x0, 0x80}})

2m16.4119425s ago: executing program 1 (id=124):
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = gettid()
wait4(r0, 0x0, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x3, r0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
landlock_restrict_self(0xffffffffffffffff, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000a80)={'#! ', './file1'}, 0xb)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
r3 = dup(r2)
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0)
migrate_pages(0xffffffffffffffff, 0x8, 0x0, 0x0)
r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r4, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r5 = syz_open_procfs(0x0, &(0x7f0000000240)='mountinfo\x00')
r6 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r6}, 0x2c, {'wfdno', 0x3d, r5}})
mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x89101a, 0x0)
listen(r3, 0x0)

2m11.737887027s ago: executing program 1 (id=140):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000200)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, 0x0, 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}]})
rmdir(&(0x7f0000000380)='./file0/../file0\x00')

2m10.698755737s ago: executing program 1 (id=143):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), r0)
sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000006040)={0x34, r1, 0x1, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_TAGLST={0x4}, @NLBL_CIPSOV4_A_DOI={0x8}, @NLBL_CIPSOV4_A_MLSLVLLST={0x4}, @NLBL_CIPSOV4_A_MLSCATLST={0x10, 0xc, 0x0, 0x1, [{0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8}]}]}]}, 0x34}}, 0x0)

2m10.225809652s ago: executing program 32 (id=143):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), r0)
sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000006040)={0x34, r1, 0x1, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_TAGLST={0x4}, @NLBL_CIPSOV4_A_DOI={0x8}, @NLBL_CIPSOV4_A_MLSLVLLST={0x4}, @NLBL_CIPSOV4_A_MLSCATLST={0x10, 0xc, 0x0, 0x1, [{0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8}]}]}]}, 0x34}}, 0x0)

57.226762628s ago: executing program 4 (id=442):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000200)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, 0x0, 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
sched_setaffinity(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}]})
rmdir(&(0x7f0000000380)='./file0/../file0\x00')

51.778219725s ago: executing program 4 (id=460):
r0 = syz_io_uring_setup(0x112, &(0x7f0000000140)={0x0, 0x24089, 0x80, 0x3, 0x184}, 0x0, 0x0)
io_uring_enter(r0, 0x47f6, 0xb277, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r1, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0xe, 0x4, 0x4, 0x9, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x7, 0x6, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000240)={r5, &(0x7f0000000140), &(0x7f0000000000)=""/6, 0x2}, 0x20)
openat$cgroup_procs(r3, 0x0, 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f00000000c0), 0x12)

50.255105417s ago: executing program 4 (id=466):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005345c0f63cdc2e82818254950ee03568b8809a1f04c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab66c1aae9314d7381fcfeb970bea672010000000000000043144648a07a975bd89dc398712376610faa54f12495b4659be8673086f6f3543205d4bc4ce05b8b961103673dff7f158052e62bfbdcddde6985f3f1ac5d9a94cc53207899762a07282a1914452d11858e795a3ca30a101af5574f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5ed44039aab46419496362e54cfad05b4004ac71a003d7b85d07191bed4e5a8908263722d4146f7ed569985439baa355cf3d8731f5e7a237bc06d035a8d601f21746d880819f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c5b9f87d988c9fbd2b9d9b4e2d71753b1549fa734f0b2e5fcf9549804cddad721971637f9c9730a9cc384eed30345979db9c93e1c52f42cad0a4d4f9436d3f39b0ed09c395dc6e970366087a8e4daeeb1b017006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f710c490ecd085d2811a7555c53030000007f00000000bfa6478eb96b079c277e2910b7ccdc3d672ed34aa65278c549e2abb549ad954884289130bc71cee2b7de62bf48129ae1af052a2d46a6165eb0954dac7265f1f425735acf6377793946b3229e861d8ea49806b3b533345d36ecef9df700000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c000000aaae37f044bcadeb0f6846582b7653665aa336db9f0384d3c7ddf79c2e0000000000000000000000000000000000000000000000e154aa0d3e41986a668ee1e5ef93a8ceac75f44aae95e26742f895f287111f8ee86f7e3ffb63cfb0e345cf7fc63dd2b0d30977899c6f03640040af4db71f7452bfc79a05118d8bb42b63b195771e42f9942ec626bd4b5461b74324012164e8"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000240)=ANY=[@ANYRES32=r1, @ANYRES32=r0, @ANYBLOB="0200000001"], 0x10)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@cgroup=r2, 0xffffffffffffffff, 0x2, 0x0, 0x300, @void, @value}, 0x10)

49.108274143s ago: executing program 4 (id=468):
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000200)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, 0x0, 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}]})
chdir(&(0x7f00000001c0)='./bus\x00')
rmdir(&(0x7f0000000380)='./file0/../file0\x00')

48.818074381s ago: executing program 4 (id=472):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$vnet(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0)
ioctl$int_in(r1, 0x40000000af01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f00000000c0)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/75, 0x0})
r3 = dup(r2)
ioctl$VHOST_NET_SET_BACKEND(r1, 0x4008af30, &(0x7f0000000000)={0x0, r3})
r4 = socket$isdn_base(0x22, 0x3, 0x0)
close_range(r0, r4, 0x0)

22.249815792s ago: executing program 4 (id=472):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$vnet(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0)
ioctl$int_in(r1, 0x40000000af01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f00000000c0)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/75, 0x0})
r3 = dup(r2)
ioctl$VHOST_NET_SET_BACKEND(r1, 0x4008af30, &(0x7f0000000000)={0x0, r3})
r4 = socket$isdn_base(0x22, 0x3, 0x0)
close_range(r0, r4, 0x0)

12.209794202s ago: executing program 2 (id=576):
unshare(0x6a040000)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000040)={0x3, &(0x7f0000000280)=[{0x20, 0x0, 0x77, 0xfffff038}, {0x20}, {0x6, 0x0, 0x0, 0xfffffffe}]}, 0x10)
r2 = epoll_create1(0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r2, &(0x7f0000000000)={0xa0000001})
bpf$BPF_PROG_DETACH(0x1c, &(0x7f0000000240)=ANY=[@ANYRES32, @ANYBLOB='/\x00\x00\x00\x00>\x00\x00\x00', @ANYRES32, @ANYBLOB="3f20ad32"], 0x20)
ppoll(&(0x7f0000000200)=[{r5, 0x1}], 0x1, 0x0, 0x0, 0x3)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
r6 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_PORT_GET(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000002c0)=ANY=[@ANYBLOB="20000000051421060000000000000000080001"], 0x20}, 0x1, 0x0, 0x0, 0x40c4}, 0x0)
sendmsg$NL80211_CMD_DEL_PMK(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[], 0x74}}, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0), 0xffffffffffffffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00'}, 0x10)
epoll_wait(r2, &(0x7f0000000040)=[{}], 0x1, 0x400)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112})
sendmmsg(r0, &(0x7f0000001c00), 0x400000000000159, 0x40840)

8.15177671s ago: executing program 2 (id=585):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000080850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x7, '\x00', 0x0, @fallback=0x1d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, @void, @value}, 0x94)
r1 = getpid()
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff})
setsockopt$TIPC_SRC_DROPPABLE(r2, 0x10f, 0x80, &(0x7f0000000280)=0x100, 0x4)
process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/43, 0x7ffff000}, {&(0x7f0000000480)=""/165, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x2aa, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x18)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, &(0x7f0000000200), &(0x7f00000002c0)=0x8)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
ioctl$TCSETS(r3, 0x5402, &(0x7f0000000000)={0x401, 0x0, 0x10000, 0xb998, 0x0, "194f2f83c2e798c3584770116cddc8819592b1"})
mlockall(0x5)
r4 = socket(0x10, 0x3, 0x0)
r5 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x20000000, 0x100, 0x0, 0x2}, &(0x7f0000000940)=<r6=>0x0, &(0x7f0000000280)=<r7=>0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0xa, 0x0, 0xffffffffffffffff, 0x0, 0x0})
io_uring_enter(r5, 0x47f9, 0x0, 0x0, 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000380)={{0x1, 0x1, 0x18, r4, {0x3}}, './file0\x00'})
clock_nanosleep(0x2, 0x37dc12502000000, &(0x7f00000000c0)={0x0, 0x989680}, 0x0)

7.373328064s ago: executing program 5 (id=587):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
socket$inet6(0xa, 0x1, 0x6)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000040), 0x4)
sendto$inet6(r0, 0x0, 0x0, 0xc0c0, 0x0, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x15)
sendmsg$DEVLINK_CMD_SB_PORT_POOL_SET(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="04010000100053"], 0x104}}, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000000)={0x30, r2, 0x10ada85e65c25349, 0x3, 0x0, {{0x67}, {@val={0x8}, @val={0xc}}}, [@NL80211_ATTR_TID_CONFIG={0x8, 0x117, 0x0, 0x1, [{0x4}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000340)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000700)=ANY=[@ANYBLOB="01002bbd7000fedb0008002201220100060800a00006000000080022017d02000005001901070000000800000001000000050019010700000008002201c7010000c605a5dba9b8e9d57f32c1d08c73c7aa1c859cec753a5522b037db23933bcaacb1e5dba0b45032f018c01d49e56a0a2597ed000000000000000000"], 0x54}, 0x1, 0x0, 0x0, 0x840}, 0x4010)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000001400000018"], 0x44}}, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
ioctl$FS_IOC_GETFSLABEL(r5, 0x400452c8, &(0x7f0000000100))
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x400452c9, &(0x7f0000000100))

7.26492278s ago: executing program 0 (id=589):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
socket$inet6(0xa, 0x1, 0x6)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000040), 0x4)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000001680)=@gcm_128={{0x304}, "d9fbafe132b41400", "e7b2d5f8c45903e9196bc4794cfd3f58", "55840a40", "8b6810680b5e6bf3"}, 0x28)
sendto$inet6(r0, 0x0, 0x0, 0xc0c0, 0x0, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x15)
sendmsg$DEVLINK_CMD_SB_PORT_POOL_SET(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="04010000100053"], 0x104}}, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000000)={0x30, r2, 0x10ada85e65c25349, 0x3, 0x0, {{0x67}, {@val={0x8}, @val={0xc}}}, [@NL80211_ATTR_TID_CONFIG={0x8, 0x117, 0x0, 0x1, [{0x4}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x10}, 0x0)

7.176671982s ago: executing program 2 (id=590):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6)
getpeername$inet(0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000280)=0x10)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r1, 0x400448cb, 0x0)
r2 = socket(0x1e, 0x805, 0x0)
setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f00000000c0)=@req3={0x80000000}, 0x1c)
sendmsg$tipc(r2, &(0x7f0000000640)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)=@newsa={0x144, 0x10, 0x633, 0x0, 0x25dfdbfc, {{@in6=@private2={0xfc, 0x2, '\x00', 0x1}, @in=@broadcast, 0x0, 0x4000, 0x0, 0x8004, 0x0, 0x20}, {@in=@dev={0xac, 0x14, 0x14, 0x3f}, 0x0, 0x32}, @in=@private=0xa010102, {0x327, 0x5, 0x7fff, 0x4, 0xfff, 0x0, 0x8}, {}, {0x8f, 0x80000000, 0x8}, 0x70bd29, 0x0, 0xa, 0x1, 0x0, 0x21}, [@policy_type={0xa}, @algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x144}, 0x1, 0x0, 0x0, 0x8000}, 0x40840)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000340)={0x1f, 0xffff, 0x3}, 0x6)
write(r3, &(0x7f0000000040)="05000000010000", 0x7)

7.047183238s ago: executing program 5 (id=591):
unshare(0x6a040000)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000040)={0x3, &(0x7f0000000280)=[{0x20, 0x0, 0x77, 0xfffff038}, {0x20}, {0x6, 0x0, 0x0, 0xfffffffe}]}, 0x10)
r2 = epoll_create1(0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r4, &(0x7f0000000100)={0x20000014})
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r2, &(0x7f0000000000)={0xa0000001})
bpf$BPF_PROG_DETACH(0x1c, &(0x7f0000000240)=ANY=[@ANYRES32, @ANYBLOB='/\x00\x00\x00\x00>\x00\x00\x00', @ANYRES32, @ANYBLOB="3f20ad32"], 0x20)
ppoll(&(0x7f0000000200)=[{0xffffffffffffffff, 0x1}], 0x1, 0x0, 0x0, 0x3)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
r5 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_PORT_GET(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000002c0)=ANY=[@ANYBLOB="20000000051421060000000000000000080001"], 0x20}, 0x1, 0x0, 0x0, 0x40c4}, 0x0)
sendmsg$NL80211_CMD_DEL_PMK(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[], 0x74}}, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0), 0xffffffffffffffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00'}, 0x10)
epoll_wait(r2, &(0x7f0000000040)=[{}], 0x1, 0x400)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112})
sendmmsg(r0, &(0x7f0000001c00), 0x400000000000159, 0x40840)

6.90225242s ago: executing program 2 (id=593):
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
setsockopt$XDP_UMEM_FILL_RING(0xffffffffffffffff, 0x11b, 0x5, &(0x7f0000000080)=0x1000800, 0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x100008b}, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0x2)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0xd)
syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x600, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8)
process_vm_readv(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
timerfd_create(0x0, 0x0)
timerfd_create(0x0, 0x0)
clock_adjtime(0x0, &(0x7f0000000000)={0x3fd, 0x6, 0x24, 0x1c0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x5, 0x3, 0x0, 0x0, 0xd, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000000004, 0x0, 0x3})

6.635912669s ago: executing program 0 (id=594):
unshare(0x6a040000)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000040)={0x3, &(0x7f0000000280)=[{0x20, 0x0, 0x77, 0xfffff038}, {0x20}, {0x6, 0x0, 0x0, 0xfffffffe}]}, 0x10)
r2 = epoll_create1(0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r2, &(0x7f0000000000)={0xa0000001})
bpf$BPF_PROG_DETACH(0x1c, &(0x7f0000000240)=ANY=[@ANYRES32, @ANYBLOB='/\x00\x00\x00\x00>\x00\x00\x00', @ANYRES32, @ANYBLOB="3f20ad32"], 0x20)
ppoll(&(0x7f0000000200)=[{r5, 0x1}], 0x1, 0x0, 0x0, 0x3)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
r6 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_PORT_GET(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000002c0)=ANY=[@ANYBLOB="20000000051421060000000000000000080001"], 0x20}, 0x1, 0x0, 0x0, 0x40c4}, 0x0)
sendmsg$NL80211_CMD_DEL_PMK(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[], 0x74}}, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0), 0xffffffffffffffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00'}, 0x10)
epoll_wait(r2, &(0x7f0000000040)=[{}], 0x1, 0x400)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112})
sendmmsg(r0, &(0x7f0000001c00), 0x400000000000159, 0x40840)

4.666642217s ago: executing program 2 (id=596):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r1 = fcntl$dupfd(r0, 0x0, r0)
write$sndseq(r1, &(0x7f0000000200)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}], 0x1c)
ioctl$SG_GET_NUM_WAITING(r1, 0x227d, &(0x7f0000000080))
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x1000000, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file0/file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}], [{@func={'func', 0x3d, 'POLICY_CHECK'}}]})
r2 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
mknodat$loop(r2, &(0x7f0000001600)='./file1\x00', 0x0, 0x0)
chdir(&(0x7f00000003c0)='./bus\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x10, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000200)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r6}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r7}, 0x10)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x1b, &(0x7f0000000080)={0x1, &(0x7f0000000000)=[{0x6}]})

3.861498781s ago: executing program 5 (id=598):
r0 = syz_io_uring_setup(0x112, &(0x7f0000000140)={0x0, 0x24089, 0x80, 0x3, 0x184}, 0x0, 0x0)
io_uring_enter(r0, 0x47f6, 0xb277, 0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r1, 0x1)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0xe, 0x4, 0x4, 0x9, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x7, 0x6, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000240)={r5, &(0x7f0000000140), &(0x7f0000000000)=""/6, 0x2}, 0x20)
openat$cgroup_procs(r3, 0x0, 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f00000000c0), 0x12)

2.873728717s ago: executing program 5 (id=599):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$IPVS_CMD_GET_DAEMON(r0, 0x0, 0x0)

2.85551802s ago: executing program 3 (id=600):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000080850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x7, '\x00', 0x0, @fallback=0x1d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, @void, @value}, 0x94)
r1 = getpid()
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff})
setsockopt$TIPC_SRC_DROPPABLE(r2, 0x10f, 0x80, &(0x7f0000000280)=0x100, 0x4)
process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/43, 0x7ffff000}, {&(0x7f0000000480)=""/165, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x2aa, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x18)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, &(0x7f0000000200), &(0x7f00000002c0)=0x8)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
ioctl$TCSETS(r3, 0x5402, &(0x7f0000000000)={0x401, 0x0, 0x10000, 0xb998, 0x0, "194f2f83c2e798c3584770116cddc8819592b1"})
mlockall(0x5)
r4 = socket(0x10, 0x3, 0x0)
r5 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x20000000, 0x100, 0x0, 0x2}, &(0x7f0000000940)=<r6=>0x0, &(0x7f0000000280)=<r7=>0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0xa, 0x0, 0xffffffffffffffff, 0x0, 0x0})
io_uring_enter(r5, 0x47f9, 0x0, 0x0, 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000380)={{0x1, 0x1, 0x18, r4, {0x3}}, './file0\x00'})
clock_nanosleep(0x2, 0x37dc12502000000, &(0x7f00000000c0)={0x0, 0x989680}, 0x0)

2.745324634s ago: executing program 0 (id=601):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r1 = fcntl$dupfd(r0, 0x0, r0)
write$sndseq(r1, &(0x7f0000000200)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}], 0x1c)
ioctl$SG_GET_NUM_WAITING(r1, 0x227d, &(0x7f0000000080))
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x1000000, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file0/file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}], [{@func={'func', 0x3d, 'POLICY_CHECK'}}]})
r2 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
mknodat$loop(r2, &(0x7f0000001600)='./file1\x00', 0x0, 0x0)
chdir(&(0x7f00000003c0)='./bus\x00')
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x10, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000200)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r6}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r7}, 0x10)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x1b, &(0x7f0000000080)={0x1, &(0x7f0000000000)=[{0x6}]})

2.743103045s ago: executing program 5 (id=602):
socket$inet_sctp(0x2, 0x5, 0x84)
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x1, 0xe, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$packet(0x11, 0x2, 0x300)
syz_usb_connect$uac1(0x0, 0xa4, &(0x7f0000001200)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2405000005000000000000000c240000e9fffff5ffffffff092403f3", @ANYRES8, @ANYRES64=r0], 0x0)

2.097515698s ago: executing program 3 (id=603):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6)
getpeername$inet(0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000280)=0x10)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r1, 0x400448cb, 0x0)
r2 = socket(0x1e, 0x805, 0x0)
setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f00000000c0)=@req3={0x80000000}, 0x1c)
sendmsg$tipc(r2, &(0x7f0000000640)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)=@newsa={0x144, 0x10, 0x633, 0x0, 0x25dfdbfc, {{@in6=@private2={0xfc, 0x2, '\x00', 0x1}, @in=@broadcast, 0x0, 0x4000, 0x0, 0x8004, 0x0, 0x20}, {@in=@dev={0xac, 0x14, 0x14, 0x3f}, 0x0, 0x32}, @in=@private=0xa010102, {0x327, 0x5, 0x7fff, 0x4, 0xfff, 0x0, 0x8}, {}, {0x8f, 0x80000000, 0x8}, 0x70bd29, 0x0, 0xa, 0x1, 0x0, 0x21}, [@policy_type={0xa}, @algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x144}, 0x1, 0x0, 0x0, 0x8000}, 0x40840)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000340)={0x1f, 0xffff, 0x3}, 0x6)
write(r3, &(0x7f0000000040)="05000000010000", 0x7)

1.802795049s ago: executing program 3 (id=604):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000000)={0x30, r0, 0x10ada85e65c25349, 0x3, 0x0, {{0x67}, {@val={0x8}, @val={0xc}}}, [@NL80211_ATTR_TID_CONFIG={0x8, 0x117, 0x0, 0x1, [{0x4}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x10}, 0x0)

1.433156683s ago: executing program 3 (id=605):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
socket$inet6(0xa, 0x1, 0x6)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000040), 0x4)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000001680)=@gcm_128={{0x304}, "d9fbafe132b41400", "e7b2d5f8c45903e9196bc4794cfd3f58", "55840a40", "8b6810680b5e6bf3"}, 0x28)
sendto$inet6(r0, 0x0, 0x0, 0xc0c0, 0x0, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x15)
sendmsg$DEVLINK_CMD_SB_PORT_POOL_SET(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="04010000100053"], 0x104}}, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000000)={0x30, r2, 0x10ada85e65c25349, 0x3, 0x0, {{0x67}, {@val={0x8}, @val={0xc}}}, [@NL80211_ATTR_TID_CONFIG={0x8, 0x117, 0x0, 0x1, [{0x4}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x10}, 0x0)

1.202517744s ago: executing program 2 (id=606):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6)
getpeername$inet(0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000280)=0x10)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r1, 0x400448cb, 0x0)
r2 = socket(0x1e, 0x805, 0x0)
setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f00000000c0)=@req3={0x80000000}, 0x1c)
sendmsg$tipc(r2, 0x0, 0x0)
sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)=@newsa={0x144, 0x10, 0x633, 0x0, 0x25dfdbfc, {{@in6=@private2={0xfc, 0x2, '\x00', 0x1}, @in=@broadcast, 0x0, 0x4000, 0x0, 0x8004, 0x0, 0x20}, {@in=@dev={0xac, 0x14, 0x14, 0x3f}, 0x0, 0x32}, @in=@private=0xa010102, {0x327, 0x5, 0x7fff, 0x4, 0xfff, 0x0, 0x8}, {}, {0x8f, 0x80000000, 0x8}, 0x70bd29, 0x0, 0xa, 0x1, 0x0, 0x21}, [@policy_type={0xa}, @algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x144}, 0x1, 0x0, 0x0, 0x8000}, 0x40840)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000340)={0x1f, 0xffff, 0x3}, 0x6)
write(r3, &(0x7f0000000040)="05000000010000", 0x7)

1.153254707s ago: executing program 0 (id=607):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/43, 0x7ffff000}, {&(0x7f0000000480)=""/165, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x2aa, 0x0)
r1 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x20, 0x12, 0xa01, 0x0, 0x0, {0x80}}, 0x26}}, 0x0)

1.049736593s ago: executing program 3 (id=608):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6004, 0x1)
mount(0x0, 0x0, &(0x7f0000000140)='f2fs\x00', 0x0, 0x0)
r1 = syz_open_dev$usbfs(&(0x7f0000000000), 0x1ff, 0x2)
r2 = dup(r1)
ioctl$USBDEVFS_CONTROL(r2, 0xc0185500, &(0x7f0000000240)={0x80, 0x6, 0x300, 0x0, 0x0, 0x0, 0x0})
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000000200)={{0x1, 0x1, 0x18, <r3=>0xffffffffffffffff}, './file0\x00'})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r4 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc)=<r5=>0x0)
timer_settime(r5, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
r6 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
readv(r6, &(0x7f0000000500)=[{&(0x7f0000000480)=""/36, 0x24}], 0x1)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000300)=0x6)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r10 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r10, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r11=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r8, &(0x7f0000000e40)={0x0, 0x0, &(0x7f0000000e80)={&(0x7f0000000380)=ANY=[@ANYBLOB="28000000c242b29261bbe4471dcf6bc80937ac40a0095520d8b0f89c9b3f35d529381873bd04c654b66d21255a928020fb40d32b05b887c214fdb4148e0575213252656193ceb35f14d1177136e2182e72126c0545800e8d2252b30fcab6e28d8731f960930bbcc22233c4916c5558dbd68f3ac7", @ANYRES16=r9, @ANYBLOB="01002abd7000fddbdf254400000008000300", @ANYRES32=r11, @ANYBLOB="0c0023800600040084000000"], 0x28}, 0x1, 0x0, 0x0, 0x4048054}, 0x8800)
sendmsg$NL80211_CMD_START_AP(r3, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000440)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="000226bd7000fcdbdf250f00ff07000000000000000000000000040016010500a2000300000056874c28e41836b261c94485b7a92cf75b102331a6e964154e78dce8bac4c2e72663a941340c7c02cc63e7dba02edbeafadba6e3c0d1f06ce45e67a7dea282ab3bf5b5a01a912637dc98033f897c3037f78c2d79bb562c3b7b7da7218de5d714e39cd77598c4a2c65eaa2e29"], 0x2c}, 0x1, 0x0, 0x0, 0x14}, 0x4000)
write$proc_mixer(0xffffffffffffffff, 0x0, 0x178)
openat$userio(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

966.393514ms ago: executing program 5 (id=609):
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6)
getpeername$inet(0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000280)=0x10)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r0, 0x400448cb, 0x0)
r1 = socket(0x1e, 0x805, 0x0)
setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000000c0)=@req3={0x80000000}, 0x1c)
sendmsg$tipc(r1, &(0x7f0000000640)={&(0x7f0000000300)=@nameseq={0x1e, 0x3}, 0x28, 0x0}, 0x0)
sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)=@newsa={0x144, 0x10, 0x633, 0x0, 0x25dfdbfc, {{@in6=@private2={0xfc, 0x2, '\x00', 0x1}, @in=@broadcast, 0x0, 0x4000, 0x0, 0x8004, 0x0, 0x20}, {@in=@dev={0xac, 0x14, 0x14, 0x3f}, 0x0, 0x32}, @in=@private=0xa010102, {0x327, 0x5, 0x7fff, 0x4, 0xfff, 0x0, 0x8}, {}, {0x8f, 0x80000000, 0x8}, 0x70bd29, 0x0, 0xa, 0x1, 0x0, 0x21}, [@policy_type={0xa}, @algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x144}, 0x1, 0x0, 0x0, 0x8000}, 0x40840)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000340)={0x1f, 0xffff, 0x3}, 0x6)
write(0xffffffffffffffff, &(0x7f0000000040)="05000000010000", 0x7)

382.110787ms ago: executing program 0 (id=610):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000000)={0x0, r0}, 0x8)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000040)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000002c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r2}, 0x10)
r3 = socket$pppl2tp(0x18, 0x1, 0x1)
ioperm(0x0, 0xab49, 0x7)
setfsgid(0x0)
ioctl$SIOCSIFMTU(r3, 0x8922, &(0x7f0000000180)={'team0\x00', 0x44})
syz_open_dev$tty20(0xc, 0x4, 0x0)
r4 = openat$cgroup_subtree(0xffffffffffffffff, 0x0, 0x2, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
dup(0xffffffffffffffff)
write$cgroup_subtree(r4, 0x0, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
syz_open_procfs(0x0, &(0x7f0000000200)='fd/3\x00')
io_submit(0x0, 0x0, 0x0)
sendmsg$nl_route(r5, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000881}, 0x0)
socket(0x22, 0x2, 0x1)
r6 = gettid()
timer_create(0x7, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r6}, &(0x7f0000000100))
timer_settime(0x0, 0x0, 0x0, 0x0)

14.864758ms ago: executing program 0 (id=611):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6004, 0x1)
mount(0x0, 0x0, &(0x7f0000000140)='f2fs\x00', 0x0, 0x0)
r1 = syz_open_dev$usbfs(&(0x7f0000000000), 0x1ff, 0x2)
r2 = dup(r1)
ioctl$USBDEVFS_CONTROL(r2, 0xc0185500, &(0x7f0000000240)={0x80, 0x6, 0x300, 0x0, 0x0, 0x0, 0x0})
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000000200)={{0x1, 0x1, 0x18, <r3=>0xffffffffffffffff}, './file0\x00'})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r4 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc)=<r5=>0x0)
timer_settime(r5, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
r6 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
readv(r6, &(0x7f0000000500)=[{&(0x7f0000000480)=""/36, 0x24}], 0x1)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000300)=0x6)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r10 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r10, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r11=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r8, &(0x7f0000000e40)={0x0, 0x0, &(0x7f0000000e80)={&(0x7f0000000380)=ANY=[@ANYBLOB="28000000c242b29261bbe4471dcf6bc80937ac40a0095520d8b0f89c9b3f35d529381873bd04c654b66d21255a928020fb40d32b05b887c214fdb4148e0575213252656193ceb35f14d1177136e2182e72126c0545800e8d2252b30fcab6e28d8731f960930bbcc22233c4916c5558dbd68f3ac7", @ANYRES16=r9, @ANYBLOB="01002abd7000fddbdf254400000008000300", @ANYRES32=r11, @ANYBLOB="0c0023800600040084000000"], 0x28}, 0x1, 0x0, 0x0, 0x4048054}, 0x8800)
sendmsg$NL80211_CMD_START_AP(r3, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000440)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="000226bd7000fcdbdf250f00ff07000000000000000000000000040016010500a2000300000056874c28e41836b261c94485b7a92cf75b102331a6e964154e78dce8bac4c2e72663a941340c7c02cc63e7dba02edbeafadba6e3c0d1f06ce45e67a7dea282ab3bf5b5a01a912637dc98033f897c3037f78c2d79bb562c3b7b7da7218de5d714e39cd77598c4a2c65eaa2e29"], 0x2c}, 0x1, 0x0, 0x0, 0x14}, 0x4000)
write$proc_mixer(0xffffffffffffffff, 0x0, 0x178)
openat$userio(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_open_procfs$pagemap(0x0, &(0x7f0000000240))

0s ago: executing program 3 (id=612):
socket$nl_generic(0x10, 0x3, 0x10)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
r0 = gettid()
timer_create(0xb, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r1 = syz_open_dev$cec(&(0x7f0000000100), 0x0, 0x80)
ioctl$CEC_RECEIVE(r1, 0xc0386106, &(0x7f0000000000)={0x0, 0x1, 0xffffffc, 0x8000000, 0xffffffff, 0x9, "26000000000000000000000000000019", 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x7})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
migrate_pages(r2, 0x5, &(0x7f0000000040)=0x9, &(0x7f0000000080)=0x272)

kernel console output (not intermixed with test programs):

process `syz.4.69'.
[   76.107730][   T25] cfg80211: failed to load regulatory.db
[   76.123758][ T6191] warning: `syz.2.72' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   76.464967][ T6208] netlink: 16 bytes leftover after parsing attributes in process `syz.0.77'.
[   77.211221][ T5832] Bluetooth: hci0: command 0x0401 tx timeout
[   78.099018][   T29] kauditd_printk_skb: 37 callbacks suppressed
[   78.099033][   T29] audit: type=1400 audit(1739261617.396:279): avc:  denied  { mount } for  pid=6235 comm="syz.3.82" name="/" dev="autofs" ino=9291 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1
[   78.127176][    C0] vkms_vblank_simulate: vblank timer overrun
[   78.184542][   T25] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[   78.221196][   T29] audit: type=1400 audit(1739261617.526:280): avc:  denied  { unmount } for  pid=5820 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1
[   78.242459][ T6233] FAULT_INJECTION: forcing a failure.
[   78.242459][ T6233] name failslab, interval 1, probability 0, space 0, times 0
[   78.257197][ T6233] CPU: 1 UID: 0 PID: 6233 Comm: syz.2.80 Not tainted 6.14.0-rc2-syzkaller-00034-gfebbc555cf0f #0
[   78.257218][ T6233] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   78.257226][ T6233] Call Trace:
[   78.257231][ T6233]  <TASK>
[   78.257237][ T6233]  dump_stack_lvl+0x16c/0x1f0
[   78.257258][ T6233]  should_fail_ex+0x50a/0x650
[   78.257279][ T6233]  ? fs_reclaim_acquire+0xae/0x150
[   78.257302][ T6233]  ? alloc_pipe_info+0x10e/0x590
[   78.257317][ T6233]  should_failslab+0xc2/0x120
[   78.257334][ T6233]  __kmalloc_cache_noprof+0x68/0x410
[   78.257366][ T6233]  alloc_pipe_info+0x10e/0x590
[   78.257384][ T6233]  splice_direct_to_actor+0x793/0xa40
[   78.257406][ T6233]  ? get_pid_task+0xfc/0x250
[   78.257422][ T6233]  ? __pfx_direct_splice_actor+0x10/0x10
[   78.257447][ T6233]  ? __pfx_splice_direct_to_actor+0x10/0x10
[   78.257470][ T6233]  ? __pfx___might_resched+0x10/0x10
[   78.257495][ T6233]  do_splice_direct+0x178/0x250
[   78.257515][ T6233]  ? __pfx_do_splice_direct+0x10/0x10
[   78.257536][ T6233]  ? __pfx_direct_file_splice_eof+0x10/0x10
[   78.257558][ T6233]  ? bpf_lsm_file_permission+0x9/0x10
[   78.257573][ T6233]  ? security_file_permission+0x71/0x210
[   78.257595][ T6233]  ? rw_verify_area+0xcf/0x680
[   78.257616][ T6233]  do_sendfile+0xafb/0xe40
[   78.257640][ T6233]  ? __pfx_do_sendfile+0x10/0x10
[   78.257661][ T6233]  ? __fget_files+0x206/0x3a0
[   78.257681][ T6233]  __x64_sys_sendfile64+0x1da/0x220
[   78.257696][ T6233]  ? ksys_write+0x1ba/0x250
[   78.257718][ T6233]  ? __pfx___x64_sys_sendfile64+0x10/0x10
[   78.257740][ T6233]  do_syscall_64+0xcd/0x250
[   78.257758][ T6233]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   78.257778][ T6233] RIP: 0033:0x7f777198cde9
[   78.257790][ T6233] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   78.257803][ T6233] RSP: 002b:00007f777284a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[   78.257817][ T6233] RAX: ffffffffffffffda RBX: 00007f7771ba5fa0 RCX: 00007f777198cde9
[   78.257827][ T6233] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004
[   78.257835][ T6233] RBP: 00007f777284a090 R08: 0000000000000000 R09: 0000000000000000
[   78.257843][ T6233] R10: 0000000000080009 R11: 0000000000000246 R12: 0000000000000001
[   78.257851][ T6233] R13: 0000000000000000 R14: 00007f7771ba5fa0 R15: 00007ffed5461d78
[   78.257870][ T6233]  </TASK>
[   78.518440][   T29] audit: type=1400 audit(1739261617.556:281): avc:  denied  { create } for  pid=6232 comm="syz.0.81" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[   78.537786][   T29] audit: type=1400 audit(1739261617.556:282): avc:  denied  { read } for  pid=6232 comm="syz.0.81" path="socket:[9295]" dev="sockfs" ino=9295 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[   78.748962][   T25] usb 2-1: Using ep0 maxpacket: 16
[   78.755287][   T25] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   78.766522][   T25] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[   78.791995][   T25] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[   78.828884][   T25] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[   78.837216][   T25] usb 2-1: Manufacturer: syz
[   78.920906][   T25] usb 2-1: config 0 descriptor??
[   78.956348][ T6243] FAULT_INJECTION: forcing a failure.
[   78.956348][ T6243] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   78.971230][ T6243] CPU: 0 UID: 0 PID: 6243 Comm: syz.3.83 Not tainted 6.14.0-rc2-syzkaller-00034-gfebbc555cf0f #0
[   78.971251][ T6243] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   78.971260][ T6243] Call Trace:
[   78.971264][ T6243]  <TASK>
[   78.971270][ T6243]  dump_stack_lvl+0x16c/0x1f0
[   78.971300][ T6243]  should_fail_ex+0x50a/0x650
[   78.971325][ T6243]  _copy_to_user+0x32/0xd0
[   78.971342][ T6243]  simple_read_from_buffer+0xd0/0x160
[   78.971368][ T6243]  proc_fail_nth_read+0x198/0x270
[   78.971390][ T6243]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   78.971413][ T6243]  ? rw_verify_area+0xcf/0x680
[   78.971436][ T6243]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   78.971456][ T6243]  vfs_read+0x1df/0xbf0
[   78.971481][ T6243]  ? __fget_files+0x1fc/0x3a0
[   78.971496][ T6243]  ? __pfx___mutex_lock+0x10/0x10
[   78.971515][ T6243]  ? __pfx_vfs_read+0x10/0x10
[   78.971543][ T6243]  ? __fget_files+0x206/0x3a0
[   78.971566][ T6243]  ksys_read+0x12b/0x250
[   78.971588][ T6243]  ? __pfx_ksys_read+0x10/0x10
[   78.971618][ T6243]  do_syscall_64+0xcd/0x250
[   78.971638][ T6243]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   78.971661][ T6243] RIP: 0033:0x7f933a98b7fc
[   78.971674][ T6243] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   78.971689][ T6243] RSP: 002b:00007f933b84b030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   78.971704][ T6243] RAX: ffffffffffffffda RBX: 00007f933aba6160 RCX: 00007f933a98b7fc
[   78.971714][ T6243] RDX: 000000000000000f RSI: 00007f933b84b0a0 RDI: 0000000000000005
[   78.971723][ T6243] RBP: 00007f933b84b090 R08: 0000000000000000 R09: 0000000000000000
[   78.971732][ T6243] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   78.971740][ T6243] R13: 0000000000000001 R14: 00007f933aba6160 R15: 00007ffe43f8bf78
[   78.971761][ T6243]  </TASK>
[   79.531403][ T6247] overlayfs: failed to resolve './file0/file0': -2
[   79.556354][ T6253] loop7: detected capacity change from 0 to 16384
[   79.773579][ T5865] usb 2-1: USB disconnect, device number 3
[   79.838361][   T29] audit: type=1326 audit(1739261619.136:283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6246 comm="syz.0.84" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd268f8cde9 code=0x0
[   79.888874][   T29] audit: type=1326 audit(1739261619.186:284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6246 comm="syz.0.84" exe="/root/syz-executor" sig=31 arch=c000003e syscall=230 compat=0 ip=0x7fd268fbf6a5 code=0x0
[   80.030911][ T6255] loop7: detected capacity change from 16384 to 16383
[   80.477843][ T6277] syz.2.89: attempt to access beyond end of device
[   80.477843][ T6277] loop2: rw=0, sector=0, nr_sectors = 1 limit=0
[   80.497597][ T6277] FAT-fs (loop2): unable to read boot sector
[   80.558738][   T29] audit: type=1400 audit(1739261619.286:285): avc:  denied  { create } for  pid=6244 comm="syz.4.86" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[   80.630259][   T29] audit: type=1400 audit(1739261619.286:286): avc:  denied  { setopt } for  pid=6244 comm="syz.4.86" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[   81.058916][   T29] audit: type=1400 audit(1739261619.776:287): avc:  denied  { connect } for  pid=6276 comm="syz.2.89" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[   81.290692][ T6300] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(4)
[   81.297345][ T6300] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[   81.368581][   T29] audit: type=1400 audit(1739261620.646:288): avc:  denied  { ioctl } for  pid=6304 comm="syz.1.95" path="socket:[9361]" dev="sockfs" ino=9361 ioctlcmd=0x891b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[   81.371663][ T6300] vhci_hcd vhci_hcd.0: Device attached
[   81.428880][ T6301] vhci_hcd: connection closed
[   81.430906][   T35] vhci_hcd: stop threads
[   81.440154][   T35] vhci_hcd: release socket
[   81.444569][   T35] vhci_hcd: disconnect device
[   81.541722][ T6308] FAULT_INJECTION: forcing a failure.
[   81.541722][ T6308] name failslab, interval 1, probability 0, space 0, times 0
[   81.678651][ T6308] CPU: 1 UID: 0 PID: 6308 Comm: syz.1.96 Not tainted 6.14.0-rc2-syzkaller-00034-gfebbc555cf0f #0
[   81.678678][ T6308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   81.678687][ T6308] Call Trace:
[   81.678692][ T6308]  <TASK>
[   81.678698][ T6308]  dump_stack_lvl+0x16c/0x1f0
[   81.678722][ T6308]  should_fail_ex+0x50a/0x650
[   81.678745][ T6308]  ? fs_reclaim_acquire+0xae/0x150
[   81.678770][ T6308]  ? alloc_pipe_info+0x10e/0x590
[   81.678786][ T6308]  should_failslab+0xc2/0x120
[   81.678806][ T6308]  __kmalloc_cache_noprof+0x68/0x410
[   81.678835][ T6308]  alloc_pipe_info+0x10e/0x590
[   81.678854][ T6308]  splice_direct_to_actor+0x793/0xa40
[   81.678878][ T6308]  ? __pfx_direct_splice_actor+0x10/0x10
[   81.678906][ T6308]  ? __pfx_splice_direct_to_actor+0x10/0x10
[   81.678930][ T6308]  ? irqentry_exit+0x3b/0x90
[   81.678946][ T6308]  ? lockdep_hardirqs_on+0x7c/0x110
[   81.678966][ T6308]  do_splice_direct+0x178/0x250
[   81.678988][ T6308]  ? __pfx_do_splice_direct+0x10/0x10
[   81.679011][ T6308]  ? __pfx_direct_file_splice_eof+0x10/0x10
[   81.679035][ T6308]  ? security_file_permission+0x71/0x210
[   81.679060][ T6308]  ? rw_verify_area+0xcf/0x680
[   81.679085][ T6308]  do_sendfile+0xafb/0xe40
[   81.679112][ T6308]  ? __pfx_do_sendfile+0x10/0x10
[   81.679136][ T6308]  ? __fget_files+0x206/0x3a0
[   81.679157][ T6308]  __x64_sys_sendfile64+0x1da/0x220
[   81.679174][ T6308]  ? ksys_write+0x1ba/0x250
[   81.679198][ T6308]  ? __pfx___x64_sys_sendfile64+0x10/0x10
[   81.679231][ T6308]  do_syscall_64+0xcd/0x250
[   81.679250][ T6308]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   81.679272][ T6308] RIP: 0033:0x7f8f15f8cde9
[   81.679286][ T6308] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   81.679301][ T6308] RSP: 002b:00007f8f16dea038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[   81.679317][ T6308] RAX: ffffffffffffffda RBX: 00007f8f161a6080 RCX: 00007f8f15f8cde9
[   81.679327][ T6308] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004
[   81.679336][ T6308] RBP: 00007f8f16dea090 R08: 0000000000000000 R09: 0000000000000000
[   81.679345][ T6308] R10: 0000000000080009 R11: 0000000000000246 R12: 0000000000000001
[   81.679354][ T6308] R13: 0000000000000000 R14: 00007f8f161a6080 R15: 00007fff8f2430a8
[   81.679375][ T6308]  </TASK>
[   82.263620][ T6316] hpfs: Bad magic ... probably not HPFS
[   82.496443][ T6322] netlink: 8 bytes leftover after parsing attributes in process `syz.1.97'.
[   83.611770][ T6342] netlink: 260 bytes leftover after parsing attributes in process `syz.2.106'.
[   83.648685][ T6345] FAULT_INJECTION: forcing a failure.
[   83.648685][ T6345] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   83.776382][ T6345] CPU: 0 UID: 0 PID: 6345 Comm: syz.0.107 Not tainted 6.14.0-rc2-syzkaller-00034-gfebbc555cf0f #0
[   83.776406][ T6345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   83.776415][ T6345] Call Trace:
[   83.776420][ T6345]  <TASK>
[   83.776427][ T6345]  dump_stack_lvl+0x16c/0x1f0
[   83.776449][ T6345]  should_fail_ex+0x50a/0x650
[   83.776477][ T6345]  copy_fpstate_to_sigframe+0x894/0xb20
[   83.776503][ T6345]  ? __pfx_copy_fpstate_to_sigframe+0x10/0x10
[   83.776522][ T6345]  ? __pfx___schedule+0x10/0x10
[   83.776561][ T6345]  get_sigframe+0x4aa/0x9c0
[   83.776582][ T6345]  ? __pfx_get_sigframe+0x10/0x10
[   83.776598][ T6345]  ? preempt_schedule_thunk+0x1a/0x30
[   83.776622][ T6345]  ? siginfo_layout+0x177/0x290
[   83.776649][ T6345]  x64_setup_rt_frame+0x129/0xcf0
[   83.776672][ T6345]  ? __pfx_x64_setup_rt_frame+0x10/0x10
[   83.776688][ T6345]  ? __pfx_vfs_read+0x10/0x10
[   83.776714][ T6345]  ? __fget_files+0x40/0x3a0
[   83.776732][ T6345]  arch_do_signal_or_restart+0x5e6/0x7e0
[   83.776751][ T6345]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[   83.776774][ T6345]  ? ksys_read+0x1ba/0x250
[   83.776798][ T6345]  ? __pfx_ksys_read+0x10/0x10
[   83.776826][ T6345]  syscall_exit_to_user_mode+0x150/0x2a0
[   83.776844][ T6345]  do_syscall_64+0xda/0x250
[   83.776863][ T6345]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   83.776884][ T6345] RIP: 0033:0x7fd268f8cde7
[   83.776897][ T6345] Code: ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89
[   83.776910][ T6345] RSP: 002b:00007fd269dbb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   83.776926][ T6345] RAX: 0000000000000000 RBX: 00007fd2691a5fa0 RCX: 00007fd268f8cde9
[   83.776936][ T6345] RDX: 0000000000000008 RSI: 0000400000000040 RDI: 0000000000000003
[   83.776945][ T6345] RBP: 00007fd269dbb090 R08: 0000000000000000 R09: 0000000000000000
[   83.776954][ T6345] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   83.776963][ T6345] R13: 0000000000000000 R14: 00007fd2691a5fa0 R15: 00007fffbdcb60a8
[   83.776983][ T6345]  </TASK>
[   83.782705][ T5896] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[   84.189013][ T5896] usb 2-1: Using ep0 maxpacket: 16
[   84.321301][ T5896] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   84.338989][ T5896] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[   84.361334][ T5896] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[   84.421968][ T6352] overlayfs: failed to resolve './file1': -2
[   84.999679][ T5896] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[   85.255828][ T5896] usb 2-1: Manufacturer: syz
[   85.287498][ T5896] usb 2-1: config 0 descriptor??
[   85.312489][   T29] kauditd_printk_skb: 2 callbacks suppressed
[   85.312497][   T29] audit: type=1400 audit(1739261624.616:291): avc:  denied  { rename } for  pid=5175 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[   85.385843][ T6357] hpfs: Bad magic ... probably not HPFS
[   85.449681][   T29] audit: type=1400 audit(1739261624.616:292): avc:  denied  { unlink } for  pid=5175 comm="syslogd" name="messages.0" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[   85.533714][   T29] audit: type=1400 audit(1739261624.616:293): avc:  denied  { create } for  pid=5175 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[   85.867600][ T6363] FAULT_INJECTION: forcing a failure.
[   85.867600][ T6363] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   85.906259][   T29] audit: type=1400 audit(1739261625.156:294): avc:  denied  { create } for  pid=6355 comm="syz.2.109" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[   85.927574][ T6363] CPU: 0 UID: 0 PID: 6363 Comm: syz.2.109 Not tainted 6.14.0-rc2-syzkaller-00034-gfebbc555cf0f #0
[   85.927594][ T6363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   85.927602][ T6363] Call Trace:
[   85.927606][ T6363]  <TASK>
[   85.927611][ T6363]  dump_stack_lvl+0x16c/0x1f0
[   85.927627][ T6363]  should_fail_ex+0x50a/0x650
[   85.927644][ T6363]  _copy_from_user+0x2e/0xd0
[   85.927653][ T6363]  copy_msghdr_from_user+0x99/0x160
[   85.927667][ T6363]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[   85.927679][ T6363]  ? __lock_acquire+0xcc5/0x3c40
[   85.927698][ T6363]  ___sys_sendmsg+0xff/0x1e0
[   85.927711][ T6363]  ? __pfx____sys_sendmsg+0x10/0x10
[   85.927728][ T6363]  ? trace_lock_acquire+0x14e/0x1f0
[   85.927746][ T6363]  __sys_sendmmsg+0x201/0x420
[   85.927760][ T6363]  ? __pfx___sys_sendmmsg+0x10/0x10
[   85.927776][ T6363]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[   85.927792][ T6363]  ? fput+0x67/0x440
[   85.927804][ T6363]  ? ksys_write+0x1ba/0x250
[   85.927818][ T6363]  ? __pfx_ksys_write+0x10/0x10
[   85.927835][ T6363]  __x64_sys_sendmmsg+0x9c/0x100
[   85.927847][ T6363]  ? lockdep_hardirqs_on+0x7c/0x110
[   85.927858][ T6363]  do_syscall_64+0xcd/0x250
[   85.927869][ T6363]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.927883][ T6363] RIP: 0033:0x7f777198cde9
[   85.927890][ T6363] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   85.927899][ T6363] RSP: 002b:00007f7772829038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[   85.927909][ T6363] RAX: ffffffffffffffda RBX: 00007f7771ba6080 RCX: 00007f777198cde9
[   85.927914][ T6363] RDX: 0000000000000213 RSI: 0000400000001dc0 RDI: 0000000000000008
[   85.927920][ T6363] RBP: 00007f7772829090 R08: 0000000000000000 R09: 0000000000000000
[   85.927925][ T6363] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   85.927930][ T6363] R13: 0000000000000000 R14: 00007f7771ba6080 R15: 00007ffed5461d78
[   85.927941][ T6363]  </TASK>
[   86.188902][   T29] audit: type=1400 audit(1739261625.156:295): avc:  denied  { bind } for  pid=6355 comm="syz.2.109" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[   86.208851][   T29] audit: type=1400 audit(1739261625.236:296): avc:  denied  { read } for  pid=6359 comm="syz.3.111" name="rtc0" dev="devtmpfs" ino=921 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[   86.233489][   T29] audit: type=1400 audit(1739261625.236:297): avc:  denied  { open } for  pid=6359 comm="syz.3.111" path="/dev/rtc0" dev="devtmpfs" ino=921 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[   86.257411][   T29] audit: type=1400 audit(1739261625.236:298): avc:  denied  { ioctl } for  pid=6359 comm="syz.3.111" path="/dev/rtc0" dev="devtmpfs" ino=921 ioctlcmd=0x700b scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[   86.454021][ T5869] usb 2-1: USB disconnect, device number 4
[   86.595000][ T6375] netlink: 8 bytes leftover after parsing attributes in process `syz.0.113'.
[   86.981387][   T29] audit: type=1400 audit(1739261626.286:299): avc:  denied  { create } for  pid=6373 comm="syz.2.115" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[   87.016109][ T6379] FAULT_INJECTION: forcing a failure.
[   87.016109][ T6379] name failslab, interval 1, probability 0, space 0, times 0
[   87.042482][   T29] audit: type=1400 audit(1739261626.326:300): avc:  denied  { setopt } for  pid=6373 comm="syz.2.115" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[   87.061791][ T6379] CPU: 1 UID: 0 PID: 6379 Comm: syz.0.117 Not tainted 6.14.0-rc2-syzkaller-00034-gfebbc555cf0f #0
[   87.061812][ T6379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   87.061821][ T6379] Call Trace:
[   87.061825][ T6379]  <TASK>
[   87.061832][ T6379]  dump_stack_lvl+0x16c/0x1f0
[   87.061855][ T6379]  should_fail_ex+0x50a/0x650
[   87.061878][ T6379]  ? fs_reclaim_acquire+0xae/0x150
[   87.061901][ T6379]  ? io_uring_alloc_task_context+0x9e/0x690
[   87.061918][ T6379]  should_failslab+0xc2/0x120
[   87.061936][ T6379]  __kmalloc_cache_noprof+0x68/0x410
[   87.061958][ T6379]  ? __pfx___lock_acquire+0x10/0x10
[   87.061983][ T6379]  io_uring_alloc_task_context+0x9e/0x690
[   87.062002][ T6379]  ? __pfx_io_uring_alloc_task_context+0x10/0x10
[   87.062018][ T6379]  ? find_held_lock+0x2d/0x110
[   87.062035][ T6379]  ? __fget_files+0x1fc/0x3a0
[   87.062051][ T6379]  __io_uring_add_tctx_node+0x2e0/0x500
[   87.062067][ T6379]  ? __pfx___io_uring_add_tctx_node+0x10/0x10
[   87.062089][ T6379]  __io_uring_add_tctx_node_from_submit+0x89/0x130
[   87.062107][ T6379]  __do_sys_io_uring_enter+0x1277/0x1670
[   87.062132][ T6379]  ? __fget_files+0x206/0x3a0
[   87.062144][ T6379]  ? __pfx___do_sys_io_uring_enter+0x10/0x10
[   87.062166][ T6379]  ? fput+0x67/0x440
[   87.062182][ T6379]  ? ksys_write+0x1ba/0x250
[   87.062201][ T6379]  ? __pfx_ksys_write+0x10/0x10
[   87.062226][ T6379]  do_syscall_64+0xcd/0x250
[   87.062242][ T6379]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.062261][ T6379] RIP: 0033:0x7fd268f8cde9
[   87.062272][ T6379] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   87.062284][ T6379] RSP: 002b:00007fd269d8d038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[   87.062297][ T6379] RAX: ffffffffffffffda RBX: 00007fd2691a6080 RCX: 00007fd268f8cde9
[   87.062306][ T6379] RDX: 0000000000000000 RSI: 0000000000000db4 RDI: 0000000000000004
[   87.062314][ T6379] RBP: 00007fd269d8d090 R08: 0000000000000000 R09: 0000000000000000
[   87.062321][ T6379] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   87.062329][ T6379] R13: 0000000000000001 R14: 00007fd2691a6080 R15: 00007fffbdcb60a8
[   87.062346][ T6379]  </TASK>
[   87.406034][ T6385] netlink: 260 bytes leftover after parsing attributes in process `syz.1.118'.
[   87.461319][ T6377]  nullb0: AHDI p1
[   88.962517][ T6415] overlayfs: failed to resolve './file0/file0': -2
[   89.417296][ T6420] mmap: syz.2.126 (6420) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   90.082911][ T6425] FAULT_INJECTION: forcing a failure.
[   90.082911][ T6425] name failslab, interval 1, probability 0, space 0, times 0
[   90.095593][ T6425] CPU: 1 UID: 0 PID: 6425 Comm: syz.3.127 Not tainted 6.14.0-rc2-syzkaller-00034-gfebbc555cf0f #0
[   90.095612][ T6425] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   90.095621][ T6425] Call Trace:
[   90.095626][ T6425]  <TASK>
[   90.095633][ T6425]  dump_stack_lvl+0x16c/0x1f0
[   90.095656][ T6425]  should_fail_ex+0x50a/0x650
[   90.095681][ T6425]  ? fs_reclaim_acquire+0xae/0x150
[   90.095705][ T6425]  ? tomoyo_realpath_from_path+0xb9/0x720
[   90.095729][ T6425]  should_failslab+0xc2/0x120
[   90.095748][ T6425]  __kmalloc_noprof+0xcb/0x510
[   90.095770][ T6425]  tomoyo_realpath_from_path+0xb9/0x720
[   90.095792][ T6425]  ? tomoyo_path_number_perm+0x235/0x590
[   90.095814][ T6425]  ? tomoyo_path_number_perm+0x235/0x590
[   90.095836][ T6425]  tomoyo_path_number_perm+0x248/0x590
[   90.095855][ T6425]  ? tomoyo_path_number_perm+0x235/0x590
[   90.095877][ T6425]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[   90.095905][ T6425]  ? __pfx_lock_release+0x10/0x10
[   90.095943][ T6425]  ? rcu_is_watching+0x12/0xc0
[   90.095963][ T6425]  ? __rcu_read_unlock+0x2b4/0x580
[   90.095986][ T6425]  ? __fget_files+0x206/0x3a0
[   90.096006][ T6425]  security_file_ioctl+0x9b/0x240
[   90.096030][ T6425]  __x64_sys_ioctl+0xb7/0x200
[   90.096054][ T6425]  do_syscall_64+0xcd/0x250
[   90.096074][ T6425]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   90.096097][ T6425] RIP: 0033:0x7f933a98cde9
[   90.096109][ T6425] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   90.096124][ T6425] RSP: 002b:00007f933b84b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   90.096139][ T6425] RAX: ffffffffffffffda RBX: 00007f933aba6160 RCX: 00007f933a98cde9
[   90.096150][ T6425] RDX: 0000400000000080 RSI: 0000000040046109 RDI: 0000000000000004
[   90.096159][ T6425] RBP: 00007f933b84b090 R08: 0000000000000000 R09: 0000000000000000
[   90.096168][ T6425] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   90.096178][ T6425] R13: 0000000000000000 R14: 00007f933aba6160 R15: 00007ffe43f8bf78
[   90.096199][ T6425]  </TASK>
[   90.096221][ T6425] ERROR: Out of memory at tomoyo_realpath_from_path.
[   91.446278][   T29] kauditd_printk_skb: 13 callbacks suppressed
[   91.446293][   T29] audit: type=1326 audit(1739261635.743:314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6444 comm="syz.4.134" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f514498cde9 code=0x0
[   91.575035][ T6446] FAULT_INJECTION: forcing a failure.
[   91.575035][ T6446] name failslab, interval 1, probability 0, space 0, times 0
[   91.588385][ T6446] CPU: 0 UID: 0 PID: 6446 Comm: syz.3.133 Not tainted 6.14.0-rc2-syzkaller-00034-gfebbc555cf0f #0
[   91.588404][ T6446] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   91.588413][ T6446] Call Trace:
[   91.588418][ T6446]  <TASK>
[   91.588424][ T6446]  dump_stack_lvl+0x16c/0x1f0
[   91.588446][ T6446]  should_fail_ex+0x50a/0x650
[   91.588465][ T6446]  ? fs_reclaim_acquire+0xae/0x150
[   91.588481][ T6446]  ? kernfs_fop_write_iter+0x223/0x500
[   91.588492][ T6446]  should_failslab+0xc2/0x120
[   91.588503][ T6446]  __kmalloc_noprof+0xcb/0x510
[   91.588514][ T6446]  ? kernfs_fop_write_iter+0x1d/0x500
[   91.588527][ T6446]  kernfs_fop_write_iter+0x223/0x500
[   91.588540][ T6446]  vfs_write+0x5ae/0x1150
[   91.588556][ T6446]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[   91.588568][ T6446]  ? __pfx___mutex_lock+0x10/0x10
[   91.588579][ T6446]  ? __pfx_vfs_write+0x10/0x10
[   91.588602][ T6446]  ksys_write+0x12b/0x250
[   91.588616][ T6446]  ? __pfx_ksys_write+0x10/0x10
[   91.588635][ T6446]  do_syscall_64+0xcd/0x250
[   91.588646][ T6446]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   91.588661][ T6446] RIP: 0033:0x7f933a98cde9
[   91.588669][ T6446] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   91.588679][ T6446] RSP: 002b:00007f933b86c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   91.588688][ T6446] RAX: ffffffffffffffda RBX: 00007f933aba6080 RCX: 00007f933a98cde9
[   91.588694][ T6446] RDX: 0000000000000106 RSI: 0000400000001340 RDI: 0000000000000005
[   91.588699][ T6446] RBP: 00007f933b86c090 R08: 0000000000000000 R09: 0000000000000000
[   91.588704][ T6446] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   91.588710][ T6446] R13: 0000000000000000 R14: 00007f933aba6080 R15: 00007ffe43f8bf78
[   91.588721][ T6446]  </TASK>
[   92.208149][ T6452] input: syz0 as /devices/virtual/input/input9
[   92.235333][ T6452] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   92.550941][   T29] audit: type=1400 audit(1739261636.843:315): avc:  denied  { bind } for  pid=6451 comm="syz.3.137" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   92.879955][   T29] audit: type=1400 audit(1739261636.843:316): avc:  denied  { name_bind } for  pid=6451 comm="syz.3.137" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1
[   92.901372][   T29] audit: type=1400 audit(1739261636.843:317): avc:  denied  { node_bind } for  pid=6451 comm="syz.3.137" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1
[   93.442445][   T29] audit: type=1400 audit(1739261636.843:318): avc:  denied  { read } for  pid=6451 comm="syz.3.137" lport=20000 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   93.515671][   T29] audit: type=1400 audit(1739261637.223:319): avc:  denied  { setattr } for  pid=6458 comm="syz.3.138" name="ALG" dev="sockfs" ino=9932 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[   93.763642][ T6474] netlink: 16 bytes leftover after parsing attributes in process `syz.3.141'.
[   94.218890][    T8] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   94.382164][    T8] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   94.412171][    T8] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[   94.441967][    T8] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[   94.458909][    T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[   94.471244][   T67] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   94.481978][    T8] usb 4-1: SerialNumber: syz
[   94.781338][ T6494] netlink: 8 bytes leftover after parsing attributes in process `syz.0.145'.
[   95.216438][    T8] usb 4-1: 0:2 : does not exist
[   95.288857][    T8] usb 4-1: USB disconnect, device number 2
[   95.423810][ T5826] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   95.432601][ T5826] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   95.441468][ T5826] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   95.449509][ T5826] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   95.457478][ T5826] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   95.465145][ T5826] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   95.482266][   T29] audit: type=1400 audit(1739261639.783:320): avc:  denied  { mounton } for  pid=6497 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[   95.529603][ T5809] udevd[5809]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[   95.530444][   T67] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   95.901587][   T67] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   96.072663][ T6507] netlink: 8 bytes leftover after parsing attributes in process `syz.4.147'.
[   96.793655][ T6515] Bluetooth: hci5: received HCILL_GO_TO_SLEEP_ACK in state 2
[   96.818055][   T67] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   96.839490][  T304] Bluetooth: hci5: Frame reassembly failed (-84)
[   97.044800][   T29] audit: type=1400 audit(1739261641.343:321): avc:  denied  { mount } for  pid=6508 comm="syz.3.149" name="/" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[   97.205796][ T6497] chnl_net:caif_netlink_parms(): no params data found
[   97.215531][   T29] audit: type=1400 audit(1739261641.503:322): avc:  denied  { read } for  pid=6508 comm="syz.3.149" name="usbmon7" dev="devtmpfs" ino=737 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[   97.288939][   T29] audit: type=1400 audit(1739261641.503:323): avc:  denied  { open } for  pid=6508 comm="syz.3.149" path="/dev/usbmon7" dev="devtmpfs" ino=737 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[   97.332170][   T29] audit: type=1400 audit(1739261641.633:324): avc:  denied  { open } for  pid=6528 comm="syz.4.152" path="/dev/ttyqd" dev="devtmpfs" ino=388 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1
[   97.364640][   T29] audit: type=1400 audit(1739261641.653:325): avc:  denied  { map } for  pid=6528 comm="syz.4.152" path="socket:[10096]" dev="sockfs" ino=10096 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1
[   97.529098][ T5832] Bluetooth: hci2: command tx timeout
[   97.657446][ T6497] bridge0: port 1(bridge_slave_0) entered blocking state
[   97.686594][ T6497] bridge0: port 1(bridge_slave_0) entered disabled state
[   97.708051][ T6497] bridge_slave_0: entered allmulticast mode
[   97.714698][   T29] audit: type=1400 audit(1739261642.013:326): avc:  denied  { search } for  pid=5175 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   97.754906][ T6497] bridge_slave_0: entered promiscuous mode
[   97.776773][   T67] bridge_slave_1: left allmulticast mode
[   97.783813][   T67] bridge_slave_1: left promiscuous mode
[   97.799865][   T67] bridge0: port 2(bridge_slave_1) entered disabled state
[   97.836021][   T67] bridge_slave_0: left allmulticast mode
[   97.842867][   T67] bridge_slave_0: left promiscuous mode
[   97.848522][   T67] bridge0: port 1(bridge_slave_0) entered disabled state
[   97.943536][   T29] audit: type=1400 audit(1739261642.243:327): avc:  denied  { unmount } for  pid=5820 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[   97.998992][ T5865] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   98.320372][ T6556] netlink: 8 bytes leftover after parsing attributes in process `syz.4.155'.
[   98.458420][   T29] audit: type=1400 audit(1739261642.753:328): avc:  denied  { setopt } for  pid=6551 comm="syz.3.156" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[   98.694542][ T5865] usb 1-1: Using ep0 maxpacket: 16
[   98.699674][   T29] audit: type=1400 audit(1739261642.813:329): avc:  denied  { bind } for  pid=6551 comm="syz.3.156" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[   98.727287][ T5865] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   98.752010][ T5865] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[   98.773520][ T5865] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[   98.788418][ T5865] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[   98.801668][ T5865] usb 1-1: Manufacturer: syz
[   98.809260][ T5826] Bluetooth: hci5: Opcode 0x1003 failed: -110
[   98.810080][ T5832] Bluetooth: hci5: command 0x1003 tx timeout
[   98.820145][ T5865] usb 1-1: config 0 descriptor??
[   99.234626][   T67] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   99.310089][   T67] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   99.370690][   T67] bond0 (unregistering): Released all slaves
[   99.464989][ T6497] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.473600][ T6497] bridge0: port 2(bridge_slave_1) entered disabled state
[   99.498144][ T6497] bridge_slave_1: entered allmulticast mode
[   99.510674][ T6497] bridge_slave_1: entered promiscuous mode
[   99.570637][ T5865] usb 1-1: USB disconnect, device number 2
[   99.609113][ T5826] Bluetooth: hci2: command tx timeout
[   99.885136][ T6574] FAULT_INJECTION: forcing a failure.
[   99.885136][ T6574] name failslab, interval 1, probability 0, space 0, times 0
[   99.918930][ T6574] CPU: 0 UID: 0 PID: 6574 Comm: syz.2.160 Not tainted 6.14.0-rc2-syzkaller-00034-gfebbc555cf0f #0
[   99.918960][ T6574] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   99.918976][ T6574] Call Trace:
[   99.918981][ T6574]  <TASK>
[   99.918988][ T6574]  dump_stack_lvl+0x16c/0x1f0
[   99.919012][ T6574]  should_fail_ex+0x50a/0x650
[   99.919036][ T6574]  ? fs_reclaim_acquire+0xae/0x150
[   99.919061][ T6574]  ? tomoyo_realpath_from_path+0xb9/0x720
[   99.919083][ T6574]  should_failslab+0xc2/0x120
[   99.919102][ T6574]  __kmalloc_noprof+0xcb/0x510
[   99.919118][ T6574]  ? __pfx_lock_acquire.part.0+0x10/0x10
[   99.919146][ T6574]  tomoyo_realpath_from_path+0xb9/0x720
[   99.919168][ T6574]  ? tomoyo_path_number_perm+0x235/0x590
[   99.919189][ T6574]  ? tomoyo_path_number_perm+0x235/0x590
[   99.919212][ T6574]  tomoyo_path_number_perm+0x248/0x590
[   99.919228][ T6574]  ? tomoyo_path_number_perm+0x235/0x590
[   99.919249][ T6574]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[   99.919291][ T6574]  ? __pfx_lock_release+0x10/0x10
[   99.919313][ T6574]  ? trace_lock_acquire+0x14e/0x1f0
[   99.919334][ T6574]  ? lock_acquire+0x2f/0xb0
[   99.919354][ T6574]  ? __fget_files+0x40/0x3a0
[   99.919373][ T6574]  ? __fget_files+0x206/0x3a0
[   99.919391][ T6574]  security_file_ioctl+0x9b/0x240
[   99.919416][ T6574]  __x64_sys_ioctl+0xb7/0x200
[   99.919440][ T6574]  do_syscall_64+0xcd/0x250
[   99.919460][ T6574]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   99.919482][ T6574] RIP: 0033:0x7f777198cde9
[   99.919494][ T6574] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   99.919510][ T6574] RSP: 002b:00007f777284a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   99.919525][ T6574] RAX: ffffffffffffffda RBX: 00007f7771ba5fa0 RCX: 00007f777198cde9
[   99.919536][ T6574] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006
[   99.919545][ T6574] RBP: 00007f777284a090 R08: 0000000000000000 R09: 0000000000000000
[   99.919554][ T6574] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   99.919562][ T6574] R13: 0000000000000000 R14: 00007f7771ba5fa0 R15: 00007ffed5461d78
[   99.919584][ T6574]  </TASK>
[   99.919652][ T6574] ERROR: Out of memory at tomoyo_realpath_from_path.
[  100.029627][ T6497] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  100.037512][ T6574] kvm: kvm [6572]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x4000
[  100.287358][   T29] audit: type=1400 audit(1739261644.583:330): avc:  denied  { create } for  pid=6567 comm="syz.4.158" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  100.434418][ T6497] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  100.587364][ T6589] 9pnet_fd: Insufficient options for proto=fd
[  100.619243][ T6587] kvm: kvm [6586]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x4000
[  100.784452][ T6497] team0: Port device team_slave_0 added
[  100.820639][   T67] hsr_slave_0: left promiscuous mode
[  100.852668][   T67] hsr_slave_1: left promiscuous mode
[  100.860726][   T67] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  100.877505][   T67] batman_adv: batadv0: Removing interface: batadv_slave_0
[  100.928407][   T67] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  100.967197][   T67] batman_adv: batadv0: Removing interface: batadv_slave_1
[  101.277885][ T6608] process 'syz.2.166' launched '/dev/fd/7' with NULL argv: empty string added
[  101.336129][   T67] veth1_macvtap: left promiscuous mode
[  101.346512][   T67] veth0_macvtap: left promiscuous mode
[  101.352203][   T67] veth1_vlan: left promiscuous mode
[  101.357736][   T67] veth0_vlan: left promiscuous mode
[  101.686005][ T6617] netlink: 8 bytes leftover after parsing attributes in process `syz.3.167'.
[  101.699190][ T5826] Bluetooth: hci2: command tx timeout
[  102.356544][ T6621] netlink: 8 bytes leftover after parsing attributes in process `syz.0.168'.
[  102.607339][   T67] team0 (unregistering): Port device team_slave_1 removed
[  102.949409][   T67] team0 (unregistering): Port device team_slave_0 removed
[  103.570715][ T6497] team0: Port device team_slave_1 added
[  103.769173][ T5826] Bluetooth: hci2: command tx timeout
[  104.132117][ T6497] batman_adv: batadv0: Adding interface: batadv_slave_0
[  104.139288][ T6497] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  104.167242][ T6497] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  104.185623][ T6497] batman_adv: batadv0: Adding interface: batadv_slave_1
[  104.216912][ T6497] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  104.465594][ T6643] netlink: 88 bytes leftover after parsing attributes in process `syz.0.173'.
[  104.564308][ T6497] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  104.632915][ T6497] hsr_slave_0: entered promiscuous mode
[  104.649205][ T6497] hsr_slave_1: entered promiscuous mode
[  104.662137][ T6497] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  104.708851][ T6497] Cannot create hsr debugfs directory
[  104.739241][    T8] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  104.859237][ T6658] netlink: 'syz.3.178': attribute type 30 has an invalid length.
[  104.891262][    T8] usb 3-1: Using ep0 maxpacket: 16
[  104.897912][   T29] kauditd_printk_skb: 30 callbacks suppressed
[  104.897931][   T29] audit: type=1400 audit(1739261649.193:361): avc:  denied  { write } for  pid=6654 comm="syz.0.175" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1
[  104.909043][    T8] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  105.040347][    T8] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  105.059715][    T8] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  105.069361][    T8] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  105.077357][    T8] usb 3-1: Manufacturer: syz
[  105.092954][    T8] usb 3-1: config 0 descriptor??
[  105.156250][ T6497] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  105.181610][ T6497] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  105.216779][ T6497] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  105.253386][ T6497] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  105.368336][ T6497] 8021q: adding VLAN 0 to HW filter on device bond0
[  105.414337][ T6497] 8021q: adding VLAN 0 to HW filter on device team0
[  105.428408][   T35] bridge0: port 1(bridge_slave_0) entered blocking state
[  105.435534][   T35] bridge0: port 1(bridge_slave_0) entered forwarding state
[  105.458152][   T35] bridge0: port 2(bridge_slave_1) entered blocking state
[  105.465283][   T35] bridge0: port 2(bridge_slave_1) entered forwarding state
[  105.481336][ T6497] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  105.501817][ T5865] usb 3-1: USB disconnect, device number 3
[  105.790298][ T6682] netlink: 16 bytes leftover after parsing attributes in process `syz.0.179'.
[  105.974066][ T6690] FAULT_INJECTION: forcing a failure.
[  105.974066][ T6690] name failslab, interval 1, probability 0, space 0, times 0
[  105.987237][ T6690] CPU: 0 UID: 0 PID: 6690 Comm: syz.4.180 Not tainted 6.14.0-rc2-syzkaller-00034-gfebbc555cf0f #0
[  105.987257][ T6690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  105.987266][ T6690] Call Trace:
[  105.987271][ T6690]  <TASK>
[  105.987278][ T6690]  dump_stack_lvl+0x16c/0x1f0
[  105.987302][ T6690]  should_fail_ex+0x50a/0x650
[  105.987326][ T6690]  ? fs_reclaim_acquire+0xae/0x150
[  105.987351][ T6690]  should_failslab+0xc2/0x120
[  105.987369][ T6690]  kmem_cache_alloc_noprof+0x6e/0x3d0
[  105.987387][ T6690]  ? create_new_namespaces+0x30/0xad0
[  105.987417][ T6690]  create_new_namespaces+0x30/0xad0
[  105.987441][ T6690]  ? bpf_lsm_capable+0x9/0x10
[  105.987460][ T6690]  ? security_capable+0x7e/0x260
[  105.987482][ T6690]  unshare_nsproxy_namespaces+0xc0/0x1f0
[  105.987510][ T6690]  ksys_unshare+0x45d/0xa40
[  105.987527][ T6690]  ? __pfx_ksys_unshare+0x10/0x10
[  105.987544][ T6690]  ? ksys_write+0x1ba/0x250
[  105.987576][ T6690]  __x64_sys_unshare+0x31/0x40
[  105.987593][ T6690]  do_syscall_64+0xcd/0x250
[  105.987613][ T6690]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  105.987636][ T6690] RIP: 0033:0x7f514498cde9
[  105.987649][ T6690] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  105.987664][ T6690] RSP: 002b:00007f5145814038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  105.987679][ T6690] RAX: ffffffffffffffda RBX: 00007f5144ba6160 RCX: 00007f514498cde9
[  105.987689][ T6690] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006a040000
[  105.987699][ T6690] RBP: 00007f5145814090 R08: 0000000000000000 R09: 0000000000000000
[  105.987708][ T6690] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  105.987717][ T6690] R13: 0000000000000000 R14: 00007f5144ba6160 R15: 00007ffef3ac42c8
[  105.987739][ T6690]  </TASK>
[  106.176753][   T25] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  106.372418][   T25] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  106.408643][   T25] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  106.415965][ T6497] 8021q: adding VLAN 0 to HW filter on device batadv0
[  106.475393][   T25] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  106.520315][   T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  106.557424][   T25] usb 1-1: SerialNumber: syz
[  106.663281][ T6700] hpfs: Bad magic ... probably not HPFS
[  106.777283][   T25] usb 1-1: 0:2 : does not exist
[  106.793580][   T25] usb 1-1: USB disconnect, device number 3
[  106.886473][ T6706] netlink: 8 bytes leftover after parsing attributes in process `syz.2.181'.
[  107.544916][ T6497] veth0_vlan: entered promiscuous mode
[  107.558353][ T6497] veth1_vlan: entered promiscuous mode
[  107.602493][ T5809] udevd[5809]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  107.607146][ T6497] veth0_macvtap: entered promiscuous mode
[  108.767886][ T6497] veth1_macvtap: entered promiscuous mode
[  108.816847][ T6497] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  108.831848][ T6497] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  108.849200][ T6497] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  108.874236][ T6497] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  108.918905][ T6497] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  108.952948][ T6497] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  108.979326][ T6497] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  109.012720][ T6497] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  109.039951][ T6497] batman_adv: batadv0: Interface activated: batadv_slave_0
[  109.052431][ T6497] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  109.098970][ T6497] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  109.129001][ T6497] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  109.149079][ T6497] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  109.172941][ T6497] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  109.213427][ T6497] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  109.228875][  T117] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  109.232192][ T6497] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  109.263032][ T6497] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  109.290150][ T6497] batman_adv: batadv0: Interface activated: batadv_slave_1
[  109.325287][ T6497] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  109.342865][ T6497] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  109.370288][ T6497] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  109.389034][ T6497] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  109.409000][  T117] usb 3-1: Using ep0 maxpacket: 16
[  109.434593][  T117] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  109.474949][  T117] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  109.495402][  T117] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  109.509125][  T117] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  109.526878][  T117] usb 3-1: Manufacturer: syz
[  109.529532][ T3539] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  109.554053][  T117] usb 3-1: config 0 descriptor??
[  109.570194][ T3539] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  109.610526][ T6327] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  109.640737][ T6327] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  109.653410][ T6739] hpfs: Bad magic ... probably not HPFS
[  109.699026][   T29] audit: type=1400 audit(1739261653.993:362): avc:  denied  { mount } for  pid=6497 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  109.744537][   T29] audit: type=1400 audit(1739261654.023:363): avc:  denied  { mounton } for  pid=6497 comm="syz-executor" path="/root/syzkaller.O0qbMo/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  109.851304][   T29] audit: type=1400 audit(1739261654.073:364): avc:  denied  { mount } for  pid=6497 comm="syz-executor" name="/" dev="gadgetfs" ino=7080 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  109.924130][ T5865] usb 3-1: USB disconnect, device number 4
[  110.116635][   T29] audit: type=1400 audit(1739261654.413:365): avc:  denied  { create } for  pid=6758 comm="syz.5.144" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  110.218313][ T6761] netlink: 8 bytes leftover after parsing attributes in process `syz.3.194'.
[  110.359100][ T5868] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  110.518971][ T5868] usb 5-1: Using ep0 maxpacket: 8
[  110.636962][   T29] audit: type=1400 audit(1739261654.933:366): avc:  denied  { append } for  pid=6758 comm="syz.5.144" name="dlm-control" dev="devtmpfs" ino=94 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  110.661516][ T6760] dlm: no local IP address has been set
[  110.681243][ T5868] usb 5-1: config 0 has an invalid interface number: 128 but max is 0
[  110.682408][ T6760] dlm: cannot start dlm midcomms -107
[  110.705464][ T5868] usb 5-1: config 0 has no interface number 0
[  110.726161][ T5868] usb 5-1: New USB device found, idVendor=10c4, idProduct=8244, bcdDevice=dc.00
[  110.743554][ T5868] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  110.752587][ T5868] usb 5-1: Product: syz
[  110.756750][ T5868] usb 5-1: Manufacturer: syz
[  110.761395][ T5868] usb 5-1: SerialNumber: syz
[  110.936077][ T5868] usb 5-1: config 0 descriptor??
[  110.941181][   T29] audit: type=1400 audit(1739261655.083:367): avc:  denied  { write } for  pid=6770 comm="syz.2.197" name="001" dev="devtmpfs" ino=736 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  110.981713][ T5868] radio-usb-si4713 5-1:0.128: Si4713 development board discovered: (10C4:8244)
[  111.254324][ T5868] radio-usb-si4713 5-1:0.128: probe with driver radio-usb-si4713 failed with error -71
[  111.283179][ T5868] usbhid 5-1:0.128: couldn't find an input interrupt endpoint
[  111.314826][ T5868] usb 5-1: USB disconnect, device number 4
[  111.321683][ T6789] FAULT_INJECTION: forcing a failure.
[  111.321683][ T6789] name failslab, interval 1, probability 0, space 0, times 0
[  111.359557][ T6789] CPU: 1 UID: 0 PID: 6789 Comm: syz.5.200 Not tainted 6.14.0-rc2-syzkaller-00034-gfebbc555cf0f #0
[  111.359578][ T6789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  111.359588][ T6789] Call Trace:
[  111.359593][ T6789]  <TASK>
[  111.359599][ T6789]  dump_stack_lvl+0x16c/0x1f0
[  111.359621][ T6789]  should_fail_ex+0x50a/0x650
[  111.359644][ T6789]  ? fs_reclaim_acquire+0xae/0x150
[  111.359669][ T6789]  should_failslab+0xc2/0x120
[  111.359688][ T6789]  kmem_cache_alloc_noprof+0x6e/0x3d0
[  111.359705][ T6789]  ? getname_flags.part.0+0x4c/0x550
[  111.359729][ T6789]  getname_flags.part.0+0x4c/0x550
[  111.359752][ T6789]  getname+0x8d/0xe0
[  111.359774][ T6789]  do_sys_openat2+0x104/0x1e0
[  111.359793][ T6789]  ? __pfx_do_sys_openat2+0x10/0x10
[  111.359815][ T6789]  ? __fget_files+0x206/0x3a0
[  111.359844][ T6789]  __x64_sys_open+0x154/0x1e0
[  111.359864][ T6789]  ? __pfx___x64_sys_open+0x10/0x10
[  111.359892][ T6789]  do_syscall_64+0xcd/0x250
[  111.359912][ T6789]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  111.359934][ T6789] RIP: 0033:0x7ff9bc38cde9
[  111.359947][ T6789] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  111.359962][ T6789] RSP: 002b:00007ff9bd1a4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[  111.359977][ T6789] RAX: ffffffffffffffda RBX: 00007ff9bc5a5fa0 RCX: 00007ff9bc38cde9
[  111.359988][ T6789] RDX: 0000000000000069 RSI: 0000000000000000 RDI: 0000400000000340
[  111.359997][ T6789] RBP: 00007ff9bd1a4090 R08: 0000000000000000 R09: 0000000000000000
[  111.360006][ T6789] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  111.360016][ T6789] R13: 0000000000000000 R14: 00007ff9bc5a5fa0 R15: 00007ffc80c5c3f8
[  111.360036][ T6789]  </TASK>
[  111.587920][ T6797] hpfs: Bad magic ... probably not HPFS
[  112.175969][ T6820] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[  112.589353][ T6835] netlink: 12 bytes leftover after parsing attributes in process `syz.2.212'.
[  112.655879][ T6837] netlink: 24 bytes leftover after parsing attributes in process `syz.2.212'.
[  112.722075][ T6839] FAULT_INJECTION: forcing a failure.
[  112.722075][ T6839] name failslab, interval 1, probability 0, space 0, times 0
[  112.734900][ T6839] CPU: 0 UID: 0 PID: 6839 Comm: syz.3.210 Not tainted 6.14.0-rc2-syzkaller-00034-gfebbc555cf0f #0
[  112.734920][ T6839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  112.734930][ T6839] Call Trace:
[  112.734935][ T6839]  <TASK>
[  112.734941][ T6839]  dump_stack_lvl+0x16c/0x1f0
[  112.734963][ T6839]  should_fail_ex+0x50a/0x650
[  112.734987][ T6839]  ? fs_reclaim_acquire+0xae/0x150
[  112.735012][ T6839]  ? tomoyo_realpath_from_path+0xb9/0x720
[  112.735036][ T6839]  should_failslab+0xc2/0x120
[  112.735055][ T6839]  __kmalloc_noprof+0xcb/0x510
[  112.735071][ T6839]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  112.735099][ T6839]  tomoyo_realpath_from_path+0xb9/0x720
[  112.735121][ T6839]  ? tomoyo_path_number_perm+0x235/0x590
[  112.735143][ T6839]  ? tomoyo_path_number_perm+0x235/0x590
[  112.735165][ T6839]  tomoyo_path_number_perm+0x248/0x590
[  112.735183][ T6839]  ? tomoyo_path_number_perm+0x235/0x590
[  112.735206][ T6839]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  112.735235][ T6839]  ? __schedule+0x3c6a/0x5890
[  112.735259][ T6839]  ? lockdep_hardirqs_on+0x7c/0x110
[  112.735288][ T6839]  ? __pfx_lock_release+0x10/0x10
[  112.735309][ T6839]  ? trace_lock_acquire+0x14e/0x1f0
[  112.735328][ T6839]  ? __pfx___schedule+0x10/0x10
[  112.735353][ T6839]  ? lock_acquire+0x2f/0xb0
[  112.735374][ T6839]  ? __fget_files+0x40/0x3a0
[  112.735393][ T6839]  ? __fget_files+0x206/0x3a0
[  112.735412][ T6839]  security_file_ioctl+0x9b/0x240
[  112.735436][ T6839]  __x64_sys_ioctl+0xb7/0x200
[  112.735461][ T6839]  do_syscall_64+0xcd/0x250
[  112.735481][ T6839]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  112.735503][ T6839] RIP: 0033:0x7f933a98cde9
[  112.735516][ T6839] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  112.735533][ T6839] RSP: 002b:00007f933b84b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  112.735549][ T6839] RAX: ffffffffffffffda RBX: 00007f933aba6160 RCX: 00007f933a98cde9
[  112.735559][ T6839] RDX: 0000400000000040 RSI: 00000000c0105512 RDI: 0000000000000003
[  112.735569][ T6839] RBP: 00007f933b84b090 R08: 0000000000000000 R09: 0000000000000000
[  112.735578][ T6839] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  112.735587][ T6839] R13: 0000000000000000 R14: 00007f933aba6160 R15: 00007ffe43f8bf78
[  112.735610][ T6839]  </TASK>
[  112.735631][ T6839] ERROR: Out of memory at tomoyo_realpath_from_path.
[  112.973148][ T6839] hub 6-0:1.0: USB hub found
[  112.978732][ T6839] hub 6-0:1.0: 1 port detected
[  113.416825][ T6831] netlink: 8 bytes leftover after parsing attributes in process `syz.0.205'.
[  114.431344][ T6854] hpfs: Bad magic ... probably not HPFS
[  114.685698][ T6861] FAULT_INJECTION: forcing a failure.
[  114.685698][ T6861] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  114.771486][ T6861] CPU: 0 UID: 0 PID: 6861 Comm: syz.3.216 Not tainted 6.14.0-rc2-syzkaller-00034-gfebbc555cf0f #0
[  114.771510][ T6861] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  114.771519][ T6861] Call Trace:
[  114.771524][ T6861]  <TASK>
[  114.771531][ T6861]  dump_stack_lvl+0x16c/0x1f0
[  114.771553][ T6861]  should_fail_ex+0x50a/0x650
[  114.771580][ T6861]  _copy_from_user+0x2e/0xd0
[  114.771596][ T6861]  copy_msghdr_from_user+0x99/0x160
[  114.771618][ T6861]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  114.771650][ T6861]  ___sys_sendmsg+0xff/0x1e0
[  114.771672][ T6861]  ? __pfx____sys_sendmsg+0x10/0x10
[  114.771702][ T6861]  ? __pfx_lock_release+0x10/0x10
[  114.771724][ T6861]  ? trace_lock_acquire+0x14e/0x1f0
[  114.771750][ T6861]  ? __fget_files+0x206/0x3a0
[  114.771771][ T6861]  __sys_sendmsg+0x16e/0x220
[  114.771804][ T6861]  ? __pfx___sys_sendmsg+0x10/0x10
[  114.771846][ T6861]  do_syscall_64+0xcd/0x250
[  114.771865][ T6861]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  114.771887][ T6861] RIP: 0033:0x7f933a98cde9
[  114.771900][ T6861] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  114.771914][ T6861] RSP: 002b:00007f933b88d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  114.771931][ T6861] RAX: ffffffffffffffda RBX: 00007f933aba5fa0 RCX: 00007f933a98cde9
[  114.771941][ T6861] RDX: 0000000000002800 RSI: 0000400000000580 RDI: 0000000000000004
[  114.771951][ T6861] RBP: 00007f933b88d090 R08: 0000000000000000 R09: 0000000000000000
[  114.771960][ T6861] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  114.771969][ T6861] R13: 0000000000000000 R14: 00007f933aba5fa0 R15: 00007ffe43f8bf78
[  114.771990][ T6861]  </TASK>
[  115.288038][ T6877] Bluetooth: hci0: Opcode 0x0c03 failed: -112
[  116.176538][ T6889] kvm: kvm [6888]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x11e) = 0xbe706111
[  116.208141][   T29] audit: type=1400 audit(1739261660.493:368): avc:  denied  { setrlimit } for  pid=6902 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=process permissive=1
[  116.689887][ T6928] hpfs: Bad magic ... probably not HPFS
[  116.878345][ T6933] netlink: 8 bytes leftover after parsing attributes in process `syz.3.231'.
[  118.089967][ T5826] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  119.361070][ T6964] netlink: 8 bytes leftover after parsing attributes in process `syz.0.239'.
[  119.709736][ T6978] hpfs: Bad magic ... probably not HPFS
[  120.553397][   T29] audit: type=1400 audit(1739261664.853:369): avc:  denied  { ioctl } for  pid=6991 comm="syz.3.247" path="socket:[13407]" dev="sockfs" ino=13407 ioctlcmd=0x8946 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  120.865478][ T6997] kvm: kvm [6996]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x186) = 0xa200002c84
[  120.939125][ T6997] kvm: kvm [6996]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x186) = 0xa200006c84
[  120.963161][ T6997] kvm: kvm [6996]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x187) = 0xa3000021e3
[  121.010803][ T6997] kvm: kvm [6996]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x187) = 0xa3000061e3
[  121.058588][ T6997] kvm_intel: kvm [6996]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x1d9) = 0x11f000016c2
[  121.658941][ T5826] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  121.891132][  T117] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  122.128835][  T117] usb 4-1: Using ep0 maxpacket: 16
[  122.170409][  T117] usb 4-1: config 0 has an invalid interface number: 107 but max is 0
[  122.411556][   T29] audit: type=1400 audit(1739261666.713:370): avc:  denied  { create } for  pid=7027 comm="syz.4.258" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[  122.450705][  T117] usb 4-1: config 0 has no interface number 0
[  122.494084][  T117] usb 4-1: config 0 interface 107 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0
[  122.526231][  T117] usb 4-1: New USB device found, idVendor=06cd, idProduct=0131, bcdDevice=16.60
[  122.604425][   T29] audit: type=1400 audit(1739261666.813:371): avc:  denied  { write } for  pid=7027 comm="syz.4.258" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[  122.649275][  T117] usb 4-1: New USB device strings: Mfr=175, Product=2, SerialNumber=3
[  122.665196][  T117] usb 4-1: Product: syz
[  122.675116][  T117] usb 4-1: Manufacturer: syz
[  122.909692][ T7044] netlink: 8 bytes leftover after parsing attributes in process `syz.5.257'.
[  123.260132][  T117] usb 4-1: SerialNumber: syz
[  123.272371][  T117] usb 4-1: config 0 descriptor??
[  123.278638][  T117] keyspan 4-1:0.107: Keyspan 4 port adapter converter detected
[  123.296137][  T117] keyspan 4-1:0.107: found no endpoint descriptor for endpoint 81
[  123.308884][  T117] keyspan 4-1:0.107: unsupported endpoint type 0
[  123.321098][  T117] keyspan 4-1:0.107: found no endpoint descriptor for endpoint 1
[  123.332939][  T117] usb 4-1: Keyspan 4 port adapter converter now attached to ttyUSB0
[  123.342743][  T117] keyspan 4-1:0.107: found no endpoint descriptor for endpoint 2
[  123.351558][  T117] usb 4-1: Keyspan 4 port adapter converter now attached to ttyUSB1
[  123.360826][  T117] keyspan 4-1:0.107: found no endpoint descriptor for endpoint 4
[  123.499028][  T117] usb 4-1: Keyspan 4 port adapter converter now attached to ttyUSB2
[  123.514789][  T117] keyspan 4-1:0.107: found no endpoint descriptor for endpoint 6
[  123.524861][  T117] usb 4-1: Keyspan 4 port adapter converter now attached to ttyUSB3
[  123.545370][ T7050] netlink: 44 bytes leftover after parsing attributes in process `syz.0.261'.
[  123.699019][ T7053] syzkaller1: tun_chr_ioctl cmd 1074025677
[  123.704975][ T7053] syzkaller1: linktype set to 780
[  123.833144][ T7009] 9pnet_fd: Insufficient options for proto=fd
[  123.938231][ T7063] netlink: 16 bytes leftover after parsing attributes in process `syz.4.265'.
[  123.983483][ T5869] usb 4-1: USB disconnect, device number 3
[  124.009350][ T5869] keyspan_4 ttyUSB0: Keyspan 4 port adapter converter now disconnected from ttyUSB0
[  124.049554][ T5869] keyspan_4 ttyUSB1: Keyspan 4 port adapter converter now disconnected from ttyUSB1
[  124.096421][ T5869] keyspan_4 ttyUSB2: Keyspan 4 port adapter converter now disconnected from ttyUSB2
[  124.141301][ T5869] keyspan_4 ttyUSB3: Keyspan 4 port adapter converter now disconnected from ttyUSB3
[  124.208979][ T5896] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  124.235312][ T5869] keyspan 4-1:0.107: device disconnected
[  124.261116][   T29] audit: type=1400 audit(1739261668.543:372): avc:  denied  { create } for  pid=7070 comm="syz.0.267" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  124.435278][ T5896] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  124.435302][ T5896] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  124.437860][ T5896] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  124.603656][ T5896] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  124.603683][ T5896] usb 5-1: SerialNumber: syz
[  125.022622][ T5896] usb 5-1: 0:2 : does not exist
[  125.146026][ T5896] usb 5-1: USB disconnect, device number 5
[  125.374360][ T5809] udevd[5809]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  125.849003][ T5826] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  126.253922][ T7111] FAULT_INJECTION: forcing a failure.
[  126.253922][ T7111] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  126.305046][ T7111] CPU: 1 UID: 0 PID: 7111 Comm: syz.4.274 Not tainted 6.14.0-rc2-syzkaller-00034-gfebbc555cf0f #0
[  126.305071][ T7111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  126.305081][ T7111] Call Trace:
[  126.305086][ T7111]  <TASK>
[  126.305093][ T7111]  dump_stack_lvl+0x16c/0x1f0
[  126.305117][ T7111]  should_fail_ex+0x50a/0x650
[  126.305144][ T7111]  _copy_from_user+0x2e/0xd0
[  126.305161][ T7111]  copy_msghdr_from_user+0x99/0x160
[  126.305183][ T7111]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  126.305216][ T7111]  ___sys_sendmsg+0xff/0x1e0
[  126.305239][ T7111]  ? __pfx____sys_sendmsg+0x10/0x10
[  126.305269][ T7111]  ? __pfx_lock_release+0x10/0x10
[  126.305292][ T7111]  ? trace_lock_acquire+0x14e/0x1f0
[  126.305319][ T7111]  ? __fget_files+0x206/0x3a0
[  126.305341][ T7111]  __sys_sendmsg+0x16e/0x220
[  126.305363][ T7111]  ? __pfx___sys_sendmsg+0x10/0x10
[  126.305398][ T7111]  do_syscall_64+0xcd/0x250
[  126.305419][ T7111]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  126.305442][ T7111] RIP: 0033:0x7f514498cde9
[  126.305455][ T7111] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  126.305470][ T7111] RSP: 002b:00007f5145856038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  126.305486][ T7111] RAX: ffffffffffffffda RBX: 00007f5144ba5fa0 RCX: 00007f514498cde9
[  126.305496][ T7111] RDX: 0000000000000000 RSI: 00004000000000c0 RDI: 0000000000000003
[  126.305506][ T7111] RBP: 00007f5145856090 R08: 0000000000000000 R09: 0000000000000000
[  126.305515][ T7111] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  126.305524][ T7111] R13: 0000000000000000 R14: 00007f5144ba5fa0 R15: 00007ffef3ac42c8
[  126.305546][ T7111]  </TASK>
[  126.909002][   T29] audit: type=1400 audit(1739261671.193:373): avc:  denied  { unmount } for  pid=5820 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[  126.962890][ T7121] netlink: 36 bytes leftover after parsing attributes in process `syz.4.277'.
[  127.197784][ T7131] netlink: 8 bytes leftover after parsing attributes in process `syz.2.279'.
[  127.919295][ T7133] overlayfs: failed to resolve './file1': -2
[  129.026537][ T5865] libceph: connect (1)[c::]:6789 error -101
[  129.026728][ T5865] libceph: mon0 (1)[c::]:6789 connect error
[  129.056999][ T7147] ceph: No mds server is up or the cluster is laggy
[  129.733336][ T7183] overlayfs: failed to resolve './file0/file0': -2
[  130.715778][ T7193] netlink: 8 bytes leftover after parsing attributes in process `syz.5.292'.
[  131.039342][  T117] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  131.400032][  T117] usb 5-1: Using ep0 maxpacket: 16
[  131.401285][  T117] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  131.401305][  T117] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  131.402080][  T117] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  131.402104][  T117] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  131.402122][  T117] usb 5-1: Manufacturer: syz
[  131.403684][  T117] usb 5-1: config 0 descriptor??
[  131.480608][ T5896] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  131.739079][ T5896] usb 1-1: Using ep0 maxpacket: 16
[  131.741057][ T5896] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  131.741078][ T5896] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  131.741980][ T5896] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  131.742003][ T5896] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  131.742020][ T5896] usb 1-1: Manufacturer: syz
[  131.743498][ T5896] usb 1-1: config 0 descriptor??
[  131.807735][ T5865] usb 5-1: USB disconnect, device number 6
[  131.836525][ T7207] No control pipe specified
[  131.840503][ T7207] FAULT_INJECTION: forcing a failure.
[  131.840503][ T7207] name failslab, interval 1, probability 0, space 0, times 0
[  131.840604][ T7207] CPU: 0 UID: 0 PID: 7207 Comm: syz.5.297 Not tainted 6.14.0-rc2-syzkaller-00034-gfebbc555cf0f #0
[  131.840623][ T7207] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  131.840633][ T7207] Call Trace:
[  131.840638][ T7207]  <TASK>
[  131.840645][ T7207]  dump_stack_lvl+0x16c/0x1f0
[  131.840668][ T7207]  should_fail_ex+0x50a/0x650
[  131.840694][ T7207]  ? fs_reclaim_acquire+0xae/0x150
[  131.840720][ T7207]  should_failslab+0xc2/0x120
[  131.840739][ T7207]  __kmalloc_node_noprof+0xd1/0x510
[  131.840757][ T7207]  ? __pfx___might_resched+0x10/0x10
[  131.840782][ T7207]  ? __kvmalloc_node_noprof+0xad/0x1a0
[  131.840811][ T7207]  __kvmalloc_node_noprof+0xad/0x1a0
[  131.840836][ T7207]  seq_read_iter+0x82a/0x12b0
[  131.840872][ T7207]  vfs_read+0x886/0xbf0
[  131.840901][ T7207]  ? __pfx_vfs_read+0x10/0x10
[  131.840945][ T7207]  ksys_read+0x12b/0x250
[  131.840969][ T7207]  ? __pfx_ksys_read+0x10/0x10
[  131.841001][ T7207]  do_syscall_64+0xcd/0x250
[  131.841022][ T7207]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  131.841046][ T7207] RIP: 0033:0x7ff9bc38cde9
[  131.841059][ T7207] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  131.841075][ T7207] RSP: 002b:00007ff9bd162038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  131.841091][ T7207] RAX: ffffffffffffffda RBX: 00007ff9bc5a6160 RCX: 00007ff9bc38cde9
[  131.841103][ T7207] RDX: 000000000000941f RSI: 0000400000007100 RDI: 0000000000000007
[  131.841113][ T7207] RBP: 00007ff9bd162090 R08: 0000000000000000 R09: 0000000000000000
[  131.841122][ T7207] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  131.841132][ T7207] R13: 0000000000000000 R14: 00007ff9bc5a6160 R15: 00007ffc80c5c3f8
[  131.841156][ T7207]  </TASK>
[  132.416993][ T1291] ieee802154 phy0 wpan0: encryption failed: -22
[  132.417054][ T1291] ieee802154 phy1 wpan1: encryption failed: -22
[  132.613144][ T5865] usb 1-1: USB disconnect, device number 4
[  132.853692][   T25] usb 6-1: new full-speed USB device number 2 using dummy_hcd
[  132.867472][ T7213] hpfs: Bad magic ... probably not HPFS
[  132.948853][ T7215] No control pipe specified
[  132.978968][   T25] usb 6-1: device descriptor read/64, error -71
[  133.559324][   T25] usb 6-1: new full-speed USB device number 3 using dummy_hcd
[  133.708879][   T25] usb 6-1: device descriptor read/64, error -71
[  133.819136][   T25] usb usb6-port1: attempt power cycle
[  134.240379][ T7240] overlayfs: failed to resolve './file0/file0': -2
[  134.278914][   T25] usb 6-1: new full-speed USB device number 4 using dummy_hcd
[  134.320353][   T25] usb 6-1: device descriptor read/8, error -71
[  134.579002][   T25] usb 6-1: new full-speed USB device number 5 using dummy_hcd
[  134.629322][   T25] usb 6-1: device descriptor read/8, error -71
[  134.720449][ T7261] FAULT_INJECTION: forcing a failure.
[  134.720449][ T7261] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  134.759231][   T25] usb usb6-port1: unable to enumerate USB device
[  134.805850][ T7261] CPU: 0 UID: 0 PID: 7261 Comm: syz.0.307 Not tainted 6.14.0-rc2-syzkaller-00034-gfebbc555cf0f #0
[  134.805875][ T7261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  134.805884][ T7261] Call Trace:
[  134.805889][ T7261]  <TASK>
[  134.805895][ T7261]  dump_stack_lvl+0x16c/0x1f0
[  134.805917][ T7261]  should_fail_ex+0x50a/0x650
[  134.805944][ T7261]  _copy_from_user+0x2e/0xd0
[  134.805960][ T7261]  copy_msghdr_from_user+0x99/0x160
[  134.805980][ T7261]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  134.806010][ T7261]  ___sys_sendmsg+0xff/0x1e0
[  134.806030][ T7261]  ? __pfx____sys_sendmsg+0x10/0x10
[  134.806058][ T7261]  ? __pfx_lock_release+0x10/0x10
[  134.806078][ T7261]  ? trace_lock_acquire+0x14e/0x1f0
[  134.806103][ T7261]  ? __fget_files+0x206/0x3a0
[  134.806125][ T7261]  __sys_sendmsg+0x16e/0x220
[  134.806145][ T7261]  ? __pfx___sys_sendmsg+0x10/0x10
[  134.806177][ T7261]  do_syscall_64+0xcd/0x250
[  134.806196][ T7261]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  134.806219][ T7261] RIP: 0033:0x7fd268f8cde9
[  134.806232][ T7261] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  134.806247][ T7261] RSP: 002b:00007fd269dbb038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  134.806263][ T7261] RAX: ffffffffffffffda RBX: 00007fd2691a5fa0 RCX: 00007fd268f8cde9
[  134.806273][ T7261] RDX: 0000000000000000 RSI: 00004000000000c0 RDI: 0000000000000003
[  134.806282][ T7261] RBP: 00007fd269dbb090 R08: 0000000000000000 R09: 0000000000000000
[  134.806291][ T7261] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  134.806300][ T7261] R13: 0000000000000000 R14: 00007fd2691a5fa0 R15: 00007fffbdcb60a8
[  134.806320][ T7261]  </TASK>
[  134.979932][    C0] vkms_vblank_simulate: vblank timer overrun
[  135.082957][ T7266] netlink: 36 bytes leftover after parsing attributes in process `syz.3.308'.
[  135.960221][ T7281] netlink: 36 bytes leftover after parsing attributes in process `syz.2.310'.
[  136.389013][    T8] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  136.587313][   T29] audit: type=1400 audit(1739261680.883:374): avc:  denied  { mounton } for  pid=7307 comm="syz.2.315" path="/syzcgroup/unified/syz2" dev="cgroup2" ino=154 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1
[  136.611053][    C0] vkms_vblank_simulate: vblank timer overrun
[  136.675290][    T8] usb 6-1: Using ep0 maxpacket: 16
[  136.950767][ T7309] trusted_key: encrypted_key: insufficient parameters specified
[  136.972640][    T8] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  137.005760][    T8] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  137.032733][   T29] audit: type=1400 audit(1739261681.023:375): avc:  denied  { write } for  pid=7307 comm="syz.2.315" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  137.098930][    T8] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  137.274484][    T8] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  137.283238][    T8] usb 6-1: Manufacturer: syz
[  137.289612][    T8] usb 6-1: config 0 descriptor??
[  138.250579][   T25] usb 6-1: USB disconnect, device number 6
[  139.073146][ T7335] overlayfs: failed to resolve './file1': -2
[  139.346375][   T29] audit: type=1400 audit(1739261683.643:376): avc:  denied  { ioctl } for  pid=7342 comm="syz.2.322" path="/dev/ptyq9" dev="devtmpfs" ino=128 ioctlcmd=0x540a scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1
[  141.065662][   T29] audit: type=1400 audit(1739261685.363:377): avc:  denied  { map } for  pid=7359 comm="syz.0.326" path="/dev/dri/card0" dev="devtmpfs" ino=627 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  141.160270][    T8] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  141.182111][   T29] audit: type=1400 audit(1739261685.363:378): avc:  denied  { execute } for  pid=7359 comm="syz.0.326" path="/dev/dri/card0" dev="devtmpfs" ino=627 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  141.330614][    T8] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  141.338942][ T5868] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  141.348599][    T8] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  141.405002][    T8] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  141.428904][    T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  141.439454][    T8] usb 5-1: SerialNumber: syz
[  141.469489][   T29] audit: type=1400 audit(1739261685.773:379): avc:  denied  { ioctl } for  pid=7390 comm="syz.0.332" path="socket:[14026]" dev="sockfs" ino=14026 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  141.494015][    C0] vkms_vblank_simulate: vblank timer overrun
[  141.509348][ T7391] netlink: 76 bytes leftover after parsing attributes in process `syz.0.332'.
[  141.512218][ T5868] usb 3-1: Using ep0 maxpacket: 16
[  141.564565][ T5868] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  141.577904][ T5868] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  141.598446][ T5868] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  141.609949][ T5868] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  141.632625][ T5868] usb 3-1: Manufacturer: syz
[  141.657932][ T5868] usb 3-1: config 0 descriptor??
[  141.660402][    T8] usb 5-1: 0:2 : does not exist
[  141.679168][    T8] usb 5-1: USB disconnect, device number 7
[  141.949622][ T5809] udevd[5809]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  142.173840][    T8] usb 3-1: USB disconnect, device number 5
[  142.378830][   T29] audit: type=1400 audit(1739261686.673:380): avc:  denied  { setopt } for  pid=7415 comm="syz.4.334" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  142.434798][   T29] audit: type=1400 audit(1739261686.733:381): avc:  denied  { create } for  pid=7417 comm="syz.3.336" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  142.436585][ T7420] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  143.942324][   T29] audit: type=1400 audit(1739261688.113:382): avc:  denied  { create } for  pid=7430 comm="syz.2.342" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  144.004885][ T7442] netlink: 16 bytes leftover after parsing attributes in process `syz.5.341'.
[  144.008484][ T7435] nvme_fabrics: missing parameter 'transport=%s'
[  144.020526][ T7435] nvme_fabrics: missing parameter 'nqn=%s'
[  144.358917][ T5866] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  144.728540][ T7445] nvme_fabrics: missing parameter 'transport=%s'
[  144.735416][ T7445] nvme_fabrics: missing parameter 'nqn=%s'
[  145.011600][ T5866] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  145.011626][ T5866] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  145.078923][ T5866] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  145.078951][ T5866] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  145.078969][ T5866] usb 6-1: SerialNumber: syz
[  145.306875][ T5866] usb 6-1: 0:2 : does not exist
[  145.310329][ T7448] ISOFS: Unable to identify CD-ROM format.
[  145.411595][    T8] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  145.479293][ T5866] usb 6-1: USB disconnect, device number 7
[  145.680031][    T8] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  145.680057][    T8] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  145.699925][    T8] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  145.699952][    T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  145.699970][    T8] usb 4-1: SerialNumber: syz
[  145.740455][ T5809] udevd[5809]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  145.889656][ T7468] FAULT_INJECTION: forcing a failure.
[  145.889656][ T7468] name failslab, interval 1, probability 0, space 0, times 0
[  145.889685][ T7468] CPU: 1 UID: 0 PID: 7468 Comm: syz.0.350 Not tainted 6.14.0-rc2-syzkaller-00034-gfebbc555cf0f #0
[  145.889703][ T7468] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  145.889711][ T7468] Call Trace:
[  145.889716][ T7468]  <TASK>
[  145.889722][ T7468]  dump_stack_lvl+0x16c/0x1f0
[  145.889742][ T7468]  should_fail_ex+0x50a/0x650
[  145.889763][ T7468]  should_failslab+0xc2/0x120
[  145.889775][ T7468]  __kmalloc_node_track_caller_noprof+0xcf/0x510
[  145.889788][ T7468]  ? sidtab_sid2str_get+0x17a/0x680
[  145.889805][ T7468]  kmemdup_noprof+0x29/0x60
[  145.889823][ T7468]  sidtab_sid2str_get+0x17a/0x680
[  145.889848][ T7468]  sidtab_entry_to_string+0x33/0x110
[  145.889870][ T7468]  security_sid_to_context_core+0x35c/0x640
[  145.889893][ T7468]  selinux_lsmprop_to_secctx+0xe5/0x1b0
[  145.889909][ T7468]  ? __pfx_selinux_lsmprop_to_secctx+0x10/0x10
[  145.889924][ T7468]  ? map_id_up+0x290/0x370
[  145.889942][ T7468]  security_lsmprop_to_secctx+0x94/0x260
[  145.889959][ T7468]  audit_log_task_context+0x124/0x190
[  145.889979][ T7468]  ? __pfx_audit_log_task_context+0x10/0x10
[  145.890001][ T7468]  ? from_kuid+0x89/0xd0
[  145.890022][ T7468]  ? __pfx_from_kuid+0x10/0x10
[  145.890043][ T7468]  ? __pfx_audit_log_start+0x10/0x10
[  145.890066][ T7468]  audit_log_task+0x1c3/0x3f0
[  145.890088][ T7468]  ? __pfx_audit_log_task+0x10/0x10
[  145.890111][ T7468]  ? migrate_enable+0x1ef/0x260
[  145.890132][ T7468]  ? __pfx_migrate_enable+0x10/0x10
[  145.890154][ T7468]  audit_seccomp+0x7a/0x280
[  145.890174][ T7468]  __seccomp_filter+0x816/0xf40
[  145.890190][ T7468]  ? __pfx___seccomp_filter+0x10/0x10
[  145.890204][ T7468]  ? fput+0x67/0x440
[  145.890215][ T7468]  ? ksys_write+0x1ba/0x250
[  145.890232][ T7468]  __secure_computing+0x26c/0x3f0
[  145.890247][ T7468]  syscall_trace_enter+0x8b/0x260
[  145.890271][ T7468]  do_syscall_64+0x1ee/0x250
[  145.890290][ T7468]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  145.890310][ T7468] RIP: 0033:0x7fd268f8cde9
[  145.890322][ T7468] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  145.890333][ T7468] RSP: 002b:00007fd269dbb038 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
[  145.890343][ T7468] RAX: ffffffffffffffda RBX: 00007fd2691a5fa0 RCX: 00007fd268f8cde9
[  145.890349][ T7468] RDX: 0400000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[  145.890355][ T7468] RBP: 00007fd269dbb090 R08: 0000000000000000 R09: 0000000000000000
[  145.890360][ T7468] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001
[  145.890366][ T7468] R13: 0000000000000000 R14: 00007fd2691a5fa0 R15: 00007fffbdcb60a8
[  145.890378][ T7468]  </TASK>
[  145.890382][ T7468] audit: error in audit_log_task_context
[  145.909933][    T8] usb 4-1: 0:2 : does not exist
[  145.927655][    T8] usb 4-1: USB disconnect, device number 4
[  145.947866][ T7469] netlink: 1268 bytes leftover after parsing attributes in process `syz.2.349'.
[  145.947891][ T7469] net_ratelimit: 15 callbacks suppressed
[  145.947896][ T7469] openvswitch: netlink: Flow key attribute not present in set flow.
[  145.961211][   T29] audit: type=1326 audit(1739261690.183:383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7467 comm="syz.0.350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd268f8cde9 code=0x7ffc0000
[  145.961249][   T29] audit: type=1326 audit(1739261690.183:384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7467 comm="syz.0.350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd268f8cde9 code=0x7ffc0000
[  145.961280][   T29] audit: type=1326 audit(1739261690.183:385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7467 comm="syz.0.350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7fd268f8cde9 code=0x7ffc0000
[  145.961309][   T29] audit: type=1326 audit(1739261690.183:386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7467 comm="syz.0.350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd268f8cde9 code=0x7ffc0000
[  145.961339][   T29] audit: type=1326 audit(1739261690.183:387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7467 comm="syz.0.350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fd268f8cde9 code=0x7ffc0000
[  145.961370][   T29] audit: type=1326 audit(1739261690.183:388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7467 comm="syz.0.350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd268f8cde9 code=0x7ffc0000
[  146.149694][ T5834] udevd[5834]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  147.109672][ T7486] netlink: 36 bytes leftover after parsing attributes in process `syz.3.357'.
[  147.407373][   T29] kauditd_printk_skb: 8 callbacks suppressed
[  147.407397][   T29] audit: type=1400 audit(1739261691.703:397): avc:  denied  { create } for  pid=7496 comm="syz.2.359" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  148.069449][ T7507] netlink: 144 bytes leftover after parsing attributes in process `syz.3.363'.
[  148.508089][   T29] audit: type=1400 audit(1739261692.803:398): avc:  denied  { unlink } for  pid=5819 comm="syz-executor" name="file0" dev="tmpfs" ino=457 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  150.668990][ T5868] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  151.232976][ T5868] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  151.306294][ T5868] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  151.325868][ T7541] ubi31: attaching mtd0
[  151.343742][ T5868] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  151.360854][ T7541] ubi31: scanning is finished
[  151.365621][ T7541] ubi31: empty MTD device detected
[  151.610763][ T5868] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  151.610790][ T5868] usb 4-1: SerialNumber: syz
[  151.817709][ T7541] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[  151.817743][ T7541] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  151.817757][ T7541] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[  151.817770][ T7541] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[  151.817783][ T7541] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  151.817797][ T7541] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[  151.817811][ T7541] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 3314494642
[  151.817827][ T7541] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  151.835067][ T7553] ubi31: background thread "ubi_bgt31d" started, PID 7553
[  151.896123][ T5868] usb 4-1: 0:2 : does not exist
[  151.909089][ T5868] usb 4-1: USB disconnect, device number 5
[  152.729633][ T5809] udevd[5809]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  152.940913][ T7571] FAULT_INJECTION: forcing a failure.
[  152.940913][ T7571] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  152.978859][ T7571] CPU: 0 UID: 0 PID: 7571 Comm: syz.3.383 Not tainted 6.14.0-rc2-syzkaller-00034-gfebbc555cf0f #0
[  152.978884][ T7571] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  152.978894][ T7571] Call Trace:
[  152.978899][ T7571]  <TASK>
[  152.978905][ T7571]  dump_stack_lvl+0x16c/0x1f0
[  152.978928][ T7571]  should_fail_ex+0x50a/0x650
[  152.978954][ T7571]  _copy_from_user+0x2e/0xd0
[  152.978971][ T7571]  iommufd_test+0x32b/0x44b0
[  152.978995][ T7571]  ? __pfx_iommufd_test+0x10/0x10
[  152.979011][ T7571]  ? __pfx_lock_release+0x10/0x10
[  152.979032][ T7571]  ? trace_lock_acquire+0x14e/0x1f0
[  152.979049][ T7571]  ? __pfx_lock_release+0x10/0x10
[  152.979068][ T7571]  ? lock_acquire+0x2f/0xb0
[  152.979088][ T7571]  ? __might_fault+0xe3/0x190
[  152.979108][ T7571]  ? __might_fault+0xe3/0x190
[  152.979131][ T7571]  iommufd_fops_ioctl+0x359/0x4f0
[  152.979150][ T7571]  ? __pfx_iommufd_fops_ioctl+0x10/0x10
[  152.979169][ T7571]  ? __pfx_lock_release+0x10/0x10
[  152.979201][ T7571]  ? selinux_file_ioctl+0x180/0x270
[  152.979224][ T7571]  ? selinux_file_ioctl+0xb4/0x270
[  152.979249][ T7571]  ? __pfx_iommufd_fops_ioctl+0x10/0x10
[  152.979272][ T7571]  __x64_sys_ioctl+0x190/0x200
[  152.979296][ T7571]  do_syscall_64+0xcd/0x250
[  152.979315][ T7571]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  152.979338][ T7571] RIP: 0033:0x7f933a98cde9
[  152.979352][ T7571] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  152.979366][ T7571] RSP: 002b:00007f933b88d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  152.979380][ T7571] RAX: ffffffffffffffda RBX: 00007f933aba5fa0 RCX: 00007f933a98cde9
[  152.979391][ T7571] RDX: 0000400000000000 RSI: 0000000000003ba0 RDI: 0000000000000003
[  152.979400][ T7571] RBP: 00007f933b88d090 R08: 0000000000000000 R09: 0000000000000000
[  152.979408][ T7571] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  152.979416][ T7571] R13: 0000000000000000 R14: 00007f933aba5fa0 R15: 00007ffe43f8bf78
[  152.979434][ T7571]  </TASK>
[  153.189342][    C0] vkms_vblank_simulate: vblank timer overrun
[  153.241645][   T29] audit: type=1400 audit(1739261697.523:399): avc:  denied  { connect } for  pid=7574 comm="syz.0.384" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  153.441786][   T29] audit: type=1400 audit(1739261697.743:400): avc:  denied  { shutdown } for  pid=7574 comm="syz.0.384" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  154.384581][   T29] audit: type=1400 audit(1739261698.683:401): avc:  denied  { create } for  pid=7593 comm="syz.5.389" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_dnrt_socket permissive=1
[  154.559949][  T117] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  154.878860][    T8] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  154.898843][  T117] usb 4-1: Using ep0 maxpacket: 16
[  154.900244][  T117] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  154.900264][  T117] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  154.901153][  T117] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  154.901170][  T117] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  154.901182][  T117] usb 4-1: Manufacturer: syz
[  154.902189][  T117] usb 4-1: config 0 descriptor??
[  155.065276][    T8] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  155.606228][    T8] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  155.625684][  T117] usb 4-1: USB disconnect, device number 6
[  155.637147][    T8] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  155.637173][    T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  155.637191][    T8] usb 1-1: SerialNumber: syz
[  155.853290][ T7613] netlink: 60 bytes leftover after parsing attributes in process `syz.5.394'.
[  155.883665][    T8] usb 1-1: 0:2 : does not exist
[  155.934304][    T8] usb 1-1: USB disconnect, device number 5
[  156.148547][ T7620] overlayfs: failed to resolve './file0/file0': -2
[  156.240357][ T7621] netlink: 8 bytes leftover after parsing attributes in process `syz.5.396'.
[  156.298497][ T5809] udevd[5809]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  158.673565][ T7631] netlink: 8 bytes leftover after parsing attributes in process `syz.0.409'.
[  159.076604][ T7637] 9pnet_fd: Insufficient options for proto=fd
[  159.375849][   T29] audit: type=1400 audit(1739261703.673:402): avc:  denied  { setopt } for  pid=7644 comm="syz.2.402" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  160.878566][ T7661] netlink: 60 bytes leftover after parsing attributes in process `syz.2.407'.
[  161.684593][  T117] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  161.875077][  T117] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  161.920389][ T7676] netlink: 8 bytes leftover after parsing attributes in process `syz.4.411'.
[  162.092976][  T117] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  162.134340][  T117] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  162.177142][  T117] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  162.207301][  T117] usb 4-1: SerialNumber: syz
[  162.253381][ T7679] Bluetooth: hci0: Opcode 0x0c03 failed: -112
[  162.600590][  T117] usb 4-1: 0:2 : does not exist
[  162.645537][  T117] usb 4-1: USB disconnect, device number 7
[  162.979424][ T7690] netlink: 36 bytes leftover after parsing attributes in process `syz.5.417'.
[  163.179740][ T5809] udevd[5809]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  163.348505][ T7706] netlink: 60 bytes leftover after parsing attributes in process `syz.4.422'.
[  164.082289][ T7725] netlink: 8 bytes leftover after parsing attributes in process `syz.3.426'.
[  164.348967][ T5826] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  164.764668][ T7711] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  164.823387][ T7729] netlink: 36 bytes leftover after parsing attributes in process `syz.4.428'.
[  165.018398][   T29] audit: type=1400 audit(1739261709.303:403): avc:  denied  { read } for  pid=7734 comm="syz.2.430" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  165.041357][    C0] vkms_vblank_simulate: vblank timer overrun
[  165.053612][ T7742] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7742 comm=syz.2.430
[  165.072209][   T29] audit: type=1400 audit(1739261709.303:404): avc:  denied  { open } for  pid=7734 comm="syz.2.430" path="/dev/fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  165.797678][   T29] audit: type=1400 audit(1739261709.303:405): avc:  denied  { read write } for  pid=7734 comm="syz.2.430" name="uhid" dev="devtmpfs" ino=1273 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  165.872926][   T29] audit: type=1400 audit(1739261709.303:406): avc:  denied  { open } for  pid=7734 comm="syz.2.430" path="/dev/uhid" dev="devtmpfs" ino=1273 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  165.908573][ T7756] netlink: 60 bytes leftover after parsing attributes in process `syz.4.436'.
[  165.966021][   T29] audit: type=1400 audit(1739261710.263:407): avc:  denied  { ioctl } for  pid=7757 comm="syz.2.437" path="/dev/fb0" dev="devtmpfs" ino=629 ioctlcmd=0x4601 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  165.990948][    C0] vkms_vblank_simulate: vblank timer overrun
[  168.990139][ T7788] netlink: 36 bytes leftover after parsing attributes in process `syz.2.446'.
[  169.108317][ T7795] netlink: 60 bytes leftover after parsing attributes in process `syz.0.449'.
[  170.769837][ T7814] program syz.3.452 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  172.379429][ T7827] nvme_fabrics: missing parameter 'transport=%s'
[  172.385783][ T7827] nvme_fabrics: missing parameter 'nqn=%s'
[  173.160141][ T7848] netlink: 8 bytes leftover after parsing attributes in process `syz.0.462'.
[  174.469069][ T5869] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  174.629022][ T5869] usb 6-1: Using ep0 maxpacket: 16
[  174.631513][ T5869] usb 6-1: config 0 has an invalid interface number: 214 but max is 0
[  174.631573][ T5869] usb 6-1: config 0 has no interface number 0
[  174.631605][ T5869] usb 6-1: config 0 interface 214 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  174.633357][ T5869] usb 6-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5
[  174.633373][ T5869] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  174.633384][ T5869] usb 6-1: Product: syz
[  174.633393][ T5869] usb 6-1: Manufacturer: syz
[  174.633401][ T5869] usb 6-1: SerialNumber: syz
[  174.729933][ T5869] usb 6-1: config 0 descriptor??
[  175.015035][ T7867] netlink: 8 bytes leftover after parsing attributes in process `syz.3.467'.
[  175.657296][ T7874] overlayfs: failed to resolve './file0/file0': -2
[  175.793183][ T6327] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  176.080943][ T6327] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  176.313903][ T5832] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  176.323753][ T5832] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  176.335483][    T8] usb 6-1: USB disconnect, device number 8
[  176.350677][ T5832] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  176.358270][ T5832] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  176.368575][ T5832] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  176.377008][ T5832] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  176.386903][ T6327] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  176.794781][ T6327] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  177.009367][   T29] audit: type=1400 audit(1739261721.313:408): avc:  denied  { getopt } for  pid=7890 comm="syz.5.475" lport=141 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  177.440153][ T6327] bridge_slave_1: left allmulticast mode
[  177.445859][ T6327] bridge_slave_1: left promiscuous mode
[  177.491033][ T6327] bridge0: port 2(bridge_slave_1) entered disabled state
[  177.791697][ T6327] bridge_slave_0: left allmulticast mode
[  177.921712][ T6327] bridge_slave_0: left promiscuous mode
[  177.933857][ T6327] bridge0: port 1(bridge_slave_0) entered disabled state
[  178.586229][ T5832] Bluetooth: hci0: command tx timeout
[  179.631554][ T7930] ufs: You didn't specify the type of your ufs filesystem
[  179.631554][ T7930] 
[  179.631554][ T7930] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ...
[  179.631554][ T7930] 
[  179.631554][ T7930] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old
[  179.663018][ T7930] ufs: ufstype=old is supported read-only
[  179.704216][ T7930] ufs: ufs_fill_super(): bad magic number
[  179.791467][ T7932] overlayfs: missing 'lowerdir'
[  180.662233][ T7945] netlink: 8 bytes leftover after parsing attributes in process `syz.3.483'.
[  180.691007][ T5828] Bluetooth: hci4: command 0x0406 tx timeout
[  180.697897][ T5828] Bluetooth: hci1: command 0x0406 tx timeout
[  180.712091][ T5826] Bluetooth: hci3: command 0x0406 tx timeout
[  180.718219][ T5828] Bluetooth: hci0: command tx timeout
[  181.092394][ T7949] Bluetooth: MGMT ver 1.23
[  181.131598][ T6327] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  181.162045][ T6327] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  181.180638][ T6327] bond0 (unregistering): Released all slaves
[  181.217093][ T7886] chnl_net:caif_netlink_parms(): no params data found
[  182.226164][ T7981] overlayfs: missing 'lowerdir'
[  182.733881][   T54] Bluetooth: hci0: command tx timeout
[  183.129051][ T5832] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  183.490490][ T7886] bridge0: port 1(bridge_slave_0) entered blocking state
[  183.490538][ T7886] bridge0: port 1(bridge_slave_0) entered disabled state
[  183.490647][ T7886] bridge_slave_0: entered allmulticast mode
[  183.495416][ T7886] bridge_slave_0: entered promiscuous mode
[  183.559272][ T7886] bridge0: port 2(bridge_slave_1) entered blocking state
[  183.559321][ T7886] bridge0: port 2(bridge_slave_1) entered disabled state
[  183.559421][ T7886] bridge_slave_1: entered allmulticast mode
[  183.560218][ T7886] bridge_slave_1: entered promiscuous mode
[  183.607698][ T8000] overlayfs: failed to resolve './file0/file0': -2
[  183.700184][ T7886] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  183.714097][ T7886] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  184.200175][ T8006] netlink: 8 bytes leftover after parsing attributes in process `syz.0.496'.
[  184.505528][ T6327] hsr_slave_0: left promiscuous mode
[  184.533721][ T6327] hsr_slave_1: left promiscuous mode
[  184.542931][ T6327] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  184.558090][ T6327] batman_adv: batadv0: Removing interface: batadv_slave_0
[  184.579802][ T6327] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  184.597641][ T6327] batman_adv: batadv0: Removing interface: batadv_slave_1
[  184.715292][ T6327] veth1_macvtap: left promiscuous mode
[  184.730629][ T6327] veth0_macvtap: left promiscuous mode
[  184.736259][ T6327] veth1_vlan: left promiscuous mode
[  184.747780][ T6327] veth0_vlan: left promiscuous mode
[  184.810209][ T5832] Bluetooth: hci0: command 0x0419 tx timeout
[  185.062384][ T8022] netlink: 8 bytes leftover after parsing attributes in process `syz.5.501'.
[  185.695621][ T6327] team0 (unregistering): Port device team_slave_1 removed
[  185.731926][ T6327] team0 (unregistering): Port device team_slave_0 removed
[  186.018875][ T5868] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  186.070129][ T7886] team0: Port device team_slave_0 added
[  186.195906][ T5868] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  186.239645][ T5868] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  186.270095][ T7886] team0: Port device team_slave_1 added
[  186.281627][ T5868] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  186.317491][ T5868] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  186.377081][ T7886] batman_adv: batadv0: Adding interface: batadv_slave_0
[  186.391362][ T7886] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  186.417266][    C0] vkms_vblank_simulate: vblank timer overrun
[  186.432426][ T5868] usb 4-1: SerialNumber: syz
[  186.458654][ T7886] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  186.474667][ T7886] batman_adv: batadv0: Adding interface: batadv_slave_1
[  186.483848][ T7886] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  186.521751][ T7886] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  186.612518][ T7886] hsr_slave_0: entered promiscuous mode
[  186.626725][ T7886] hsr_slave_1: entered promiscuous mode
[  186.737729][ T5868] usb 4-1: 0:2 : does not exist
[  186.760169][ T5868] usb 4-1: USB disconnect, device number 8
[  186.853168][ T8046] overlayfs: missing 'lowerdir'
[  186.888886][ T5832] Bluetooth: hci0: command 0x0419 tx timeout
[  187.338627][ T5809] udevd[5809]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  187.393791][   T29] audit: type=1400 audit(1739261731.683:409): avc:  denied  { bind } for  pid=8050 comm="syz.5.507" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  187.412924][    C0] vkms_vblank_simulate: vblank timer overrun
[  187.513468][   T29] audit: type=1400 audit(1739261731.693:410): avc:  denied  { name_bind } for  pid=8050 comm="syz.5.507" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1
[  187.604174][   T29] audit: type=1400 audit(1739261731.693:411): avc:  denied  { node_bind } for  pid=8050 comm="syz.5.507" saddr=::1 src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=sctp_socket permissive=1
[  187.679438][ T8056] 9pnet_fd: Insufficient options for proto=fd
[  189.000134][ T8071] nvme_fabrics: missing parameter 'transport=%s'
[  189.000158][ T8071] nvme_fabrics: missing parameter 'nqn=%s'
[  189.058309][ T8074] netlink: 8 bytes leftover after parsing attributes in process `syz.2.510'.
[  189.389488][ T5832] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  189.396683][ T5832] Bluetooth: hci0: command 0x0419 tx timeout
[  190.959382][ T8083] netlink: 8 bytes leftover after parsing attributes in process `syz.3.514'.
[  192.174605][ T7886] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  192.176589][ T7886] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  192.177740][ T7886] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  192.178756][ T7886] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  192.253989][ T8105] netlink: 8 bytes leftover after parsing attributes in process `syz.0.516'.
[  192.716906][ T7886] 8021q: adding VLAN 0 to HW filter on device bond0
[  192.725107][ T7886] 8021q: adding VLAN 0 to HW filter on device team0
[  192.854087][   T52] bridge0: port 1(bridge_slave_0) entered blocking state
[  192.879844][   T52] bridge0: port 1(bridge_slave_0) entered forwarding state
[  192.893869][   T52] bridge0: port 2(bridge_slave_1) entered blocking state
[  192.900999][   T52] bridge0: port 2(bridge_slave_1) entered forwarding state
[  193.703075][ T8128] 9pnet_fd: Insufficient options for proto=fd
[  193.794100][ T8135] overlayfs: missing 'lowerdir'
[  194.240995][ T1291] ieee802154 phy0 wpan0: encryption failed: -22
[  194.258903][ T1291] ieee802154 phy1 wpan1: encryption failed: -22
[  194.265348][ T8132] netlink: 'syz.5.522': attribute type 10 has an invalid length.
[  194.324654][ T8132] syz_tun: entered allmulticast mode
[  194.345860][ T8132] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  195.024698][ T8141] nvme_fabrics: missing parameter 'transport=%s'
[  195.031572][ T8141] nvme_fabrics: missing parameter 'nqn=%s'
[  195.038843][   T29] audit: type=1400 audit(1739261744.320:412): avc:  denied  { bind } for  pid=8131 comm="syz.5.522" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  195.054572][ T8132] netlink: 'syz.5.522': attribute type 1 has an invalid length.
[  195.057848][    C0] vkms_vblank_simulate: vblank timer overrun
[  195.092930][ T7886] 8021q: adding VLAN 0 to HW filter on device batadv0
[  195.101525][ T8132] netlink: 224 bytes leftover after parsing attributes in process `syz.5.522'.
[  195.153513][   T29] audit: type=1400 audit(1739261744.450:413): avc:  denied  { create } for  pid=8131 comm="syz.5.522" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  195.172738][    C0] vkms_vblank_simulate: vblank timer overrun
[  196.329054][   T54] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  196.335285][   T54] Bluetooth: hci0: command 0x0419 tx timeout
[  196.594757][ T7886] veth0_vlan: entered promiscuous mode
[  196.624694][ T7886] veth1_vlan: entered promiscuous mode
[  196.729561][ T8173] program syz.2.528 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  196.821825][ T8176] netlink: 8 bytes leftover after parsing attributes in process `syz.5.527'.
[  197.488896][ T7886] veth0_macvtap: entered promiscuous mode
[  197.532549][ T7886] veth1_macvtap: entered promiscuous mode
[  197.565350][ T7886] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  198.482120][ T7886] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  198.499038][ T7886] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  198.509970][ T7886] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  198.579347][ T7886] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  198.598419][ T7886] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  198.625467][ T7886] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  198.648373][ T7886] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  198.673784][ T7886] batman_adv: batadv0: Interface activated: batadv_slave_0
[  198.718329][ T7886] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  198.752102][ T7886] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  198.761472][   T29] audit: type=1400 audit(1739261748.040:414): avc:  denied  { write } for  pid=8191 comm="syz.2.531" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  198.923067][ T8200] netlink: 16 bytes leftover after parsing attributes in process `syz.2.531'.
[  198.973359][ T8200] netlink: 24 bytes leftover after parsing attributes in process `syz.2.531'.
[  198.981051][ T7886] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  199.057088][ T7886] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  199.078273][ T8203] netlink: 36 bytes leftover after parsing attributes in process `syz.0.533'.
[  199.093431][ T7886] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  199.126658][ T7886] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  199.173076][ T7886] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  199.283327][ T7886] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  199.328296][ T7886] batman_adv: batadv0: Interface activated: batadv_slave_1
[  199.363584][ T7886] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  199.393336][ T7886] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  199.442141][ T7886] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  199.482507][ T7886] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  199.610669][ T8215] Bluetooth: hci0: Opcode 0x0c03 failed: -112
[  199.764174][ T8223] overlayfs: missing 'lowerdir'
[  200.203719][   T67] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  200.353333][   T67] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  201.144477][   T67] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  201.167956][   T67] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  201.543647][ T8250] netlink: 8 bytes leftover after parsing attributes in process `syz.2.540'.
[  201.688994][ T5832] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  202.793854][   T52] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  202.843083][ T8263] program syz.2.543 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  203.017565][   T52] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  203.141177][ T8272] netlink: 36 bytes leftover after parsing attributes in process `syz.2.545'.
[  203.220716][   T52] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  203.713810][   T52] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  203.942679][   T52] bridge_slave_1: left allmulticast mode
[  203.942713][   T52] bridge_slave_1: left promiscuous mode
[  203.942790][   T52] bridge0: port 2(bridge_slave_1) entered disabled state
[  203.982099][   T52] bridge_slave_0: left allmulticast mode
[  203.982120][   T52] bridge_slave_0: left promiscuous mode
[  203.982233][   T52] bridge0: port 1(bridge_slave_0) entered disabled state
[  204.170512][   T54] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  204.178967][   T54] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  204.181183][   T54] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  204.181812][   T54] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  204.182541][   T54] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  204.182743][   T54] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  204.284810][ T8308] overlayfs: missing 'lowerdir'
[  205.135060][ T8319] Bluetooth: MGMT ver 1.23
[  206.252977][   T54] Bluetooth: hci0: command tx timeout
[  206.641421][   T52] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  206.674009][   T52] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  206.686026][   T52] bond0 (unregistering): Released all slaves
[  207.795005][ T8371] netlink: 36 bytes leftover after parsing attributes in process `syz.5.558'.
[  207.918969][ T5869] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  208.011119][   T52] hsr_slave_0: left promiscuous mode
[  208.024073][   T52] hsr_slave_1: left promiscuous mode
[  208.033687][   T52] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  208.043932][   T52] batman_adv: batadv0: Removing interface: batadv_slave_0
[  208.088994][ T5869] usb 1-1: Using ep0 maxpacket: 16
[  208.107445][   T52] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  208.128629][ T5869] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  208.128689][ T5869] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  208.152925][ T5869] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  208.152994][ T5869] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  208.153058][ T5869] usb 1-1: Manufacturer: syz
[  208.180182][   T52] batman_adv: batadv0: Removing interface: batadv_slave_1
[  208.186420][ T5869] usb 1-1: config 0 descriptor??
[  208.197720][   T52] veth1_macvtap: left promiscuous mode
[  208.197764][   T52] veth0_macvtap: left promiscuous mode
[  208.197816][   T52] veth1_vlan: left promiscuous mode
[  208.197860][   T52] veth0_vlan: left promiscuous mode
[  208.562400][ T8368] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  208.588744][ T5869] usb 1-1: USB disconnect, device number 6
[  210.678480][   T54] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  213.317353][   T52] team0 (unregistering): Port device team_slave_1 removed
[  213.563128][ T8456] netlink: 8 bytes leftover after parsing attributes in process `syz.2.576'.
[  214.164010][   T52] team0 (unregistering): Port device team_slave_0 removed
[  214.215253][ T8464] program syz.0.578 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  214.579047][ T5868] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  214.626154][ T8302] chnl_net:caif_netlink_parms(): no params data found
[  215.179056][ T5868] usb 4-1: Using ep0 maxpacket: 16
[  215.192655][ T5868] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  215.208111][ T5868] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  215.228376][ T5868] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  215.237656][ T5868] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  215.246841][ T5868] usb 4-1: Manufacturer: syz
[  215.254563][ T5868] usb 4-1: config 0 descriptor??
[  215.990775][ T8302] bridge0: port 1(bridge_slave_0) entered blocking state
[  216.003454][ T8302] bridge0: port 1(bridge_slave_0) entered disabled state
[  216.027785][ T8302] bridge_slave_0: entered allmulticast mode
[  216.051914][ T8302] bridge_slave_0: entered promiscuous mode
[  216.062414][ T8302] bridge0: port 2(bridge_slave_1) entered blocking state
[  216.074888][ T8302] bridge0: port 2(bridge_slave_1) entered disabled state
[  216.084338][    T8] usb 4-1: USB disconnect, device number 9
[  216.105601][ T8302] bridge_slave_1: entered allmulticast mode
[  216.121282][ T8302] bridge_slave_1: entered promiscuous mode
[  216.210099][ T8302] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  216.227783][ T8491] netlink: 8 bytes leftover after parsing attributes in process `syz.0.583'.
[  216.249493][ T8302] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  216.294922][ T8495] netlink: 8 bytes leftover after parsing attributes in process `syz.5.584'.
[  216.307723][ T8302] team0: Port device team_slave_0 added
[  216.331440][ T8302] team0: Port device team_slave_1 added
[  216.399267][ T8302] batman_adv: batadv0: Adding interface: batadv_slave_0
[  216.411023][ T8302] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  216.436911][    C0] vkms_vblank_simulate: vblank timer overrun
[  216.444081][ T8302] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  216.456314][ T8302] batman_adv: batadv0: Adding interface: batadv_slave_1
[  216.468025][ T8302] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  216.494625][ T8302] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  216.557714][ T8302] hsr_slave_0: entered promiscuous mode
[  216.566060][ T8302] hsr_slave_1: entered promiscuous mode
[  217.192324][ T8514] netlink: 36 bytes leftover after parsing attributes in process `syz.5.587'.
[  217.406533][ T8523] netlink: 36 bytes leftover after parsing attributes in process `syz.0.589'.
[  217.487463][ T8532] Bluetooth: hci0: Opcode 0x0c03 failed: -112
[  217.690713][ T8302] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  217.732827][ T8302] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  218.283513][ T8302] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  218.531172][ T8302] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  218.595698][ T8555] netlink: 8 bytes leftover after parsing attributes in process `syz.5.591'.
[  219.776569][   T54] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  219.797281][ T8570] netlink: 8 bytes leftover after parsing attributes in process `syz.0.594'.
[  219.914399][ T8573] overlayfs: failed to resolve './file0/file0': -2
[  220.521306][   T29] audit: type=1326 audit(1739261789.527:415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8572 comm="syz.2.596" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f777198cde9 code=0x0
[  220.572199][ T8302] 8021q: adding VLAN 0 to HW filter on device bond0
[  220.595629][   T29] audit: type=1326 audit(1739261789.527:416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8572 comm="syz.2.596" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f777198cde9 code=0x0
[  220.684368][ T8302] 8021q: adding VLAN 0 to HW filter on device team0
[  220.695253][   T29] audit: type=1326 audit(1739261789.827:417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8572 comm="syz.2.596" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f777198cde9 code=0x0
[  221.327884][ T3539] bridge0: port 1(bridge_slave_0) entered blocking state
[  221.335001][ T3539] bridge0: port 1(bridge_slave_0) entered forwarding state
[  221.359782][ T3539] bridge0: port 2(bridge_slave_1) entered blocking state
[  221.366860][ T3539] bridge0: port 2(bridge_slave_1) entered forwarding state
[  221.563642][ T8302] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  221.574544][ T8302] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  221.841413][ T8596] overlayfs: failed to resolve './file0/file0': -2
[  221.887809][ T8302] 8021q: adding VLAN 0 to HW filter on device batadv0
[  222.089032][   T25] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  222.262852][   T25] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  222.287094][   T25] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  222.327890][   T25] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  222.342164][ T8302] veth0_vlan: entered promiscuous mode
[  222.357481][   T25] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  222.367851][ T8302] veth1_vlan: entered promiscuous mode
[  222.383565][   T25] usb 6-1: SerialNumber: syz
[  222.466157][ T8302] veth0_macvtap: entered promiscuous mode
[  222.495320][ T8302] veth1_macvtap: entered promiscuous mode
[  222.522035][ T8302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  222.533029][ T8302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  222.543222][ T8302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  222.555401][ T8302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  222.566032][ T8302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  222.576596][ T8302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  222.586530][ T8302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  222.597321][ T8302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  222.608377][ T8302] batman_adv: batadv0: Interface activated: batadv_slave_0
[  222.618530][ T8625] Bluetooth: hci0: Opcode 0x0c03 failed: -112
[  222.664101][ T8302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  222.715453][ T8302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  222.753742][ T8302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  222.778161][ T8302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  222.814650][ T8302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  222.838107][ T8302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  222.882643][ T8302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  222.910612][ T8302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  222.957051][ T8302] batman_adv: batadv0: Interface activated: batadv_slave_1
[  223.038649][ T8302] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  223.059675][   T25] usb 6-1: 0:2 : does not exist
[  223.075676][ T8302] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  223.086850][   T25] usb 6-1: USB disconnect, device number 9
[  223.123897][ T8302] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  223.148097][ T8302] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  223.177920][ T8638] netlink: 36 bytes leftover after parsing attributes in process `syz.3.605'.
[  223.270294][ T5809] udevd[5809]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  223.381421][  T304] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  223.409495][  T304] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  223.480752][ T6327] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  223.493462][ T6327] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  224.649338][   T54] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  224.673298][ T8647] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  224.867303][ T8657] ==================================================================
[  224.875374][ T8657] BUG: KASAN: slab-use-after-free in skb_queue_purge_reason+0x37d/0x410
[  224.883696][ T8657] Read of size 8 at addr ffff888028760858 by task syz.5.609/8657
[  224.891392][ T8657] 
[  224.893695][ T8657] CPU: 1 UID: 0 PID: 8657 Comm: syz.5.609 Not tainted 6.14.0-rc2-syzkaller-00034-gfebbc555cf0f #0
[  224.893711][ T8657] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  224.893720][ T8657] Call Trace:
[  224.893724][ T8657]  <TASK>
[  224.893730][ T8657]  dump_stack_lvl+0x116/0x1f0
[  224.893749][ T8657]  print_report+0xc3/0x620
[  224.893763][ T8657]  ? __virt_addr_valid+0x5e/0x590
[  224.893778][ T8657]  ? __phys_addr+0xc6/0x150
[  224.893793][ T8657]  kasan_report+0xd9/0x110
[  224.893808][ T8657]  ? skb_queue_purge_reason+0x37d/0x410
[  224.893829][ T8657]  ? skb_queue_purge_reason+0x37d/0x410
[  224.893852][ T8657]  skb_queue_purge_reason+0x37d/0x410
[  224.893875][ T8657]  ? mark_held_locks+0x9f/0xe0
[  224.893893][ T8657]  ? __pfx_skb_queue_purge_reason+0x10/0x10
[  224.893918][ T8657]  ? __pfx_vhci_flush+0x10/0x10
[  224.893931][ T8657]  vhci_flush+0x40/0x50
[  224.893944][ T8657]  hci_dev_reset+0x22e/0x530
[  224.893964][ T8657]  hci_sock_ioctl+0x495/0x7d0
[  224.893982][ T8657]  ? __pfx_hci_sock_ioctl+0x10/0x10
[  224.894000][ T8657]  sock_do_ioctl+0x116/0x280
[  224.894020][ T8657]  ? __pfx_sock_do_ioctl+0x10/0x10
[  224.894041][ T8657]  ? ioctl_has_perm.constprop.0.isra.0+0x2f2/0x450
[  224.894063][ T8657]  ? ioctl_has_perm.constprop.0.isra.0+0x2fc/0x450
[  224.894083][ T8657]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  224.894105][ T8657]  sock_ioctl+0x228/0x6c0
[  224.894117][ T8657]  ? __pfx_sock_ioctl+0x10/0x10
[  224.894131][ T8657]  ? selinux_file_ioctl+0x180/0x270
[  224.894149][ T8657]  ? selinux_file_ioctl+0xb4/0x270
[  224.894168][ T8657]  ? __pfx_sock_ioctl+0x10/0x10
[  224.894180][ T8657]  __x64_sys_ioctl+0x190/0x200
[  224.894199][ T8657]  do_syscall_64+0xcd/0x250
[  224.894214][ T8657]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  224.894232][ T8657] RIP: 0033:0x7ff9bc38cde9
[  224.894243][ T8657] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  224.894257][ T8657] RSP: 002b:00007ff9bd1a4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  224.894269][ T8657] RAX: ffffffffffffffda RBX: 00007ff9bc5a5fa0 RCX: 00007ff9bc38cde9
[  224.894278][ T8657] RDX: 0000000000000000 RSI: 00000000400448cb RDI: 0000000000000004
[  224.894286][ T8657] RBP: 00007ff9bc40e2a0 R08: 0000000000000000 R09: 0000000000000000
[  224.894293][ T8657] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  224.894301][ T8657] R13: 0000000000000000 R14: 00007ff9bc5a5fa0 R15: 00007ffc80c5c3f8
[  224.894312][ T8657]  </TASK>
[  224.894317][ T8657] 
[  225.140061][ T8657] Allocated by task 8302:
[  225.144364][ T8657]  kasan_save_stack+0x33/0x60
[  225.149023][ T8657]  kasan_save_track+0x14/0x30
[  225.153675][ T8657]  __kasan_kmalloc+0xaa/0xb0
[  225.158240][ T8657]  vhci_open+0x4c/0x430
[  225.162374][ T8657]  misc_open+0x35a/0x420
[  225.166601][ T8657]  chrdev_open+0x237/0x6a0
[  225.170994][ T8657]  do_dentry_open+0x735/0x1c40
[  225.175738][ T8657]  vfs_open+0x82/0x3f0
[  225.179784][ T8657]  path_openat+0x1e88/0x2d80
[  225.184349][ T8657]  do_filp_open+0x20c/0x470
[  225.188827][ T8657]  do_sys_openat2+0x17a/0x1e0
[  225.193480][ T8657]  __x64_sys_openat+0x175/0x210
[  225.198309][ T8657]  do_syscall_64+0xcd/0x250
[  225.202792][ T8657]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  225.208664][ T8657] 
[  225.210963][ T8657] Freed by task 8302:
[  225.214917][ T8657]  kasan_save_stack+0x33/0x60
[  225.219569][ T8657]  kasan_save_track+0x14/0x30
[  225.224219][ T8657]  kasan_save_free_info+0x3b/0x60
[  225.229222][ T8657]  __kasan_slab_free+0x51/0x70
[  225.233961][ T8657]  kfree+0x2c4/0x4d0
[  225.237836][ T8657]  vhci_release+0xbb/0xf0
[  225.242142][ T8657]  __fput+0x3ff/0xb70
[  225.246101][ T8657]  task_work_run+0x14e/0x250
[  225.250684][ T8657]  do_exit+0xad8/0x2d70
[  225.254825][ T8657]  do_group_exit+0xd3/0x2a0
[  225.259313][ T8657]  __x64_sys_exit_group+0x3e/0x50
[  225.264329][ T8657]  x64_sys_call+0x151f/0x1720
[  225.269001][ T8657]  do_syscall_64+0xcd/0x250
[  225.273488][ T8657]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  225.279367][ T8657] 
[  225.281672][ T8657] The buggy address belongs to the object at ffff888028760800
[  225.281672][ T8657]  which belongs to the cache kmalloc-1k of size 1024
[  225.295704][ T8657] The buggy address is located 88 bytes inside of
[  225.295704][ T8657]  freed 1024-byte region [ffff888028760800, ffff888028760c00)
[  225.309478][ T8657] 
[  225.311781][ T8657] The buggy address belongs to the physical page:
[  225.318167][ T8657] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x28760
[  225.326902][ T8657] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  225.335380][ T8657] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  225.342901][ T8657] page_type: f5(slab)
[  225.346862][ T8657] raw: 00fff00000000040 ffff88801b041dc0 dead000000000100 dead000000000122
[  225.355421][ T8657] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  225.363979][ T8657] head: 00fff00000000040 ffff88801b041dc0 dead000000000100 dead000000000122
[  225.372626][ T8657] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  225.381274][ T8657] head: 00fff00000000003 ffffea0000a1d801 ffffffffffffffff 0000000000000000
[  225.389918][ T8657] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[  225.398557][ T8657] page dumped because: kasan: bad access detected
[  225.404940][ T8657] page_owner tracks the page as allocated
[  225.410633][ T8657] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 11, tgid 11 (kworker/u8:0), ts 62072401116, free_ts 62039684464
[  225.429533][ T8657]  post_alloc_hook+0x181/0x1b0
[  225.434280][ T8657]  get_page_from_freelist+0xfce/0x2f80
[  225.439715][ T8657]  __alloc_frozen_pages_noprof+0x221/0x2470
[  225.445584][ T8657]  alloc_pages_mpol+0x1fc/0x540
[  225.450411][ T8657]  new_slab+0x23d/0x330
[  225.454547][ T8657]  ___slab_alloc+0xc5d/0x1720
[  225.459206][ T8657]  __slab_alloc.constprop.0+0x56/0xb0
[  225.464559][ T8657]  __kmalloc_noprof+0x2ec/0x510
[  225.469384][ T8657]  ieee802_11_parse_elems_full+0xf2/0x18c0
[  225.475172][ T8657]  ieee80211_inform_bss+0xfd/0x1100
[  225.480348][ T8657]  cfg80211_inform_single_bss_data+0x8f9/0x1df0
[  225.486565][ T8657]  cfg80211_inform_bss_data+0x205/0x3ba0
[  225.492174][ T8657]  cfg80211_inform_bss_frame_data+0x272/0x7a0
[  225.498214][ T8657]  ieee80211_bss_info_update+0x311/0xab0
[  225.503825][ T8657]  ieee80211_ibss_rx_queued_mgmt+0x189c/0x2f50
[  225.509959][ T8657]  ieee80211_iface_work+0xc15/0xf50
[  225.515136][ T8657] page last free pid 5936 tgid 5936 stack trace:
[  225.521433][ T8657]  free_frozen_pages+0x6db/0xfb0
[  225.526346][ T8657]  __put_partials+0x14c/0x170
[  225.531003][ T8657]  qlist_free_all+0x4e/0x120
[  225.535574][ T8657]  kasan_quarantine_reduce+0x195/0x1e0
[  225.541013][ T8657]  __kasan_slab_alloc+0x69/0x90
[  225.545837][ T8657]  __kmalloc_noprof+0x1cd/0x510
[  225.550663][ T8657]  tomoyo_encode2+0x100/0x3e0
[  225.555336][ T8657]  tomoyo_encode+0x29/0x50
[  225.559746][ T8657]  tomoyo_path_perm+0x3a7/0x460
[  225.564577][ T8657]  tomoyo_path_symlink+0x98/0xe0
[  225.569501][ T8657]  security_path_symlink+0x152/0x2e0
[  225.574769][ T8657]  do_symlinkat+0x10e/0x310
[  225.579253][ T8657]  __x64_sys_symlinkat+0x93/0xc0
[  225.584181][ T8657]  do_syscall_64+0xcd/0x250
[  225.588669][ T8657]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  225.594549][ T8657] 
[  225.596849][ T8657] Memory state around the buggy address:
[  225.602453][ T8657]  ffff888028760700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  225.610495][ T8657]  ffff888028760780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  225.618533][ T8657] >ffff888028760800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  225.626569][ T8657]                                                     ^
[  225.633477][ T8657]  ffff888028760880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  225.641514][ T8657]  ffff888028760900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  225.649549][ T8657] ==================================================================
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  225.748859][ T8657] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  225.756073][ T8657] CPU: 0 UID: 0 PID: 8657 Comm: syz.5.609 Not tainted 6.14.0-rc2-syzkaller-00034-gfebbc555cf0f #0
[  225.766650][ T8657] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  225.776686][ T8657] Call Trace:
[  225.779944][ T8657]  <TASK>
[  225.782851][ T8657]  dump_stack_lvl+0x3d/0x1f0
[  225.787422][ T8657]  panic+0x71d/0x800
[  225.791298][ T8657]  ? __pfx_panic+0x10/0x10
[  225.795690][ T8657]  ? irqentry_exit+0x3b/0x90
[  225.800256][ T8657]  ? lockdep_hardirqs_on+0x7c/0x110
[  225.805430][ T8657]  ? preempt_schedule_thunk+0x1a/0x30
[  225.810783][ T8657]  ? preempt_schedule_common+0x44/0xc0
[  225.816219][ T8657]  check_panic_on_warn+0xab/0xb0
[  225.821135][ T8657]  end_report+0x117/0x180
[  225.825442][ T8657]  kasan_report+0xe9/0x110
[  225.829835][ T8657]  ? skb_queue_purge_reason+0x37d/0x410
[  225.835368][ T8657]  ? skb_queue_purge_reason+0x37d/0x410
[  225.840904][ T8657]  skb_queue_purge_reason+0x37d/0x410
[  225.846260][ T8657]  ? mark_held_locks+0x9f/0xe0
[  225.851004][ T8657]  ? __pfx_skb_queue_purge_reason+0x10/0x10
[  225.856883][ T8657]  ? __pfx_vhci_flush+0x10/0x10
[  225.861711][ T8657]  vhci_flush+0x40/0x50
[  225.865842][ T8657]  hci_dev_reset+0x22e/0x530
[  225.870418][ T8657]  hci_sock_ioctl+0x495/0x7d0
[  225.875074][ T8657]  ? __pfx_hci_sock_ioctl+0x10/0x10
[  225.880263][ T8657]  sock_do_ioctl+0x116/0x280
[  225.884846][ T8657]  ? __pfx_sock_do_ioctl+0x10/0x10
[  225.889940][ T8657]  ? ioctl_has_perm.constprop.0.isra.0+0x2f2/0x450
[  225.896439][ T8657]  ? ioctl_has_perm.constprop.0.isra.0+0x2fc/0x450
[  225.902939][ T8657]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  225.909776][ T8657]  sock_ioctl+0x228/0x6c0
[  225.914085][ T8657]  ? __pfx_sock_ioctl+0x10/0x10
[  225.918920][ T8657]  ? selinux_file_ioctl+0x180/0x270
[  225.924104][ T8657]  ? selinux_file_ioctl+0xb4/0x270
[  225.929201][ T8657]  ? __pfx_sock_ioctl+0x10/0x10
[  225.934030][ T8657]  __x64_sys_ioctl+0x190/0x200
[  225.938783][ T8657]  do_syscall_64+0xcd/0x250
[  225.943282][ T8657]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  225.949158][ T8657] RIP: 0033:0x7ff9bc38cde9
[  225.953553][ T8657] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  225.973141][ T8657] RSP: 002b:00007ff9bd1a4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  225.981536][ T8657] RAX: ffffffffffffffda RBX: 00007ff9bc5a5fa0 RCX: 00007ff9bc38cde9
[  225.989486][ T8657] RDX: 0000000000000000 RSI: 00000000400448cb RDI: 0000000000000004
[  225.997434][ T8657] RBP: 00007ff9bc40e2a0 R08: 0000000000000000 R09: 0000000000000000
[  226.005402][ T8657] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  226.013361][ T8657] R13: 0000000000000000 R14: 00007ff9bc5a5fa0 R15: 00007ffc80c5c3f8
[  226.021327][ T8657]  </TASK>
[  226.024502][ T8657] Kernel Offset: disabled
[  226.028798][ T8657] Rebooting in 86400 seconds..