last executing test programs:

5m30.363289018s ago: executing program 4 (id=951):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r0 = syz_open_dev$MSR(&(0x7f0000000200), 0xa, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
read$msr(r0, &(0x7f0000002240)=""/102400, 0x19000)
r1 = syz_open_dev$I2C(&(0x7f0000000040), 0x0, 0x0)
ioctl$I2C_SMBUS(r1, 0x720, &(0x7f0000000080)={0x1, 0x0, 0x1, &(0x7f0000000000)={0x1f, "06c4ce00000000006eb5e52829e7cc839300000400"}})
r2 = open(0x0, 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x3c, 0x10, 0x401, 0x70bd28, 0x0, {0x0, 0x0, 0x0, 0x0, 0x585d}, [@IFLA_AF_SPEC={0x8, 0x1a, 0x0, 0x1, [@AF_INET6={0x4}]}, @IFLA_IFNAME={0x14, 0x3, 'ip6gre0\x00'}]}, 0x3c}, 0x1, 0x0, 0x0, 0x840}, 0x0)
mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0xc00, &(0x7f0000000480)=ANY=[@ANYBLOB="71756f7413dc6195dd1154c9152c75736c71756f74615f696e6f64655f686172646c696d1928f7d447a1012d89e37e58eb3e29253ecf711d076369a77f2be7e5ccf484b9f3f76dcec9f87b3c191f538301f7c7977d361794712a4ab5149a7a957db0bb9da6e5160228be89b2cd07551083072e2f4876b7c500a1d5a65a085022afba847148285016ec225d99fbc3e5528ecd97594ead727fcddbca0c8290844d9835f90228e5ec2ff9176d33a8680517b38709d13ee1720686aa00af99e639d18caf6424b461b56428dafc0adbae256bf12530b000db38add908a061478afd460f49504a04f089608e371f05e7a6005e9ad8a80b65d73628175686f0c061068d85083ccc220e517945f2fef1f172c2f2dae6e38055308d79e4c05223f0ba5813f8a3ac7be677a930121598b291a83a314c2ad9057b2829756f3e287f7c75382c907b535dddbd1e70426394623b12828ca178e17c0a666ed46f062944dcfc0d2575f9081d14bc920681acb4c8fec9025a85e72b0b376d8c941eea04726357139b80455d7d3c55a7d85af103424d983a97dff8746713483f2a7f1192728b9ecabd96c50851379f2568182c"])
chdir(&(0x7f0000000240)='./file0\x00')
r4 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f0000000000)={'syz_tun\x00', &(0x7f0000002fc0)=@ethtool_coalesce={0xf, 0x5, 0x0, 0x6, 0x0, 0x1, 0x0, 0xffff7ffc, 0xfffffffd, 0x6, 0x0, 0xffffffff, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x2000000, 0xc, 0xfffffffc}})
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
open(&(0x7f0000000140)='./file1\x00', 0x0, 0xc0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000580)='sched_switch\x00', r5}, 0x10)
r6 = socket$kcm(0x10, 0x2, 0x10)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_KEY_FLUSH(r7, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)={0x14, 0x0, 0x1, 0x70bd31, 0x25dfdbfc}, 0x14}}, 0x10)
sendmsg$kcm(r6, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e020032000b35d25a806f8c6394f90424fc602f0009000a740200053582c137153e370248018000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
chdir(&(0x7f00000003c0)='./bus\x00')

5m29.68289542s ago: executing program 4 (id=955):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = socket(0x28, 0x5, 0x0)
r6 = socket(0x28, 0x5, 0x0)
bind$vsock_stream(r6, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10)
listen(r6, 0x4)
connect$vsock_stream(r5, &(0x7f0000000080)={0x28, 0x0, 0x0, @local}, 0x10)
sendmmsg(r5, &(0x7f0000000100)=[{{0x0, 0x2d, &(0x7f00000000c0)=[{&(0x7f0000000000)="1b", 0x40000}], 0x1}}], 0x51, 0x0)

5m27.963657771s ago: executing program 4 (id=961):
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
ioctl$vim2m_VIDIOC_G_FMT(r0, 0xc0285628, &(0x7f0000000080)={0x3, @win={{0x2}, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0, 0x40}})
socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r3 = dup3(r1, r2, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r3, 0x0, 0x43, &(0x7f0000000180)={'TPROXY\x00'}, &(0x7f00000001c0)=0x1e)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
futex(&(0x7f0000000240)=0x1000, 0x5, 0x0, 0x0, &(0x7f0000000140)=0x2, 0x35000000)
ioctl$VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, &(0x7f0000000040)={0x0, 0xfff, 0x2, {0xc, @pix_mp={0xf, 0x5be7, 0x50323234, 0x0, 0xb, [{0x80000004, 0x7}, {0x7ff, 0xb325}, {0x10000001, 0x9}, {0x63d, 0x7fd}, {0x1, 0xb}, {0x4, 0x489aa92e}, {0x5}, {0xff, 0x7}], 0x1, 0xc, 0x2, 0x0, 0x3}}, 0xfffffffd})
socket$netlink(0x10, 0x3, 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x11, 0x3, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000006"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kmem_cache_free\x00', r5}, 0x10)
socket$kcm(0x10, 0x2, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000001c0))
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000180)={'syz_tun\x00'})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x17, 0xc, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000000000000000"], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000b80)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x50)

5m26.37091955s ago: executing program 4 (id=965):
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
socket$alg(0x26, 0x5, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001480))
bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="060000000400000008000000080000000000", @ANYRES32, @ANYBLOB='\x00'/18, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000041eca69cddce9b158c63b747383a211afa"], 0x48)
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00'}, 0x10)
vmsplice(r0, &(0x7f0000002440)=[{&(0x7f00000002c0)="62af263ea3c1befb3bd81deb2fc1cacaa4d2f3c7d8ed578a43f7c4bb44173641f1fd8524ba1d6678d41a89626989170aadb2c8de3262863630637e1f80b2b4b51ee58b9299e10879e5e7cf131a96d45102b25ddcd1a9c1396236f8a9e1be48f3df174a31122fc89187100d16d31e65e68a314119e411a442d36d25fa1a910a16926bbe70937af1a2daffcd5c3a62c21741d80998ec5bdc21609f993fe686eab92a3d9509e824ba65d8ca5a278c2daaa30bae078462870b37ea7868c8f4793a95dfe47a9c60ea83231e51dda3ae07e726e228a4b101565798f3c4d0633da550910f4615720e9ca37e6f3e77bb52ae52a1312724d2f1a641035db3e81b35e55ca077ae17a98a375b6c3f56395c052113c3f125304a41a735b325b05243c1b8a0b8e47ad70f831e640e4d68e32614faef764f07940dbd655c7c45a7a22630e1c3d77bd86fd2c51621f5196efd4844bc327210f9d34141daa5acc425005e38ccdbeba7eafd392b4f3eb9f297aa6dbc28320b48b3f878d9e45916396519eb2f5c4084d210892cc8bd34489e4e12d78c16e5abcf841243e65dddfd7cbe36ec49b51d4ad368a01bba176ecdd8d147bedd7464a07dc59ad833ab8d26639de4131d324c8c1c1401a6758e660e0c7f0c9bd612f5f3589acba3b06198c30d6beb86a76c18cffff86ea6ebc282411a12ea8959b84672e17f10146575abcf6064ff36821f10c23c2e555b4c8d0af9f368e7db70ba47218a5947a1ecd42e08e6dc08ec3f3d51c522caed9d102a44f6d8f5944fa3307b7234f27483b285ef16925815cd9c05fbeee24b369c18fd05d3e7f034e99462de5f6b45c54f137b4b86e88ae17906071194223638760200d6e185e111301f039780bd9ab2d62682da82b0b752ef85f36a2308ced8b395405d2d30c3c883754767ed379aefbb8e4ff465ac1c6e938a41cb04915a16ab25eed7c2e54cd151821e0620fc314472c57b51d003d07a287d256744b8c8f6ac08fb3c143670b3b8318218d6be5e2ee5b71ad03a7c327a272de129875f170b5f1ea10473c3dac826e96a845aa809905b02c8e3e2e1b451d00f437271af7689f93920db839aba8c8c632cc31c7043b3b7e358c4f5725b31db55aa4f260504f6a78c6ff74d59c480b6f4276433eec67beef368c238bba859d2f4f4c28ab94a65821f55045e540914677befa72c15071d28435a016387cf0c69cef003550d83ef4f866ee78add21e6e69a19ca03ba5381791e38b4fb91d725d3e8c0bc7cfa", 0x381}], 0x1, 0x9)
socket$nl_generic(0x10, 0x3, 0x10)
openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x201, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_NAME={0x2e, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x36}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x9}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x64}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000050)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}], 0x2, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

5m25.154893841s ago: executing program 4 (id=969):
prctl$PR_SCHED_CORE(0x53564d41, 0x0, 0x0, 0x0, 0x0) (async, rerun: 32)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async, rerun: 32)
r1 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_MFC(r1, 0x0, 0x5, &(0x7f0000000240)={@local, @empty, 0xfffb, "66c5aff8a7eb3af1f6cec2e7420000008c84aea31700", 0x96bd, 0x1000000, 0x7e, 0x6b}, 0x3c) (async, rerun: 32)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000180)={<r2=>0x0}, &(0x7f0000000200)=0xc) (rerun: 32)
sched_setaffinity(r2, 0x8, &(0x7f0000000300)=0xd)
setsockopt$MRT_INIT(r1, 0x0, 0xc8, &(0x7f0000000080)=0x300, 0x4) (async)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) (async)
r3 = socket(0x1, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000280)=@newtfilter={0x48, 0x2c, 0xd27, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0x1000a, 0x7}, {}, {0x1001d, 0xa}}, [@filter_kind_options=@f_flower={{0xb}, {0x18, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x14, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0xc, 0x2, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x5}]}, @TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x4}]}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x80}, 0x200000c5)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=@newlink={0x30, 0x10, 0x801, 0xffffffff, 0x0, {}, [@IFLA_MTU={0x8, 0x4, 0x43}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0)
r7 = syz_open_dev$dri(&(0x7f0000000080), 0x1ff, 0x4600)
ioctl$DRM_IOCTL_GET_MAGIC(r7, 0x80046402, 0x0)
r8 = syz_open_dev$swradio(&(0x7f0000000040), 0x0, 0x2)
read(r8, &(0x7f0000000080)=""/94, 0x5e) (async, rerun: 64)
ioctl$VIDIOC_S_FMT(r8, 0xc0d05605, &(0x7f00000001c0)={0xb, @raw_data="9f4a96c5fe384616f1a9e9661829ad2f00d4f42b69f5352c110a8f9da8f8e51391fd07549b270a667430288b6eb25436a35c1749b5a2ea0e58d9d9cd467fc130b3234488546f00f60d34e302195d565a8f14c0ded549e28766cb1caaef9e2499b43f59e95392f654fcbe2cf59714f89e28fd4036bc62200da3cfadf1b5e24cd5de1d45ff67ace9ce3752812de38e2eccc5680ad93af92a66556ec63abe6abaab291e60c965a3488c2b58478d627414ca29c8bb79d56ae10cdce90dc9116d27adf8ff3b05b0c0d374"}) (rerun: 64)
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="120100008b86d3106d04b50801d701020303090212"], 0x0)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000600)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @fib={{0x8}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_FIB_RESULT={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_FIB_DREG={0x8, 0x1, 0x1, 0x0, 0xe}, @NFTA_FIB_FLAGS={0x8, 0x3, 0x1, 0x0, 0x12}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x80}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000000) (async, rerun: 64)
ioctl$ifreq_SIOCGIFINDEX_team(r9, 0x8933, &(0x7f0000000140)) (rerun: 64)
r10 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_FSSETXATTR(r10, 0x401c5820, &(0x7f0000000080)={0x8}) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
close_range(r7, r7, 0x0)

5m23.770884037s ago: executing program 4 (id=974):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000))
r0 = gettid()
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000440), 0x10)
listen(0xffffffffffffffff, 0xf)
accept4$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000e8000000000040d900008500000023000000850000000f00000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000140)='mm_page_alloc\x00', r1}, 0x10)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r2, 0x29, 0x2e, &(0x7f0000000240)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @private1}}}, 0x108)
io_uring_setup(0x201a, &(0x7f0000000540)={0x0, 0x58ba, 0x4000, 0x0, 0x1})
setsockopt$inet6_MCAST_MSFILTER(r2, 0x29, 0x30, &(0x7f0000000480)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, 0x0, 0x20}, 0x5000)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)

5m8.534643689s ago: executing program 32 (id=974):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000))
r0 = gettid()
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000440), 0x10)
listen(0xffffffffffffffff, 0xf)
accept4$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000e8000000000040d900008500000023000000850000000f00000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000140)='mm_page_alloc\x00', r1}, 0x10)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r2, 0x29, 0x2e, &(0x7f0000000240)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @private1}}}, 0x108)
io_uring_setup(0x201a, &(0x7f0000000540)={0x0, 0x58ba, 0x4000, 0x0, 0x1})
setsockopt$inet6_MCAST_MSFILTER(r2, 0x29, 0x30, &(0x7f0000000480)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, 0x0, 0x20}, 0x5000)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)

10.924469698s ago: executing program 2 (id=1935):
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="19000000040000000400000008"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r3], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000540), r5)
sendmsg$NL80211_CMD_VENDOR(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r6, @ANYBLOB="bbfb2b3d02000000df25670000"], 0x1c}, 0x1, 0x0, 0x0, 0x801}, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0), 0x4)

10.811033277s ago: executing program 3 (id=1936):
socket$inet6(0xa, 0x2, 0x3a)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000016"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
sendmmsg$inet(r5, 0x0, 0x0, 0x20040000)

9.802846356s ago: executing program 3 (id=1937):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='sched_switch\x00'}, 0x10)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, 0x0, 0x0)
connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c)
sendto$inet6(r3, &(0x7f00000001c0)="a6e2976b5c4383036d32dadd2e144d8645ca8d1b230e105614396838da83c754887e7bea2f35d4ea667817d90d532af065f2e398dd9081ea16f8b371a202a6f9e505bbc964a0d3880bf0104a0a0a2f0d311efee1637e85a0125b38f961918f99bf9c2c146e42327f178dc2b3d493", 0x6e, 0x840, 0x0, 0x0)
recvmsg(r3, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000b80)=[{&(0x7f0000000780)=""/243, 0x11000}], 0x1}, 0x142)

9.278298367s ago: executing program 3 (id=1939):
syz_usb_connect$hid(0x2, 0x0, 0x0, 0x0)
mlock(&(0x7f000002c000/0x4000)=nil, 0x4000)
socket$nl_generic(0x10, 0x3, 0x10)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
ioctl$IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x4b, 0x0, 0x0)
ioctl$PPPIOCGCHAN(r0, 0x80047437, &(0x7f0000001f00))
openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendmmsg(r0, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x34000, 0x0)

8.700569615s ago: executing program 1 (id=1940):
syz_init_net_socket$llc(0x1a, 0x2, 0x0)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000180), 0x35c, 0x0)
socket$unix(0x1, 0x5, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000001280)={0x9, 0x1b, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000061d8d837000000002c2c00001811dbf3", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf09000000000000550901000000000095000000000000008500000023000000184900000400000000000000000000001800000007000000000000000200000018110000", @ANYRES32=0x1, @ANYBLOB="0000000000000000b7020000000000008500000086000000183400000100000000000000000000008520000004"], 0x0, 0x800, 0x0, 0x0, 0x41100, 0x44, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
r0 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0xcb1f, 0x4)
bind$inet6(r0, &(0x7f0000f65000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, 0x0, 0x0, 0xfffffefffbfbb7be, &(0x7f0000000100)={0xa, 0x4e20, 0x8e, @empty, 0x6}, 0x1c)
syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000300), 0x8)
syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r1)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000005100000000000000000a200000000900010073797a300000000014000000100001"], 0x48}}, 0x20050800)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x9, 0x4, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x0, 0xfffffffffffffebd, 0x0, 0x0, 0x0, '\x00', 0x0, 0x22}, 0x94)
r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000380), 0xffffffffffffffff)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff})
sendmsg$NBD_CMD_CONNECT(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="90000000", @ANYRES16=r3, @ANYBLOB="01000000000000000000010000000c000597ff000000000000000c0002000000000000000000040007800c000800000000000000000008000a00000000004400078008000100", @ANYRES32, @ANYBLOB="32000100", @ANYRES32=r4, @ANYBLOB="64800400", @ANYRES32, @ANYBLOB='\b'], 0x90}}, 0x0)

8.295684695s ago: executing program 5 (id=1942):
syz_usb_connect$hid(0x2, 0x0, 0x0, 0x0)
mlock(&(0x7f000002c000/0x4000)=nil, 0x4000)
socket$nl_generic(0x10, 0x3, 0x10)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
ioctl$IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x4b, 0x0, 0x0)
ioctl$PPPIOCGCHAN(r0, 0x80047437, &(0x7f0000001f00))
openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendmmsg(r0, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x34000, 0x0) (fail_nth: 1)

8.181497386s ago: executing program 3 (id=1944):
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x18, 0x0, 0x500)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = syz_open_dev$vcsa(0x0, 0x1, 0x1a2100)
poll(&(0x7f00000000c0)=[{r0, 0x9746}], 0x1, 0x0)
close(r0)
lsm_set_self_attr(0x65, &(0x7f0000000800)=ANY=[], 0x20, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
getsockopt$IP6T_SO_GET_REVISION_TARGET(0xffffffffffffffff, 0x29, 0x45, &(0x7f0000000140)={'icmp\x00'}, &(0x7f0000000240)=0x1e)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0xfffffffffffffffe, 0xb, 0x0, 0x0, 0xb}, 0x0)
syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x14b501)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
r4 = syz_open_dev$vim2m(&(0x7f0000000000), 0x3, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r4, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1})
ioctl$vim2m_VIDIOC_QBUF(r4, 0xc058560f, &(0x7f0000000180)=@multiplanar_mmap={0x0, 0x2, 0x4, 0x0, 0x0, {0x77359400}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'y)\x00'}, 0x0, 0x1, {0x0}, 0xea})
r5 = epoll_create1(0x0)
r6 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001600), 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r6, &(0x7f0000000180)={0xc0002000})
ioctl$TCSETSW2(r6, 0x402c542c, &(0x7f0000000040)={0x4, 0x40100000, 0x5, 0x0, 0x1, "362e851f84882fb90efa3fa665d2eb144970e2", 0x8, 0x81})
socket$inet(0x2, 0x4000000000000001, 0x0)
r7 = syz_io_uring_setup(0x186, &(0x7f0000000080)={0x0, 0x3416, 0x13100}, &(0x7f0000000100)=<r8=>0x0, &(0x7f0000000000)=<r9=>0x0)
syz_io_uring_submit(r8, r9, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r7, 0x2def, 0x0, 0x0, 0x0, 0x0)
ioctl$vim2m_VIDIOC_STREAMOFF(r4, 0x40045612, &(0x7f0000000080)=0x2)
close_range(r3, 0xffffffffffffffff, 0x0)

8.177384432s ago: executing program 2 (id=1945):
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
socket$caif_stream(0x25, 0x1, 0x0)
r0 = syz_io_uring_setup(0x236, &(0x7f0000000580)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0)
timerfd_gettime(r3, &(0x7f00000002c0))
syz_io_uring_submit(r1, r2, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffffffffffff31})
io_uring_enter(r0, 0x207a98, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0)
syz_open_dev$sndmidi(0x0, 0x2, 0x141102)
pselect6(0x0, 0x0, 0x0, &(0x7f0000000280)={0x3ff, 0x0, 0x0, 0x400d, 0x4, 0x2, 0x466}, 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x2200892, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000300)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000), 0xc)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x100010, r4, 0xb3d2d000)
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x80000000005, 0x100000001000087}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000000c0)=0x4)
sched_setaffinity(0x0, 0x43, &(0x7f0000000040)=0x2)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, 0x0, 0x0)
chroot(&(0x7f0000000a40)='./file0\x00')
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000500)='pstore\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
syz_open_dev$tty20(0xc, 0x4, 0x1)

8.142803483s ago: executing program 1 (id=1946):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000cc0)=ANY=[@ANYBLOB="120100004f92b90857152077ebb7000000010902120001000000000904"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000080)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000e00)={0x40, 0x13, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000001740)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x40, 0x19, 0x2}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000000)={0x18, &(0x7f0000000140)={0x20, 0x5, 0x1, ' '}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, &(0x7f0000000640)={0x14, &(0x7f00000005c0)={0x20, 0x1e, 0x18, {0x18, 0x11, "556f81352db702217fb65e96fbd577f300c5469a478f"}}, &(0x7f0000000600)={0x0, 0x3, 0x3a, @string={0x3a, 0x3, "e05758f872e132d1db453ad4544367127ce838a41009c77a8dd73c8e34f6ddedd0ab99b18a9692d7ab2c1b9150e448450d2a9e5b4ef67348"}}}, &(0x7f00000008c0)={0x34, &(0x7f0000000680)={0x40, 0x30, 0x32, "21e619111a50d855ac32c67fc65c18a0f3f62a2077c61903dd1df47c1557ba0847099378b68243698136919519e08be87419"}, &(0x7f00000006c0)={0x0, 0xa, 0x1, 0xd}, &(0x7f0000000700)={0x0, 0x8, 0x1, 0x40}, &(0x7f0000000740)={0x20, 0x0, 0xbc, {0xba, "22a93316ed7b6d14317a7ea778057ced7282e814fd9b3e498e6a532b246c721cbd3ff6cca1ea8c1d28fb81d1e2c4f0badfab1e8d40ca600393ec33818237629e947bff38dbebedb5db68ae15e2863fa5fdd4b0791ebd68309f7161d1472b59d9f7f177c02ccaac43985212a209675b70e3fb0cf8ef978617462fcbaaff858f1c339a1b4880645e61fdeec5b89fbf48f3a1669edf3e6e1a379c103d301fb7915bb07a9b354691d9fbb2f3a0ee4f97150e6c304e69f99f95236470"}}, &(0x7f0000000840)={0x20, 0x1, 0x1, 0x7f}, &(0x7f0000000880)={0x20, 0x0, 0x1, 0x4}})
syz_usb_control_io$printer(r0, 0x0, 0x0)

7.102073368s ago: executing program 0 (id=1947):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = socket(0x28, 0x5, 0x0)
r6 = socket(0x28, 0x5, 0x0)
bind$vsock_stream(r6, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10)
listen(r6, 0x4)
connect$vsock_stream(r5, &(0x7f0000000080)={0x28, 0x0, 0x0, @local}, 0x10)

6.938132433s ago: executing program 2 (id=1948):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mq_open(0x0, 0x42, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
r4 = epoll_create1(0x0)
r5 = openat$vmci(0xffffffffffffff9c, &(0x7f0000001140), 0x2, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r5, &(0x7f0000001180)={0x40000009})
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r6 = getpid()
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x8b9bd000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0)
r9 = socket$isdn(0x22, 0x2, 0x11)
bind$isdn(r9, 0x0, 0x0)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0)
r10 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r10, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
getsockopt$inet_tcp_buf(r10, 0x6, 0x1a, 0x0, &(0x7f00000003c0))
sendmsg$NFT_BATCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a30000000006c000000160a01020000000000000000010000000900010073797a30000000000900020073797a3000000000400003802c00038004000100766c616e31000000000000000000000014000100776c616e3100000000000000000000000800014000000000080002"], 0xfc}}, 0x0)

6.173670484s ago: executing program 0 (id=1949):
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
socket$alg(0x26, 0x5, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001480))
bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="060000000400000008000000080000000000", @ANYRES32, @ANYBLOB='\x00'/18, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000041eca69cddce9b158c63b747383a211afa"], 0x48)
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00'}, 0x10)
vmsplice(r0, &(0x7f0000002440)=[{&(0x7f00000002c0)="62af263ea3c1befb3bd81deb2fc1cacaa4d2f3c7d8ed578a43f7c4bb44173641f1fd8524ba1d6678d41a89626989170aadb2c8de3262863630637e1f80b2b4b51ee58b9299e10879e5e7cf131a96d45102b25ddcd1a9c1396236f8a9e1be48f3df174a31122fc89187100d16d31e65e68a314119e411a442d36d25fa1a910a16926bbe70937af1a2daffcd5c3a62c21741d80998ec5bdc21609f993fe686eab92a3d9509e824ba65d8ca5a278c2daaa30bae078462870b37ea7868c8f4793a95dfe47a9c60ea83231e51dda3ae07e726e228a4b101565798f3c4d0633da550910f4615720e9ca37e6f3e77bb52ae52a1312724d2f1a641035db3e81b35e55ca077ae17a98a375b6c3f56395c052113c3f125304a41a735b325b05243c1b8a0b8e47ad70f831e640e4d68e32614faef764f07940dbd655c7c45a7a22630e1c3d77bd86fd2c51621f5196efd4844bc327210f9d34141daa5acc425005e38ccdbeba7eafd392b4f3eb9f297aa6dbc28320b48b3f878d9e45916396519eb2f5c4084d210892cc8bd34489e4e12d78c16e5abcf841243e65dddfd7cbe36ec49b51d4ad368a01bba176ecdd8d147bedd7464a07dc59ad833ab8d26639de4131d324c8c1c1401a6758e660e0c7f0c9bd612f5f3589acba3b06198c30d6beb86a76c18cffff86ea6ebc282411a12ea8959b84672e17f10146575abcf6064ff36821f10c23c2e555b4c8d0af9f368e7db70ba47218a5947a1ecd42e08e6dc08ec3f3d51c522caed9d102a44f6d8f5944fa3307b7234f27483b285ef16925815cd9c05fbeee24b369c18fd05d3e7f034e99462de5f6b45c54f137b4b86e88ae17906071194223638760200d6e185e111301f039780bd9ab2d62682da82b0b752ef85f36a2308ced8b395405d2d30c3c883754767ed379aefbb8e4ff465ac1c6e938a41cb04915a16ab25eed7c2e54cd151821e0620fc314472c57b51d003d07a287d256744b8c8f6ac08fb3c143670b3b8318218d6be5e2ee5b71ad03a7c327a272de129875f170b5f1ea10473c3dac826e96a845aa809905b02c8e3e2e1b451d00f437271af7689f93920db839aba8c8c632cc31c7043b3b7e358c4f5725b31db55aa4f260504f6a78c6ff74d59c480b6f4276433eec67beef368c238bba859d2f4f4c28ab94a65821f55045e540914677befa72c15071d28435a016387cf0c69cef003550d83ef4f866ee78add21e6e69a19ca03ba5381791e38b4fb91d725d3e8c0bc7cfa", 0x381}], 0x1, 0x9)
socket$nl_generic(0x10, 0x3, 0x10)
openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x201, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_NAME={0x2e, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x36}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x9}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x64}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000050)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}, {0x0}], 0x2}, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

6.086594693s ago: executing program 5 (id=1950):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = socket(0xa, 0x5, 0x0)
connect$inet(r1, &(0x7f0000000080)={0x2, 0x4e20, @rand_addr=0x64010100}, 0x10)
ptrace(0x10, r0)
sched_setattr(r0, &(0x7f0000000100)={0x38, 0x0, 0x10000040, 0xd, 0x4, 0x4f211db8, 0x200, 0x5, 0x7, 0xf}, 0x0)
r2 = socket$inet_sctp(0x2, 0x800000000000001, 0x84)
r3 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/sync_sock_size\x00', 0x2, 0x0)
write$cgroup_int(r3, &(0x7f0000000340)=0x4, 0x12)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000540)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0xafda, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1}, 0x50)
r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000dc0), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_GET(r4, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000540)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000fbdbdf25270000000e0001006e657464657673696d0000000f0002006e657464657673696d3000001c0053"], 0x50}, 0x1, 0x0, 0x0, 0x24040011}, 0x0)
setsockopt$IP_VS_SO_SET_STARTDAEMON(r2, 0x0, 0x48b, &(0x7f0000000000)={0x1, 'hsr0\x00', 0x4}, 0x18)
ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r0, 0x10, &(0x7f0000000140)={0xffffffff})

5.710852711s ago: executing program 0 (id=1951):
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r0, &(0x7f0000000000), 0xd)

5.587911551s ago: executing program 5 (id=1952):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0xc)
socket$kcm(0x10, 0x3, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0e00000004000000080000000b"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002300000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='contention_end\x00', r3, 0xe4}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0xe, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1804"], 0x0, 0x13c, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r4)
r5 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r5, 0xc004743e, 0x110e22fff6)
ioctl$TUNGETVNETLE(r4, 0x4010744d, &(0x7f0000000180))
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r6 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r6}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x275a, 0x0)
fcntl$lock(r7, 0x6, &(0x7f0000000000)={0x0, 0x0, 0x8})
fcntl$lock(r7, 0x26, &(0x7f0000000080)={0x1, 0x0, 0x2007, 0x1fd})
fcntl$lock(r7, 0x26, &(0x7f00000000c0)={0x1, 0x2, 0x9, 0x401})
sendmsg$key(0xffffffffffffffff, &(0x7f0000000100)={0x3, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="020400020a0000000000000000000000020001000000000000100500000000a0030006000000000002000000ac1414ff0000000000000000030005000000000000"], 0x50}, 0x1, 0x7}, 0x0)
r8 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x2, 0x2001)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r8, 0xc1485544, &(0x7f0000000000)=0x5)
r9 = socket(0x2000000000000021, 0x2, 0x10000000000002)
sendmmsg(r9, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=ANY=[], 0x18, 0xe000}, 0x5}], 0x1, 0x0)
r10 = socket$rxrpc(0x21, 0x2, 0x2)
bind$rxrpc(r10, &(0x7f0000000000)=@in4={0x21, 0x2, 0x2, 0x10, {0x2, 0x4e20, @loopback}}, 0x24)
r11 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r11, 0x4008ae89, &(0x7f0000000200)=ANY=[@ANYBLOB="0100000000000000034d564b0000000001"])
syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00')

5.492660281s ago: executing program 0 (id=1953):
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
socket$alg(0x26, 0x5, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001480))
bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="060000000400000008", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000041eca69cddce9b158c63b747383a211afa"], 0x48)
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00'}, 0x10)
vmsplice(r0, &(0x7f0000002440)=[{&(0x7f00000002c0)="62af263ea3c1befb3bd81deb2fc1cacaa4d2f3c7d8ed578a43f7c4bb44173641f1fd8524ba1d6678d41a89626989170aadb2c8de3262863630637e1f80b2b4b51ee58b9299e10879e5e7cf131a96d45102b25ddcd1a9c1396236f8a9e1be48f3df174a31122fc89187100d16d31e65e68a314119e411a442d36d25fa1a910a16926bbe70937af1a2daffcd5c3a62c21741d80998ec5bdc21609f993fe686eab92a3d9509e824ba65d8ca5a278c2daaa30bae078462870b37ea7868c8f4793a95dfe47a9c60ea83231e51dda3ae07e726e228a4b101565798f3c4d0633da550910f4615720e9ca37e6f3e77bb52ae52a1312724d2f1a641035db3e81b35e55ca077ae17a98a375b6c3f56395c052113c3f125304a41a735b325b05243c1b8a0b8e47ad70f831e640e4d68e32614faef764f07940dbd655c7c45a7a22630e1c3d77bd86fd2c51621f5196efd4844bc327210f9d34141daa5acc425005e38ccdbeba7eafd392b4f3eb9f297aa6dbc28320b48b3f878d9e45916396519eb2f5c4084d210892cc8bd34489e4e12d78c16e5abcf841243e65dddfd7cbe36ec49b51d4ad368a01bba176ecdd8d147bedd7464a07dc59ad833ab8d26639de4131d324c8c1c1401a6758e660e0c7f0c9bd612f5f3589acba3b06198c30d6beb86a76c18cffff86ea6ebc282411a12ea8959b84672e17f10146575abcf6064ff36821f10c23c2e555b4c8d0af9f368e7db70ba47218a5947a1ecd42e08e6dc08ec3f3d51c522caed9d102a44f6d8f5944fa3307b7234f27483b285ef16925815cd9c05fbeee24b369c18fd05d3e7f034e99462de5f6b45c54f137b4b86e88ae17906071194223638760200d6e185e111301f039780bd9ab2d62682da82b0b752ef85f36a2308ced8b395405d2d30c3c883754767ed379aefbb8e4ff465ac1c6e938a41cb04915a16ab25eed7c2e54cd151821e0620fc314472c57b51d003d07a287d256744b8c8f6ac08fb3c143670b3b8318218d6be5e2ee5b71ad03a7c327a272de129875f170b5f1ea10473c3dac826e96a845aa809905b02c8e3e2e1b451d00f437271af7689f93920db839aba8c8c632cc31c7043b3b7e358c4f5725b31db55aa4f260504f6a78c6ff74d59c480b6f4276433eec67beef368c238bba859d2f4f4c28ab94a65821f55045e540914677befa72c15071d28435a016387cf0c69cef003550d83ef4f866ee78add21e6e69a19ca03ba5381791e38b4fb91d725d3e8c0bc7cfa", 0x381}], 0x1, 0x9)
socket$nl_generic(0x10, 0x3, 0x10)
openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x201, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_NAME={0x2e, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x36}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x9}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x64}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000050)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000380)}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

5.436650635s ago: executing program 0 (id=1954):
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
socket$caif_stream(0x25, 0x1, 0x0)
r0 = syz_io_uring_setup(0x236, 0x0, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
timerfd_gettime(0xffffffffffffffff, &(0x7f00000002c0))
syz_io_uring_submit(r1, r2, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffffffffffff31})
io_uring_enter(r0, 0x207a98, 0x0, 0x0, 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x1214040, 0x0)
syz_open_dev$sndmidi(0x0, 0x2, 0x141102)
pselect6(0x0, 0x0, 0x0, &(0x7f0000000280)={0x3ff, 0x0, 0x0, 0x400d, 0x4, 0x2, 0x466}, 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x2200892, 0x0)
mount$overlay(0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000), 0xc)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x100010, r3, 0xb3d2d000)
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x80000000005, 0x100000001000087}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000000c0)=0x4)
sched_setaffinity(0x0, 0x43, &(0x7f0000000040)=0x2)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
chroot(0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000500)='pstore\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
syz_open_dev$tty20(0xc, 0x4, 0x1)

5.205476737s ago: executing program 3 (id=1955):
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r0, &(0x7f0000000000), 0xd)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6161, 0x4d15, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x4f8}}}}]}}]}}, 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220508"], 0x0}, 0x0)
syz_usb_control_io$hid(r1, &(0x7f0000000d80)={0x24, 0x0, &(0x7f0000000200)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x807}}, 0x0, 0x0}, 0x0)
syz_usb_control_io(r1, &(0x7f0000000540)={0x2c, 0x0, &(0x7f00000002c0)={0x0, 0x3, 0x5, @string={0x5, 0x3, "f72d41"}}, 0x0, 0x0, 0x0}, 0x0)
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x80, 0x0)

5.170751241s ago: executing program 2 (id=1956):
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="19000000040000000400000008"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000150000", @ANYRES32=r3], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000540), r5)
sendmsg$NL80211_CMD_VENDOR(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r6, @ANYBLOB="bbfb2b3d02000000df25670000"], 0x1c}, 0x1, 0x0, 0x0, 0x801}, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0), 0x4)

4.616928155s ago: executing program 5 (id=1957):
sched_setscheduler(0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000820004000000000000000c00850000000f00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mremap(&(0x7f000000a000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil)
openat(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup.cpu/cgroup.procs\x00', 0xa00, 0x1c2)
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r4, &(0x7f00000014c0)={0x0, 0x0, 0x0}, 0x0)

4.429525439s ago: executing program 0 (id=1958):
socket$pppl2tp(0x18, 0x1, 0x1)
socket$alg(0x26, 0x5, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg(r1, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4b, 0x9, 0x8, 0x0, 0x400003}, 0x0)
getsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x20, 0x0, &(0x7f0000001040)=0x5d)
syz_usb_connect(0x0, 0x5f, 0x0, 0x0)
r2 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001400)=@newtaction={0x60, 0x30, 0x1, 0x70bd2b, 0x25dfdbfd, {}, [{0x4c, 0x1, [@m_pedit={0x48, 0x1, 0x0, 0x0, {{0xa}, {0x1c, 0x2, 0x0, 0x1, [@TCA_PEDIT_KEYS_EX={0x18, 0x5, 0x0, 0x1, [{0x14, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x500}, @TCA_PEDIT_KEY_EX_HTYPE={0x6}]}]}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x3}}}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x4081}, 0x2400c800)
write$6lowpan_control(r3, 0x0, 0x0)
mkdir(&(0x7f0000000140)='./control\x00', 0x5)
r5 = inotify_init1(0x80800)
socket$inet6(0xa, 0x3, 0x5)
inotify_add_watch(r5, &(0x7f0000000180)='./control\x00', 0x64000ba6)
inotify_add_watch(r5, &(0x7f0000000180)='./control\x00', 0xa4000960)
ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, &(0x7f0000000000)=0xffff0018)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000680), 0x40000, 0x19)
r6 = socket(0x2, 0x80805, 0x0)
setsockopt$inet_sctp_SCTP_DELAYED_SACK(r6, 0x84, 0x10, &(0x7f00000000c0)=@assoc_value={0x0, 0x6}, 0x8)
setsockopt$inet_sctp_SCTP_DELAYED_SACK(r6, 0x84, 0x10, &(0x7f0000000240)=@assoc_value={0x0, 0x1}, 0x8)
sched_setattr(r2, &(0x7f00000001c0)={0x38, 0x3, 0xc, 0x105, 0x6, 0x7, 0x6b4, 0x510000000, 0x6, 0x40}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)

3.569586585s ago: executing program 5 (id=1959):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000cc0)=ANY=[@ANYBLOB="120100004f92b90857152077ebb7000000010902120001000000000904"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000080)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000e00)={0x40, 0x13, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000001740)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x40, 0x19, 0x2}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000000)={0x18, &(0x7f0000000140)={0x20, 0x5, 0x1, ' '}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)
r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
r2 = dup(r1)
setsockopt$inet6_IPV6_RTHDR(r2, 0x29, 0x39, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000240)={0x14, &(0x7f00000001c0)={0x40, 0x9, 0xe, {0xe, 0x10, "9c8ad4468371f49c2a3cc959"}}, &(0x7f0000000200)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000280)={0x44, &(0x7f0000000e40)={0x40, 0x15, 0xc7, "5f12afd6f3e7238e8251c9b45e8c4e189dc06ca778f629d412ecefadcd55f6cd18cfb8b033f5320c85cad698528b3745dd79f41d966dc02cde1621c521640ae92ab2242028048b0faec9e023a25fa6129bfb0ee247063dc5008237c10332d7a9ba4cdd564644d27f2175e2105983e425031bf3e22f7d867bb3b7aea15f5923756cd1357eb51e86b26d175b3c76aa0aa2459317ded37a7109e54912c2ae002483a8daae9c2c2cc36bd3240205335be9e820a891d3b4915d831ecfe7d9800a9bf722fcfdab0c9a2a"}, &(0x7f0000000380)={0x0, 0xa, 0x1, 0xfc}, &(0x7f00000003c0)={0x0, 0x8, 0x1, 0x6}, &(0x7f0000000400)={0x20, 0x80, 0x1c, {0x1fc, 0x2, 0x3, 0x0, 0x2, 0x4009, 0x8, 0x800, 0x5, 0xa, 0x300, 0x5}}, &(0x7f0000000d00)={0x20, 0x85, 0x4, 0x2}, &(0x7f0000000480)={0x20, 0x83, 0x2, 0x3}, &(0x7f00000004c0)={0x20, 0x87, 0x2, 0x2dd}, &(0x7f0000000500)={0x20, 0x89, 0x2}})
syz_usb_control_io$printer(r0, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000300)={'vxcan1\x00'})
syz_usb_control_io$printer(r0, &(0x7f0000000640)={0x14, &(0x7f00000005c0)={0x20, 0x1e, 0x18, {0x18, 0x11, "556f81352db702217fb65e96fbd577f300c5469a478f"}}, &(0x7f0000000600)={0x0, 0x3, 0x3a, @string={0x3a, 0x3, "e05758f872e132d1db453ad4544367127ce838a41009c77a8dd73c8e34f6ddedd0ab99b18a9692d7ab2c1b9150e448450d2a9e5b4ef67348"}}}, &(0x7f00000008c0)={0x34, &(0x7f0000000680)={0x40, 0x30, 0x32, "21e619111a50d855ac32c67fc65c18a0f3f62a2077c61903dd1df47c1557ba0847099378b68243698136919519e08be87419"}, &(0x7f00000006c0)={0x0, 0xa, 0x1, 0xd}, &(0x7f0000000700)={0x0, 0x8, 0x1, 0x40}, &(0x7f0000000740)={0x20, 0x0, 0xbc, {0xba, "22a93316ed7b6d14317a7ea778057ced7282e814fd9b3e498e6a532b246c721cbd3ff6cca1ea8c1d28fb81d1e2c4f0badfab1e8d40ca600393ec33818237629e947bff38dbebedb5db68ae15e2863fa5fdd4b0791ebd68309f7161d1472b59d9f7f177c02ccaac43985212a209675b70e3fb0cf8ef978617462fcbaaff858f1c339a1b4880645e61fdeec5b89fbf48f3a1669edf3e6e1a379c103d301fb7915bb07a9b354691d9fbb2f3a0ee4f97150e6c304e69f99f95236470"}}, &(0x7f0000000840)={0x20, 0x1, 0x1, 0x7f}, &(0x7f0000000880)={0x20, 0x0, 0x1, 0x4}})
write$cgroup_devices(r2, &(0x7f0000000180)={'a', ' *:* ', 'm\x00'}, 0x8)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)

3.31014746s ago: executing program 1 (id=1960):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000016"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = socket(0x28, 0x5, 0x0)
r6 = socket(0x28, 0x5, 0x0)
bind$vsock_stream(r6, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10)
listen(r6, 0x4)
connect$vsock_stream(r5, &(0x7f0000000080)={0x28, 0x0, 0x0, @local}, 0x10)
sendmmsg(r5, &(0x7f0000000100)=[{{0x0, 0x2d, &(0x7f00000000c0)=[{&(0x7f0000000000)="1b", 0x40000}], 0x1}}], 0x51, 0x0)

2.567869415s ago: executing program 2 (id=1961):
socket$inet6(0xa, 0x2, 0x3a)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000016"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
sendmmsg$inet(r5, 0x0, 0x0, 0x20040000)

2.32975662s ago: executing program 1 (id=1962):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f00000003c0), r0)
sendmsg$NFC_CMD_DEV_DOWN(r1, &(0x7f00000004c0)={0x0, 0xfffffffffffffe99, &(0x7f0000000480)={&(0x7f0000000440)={0x1c, r2, 0x1, 0x70bd28, 0x25dfdbff}, 0x1c}, 0x1, 0x0, 0x0, 0x48810}, 0x0)

1.799502195s ago: executing program 3 (id=1963):
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
setsockopt$inet6_udp_int(r0, 0x11, 0x68, &(0x7f0000000080)=0xa40, 0x4)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="0a000000bbbbbbbbbbbbaaaaaaaaaabb86dd6d002000001311ff00000000000000000000000000000000ff0200000003000000000000e9ffff004f194e20"], 0x4b) (fail_nth: 1)

1.796764118s ago: executing program 1 (id=1964):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffc000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
sendmsg$NLBL_UNLABEL_C_STATICADDDEF(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000006c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc080003400000001408bd874000000e45400000000c0a010100000000000000000a0000060900020073797a31009e00000900010073797a310000000014000380100000800c00018006000100d103000014000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)

382.84882ms ago: executing program 2 (id=1965):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffc000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
sendmsg$NLBL_UNLABEL_C_STATICADDDEF(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000006c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc080003400000001408bd874000000e45400000000c0a010100000000000000000a0000060900020073797a31009e00000900010073797a310000000014000380100000800c00018006000100d103000014000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) (fail_nth: 1)

16.983028ms ago: executing program 1 (id=1966):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mq_open(0x0, 0x42, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
r4 = epoll_create1(0x0)
r5 = openat$vmci(0xffffffffffffff9c, &(0x7f0000001140), 0x2, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r5, &(0x7f0000001180)={0x40000009})
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r6 = getpid()
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x8b9bd000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0)
r9 = socket$isdn(0x22, 0x2, 0x11)
bind$isdn(r9, 0x0, 0x0)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0)
r10 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r10, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
getsockopt$inet_tcp_buf(r10, 0x6, 0x1a, 0x0, &(0x7f00000003c0))
sendmsg$NFT_BATCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a30000000006c000000160a01020000000000000000010000000900010073797a30000000000900020073797a3000000000400003802c00038004000100766c616e31000000000000000000000014000100776c616e3100000000000000000000000800014000000000080002"], 0xfc}}, 0x0)

0s ago: executing program 5 (id=1967):
r0 = syz_io_uring_setup(0x7e3b, &(0x7f0000000440)={0x0, 0x1ba, 0x10, 0x2, 0x20000fe}, &(0x7f0000002bc0), &(0x7f0000000180))
io_uring_register$IORING_UNREGISTER_BUFFERS(r0, 0x1, 0x0, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(0xffffffffffffffff, 0xc4c85513, &(0x7f0000000800)={{0xa, 0x5, 0xfe, 0x0, 'syz1\x00', 0x9}, 0x1, [0xffffffffffffffff, 0x7, 0xf72c, 0xffffffff, 0x9, 0x4, 0x3, 0x0, 0x0, 0xbd77, 0x9, 0x2, 0x2, 0x100, 0xffff, 0x5, 0x100, 0x3, 0x0, 0x5, 0x2, 0x4, 0x5, 0x7f, 0xfffffffffffffffb, 0x2, 0x8, 0xb, 0x3, 0x1, 0x0, 0xffffffffffffff81, 0x0, 0x3, 0x2, 0x10001, 0x6, 0x6, 0x401, 0x10, 0x2, 0x1091, 0x4, 0xfffffffffffffff8, 0x3, 0x4, 0xe, 0x5, 0x0, 0x1, 0x3, 0x8, 0x4df28e4, 0x9, 0x800, 0xecaa, 0xc, 0x2, 0x2, 0x0, 0x8000000000000000, 0x2, 0x1, 0xffffffffffffffff, 0xfff, 0xda, 0xc8f, 0x2, 0x7, 0x8000000000000001, 0x85f6, 0x0, 0xffffffffffff0001, 0x92, 0x0, 0x6, 0xc8, 0x5, 0x6, 0x6, 0x3, 0x9, 0xa, 0xfff, 0x187, 0xd, 0xbc, 0x43669916, 0x4a, 0x2, 0x925, 0x8, 0x2, 0x2, 0x3, 0x100, 0x0, 0x9, 0x80, 0x9, 0x0, 0x1, 0x2, 0x8000, 0x425fcbc7, 0x3, 0xf0a, 0x1, 0x7fff, 0x63ce, 0x32dd, 0x5ea59d90, 0x8, 0x63e, 0x0, 0x10001, 0xff, 0x8, 0x10000, 0x4, 0xffffffffffffffff, 0x4, 0x6, 0x100, 0x8, 0x8, 0x46, 0x6ba]})
r3 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
r5 = syz_open_dev$sndctrl(&(0x7f0000000080), 0x0, 0x802)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r5, 0xc0045516, &(0x7f0000000000)=0x639)
r6 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000240)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x4f3, 0x755, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x40, 0xb1, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x101, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0xc}}}}}]}}]}}, 0x0)
syz_usb_control_io(r6, 0x0, 0x0)
syz_usb_control_io(r6, &(0x7f0000000340)={0x2c, &(0x7f0000000040)={0x20, 0x23, 0x7, {0x7, 0xf, "00e4000000"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_open_dev$hidraw(&(0x7f0000000280), 0x82, 0x2)
syz_usb_control_io(r6, 0x0, &(0x7f0000000840)={0x84, &(0x7f0000000440)={0x0, 0x16}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$TIOCGRS485(r3, 0x542e, &(0x7f00000001c0))
readv(r5, &(0x7f0000000180)=[{&(0x7f0000000200)=""/147, 0x93}], 0x1)
syz_emit_ethernet(0x3e, &(0x7f0000000000)={@random="038e71e43634", @dev={'\xaa\xaa\xaa\xaa\xaa', 0x16}, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "82379f", 0x8, 0x2b, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @mcast2, {[], {0x4, 0x0, 0x8}}}}}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000780)=@newtfilter={0x54, 0x2c, 0xd27, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {}, {0x9}}, [@filter_kind_options=@f_basic={{0xa}, {0x24, 0x2, [@TCA_BASIC_EMATCHES={0x20, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x3}}, @TCA_EMATCH_TREE_LIST={0x14, 0x2, 0x0, 0x1, [@TCF_EM_IPSET={0x10, 0x1, 0x0, 0x0, {{0x3, 0x8, 0x2}, {0x300}}}]}]}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x48c0}, 0x0)
ioctl$vim2m_VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, &(0x7f0000000300)={0x4a, 0x2, 0x1, "444900d730fae90100000004000000060ff697b900", 0x3234564e})

kernel console output (not intermixed with test programs):

[  610.583483][T12409]  dump_stack_lvl+0x16c/0x1f0
[  610.583507][T12409]  should_fail_ex+0x512/0x640
[  610.583520][T12409]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  610.583533][T12409]  should_failslab+0xc2/0x120
[  610.583546][T12409]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  610.583558][T12409]  ? find_held_lock+0x2b/0x80
[  610.583571][T12409]  ? getname_flags.part.0+0x4c/0x550
[  610.583590][T12409]  getname_flags.part.0+0x4c/0x550
[  610.583608][T12409]  getname_flags+0x93/0xf0
[  610.583620][T12409]  do_sys_openat2+0xb8/0x1d0
[  610.583636][T12409]  ? __pfx_do_sys_openat2+0x10/0x10
[  610.583658][T12409]  ? __fget_files+0x20e/0x3c0
[  610.583674][T12409]  __x64_sys_creat+0xcc/0x120
[  610.583690][T12409]  ? __pfx___x64_sys_creat+0x10/0x10
[  610.583706][T12409]  ? __pfx_ksys_write+0x10/0x10
[  610.583719][T12409]  ? rcu_is_watching+0x12/0xc0
[  610.583732][T12409]  ? do_syscall_64+0x91/0x4c0
[  610.583745][T12409]  do_syscall_64+0xcd/0x4c0
[  610.583759][T12409]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  610.583771][T12409] RIP: 0033:0x7fa522d8ebe9
[  610.583780][T12409] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  610.583792][T12409] RSP: 002b:00007fa520fee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[  610.583803][T12409] RAX: ffffffffffffffda RBX: 00007fa522fb5fa0 RCX: 00007fa522d8ebe9
[  610.583809][T12409] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000200
[  610.583816][T12409] RBP: 00007fa520fee090 R08: 0000000000000000 R09: 0000000000000000
[  610.583822][T12409] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  610.583828][T12409] R13: 00007fa522fb6038 R14: 00007fa522fb5fa0 R15: 00007fffc57b6238
[  610.583842][T12409]  </TASK>
[  611.202644][T12419] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1622'.
[  611.383514][ T5983] usb 6-1: new high-speed USB device number 24 using dummy_hcd
[  611.584026][T12423] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  611.584812][T12425] overlayfs: workdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.
[  611.624019][T12424] sp0: Synchronizing with TNC
[  611.646294][   T30] audit: type=1400 audit(1756159401.912:528): avc:  denied  { read } for  pid=5516 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1
[  611.672616][T12423] overlayfs: failed to set xattr on upper
[  611.680892][T12423] overlayfs: ...falling back to redirect_dir=nofollow.
[  611.690992][T12423] overlayfs: ...falling back to index=off.
[  611.697173][T12423] overlayfs: ...falling back to uuid=null.
[  611.705160][   T30] audit: type=1400 audit(1756159401.982:529): avc:  denied  { mount } for  pid=12421 comm="syz.1.1625" name="/" dev="overlay" ino=30130 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  611.727977][ T5983] usb 6-1: Using ep0 maxpacket: 8
[  611.741044][   T30] audit: type=1400 audit(1756159402.012:530): avc:  denied  { search } for  pid=5516 comm="dhcpcd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  611.782433][   T30] audit: type=1400 audit(1756159402.012:531): avc:  denied  { search } for  pid=5516 comm="dhcpcd" name="udev" dev="tmpfs" ino=9 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  611.834554][   T30] audit: type=1400 audit(1756159402.012:532): avc:  denied  { search } for  pid=5516 comm="dhcpcd" name="data" dev="tmpfs" ino=14 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  611.858685][   T30] audit: type=1400 audit(1756159402.012:533): avc:  denied  { read } for  pid=5516 comm="dhcpcd" name="n107" dev="tmpfs" ino=7122 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  611.911082][ T5983] usb 6-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  611.922303][ T5983] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  611.949000][ T5983] usb 6-1: config 0 descriptor??
[  612.098146][  T925] usb 1-1: new high-speed USB device number 38 using dummy_hcd
[  612.303454][  T925] usb 1-1: Using ep0 maxpacket: 16
[  612.725157][  T925] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  612.727608][ T5983] asix 6-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random
[  612.739003][  T925] usb 1-1: config 0 interface 0 has no altsetting 0
[  612.757490][  T925] usb 1-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=9d.3d
[  612.773595][  T925] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  612.781700][  T925] usb 1-1: Product: syz
[  612.789285][  T925] usb 1-1: Manufacturer: syz
[  612.794192][  T925] usb 1-1: SerialNumber: syz
[  612.837567][  T925] usb 1-1: config 0 descriptor??
[  612.897602][  T925] usb 1-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  613.163558][ T5983] asix 6-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32
[  613.176216][T12414] [U] è
[  613.181381][   T24] usb 1-1: USB disconnect, device number 38
[  613.191435][ T3531] usb 1-1: Failed to submit usb control message: -71
[  613.244679][   T30] kauditd_printk_skb: 19 callbacks suppressed
[  613.244694][   T30] audit: type=1400 audit(1756159403.512:553): avc:  denied  { read write } for  pid=12441 comm="syz.2.1629" name="rdma_cm" dev="devtmpfs" ino=1271 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1
[  613.245015][ T3531] usb 1-1: unable to send the bmi data to the device: -71
[  613.254401][   T30] audit: type=1400 audit(1756159403.522:554): avc:  denied  { open } for  pid=12441 comm="syz.2.1629" path="/dev/infiniband/rdma_cm" dev="devtmpfs" ino=1271 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1
[  613.275863][ T5983] asix 6-1:0.0: probe with driver asix failed with error -32
[  613.283922][   T30] audit: type=1400 audit(1756159403.522:555): avc:  denied  { create } for  pid=12441 comm="syz.2.1629" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  613.311958][ T3531] usb 1-1: unable to get target info from device
[  613.356565][ T3531] usb 1-1: could not get target info (-71)
[  613.362931][T12446] netlink: 666 bytes leftover after parsing attributes in process `syz.1.1630'.
[  613.389743][   T30] audit: type=1400 audit(1756159403.612:556): avc:  denied  { map_read map_write } for  pid=12441 comm="syz.2.1629" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  613.418061][ T3531] usb 1-1: could not probe fw (-71)
[  613.428425][   T30] audit: type=1400 audit(1756159403.612:557): avc:  denied  { create } for  pid=12441 comm="syz.2.1629" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  613.460380][   T30] audit: type=1400 audit(1756159403.612:558): avc:  denied  { bind } for  pid=12441 comm="syz.2.1629" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  613.663203][   T30] audit: type=1400 audit(1756159403.612:559): avc:  denied  { setopt } for  pid=12441 comm="syz.2.1629" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  613.707040][   T30] audit: type=1400 audit(1756159403.612:560): avc:  denied  { accept } for  pid=12441 comm="syz.2.1629" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  614.434358][   T30] audit: type=1400 audit(1756159403.612:561): avc:  denied  { write } for  pid=12441 comm="syz.2.1629" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  614.527513][   T30] audit: type=1400 audit(1756159403.612:562): avc:  denied  { read } for  pid=12441 comm="syz.2.1629" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  614.667921][T10064] usb 6-1: USB disconnect, device number 24
[  614.827743][T12477] ubi: mtd0 is already attached to ubi31
[  616.153394][T10064] usb 3-1: new high-speed USB device number 38 using dummy_hcd
[  616.373521][T10064] usb 3-1: Using ep0 maxpacket: 8
[  616.623667][T10064] usb 3-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  616.724071][T10064] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  616.748580][T10064] usb 3-1: config 0 descriptor??
[  616.976696][T10064] asix 3-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random
[  617.023382][   T24] usb 2-1: new full-speed USB device number 43 using dummy_hcd
[  617.187913][T10064] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32
[  617.208214][T10064] asix 3-1:0.0 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffe0
[  617.239582][T10064] asix 3-1:0.0: probe with driver asix failed with error -32
[  617.322952][   T24] usb 2-1: config 0 has an invalid interface number: 49 but max is 0
[  617.331256][   T24] usb 2-1: config 0 has no interface number 0
[  617.338251][   T24] usb 2-1: config 0 interface 49 altsetting 0 has an endpoint descriptor with address 0x29, changing to 0x9
[  617.349990][   T24] usb 2-1: config 0 interface 49 altsetting 0 endpoint 0x9 has invalid maxpacket 99, setting to 64
[  617.409145][   T24] usb 2-1: New USB device found, idVendor=03f0, idProduct=581d, bcdDevice=76.b7
[  618.253365][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  618.410544][   T24] usb 2-1: Product: syz
[  618.414816][   T24] usb 2-1: Manufacturer: syz
[  618.419411][   T24] usb 2-1: SerialNumber: syz
[  618.507634][   T24] usb 2-1: config 0 descriptor??
[  618.542496][T12502] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  618.606298][T10064] usb 3-1: USB disconnect, device number 38
[  618.781914][   T30] kauditd_printk_skb: 51 callbacks suppressed
[  618.781930][   T30] audit: type=1326 audit(1756159409.052:614): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12501 comm="syz.1.1642" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa522d8ebe9 code=0x0
[  619.383471][ T5919] usb 4-1: new high-speed USB device number 45 using dummy_hcd
[  619.393162][   T24] qcserial 2-1:0.49: Qualcomm USB modem converter detected
[  619.402884][   T24] usb 2-1: Qualcomm USB modem converter now attached to ttyUSB0
[  619.403429][  T925] usb 6-1: new high-speed USB device number 25 using dummy_hcd
[  619.424828][   T24] usb 2-1: USB disconnect, device number 43
[  619.559049][T12534] hsr0 speed is unknown, defaulting to 1000
[  619.564130][   T24] qcserial ttyUSB0: Qualcomm USB modem converter now disconnected from ttyUSB0
[  619.567504][T12534] hsr0 speed is unknown, defaulting to 1000
[  619.585402][T12534] hsr0 speed is unknown, defaulting to 1000
[  619.600613][   T24] qcserial 2-1:0.49: device disconnected
[  619.610365][T12534] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  619.613357][ T5919] usb 4-1: Using ep0 maxpacket: 8
[  619.618281][  T925] usb 6-1: Using ep0 maxpacket: 16
[  619.633775][  T925] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  619.641837][ T5919] usb 4-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  619.655375][ T5919] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  619.663848][  T925] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  619.672902][ T5919] usb 4-1: config 0 descriptor??
[  619.683695][T12534] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  619.692471][  T925] usb 6-1: Duplicate descriptor for config 1 interface 0 altsetting 0, skipping
[  619.707880][  T925] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  619.719928][  T925] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  619.729003][  T925] usb 6-1: Product: syz
[  619.733254][  T925] usb 6-1: Manufacturer: syz
[  619.738121][  T925] usb 6-1: SerialNumber: syz
[  619.746751][T12534] hsr0 speed is unknown, defaulting to 1000
[  619.778032][T12534] hsr0 speed is unknown, defaulting to 1000
[  619.805536][T12534] hsr0 speed is unknown, defaulting to 1000
[  619.815299][T12534] hsr0 speed is unknown, defaulting to 1000
[  619.818470][   T30] audit: type=1400 audit(1756159410.092:615): avc:  denied  { accept } for  pid=12535 comm="syz.0.1652" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1
[  619.852402][T12534] hsr0 speed is unknown, defaulting to 1000
[  619.886604][ T5919] asix 4-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random
[  620.013055][T12541] ubi: mtd0 is already attached to ubi31
[  620.294630][ T5919] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61
[  620.305260][  T925] usb 6-1: 0:2 : does not exist
[  620.333864][ T5919] asix 4-1:0.0: probe with driver asix failed with error -61
[  620.527084][   T30] audit: type=1400 audit(1756159410.792:616): avc:  denied  { create } for  pid=12545 comm="syz.2.1655" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  620.543067][T12551] FAULT_INJECTION: forcing a failure.
[  620.543067][T12551] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  620.578178][T12551] CPU: 1 UID: 0 PID: 12551 Comm: syz.1.1656 Not tainted syzkaller #0 PREEMPT(full) 
[  620.578203][T12551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  620.578214][T12551] Call Trace:
[  620.578220][T12551]  <TASK>
[  620.578226][T12551]  dump_stack_lvl+0x16c/0x1f0
[  620.578251][T12551]  should_fail_ex+0x512/0x640
[  620.578273][T12551]  _copy_from_user+0x2e/0xd0
[  620.578296][T12551]  copy_msghdr_from_user+0x98/0x160
[  620.578315][T12551]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  620.578346][T12551]  ___sys_sendmsg+0xfe/0x1d0
[  620.578364][T12551]  ? __pfx____sys_sendmsg+0x10/0x10
[  620.578412][T12551]  __sys_sendmsg+0x16d/0x220
[  620.578432][T12551]  ? __pfx___sys_sendmsg+0x10/0x10
[  620.578465][T12551]  do_syscall_64+0xcd/0x4c0
[  620.578487][T12551]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  620.578505][T12551] RIP: 0033:0x7fa522d8ebe9
[  620.578519][T12551] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  620.578535][T12551] RSP: 002b:00007fa520fee038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  620.578557][T12551] RAX: ffffffffffffffda RBX: 00007fa522fb5fa0 RCX: 00007fa522d8ebe9
[  620.578568][T12551] RDX: 0000000000000080 RSI: 00002000000005c0 RDI: 0000000000000004
[  620.578578][T12551] RBP: 00007fa520fee090 R08: 0000000000000000 R09: 0000000000000000
[  620.578588][T12551] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  620.578597][T12551] R13: 00007fa522fb6038 R14: 00007fa522fb5fa0 R15: 00007fffc57b6238
[  620.578623][T12551]  </TASK>
[  620.802500][   T30] audit: type=1400 audit(1756159411.072:617): avc:  denied  { accept } for  pid=12554 comm="syz.1.1658" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  620.928181][   T30] audit: type=1400 audit(1756159411.202:618): avc:  denied  { read } for  pid=12557 comm="syz.2.1659" name="card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  620.954528][T12558] FAULT_INJECTION: forcing a failure.
[  620.954528][T12558] name failslab, interval 1, probability 0, space 0, times 0
[  620.980017][T12558] CPU: 0 UID: 0 PID: 12558 Comm: syz.2.1659 Not tainted syzkaller #0 PREEMPT(full) 
[  620.980035][T12558] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  620.980042][T12558] Call Trace:
[  620.980047][T12558]  <TASK>
[  620.980052][T12558]  dump_stack_lvl+0x16c/0x1f0
[  620.980068][T12558]  should_fail_ex+0x512/0x640
[  620.980081][T12558]  ? fs_reclaim_acquire+0xae/0x150
[  620.980097][T12558]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  620.980114][T12558]  should_failslab+0xc2/0x120
[  620.980130][T12558]  __kmalloc_noprof+0xd2/0x510
[  620.980153][T12558]  tomoyo_realpath_from_path+0xc2/0x6e0
[  620.980180][T12558]  ? tomoyo_profile+0x47/0x60
[  620.980199][T12558]  tomoyo_path_number_perm+0x245/0x580
[  620.980214][T12558]  ? tomoyo_path_number_perm+0x237/0x580
[  620.980230][T12558]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  620.980245][T12558]  ? find_held_lock+0x2b/0x80
[  620.980271][T12558]  ? find_held_lock+0x2b/0x80
[  620.980284][T12558]  ? hook_file_ioctl_common+0x145/0x410
[  620.980299][T12558]  ? __fget_files+0x20e/0x3c0
[  620.980318][T12558]  security_file_ioctl+0x9b/0x240
[  620.980335][T12558]  __x64_sys_ioctl+0xb7/0x210
[  620.980353][T12558]  do_syscall_64+0xcd/0x4c0
[  620.980367][T12558]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  620.980379][T12558] RIP: 0033:0x7f386418ebe9
[  620.980388][T12558] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  620.980399][T12558] RSP: 002b:00007f3864f9a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  620.980410][T12558] RAX: ffffffffffffffda RBX: 00007f38643b5fa0 RCX: 00007f386418ebe9
[  620.980417][T12558] RDX: 0000200000000040 RSI: 00000000c00c642e RDI: 0000000000000003
[  620.980424][T12558] RBP: 00007f3864f9a090 R08: 0000000000000000 R09: 0000000000000000
[  620.980430][T12558] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  620.980436][T12558] R13: 00007f38643b6038 R14: 00007f38643b5fa0 R15: 00007fff41c1e698
[  620.980450][T12558]  </TASK>
[  620.980455][T12558] ERROR: Out of memory at tomoyo_realpath_from_path.
[  621.202780][   T30] audit: type=1400 audit(1756159411.222:619): avc:  denied  { open } for  pid=12557 comm="syz.2.1659" path="/dev/dri/card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  621.234218][   T30] audit: type=1400 audit(1756159411.232:620): avc:  denied  { ioctl } for  pid=12557 comm="syz.2.1659" path="/dev/dri/card1" dev="devtmpfs" ino=628 ioctlcmd=0x64a0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  621.940205][T10064] usb 4-1: USB disconnect, device number 45
[  621.962690][   T24] usb 6-1: USB disconnect, device number 25
[  623.008200][   T30] audit: type=1400 audit(1756159413.122:621): avc:  denied  { mounton } for  pid=12568 comm="syz.3.1661" path="/336/file0" dev="tmpfs" ino=1892 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  623.030795][    C1] vkms_vblank_simulate: vblank timer overrun
[  623.067460][   T30] audit: type=1400 audit(1756159413.132:622): avc:  denied  { mount } for  pid=12568 comm="syz.3.1661" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  623.093544][   T30] audit: type=1400 audit(1756159413.142:623): avc:  denied  { ioctl } for  pid=12568 comm="syz.3.1661" path="socket:[31218]" dev="sockfs" ino=31218 ioctlcmd=0x8946 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  623.118379][    C1] vkms_vblank_simulate: vblank timer overrun
[  623.459616][T12571] netlink: 126588 bytes leftover after parsing attributes in process `syz.3.1661'.
[  623.508225][T12589] vivid-000: =================  START STATUS  =================
[  623.558731][T12589] vivid-000: Radio HW Seek Mode: Bounded
[  623.570023][T12589] vivid-000: Radio Programmable HW Seek: false
[  623.652795][T12589] vivid-000: RDS Rx I/O Mode: Block I/O
[  623.701189][T12589] vivid-000: Generate RBDS Instead of RDS: false
[  623.858225][T12592] Bluetooth: hci0: unsupported parameter 10704
[  623.895630][   T30] kauditd_printk_skb: 3 callbacks suppressed
[  623.895649][   T30] audit: type=1400 audit(1756159414.132:627): avc:  denied  { bind } for  pid=12591 comm="syz.1.1668" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  623.927386][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  623.933866][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  624.003522][T12589] vivid-000: RDS Reception: true
[  624.008507][T12589] vivid-000: RDS Program Type: 0 inactive
[  624.014638][T12589] vivid-000: RDS PS Name:  inactive
[  624.024207][T12589] vivid-000: RDS Radio Text:  inactive
[  624.029806][T12589] vivid-000: RDS Traffic Announcement: false inactive
[  624.037008][T12592] Bluetooth: hci0: unsupported parameter 262
[  624.053956][T12589] vivid-000: RDS Traffic Program: false inactive
[  624.058124][T12597] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  624.060474][T12592] Bluetooth: hci0: unsupported parameter 10704
[  624.086534][    C1] vkms_vblank_simulate: vblank timer overrun
[  624.100884][T12589] vivid-000: RDS Music: false inactive
[  624.111402][T12589] vivid-000: ==================  END STATUS  ==================
[  624.134199][T12597] CIFS mount error: No usable UNC path provided in device string!
[  624.134199][T12597] 
[  624.150106][T12597] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  624.164863][T12592] Bluetooth: hci0: unsupported parameter 262
[  624.270208][T12600] ubi: mtd0 is already attached to ubi31
[  624.572330][   T30] audit: type=1400 audit(1756159414.842:628): avc:  denied  { create } for  pid=12608 comm="syz.0.1674" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  624.633392][   T24] usb 2-1: new high-speed USB device number 44 using dummy_hcd
[  624.645481][ T5955] usb 3-1: new high-speed USB device number 39 using dummy_hcd
[  624.691859][   T30] audit: type=1400 audit(1756159414.962:629): avc:  denied  { read append } for  pid=12608 comm="syz.0.1674" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  624.713383][ T5919] usb 6-1: new high-speed USB device number 26 using dummy_hcd
[  624.765257][T10064] usb 4-1: new low-speed USB device number 46 using dummy_hcd
[  624.783497][   T24] usb 2-1: Using ep0 maxpacket: 8
[  624.792284][   T24] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  624.801525][   T30] audit: type=1400 audit(1756159414.962:630): avc:  denied  { open } for  pid=12608 comm="syz.0.1674" path="/dev/fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  624.802289][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  624.852824][   T24] usb 2-1: config 0 descriptor??
[  624.858111][ T5955] usb 3-1: Using ep0 maxpacket: 32
[  624.867660][ T5955] usb 3-1: config 0 has an invalid interface number: 35 but max is 0
[  624.876569][ T5955] usb 3-1: config 0 contains an unexpected descriptor of type 0x1, skipping
[  624.886790][ T5955] usb 3-1: config 0 contains an unexpected descriptor of type 0x2, skipping
[  624.895870][ T5955] usb 3-1: config 0 has no interface number 0
[  624.906305][ T5955] usb 3-1: config 0 interface 35 altsetting 0 endpoint 0xE has invalid maxpacket 1023, setting to 64
[  624.917788][ T5919] usb 6-1: Using ep0 maxpacket: 16
[  624.923843][T10064] usb 4-1: Invalid ep0 maxpacket: 64
[  624.927859][ T5919] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  624.940237][ T5919] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  624.949574][ T5955] usb 3-1: config 0 interface 35 altsetting 0 has a duplicate endpoint with address 0xE, skipping
[  624.960465][ T5919] usb 6-1: Duplicate descriptor for config 1 interface 0 altsetting 0, skipping
[  624.969710][ T5955] usb 3-1: config 0 interface 35 altsetting 0 endpoint 0x1 has invalid maxpacket 1024, setting to 64
[  624.981222][ T5955] usb 3-1: config 0 interface 35 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  624.994372][ T5955] usb 3-1: config 0 interface 35 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  625.006026][ T5919] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  625.016125][ T5919] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  625.024503][ T5955] usb 3-1: config 0 interface 35 altsetting 0 has 6 endpoint descriptors, different from the interface descriptor's value: 5
[  625.050638][ T5919] usb 6-1: Product: syz
[  625.056438][ T5919] usb 6-1: Manufacturer: syz
[  625.065829][ T5919] usb 6-1: SerialNumber: syz
[  625.075713][ T5955] usb 3-1: New USB device found, idVendor=110a, idProduct=1613, bcdDevice=31.4e
[  625.087404][ T5955] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  625.102956][ T5955] usb 3-1: Product: syz
[  625.103423][T10064] usb 4-1: new low-speed USB device number 47 using dummy_hcd
[  625.116455][ T5955] usb 3-1: Manufacturer: syz
[  625.128038][   T24] asix 2-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random
[  625.137878][ T5955] usb 3-1: SerialNumber: syz
[  625.151862][ T5955] usb 3-1: config 0 descriptor??
[  625.285303][T10064] usb 4-1: Invalid ep0 maxpacket: 64
[  625.297333][T10064] usb usb4-port1: attempt power cycle
[  625.589206][ T5919] usb 6-1: 0:2 : does not exist
[  625.594763][   T24] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61
[  625.613006][ T5955] mxuport 3-1:0.35: mxuport_recv_ctrl_urb - usb_control_msg failed (-71)
[  625.623942][   T24] asix 2-1:0.0: probe with driver asix failed with error -61
[  625.633519][ T5955] mxuport 3-1:0.35: probe with driver mxuport failed with error -5
[  625.654386][ T5955] usb 3-1: USB disconnect, device number 39
[  626.086329][T10064] usb 4-1: new low-speed USB device number 48 using dummy_hcd
[  626.124296][T10064] usb 4-1: Invalid ep0 maxpacket: 64
[  626.263451][T10064] usb 4-1: new low-speed USB device number 49 using dummy_hcd
[  626.283832][T10064] usb 4-1: Invalid ep0 maxpacket: 64
[  626.289364][T10064] usb usb4-port1: unable to enumerate USB device
[  626.749548][T12625] netlink: 126588 bytes leftover after parsing attributes in process `syz.2.1677'.
[  626.870536][   T30] audit: type=1400 audit(1756159417.142:631): avc:  denied  { read } for  pid=12628 comm="syz.2.1678" name="binder0" dev="binder" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  626.894266][   T30] audit: type=1400 audit(1756159417.142:632): avc:  denied  { open } for  pid=12628 comm="syz.2.1678" path="/dev/binderfs/binder0" dev="binder" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  626.919948][   T30] audit: type=1400 audit(1756159417.142:633): avc:  denied  { ioctl } for  pid=12628 comm="syz.2.1678" path="/dev/binderfs/binder0" dev="binder" ino=10 ioctlcmd=0x620d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  626.948549][   T30] audit: type=1400 audit(1756159417.142:634): avc:  denied  { set_context_mgr } for  pid=12628 comm="syz.2.1678" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  626.975690][   T30] audit: type=1400 audit(1756159417.142:635): avc:  denied  { write } for  pid=12628 comm="syz.2.1678" name="binder0" dev="binder" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  627.000081][   T30] audit: type=1400 audit(1756159417.142:636): avc:  denied  { map } for  pid=12628 comm="syz.2.1678" path="/dev/binderfs/binder0" dev="binder" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  627.791795][T10064] usb 6-1: USB disconnect, device number 26
[  627.807271][ T5967] usb 2-1: USB disconnect, device number 44
[  627.909058][T12647] overlay: Unknown parameter '/'
[  629.552760][T12660] JFS: discard option not supported on device
[  629.561114][T12660] Mount JFS Failure: -22
[  629.565450][T12660] jfs_mount failed w/return code = -22
[  629.956708][   T30] kauditd_printk_skb: 7 callbacks suppressed
[  629.956727][   T30] audit: type=1400 audit(1756159419.812:644): avc:  denied  { read write } for  pid=12654 comm="syz.1.1687" name="vhost-vsock" dev="devtmpfs" ino=1275 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[  630.367413][T12666] netlink: 126588 bytes leftover after parsing attributes in process `syz.5.1689'.
[  630.449662][   T30] audit: type=1400 audit(1756159419.812:645): avc:  denied  { open } for  pid=12654 comm="syz.1.1687" path="/dev/vhost-vsock" dev="devtmpfs" ino=1275 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[  630.506056][   T30] audit: type=1400 audit(1756159419.822:646): avc:  denied  { ioctl } for  pid=12654 comm="syz.1.1687" path="/dev/vhost-vsock" dev="devtmpfs" ino=1275 ioctlcmd=0xaf60 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[  630.919976][   T30] audit: type=1400 audit(1756159421.192:647): avc:  denied  { write } for  pid=12671 comm="syz.5.1691" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  630.969926][   T30] audit: type=1400 audit(1756159421.242:648): avc:  denied  { unmount } for  pid=5851 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:pstore_t tclass=filesystem permissive=1
[  631.023856][   T30] audit: type=1400 audit(1756159421.302:649): avc:  denied  { unmount } for  pid=5851 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  631.268233][T12678] FAULT_INJECTION: forcing a failure.
[  631.268233][T12678] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  631.293432][T12678] CPU: 0 UID: 0 PID: 12678 Comm: syz.5.1694 Not tainted syzkaller #0 PREEMPT(full) 
[  631.293459][T12678] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  631.293469][T12678] Call Trace:
[  631.293477][T12678]  <TASK>
[  631.293483][T12678]  dump_stack_lvl+0x16c/0x1f0
[  631.293508][T12678]  should_fail_ex+0x512/0x640
[  631.293530][T12678]  _copy_from_user+0x2e/0xd0
[  631.293552][T12678]  copy_msghdr_from_user+0x98/0x160
[  631.293571][T12678]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  631.293601][T12678]  ___sys_sendmsg+0xfe/0x1d0
[  631.293619][T12678]  ? __pfx____sys_sendmsg+0x10/0x10
[  631.293666][T12678]  __sys_sendmsg+0x16d/0x220
[  631.293684][T12678]  ? __pfx___sys_sendmsg+0x10/0x10
[  631.293717][T12678]  do_syscall_64+0xcd/0x4c0
[  631.293738][T12678]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  631.293755][T12678] RIP: 0033:0x7feb5638ebe9
[  631.293768][T12678] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  631.293783][T12678] RSP: 002b:00007feb571de038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  631.293799][T12678] RAX: ffffffffffffffda RBX: 00007feb565b5fa0 RCX: 00007feb5638ebe9
[  631.293811][T12678] RDX: 000000000400c880 RSI: 0000200000000040 RDI: 0000000000000003
[  631.293821][T12678] RBP: 00007feb571de090 R08: 0000000000000000 R09: 0000000000000000
[  631.293831][T12678] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  631.293841][T12678] R13: 00007feb565b6038 R14: 00007feb565b5fa0 R15: 00007ffcf39c9c48
[  631.293863][T12678]  </TASK>
[  632.093452][   T30] audit: type=1400 audit(1756159422.352:650): avc:  denied  { read append } for  pid=12685 comm="syz.5.1697" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  632.251360][ T5955] usb 2-1: new high-speed USB device number 45 using dummy_hcd
[  632.259546][   T30] audit: type=1400 audit(1756159422.352:651): avc:  denied  { open } for  pid=12685 comm="syz.5.1697" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  632.368385][   T30] audit: type=1400 audit(1756159422.632:652): avc:  denied  { ioctl } for  pid=12685 comm="syz.5.1697" path="socket:[30530]" dev="sockfs" ino=30530 ioctlcmd=0x8b18 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  633.323360][ T5955] usb 2-1: Using ep0 maxpacket: 8
[  633.329991][ T5955] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  633.348428][ T5955] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  633.395149][ T5955] usb 2-1: config 0 descriptor??
[  633.778459][   T24] usb 3-1: new high-speed USB device number 40 using dummy_hcd
[  633.793798][ T5955] asix 2-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random
[  635.883364][   T24] usb 3-1: Using ep0 maxpacket: 32
[  635.910497][T12707] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1701'.
[  635.944317][T12707] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1701'.
[  635.981591][   T30] audit: type=1400 audit(1756159426.232:653): avc:  denied  { sys_module } for  pid=12695 comm="syz.5.1701" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  635.988172][ T5955] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61
[  636.016526][ T5955] asix 2-1:0.0: probe with driver asix failed with error -61
[  636.035960][   T24] usb 3-1: config 0 has an invalid interface number: 35 but max is 0
[  636.044107][   T24] usb 3-1: config 0 has no interface number 0
[  636.065094][   T24] usb 3-1: New USB device found, idVendor=110a, idProduct=1613, bcdDevice=31.4e
[  636.114785][   T30] audit: type=1400 audit(1756159426.382:654): avc:  denied  { ioctl } for  pid=12712 comm="syz.0.1704" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  636.154951][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  636.164736][   T24] usb 3-1: Product: syz
[  636.173900][   T24] usb 3-1: Manufacturer: syz
[  636.179319][   T24] usb 3-1: SerialNumber: syz
[  636.230571][   T24] usb 3-1: config 0 descriptor??
[  636.545301][ T5967] usb 2-1: USB disconnect, device number 45
[  636.548973][   T24] mxuport 3-1:0.35: mxuport_send_ctrl_data_urb - usb_control_msg failed (-71)
[  636.566568][   T24] mxuport 3-1:0.35: mxuport_send_ctrl_data_urb - usb_control_msg failed (-71)
[  636.582268][   T24] mxuport 3-1:0.35: probe with driver mxuport failed with error -71
[  636.599680][T12720] input: syz1 as /devices/virtual/input/input7
[  636.614266][   T30] audit: type=1400 audit(1756159426.872:655): avc:  denied  { read write } for  pid=12719 comm="syz.5.1705" name="uinput" dev="devtmpfs" ino=920 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  636.728653][T12724] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1705'.
[  636.738319][T12724] netlink: 'syz.5.1705': attribute type 1 has an invalid length.
[  636.868258][   T24] usb 3-1: USB disconnect, device number 40
[  636.877679][   T30] audit: type=1400 audit(1756159426.872:656): avc:  denied  { open } for  pid=12719 comm="syz.5.1705" path="/dev/uinput" dev="devtmpfs" ino=920 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  636.906307][T12724] netlink: 224 bytes leftover after parsing attributes in process `syz.5.1705'.
[  636.935752][   T30] audit: type=1400 audit(1756159426.872:657): avc:  denied  { ioctl } for  pid=12719 comm="syz.5.1705" path="/dev/uinput" dev="devtmpfs" ino=920 ioctlcmd=0x5501 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  636.960816][    C1] vkms_vblank_simulate: vblank timer overrun
[  637.610395][   T30] audit: type=1400 audit(1756159426.892:658): avc:  denied  { read } for  pid=5206 comm="acpid" name="event4" dev="devtmpfs" ino=3389 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  637.681961][   T30] audit: type=1400 audit(1756159426.892:659): avc:  denied  { open } for  pid=5206 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=3389 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  637.716947][   T30] audit: type=1400 audit(1756159426.892:660): avc:  denied  { ioctl } for  pid=5206 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=3389 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  637.741846][    C1] vkms_vblank_simulate: vblank timer overrun
[  639.712386][T12756] ubi: mtd0 is already attached to ubi31
[  639.879047][T12761] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1710'.
[  640.311000][ T5967] usb 3-1: new high-speed USB device number 41 using dummy_hcd
[  640.322359][T10064] usb 6-1: new high-speed USB device number 27 using dummy_hcd
[  640.411073][   T30] audit: type=1400 audit(1756159430.682:661): avc:  denied  { setopt } for  pid=12768 comm="syz.3.1719" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  640.444893][T12769] FAULT_INJECTION: forcing a failure.
[  640.444893][T12769] name failslab, interval 1, probability 0, space 0, times 0
[  640.458054][T12769] CPU: 1 UID: 0 PID: 12769 Comm: syz.3.1719 Not tainted syzkaller #0 PREEMPT(full) 
[  640.458082][T12769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  640.458092][T12769] Call Trace:
[  640.458098][T12769]  <TASK>
[  640.458105][T12769]  dump_stack_lvl+0x16c/0x1f0
[  640.458129][T12769]  should_fail_ex+0x512/0x640
[  640.458149][T12769]  ? fs_reclaim_acquire+0xae/0x150
[  640.458174][T12769]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  640.458199][T12769]  should_failslab+0xc2/0x120
[  640.458220][T12769]  __kmalloc_noprof+0xd2/0x510
[  640.458244][T12769]  tomoyo_realpath_from_path+0xc2/0x6e0
[  640.458273][T12769]  ? tomoyo_profile+0x47/0x60
[  640.458301][T12769]  tomoyo_path_number_perm+0x245/0x580
[  640.458322][T12769]  ? tomoyo_path_number_perm+0x237/0x580
[  640.458347][T12769]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  640.458370][T12769]  ? find_held_lock+0x2b/0x80
[  640.458416][T12769]  ? find_held_lock+0x2b/0x80
[  640.458436][T12769]  ? hook_file_ioctl_common+0x145/0x410
[  640.458461][T12769]  ? __fget_files+0x20e/0x3c0
[  640.458486][T12769]  security_file_ioctl+0x9b/0x240
[  640.458512][T12769]  __x64_sys_ioctl+0xb7/0x210
[  640.458541][T12769]  do_syscall_64+0xcd/0x4c0
[  640.458563][T12769]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  640.458582][T12769] RIP: 0033:0x7fb80818ebe9
[  640.458597][T12769] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  640.458613][T12769] RSP: 002b:00007fb808f97038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  640.458630][T12769] RAX: ffffffffffffffda RBX: 00007fb8083b5fa0 RCX: 00007fb80818ebe9
[  640.458642][T12769] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[  640.458652][T12769] RBP: 00007fb808f97090 R08: 0000000000000000 R09: 0000000000000000
[  640.458662][T12769] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  640.458672][T12769] R13: 00007fb8083b6038 R14: 00007fb8083b5fa0 R15: 00007ffcf63bfa48
[  640.458697][T12769]  </TASK>
[  640.458704][T12769] ERROR: Out of memory at tomoyo_realpath_from_path.
[  640.505178][ T5967] usb 3-1: Using ep0 maxpacket: 8
[  640.545011][ T1145] Bluetooth: hci5: Frame reassembly failed (-84)
[  640.551193][T10064] usb 6-1: Using ep0 maxpacket: 32
[  640.693782][ T5967] usb 3-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  640.702837][ T5967] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  640.714305][T10064] usb 6-1: config 0 has an invalid interface number: 35 but max is 0
[  640.722407][T10064] usb 6-1: config 0 has no interface number 0
[  640.729634][ T5967] usb 3-1: config 0 descriptor??
[  640.741036][T10064] usb 6-1: New USB device found, idVendor=110a, idProduct=1613, bcdDevice=31.4e
[  640.753491][ T5955] usb 2-1: new high-speed USB device number 46 using dummy_hcd
[  640.753870][T10064] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  640.773101][T10064] usb 6-1: Product: syz
[  640.782646][T10064] usb 6-1: Manufacturer: syz
[  640.791182][T10064] usb 6-1: SerialNumber: syz
[  640.807819][T10064] usb 6-1: config 0 descriptor??
[  640.913360][ T5955] usb 2-1: Using ep0 maxpacket: 8
[  640.930399][ T5955] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  640.939952][ T5955] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  640.942837][ T5967] asix 3-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random
[  640.996044][ T5955] usb 2-1: config 0 descriptor??
[  641.210493][ T5955] asix 2-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random
[  641.353309][T10064] mxuport 6-1:0.35: mxuport_recv_ctrl_urb - usb_control_msg failed (-32)
[  641.362759][T10064] mxuport 6-1:0.35: probe with driver mxuport failed with error -5
[  641.375217][T10064] usb 6-1: USB disconnect, device number 27
[  641.485930][ T5955] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32
[  641.496006][ T5955] asix 2-1:0.0 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffe0
[  641.513119][ T5955] asix 2-1:0.0: probe with driver asix failed with error -32
[  642.124928][   T30] audit: type=1400 audit(1756159432.402:662): avc:  denied  { write } for  pid=12784 comm="syz.0.1723" name="001" dev="devtmpfs" ino=742 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  642.240153][T12790] usb usb8: usbfs: process 12790 (syz.0.1723) did not claim interface 0 before use
[  642.303459][T10064] usb 6-1: new high-speed USB device number 28 using dummy_hcd
[  642.454888][T10064] usb 6-1: Using ep0 maxpacket: 16
[  642.462898][T10064] usb 6-1: config 1 has an invalid descriptor of length 239, skipping remainder of the config
[  642.475059][T10064] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  642.489051][T10064] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  642.502560][T10064] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  642.511365][T10064] usb 6-1: Product: syz
[  642.517422][T10064] usb 6-1: Manufacturer: syz
[  642.522083][T10064] usb 6-1: SerialNumber: syz
[  642.563410][T10979] Bluetooth: hci5: command 0x1003 tx timeout
[  642.570266][ T5850] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  642.765120][   T30] audit: type=1400 audit(1756159433.032:663): avc:  denied  { ioctl } for  pid=12759 comm="syz.2.1716" path="socket:[31622]" dev="sockfs" ino=31622 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  642.991501][   T30] audit: type=1400 audit(1756159433.262:664): avc:  denied  { write } for  pid=12759 comm="syz.2.1716" path="socket:[31622]" dev="sockfs" ino=31622 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  643.015917][T10064] usb 6-1: 0:2 : does not exist
[  643.377398][T12798] syz.3.1726 uses obsolete (PF_INET,SOCK_PACKET)
[  643.417011][ T5967] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  643.427332][ T5967] asix 3-1:0.0: probe with driver asix failed with error -71
[  643.438739][ T5967] usb 3-1: USB disconnect, device number 41
[  643.482686][T10064] usb 2-1: USB disconnect, device number 46
[  644.596193][   T30] audit: type=1400 audit(1756159434.872:665): avc:  denied  { create } for  pid=12812 comm="syz.1.1731" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  644.619323][   T30] audit: type=1400 audit(1756159434.872:666): avc:  denied  { setopt } for  pid=12812 comm="syz.1.1731" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  644.680251][   T30] audit: type=1400 audit(1756159434.882:667): avc:  denied  { connect } for  pid=12812 comm="syz.1.1731" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  645.049554][T10064] usb 6-1: USB disconnect, device number 28
[  645.581584][T12831] netlink: 126588 bytes leftover after parsing attributes in process `syz.5.1734'.
[  646.583411][   T24] usb 3-1: new high-speed USB device number 42 using dummy_hcd
[  647.052726][   T30] audit: type=1400 audit(1756159437.312:668): avc:  denied  { create } for  pid=12844 comm="syz.3.1738" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  647.123316][   T24] usb 3-1: Using ep0 maxpacket: 8
[  647.222999][   T24] usb 3-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  647.262317][T12850] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  647.453738][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  647.457951][   T30] audit: type=1400 audit(1756159437.662:669): avc:  denied  { watch } for  pid=12844 comm="syz.3.1738" path="/351/control" dev="tmpfs" ino=1970 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  647.508408][T12854] sctp: [Deprecated]: syz.3.1738 (pid 12854) Use of struct sctp_assoc_value in delayed_ack socket option.
[  647.508408][T12854] Use struct sctp_sack_info instead
[  647.554821][T12854] sctp: [Deprecated]: syz.3.1738 (pid 12854) Use of struct sctp_assoc_value in delayed_ack socket option.
[  647.554821][T12854] Use struct sctp_sack_info instead
[  647.599230][T12849] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  647.615245][T12849] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  647.634162][   T24] usb 3-1: config 0 descriptor??
[  647.635854][T12849] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  647.650069][   T30] audit: type=1400 audit(1756159437.662:670): avc:  denied  { read } for  pid=12844 comm="syz.3.1738" name="snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  647.685022][   T30] audit: type=1400 audit(1756159437.672:671): avc:  denied  { open } for  pid=12844 comm="syz.3.1738" path="/dev/snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  647.713464][   T30] audit: type=1400 audit(1756159437.902:672): avc:  denied  { mount } for  pid=12846 comm="syz.5.1739" name="/" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[  647.770619][T12849] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  647.803148][   T30] audit: type=1400 audit(1756159438.022:673): avc:  denied  { mounton } for  pid=12846 comm="syz.5.1739" path="/130/file0" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=dir permissive=1
[  647.854951][   T24] asix 3-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random
[  647.868904][T12849] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  648.417570][   T30] audit: type=1400 audit(1756159438.692:674): avc:  denied  { name_bind } for  pid=12867 comm="syz.1.1742" src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  648.442759][   T30] audit: type=1400 audit(1756159438.692:675): avc:  denied  { node_bind } for  pid=12867 comm="syz.1.1742" saddr=fe80::aa src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[  648.475682][   T30] audit: type=1400 audit(1756159438.752:676): avc:  denied  { unmount } for  pid=9878 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[  648.496943][   T24] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32
[  648.509219][   T24] asix 3-1:0.0: probe with driver asix failed with error -32
[  648.526469][T12869] FAULT_INJECTION: forcing a failure.
[  648.526469][T12869] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  648.601444][T12869] CPU: 0 UID: 0 PID: 12869 Comm: syz.0.1743 Not tainted syzkaller #0 PREEMPT(full) 
[  648.601467][T12869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  648.601474][T12869] Call Trace:
[  648.601478][T12869]  <TASK>
[  648.601483][T12869]  dump_stack_lvl+0x16c/0x1f0
[  648.601499][T12869]  should_fail_ex+0x512/0x640
[  648.601514][T12869]  _copy_from_user+0x2e/0xd0
[  648.601530][T12869]  copy_msghdr_from_user+0x98/0x160
[  648.601543][T12869]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  648.601562][T12869]  ___sys_sendmsg+0xfe/0x1d0
[  648.601574][T12869]  ? __pfx____sys_sendmsg+0x10/0x10
[  648.601603][T12869]  __sys_sendmsg+0x16d/0x220
[  648.601615][T12869]  ? __pfx___sys_sendmsg+0x10/0x10
[  648.601635][T12869]  do_syscall_64+0xcd/0x4c0
[  648.601649][T12869]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  648.601661][T12869] RIP: 0033:0x7f11a498ebe9
[  648.601670][T12869] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  648.601681][T12869] RSP: 002b:00007f11a2bf6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  648.601692][T12869] RAX: ffffffffffffffda RBX: 00007f11a4bb5fa0 RCX: 00007f11a498ebe9
[  648.601699][T12869] RDX: 0000000000048040 RSI: 0000200000007580 RDI: 0000000000000003
[  648.601706][T12869] RBP: 00007f11a2bf6090 R08: 0000000000000000 R09: 0000000000000000
[  648.601712][T12869] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  648.601718][T12869] R13: 00007f11a4bb6038 R14: 00007f11a4bb5fa0 R15: 00007ffc2c828a18
[  648.601732][T12869]  </TASK>
[  648.969923][   T30] audit: type=1400 audit(1756159439.242:677): avc:  denied  { create } for  pid=12875 comm="syz.0.1746" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[  649.026878][  T925] usb 2-1: new high-speed USB device number 47 using dummy_hcd
[  649.042331][T10064] usb 6-1: new high-speed USB device number 29 using dummy_hcd
[  649.118991][   T30] audit: type=1400 audit(1756159439.332:678): avc:  denied  { mount } for  pid=12875 comm="syz.0.1746" name="/" dev="ramfs" ino=31853 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[  649.353427][  T925] usb 2-1: Using ep0 maxpacket: 32
[  649.360448][  T925] usb 2-1: config index 0 descriptor too short (expected 29220, got 36)
[  649.369233][  T925] usb 2-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  649.378275][  T925] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 81
[  649.388100][T10064] usb 6-1: New USB device found, idVendor=0dba, idProduct=1000, bcdDevice=80.99
[  649.397199][T10064] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  649.414028][T10064] usb 6-1: Product: syz
[  649.425182][  T925] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  649.434907][T10064] usb 6-1: Manufacturer: syz
[  649.489036][T10064] usb 6-1: SerialNumber: syz
[  649.512254][  T925] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  649.529792][T10064] usb 6-1: config 0 descriptor??
[  649.534595][ T5955] usb 3-1: USB disconnect, device number 42
[  649.535180][  T925] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  649.592387][  T925] usb 2-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  649.603944][  T925] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  649.618193][  T925] usb 2-1: config 0 descriptor??
[  649.683404][T10979] Bluetooth: hci3: command 0x0c1a tx timeout
[  649.750131][T10979] Bluetooth: hci2: command 0x0c1a tx timeout
[  649.754515][T12884] netlink: 126588 bytes leftover after parsing attributes in process `syz.2.1747'.
[  649.756300][T10979] Bluetooth: hci0: command 0x0c1a tx timeout
[  649.863620][T10979] Bluetooth: hci4: command 0x0c1a tx timeout
[  649.970398][ T5850] Bluetooth: hci1: command 0x0c1a tx timeout
[  649.979502][T10064] usb 6-1: USB disconnect, device number 29
[  650.012062][  T925] usblp 2-1:0.0: usblp0: USB Bidirectional printer dev 47 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  650.196698][T12880] could not allocate digest TFM handle xcbc-aes-ce
[  650.232622][T10064] usb 2-1: USB disconnect, device number 47
[  650.261499][T10064] usblp0: removed
[  650.450894][T12904] ptrace attach of "./syz-executor exec"[5844] was attempted by ""[12904]
[  651.004493][T12912] FAULT_INJECTION: forcing a failure.
[  651.004493][T12912] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  651.154010][T12912] CPU: 1 UID: 0 PID: 12912 Comm: syz.5.1755 Not tainted syzkaller #0 PREEMPT(full) 
[  651.154037][T12912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  651.154048][T12912] Call Trace:
[  651.154053][T12912]  <TASK>
[  651.154061][T12912]  dump_stack_lvl+0x16c/0x1f0
[  651.154084][T12912]  should_fail_ex+0x512/0x640
[  651.154108][T12912]  _copy_from_user+0x2e/0xd0
[  651.154132][T12912]  copy_msghdr_from_user+0x98/0x160
[  651.154152][T12912]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  651.154184][T12912]  ? __lock_acquire+0x62e/0x1ce0
[  651.154214][T12912]  ___sys_recvmsg+0xdb/0x1a0
[  651.154233][T12912]  ? __pfx____sys_recvmsg+0x10/0x10
[  651.154254][T12912]  ? find_held_lock+0x2b/0x80
[  651.154292][T12912]  do_recvmmsg+0x2fe/0x750
[  651.154313][T12912]  ? __pfx_do_recvmmsg+0x10/0x10
[  651.154336][T12912]  ? __mutex_unlock_slowpath+0x161/0x7b0
[  651.154364][T12912]  ? __fget_files+0x20e/0x3c0
[  651.154390][T12912]  __x64_sys_recvmmsg+0x22a/0x280
[  651.154411][T12912]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  651.154438][T12912]  do_syscall_64+0xcd/0x4c0
[  651.154459][T12912]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  651.154477][T12912] RIP: 0033:0x7feb5638ebe9
[  651.154492][T12912] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  651.154508][T12912] RSP: 002b:00007feb571bd038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  651.154525][T12912] RAX: ffffffffffffffda RBX: 00007feb565b6090 RCX: 00007feb5638ebe9
[  651.154536][T12912] RDX: 0000000000000001 RSI: 00002000000045c0 RDI: 0000000000000003
[  651.154546][T12912] RBP: 00007feb571bd090 R08: 0000000000000000 R09: 0000000000000000
[  651.154556][T12912] R10: 0000000000000100 R11: 0000000000000246 R12: 0000000000000001
[  651.154566][T12912] R13: 00007feb565b6128 R14: 00007feb565b6090 R15: 00007ffcf39c9c48
[  651.154590][T12912]  </TASK>
[  652.540034][   T30] kauditd_printk_skb: 6 callbacks suppressed
[  652.540052][   T30] audit: type=1400 audit(1756159442.812:685): avc:  denied  { read write } for  pid=12921 comm="syz.0.1760" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  652.594864][   T30] audit: type=1400 audit(1756159442.812:686): avc:  denied  { open } for  pid=12921 comm="syz.0.1760" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  652.900106][   T30] audit: type=1400 audit(1756159443.032:687): avc:  denied  { bind } for  pid=12921 comm="syz.0.1760" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  653.197163][T12932] FAULT_INJECTION: forcing a failure.
[  653.197163][T12932] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  653.264113][T12932] CPU: 0 UID: 0 PID: 12932 Comm: syz.0.1762 Not tainted syzkaller #0 PREEMPT(full) 
[  653.264138][T12932] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  653.264147][T12932] Call Trace:
[  653.264153][T12932]  <TASK>
[  653.264160][T12932]  dump_stack_lvl+0x16c/0x1f0
[  653.264183][T12932]  should_fail_ex+0x512/0x640
[  653.264207][T12932]  _copy_from_user+0x2e/0xd0
[  653.264232][T12932]  copy_msghdr_from_user+0x98/0x160
[  653.264252][T12932]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  653.264284][T12932]  ___sys_sendmsg+0xfe/0x1d0
[  653.264305][T12932]  ? __pfx____sys_sendmsg+0x10/0x10
[  653.264361][T12932]  __sys_sendmsg+0x16d/0x220
[  653.264381][T12932]  ? __pfx___sys_sendmsg+0x10/0x10
[  653.264417][T12932]  do_syscall_64+0xcd/0x4c0
[  653.264439][T12932]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  653.264457][T12932] RIP: 0033:0x7f11a498ebe9
[  653.264471][T12932] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  653.264486][T12932] RSP: 002b:00007f11a2bf6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  653.264502][T12932] RAX: ffffffffffffffda RBX: 00007f11a4bb5fa0 RCX: 00007f11a498ebe9
[  653.264513][T12932] RDX: 0000000000000003 RSI: 0000200000000980 RDI: 0000000000000003
[  653.264522][T12932] RBP: 00007f11a2bf6090 R08: 0000000000000000 R09: 0000000000000000
[  653.264531][T12932] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  653.264541][T12932] R13: 00007f11a4bb6038 R14: 00007f11a4bb5fa0 R15: 00007ffc2c828a18
[  653.264560][T12932]  </TASK>
[  653.428842][   T30] audit: type=1400 audit(1756159443.612:688): avc:  denied  { create } for  pid=12913 comm="syz.1.1757" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  653.476124][   T30] audit: type=1400 audit(1756159443.612:689): avc:  denied  { write } for  pid=12913 comm="syz.1.1757" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  654.698043][T12956] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1759'.
[  654.723372][T10064] usb 2-1: new high-speed USB device number 48 using dummy_hcd
[  654.873343][T10064] usb 2-1: Using ep0 maxpacket: 16
[  654.987776][T10064] usb 2-1: config 1 has an invalid descriptor of length 150, skipping remainder of the config
[  655.030587][T10064] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  655.105191][T10064] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  655.143247][T10064] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  655.199478][T10064] usb 2-1: Product: syz
[  655.209226][T10064] usb 2-1: Manufacturer: syz
[  655.243383][T10064] usb 2-1: SerialNumber: syz
[  655.665818][T10064] usb 2-1: 0:2 : does not exist
[  656.563621][ T5955] usb 6-1: new high-speed USB device number 30 using dummy_hcd
[  656.783647][ T5955] usb 6-1: device descriptor read/64, error -71
[  657.858483][ T5983] usb 2-1: USB disconnect, device number 48
[  658.385060][ T5955] usb 6-1: new high-speed USB device number 31 using dummy_hcd
[  659.354432][ T5955] usb 6-1: device descriptor read/64, error -71
[  659.491521][ T5955] usb usb6-port1: attempt power cycle
[  661.911122][ T5955] usb 2-1: new high-speed USB device number 49 using dummy_hcd
[  662.417345][   T30] audit: type=1400 audit(1756159452.632:690): avc:  denied  { write } for  pid=13030 comm="syz.3.1788" path="socket:[32190]" dev="sockfs" ino=32190 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[  662.634245][T13034] could not allocate digest TFM handle xcbc-aes-ce
[  662.893520][ T5849] usb 6-1: new high-speed USB device number 33 using dummy_hcd
[  663.083474][ T5849] usb 6-1: Using ep0 maxpacket: 16
[  663.092690][ T5849] usb 6-1: config 1 has an invalid descriptor of length 150, skipping remainder of the config
[  663.523858][ T5849] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  663.539181][ T5849] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  663.553425][ T5849] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  663.562245][ T5849] usb 6-1: Product: syz
[  663.644060][ T5849] usb 6-1: Manufacturer: syz
[  663.648742][ T5849] usb 6-1: SerialNumber: syz
[  663.838962][T13059] syzkaller1: entered promiscuous mode
[  663.844774][T13059] syzkaller1: entered allmulticast mode
[  663.859526][T13059] FAULT_INJECTION: forcing a failure.
[  663.859526][T13059] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  663.875304][T13059] CPU: 0 UID: 0 PID: 13059 Comm: syz.1.1794 Not tainted syzkaller #0 PREEMPT(full) 
[  663.875328][T13059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  663.875338][T13059] Call Trace:
[  663.875347][T13059]  <TASK>
[  663.875354][T13059]  dump_stack_lvl+0x16c/0x1f0
[  663.875379][T13059]  should_fail_ex+0x512/0x640
[  663.875402][T13059]  _copy_from_iter+0x29f/0x1720
[  663.875432][T13059]  ? __pfx__copy_from_iter+0x10/0x10
[  663.875452][T13059]  ? __lock_acquire+0xb97/0x1ce0
[  663.875477][T13059]  ? _parse_integer_limit+0x17f/0x1d0
[  663.875498][T13059]  ? _kstrtoull+0x145/0x200
[  663.875512][T13059]  ? __pfx__kstrtoull+0x10/0x10
[  663.875531][T13059]  tun_get_user+0x26d/0x3ce0
[  663.875567][T13059]  ? __pfx_tun_get_user+0x10/0x10
[  663.875592][T13059]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  663.875621][T13059]  ? find_held_lock+0x2b/0x80
[  663.875643][T13059]  ? tun_get+0x191/0x370
[  663.875670][T13059]  tun_chr_write_iter+0xdc/0x210
[  663.875696][T13059]  vfs_write+0x7d0/0x11d0
[  663.875715][T13059]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  663.875741][T13059]  ? __pfx_vfs_write+0x10/0x10
[  663.875757][T13059]  ? find_held_lock+0x2b/0x80
[  663.875793][T13059]  ksys_write+0x12a/0x250
[  663.875811][T13059]  ? __pfx_ksys_write+0x10/0x10
[  663.875830][T13059]  ? __pfx_handle_softirqs+0x10/0x10
[  663.875857][T13059]  do_syscall_64+0xcd/0x4c0
[  663.875879][T13059]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  663.875898][T13059] RIP: 0033:0x7fa522d8ebe9
[  663.875913][T13059] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  663.875930][T13059] RSP: 002b:00007fa520fee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  663.875948][T13059] RAX: ffffffffffffffda RBX: 00007fa522fb5fa0 RCX: 00007fa522d8ebe9
[  663.875959][T13059] RDX: 000000000000007e RSI: 00002000000002c0 RDI: 0000000000000003
[  663.875970][T13059] RBP: 00007fa520fee090 R08: 0000000000000000 R09: 0000000000000000
[  663.875980][T13059] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  663.875990][T13059] R13: 00007fa522fb6038 R14: 00007fa522fb5fa0 R15: 00007fffc57b6238
[  663.876014][T13059]  </TASK>
[  664.441442][ T5849] usb 6-1: 0:2 : does not exist
[  664.673658][T13068] syz_tun: entered allmulticast mode
[  664.697877][   T30] audit: type=1400 audit(1756159454.972:691): avc:  denied  { sqpoll } for  pid=13054 comm="syz.3.1793" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  664.731589][T13067] syz_tun: left allmulticast mode
[  665.234984][   T30] audit: type=1400 audit(1756159455.392:692): avc:  denied  { getopt } for  pid=13085 comm="syz.0.1800" lport=13 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  665.377111][T13089] sctp: [Deprecated]: syz.2.1796 (pid 13089) Use of struct sctp_assoc_value in delayed_ack socket option.
[  665.377111][T13089] Use struct sctp_sack_info instead
[  665.734583][T13082] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  665.747460][T13082] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  665.761307][T13082] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  665.769879][T13082] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  665.880643][ T5849] usb 6-1: USB disconnect, device number 33
[  665.895124][T13095] FAULT_INJECTION: forcing a failure.
[  665.895124][T13095] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  665.949327][T13082] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  665.958608][T13095] CPU: 0 UID: 0 PID: 13095 Comm: syz.1.1802 Not tainted syzkaller #0 PREEMPT(full) 
[  665.958624][T13095] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  665.958630][T13095] Call Trace:
[  665.958634][T13095]  <TASK>
[  665.958638][T13095]  dump_stack_lvl+0x16c/0x1f0
[  665.958655][T13095]  should_fail_ex+0x512/0x640
[  665.958671][T13095]  _copy_from_user+0x2e/0xd0
[  665.958686][T13095]  __sys_bpf+0x21d/0x4de0
[  665.958703][T13095]  ? __pfx___sys_bpf+0x10/0x10
[  665.958718][T13095]  ? ksys_write+0x190/0x250
[  665.958732][T13095]  ? __mutex_unlock_slowpath+0x161/0x7b0
[  665.958753][T13095]  ? fput+0x9b/0xd0
[  665.958767][T13095]  ? ksys_write+0x1ac/0x250
[  665.958778][T13095]  ? __pfx_ksys_write+0x10/0x10
[  665.958792][T13095]  __x64_sys_bpf+0x78/0xc0
[  665.958806][T13095]  ? lockdep_hardirqs_on+0x7c/0x110
[  665.958818][T13095]  do_syscall_64+0xcd/0x4c0
[  665.958832][T13095]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  665.958843][T13095] RIP: 0033:0x7fa522d8ebe9
[  665.958852][T13095] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  665.958863][T13095] RSP: 002b:00007fa520fee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  665.958873][T13095] RAX: ffffffffffffffda RBX: 00007fa522fb5fa0 RCX: 00007fa522d8ebe9
[  665.958880][T13095] RDX: 000000000000004c RSI: 0000200000000240 RDI: 000000000000000a
[  665.958887][T13095] RBP: 00007fa520fee090 R08: 0000000000000000 R09: 0000000000000000
[  665.958893][T13095] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  665.958899][T13095] R13: 00007fa522fb6038 R14: 00007fa522fb5fa0 R15: 00007fffc57b6238
[  665.958912][T13095]  </TASK>
[  667.763544][T10979] Bluetooth: hci0: command 0x0c1a tx timeout
[  667.783167][   T30] audit: type=1400 audit(1756159458.052:693): avc:  denied  { bind } for  pid=13118 comm="syz.5.1808" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  667.933495][T10979] Bluetooth: hci2: command 0x0c1a tx timeout
[  667.939961][ T5172] Bluetooth: hci4: command 0x0c1a tx timeout
[  667.940507][ T5850] Bluetooth: hci3: command 0x0c1a tx timeout
[  668.020329][T13120] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13120 comm=syz.5.1808
[  668.099693][   T30] audit: type=1400 audit(1756159458.342:694): avc:  denied  { setopt } for  pid=13118 comm="syz.5.1808" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  668.193359][ T5850] Bluetooth: hci1: command 0x0c1a tx timeout
[  670.970481][T13149] FAULT_INJECTION: forcing a failure.
[  670.970481][T13149] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  671.041659][T13149] CPU: 0 UID: 0 PID: 13149 Comm: syz.0.1815 Not tainted syzkaller #0 PREEMPT(full) 
[  671.041682][T13149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  671.041693][T13149] Call Trace:
[  671.041701][T13149]  <TASK>
[  671.041708][T13149]  dump_stack_lvl+0x16c/0x1f0
[  671.041733][T13149]  should_fail_ex+0x512/0x640
[  671.041756][T13149]  _copy_from_user+0x2e/0xd0
[  671.041780][T13149]  copy_msghdr_from_user+0x98/0x160
[  671.041799][T13149]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  671.041829][T13149]  ___sys_sendmsg+0xfe/0x1d0
[  671.041848][T13149]  ? __pfx____sys_sendmsg+0x10/0x10
[  671.041897][T13149]  __sys_sendmsg+0x16d/0x220
[  671.041916][T13149]  ? __pfx___sys_sendmsg+0x10/0x10
[  671.041948][T13149]  do_syscall_64+0xcd/0x4c0
[  671.041967][T13149]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  671.041984][T13149] RIP: 0033:0x7f11a498ebe9
[  671.041998][T13149] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  671.042015][T13149] RSP: 002b:00007f11a2bf6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  671.042031][T13149] RAX: ffffffffffffffda RBX: 00007f11a4bb5fa0 RCX: 00007f11a498ebe9
[  671.042042][T13149] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[  671.042051][T13149] RBP: 00007f11a2bf6090 R08: 0000000000000000 R09: 0000000000000000
[  671.042060][T13149] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  671.042068][T13149] R13: 00007f11a4bb6038 R14: 00007f11a4bb5fa0 R15: 00007ffc2c828a18
[  671.042090][T13149]  </TASK>
[  671.308482][   T30] audit: type=1400 audit(1756159461.582:695): avc:  denied  { create } for  pid=13152 comm="syz.0.1819" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  671.328131][   T30] audit: type=1400 audit(1756159461.582:696): avc:  denied  { bind } for  pid=13152 comm="syz.0.1819" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  671.347421][   T30] audit: type=1400 audit(1756159461.582:697): avc:  denied  { block_suspend } for  pid=13152 comm="syz.0.1819" capability=36  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  671.370334][   T30] audit: type=1400 audit(1756159461.582:698): avc:  denied  { setopt } for  pid=13152 comm="syz.0.1819" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  671.390921][   T30] audit: type=1400 audit(1756159461.642:699): avc:  denied  { read } for  pid=13154 comm="syz.3.1820" name="rtc0" dev="devtmpfs" ino=921 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  672.575020][   T30] audit: type=1400 audit(1756159461.642:700): avc:  denied  { open } for  pid=13154 comm="syz.3.1820" path="/dev/rtc0" dev="devtmpfs" ino=921 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  672.668409][T13169] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1820'.
[  672.923344][   T30] audit: type=1400 audit(1756159462.732:701): avc:  denied  { remount } for  pid=13150 comm="syz.1.1818" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[  673.143760][   T30] audit: type=1400 audit(1756159462.852:702): avc:  denied  { read } for  pid=13154 comm="syz.3.1820" name="usbmon4" dev="devtmpfs" ino=728 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  674.393348][   T30] audit: type=1400 audit(1756159462.852:703): avc:  denied  { open } for  pid=13154 comm="syz.3.1820" path="/dev/usbmon4" dev="devtmpfs" ino=728 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  674.456523][T13181] hsr0: entered promiscuous mode
[  674.463416][   T30] audit: type=1400 audit(1756159464.722:704): avc:  denied  { ioctl } for  pid=13180 comm="syz.0.1826" path="socket:[32446]" dev="sockfs" ino=32446 ioctlcmd=0x943c scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  674.514277][T13186] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1826'.
[  674.523482][   T30] audit: type=1400 audit(1756159464.722:705): avc:  denied  { nlmsg_read } for  pid=13180 comm="syz.0.1826" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  674.553645][   T30] audit: type=1400 audit(1756159464.732:706): avc:  denied  { setopt } for  pid=13180 comm="syz.0.1826" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  674.591248][T13186] hsr_slave_0: left promiscuous mode
[  674.623140][T13186] hsr_slave_1: left promiscuous mode
[  674.627557][T13192] FAULT_INJECTION: forcing a failure.
[  674.627557][T13192] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  674.641699][T13192] CPU: 1 UID: 0 PID: 13192 Comm: syz.1.1828 Not tainted syzkaller #0 PREEMPT(full) 
[  674.641723][T13192] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  674.641733][T13192] Call Trace:
[  674.641739][T13192]  <TASK>
[  674.641746][T13192]  dump_stack_lvl+0x16c/0x1f0
[  674.641770][T13192]  should_fail_ex+0x512/0x640
[  674.641790][T13192]  _copy_from_user+0x2e/0xd0
[  674.641814][T13192]  __sys_bpf+0x21d/0x4de0
[  674.641840][T13192]  ? __pfx___sys_bpf+0x10/0x10
[  674.641864][T13192]  ? ksys_write+0x190/0x250
[  674.641884][T13192]  ? __mutex_unlock_slowpath+0x161/0x7b0
[  674.641915][T13192]  ? fput+0x9b/0xd0
[  674.641937][T13192]  ? ksys_write+0x1ac/0x250
[  674.641953][T13192]  ? __pfx_ksys_write+0x10/0x10
[  674.641975][T13192]  __x64_sys_bpf+0x78/0xc0
[  674.641996][T13192]  ? lockdep_hardirqs_on+0x7c/0x110
[  674.642014][T13192]  do_syscall_64+0xcd/0x4c0
[  674.642035][T13192]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  674.642053][T13192] RIP: 0033:0x7fa522d8ebe9
[  674.642067][T13192] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  674.642083][T13192] RSP: 002b:00007fa520fee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  674.642099][T13192] RAX: ffffffffffffffda RBX: 00007fa522fb5fa0 RCX: 00007fa522d8ebe9
[  674.642109][T13192] RDX: 0000000000000050 RSI: 00002000000002c0 RDI: 000000000000000a
[  674.642118][T13192] RBP: 00007fa520fee090 R08: 0000000000000000 R09: 0000000000000000
[  674.642127][T13192] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  674.642137][T13192] R13: 00007fa522fb6038 R14: 00007fa522fb5fa0 R15: 00007fffc57b6238
[  674.642161][T13192]  </TASK>
[  674.810047][    C1] vkms_vblank_simulate: vblank timer overrun
[  674.885107][T13195] FAULT_INJECTION: forcing a failure.
[  674.885107][T13195] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  674.898176][T13195] CPU: 0 UID: 0 PID: 13195 Comm: syz.5.1830 Not tainted syzkaller #0 PREEMPT(full) 
[  674.898192][T13195] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  674.898199][T13195] Call Trace:
[  674.898202][T13195]  <TASK>
[  674.898206][T13195]  dump_stack_lvl+0x16c/0x1f0
[  674.898222][T13195]  should_fail_ex+0x512/0x640
[  674.898236][T13195]  _copy_from_user+0x2e/0xd0
[  674.898251][T13195]  copy_msghdr_from_user+0x98/0x160
[  674.898264][T13195]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  674.898283][T13195]  ___sys_sendmsg+0xfe/0x1d0
[  674.898295][T13195]  ? __pfx____sys_sendmsg+0x10/0x10
[  674.898323][T13195]  __sys_sendmsg+0x16d/0x220
[  674.898334][T13195]  ? __pfx___sys_sendmsg+0x10/0x10
[  674.898354][T13195]  do_syscall_64+0xcd/0x4c0
[  674.898368][T13195]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  674.898379][T13195] RIP: 0033:0x7feb5638ebe9
[  674.898388][T13195] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  674.898399][T13195] RSP: 002b:00007feb571bd038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  674.898410][T13195] RAX: ffffffffffffffda RBX: 00007feb565b6090 RCX: 00007feb5638ebe9
[  674.898417][T13195] RDX: 0000000004040140 RSI: 00002000000000c0 RDI: 0000000000000003
[  674.898423][T13195] RBP: 00007feb571bd090 R08: 0000000000000000 R09: 0000000000000000
[  674.898429][T13195] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  674.898435][T13195] R13: 00007feb565b6128 R14: 00007feb565b6090 R15: 00007ffcf39c9c48
[  674.898449][T13195]  </TASK>
[  675.153100][T13200] ubi: mtd0 is already attached to ubi31
[  675.961322][ T5955] usb 4-1: new high-speed USB device number 50 using dummy_hcd
[  675.997257][   T30] audit: type=1400 audit(1756159465.742:707): avc:  denied  { create } for  pid=13196 comm="syz.5.1833" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  676.003373][ T5967] usb 2-1: new high-speed USB device number 50 using dummy_hcd
[  676.018672][   T30] audit: type=1400 audit(1756159465.742:708): avc:  denied  { bind } for  pid=13196 comm="syz.5.1833" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  676.063843][T13196] delete_channel: no stack
[  676.193336][ T5967] usb 2-1: Using ep0 maxpacket: 8
[  676.213401][ T5955] usb 4-1: Using ep0 maxpacket: 8
[  676.221686][ T5967] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  676.221818][ T5955] usb 4-1: config 0 has an invalid descriptor of length 35, skipping remainder of the config
[  676.244619][ T5955] usb 4-1: too many endpoints for config 0 interface 0 altsetting 250: 255, using maximum allowed: 30
[  676.258391][ T5955] usb 4-1: config 0 interface 0 altsetting 250 has 0 endpoint descriptors, different from the interface descriptor's value: 255
[  676.272370][ T5955] usb 4-1: config 0 interface 0 has no altsetting 0
[  676.281731][ T5955] usb 4-1: New USB device found, idVendor=1770, idProduct=ff00, bcdDevice= 0.00
[  676.292386][ T5955] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  676.305115][T13220] FAULT_INJECTION: forcing a failure.
[  676.305115][T13220] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  676.323361][ T5967] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  676.325303][ T5955] usb 4-1: config 0 descriptor??
[  676.336866][T13220] CPU: 1 UID: 0 PID: 13220 Comm: syz.5.1837 Not tainted syzkaller #0 PREEMPT(full) 
[  676.336881][T13220] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  676.336888][T13220] Call Trace:
[  676.336892][T13220]  <TASK>
[  676.336896][T13220]  dump_stack_lvl+0x16c/0x1f0
[  676.336912][T13220]  should_fail_ex+0x512/0x640
[  676.336927][T13220]  _copy_from_user+0x2e/0xd0
[  676.336942][T13220]  copy_msghdr_from_user+0x98/0x160
[  676.336963][T13220]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  676.336982][T13220]  ___sys_sendmsg+0xfe/0x1d0
[  676.336994][T13220]  ? __pfx____sys_sendmsg+0x10/0x10
[  676.337022][T13220]  __sys_sendmsg+0x16d/0x220
[  676.337034][T13220]  ? __pfx___sys_sendmsg+0x10/0x10
[  676.337054][T13220]  do_syscall_64+0xcd/0x4c0
[  676.337068][T13220]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  676.337080][T13220] RIP: 0033:0x7feb5638ebe9
[  676.337089][T13220] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  676.337100][T13220] RSP: 002b:00007feb571de038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  676.337111][T13220] RAX: ffffffffffffffda RBX: 00007feb565b5fa0 RCX: 00007feb5638ebe9
[  676.337118][T13220] RDX: 0000000000000080 RSI: 0000200000000280 RDI: 0000000000000004
[  676.337124][T13220] RBP: 00007feb571de090 R08: 0000000000000000 R09: 0000000000000000
[  676.337131][T13220] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  676.337137][T13220] R13: 00007feb565b6038 R14: 00007feb565b5fa0 R15: 00007ffcf39c9c48
[  676.337151][T13220]  </TASK>
[  676.498320][    C1] vkms_vblank_simulate: vblank timer overrun
[  676.515910][ T5955] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[  676.546446][ T5967] usb 2-1: config 0 descriptor??
[  676.618416][   T30] audit: type=1400 audit(1756159466.882:709): avc:  denied  { create } for  pid=13222 comm="syz.5.1838" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  676.694167][   T30] audit: type=1400 audit(1756159466.912:710): avc:  denied  { getopt } for  pid=13222 comm="syz.5.1838" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  676.757951][ T5967] asix 2-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random
[  677.713542][ T5983] usb 6-1: new high-speed USB device number 34 using dummy_hcd
[  677.967695][  T925] usb 4-1: USB disconnect, device number 50
[  679.003563][T13249] FAULT_INJECTION: forcing a failure.
[  679.003563][T13249] name failslab, interval 1, probability 0, space 0, times 0
[  679.016231][T13249] CPU: 0 UID: 0 PID: 13249 Comm: syz.3.1843 Not tainted syzkaller #0 PREEMPT(full) 
[  679.016255][T13249] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  679.016265][T13249] Call Trace:
[  679.016272][T13249]  <TASK>
[  679.016279][T13249]  dump_stack_lvl+0x16c/0x1f0
[  679.016304][T13249]  should_fail_ex+0x512/0x640
[  679.016324][T13249]  ? fs_reclaim_acquire+0xae/0x150
[  679.016353][T13249]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  679.016379][T13249]  should_failslab+0xc2/0x120
[  679.016400][T13249]  __kmalloc_noprof+0xd2/0x510
[  679.016425][T13249]  tomoyo_realpath_from_path+0xc2/0x6e0
[  679.016454][T13249]  ? tomoyo_profile+0x47/0x60
[  679.016474][T13249]  tomoyo_path_number_perm+0x245/0x580
[  679.016495][T13249]  ? tomoyo_path_number_perm+0x237/0x580
[  679.016520][T13249]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  679.016545][T13249]  ? find_held_lock+0x2b/0x80
[  679.016591][T13249]  ? find_held_lock+0x2b/0x80
[  679.016611][T13249]  ? hook_file_ioctl_common+0x145/0x410
[  679.016636][T13249]  ? __fget_files+0x20e/0x3c0
[  679.016661][T13249]  security_file_ioctl+0x9b/0x240
[  679.016687][T13249]  __x64_sys_ioctl+0xb7/0x210
[  679.016716][T13249]  do_syscall_64+0xcd/0x4c0
[  679.016739][T13249]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  679.016757][T13249] RIP: 0033:0x7fb80818ebe9
[  679.016773][T13249] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  679.016789][T13249] RSP: 002b:00007fb808f55038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  679.016807][T13249] RAX: ffffffffffffffda RBX: 00007fb8083b6180 RCX: 00007fb80818ebe9
[  679.016819][T13249] RDX: 0000200000000180 RSI: 00000000c01464a6 RDI: 0000000000000006
[  679.016830][T13249] RBP: 00007fb808f55090 R08: 0000000000000000 R09: 0000000000000000
[  679.016841][T13249] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  679.016852][T13249] R13: 00007fb8083b6218 R14: 00007fb8083b6180 R15: 00007ffcf63bfa48
[  679.016877][T13249]  </TASK>
[  679.016900][T13249] ERROR: Out of memory at tomoyo_realpath_from_path.
[  679.300421][ T5983] usb 6-1: config 0 has an invalid interface number: 23 but max is 0
[  679.365148][T13256] ubi: mtd0 is already attached to ubi31
[  679.411423][ T5983] usb 6-1: config 0 has no interface number 0
[  679.459514][ T5983] usb 6-1: config 0 interface 23 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  679.510573][ T5967] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  679.521713][ T5983] usb 6-1: config 0 interface 23 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1023
[  679.565358][ T5967] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9
[  679.594128][ T5967] asix 2-1:0.0: probe with driver asix failed with error -71
[  679.598234][ T5983] usb 6-1: New USB device found, idVendor=03f0, idProduct=0307, bcdDevice= 0.01
[  679.619642][ T5967] usb 2-1: USB disconnect, device number 50
[  679.631004][ T5983] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  679.647058][T13265] openvswitch: netlink: nsh attribute has 2 unknown bytes.
[  679.663485][ T5983] usb 6-1: Product: syz
[  679.667672][ T5983] usb 6-1: Manufacturer: syz
[  679.672259][ T5983] usb 6-1: SerialNumber: syz
[  679.729644][T13265] tipc: Started in network mode
[  679.742107][T13265] tipc: Node identity de71ab0857cf, cluster identity 4711
[  679.750844][ T5983] usb 6-1: config 0 descriptor??
[  679.772121][T13233] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22
[  679.800588][T13265] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  679.819542][T13233] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22
[  679.867165][ T5983] ums-usbat 6-1:0.23: USB Mass Storage device detected
[  679.936390][   T30] kauditd_printk_skb: 66 callbacks suppressed
[  679.936404][   T30] audit: type=1400 audit(1756159470.152:777): avc:  denied  { name_bind } for  pid=13268 comm="syz.2.1849" src=20008 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1
[  679.964070][    C1] vkms_vblank_simulate: vblank timer overrun
[  679.980195][T13265] tipc: Disabling bearer <eth:syzkaller0>
[  680.068111][T13274] kAFS: No cell specified
[  680.106759][T13278] ubi: mtd0 is already attached to ubi31
[  680.128816][T13233] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  680.142080][T13233] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  680.558141][T13233] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1840'.
[  680.573504][   T30] audit: type=1400 audit(1756159470.832:778): avc:  denied  { bind } for  pid=13232 comm="syz.5.1840" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  680.730493][   T30] audit: type=1400 audit(1756159470.882:779): avc:  denied  { map } for  pid=13232 comm="syz.5.1840" path="socket:[33536]" dev="sockfs" ino=33536 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  680.845929][   T30] audit: type=1400 audit(1756159470.882:780): avc:  denied  { read } for  pid=13232 comm="syz.5.1840" path="socket:[33536]" dev="sockfs" ino=33536 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  680.869397][ T5983] ums-usbat 6-1:0.23: probe with driver ums-usbat failed with error -5
[  680.959903][ T5983] usb 6-1: USB disconnect, device number 34
[  681.611880][T13297] syzkaller0: entered promiscuous mode
[  681.782338][T13297] syzkaller0: entered allmulticast mode
[  681.837300][T13298] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1851'.
[  682.939446][   T30] audit: type=1400 audit(1756159473.142:781): avc:  denied  { connect } for  pid=13301 comm="syz.2.1855" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  682.998624][T13311] ubi: mtd0 is already attached to ubi31
[  683.004978][   T30] audit: type=1400 audit(1756159473.242:782): avc:  denied  { map } for  pid=13301 comm="syz.2.1855" path="socket:[33579]" dev="sockfs" ino=33579 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1
[  683.816812][   T30] audit: type=1400 audit(1756159474.062:783): avc:  denied  { write } for  pid=13317 comm="syz.3.1860" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  684.166134][   T30] audit: type=1400 audit(1756159474.062:784): avc:  denied  { read } for  pid=13317 comm="syz.3.1860" name="ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  684.240189][T13325] hsr0 speed is unknown, defaulting to 1000
[  684.274563][T13323] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  684.296329][   T30] audit: type=1400 audit(1756159474.062:785): avc:  denied  { open } for  pid=13317 comm="syz.3.1860" path="/dev/ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  684.390173][   T30] audit: type=1400 audit(1756159474.402:786): avc:  denied  { write } for  pid=13322 comm="syz.5.1861" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  684.412857][    C1] vkms_vblank_simulate: vblank timer overrun
[  685.181202][ T5955] usb 1-1: new high-speed USB device number 39 using dummy_hcd
[  685.379095][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  685.385802][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  685.673389][ T5955] usb 1-1: Using ep0 maxpacket: 8
[  685.685148][ T5955] usb 1-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  685.695044][ T5955] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  685.795383][   T30] kauditd_printk_skb: 1 callbacks suppressed
[  685.795395][   T30] audit: type=1400 audit(1756159476.052:788): avc:  denied  { setopt } for  pid=13348 comm="syz.3.1869" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  685.821218][   T30] audit: type=1400 audit(1756159476.052:789): avc:  denied  { read } for  pid=13348 comm="syz.3.1869" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  685.902462][ T5955] usb 1-1: config 0 descriptor??
[  686.025917][T13358] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  686.116273][ T5955] asix 1-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random
[  686.163401][ T5849] usb 6-1: new high-speed USB device number 35 using dummy_hcd
[  686.313349][ T5849] usb 6-1: Using ep0 maxpacket: 16
[  686.328274][ T5849] usb 6-1: config 0 has an invalid interface number: 251 but max is 0
[  686.337598][ T5849] usb 6-1: config 0 has no interface number 0
[  686.345993][ T5849] usb 6-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[  686.361898][ T5849] usb 6-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[  686.378053][ T5849] usb 6-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[  686.518946][ T5849] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  686.560970][ T5849] usb 6-1: Product: syz
[  686.618532][ T5849] usb 6-1: Manufacturer: syz
[  686.722497][ T5955] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61
[  686.732198][ T5849] usb 6-1: SerialNumber: syz
[  686.739122][ T5955] asix 1-1:0.0: probe with driver asix failed with error -61
[  686.747981][ T5849] usb 6-1: config 0 descriptor??
[  686.760449][T13354] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  686.784097][T13354] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  686.812208][T13377] sctp: [Deprecated]: syz.3.1873 (pid 13377) Use of struct sctp_assoc_value in delayed_ack socket option.
[  686.812208][T13377] Use struct sctp_sack_info instead
[  686.837254][T13377] sctp: [Deprecated]: syz.3.1873 (pid 13377) Use of struct sctp_assoc_value in delayed_ack socket option.
[  686.837254][T13377] Use struct sctp_sack_info instead
[  687.018161][T13373] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  687.026148][T13373] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  687.033494][T13373] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  687.041532][T13373] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  687.050793][T13373] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  687.108632][T13354] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  687.153487][T13354] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  688.101842][ T5849] asix 6-1:0.251 (unnamed net_device) (uninitialized): Interface mode not supported by driver
[  688.121820][ T5955] usb 1-1: USB disconnect, device number 39
[  688.123646][ T5849] asix 6-1:0.251: probe with driver asix failed with error -524
[  688.175594][T13386] FAULT_INJECTION: forcing a failure.
[  688.175594][T13386] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  688.193154][T13386] CPU: 0 UID: 0 PID: 13386 Comm: syz.0.1877 Not tainted syzkaller #0 PREEMPT(full) 
[  688.193179][T13386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  688.193189][T13386] Call Trace:
[  688.193196][T13386]  <TASK>
[  688.193203][T13386]  dump_stack_lvl+0x16c/0x1f0
[  688.193228][T13386]  should_fail_ex+0x512/0x640
[  688.193257][T13386]  _copy_from_user+0x2e/0xd0
[  688.193280][T13386]  copy_msghdr_from_user+0x98/0x160
[  688.193300][T13386]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  688.193331][T13386]  ___sys_sendmsg+0xfe/0x1d0
[  688.193350][T13386]  ? __pfx____sys_sendmsg+0x10/0x10
[  688.193401][T13386]  __sys_sendmsg+0x16d/0x220
[  688.193421][T13386]  ? __pfx___sys_sendmsg+0x10/0x10
[  688.193454][T13386]  do_syscall_64+0xcd/0x4c0
[  688.193477][T13386]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  688.193494][T13386] RIP: 0033:0x7f11a498ebe9
[  688.193509][T13386] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  688.193527][T13386] RSP: 002b:00007f11a2bf6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  688.193544][T13386] RAX: ffffffffffffffda RBX: 00007f11a4bb5fa0 RCX: 00007f11a498ebe9
[  688.193556][T13386] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000007
[  688.193566][T13386] RBP: 00007f11a2bf6090 R08: 0000000000000000 R09: 0000000000000000
[  688.193577][T13386] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  688.193587][T13386] R13: 00007f11a4bb6038 R14: 00007f11a4bb5fa0 R15: 00007ffc2c828a18
[  688.193611][T13386]  </TASK>
[  688.523976][ T5849] usb 6-1: USB disconnect, device number 35
[  688.779715][T13389] netlink: 126588 bytes leftover after parsing attributes in process `syz.1.1878'.
[  688.842952][T10979] Bluetooth: hci0: command 0x0c1a tx timeout
[  689.123789][T10979] Bluetooth: hci1: command 0x0c1a tx timeout
[  689.129846][ T5172] Bluetooth: hci3: command 0x0c1a tx timeout
[  689.135939][ T5172] Bluetooth: hci2: command 0x0c1a tx timeout
[  689.142130][ T5172] Bluetooth: hci4: command 0x0c1a tx timeout
[  689.179142][T13399] FAULT_INJECTION: forcing a failure.
[  689.179142][T13399] name failslab, interval 1, probability 0, space 0, times 0
[  689.256287][T13399] CPU: 1 UID: 0 PID: 13399 Comm: syz.2.1881 Not tainted syzkaller #0 PREEMPT(full) 
[  689.256314][T13399] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  689.256324][T13399] Call Trace:
[  689.256331][T13399]  <TASK>
[  689.256338][T13399]  dump_stack_lvl+0x16c/0x1f0
[  689.256362][T13399]  should_fail_ex+0x512/0x640
[  689.256382][T13399]  ? fs_reclaim_acquire+0xae/0x150
[  689.256407][T13399]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  689.256433][T13399]  should_failslab+0xc2/0x120
[  689.256453][T13399]  __kmalloc_noprof+0xd2/0x510
[  689.256478][T13399]  tomoyo_realpath_from_path+0xc2/0x6e0
[  689.256506][T13399]  ? tomoyo_profile+0x47/0x60
[  689.256525][T13399]  tomoyo_path_number_perm+0x245/0x580
[  689.256546][T13399]  ? tomoyo_path_number_perm+0x237/0x580
[  689.256570][T13399]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  689.256594][T13399]  ? find_held_lock+0x2b/0x80
[  689.256639][T13399]  ? find_held_lock+0x2b/0x80
[  689.256659][T13399]  ? hook_file_ioctl_common+0x145/0x410
[  689.256683][T13399]  ? __fget_files+0x20e/0x3c0
[  689.256707][T13399]  security_file_ioctl+0x9b/0x240
[  689.256733][T13399]  __x64_sys_ioctl+0xb7/0x210
[  689.256768][T13399]  do_syscall_64+0xcd/0x4c0
[  689.256788][T13399]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  689.256805][T13399] RIP: 0033:0x7f386418ebe9
[  689.256820][T13399] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  689.256836][T13399] RSP: 002b:00007f3864f79038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  689.256853][T13399] RAX: ffffffffffffffda RBX: 00007f38643b6090 RCX: 00007f386418ebe9
[  689.256865][T13399] RDX: 0000200000000540 RSI: 00000000c0306201 RDI: 0000000000000004
[  689.256876][T13399] RBP: 00007f3864f79090 R08: 0000000000000000 R09: 0000000000000000
[  689.256885][T13399] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  689.256896][T13399] R13: 00007f38643b6128 R14: 00007f38643b6090 R15: 00007fff41c1e698
[  689.256921][T13399]  </TASK>
[  689.256928][T13399] ERROR: Out of memory at tomoyo_realpath_from_path.
[  690.250404][   T30] audit: type=1400 audit(1756159480.492:790): avc:  denied  { read write } for  pid=13407 comm="syz.2.1883" name="uhid" dev="devtmpfs" ino=1273 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  690.330133][T13412] Invalid ELF header magic: != ELF
[  690.350011][T13414] FAULT_INJECTION: forcing a failure.
[  690.350011][T13414] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  690.386719][   T30] audit: type=1400 audit(1756159480.492:791): avc:  denied  { open } for  pid=13407 comm="syz.2.1883" path="/dev/uhid" dev="devtmpfs" ino=1273 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  690.431108][T10064] hid-generic 0000:3000000:0000.001F: unknown main item tag 0x4
[  690.439832][T10064] hid-generic 0000:3000000:0000.001F: unknown main item tag 0x2
[  690.455258][T10064] hid-generic 0000:3000000:0000.001F: unknown main item tag 0x3
[  690.465172][T13414] CPU: 0 UID: 0 PID: 13414 Comm: syz.5.1885 Not tainted syzkaller #0 PREEMPT(full) 
[  690.465190][T13414] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  690.465197][T13414] Call Trace:
[  690.465201][T13414]  <TASK>
[  690.465206][T13414]  dump_stack_lvl+0x16c/0x1f0
[  690.465222][T13414]  should_fail_ex+0x512/0x640
[  690.465238][T13414]  _copy_from_user+0x2e/0xd0
[  690.465253][T13414]  __sys_bpf+0x21d/0x4de0
[  690.465271][T13414]  ? __pfx___sys_bpf+0x10/0x10
[  690.465286][T13414]  ? ksys_write+0x190/0x250
[  690.465300][T13414]  ? __mutex_unlock_slowpath+0x161/0x7b0
[  690.465322][T13414]  ? fput+0x9b/0xd0
[  690.465336][T13414]  ? ksys_write+0x1ac/0x250
[  690.465347][T13414]  ? __pfx_ksys_write+0x10/0x10
[  690.465360][T13414]  __x64_sys_bpf+0x78/0xc0
[  690.465375][T13414]  ? lockdep_hardirqs_on+0x7c/0x110
[  690.465387][T13414]  do_syscall_64+0xcd/0x4c0
[  690.465400][T13414]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  690.465412][T13414] RIP: 0033:0x7feb5638ebe9
[  690.465422][T13414] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  690.465433][T13414] RSP: 002b:00007feb571de038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  690.465443][T13414] RAX: ffffffffffffffda RBX: 00007feb565b5fa0 RCX: 00007feb5638ebe9
[  690.465450][T13414] RDX: 0000000000000010 RSI: 00002000000004c0 RDI: 0000000000000011
[  690.465457][T13414] RBP: 00007feb571de090 R08: 0000000000000000 R09: 0000000000000000
[  690.465463][T13414] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  690.465469][T13414] R13: 00007feb565b6038 R14: 00007feb565b5fa0 R15: 00007ffcf39c9c48
[  690.465483][T13414]  </TASK>
[  690.651932][   T30] audit: type=1400 audit(1756159480.602:792): avc:  denied  { module_load } for  pid=13407 comm="syz.2.1883" path="/sys/kernel/notes" dev="sysfs" ino=1406 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=system permissive=1
[  690.717955][T10064] hid-generic 0000:3000000:0000.001F: hidraw0: <UNKNOWN> HID v0.00 Device [sy

] on syz0
[  690.741245][   T30] audit: type=1400 audit(1756159480.642:793): avc:  denied  { setopt } for  pid=13407 comm="syz.2.1883" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  690.763997][   T30] audit: type=1400 audit(1756159480.642:794): avc:  denied  { bind } for  pid=13407 comm="syz.2.1883" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  690.785048][   T30] audit: type=1400 audit(1756159480.642:795): avc:  denied  { name_bind } for  pid=13407 comm="syz.2.1883" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1
[  690.808929][   T30] audit: type=1400 audit(1756159480.642:796): avc:  denied  { node_bind } for  pid=13407 comm="syz.2.1883" saddr=127.0.0.1 src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=sctp_socket permissive=1
[  690.843357][   T30] audit: type=1400 audit(1756159480.642:797): avc:  denied  { name_connect } for  pid=13407 comm="syz.2.1883" dest=20006 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1
[  691.563852][ T5849] usb 2-1: new high-speed USB device number 51 using dummy_hcd
[  691.620661][T13426] binder: 13425:13426 ioctl c0306201 200000000680 returned -14
[  692.243399][ T5849] usb 2-1: Using ep0 maxpacket: 8
[  692.374554][ T5849] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  692.407016][ T5849] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  692.434456][ T5849] usb 2-1: config 0 descriptor??
[  692.731052][T13438] netlink: 126588 bytes leftover after parsing attributes in process `syz.5.1891'.
[  692.843872][ T5849] asix 2-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random
[  693.299659][T13443] FAULT_INJECTION: forcing a failure.
[  693.299659][T13443] name failslab, interval 1, probability 0, space 0, times 0
[  693.320343][T13443] CPU: 0 UID: 0 PID: 13443 Comm: syz.5.1894 Not tainted syzkaller #0 PREEMPT(full) 
[  693.320374][T13443] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  693.320384][T13443] Call Trace:
[  693.320390][T13443]  <TASK>
[  693.320398][T13443]  dump_stack_lvl+0x16c/0x1f0
[  693.320423][T13443]  should_fail_ex+0x512/0x640
[  693.320443][T13443]  ? __kmalloc_noprof+0xbf/0x510
[  693.320462][T13443]  ? sock_kmalloc+0x111/0x170
[  693.320483][T13443]  should_failslab+0xc2/0x120
[  693.320504][T13443]  __kmalloc_noprof+0xd2/0x510
[  693.320519][T13443]  ? irqentry_exit+0x3b/0x90
[  693.320538][T13443]  ? lockdep_hardirqs_on+0x7c/0x110
[  693.320562][T13443]  sock_kmalloc+0x111/0x170
[  693.320586][T13443]  af_alg_alloc_areq+0xbc/0x2e0
[  693.320606][T13443]  skcipher_recvmsg+0x32b/0x1030
[  693.320637][T13443]  ? __pfx_skcipher_recvmsg+0x10/0x10
[  693.320665][T13443]  sock_recvmsg+0x1f9/0x250
[  693.320690][T13443]  sock_read_iter+0x2b9/0x3b0
[  693.320713][T13443]  ? __pfx_sock_read_iter+0x10/0x10
[  693.320746][T13443]  ? bpf_lsm_file_permission+0x9/0x10
[  693.320768][T13443]  ? security_file_permission+0x71/0x210
[  693.320796][T13443]  ? rw_verify_area+0xcf/0x6c0
[  693.320826][T13443]  vfs_read+0xa95/0xcf0
[  693.320849][T13443]  ? __pfx_vfs_read+0x10/0x10
[  693.320864][T13443]  ? find_held_lock+0x2b/0x80
[  693.320904][T13443]  ksys_read+0x1f8/0x250
[  693.320922][T13443]  ? __pfx_ksys_read+0x10/0x10
[  693.320947][T13443]  do_syscall_64+0xcd/0x4c0
[  693.320970][T13443]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  693.320992][T13443] RIP: 0033:0x7feb5638ebe9
[  693.321007][T13443] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  693.321023][T13443] RSP: 002b:00007feb571de038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  693.321040][T13443] RAX: ffffffffffffffda RBX: 00007feb565b5fa0 RCX: 00007feb5638ebe9
[  693.321052][T13443] RDX: 0000000000000835 RSI: 0000200000000cc0 RDI: 0000000000000004
[  693.321062][T13443] RBP: 00007feb571de090 R08: 0000000000000000 R09: 0000000000000000
[  693.321072][T13443] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  693.321082][T13443] R13: 00007feb565b6038 R14: 00007feb565b5fa0 R15: 00007ffcf39c9c48
[  693.321107][T13443]  </TASK>
[  693.665954][   T30] audit: type=1400 audit(1756159483.832:798): avc:  denied  { ioctl } for  pid=13428 comm="syz.2.1890" path="socket:[34023]" dev="sockfs" ino=34023 ioctlcmd=0x89f0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  693.847777][   T30] audit: type=1400 audit(1756159483.842:799): avc:  denied  { create } for  pid=13428 comm="syz.2.1890" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_dnrt_socket permissive=1
[  694.240403][T13465] sctp: [Deprecated]: syz.5.1898 (pid 13465) Use of struct sctp_assoc_value in delayed_ack socket option.
[  694.240403][T13465] Use struct sctp_sack_info instead
[  694.268410][   T30] audit: type=1400 audit(1756159484.302:800): avc:  denied  { getopt } for  pid=13451 comm="syz.3.1896" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  694.292876][T13465] sctp: [Deprecated]: syz.5.1898 (pid 13465) Use of struct sctp_assoc_value in delayed_ack socket option.
[  694.292876][T13465] Use struct sctp_sack_info instead
[  694.467840][T13461] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  694.475404][T13461] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  694.483901][T13461] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  694.491599][T13461] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  694.508711][T13461] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  694.543397][   T30] audit: type=1400 audit(1756159484.482:801): avc:  denied  { map } for  pid=13451 comm="syz.3.1896" path="/dev/bus/usb/007/001" dev="devtmpfs" ino=739 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  695.533392][ T5849] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  695.559535][ T5849] asix 2-1:0.0: probe with driver asix failed with error -71
[  695.678605][T13477] sctp: [Deprecated]: syz.3.1900 (pid 13477) Use of struct sctp_assoc_value in delayed_ack socket option.
[  695.678605][T13477] Use struct sctp_sack_info instead
[  695.720229][T13477] sctp: [Deprecated]: syz.3.1900 (pid 13477) Use of struct sctp_assoc_value in delayed_ack socket option.
[  695.720229][T13477] Use struct sctp_sack_info instead
[  695.870929][ T5849] usb 2-1: USB disconnect, device number 51
[  696.403431][ T5172] Bluetooth: hci0: command 0x0c1a tx timeout
[  696.566610][ T5172] Bluetooth: hci1: command 0x0c1a tx timeout
[  696.572689][ T5172] Bluetooth: hci4: command 0x0c1a tx timeout
[  696.578867][ T5859] Bluetooth: hci3: command 0x0c1a tx timeout
[  696.584879][ T5859] Bluetooth: hci2: command 0x0c1a tx timeout
[  696.739874][   T30] audit: type=1400 audit(1756159487.012:802): avc:  denied  { create } for  pid=13485 comm="syz.0.1904" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  696.791586][T13488] ubi: mtd0 is already attached to ubi31
[  697.250367][   T30] audit: type=1400 audit(1756159487.502:803): avc:  denied  { ioctl } for  pid=13485 comm="syz.0.1904" path="socket:[34081]" dev="sockfs" ino=34081 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  697.342491][   T30] audit: type=1400 audit(1756159487.502:804): avc:  denied  { write } for  pid=13485 comm="syz.0.1904" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  698.511869][T13511] FAULT_INJECTION: forcing a failure.
[  698.511869][T13511] name failslab, interval 1, probability 0, space 0, times 0
[  698.593365][T13511] CPU: 0 UID: 0 PID: 13511 Comm: syz.1.1913 Not tainted syzkaller #0 PREEMPT(full) 
[  698.593390][T13511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  698.593400][T13511] Call Trace:
[  698.593406][T13511]  <TASK>
[  698.593412][T13511]  dump_stack_lvl+0x16c/0x1f0
[  698.593436][T13511]  should_fail_ex+0x512/0x640
[  698.593455][T13511]  ? fs_reclaim_acquire+0xae/0x150
[  698.593479][T13511]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  698.593503][T13511]  should_failslab+0xc2/0x120
[  698.593525][T13511]  __kmalloc_noprof+0xd2/0x510
[  698.593548][T13511]  tomoyo_realpath_from_path+0xc2/0x6e0
[  698.593574][T13511]  ? tomoyo_profile+0x47/0x60
[  698.593594][T13511]  tomoyo_path_number_perm+0x245/0x580
[  698.593614][T13511]  ? tomoyo_path_number_perm+0x237/0x580
[  698.593638][T13511]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  698.593660][T13511]  ? find_held_lock+0x2b/0x80
[  698.593701][T13511]  ? find_held_lock+0x2b/0x80
[  698.593721][T13511]  ? hook_file_ioctl_common+0x145/0x410
[  698.593742][T13511]  ? __fget_files+0x20e/0x3c0
[  698.593765][T13511]  security_file_ioctl+0x9b/0x240
[  698.593791][T13511]  __x64_sys_ioctl+0xb7/0x210
[  698.593818][T13511]  do_syscall_64+0xcd/0x4c0
[  698.593840][T13511]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  698.593857][T13511] RIP: 0033:0x7fa522d8ebe9
[  698.593871][T13511] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  698.593887][T13511] RSP: 002b:00007fa520fee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  698.593903][T13511] RAX: ffffffffffffffda RBX: 00007fa522fb5fa0 RCX: 00007fa522d8ebe9
[  698.593914][T13511] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000003
[  698.593923][T13511] RBP: 00007fa520fee090 R08: 0000000000000000 R09: 0000000000000000
[  698.593933][T13511] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  698.593942][T13511] R13: 00007fa522fb6038 R14: 00007fa522fb5fa0 R15: 00007fffc57b6238
[  698.593966][T13511]  </TASK>
[  698.593974][T13511] ERROR: Out of memory at tomoyo_realpath_from_path.
[  698.930690][   T30] audit: type=1400 audit(1756159489.202:805): avc:  denied  { setopt } for  pid=13512 comm="syz.0.1915" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  699.462363][   T30] audit: type=1400 audit(1756159489.242:806): avc:  denied  { execute } for  pid=13512 comm="syz.0.1915" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=34165 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[  699.516420][T13525] netlink: 'syz.1.1917': attribute type 11 has an invalid length.
[  699.675180][T13529] ubi: mtd0 is already attached to ubi31
[  699.713289][   T30] audit: type=1326 audit(1756159489.962:807): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13512 comm="syz.0.1915" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f11a498ebe9 code=0x0
[  700.033367][T13527] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1914'.
[  700.233324][   T30] audit: type=1326 audit(1756159490.472:808): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13526 comm="syz.5.1914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb5638ebe9 code=0x7ffc0000
[  700.353352][ T5967] usb 2-1: new high-speed USB device number 52 using dummy_hcd
[  700.395112][   T30] audit: type=1326 audit(1756159490.472:809): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13526 comm="syz.5.1914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=29 compat=0 ip=0x7feb5638ebe9 code=0x7ffc0000
[  700.825262][ T5967] usb 2-1: no configurations
[  700.830044][ T5967] usb 2-1: can't read configurations, error -22
[  700.877941][   T30] audit: type=1326 audit(1756159490.472:810): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13526 comm="syz.5.1914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb5638ebe9 code=0x7ffc0000
[  701.049591][ T5967] usb 2-1: new high-speed USB device number 53 using dummy_hcd
[  701.063788][T13534] netlink: 126588 bytes leftover after parsing attributes in process `syz.3.1919'.
[  701.079067][   T30] audit: type=1326 audit(1756159490.472:811): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13526 comm="syz.5.1914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7feb5638ebe9 code=0x7ffc0000
[  701.816048][ T5967] usb 2-1: no configurations
[  701.821455][ T5967] usb 2-1: can't read configurations, error -22
[  701.831980][ T5967] usb usb2-port1: attempt power cycle
[  702.393373][ T5967] usb 2-1: new high-speed USB device number 54 using dummy_hcd
[  702.407924][T13558] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1925'.
[  702.429761][T13558] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1925'.
[  702.441790][ T5967] usb 2-1: no configurations
[  702.446560][ T5967] usb 2-1: can't read configurations, error -22
[  702.627840][T13561] FAULT_INJECTION: forcing a failure.
[  702.627840][T13561] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  702.694177][T13561] CPU: 1 UID: 0 PID: 13561 Comm: syz.3.1926 Not tainted syzkaller #0 PREEMPT(full) 
[  702.694203][T13561] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  702.694214][T13561] Call Trace:
[  702.694219][T13561]  <TASK>
[  702.694226][T13561]  dump_stack_lvl+0x16c/0x1f0
[  702.694250][T13561]  should_fail_ex+0x512/0x640
[  702.694274][T13561]  _copy_from_user+0x2e/0xd0
[  702.694297][T13561]  do_quotactl+0xcd4/0x13d0
[  702.694318][T13561]  ? __pfx_do_quotactl+0x10/0x10
[  702.694348][T13561]  ? down_read+0x13d/0x480
[  702.694365][T13561]  ? mnt_get_write_access+0x54/0x300
[  702.694388][T13561]  ? __pfx_down_read+0x10/0x10
[  702.694409][T13561]  ? mnt_get_write_access+0x20c/0x300
[  702.694437][T13561]  __x64_sys_quotactl_fd+0x309/0x540
[  702.694459][T13561]  do_syscall_64+0xcd/0x4c0
[  702.694481][T13561]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  702.694500][T13561] RIP: 0033:0x7fb80818ebe9
[  702.694514][T13561] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  702.694531][T13561] RSP: 002b:00007fb808f97038 EFLAGS: 00000246 ORIG_RAX: 00000000000001bb
[  702.694547][T13561] RAX: ffffffffffffffda RBX: 00007fb8083b5fa0 RCX: 00007fb80818ebe9
[  702.694559][T13561] RDX: 0000000000000000 RSI: ffffffff80000600 RDI: 0000000000000003
[  702.694569][T13561] RBP: 00007fb808f97090 R08: 0000000000000000 R09: 0000000000000000
[  702.694580][T13561] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  702.694590][T13561] R13: 00007fb8083b6038 R14: 00007fb8083b5fa0 R15: 00007ffcf63bfa48
[  702.694614][T13561]  </TASK>
[  702.870796][ T5967] usb 2-1: new high-speed USB device number 55 using dummy_hcd
[  703.673353][ T5967] usb 2-1: device not accepting address 55, error -71
[  703.789389][T13567] netlink: 'syz.3.1929': attribute type 11 has an invalid length.
[  703.801454][ T5967] usb usb2-port1: unable to enumerate USB device
[  705.840297][T13577] tipc: Started in network mode
[  705.855095][T13577] tipc: Node identity 1efb2fb791dd, cluster identity 4711
[  705.890455][T13577] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  705.953021][T13580] syzkaller0: entered promiscuous mode
[  705.966859][T13580] syzkaller0: entered allmulticast mode
[  706.803105][T13582] delete_channel: no stack
[  706.878150][T13580] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  706.969755][T13580] tipc: Resetting bearer <eth:syzkaller0>
[  707.013151][ T5983] tipc: Node number set to 2401644471
[  707.237231][T13576] tipc: Resetting bearer <eth:syzkaller0>
[  707.450423][T13576] tipc: Disabling bearer <eth:syzkaller0>
[  707.644468][   T30] kauditd_printk_skb: 33 callbacks suppressed
[  707.644484][   T30] audit: type=1400 audit(1756159497.922:845): avc:  denied  { connect } for  pid=13610 comm="syz.3.1939" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  707.841063][T13607] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1935'.
[  707.954914][   T30] audit: type=1400 audit(1756159497.952:846): avc:  denied  { ioctl } for  pid=13610 comm="syz.3.1939" path="socket:[35104]" dev="sockfs" ino=35104 ioctlcmd=0x7437 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  708.062601][   T30] audit: type=1400 audit(1756159497.952:847): avc:  denied  { write } for  pid=13610 comm="syz.3.1939" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  708.158923][   T30] audit: type=1400 audit(1756159498.432:848): avc:  denied  { create } for  pid=13614 comm="syz.1.1940" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  708.349514][T13615] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1940'.
[  708.403712][T13615] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1940'.
[  708.459824][T13615] netlink: 'syz.1.1940': attribute type 1 has an invalid length.
[  708.488806][T13615] netlink: 10 bytes leftover after parsing attributes in process `syz.1.1940'.
[  708.546202][T13615] nbd: socks must be embedded in a SOCK_ITEM attr
[  708.564197][T13615] block nbd0: shutting down sockets
[  708.669680][T13620] FAULT_INJECTION: forcing a failure.
[  708.669680][T13620] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  708.724167][T13620] CPU: 1 UID: 0 PID: 13620 Comm: syz.5.1942 Not tainted syzkaller #0 PREEMPT(full) 
[  708.724193][T13620] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  708.724202][T13620] Call Trace:
[  708.724206][T13620]  <TASK>
[  708.724210][T13620]  dump_stack_lvl+0x16c/0x1f0
[  708.724228][T13620]  should_fail_ex+0x512/0x640
[  708.724243][T13620]  _copy_from_user+0x2e/0xd0
[  708.724258][T13620]  copy_msghdr_from_user+0x98/0x160
[  708.724272][T13620]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  708.724286][T13620]  ? __pfx__kstrtoull+0x10/0x10
[  708.724300][T13620]  ___sys_sendmsg+0xfe/0x1d0
[  708.724312][T13620]  ? __pfx____sys_sendmsg+0x10/0x10
[  708.724331][T13620]  ? find_held_lock+0x2b/0x80
[  708.724354][T13620]  __sys_sendmmsg+0x200/0x420
[  708.724367][T13620]  ? __pfx___sys_sendmmsg+0x10/0x10
[  708.724384][T13620]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  708.724403][T13620]  ? fput+0x9b/0xd0
[  708.724417][T13620]  ? ksys_write+0x1ac/0x250
[  708.724429][T13620]  ? __pfx_ksys_write+0x10/0x10
[  708.724442][T13620]  __x64_sys_sendmmsg+0x9c/0x100
[  708.724454][T13620]  ? lockdep_hardirqs_on+0x7c/0x110
[  708.724466][T13620]  do_syscall_64+0xcd/0x4c0
[  708.724479][T13620]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  708.724491][T13620] RIP: 0033:0x7feb5638ebe9
[  708.724500][T13620] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  708.724511][T13620] RSP: 002b:00007feb571de038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  708.724522][T13620] RAX: ffffffffffffffda RBX: 00007feb565b5fa0 RCX: 00007feb5638ebe9
[  708.724529][T13620] RDX: 0000000000034000 RSI: 00002000000008c0 RDI: 0000000000000004
[  708.724535][T13620] RBP: 00007feb571de090 R08: 0000000000000000 R09: 0000000000000000
[  708.724542][T13620] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  708.724548][T13620] R13: 00007feb565b6038 R14: 00007feb565b5fa0 R15: 00007ffcf39c9c48
[  708.724562][T13620]  </TASK>
[  708.927560][    C1] vkms_vblank_simulate: vblank timer overrun
[  709.050176][   T30] audit: type=1400 audit(1756159499.322:849): avc:  denied  { read open } for  pid=13633 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1836 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  709.443958][   T30] audit: type=1400 audit(1756159499.322:850): avc:  denied  { getattr } for  pid=13633 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1836 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  709.903493][ T5983] usb 2-1: new high-speed USB device number 56 using dummy_hcd
[  710.083815][ T5983] usb 2-1: Using ep0 maxpacket: 8
[  710.384220][ T5983] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  710.408353][ T5983] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  710.425098][ T5983] usb 2-1: config 0 descriptor??
[  710.710209][ T5983] asix 2-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random
[  711.055834][   T30] audit: type=1400 audit(1756159501.322:851): avc:  denied  { add_name } for  pid=13632 comm="dhcpcd-run-hook" name="resolv.conf.sl0.link" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  711.177232][T13653] netlink: 'syz.5.1950': attribute type 83 has an invalid length.
[  711.196508][T13663] IPVS: sync thread started: state = MASTER, mcast_ifn = hsr0, syncid = 4, id = 0
[  711.234548][T13648] delete_channel: no stack
[  711.263325][   T30] audit: type=1400 audit(1756159501.322:852): avc:  denied  { create } for  pid=13632 comm="dhcpcd-run-hook" name="resolv.conf.sl0.link" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  711.410809][   T30] audit: type=1400 audit(1756159501.322:853): avc:  denied  { write } for  pid=13632 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf.sl0.link" dev="tmpfs" ino=8099 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  711.538490][   T30] audit: type=1400 audit(1756159501.322:854): avc:  denied  { append } for  pid=13632 comm="dhcpcd-run-hook" name="resolv.conf.sl0.link" dev="tmpfs" ino=8099 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  712.273352][ T5955] usb 4-1: new high-speed USB device number 51 using dummy_hcd
[  712.533635][ T5955] usb 4-1: Using ep0 maxpacket: 16
[  712.551796][ T5955] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  712.789576][ T5983] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0012: -71
[  712.847838][ T5955] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  712.854345][T13703] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1956'.
[  712.860184][ T5983] asix 2-1:0.0: probe with driver asix failed with error -71
[  712.991140][ T5955] usb 4-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00
[  713.003650][ T5983] usb 2-1: USB disconnect, device number 56
[  713.009635][ T5955] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  713.032030][ T5955] usb 4-1: config 0 descriptor??
[  713.052485][T13706] sctp: [Deprecated]: syz.0.1958 (pid 13706) Use of struct sctp_assoc_value in delayed_ack socket option.
[  713.052485][T13706] Use struct sctp_sack_info instead
[  713.070354][T13706] sctp: [Deprecated]: syz.0.1958 (pid 13706) Use of struct sctp_assoc_value in delayed_ack socket option.
[  713.070354][T13706] Use struct sctp_sack_info instead
[  713.229714][T13704] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  713.236362][T13704] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  713.243982][T13704] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  713.263696][T13704] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  713.308743][T13704] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  713.573439][ T5967] usb 6-1: new high-speed USB device number 36 using dummy_hcd
[  713.686983][ T5955] usbhid 4-1:0.0: can't add hid device: -71
[  713.695063][ T5955] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  714.212132][ T5955] usb 4-1: USB disconnect, device number 51
[  714.244215][ T5967] usb 6-1: Using ep0 maxpacket: 8
[  714.251749][ T5967] usb 6-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  714.273331][ T5967] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  714.297277][ T5967] usb 6-1: config 0 descriptor??
[  714.547801][ T5967] asix 6-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random
[  714.563792][T13718] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1962'.
[  715.099353][T13721] FAULT_INJECTION: forcing a failure.
[  715.099353][T13721] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  715.154542][ T5172] Bluetooth: hci0: command 0x0c1a tx timeout
[  715.216840][T13721] CPU: 0 UID: 0 PID: 13721 Comm: syz.3.1963 Not tainted syzkaller #0 PREEMPT(full) 
[  715.216867][T13721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  715.216877][T13721] Call Trace:
[  715.216883][T13721]  <TASK>
[  715.216890][T13721]  dump_stack_lvl+0x16c/0x1f0
[  715.216914][T13721]  should_fail_ex+0x512/0x640
[  715.216941][T13721]  _copy_from_iter+0x29f/0x1720
[  715.216970][T13721]  ? __pfx__copy_from_iter+0x10/0x10
[  715.216991][T13721]  ? __lock_acquire+0xb97/0x1ce0
[  715.217017][T13721]  ? _parse_integer_limit+0x17f/0x1d0
[  715.217038][T13721]  ? _kstrtoull+0x145/0x200
[  715.217053][T13721]  ? __pfx__kstrtoull+0x10/0x10
[  715.217071][T13721]  tun_get_user+0x26d/0x3ce0
[  715.217107][T13721]  ? __pfx_tun_get_user+0x10/0x10
[  715.217133][T13721]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  715.217163][T13721]  ? find_held_lock+0x2b/0x80
[  715.217185][T13721]  ? tun_get+0x191/0x370
[  715.217213][T13721]  tun_chr_write_iter+0xdc/0x210
[  715.217240][T13721]  vfs_write+0x7d0/0x11d0
[  715.217260][T13721]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  715.217287][T13721]  ? __pfx_vfs_write+0x10/0x10
[  715.217303][T13721]  ? find_held_lock+0x2b/0x80
[  715.217339][T13721]  ksys_write+0x12a/0x250
[  715.217356][T13721]  ? __pfx_ksys_write+0x10/0x10
[  715.217382][T13721]  do_syscall_64+0xcd/0x4c0
[  715.217404][T13721]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  715.217422][T13721] RIP: 0033:0x7fb80818ebe9
[  715.217437][T13721] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  715.217454][T13721] RSP: 002b:00007fb808f97038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  715.217471][T13721] RAX: ffffffffffffffda RBX: 00007fb8083b5fa0 RCX: 00007fb80818ebe9
[  715.217490][T13721] RDX: 000000000000004b RSI: 0000200000000340 RDI: 0000000000000004
[  715.217501][T13721] RBP: 00007fb808f97090 R08: 0000000000000000 R09: 0000000000000000
[  715.217510][T13721] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  715.217520][T13721] R13: 00007fb8083b6038 R14: 00007fb8083b5fa0 R15: 00007ffcf63bfa48
[  715.217544][T13721]  </TASK>
[  715.509269][T13726] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1964'.
[  715.530063][ T5172] Bluetooth: hci4: command 0x0c1a tx timeout
[  715.542033][ T5172] Bluetooth: hci1: command 0x0c1a tx timeout
[  715.551639][ T5172] Bluetooth: hci3: command 0x0c1a tx timeout
[  715.557867][ T5172] Bluetooth: hci2: command 0x0c1a tx timeout
[  716.819798][ T5967] asix 6-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  716.983382][ T5967] asix 6-1:0.0 (unnamed net_device) (uninitialized): Failed to write GPIO value 0x0080: ffffffb9
[  717.013590][ T5967] asix 6-1:0.0: probe with driver asix failed with error -71
[  717.075956][T13736] FAULT_INJECTION: forcing a failure.
[  717.075956][T13736] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  717.076440][T13736] 
[  717.076447][T13736] ======================================================
[  717.076453][T13736] WARNING: possible circular locking dependency detected
[  717.076460][T13736] syzkaller #0 Not tainted
[  717.076469][T13736] ------------------------------------------------------
[  717.076474][T13736] syz.2.1965/13736 is trying to acquire lock:
[  717.076483][T13736] ffffffff8e4ce840 (console_owner){-...}-{0:0}, at: console_lock_spinning_enable+0x9f/0xd0
[  717.076526][T13736] 
[  717.076526][T13736] but task is already holding lock:
[  717.076530][T13736] ffff8880b843a318 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x7e/0x130
[  717.076568][T13736] 
[  717.076568][T13736] which lock already depends on the new lock.
[  717.076568][T13736] 
[  717.076573][T13736] 
[  717.076573][T13736] the existing dependency chain (in reverse order) is:
[  717.076579][T13736] 
[  717.076579][T13736] -> #4 (&rq->__lock){-.-.}-{2:2}:
[  717.076599][T13736]        _raw_spin_lock_nested+0x31/0x40
[  717.076624][T13736]        raw_spin_rq_lock_nested+0x29/0x130
[  717.076642][T13736]        task_rq_lock+0xcf/0x490
[  717.076660][T13736]        cgroup_move_task+0x81/0x2a0
[  717.076680][T13736]        css_set_move_task+0x288/0x5f0
[  717.076694][T13736]        cgroup_post_fork+0x201/0x9e0
[  717.076714][T13736]        copy_process+0x5cfa/0x7690
[  717.076734][T13736]        kernel_clone+0xfc/0x930
[  717.076754][T13736]        user_mode_thread+0xc7/0x110
[  717.076782][T13736]        rest_init+0x23/0x2b0
[  717.076801][T13736]        start_kernel+0x3ee/0x4d0
[  717.076815][T13736]        x86_64_start_reservations+0x18/0x30
[  717.076831][T13736]        x86_64_start_kernel+0x130/0x190
[  717.076844][T13736]        common_startup_64+0x13e/0x148
[  717.076862][T13736] 
[  717.076862][T13736] -> #3 (&p->pi_lock){-.-.}-{2:2}:
[  717.076883][T13736]        _raw_spin_lock_irqsave+0x3a/0x60
[  717.076906][T13736]        try_to_wake_up+0xb7/0x1870
[  717.076924][T13736]        __wake_up_common+0x135/0x1f0
[  717.076947][T13736]        __wake_up+0x31/0x60
[  717.076966][T13736]        tty_port_default_wakeup+0x2a/0x40
[  717.076985][T13736]        serial8250_tx_chars+0x68e/0x860
[  717.077004][T13736]        serial8250_handle_irq+0x761/0xcb0
[  717.077024][T13736]        serial8250_default_handle_irq+0x9a/0x250
[  717.077045][T13736]        serial8250_interrupt+0xf8/0x1b0
[  717.077065][T13736]        __handle_irq_event_percpu+0x229/0x7d0
[  717.077084][T13736]        handle_irq_event+0xab/0x1e0
[  717.077102][T13736]        handle_edge_irq+0x3ca/0x9e0
[  717.077118][T13736]        __common_interrupt+0xd0/0x2f0
[  717.077139][T13736]        common_interrupt+0x61/0xe0
[  717.077161][T13736]        asm_common_interrupt+0x26/0x40
[  717.077177][T13736]        handle_softirqs+0x1dd/0x8e0
[  717.077196][T13736]        __irq_exit_rcu+0x109/0x170
[  717.077215][T13736]        irq_exit_rcu+0x9/0x30
[  717.077233][T13736]        sysvec_apic_timer_interrupt+0xa4/0xc0
[  717.077248][T13736]        asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  717.077264][T13736]        console_flush_all+0x9a2/0xc60
[  717.077282][T13736]        console_unlock+0xd8/0x210
[  717.077299][T13736]        vprintk_emit+0x418/0x6d0
[  717.077317][T13736]        _printk+0xc7/0x100
[  717.077329][T13736]        kauditd_hold_skb+0x205/0x250
[  717.077352][T13736]        kauditd_send_queue+0x239/0x290
[  717.077374][T13736]        kauditd_thread+0x623/0xa70
[  717.077396][T13736]        kthread+0x3c5/0x780
[  717.077410][T13736]        ret_from_fork+0x5d7/0x6f0
[  717.077425][T13736]        ret_from_fork_asm+0x1a/0x30
[  717.077444][T13736] 
[  717.077444][T13736] -> #2 (&tty->write_wait){-.-.}-{3:3}:
[  717.077465][T13736]        _raw_spin_lock_irqsave+0x3a/0x60
[  717.077489][T13736]        __wake_up+0x1c/0x60
[  717.077508][T13736]        tty_port_default_wakeup+0x2a/0x40
[  717.077525][T13736]        serial8250_tx_chars+0x68e/0x860
[  717.077543][T13736]        serial8250_handle_irq+0x761/0xcb0
[  717.077563][T13736]        serial8250_default_handle_irq+0x9a/0x250
[  717.077584][T13736]        serial8250_interrupt+0xf8/0x1b0
[  717.077604][T13736]        __handle_irq_event_percpu+0x229/0x7d0
[  717.077623][T13736]        handle_irq_event+0xab/0x1e0
[  717.077641][T13736]        handle_edge_irq+0x3ca/0x9e0
[  717.077657][T13736]        __common_interrupt+0xd0/0x2f0
[  717.077677][T13736]        common_interrupt+0xba/0xe0
[  717.077697][T13736]        asm_common_interrupt+0x26/0x40
[  717.077712][T13736]        _raw_spin_unlock_irqrestore+0x31/0x80
[  717.077726][T13736]        uart_write+0x2a4/0xb30
[  717.077742][T13736]        n_tty_write+0x41f/0x11e0
[  717.077762][T13736]        file_tty_write.constprop.0+0x504/0x9b0
[  717.077783][T13736]        redirected_tty_write+0xd4/0x150
[  717.077799][T13736]        vfs_write+0x7d0/0x11d0
[  717.077814][T13736]        ksys_write+0x12a/0x250
[  717.077829][T13736]        do_syscall_64+0xcd/0x4c0
[  717.077845][T13736]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  717.077860][T13736] 
[  717.077860][T13736] -> #1 (&port_lock_key){-.-.}-{3:3}:
[  717.077881][T13736]        _raw_spin_lock_irqsave+0x3a/0x60
[  717.077904][T13736]        serial8250_console_write+0x181/0x1890
[  717.077925][T13736]        console_flush_all+0x801/0xc60
[  717.077942][T13736]        console_unlock+0xd8/0x210
[  717.077959][T13736]        vprintk_emit+0x418/0x6d0
[  717.077977][T13736]        _printk+0xc7/0x100
[  717.077989][T13736]        register_console+0xc2d/0x11b0
[  717.078008][T13736]        univ8250_console_init+0x5f/0x90
[  717.078025][T13736]        console_init+0x14f/0x680
[  717.078040][T13736]        start_kernel+0x29f/0x4d0
[  717.078053][T13736]        x86_64_start_reservations+0x18/0x30
[  717.078067][T13736]        x86_64_start_kernel+0x130/0x190
[  717.078081][T13736]        common_startup_64+0x13e/0x148
[  717.078097][T13736] 
[  717.078097][T13736] -> #0 (console_owner){-...}-{0:0}:
[  717.078117][T13736]        __lock_acquire+0x12a6/0x1ce0
[  717.078140][T13736]        lock_acquire+0x179/0x350
[  717.078163][T13736]        console_lock_spinning_enable+0xb0/0xd0
[  717.078180][T13736]        console_flush_all+0x7aa/0xc60
[  717.078197][T13736]        console_unlock+0xd8/0x210
[  717.078214][T13736]        vprintk_emit+0x418/0x6d0
[  717.078232][T13736]        _printk+0xc7/0x100
[  717.078244][T13736]        should_fail_ex+0x4e7/0x640
[  717.078261][T13736]        strncpy_from_user+0x3b/0x2e0
[  717.078275][T13736]        strncpy_from_user_nofault+0x7f/0x180
[  717.078294][T13736]        bpf_probe_read_user_str+0x26/0x70
[  717.078317][T13736]        bpf_prog_bc7c5c6b9645592f+0x3e/0x44
[  717.078330][T13736]        bpf_trace_run4+0x252/0x5b0
[  717.078346][T13736]        __bpf_trace_sched_switch+0x145/0x190
[  717.078364][T13736]        __traceiter_sched_switch+0x6f/0xc0
[  717.078381][T13736]        __schedule+0x183b/0x5de0
[  717.078394][T13736]        schedule+0xe7/0x3a0
[  717.078407][T13736]        exit_to_user_mode_loop+0x67/0x110
[  717.078423][T13736]        do_syscall_64+0x3f6/0x4c0
[  717.078440][T13736]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  717.078456][T13736] 
[  717.078456][T13736] other info that might help us debug this:
[  717.078456][T13736] 
[  717.078461][T13736] Chain exists of:
[  717.078461][T13736]   console_owner --> &p->pi_lock --> &rq->__lock
[  717.078461][T13736] 
[  717.078485][T13736]  Possible unsafe locking scenario:
[  717.078485][T13736] 
[  717.078489][T13736]        CPU0                    CPU1
[  717.078494][T13736]        ----                    ----
[  717.078498][T13736]   lock(&rq->__lock);
[  717.078508][T13736]                                lock(&p->pi_lock);
[  717.078520][T13736]                                lock(&rq->__lock);
[  717.078530][T13736]   lock(console_owner);
[  717.078540][T13736] 
[  717.078540][T13736]  *** DEADLOCK ***
[  717.078540][T13736] 
[  717.078544][T13736] 4 locks held by syz.2.1965/13736:
[  717.078554][T13736]  #0: ffff8880b843a318 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x7e/0x130
[  717.078595][T13736]  #1: ffffffff8e5c1220 (rcu_read_lock){....}-{1:3}, at: bpf_trace_run4+0x1d5/0x5b0
[  717.078633][T13736]  #2: ffffffff8e5aec80 (console_lock){+.+.}-{0:0}, at: _printk+0xc7/0x100
[  717.078667][T13736]  #3: ffffffff8e5aecf0 (console_srcu){....}-{0:0}, at: console_flush_all+0x158/0xc60
[  717.078707][T13736] 
[  717.078707][T13736] stack backtrace:
[  717.078715][T13736] CPU: 0 UID: 0 PID: 13736 Comm: syz.2.1965 Not tainted syzkaller #0 PREEMPT(full) 
[  717.078734][T13736] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  717.078745][T13736] Call Trace:
[  717.078750][T13736]  <TASK>
[  717.078756][T13736]  dump_stack_lvl+0x116/0x1f0
[  717.078781][T13736]  print_circular_bug+0x275/0x350
[  717.078805][T13736]  check_noncircular+0x14c/0x170
[  717.078832][T13736]  __lock_acquire+0x12a6/0x1ce0
[  717.078861][T13736]  lock_acquire+0x179/0x350
[  717.078885][T13736]  ? console_lock_spinning_enable+0x9f/0xd0
[  717.078905][T13736]  ? console_lock_spinning_enable+0x88/0xd0
[  717.078927][T13736]  console_lock_spinning_enable+0xb0/0xd0
[  717.078946][T13736]  ? console_lock_spinning_enable+0x9f/0xd0
[  717.078965][T13736]  console_flush_all+0x7aa/0xc60
[  717.078986][T13736]  ? __pfx_console_flush_all+0x10/0x10
[  717.079010][T13736]  ? is_printk_cpu_sync_owner+0x32/0x40
[  717.079034][T13736]  console_unlock+0xd8/0x210
[  717.079052][T13736]  ? __pfx_console_unlock+0x10/0x10
[  717.079071][T13736]  ? do_raw_spin_unlock+0xd0/0x230
[  717.079089][T13736]  ? _printk+0xc7/0x100
[  717.079103][T13736]  ? __down_trylock_console_sem+0xb0/0x140
[  717.079121][T13736]  vprintk_emit+0x418/0x6d0
[  717.079141][T13736]  ? __pfx_vprintk_emit+0x10/0x10
[  717.079162][T13736]  ? __bpf_trace_sched_switch+0x145/0x190
[  717.079183][T13736]  _printk+0xc7/0x100
[  717.079198][T13736]  ? __pfx__printk+0x10/0x10
[  717.079214][T13736]  ? __pfx____ratelimit+0x10/0x10
[  717.079233][T13736]  should_fail_ex+0x4e7/0x640
[  717.079251][T13736]  ? irqentry_exit+0x3b/0x90
[  717.079269][T13736]  strncpy_from_user+0x3b/0x2e0
[  717.079284][T13736]  ? lock_acquire+0x179/0x350
[  717.079309][T13736]  strncpy_from_user_nofault+0x7f/0x180
[  717.079329][T13736]  bpf_probe_read_user_str+0x26/0x70
[  717.079353][T13736]  bpf_prog_bc7c5c6b9645592f+0x3e/0x44
[  717.079367][T13736]  bpf_trace_run4+0x252/0x5b0
[  717.079383][T13736]  ? __pfx_bpf_trace_run4+0x10/0x10
[  717.079403][T13736]  ? __lock_acquire+0xb97/0x1ce0
[  717.079430][T13736]  __bpf_trace_sched_switch+0x145/0x190
[  717.079450][T13736]  ? __pfx___bpf_trace_sched_switch+0x10/0x10
[  717.079470][T13736]  ? lock_acquire+0x179/0x350
[  717.079496][T13736]  ? tracing_record_taskinfo_sched_switch+0x54/0x400
[  717.079518][T13736]  __traceiter_sched_switch+0x6f/0xc0
[  717.079535][T13736]  ? set_next_task_rt+0x403/0x6a0
[  717.079559][T13736]  __schedule+0x183b/0x5de0
[  717.079581][T13736]  ? __pfx___schedule+0x10/0x10
[  717.079595][T13736]  ? __fget_files+0x20e/0x3c0
[  717.079617][T13736]  ? fput+0x9b/0xd0
[  717.079637][T13736]  ? ksys_write+0x1ac/0x250
[  717.079655][T13736]  schedule+0xe7/0x3a0
[  717.079670][T13736]  exit_to_user_mode_loop+0x67/0x110
[  717.079687][T13736]  do_syscall_64+0x3f6/0x4c0
[  717.079706][T13736]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  717.079723][T13736] RIP: 0033:0x7f386418d69f
[  717.079736][T13736] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  717.079753][T13736] RSP: 002b:00007f3864f58030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  717.079768][T13736] RAX: 0000000000000001 RBX: 0000000000000009 RCX: 00007f386418d69f
[  717.079793][T13736] RDX: 0000000000000001 RSI: 00007f3864f58090 RDI: 0000000000000009
[  717.079803][T13736] RBP: 00007f3864f58090 R08: 0000000000000000 R09: 00007f3864f57df7
[  717.079814][T13736] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  717.079824][T13736] R13: 00007f38643b6218 R14: 00007f38643b6180 R15: 00007fff41c1e698
[  717.079841][T13736]  </TASK>
[  718.208513][T13736] CPU: 0 UID: 0 PID: 13736 Comm: syz.2.1965 Not tainted syzkaller #0 PREEMPT(full) 
[  718.208529][T13736] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  718.208535][T13736] Call Trace:
[  718.208541][T13736]  <TASK>
[  718.208547][T13736]  dump_stack_lvl+0x116/0x1f0
[  718.208565][T13736]  should_fail_ex+0x512/0x640
[  718.208577][T13736]  ? irqentry_exit+0x3b/0x90
[  718.208590][T13736]  strncpy_from_user+0x3b/0x2e0
[  718.208600][T13736]  ? lock_acquire+0x179/0x350
[  718.208618][T13736]  strncpy_from_user_nofault+0x7f/0x180
[  718.208633][T13736]  bpf_probe_read_user_str+0x26/0x70
[  718.208650][T13736]  bpf_prog_bc7c5c6b9645592f+0x3e/0x44
[  718.208660][T13736]  bpf_trace_run4+0x252/0x5b0
[  718.208672][T13736]  ? __pfx_bpf_trace_run4+0x10/0x10
[  718.208684][T13736]  ? __lock_acquire+0xb97/0x1ce0
[  718.208702][T13736]  __bpf_trace_sched_switch+0x145/0x190
[  718.208716][T13736]  ? __pfx___bpf_trace_sched_switch+0x10/0x10
[  718.208728][T13736]  ? lock_acquire+0x179/0x350
[  718.208746][T13736]  ? tracing_record_taskinfo_sched_switch+0x54/0x400
[  718.208760][T13736]  __traceiter_sched_switch+0x6f/0xc0
[  718.208772][T13736]  ? set_next_task_rt+0x403/0x6a0
[  718.208788][T13736]  __schedule+0x183b/0x5de0
[  718.208802][T13736]  ? __pfx___schedule+0x10/0x10
[  718.208812][T13736]  ? __fget_files+0x20e/0x3c0
[  718.208825][T13736]  ? fput+0x9b/0xd0
[  718.208839][T13736]  ? ksys_write+0x1ac/0x250
[  718.208851][T13736]  schedule+0xe7/0x3a0
[  718.208860][T13736]  exit_to_user_mode_loop+0x67/0x110
[  718.208872][T13736]  do_syscall_64+0x3f6/0x4c0
[  718.208886][T13736]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  718.208897][T13736] RIP: 0033:0x7f386418d69f
[  718.208907][T13736] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  718.208918][T13736] RSP: 002b:00007f3864f58030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  718.208929][T13736] RAX: 0000000000000001 RBX: 0000000000000009 RCX: 00007f386418d69f
[  718.208936][T13736] RDX: 0000000000000001 RSI: 00007f3864f58090 RDI: 0000000000000009
[  718.208942][T13736] RBP: 00007f3864f58090 R08: 0000000000000000 R09: 00007f3864f57df7
[  718.208949][T13736] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  718.208956][T13736] R13: 00007f38643b6218 R14: 00007f38643b6180 R15: 00007fff41c1e698
[  718.208965][T13736]  </TASK>
[  718.725460][T13736] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1965'.
[  719.267964][ T5967] usb 6-1: USB disconnect, device number 36
[  719.589257][T13728] delete_channel: no stack
[  719.793403][ T5967] usb 6-1: new full-speed USB device number 37 using dummy_hcd
[  719.954660][ T5967] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  719.965773][ T5967] usb 6-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[  719.974837][ T5967] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  719.988977][ T5967] usb 6-1: config 0 descriptor??
[  719.996960][ T5967] usb 6-1: can't set config #0, error -71
[  720.004591][ T5967] usb 6-1: USB disconnect, device number 37