last executing test programs:

45.868967929s ago: executing program 3 (id=447):
r0 = syz_usb_connect$cdc_ncm(0x0, 0x7a, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000020000402505a1a44000010203010902680002010040000904000001020e0000052406000105240000000d370f0100000000000000000006241a0000000c241b4800f3ff00050080050905810300020000000904010000020d000009040101"], 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000780)={0x84, &(0x7f0000000340)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_io_uring_setup(0x6cab, &(0x7f0000000000)={0x0, 0xf8c3, 0x4000, 0x1, 0xb5}, &(0x7f0000000080), &(0x7f00000000c0))
syz_io_uring_setup(0x738a, &(0x7f00000001c0)={0x0, 0xb545, 0x400, 0x3, 0x124, 0x0, r1}, &(0x7f0000000100), &(0x7f0000000240))
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x10)
r2 = syz_usb_connect(0x0, 0x36, &(0x7f00000004c0)=ANY=[@ANYBLOB="1a0100005c6b4408070a64006e40010203030902240001a8230800090400bc6435fb4d00090503034d00ff99090805", @ANYRES32], &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
syz_usb_disconnect(r2)
syz_usb_control_io$rtl8150(r2, &(0x7f00000003c0)={0x14, &(0x7f0000000280)={0x20, 0x31, 0xc2, {0xc2, 0x31, "31a00628de4ad1c4d6fb2d9c24929212c85da9346fadc4e55871029f13284e4e7586e7b4456cf683cf9c846084a92469e5c5920afebbfe2f60cbc0ddd89faed3d85930251b8ab1a5f1fdaa60702aa1635c59e76bd58f42ea0d888b436483287497e70dd8d9ca19be910d85ecd9dd65f28e8762d5f043b4d4151d9798f258d13c2ee630e729011381414d8f280fa9ee117536edcdeb3e7f345e1fe515582995324c4c43469a395875db51789feddd8c383ae73ab6207317b6654f9563ab7f1409"}}, &(0x7f0000000380)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0xc07}}}, &(0x7f00000005c0)={0x2c, &(0x7f0000000400)={0x20, 0xd, 0x91, "f3b562b6b29ef07c85bab591fb5892768a4a5caf68e5c2562ca3461532eb15f95a8ae4fe688ed2245d4dd3c870383aedc817ff205fe4decb6b64f20aeef29b213e92bd1705655bc228a44eb5b002905c2842ac9967df0aedcc95ba77719d1216a5fcdd6359804358b0352099a8cbaf477530e69691a317061069d6134392d44de66bdca827cf938ad871f3925fae6df055"}, &(0x7f00000004c0)={0x0, 0xa, 0x1, 0x9}, &(0x7f0000000500)={0x0, 0x8, 0x1, 0xa}, &(0x7f0000000540)={0xc0, 0x5, 0x4, "84918b96"}, &(0x7f0000000580)={0x40, 0x5, 0x6, "b88853240309"}})
ioctl$XFS_IOC_FSGEOMETRY_V1(r1, 0x80705864, &(0x7f0000000600))

45.094256037s ago: executing program 2 (id=454):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_usb_connect(0x5, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="120100000cb768405e0483020b9901e4020109021b000100000000090400fb015c291d00090509"], 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000000), 0x3, 0x10f740)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000010c0)}, 0x0)
getsockopt$bt_hci(0xffffffffffffffff, 0x84, 0x6d, 0x0, 0x0) (async)
getsockopt$bt_hci(0xffffffffffffffff, 0x84, 0x6d, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x50)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) (async)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x28}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
r1 = creat(&(0x7f0000000000)='./file0\x00', 0x3)
dup2(r1, r1) (async)
r2 = dup2(r1, r1)
ioctl$BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000240)={'\x00', 0x40, 0xa, 0x1, 0x40000000, 0x10})
ioctl$BLKTRACETEARDOWN(r2, 0x1276, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0x1b, 0x0, 0x0, 0x8000, 0x11404, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
sendmsg$unix(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0xfffffffffffffe96, 0x0, 0x0, 0x0, 0x0, 0x20000001}, 0x40000)
socket$inet_udplite(0x2, 0x2, 0x88) (async)
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000000)) (async)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000000)=<r3=>0x0)
syz_open_procfs$namespace(r3, &(0x7f0000000180)='ns/net\x00') (async)
r4 = syz_open_procfs$namespace(r3, &(0x7f0000000180)='ns/net\x00')
open_by_handle_at(r4, &(0x7f0000000040)=ANY=[@ANYBLOB=' '], 0x0)
listen(0xffffffffffffffff, 0x20) (async)
listen(0xffffffffffffffff, 0x20)
syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x800, 0x1, 0xbfdffffc}, &(0x7f00000000c0), &(0x7f00000003c0))
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50)
sendmsg$nl_xfrm(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="4c0000001f00010029bd7000fedbdf25fc000000000000000000000000000001000004d2020032000a0101020000000000000000000000001b090000000000800c001500"], 0x4c}, 0x1, 0x0, 0x0, 0x8800}, 0xc8)

42.454059535s ago: executing program 2 (id=458):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x14, &(0x7f0000000180)={&(0x7f0000001480)={0x14, 0x36, 0x107, 0x3, 0x0, {0x1, 0x7c}}, 0x14}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)

42.363022003s ago: executing program 2 (id=459):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000080)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_VFIO_IOAS$SET(r0, 0x3b88, &(0x7f00000000c0)={0xc, r1})
ioctl$IOMMU_VFIO_IOAS$GET(r0, 0x3b88, &(0x7f0000000100)={0xc})
ioctl$IOMMU_VFIO_IOAS$CLEAR(r0, 0x3b88, &(0x7f0000000140)={0xc})
ioctl$IOMMU_IOAS_ALLOW_IOVAS(r0, 0x3b82, &(0x7f0000000180)={0x20, r1, 0x0, 0x0, &(0x7f00000001c0)})
ioctl$IOMMU_VFIO_GET_API_VERSION(r0, 0x3b64)
ioctl$IOMMU_VFIO_SET_IOMMU(r0, 0x3b66, 0x3)
ioctl$IOMMU_VFIO_CHECK_EXTENSION(r0, 0x3b65, 0x9)
ioctl$IOMMU_VFIO_IOMMU_GET_INFO(r0, 0x3b70, &(0x7f0000000240)={0x70, 0x0, 0x0, 0x0, {}, {{}, 0x0, 0x0, [{}]}})
ioctl$IOMMU_VFIO_IOMMU_MAP_DMA(r0, 0x3b71, &(0x7f0000000280)={0x20, 0x0, &(0x7f00000002c0)='LLLLLLLLLLLLLLLLLLLLLLLLLLLL', 0x1c, 0x1c})
ioctl$IOMMU_VFIO_IOMMU_UNMAP_DMA(r0, 0x3b72, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000fdff0000000000001c00000000000000"])
ioctl$IOMMU_IOAS_UNMAP$ALL(r0, 0x3b86, &(0x7f0000000340)={0x18, r1})
ioctl$IOMMU_DESTROY$ioas(r0, 0x3b80, &(0x7f0000000380)={0x8, r1})
close(r0)

42.251463263s ago: executing program 2 (id=461):
bpf$MAP_CREATE(0x0, 0x0, 0x50)
socket$alg(0x26, 0x5, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f00000004c0)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r0 = syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x0, 0x0)
sched_setaffinity(0x0, 0xc67e7be33bfcd098, &(0x7f0000000180)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000000880)=""/102400, 0x19000)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000580)={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x26}}, 0x10)
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000280), 0x549882, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000400)={0xc, 0x0, <r3=>0x0})
ioctl$IOMMU_IOAS_COPY(r2, 0x3b83, &(0x7f0000000180)={0x28, 0x5, 0x0, r3, 0x1000, 0x7, 0x3ffe})
r4 = syz_open_dev$video(&(0x7f0000000000), 0x8, 0x0)
ioctl$VIDIOC_S_EXT_CTRLS(r4, 0xc0205648, &(0x7f0000000100)={0x4, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x98f90b, 0x9, '\x00', @value64=0x4}})
r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r5, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r6=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r5, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r6, 0x0, 0x0, 0x0, <r7=>0x0})
ioctl$IOMMU_HWPT_ALLOC$NONE(r5, 0x3b89, &(0x7f0000000180)={0x28, 0x1, r7, r6, 0x0, 0x0, 0x0, 0x0, 0x0})

41.234615862s ago: executing program 4 (id=462):
r0 = openat$mice(0xffffffffffffff9c, &(0x7f0000003a00), 0x4000)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, &(0x7f0000003a80)={0x0, 0x1})
timerfd_settime(r0, 0x0, &(0x7f0000003dc0)={{0x77359400}, {0x0, 0x989680}}, &(0x7f0000003e00))
setsockopt$IP_VS_SO_SET_TIMEOUT(r0, 0x0, 0x48a, &(0x7f0000004e40)={0x9, 0x3, 0xb07}, 0xc)
ioctl$sock_netrom_SIOCDELRT(r0, 0x890c, &(0x7f0000004f40)={0x0, @null, @bpq0, 0xfffffff6, 'syz1\x00', @default, 0x4, 0x6, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @null, @bcast]})

40.426910949s ago: executing program 3 (id=463):
pipe2(&(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x2, 0x4, 0x2, 0x1, 0x22}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@remote, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9d}}, {{@in6=@mcast2, 0x0, 0x2b}, 0x0, @in=@empty, 0x0, 0x4}}, 0xe8)
r2 = socket$key(0xf, 0x3, 0x2)
syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
sendmsg$key(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

40.083757665s ago: executing program 3 (id=464):
syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0), 0xffffffffffffffff)
socket$inet6_mptcp(0xa, 0x1, 0x106)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, 0x0, 0x0)
sendmmsg$unix(r1, 0x0, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x260280, 0x100)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1000, 0x1)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000000340)=<r4=>0x0)
timer_settime(r4, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=ANY=[], &(0x7f0000000180), 0x0)
open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x200000000000000)
recvmmsg(r0, 0x0, 0x0, 0x2, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="660f388173ab0fc76fb4360fc9bb25cc00007666ba6b41b000f303c70fae6e2fc0c00f0f2367260f01ca660f38817700c4c2459d78ad", 0x36}], 0x1, 0x51, 0x0, 0x0)
ioctl$KVM_SET_NESTED_STATE(r7, 0x4080aebf, &(0x7f0000005700)=@vmx={0x0, 0x0, 0x2080, {0x0, 0xf000}, {'\x00', "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a5f2000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fe00"}})
ioctl$KVM_RUN(r7, 0xae80, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x20, 0x8000, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0x5}, 0x0)
syz_open_dev$vcsu(&(0x7f00000000c0), 0x1, 0x100)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))

39.694544572s ago: executing program 2 (id=465):
bpf$MAP_CREATE(0x0, 0x0, 0x50)
socket$alg(0x26, 0x5, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r0 = syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x0, 0x0)
sched_setaffinity(0x0, 0xc67e7be33bfcd098, &(0x7f0000000180)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000000880)=""/102400, 0x19000)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000580)={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x26}}, 0x10)
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000280), 0x549882, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000400)={0xc, 0x0, <r3=>0x0})
ioctl$IOMMU_IOAS_COPY(r2, 0x3b83, &(0x7f0000000180)={0x28, 0x5, 0x0, r3, 0x1000, 0x7, 0x3ffe})
r4 = syz_open_dev$video(&(0x7f0000000000), 0x8, 0x0)
ioctl$VIDIOC_S_EXT_CTRLS(r4, 0xc0205648, &(0x7f0000000100)={0x4, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x98f90b, 0x9, '\x00', @value64=0x4}})
r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r5, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r6=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r5, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r6, 0x0, 0x0, 0x0, <r7=>0x0})
ioctl$IOMMU_HWPT_ALLOC$NONE(r5, 0x3b89, &(0x7f0000000180)={0x28, 0x1, r7, r6, 0x0, 0x0, 0x0, 0x0, 0x0})

39.558356699s ago: executing program 4 (id=467):
bind$bt_hci(0xffffffffffffffff, &(0x7f00000000c0)={0x1f, 0x3}, 0x6)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x15)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
io_setup(0x20, &(0x7f0000001140)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000040)=[&(0x7f0000000080)={0xf, 0x400000000000, 0x25, 0x7, 0x8, r0, 0x0, 0x0, 0x40000000000e7, 0x0, 0x2, r0}])
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x3000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6)
openat$audio(0xffffffffffffff9c, 0x0, 0x2b01, 0x0)
openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x80200, 0x0)
syz_open_dev$sndmidi(0x0, 0x2, 0x40102)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r5, 0x8924, &(0x7f0000000000)={'veth0_vlan\x00', @random="010000201000"})

38.393561755s ago: executing program 4 (id=468):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
ioctl$CEC_TRANSMIT(0xffffffffffffffff, 0xc0386105, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5)
getpgrp(0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
ioctl$TCSETSF(0xffffffffffffffff, 0x5457, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r1 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f0000000340)=[@in6={0xa, 0x4e23, 0x7, @remote, 0x8}]}, &(0x7f0000000180)=0x10)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={<r3=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000140)=@assoc_value={r3, 0x40}, 0x8)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000200)={r3, 0x8}, 0x8)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_io_uring_setup(0x10e, &(0x7f00000000c0)={0x0, 0x8d2d9, 0x0, 0xfffeffff}, &(0x7f00000003c0)=<r4=>0x0, &(0x7f0000000140))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_DEBUG_GET(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)={0x18, r6, 0x1, 0x70bd2c, 0x25dfdbfb, {}, [@HEADER={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x40000}, 0x4000)
r7 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r7, 0x0, 0xc8, &(0x7f00000000c0), 0x4)
setsockopt$MRT_DONE(r7, 0x0, 0xc9, 0x0, 0x0)
r8 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x800, 0xffffffff, 0xbfe00000}, &(0x7f0000000000)=<r9=>0x0, &(0x7f0000000280))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
io_uring_register$IORING_REGISTER_PERSONALITY(r8, 0x9, 0x0, 0x0)

37.756950239s ago: executing program 1 (id=470):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000080)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_VFIO_IOAS$SET(r0, 0x3b88, &(0x7f00000000c0)={0xc, r1})
ioctl$IOMMU_VFIO_IOAS$GET(r0, 0x3b88, &(0x7f0000000100)={0xc})
ioctl$IOMMU_VFIO_IOAS$CLEAR(r0, 0x3b88, &(0x7f0000000140)={0xc})
ioctl$IOMMU_IOAS_ALLOW_IOVAS(r0, 0x3b82, &(0x7f0000000180)={0x18, r1, 0x0, 0x0, &(0x7f00000001c0)})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000580)=[@text32={0x20, &(0x7f0000000140)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d2f2f800000c0d23266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x80, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000040)={0x1})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_PIT(r3, 0x8048ae66, &(0x7f00000002c0)={[{0x9, 0x0, 0x0, 0x0, 0x0, 0x8, 0x9, 0x0, 0x0, 0x3}, {}, {0xeda7, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x2}]})
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x20000000, 0x3, 0xfffffffffffffffc, 0x0, 0x0, 0x2004cb, 0x3, 0x0, 0xfffffffffffffff8, 0x9, 0xfffffffffffff2a7, 0x2000000000003ff, 0x2], 0x0, 0x200306})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$IOMMU_VFIO_GET_API_VERSION(r0, 0x3b64)
ioctl$IOMMU_VFIO_SET_IOMMU(r0, 0x3b66, 0x3)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmsg$inet6(r5, &(0x7f0000000640)={0x0, 0x0, 0x0}, 0x801)
dup(r5)
getdents64(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x32600)
socket(0x1e, 0x805, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r6 = getpid()
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))

37.616016143s ago: executing program 0 (id=471):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000080)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_VFIO_IOAS$SET(r0, 0x3b88, &(0x7f00000000c0)={0xc, r1})
ioctl$IOMMU_VFIO_IOAS$GET(r0, 0x3b88, &(0x7f0000000100)={0xc})
ioctl$IOMMU_VFIO_IOAS$CLEAR(r0, 0x3b88, &(0x7f0000000140)={0xc})
ioctl$IOMMU_IOAS_ALLOW_IOVAS(r0, 0x3b82, &(0x7f0000000180)={0x20, r1, 0x0, 0x0, &(0x7f00000001c0)})
ioctl$IOMMU_VFIO_GET_API_VERSION(r0, 0x3b64)
ioctl$IOMMU_VFIO_SET_IOMMU(r0, 0x3b66, 0x3)
ioctl$IOMMU_VFIO_CHECK_EXTENSION(r0, 0x3b65, 0x9)
ioctl$IOMMU_VFIO_IOMMU_GET_INFO(r0, 0x3b70, &(0x7f0000000240)={0x70, 0x0, 0x0, 0x0, {}, {{}, 0x0, 0x0, [{}]}})
ioctl$IOMMU_VFIO_IOMMU_MAP_DMA(r0, 0x3b71, &(0x7f0000000280)={0x20, 0x0, &(0x7f00000002c0)='LLLLLLLLLLLLLLLLLLLLLLLLLLLL', 0x1c, 0x1c})
ioctl$IOMMU_VFIO_IOMMU_UNMAP_DMA(r0, 0x3b72, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000fdff0000000000001c00000000000000"])
ioctl$IOMMU_IOAS_UNMAP$ALL(r0, 0x3b86, &(0x7f0000000340)={0x18, r1})
ioctl$IOMMU_DESTROY$ioas(r0, 0x3b80, &(0x7f0000000380)={0x8, r1})
close(r0)

37.5867451s ago: executing program 4 (id=472):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000003c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x4, 0x0, 0x806, 0x5, 0xffffffff}, 0x0)
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, <r5=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r4, 0x3b85, &(0x7f0000000040)={0x28, 0x7, r5, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r4, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r5, 0x0, <r6=>0xffffffffffffffff, 0x1})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r4, 0x3ba0, &(0x7f0000000100)={0x48, 0x7, r6, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x334e8b})
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0xe, &(0x7f00000021c0)=ANY=[@ANYBLOB="b70200001000b15cbfa300000000000007030000f8ffffff7a0af0ff0000000079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7050000010000006a0af2fe0000000085000000a3000000b700000000000000950000000000000000e154cd8445974b26c933f7ffffffffe4fbffffff55bb2007ee51050512b5b42128aa090a79507df79f298129daa7a6b2f91af50342115e17392ac627c87867c000006146001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b2314fd085f028f2ed1a4535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024b7041b1df65b3e1b9bf115646d14ce53d13d0ccacda1ef0900094fa737c28b99938512c816fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271d6d7f4ea6bf97f2f33e2ea2e534300bcb3fdc4b4861004eefbda7f54f82a804da4f86bb47a4a69bf9bc5fa96ee293fbd165a5a68488e40b030166565a097b1b44b451de736bb6d43db8dd63d4b77b206000000000000e254a6d491b849a5a787e814c4fd21a18986252a70f8f92eb6f0e8c7db4bf23242a1f2c28159f09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad91935a6ddfa8f90e79321a0574fb30ff0000001989328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85821d0c48fb657c29b309c73f0977e7cde65a82b94c461d7962b0d2277a84af326f3813e2c25a61ec45c3af9948f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f47cc180f82c5f573c6d294d3665016ac59dda0fde4745db06753a7ac74a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4aff2066bb5d4045c958559b7dcb98a6273b8c651e24d9f679e4fbe948dfb4cc4a389469600241730459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed6eea7b9c670012be05e7de0940313c5870786554df26236ebced9390cb6941b8375d936a7d2120eca291963eb2d537d8ee4de5c12e28ef97d9ebd9c77f1774cf4683c960119451c31539b22809e1d7f0cda06a9fa87d64cb77872a2cd8a104e16bb1a2bacf13464ca03aff14a9aa4bd9539f5096412b92012e095b84c20243ff98df3347f011000000f27e3c33269c0e153b28b2d4410572bc45b9d3fa02208d304d455c36300000000022320178b00cc6ed7966130b547dbf8b497a6103876843ee04ed9ff002000000cd1d00000020000000ef19349ee7f31abc11c800000000000000000000000928ee53595a779d243a48cea769470424d28804c04b2c4324ab7f4a5c81921f0128dfd70b438af60b060000000000000056642b49b745f3bf2cf7908b6d7d748308eea09fc361b4735efbf3411718d6ee7aebf9ef679dbfae9fb4a79f8a836804ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd1304202274f20675eb781925440578e93046aaddea8ec4ca37f71c2710a7ea8ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec780f535e62f4eeee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e9338c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada201bcbb5c252b28a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6151d79c1cee1cd102e3c8e63e9fba05e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2b485185cc92fe7f791e8f6429309d6adab4b96508e5bf024ed8f8a005f2bbf96c89739f5cf1e750d50517a59a3ad09e8802e8f4f535447cc0fc9d5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f95d4a31838eeb20c20bb82aa31771cd379ec83554cea5e6539db7384e1f58d81f2f2653c4d9818708e25c89b552d7fcd116bce9c764c714c9402c21d1aac59efb28d4f91652f6000000000000000320f8059195729d60c534ee8e8ff0755b67fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf000000c42a575939206d0c0f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284db80e4636c25b96174327d82761c26e329555f9290af4100000000000000ff0ffd3763655500344bae34137f5ab0d534b8d63e4ca3b671f2de1cdf519192c6b59a601fd419adc16e2055b85058f793484305d7a1759782e4c571ee855a47bc00edf5e9020c09ab004321610b857e8717764b633b21cb32f0e03280e09758bd445ab91d20baca005452b79d7b574a247f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92332af00f191b66b6a6f732a91f0e2e9120be61e58c79d497247d278888901d442ad7f8536607a644e9e3d769db497c3960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733e57f31019876026888c8ccb85c86b4f8ffffff7f000000002c331fca0e541b7ca211c28ed61c525708a13d115b43f8b1894c8fa8a14dc4810f61ae96c18cc7130000000000002100000000000000000001000027c9a46157a3609b6fd9843ee19ec647249a9375de5858818f3c4a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b5143ed3b3dc8c17a23692759ccf5a205311b7ab22532697b861dfb54609fd88e6043bd52ae84c1bb0c8000000edb3d42c68a27ef6a1296dfff4a979369b0e8ebc62887aa46e820a74f91381dcc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e80063bde261fd00000000007271e28ef6806bc8e139c49b91c76bea3858f7f05b47d3e519f1634e8fbd8d31330d89069f9648a2ff93060ff073b3a113e47edf76f7b0976cf2ec447c030931651dd315003b7a6a5433a2bb560ae99ec4b227eda2e63a1c31a2c2bd48a822cbe92b6524e0cd8020ecaa34e19e7141d5e221509342bfe7d294d1eb3de6a50ca0301f89c2ee627e949c68b3a4a426a996d503a26e9a714ee5f72d8805dd1bfbd081f6a5d1f1289dfe14cb9194e26a44fac273461fc5c0e0a33db76cf059f40fa2640b6bfb74dd35391b8fa18479da9f4b6641fce9a24b96767b837ca037a1199735c375c705c798e0e208e4a5259d0bfa526b462af45a6eab34000000000000000000000000c4426344ec1a3366515dee221e747f55d7dd02534bc503b9b28277c253e410986bef2111a99cc448d652929f8a67a6a1d3f00dcad91aff428aade3f85714a1d3ef29acd4d49b62339c10c2ec0dac4728288e78980c1184d8223edbccbf9258b7374e79a1f8bf3fb73c8c6dbb7bbdfc399847db97c02461792e3a49dac16c60c3fcaab222025d78963c3ac899fa8b63f58a30212c9b2d7fe751e2046b78f86e22861b6504c667350244dd6d9189a8b9c45f8aaff9db694811ca86ed978f23eed7459c0382074170cf1e25b0e9ba3d1cc309353eea4cd8ab96bafda393276bdd8d32ead8db9e1b252a37ff7e0d45728fc1a6ec566981bc8ccfe6cc1897449ba5f26a9d66ac73e6f5c401376f23a314e0b9ff997d22f3e34b7524642c248aa813edaa626f0000000000000000000000000000000003ba34b611569a451564d3a5400f9097ffe7a37e765be352be71ee24250d6828562c7e24cb763062d6000c409de6a6135eae8a00000000008d797190a26c933f933aff5c521eeb7a84a62d148a846e74e76b515b6b8be29e8b69310fa130cf6d6b74f33205d3cc218ca554ed8085ae044f5bf2e89a0000bde05c114e7a020fc1a5fd3eeeb822008b2d7d1cc062b51b0aca4956b557e51a1385cc572b0074b0950fb1437de2590bf99ec7ceb69e1fe2465fce099c992d57b804a22e148ae3411523814aee03ee2df877edfabf4aa94f07c6fdd127e57a8bf7975f2e606c25a299980a6e52fcf7849d45bb38573fbba8afef1aa7a24c805f7aee3e39a3000000000000000000000000000000000000878f88c4742ac490951c36c610a0d266588ec6a0bd300cf160b5a5d9e9fafa49ecc8430832d795e727b7fc2b76e7fc4141fdbb82f45d3cdd3fb8d4b443ab4954fdf5c1b9a6ab3e457f098329307ccb0a1989b6c37509692e952e7244f48bc12569ff8eb30d0f887b85b5ef44fb9a7571319190be0c226ed72f346cc4aa071ae0c72fa8bd00d5590c4f4ba65d0c8e1f4870fe3c414681e41b40163eb1aa2a7429a2208cd6e69c7d959e87da3fd0101159a03ab7fe78881ee7a1ee7a2edff75fb18a181e0c54352be2b7a5b5273198291c28d9141deeb3cdba5d414ae4b0000000000000000000000000009eacd83458d8a606be71970497a4fd4ca3b48ca482ab3804e2fac216b3ba613608b1a465456a33fd08491d337d7344c01cfc9e73bf1bca1cbec7614c8c3c76411e61fef6a93da8914490b50bd837d068e9bf8f3348794a44115d163b5ff85629b0a3ad4023448140770de2e5f262b9a50afcc210b8d8ea24b6dd7d068b356f53afaf89acae30935ec92657e37bf0821cbe612ac2aa7baf4d21ab373ea4fea57d0d9ac418862e791df3d1d85bb780fbfa401e09e3745d70174dd9ab52cdcadfd3454916408810090a19fa1cf0df6aa714fbcffbb7d6c7f45237df3296867725fd2bdbcd2f7ab10fea0fe85ce1137e775e4c01a136aed7f1d0d192a95be64bab53144ff3efd87fcb6421483e6a1690408712913dfb10a88201340c96dfd745a84dc177dd7a598ec015daa56eb0924e01df353a9ad69d0a59e40203018c82e74f39f8c4cb8823f0bfdfe170549e305628625f50"], &(0x7f0000000b80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffedf, 0x10, &(0x7f0000000040)}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000680)={r8, 0x0, 0xe, 0x0, &(0x7f0000000300)="14fd54ab72df97e6256c00000000", 0x0, 0xfeff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001640)=@newtaction={0x94, 0x30, 0x1, 0x0, 0x0, {}, [{0x80, 0x1, [@m_mpls={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_MPLS_PARMS={0x1c, 0x2, {{}, 0x4}}]}, {0x4}, {0xc}, {0xc}}}, @m_pedit={0x30, 0x2, 0x0, 0x0, {{0xa}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x94}}, 0x0)
r9 = syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000c00000/0x400000)=nil)
r10 = syz_kvm_add_vcpu$x86(r9, &(0x7f00000001c0)={0x0, &(0x7f0000000f40)=[@wrmsr={0x65, 0x1f, {0x40000092, 0x20000000000}}], 0x20})
ioctl$KVM_SET_CPUID2(r10, 0x4008ae90, &(0x7f0000000140)={0x1, 0x0, [{0x40000001, 0x7fff, 0x4, 0x31237648, 0x6, 0x2, 0xb73}]})
ioctl$KVM_CAP_HYPERV_ENFORCE_CPUID(r10, 0x4068aea3, &(0x7f00000000c0)={0xc7, 0x0, 0x1})
ioctl$KVM_RUN(r10, 0xae80, 0x0)
r11 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r11, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=@newtaction={0xb4, 0x30, 0x48b, 0x0, 0x0, {}, [{0xa0, 0x1, [@m_ctinfo={0x48, 0x2, 0x0, 0x0, {{0xb}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CTINFO_ACT={0x9, 0x3, {0x0, 0xa, 0x20000001, 0x6, 0x101}}]}, {0x4}, {0xc}, {0xc}}}, @m_nat={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0x400, 0x0, 0x0, 0x2}, @multicast2, @remote}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x3}}}}]}]}, 0xb4}, 0x1, 0x0, 0x0, 0x4048000}, 0x0)

37.540122143s ago: executing program 0 (id=473):
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x109980, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_XCRS(r2, 0x4188aea7, &(0x7f00000015c0)={0x2b, 0x0, [{0x2, 0x0, 0x401}, {0x4, 0x0, 0xae}, {0x4}, {0x8, 0x0, 0x6}, {0x1, 0x0, 0x2c}, {0x4b2e, 0x0, 0x2}, {0xfffffffb, 0x0, 0x400000000000b0}, {0x80, 0x0, 0x6}, {0xc, 0x0, 0x8000000000000001}, {0x400, 0x0, 0x6}, {}, {0x7, 0x0, 0x5}, {0x7, 0x0, 0x1}, {0xfffffff9, 0x0, 0xfffffffffffff801}, {0x8, 0x0, 0x7}, {0x440, 0x0, 0x10f4}]})

37.369883883s ago: executing program 0 (id=474):
pipe2(&(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x2, 0x4, 0x2, 0x1, 0x22}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@remote, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9d}}, {{@in6=@mcast2, 0x0, 0x2b}, 0x0, @in=@empty, 0x0, 0x4}}, 0xe8)
r2 = socket$key(0xf, 0x3, 0x2)
syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
sendmsg$key(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

36.910583615s ago: executing program 0 (id=475):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
ioctl$vim2m_VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, &(0x7f00000000c0)={0x0, 0x50424752, 0x2, @stepwise={0x5, 0xbc, 0x4, 0x766, 0x6, 0x2}})
syz_emit_vhci(&(0x7f0000000140)=@HCI_EVENT_PKT={0x4, @hci_ev_remote_host_features={{0x3d, 0xe}, {@none, "0036de8bfb6daf76"}}}, 0x11)
sched_setaffinity(0x0, 0x8, &(0x7f0000000100)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000)
socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/diskstats\x00', 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$COMEDI_INSN(0xffffffffffffffff, 0x8028640c, &(0x7f0000000000)={0x4000000, 0x92, 0x0, 0x1, 0x80000000})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f0000000200)={0x6, <r5=>0x0, 0x1})
ioctl$DRM_IOCTL_AGP_FREE(0xffffffffffffffff, 0x40206435, &(0x7f00000001c0)={0x0, r5})
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000900)={'bridge0\x00', @remote})
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
sendmsg$NFT_MSG_GETOBJ_RESET(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r6, 0x89a1, &(0x7f0000000900)={'bridge0\x00', @broadcast})
r7 = syz_open_procfs$namespace(0x0, 0x0)
r8 = ioctl$NS_GET_PARENT(r7, 0xb702, 0x0)
r9 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000400)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103", @ANYRES8=r0], 0x0)
syz_usb_control_io$hid(r9, &(0x7f0000000240)={0x24, &(0x7f00000003c0)=ANY=[@ANYBLOB="00000c000000070001"], 0x0, 0x0, 0x0}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=@base={0x7, 0x4, 0x18, 0x28e, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1a000000}, 0x48)
syz_usb_control_io(r9, 0x0, &(0x7f0000001200)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x20, 0x0, 0x4, {0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r10 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x14)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r2, 0xc018937b, &(0x7f0000000580)={{0x1, 0x1, 0x18, r7, {<r11=>0xee00, 0xee01}}, './file0\x00'})
sendmsg$netlink(r3, &(0x7f00000009c0)={&(0x7f0000000080)=@proc={0x10, 0x0, 0x25dfdbfe, 0x200000}, 0xc, &(0x7f0000000940)=[{&(0x7f00000004c0)={0x58, 0x1b, 0x200, 0x70bd29, 0x25dfdbfc, "", [@nested={0x39, 0xa0, 0x0, 0x1, [@generic, @generic="6a95ba566f5deb71ea", @nested={0x4, 0x117}, @nested={0x4, 0x77}, @typed={0x8, 0xef, 0x0, 0x0, @pid}, @typed={0xc, 0x36, 0x0, 0x0, @u64=0x40}, @typed={0x4, 0x135}, @nested={0x4, 0x95}, @typed={0x7, 0x32, 0x0, 0x0, @str='\\+\x00'}]}, @typed={0xc, 0x84, 0x0, 0x0, @u64=0x4}]}, 0x58}, {&(0x7f0000000380)={0x24, 0x13, 0x20, 0x70bd2a, 0x25dfdbfe, "", [@typed={0xc, 0xb7, 0x0, 0x0, @u64=0x40}, @typed={0x8, 0x129, 0x0, 0x0, @fd=r8}]}, 0x24}, {&(0x7f000001b000)={0x20, 0x41, 0x10, 0x70bd28, 0x25dfdbfe, "", [@nested={0x4, 0xe1}, @typed={0xc, 0x1a, 0x0, 0x0, @u64}]}, 0x20}, {&(0x7f0000000540)={0x18, 0x38, 0x100, 0x70bd26, 0x8, "", [@generic="b3d7e695c330076a"]}, 0x18}, {&(0x7f000001c140)={0x15c, 0x2d, 0x400, 0x70bd28, 0x25dfdbfe, "", [@typed={0x14, 0x134, 0x0, 0x0, @ipv6=@local}, @typed={0xc, 0xc9, 0x0, 0x0, @u64=0x9}, @nested={0x2c, 0xf5, 0x0, 0x1, [@typed={0x8, 0xec, 0x0, 0x0, @ipv4=@loopback}, @typed={0xc, 0xf3, 0x0, 0x0, @u64=0x64c}, @nested={0x4, 0xf6}, @typed={0x8, 0x97, 0x0, 0x0, @uid=r11}, @nested={0x4, 0x121}, @nested={0x4, 0x98}]}, @nested={0xfd, 0xf9, 0x0, 0x1, [@generic="7e2e69085df2267ffae999ff52129158862e798ae291318a57b9df5ec7ed3a46834986589ac962120e176b9add270b5e8a4e6817393d24543259ed446c693b801728358d28bcef880c6aaa53a417a84aed9412f2d642998dd59b102f0ece5576684b7c5e0912ca6673c1a14fa5dcd76bf55c550db57bf09db364999eda3ea7ac5acaae3678b9fcbcfe4dbd118697b93f46344f40f1817520eb7acdaa543eac615f09fb45fc0d01c2a54f7bdae07befcccc8e119ace36f3999ab0bb93d5587242edd42f4d33864fdc510a26406963c37e3fdb4e4c37ef29c77dde75bb7f1e74888cbb38fb2a410cc459e7038817db5a60ecbf5f92ff26ca2e99"]}]}, 0x15c}, {&(0x7f0000000640)={0x114, 0x34, 0x400, 0x70bd2a, 0x25dfdbfb, "", [@typed={0x8, 0x12b, 0x0, 0x0, @ipv4=@local}, @typed={0x4, 0x3c}, @generic="7cf993592c6700d2ba74d1e69350b8794500863d780393435e634941ebe7ff08a0b9a483b525d669d7b9dff251e8009ed39d08dd85dd2f5760ab1f809de105aea778fb0355a1b36451db764140f1c98c84b887e706b4d0e22ec89926d6006431d185da5b4e6d9c8e8ccfef855c37ae80578c471816aee530f8700ded94ce06bc0312b5b0b3a5ed18e15110c8bdfa1cde76175cf6d301000000f39ff5f74d671a5bf67906dcbf468bc34ed226c01ab50baa44beaafff9762296a3afc4743d052d664c8c88e80fe33fd522209dafdc3df69eecc0c81f152b1e8390f76bc0c58df6275264049ce1c0387c9ebea1fdb3fb2c704f9a8b9b742ceb"]}, 0x114}, {&(0x7f0000000780)={0x104, 0x33, 0x100, 0x70bd27, 0x25dfdbfd, "", [@generic="6963ecf6ee593234c2a0fc1171c86ca6341266faf139b9f796477d5c985144c2838273571869fbd0cabf23b3a0e703b949fff314c61312d82a61003db3b9f3b07e6445fbe671fdf4514234e80b6355c1e2c689709b7cd97f73f7b88a229ec2c6c7f6c5831c67bc56e76b254d7b75bf16005e35797ea4615b8d8a11e374375ec643ad97d0420fb637347b5abfbf9a2a17aef30a65671907ff9e96fe8dbf138fc4a8353aa18577ef13e8ab5ad52c92e9acd176ffaa7ce2266d04d7dbb0cee7bceed3a376d7a659809620925719f2b3de2bf20fa1df014e92ce676060ff13caebf590277a780ae50a1aaa0ffcb8a6ef95a4cc48"]}, 0x104}], 0x7, &(0x7f00000008c0)}, 0x40004)
fcntl$setlease(r10, 0x400, 0x0)

36.791720415s ago: executing program 3 (id=476):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
ioctl$vim2m_VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, &(0x7f00000000c0)={0x0, 0x50424752, 0x2, @stepwise={0x5, 0xbc, 0x4, 0x766, 0x6, 0x2}})
syz_emit_vhci(&(0x7f0000000140)=@HCI_EVENT_PKT={0x4, @hci_ev_remote_host_features={{0x3d, 0xe}, {@none, "0036de8bfb6daf76"}}}, 0x11)
sched_setaffinity(0x0, 0x8, &(0x7f0000000100)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000)
socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/diskstats\x00', 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$COMEDI_INSN(0xffffffffffffffff, 0x8028640c, &(0x7f0000000000)={0x4000000, 0x92, 0x0, 0x1, 0x80000000})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f0000000200)={0x6, <r5=>0x0, 0x1})
ioctl$DRM_IOCTL_AGP_FREE(0xffffffffffffffff, 0x40206435, &(0x7f00000001c0)={0x0, r5})
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000900)={'bridge0\x00', @remote})
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
sendmsg$NFT_MSG_GETOBJ_RESET(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r6, 0x89a1, &(0x7f0000000900)={'bridge0\x00', @broadcast})
r7 = syz_open_procfs$namespace(0x0, 0x0)
r8 = ioctl$NS_GET_PARENT(r7, 0xb702, 0x0)
r9 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000400)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103", @ANYRES8=r0], 0x0)
syz_usb_control_io$hid(r9, &(0x7f0000000240)={0x24, &(0x7f00000003c0)=ANY=[@ANYBLOB="00000c000000070001"], 0x0, 0x0, 0x0}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=@base={0x7, 0x4, 0x18, 0x28e, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1a000000}, 0x48)
syz_usb_control_io(r9, 0x0, &(0x7f0000001200)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x20, 0x0, 0x4, {0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r10 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x14)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r2, 0xc018937b, &(0x7f0000000580)={{0x1, 0x1, 0x18, r7, {<r11=>0xee00, 0xee01}}, './file0\x00'})
sendmsg$netlink(r3, &(0x7f00000009c0)={&(0x7f0000000080)=@proc={0x10, 0x0, 0x25dfdbfe, 0x200000}, 0xc, &(0x7f0000000940)=[{&(0x7f00000004c0)={0x4c, 0x1b, 0x200, 0x70bd29, 0x25dfdbfc, "", [@nested={0x30, 0xa0, 0x0, 0x1, [@generic, @generic, @nested={0x4, 0x117}, @nested={0x4, 0x77}, @typed={0x8, 0xef, 0x0, 0x0, @pid}, @typed={0xc, 0x36, 0x0, 0x0, @u64=0x40}, @typed={0x4, 0x135}, @nested={0x4, 0x95}, @typed={0x7, 0x32, 0x0, 0x0, @str='\\+\x00'}]}, @typed={0xc, 0x84, 0x0, 0x0, @u64=0x4}]}, 0x4c}, {&(0x7f0000000380)={0x24, 0x13, 0x20, 0x70bd2a, 0x25dfdbfe, "", [@typed={0xc, 0xb7, 0x0, 0x0, @u64=0x40}, @typed={0x8, 0x129, 0x0, 0x0, @fd=r8}]}, 0x24}, {&(0x7f000001b000)={0x20, 0x41, 0x10, 0x70bd28, 0x25dfdbfe, "", [@nested={0x4, 0xe1}, @typed={0xc, 0x1a, 0x0, 0x0, @u64}]}, 0x20}, {&(0x7f0000000540)={0x18, 0x38, 0x100, 0x70bd26, 0x8, "", [@generic="b3d7e695c330076a"]}, 0x18}, {&(0x7f000001c140)={0x15c, 0x2d, 0x400, 0x70bd28, 0x25dfdbfe, "", [@typed={0x14, 0x134, 0x0, 0x0, @ipv6=@local}, @typed={0xc, 0xc9, 0x0, 0x0, @u64=0x9}, @nested={0x2c, 0xf5, 0x0, 0x1, [@typed={0x8, 0xec, 0x0, 0x0, @ipv4=@loopback}, @typed={0xc, 0xf3, 0x0, 0x0, @u64=0x64c}, @nested={0x4, 0xf6}, @typed={0x8, 0x97, 0x0, 0x0, @uid=r11}, @nested={0x4, 0x121}, @nested={0x4, 0x98}]}, @nested={0xfd, 0xf9, 0x0, 0x1, [@generic="7e2e69085df2267ffae999ff52129158862e798ae291318a57b9df5ec7ed3a46834986589ac962120e176b9add270b5e8a4e6817393d24543259ed446c693b801728358d28bcef880c6aaa53a417a84aed9412f2d642998dd59b102f0ece5576684b7c5e0912ca6673c1a14fa5dcd76bf55c550db57bf09db364999eda3ea7ac5acaae3678b9fcbcfe4dbd118697b93f46344f40f1817520eb7acdaa543eac615f09fb45fc0d01c2a54f7bdae07befcccc8e119ace36f3999ab0bb93d5587242edd42f4d33864fdc510a26406963c37e3fdb4e4c37ef29c77dde75bb7f1e74888cbb38fb2a410cc459e7038817db5a60ecbf5f92ff26ca2e99"]}]}, 0x15c}, {&(0x7f0000000640)={0x114, 0x34, 0x400, 0x70bd2a, 0x25dfdbfb, "", [@typed={0x8, 0x12b, 0x0, 0x0, @ipv4=@local}, @typed={0x4, 0x3c}, @generic="7cf993592c6700d2ba74d1e69350b8794500863d780393435e634941ebe7ff08a0b9a483b525d669d7b9dff251e8009ed39d08dd85dd2f5760ab1f809de105aea778fb0355a1b36451db764140f1c98c84b887e706b4d0e22ec89926d6006431d185da5b4e6d9c8e8ccfef855c37ae80578c471816aee530f8700ded94ce06bc0312b5b0b3a5ed18e15110c8bdfa1cde76175cf6d301000000f39ff5f74d671a5bf67906dcbf468bc34ed226c01ab50baa44beaafff9762296a3afc4743d052d664c8c88e80fe33fd522209dafdc3df69eecc0c81f152b1e8390f76bc0c58df6275264049ce1c0387c9ebea1fdb3fb2c704f9a8b9b742ceb"]}, 0x114}, {&(0x7f0000000780)={0x104, 0x33, 0x100, 0x70bd27, 0x25dfdbfd, "", [@generic="6963ecf6ee593234c2a0fc1171c86ca6341266faf139b9f796477d5c985144c2838273571869fbd0cabf23b3a0e703b949fff314c61312d82a61003db3b9f3b07e6445fbe671fdf4514234e80b6355c1e2c689709b7cd97f73f7b88a229ec2c6c7f6c5831c67bc56e76b254d7b75bf16005e35797ea4615b8d8a11e374375ec643ad97d0420fb637347b5abfbf9a2a17aef30a65671907ff9e96fe8dbf138fc4a8353aa18577ef13e8ab5ad52c92e9acd176ffaa7ce2266d04d7dbb0cee7bceed3a376d7a659809620925719f2b3de2bf20fa1df014e92ce676060ff13caebf590277a780ae50a1aaa0ffcb8a6ef95a4cc48"]}, 0x104}], 0x7, &(0x7f00000008c0)}, 0x40004)
fcntl$setlease(r10, 0x400, 0x0)

36.470712082s ago: executing program 1 (id=477):
r0 = openat$mice(0xffffffffffffff9c, &(0x7f0000003a00), 0x4000)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, &(0x7f0000003a80)={0x0, 0x1})
timerfd_settime(r0, 0x0, &(0x7f0000003dc0)={{0x77359400}, {0x0, 0x989680}}, &(0x7f0000003e00))
setsockopt$IP_VS_SO_SET_TIMEOUT(r0, 0x0, 0x48a, &(0x7f0000004e40)={0x9, 0x3, 0xb07}, 0xc)
ioctl$sock_netrom_SIOCDELRT(r0, 0x890c, &(0x7f0000004f40)={0x0, @null, @bpq0, 0xfffffff6, 'syz1\x00', @default, 0x4, 0x6, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @null, @bcast]})

36.323625153s ago: executing program 1 (id=478):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="500000000206050000000000000000000000000005000108070000000900020073797a31000000000c00078008001240000000000c000300686173683a697000050005000a0000000500040001000000"], 0x50}, 0x1, 0x0, 0x0, 0x4004000}, 0x40080)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x2000)=nil, 0x2000, &(0x7f0000000000))
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0)
syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, 0x0, 0x20000000)
socket$inet_smc(0x2b, 0x1, 0x0)
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000340)={0x0, 0x0})
ioperm(0x0, 0x2, 0x7e)
gettid()
timer_settime(0x0, 0x0, &(0x7f0000000400)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
mknod(&(0x7f0000000180)='./file0\x00', 0x1ffa, 0x43)
acct(&(0x7f0000000140)='./file0\x00')
prlimit64(0x0, 0xe, 0x0, 0x0)

36.189214161s ago: executing program 4 (id=479):
syz_open_dev$sndpcmp(&(0x7f0000000180), 0x1, 0x1)
syz_open_dev$sndpcmc(&(0x7f0000000000), 0x8, 0x8200)
r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000), 0x41, 0x0)
syz_open_dev$sndmidi(0x0, 0x2, 0x141101)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000000c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000001440), 0x101000, 0x0)
ioctl$IOMMU_VFIO_SET_IOMMU(r3, 0x3b66, 0x3)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r6 = socket(0x400000000010, 0x3, 0x0)
r7 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r0)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000200)={'wlan0\x00', <r10=>0x0})
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000003c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000340)={0x68, r9, 0x200, 0x70bd2a, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_WANT_1X_4WAY_HS={0x4}, @NL80211_ATTR_BSS_SELECT={0x48, 0xe3, 0x0, 0x1, {0x44, 0x0, [@NL80211_BSS_SELECT_ATTR_RSSI_ADJUST={0x6, 0x3, {0x0, 0xe}}, @NL80211_BSS_SELECT_ATTR_RSSI_ADJUST={0x6, 0x3, {0x4, 0x7}}, @NL80211_BSS_SELECT_ATTR_RSSI_ADJUST={0x6}, @NL80211_BSS_SELECT_ATTR_RSSI_ADJUST={0x6, 0x3, {0xb, 0x5}}, @NL80211_BSS_SELECT_ATTR_RSSI_ADJUST={0x6, 0x3, {0xa}}, @NL80211_BSS_SELECT_ATTR_RSSI_ADJUST={0x6, 0x3, {0x8, 0x3}}, @NL80211_BSS_SELECT_ATTR_RSSI_ADJUST={0x6, 0x3, {0xb, 0x19}}, @NL80211_BSS_SELECT_ATTR_RSSI_ADJUST={0x6, 0x3, {0x9, 0x1}}]}}]}, 0x68}, 0x1, 0x0, 0x0, 0x4008000}, 0xc004)
sendmsg$nl_route_sched(r6, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r8, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000480)=@newtfilter={0x84, 0x2c, 0xd27, 0x70bd26, 0x25dfdc00, {0x0, 0x0, 0x0, r8, {0x2, 0x4}, {}, {0x8, 0xf}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x6, 0x1000, 0x20000000, 0xfffffffc, 0x7ff}}]}, {0x4}, {0x2, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x20000010}, 0x20000000)
getpid()
sendmsg$nl_route_sched(r4, &(0x7f0000000700)={0x0, 0x1e5, &(0x7f00000006c0)={&(0x7f0000000440)=@deltaction={0x28, 0x32, 0x101, 0x0, 0x0, {}, [@TCA_ACT_TAB={0x14, 0x1, [{0x10, 0x1, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'gact\x00'}}]}]}, 0x28}}, 0x0)
r11 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000440)='loginuid\x00')
pwritev(r11, &(0x7f0000000500), 0x0, 0x6, 0x0)

35.071086736s ago: executing program 1 (id=480):
socket$inet6_sctp(0xa, 0x1, 0x84)
close(0x3)
socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x21, 0x0, 0x0)
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x14, 0x0, 0x0)
socket(0x1a, 0x80000, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400010bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0))
socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000940)=ANY=[@ANYBLOB="500100001a000100000000000200000002001c1f0000c808fffeffea0800", @ANYRES32=r3, @ANYBLOB="06"], 0x150}, 0x1, 0x0, 0x0, 0x2000c094}, 0x4040080)

34.47161048s ago: executing program 2 (id=481):
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/arp\x00')
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000100)={0x1f, 0xffff}, 0x6)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xd06)
ioctl$TCFLSH(r2, 0x400455c8, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x800)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x16, 0x4, &(0x7f0000000540)=ANY=[], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x46, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x80, 0x5}, 0x8, 0x10, &(0x7f0000000000)={0x4}, 0x10}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYRESDEC=r0, @ANYRES32=r1, @ANYRESOCT, @ANYRESHEX=r3, @ANYRESHEX=r0], 0x48)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000040)={0xffffffffffffffff, r0}, 0xffffffffffffffc4)
sched_setscheduler(0x0, 0x2, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r4 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
r6 = epoll_create1(0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r7, &(0x7f0000000100)={0x20000014})
close_range(r6, r7, 0x0)

33.533720834s ago: executing program 4 (id=482):
socket$inet6_sctp(0xa, 0x1, 0x84)
close(0x3)
socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x21, 0x0, 0x0)
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x14, 0x0, 0x0)
socket(0x1a, 0x80000, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400010bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000940)=ANY=[@ANYBLOB="500100001a000100000000000200000002001c1f0000c808fffeffea0800", @ANYRES32=r3, @ANYBLOB="06"], 0x150}, 0x1, 0x0, 0x0, 0x2000c094}, 0x4040080)

33.159370064s ago: executing program 1 (id=483):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
mknodat$loop(0xffffffffffffff9c, 0x0, 0x20, 0x1)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
read$FUSE(r0, &(0x7f0000001680)={0x2020, 0x0, 0x0, 0x0, 0x0, <r1=>0x0}, 0x2020)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002300), 0x2, 0x0)
setsockopt$RXRPC_SECURITY_KEYRING(0xffffffffffffffff, 0x110, 0x2, 0x0, 0x0)
getsockopt$inet6_mptcp_buf(0xffffffffffffffff, 0x11c, 0x2, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$COMEDI_DEVCONFIG(0xffffffffffffffff, 0x40946400, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(r1, 0x1, &(0x7f0000000000)=0x3)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = userfaultfd(0x801)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1000000, 0x5d032, 0xffffffffffffffff, 0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_MGMT_C_ADDDEF(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16, @ANYBLOB="01002dbd7000fcdbdf2504000031de1150ac8648903bbc12000800020007000000"], 0x24}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
r5 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000100))
ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5})
ioctl$UFFDIO_CONTINUE(r3, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})

33.017233647s ago: executing program 3 (id=484):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x109980, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_XCRS(r2, 0x4188aea7, 0x0)

31.990181323s ago: executing program 1 (id=485):
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000006c0)=[{{&(0x7f0000000300)=@abs={0x1, 0x0, 0x4e24}, 0x6e, &(0x7f00000004c0)=[{&(0x7f0000000380)}, {&(0x7f0000000100)="c47de5", 0x3}], 0x2, &(0x7f0000000500)=[@rights={{0x14, 0x1, 0x1, [r1]}}], 0x18, 0x40000}}, {{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000740)="9430335d1f9598776a2b5008b6", 0xd}], 0x1, &(0x7f0000000600)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xffffffffffffffff}}}], 0x20, 0x14}}], 0x2, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r2, &(0x7f0000000080)={0xa, 0x4e25}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
r3 = fcntl$dupfd(r2, 0x0, r2)
setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x2, &(0x7f0000000280)=@gcm_128={{0x303}, "ed197fbfb5c342b6", "28852cbbbeba35380ee5190047169f9d", "2eb387e0", "11edf8da8e55bb27"}, 0x28)
r4 = syz_io_uring_setup(0xb5c, &(0x7f0000000640)={0x0, 0x9916, 0x0, 0x0, 0x164, 0x0, r3}, &(0x7f0000000540)=<r5=>0x0, &(0x7f0000000480)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
fsetxattr$trusted_overlay_origin(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x3)
syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r2, 0x0, &(0x7f0000000580)=[{0x0}, {&(0x7f0000000880)=""/254, 0xfe}], 0x2})
io_uring_enter(r4, 0xf23, 0x0, 0xc, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8)

31.978906309s ago: executing program 0 (id=486):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f00000006c0)={0x4, 0x0, 0x0, 0x0, 0x132, 0x3})
ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000001900)={0x2, {0xc, 0x117, 0x5, 0x101, 0x200}})

31.689916625s ago: executing program 0 (id=487):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
rt_sigqueueinfo(0x0, 0x21, &(0x7f0000000040)={0x0, 0x0, 0xfffffffb})
r2 = socket$inet6(0xa, 0x3, 0xff)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f0000000000)={0x0, 0x3, &(0x7f00000000c0)={&(0x7f0000000340)={0x2, 0x5, 0x0, 0x2, 0xe, 0x0, 0x0, 0x7, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0xe, @in6={0xa, 0x4e24, 0xfffffffd, @private1, 0x8598}}, @sadb_sa={0x2, 0x1, 0x4d4, 0x0, 0x81}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x4e22, 0xfffff800, @private1={0xfc, 0x1, '\x00', 0x1}, 0x6}}]}, 0x70}, 0x1, 0x400000000000000}, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x7ffffffffffffffb)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f00000010c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000100000,user_id', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
write$FUSE_NOTIFY_POLL(0xffffffffffffffff, &(0x7f0000000200)={0x18, 0x1, 0x0, {0x876}}, 0x18)
syz_open_dev$sndctrl(&(0x7f0000000000), 0x2, 0xe8e80)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x22})
syz_emit_ethernet(0x2a, &(0x7f0000000000)=ANY=[], 0x0)
connect$inet6(r2, &(0x7f0000000480)={0xa, 0xfffe, 0x3, @mcast1, 0x5}, 0x1c)
syz_open_dev$vivid(&(0x7f0000000080), 0x0, 0x2)
r4 = dup2(r2, r2)
socket$inet6_udp(0xa, 0x2, 0x0)
futex(&(0x7f00000000c0)=0x1, 0xb, 0x2, 0x0, &(0x7f0000000140)=0x2, 0x1)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000180)={@mcast1, 0x8000000, 0x0, 0xff, 0x0, 0x4}, 0x20)
sendmmsg$unix(r4, &(0x7f0000008380), 0x400000000000174, 0x4008890)
r5 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r5, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x1}, 0x8)
syz_usb_connect(0x0, 0x36, 0x0, 0x0)
r6 = syz_open_dev$vbi(&(0x7f0000000140), 0x3, 0x2)
ioctl$VIDIOC_S_FMT(r6, 0xc0d05605, &(0x7f0000000040)={0x5, @pix_mp={0x8, 0x4000000, 0x55595659, 0x0, 0x3, [{0x1, 0x7}, {0x6}, {0x2, 0x6}, {0x101, 0x80007fff}, {0xffffff80, 0x9}, {0x2, 0x100003}, {0x6, 0xfff}, {0xa, 0x3ff}], 0xce, 0x1, 0x6, 0x3}})

31.502844348s ago: executing program 3 (id=488):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) (async)
r0 = syz_io_uring_setup(0x10c, &(0x7f00000000c0)={0x0, 0x8006d89, 0x400, 0x2, 0x66}, &(0x7f0000000400)=<r1=>0x0, &(0x7f0000000040)=<r2=>0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) (async)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) (async, rerun: 32)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) (rerun: 32)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) (async, rerun: 32)
r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0) (rerun: 32)
write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000040)={<r7=>0xffffffffffffffff}, 0x2, 0x6}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r6, &(0x7f0000000540)={0xe, 0x18, 0xfa00, @id_afonly={0x0, r7}}, 0x20) (async)
r8 = syz_init_net_socket$ax25(0x3, 0x2, 0xc4)
ioctl$SIOCAX25ADDUID(r8, 0x89e1, 0x0) (async)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) (async)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f00000004c0)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r9, 0x0, 0x0, 0x0, 0x100}) (async, rerun: 64)
socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64)
io_uring_enter(r0, 0x8aa, 0x0, 0x0, 0x0, 0x0) (async)
fchownat(0xffffffffffffff9c, 0x0, 0xee01, 0x0, 0x1000) (async, rerun: 32)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x2f00020b, 0xd, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b9", 0x0, 0x7515, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) (async, rerun: 32)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="220000000400000010000000"], 0x48)
r10 = socket(0x21, 0x800, 0x3)
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000080)=@o_path={&(0x7f0000000040)='./file0\x00', 0x0, 0x4000, r10}, 0x18)
r11 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0)={r11}, 0x4)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000100), 0x4)

0s ago: executing program 32 (id=487):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
rt_sigqueueinfo(0x0, 0x21, &(0x7f0000000040)={0x0, 0x0, 0xfffffffb})
r2 = socket$inet6(0xa, 0x3, 0xff)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f0000000000)={0x0, 0x3, &(0x7f00000000c0)={&(0x7f0000000340)={0x2, 0x5, 0x0, 0x2, 0xe, 0x0, 0x0, 0x7, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0xe, @in6={0xa, 0x4e24, 0xfffffffd, @private1, 0x8598}}, @sadb_sa={0x2, 0x1, 0x4d4, 0x0, 0x81}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x4e22, 0xfffff800, @private1={0xfc, 0x1, '\x00', 0x1}, 0x6}}]}, 0x70}, 0x1, 0x400000000000000}, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x7ffffffffffffffb)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f00000010c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000100000,user_id', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
write$FUSE_NOTIFY_POLL(0xffffffffffffffff, &(0x7f0000000200)={0x18, 0x1, 0x0, {0x876}}, 0x18)
syz_open_dev$sndctrl(&(0x7f0000000000), 0x2, 0xe8e80)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x22})
syz_emit_ethernet(0x2a, &(0x7f0000000000)=ANY=[], 0x0)
connect$inet6(r2, &(0x7f0000000480)={0xa, 0xfffe, 0x3, @mcast1, 0x5}, 0x1c)
syz_open_dev$vivid(&(0x7f0000000080), 0x0, 0x2)
r4 = dup2(r2, r2)
socket$inet6_udp(0xa, 0x2, 0x0)
futex(&(0x7f00000000c0)=0x1, 0xb, 0x2, 0x0, &(0x7f0000000140)=0x2, 0x1)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000180)={@mcast1, 0x8000000, 0x0, 0xff, 0x0, 0x4}, 0x20)
sendmmsg$unix(r4, &(0x7f0000008380), 0x400000000000174, 0x4008890)
r5 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r5, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x1}, 0x8)
syz_usb_connect(0x0, 0x36, 0x0, 0x0)
r6 = syz_open_dev$vbi(&(0x7f0000000140), 0x3, 0x2)
ioctl$VIDIOC_S_FMT(r6, 0xc0d05605, &(0x7f0000000040)={0x5, @pix_mp={0x8, 0x4000000, 0x55595659, 0x0, 0x3, [{0x1, 0x7}, {0x6}, {0x2, 0x6}, {0x101, 0x80007fff}, {0xffffff80, 0x9}, {0x2, 0x100003}, {0x6, 0xfff}, {0xa, 0x3ff}], 0xce, 0x1, 0x6, 0x3}})

kernel console output (not intermixed with test programs):

t mode
[  129.297827][ T6588] bridge_slave_1: left promiscuous mode
[  129.317197][  T791] usb 4-1: USB disconnect, device number 9
[  129.350606][ T5825] udevd[5825]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  129.370901][ T6588] bridge0: port 2(bridge_slave_1) entered disabled state
[  129.464192][ T6588] bridge_slave_0: left allmulticast mode
[  129.469880][ T6588] bridge_slave_0: left promiscuous mode
[  129.528468][ T6588] bridge0: port 1(bridge_slave_0) entered disabled state
[  129.546606][ T5929] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  130.220332][ T5929] usb 5-1: Using ep0 maxpacket: 32
[  130.258171][ T5929] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  130.294391][ T5929] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  130.362469][ T5929] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  130.390392][ T5934] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  130.408798][ T5929] usb 5-1: config 0 descriptor??
[  130.446216][ T5929] hub 5-1:0.0: USB hub found
[  130.632826][ T5934] usb 4-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xCE, changing to 0x8E
[  130.663383][ T5934] usb 4-1: New USB device found, idVendor=2a39, idProduct=3fd4, bcdDevice= 0.40
[  130.673086][ T5934] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  130.683072][ T5934] usb 4-1: Product: syz
[  130.700546][ T5934] usb 4-1: Manufacturer: syz
[  130.780463][ T5929] hub 5-1:0.0: 1 port detected
[  130.790401][ T5934] usb 4-1: SerialNumber: syz
[  131.088895][   T30] audit: type=1400 audit(131.060:262): avc:  denied  { append } for  pid=6599 comm="syz.2.138" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  131.279442][ T6581] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=27 sclass=netlink_route_socket pid=6581 comm=syz.4.133
[  131.329600][ T6581] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65 sclass=netlink_route_socket pid=6581 comm=syz.4.133
[  131.342080][ T6581] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=56 sclass=netlink_route_socket pid=6581 comm=syz.4.133
[  131.356615][ T6581] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=51 sclass=netlink_route_socket pid=6581 comm=syz.4.133
[  131.378103][ T5929] usb 5-1: USB disconnect, device number 3
[  131.682865][ T6609] syz.2.139 (6609): drop_caches: 2
[  131.705496][ T6610] syz.2.139 (6610): drop_caches: 2
[  132.041921][   T30] audit: type=1400 audit(132.020:263): avc:  denied  { write } for  pid=6619 comm="syz.4.142" name="arp" dev="proc" ino=4026533038 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1
[  132.693528][ T5934] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  132.713051][ T5934] usb 4-1: MIDIStreaming interface descriptor not found
[  132.849677][ T5934] usb 4-1: USB disconnect, device number 10
[  132.886229][   T30] audit: type=1400 audit(132.860:264): avc:  denied  { relabelfrom } for  pid=6628 comm="syz.1.144" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  133.060948][   T30] audit: type=1400 audit(132.900:265): avc:  denied  { bind } for  pid=6626 comm="syz.3.143" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  133.080732][   T30] audit: type=1400 audit(132.900:266): avc:  denied  { setopt } for  pid=6626 comm="syz.3.143" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  133.100853][   T30] audit: type=1400 audit(132.920:267): avc:  denied  { relabelto } for  pid=6628 comm="syz.1.144" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  133.308241][   T30] audit: type=1400 audit(132.930:268): avc:  denied  { map } for  pid=6626 comm="syz.3.143" path="/dev/dri/card0" dev="devtmpfs" ino=627 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  133.340516][   T30] audit: type=1400 audit(132.930:269): avc:  denied  { execute } for  pid=6626 comm="syz.3.143" path="/dev/dri/card0" dev="devtmpfs" ino=627 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  133.498218][   T30] audit: type=1400 audit(133.470:270): avc:  denied  { execute } for  pid=6637 comm="syz.0.146" path="/25/cpu.stat" dev="tmpfs" ino=148 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  133.830743][   T30] audit: type=1400 audit(133.800:271): avc:  denied  { create } for  pid=6641 comm="syz.0.147" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  133.880802][   T30] audit: type=1400 audit(133.800:272): avc:  denied  { write } for  pid=6641 comm="syz.0.147" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  134.475674][ T6663] netlink: 64 bytes leftover after parsing attributes in process `syz.1.152'.
[  134.682789][ T5934] usb 4-1: new full-speed USB device number 11 using dummy_hcd
[  134.995319][ T6667] fuse: Bad value for 'fd'
[  135.077645][ T5934] usb 4-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice=5f.b1
[  135.092890][ T5934] usb 4-1: New USB device strings: Mfr=137, Product=72, SerialNumber=3
[  135.107665][ T5934] usb 4-1: Product: syz
[  135.121987][ T5934] usb 4-1: Manufacturer: syz
[  135.130183][ T5934] usb 4-1: SerialNumber: syz
[  135.180921][ T5934] usb 4-1: config 0 descriptor??
[  135.196297][ T6669] FAULT_INJECTION: forcing a failure.
[  135.196297][ T6669] name failslab, interval 1, probability 0, space 0, times 0
[  135.222715][ T5934] dvb-usb: found a 'Nebula Electronics uDigiTV DVB-T USB2.0)' in warm state.
[  135.252194][ T5934] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  135.265408][ T6669] CPU: 0 UID: 0 PID: 6669 Comm: syz.2.154 Not tainted syzkaller #0 PREEMPT(full) 
[  135.265430][ T6669] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  135.265440][ T6669] Call Trace:
[  135.265445][ T6669]  <TASK>
[  135.265451][ T6669]  dump_stack_lvl+0x100/0x190
[  135.265484][ T6669]  should_fail_ex.cold+0x5/0xa
[  135.265505][ T6669]  ? tomoyo_encode2+0xfb/0x3c0
[  135.265525][ T6669]  should_failslab+0xc2/0x120
[  135.265552][ T6669]  __kmalloc_noprof+0xe0/0x850
[  135.265574][ T6669]  ? d_absolute_path+0x136/0x1b0
[  135.265602][ T6669]  tomoyo_encode2+0xfb/0x3c0
[  135.265626][ T6669]  tomoyo_encode+0x29/0x50
[  135.265644][ T6669]  tomoyo_realpath_from_path+0x18c/0x690
[  135.265671][ T6669]  tomoyo_path_number_perm+0x23c/0x580
[  135.265698][ T6669]  ? tomoyo_path_number_perm+0x22e/0x580
[  135.265727][ T6669]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  135.265780][ T6669]  ? find_held_lock+0x2b/0x80
[  135.265801][ T6669]  ? __fget_files+0x215/0x3d0
[  135.265816][ T6669]  ? hook_file_ioctl_common+0x146/0x410
[  135.265845][ T6669]  ? __fget_files+0x21f/0x3d0
[  135.265867][ T6669]  security_file_ioctl+0xd3/0x230
[  135.265887][ T6669]  __x64_sys_ioctl+0xb7/0x210
[  135.265913][ T6669]  do_syscall_64+0x106/0xf80
[  135.265930][ T6669]  ? clear_bhb_loop+0x40/0x90
[  135.265953][ T6669]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  135.265970][ T6669] RIP: 0033:0x7f1cde19c799
[  135.265985][ T6669] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  135.266000][ T6669] RSP: 002b:00007f1cdf0a5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  135.266017][ T6669] RAX: ffffffffffffffda RBX: 00007f1cde415fa0 RCX: 00007f1cde19c799
[  135.266028][ T6669] RDX: 0000200000000240 RSI: 0000000000003b70 RDI: 0000000000000003
[  135.266038][ T6669] RBP: 00007f1cdf0a5090 R08: 0000000000000000 R09: 0000000000000000
[  135.266048][ T6669] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  135.266057][ T6669] R13: 00007f1cde416038 R14: 00007f1cde415fa0 R15: 00007ffe12ce00c8
[  135.266082][ T6669]  </TASK>
[  135.488627][ T5934] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0) error while loading driver (-19)
[  135.511140][ T6669] ERROR: Out of memory at tomoyo_realpath_from_path.
[  137.462149][ T6681] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  137.727606][ T6698] lo: entered allmulticast mode
[  137.760594][   T30] kauditd_printk_skb: 9 callbacks suppressed
[  137.760606][   T30] audit: type=1400 audit(137.700:282): avc:  denied  { setopt } for  pid=6682 comm="syz.4.158" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  137.931795][  T791] usb 4-1: USB disconnect, device number 11
[  138.026089][   T30] audit: type=1400 audit(138.000:283): avc:  denied  { bind } for  pid=6702 comm="syz.3.162" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  138.029803][ T6703] netlink: 72 bytes leftover after parsing attributes in process `syz.3.162'.
[  138.132373][ T6706] netdevsim netdevsim0 netdevsim0: entered allmulticast mode
[  138.354702][   T30] audit: type=1400 audit(138.000:284): avc:  denied  { setopt } for  pid=6702 comm="syz.3.162" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  139.109976][   T30] audit: type=1400 audit(139.080:285): avc:  denied  { connect } for  pid=6710 comm="syz.1.164" lport=7 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  139.653133][ T5822] Bluetooth: hci3: unexpected event 0x01 length: 10 > 1
[  139.723043][ T6716] netlink: 68 bytes leftover after parsing attributes in process `syz.0.165'.
[  140.230376][  T791] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  140.382028][  T791] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  140.470075][  T791] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  140.574870][  T791] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66
[  140.612656][  T791] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  140.647214][  T791] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  140.694102][  T791] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  140.720381][  T791] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  140.760943][  T791] usb 3-1: Product: syz
[  140.776355][  T791] usb 3-1: Manufacturer: syz
[  140.808017][  T791] cdc_wdm 3-1:1.0: skipping garbage
[  140.835445][  T791] cdc_wdm 3-1:1.0: skipping garbage
[  140.865265][  T791] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device
[  140.905740][  T791] cdc_wdm 3-1:1.0: Unknown control protocol
[  141.085037][   T30] audit: type=1400 audit(141.060:286): avc:  denied  { create } for  pid=6728 comm="syz.4.169" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  141.213200][  T791] usb 3-1: USB disconnect, device number 7
[  141.592844][   T30] audit: type=1400 audit(141.570:287): avc:  denied  { shutdown } for  pid=6720 comm="syz.2.167" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  142.650434][   T29] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  142.706977][ T6743] netlink: 4 bytes leftover after parsing attributes in process `syz.0.172'.
[  142.809923][ T6743] team0: Port device team_slave_0 removed
[  142.821332][   T29] usb 2-1: Using ep0 maxpacket: 32
[  142.874063][   T29] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  142.918718][   T29] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  142.946378][   T29] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  143.012116][   T29] usb 2-1: config 0 descriptor??
[  143.033484][   T29] hub 2-1:0.0: USB hub found
[  143.300099][   T29] hub 2-1:0.0: 1 port detected
[  143.747715][ T6737] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=27 sclass=netlink_route_socket pid=6737 comm=syz.1.170
[  143.850967][ T6753] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  144.263258][ T6737] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65 sclass=netlink_route_socket pid=6737 comm=syz.1.170
[  144.285921][ T6737] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=56 sclass=netlink_route_socket pid=6737 comm=syz.1.170
[  144.286413][   T30] audit: type=1400 audit(143.850:288): avc:  denied  { write } for  pid=6748 comm="syz.3.173" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  144.480396][ T6737] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=51 sclass=netlink_route_socket pid=6737 comm=syz.1.170
[  144.521983][   T29] usb 2-1: USB disconnect, device number 5
[  144.818837][   T30] audit: type=1400 audit(144.790:289): avc:  denied  { create } for  pid=6759 comm="syz.4.176" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  144.912409][   T30] audit: type=1400 audit(144.880:290): avc:  denied  { lock } for  pid=6759 comm="syz.4.176" path="socket:[12410]" dev="sockfs" ino=12410 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1
[  145.047417][ T6763] netlink: 8 bytes leftover after parsing attributes in process `syz.4.176'.
[  145.050375][   T29] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  145.080956][ T6763] netlink: 4 bytes leftover after parsing attributes in process `syz.4.176'.
[  145.091291][ T6763] netlink: 'syz.4.176': attribute type 11 has an invalid length.
[  145.150362][   T30] audit: type=1400 audit(145.120:291): avc:  denied  { read write } for  pid=6764 comm="syz.1.178" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  145.196264][   T30] audit: type=1400 audit(145.120:292): avc:  denied  { open } for  pid=6764 comm="syz.1.178" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  145.290582][ T6763] netlink: 'syz.4.176': attribute type 7 has an invalid length.
[  145.320341][   T29] usb 3-1: Using ep0 maxpacket: 8
[  145.338969][   T29] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  145.371788][   T29] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  145.388203][   T29] usb 3-1: Product: syz
[  145.393782][   T29] usb 3-1: Manufacturer: syz
[  145.398377][   T29] usb 3-1: SerialNumber: syz
[  145.515634][   T29] usb 3-1: config 0 descriptor??
[  145.711501][ T6786] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  145.721159][ T6786] netlink: 8 bytes leftover after parsing attributes in process `syz.3.175'.
[  145.859040][   T29] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  146.398747][ T6794] kernel profiling enabled (shift: 9)
[  146.768295][ T6760] netlink: 'syz.2.177': attribute type 12 has an invalid length.
[  146.777467][   T30] audit: type=1400 audit(146.740:293): avc:  denied  { ioctl } for  pid=6758 comm="syz.2.177" path="socket:[12446]" dev="sockfs" ino=12446 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  148.185870][   T29] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -110
[  148.838465][ T6807] FAULT_INJECTION: forcing a failure.
[  148.838465][ T6807] name failslab, interval 1, probability 0, space 0, times 0
[  148.889450][ T6807] CPU: 1 UID: 0 PID: 6807 Comm: syz.4.187 Not tainted syzkaller #0 PREEMPT(full) 
[  148.889469][ T6807] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  148.889476][ T6807] Call Trace:
[  148.889480][ T6807]  <TASK>
[  148.889485][ T6807]  dump_stack_lvl+0x100/0x190
[  148.889507][ T6807]  should_fail_ex.cold+0x5/0xa
[  148.889521][ T6807]  ? tomoyo_encode2+0xfb/0x3c0
[  148.889533][ T6807]  should_failslab+0xc2/0x120
[  148.889551][ T6807]  __kmalloc_noprof+0xe0/0x850
[  148.889565][ T6807]  ? d_absolute_path+0x136/0x1b0
[  148.889583][ T6807]  tomoyo_encode2+0xfb/0x3c0
[  148.889598][ T6807]  tomoyo_encode+0x29/0x50
[  148.889609][ T6807]  tomoyo_realpath_from_path+0x18c/0x690
[  148.889626][ T6807]  tomoyo_path_number_perm+0x23c/0x580
[  148.889643][ T6807]  ? tomoyo_path_number_perm+0x22e/0x580
[  148.889662][ T6807]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  148.889694][ T6807]  ? find_held_lock+0x2b/0x80
[  148.889707][ T6807]  ? __fget_files+0x215/0x3d0
[  148.889717][ T6807]  ? hook_file_ioctl_common+0x146/0x410
[  148.889735][ T6807]  ? __fget_files+0x21f/0x3d0
[  148.889747][ T6807]  security_file_ioctl+0xd3/0x230
[  148.889760][ T6807]  __x64_sys_ioctl+0xb7/0x210
[  148.889777][ T6807]  do_syscall_64+0x106/0xf80
[  148.889788][ T6807]  ? clear_bhb_loop+0x40/0x90
[  148.889802][ T6807]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  148.889819][ T6807] RIP: 0033:0x7fabae59c799
[  148.889833][ T6807] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  148.889848][ T6807] RSP: 002b:00007fabac7f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  148.889863][ T6807] RAX: ffffffffffffffda RBX: 00007fabae815fa0 RCX: 00007fabae59c799
[  148.889870][ T6807] RDX: 0000200000000200 RSI: 0000000000005412 RDI: 0000000000000006
[  148.889876][ T6807] RBP: 00007fabac7f6090 R08: 0000000000000000 R09: 0000000000000000
[  148.889882][ T6807] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  148.889888][ T6807] R13: 00007fabae816038 R14: 00007fabae815fa0 R15: 00007ffd2bcb5c48
[  148.889902][ T6807]  </TASK>
[  149.098210][ T6807] ERROR: Out of memory at tomoyo_realpath_from_path.
[  149.229571][  T791] usb 3-1: USB disconnect, device number 8
[  149.582330][ T6822] netlink: 4 bytes leftover after parsing attributes in process `syz.1.191'.
[  149.908670][   T29] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  149.937877][ T6822] team0: Port device team_slave_0 removed
[  150.380414][   T29] usb 5-1: Using ep0 maxpacket: 16
[  150.412387][   T29] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  150.450424][   T29] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  150.468701][   T29] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  150.522645][   T29] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  150.540572][   T29] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  150.560361][   T29] usb 5-1: Product: syz
[  150.564547][   T29] usb 5-1: Manufacturer: syz
[  150.628029][   T29] usb 5-1: SerialNumber: syz
[  150.735747][   T30] audit: type=1400 audit(150.690:294): avc:  denied  { write } for  pid=6828 comm="syz.3.185" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  150.770433][ T6836] faux_driver vgem: [drm] Unknown color mode 13; guessing buffer size.
[  150.789655][   T30] audit: type=1400 audit(150.700:295): avc:  denied  { remount } for  pid=6827 comm="syz.2.194" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[  150.967562][   T29] usb 5-1: 0:2 : does not exist
[  150.976163][   T29] usb 5-1: 1:0: cannot get min/max values for control 4 (id 1)
[  151.217750][   T30] audit: type=1400 audit(151.190:296): avc:  denied  { read } for  pid=6847 comm="syz.2.199" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  151.531585][   T29] usb 5-1: USB disconnect, device number 4
[  151.776752][ T5825] udevd[5825]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  151.870394][ T5893] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  152.010450][   T29] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  152.103200][ T5893] usb 3-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43
[  152.141846][ T5893] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  152.191724][   T29] usb 5-1: config index 0 descriptor too short (expected 23569, got 27)
[  152.209094][ T5893] usb 3-1: config 0 descriptor??
[  152.214143][   T29] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  152.235114][ T5893] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state.
[  152.251511][   T29] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  152.439202][ T5893] gp8psk: usb in 128 operation failed.
[  152.456804][   T29] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  152.481783][   T29] usb 5-1: Manufacturer: syz
[  152.547098][   T29] usb 5-1: config 0 descriptor??
[  152.648274][ T5893] gp8psk: FW Version = 203.38.133 (0xcb2685)  Build 2020/164/04
[  152.700415][   T29] rc_core: IR keymap rc-hauppauge not found
[  152.706469][   T29] Registered IR keymap rc-empty
[  152.713967][   T29] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0
[  152.762803][   T29] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input5
[  152.851426][ T5893] gp8psk: usb in 149 operation failed.
[  152.859163][ T5893] gp8psk: failed to get FPGA version
[  152.873901][ T5893] gp8psk: usb in 138 operation failed.
[  152.899631][ T5893] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  152.963734][ T6875] netlink: 68 bytes leftover after parsing attributes in process `syz.3.202'.
[  152.980796][ T5822] Bluetooth: hci1: unexpected event 0x05 length: 11 > 4
[  152.993235][ T5893] dvbdev: DVB: registering new adapter (Genpix SkyWalker-1 DVB-S receiver)
[  153.053668][    C1] igorplugusb 5-1:0.0: receive overflow, at least 35 lost
[  153.082040][ T5893] usb 3-1: media controller created
[  153.193031][ T5893] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  153.246327][ T5893] gp8psk_fe: Frontend attached
[  153.261030][ T5893] usb 3-1: DVB: registering adapter 1 frontend 0 (Genpix DVB-S)...
[  153.263817][ T6851] =======================================================
[  153.263817][ T6851] WARNING: The mand mount option has been deprecated and
[  153.263817][ T6851]          and is ignored by this kernel. Remove the mand
[  153.263817][ T6851]          option from the mount to silence this warning.
[  153.263817][ T6851] =======================================================
[  153.321292][ T5893] dvbdev: dvb_create_media_entity: media entity 'Genpix DVB-S' registered.
[  153.507009][   T29] usb 5-1: USB disconnect, device number 5
[  153.589390][ T5893] gp8psk: usb in 138 operation failed.
[  153.606200][ T5893] dvb-usb: Genpix SkyWalker-1 DVB-S receiver successfully initialized and connected.
[  153.629977][ T5893] gp8psk: found Genpix USB device pID = 203 (hex)
[  153.630419][    T9] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  153.740187][ T5893] usb 3-1: USB disconnect, device number 9
[  153.862349][   T30] audit: type=1400 audit(153.830:297): avc:  denied  { setopt } for  pid=6878 comm="syz.2.204" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  154.245244][   T30] audit: type=1400 audit(153.830:298): avc:  denied  { connect } for  pid=6878 comm="syz.2.204" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  154.372158][ T5893] dvb-usb: Genpix SkyWalker-1 DVB-S receiver successfully deinitialized and disconnected.
[  154.403790][    T9] usb 2-1: config 1 has an invalid interface number: 7 but max is 0
[  154.504547][    T9] usb 2-1: config 1 has no interface number 0
[  154.599476][    T9] usb 2-1: config 1 interface 7 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B
[  154.728245][    T9] usb 2-1: config 1 interface 7 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64
[  154.871299][    T9] usb 2-1: config 1 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  154.896972][    T9] usb 2-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00
[  154.909896][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  154.975834][ T6892] netlink: 8 bytes leftover after parsing attributes in process `syz.2.208'.
[  155.292529][    T9] usb 2-1: Product: syz
[  155.297054][    T9] usb 2-1: Manufacturer: syz
[  155.303850][    T9] usb 2-1: SerialNumber: syz
[  155.405521][ T6877] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  155.799052][ T6898] FAULT_INJECTION: forcing a failure.
[  155.799052][ T6898] name failslab, interval 1, probability 0, space 0, times 0
[  155.811870][ T6898] CPU: 0 UID: 0 PID: 6898 Comm: syz.4.209 Not tainted syzkaller #0 PREEMPT(full) 
[  155.811893][ T6898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  155.811903][ T6898] Call Trace:
[  155.811910][ T6898]  <TASK>
[  155.811917][ T6898]  dump_stack_lvl+0x100/0x190
[  155.811949][ T6898]  should_fail_ex.cold+0x5/0xa
[  155.811971][ T6898]  should_failslab+0xc2/0x120
[  155.811998][ T6898]  __kmalloc_cache_noprof+0x7a/0x6f0
[  155.812017][ T6898]  ? llc_sap_open+0x120/0x3b0
[  155.812042][ T6898]  llc_sap_open+0x120/0x3b0
[  155.812058][ T6898]  ? llc_ui_autoport+0xf6/0x180
[  155.812086][ T6898]  llc_ui_autobind.isra.0+0x2ae/0x510
[  155.812108][ T6898]  llc_ui_connect+0x57c/0xd50
[  155.812125][ T6898]  ? selinux_netlbl_socket_connect+0x30/0x40
[  155.812144][ T6898]  ? find_held_lock+0x2b/0x80
[  155.812165][ T6898]  ? selinux_netlbl_socket_connect+0x30/0x40
[  155.812185][ T6898]  ? __pfx_llc_ui_connect+0x10/0x10
[  155.812201][ T6898]  ? __local_bh_enable_ip+0x9e/0x120
[  155.812223][ T6898]  ? lockdep_hardirqs_on+0x78/0x100
[  155.812240][ T6898]  ? selinux_netlbl_socket_connect+0x30/0x40
[  155.812258][ T6898]  ? __local_bh_enable_ip+0x9e/0x120
[  155.812279][ T6898]  ? selinux_netlbl_socket_connect+0x30/0x40
[  155.812299][ T6898]  ? selinux_socket_connect+0x6b/0x80
[  155.812336][ T6898]  ? __pfx_llc_ui_connect+0x10/0x10
[  155.812350][ T6898]  __sys_connect_file+0x141/0x1a0
[  155.812379][ T6898]  __sys_connect+0x141/0x170
[  155.812403][ T6898]  ? __pfx___sys_connect+0x10/0x10
[  155.812426][ T6898]  ? __fget_files+0x21f/0x3d0
[  155.812452][ T6898]  ? __pfx_ksys_write+0x10/0x10
[  155.812482][ T6898]  __x64_sys_connect+0x72/0xb0
[  155.812506][ T6898]  ? lockdep_hardirqs_on+0x78/0x100
[  155.812523][ T6898]  do_syscall_64+0x106/0xf80
[  155.812539][ T6898]  ? clear_bhb_loop+0x40/0x90
[  155.812561][ T6898]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  155.812579][ T6898] RIP: 0033:0x7fabae59c799
[  155.812593][ T6898] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  155.812609][ T6898] RSP: 002b:00007fabac7b4028 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  155.812627][ T6898] RAX: ffffffffffffffda RBX: 00007fabae816180 RCX: 00007fabae59c799
[  155.812638][ T6898] RDX: 0000000000000010 RSI: 0000200000000000 RDI: 0000000000000008
[  155.812648][ T6898] RBP: 00007fabac7b4090 R08: 0000000000000000 R09: 0000000000000000
[  155.812658][ T6898] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  155.812667][ T6898] R13: 00007fabae816218 R14: 00007fabae816180 R15: 00007ffd2bcb5c48
[  155.812691][ T6898]  </TASK>
[  156.504032][ T6905] netlink: 68 bytes leftover after parsing attributes in process `syz.2.210'.
[  156.575249][ T5822] Bluetooth: hci3: unexpected event 0x05 length: 11 > 4
[  156.763217][ T6877] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  156.873766][ T6910] netlink: 16 bytes leftover after parsing attributes in process `syz.4.213'.
[  156.885526][ T6910] bond0: entered promiscuous mode
[  156.890633][ T6910] bond_slave_0: entered promiscuous mode
[  156.896333][ T6910] bond_slave_1: entered promiscuous mode
[  156.902861][ T6910] gretap0: entered promiscuous mode
[  156.908604][ T6910] debugfs: 'hsr1' already exists in 'hsr'
[  156.914336][ T6910] Cannot create hsr debugfs directory
[  156.919687][ T6910] hsr1: entered promiscuous mode
[  157.149214][    T9] sierra_net 2-1:1.7 wwan0: register 'sierra_net' at usb-dummy_hcd.1-1, Sierra Wireless USB-to-WWAN Modem, 00:00:00:00:02:07
[  157.240893][ T5893] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  157.384295][    T9] sierra_net 2-1:1.7 wwan0: Submit SYNC failed -71
[  157.400459][ T5893] usb 4-1: Using ep0 maxpacket: 32
[  157.419801][ T5893] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  157.457674][ T5893] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  157.483481][ T5893] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  157.506065][    T9] sierra_net 2-1:1.7 wwan0: Send SYNC failed, status -71
[  157.540923][ T5893] usb 4-1: config 0 descriptor??
[  157.589491][ T5893] hub 4-1:0.0: USB hub found
[  157.719940][    T9] sierra_net 2-1:1.7 wwan0: Submit SYNC failed -71
[  157.743752][    T9] sierra_net 2-1:1.7 wwan0: Send SYNC failed, status -71
[  157.809177][    T9] usb 2-1: USB disconnect, device number 6
[  157.831651][    T9] sierra_net 2-1:1.7 wwan0: unregister 'sierra_net' usb-dummy_hcd.1-1, Sierra Wireless USB-to-WWAN Modem
[  157.939626][ T5893] hub 4-1:0.0: 1 port detected
[  157.998493][   T30] audit: type=1400 audit(157.970:299): avc:  denied  { read } for  pid=6919 comm="syz.4.214" lport=1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  158.095599][   T30] audit: type=1400 audit(158.000:300): avc:  denied  { name_connect } for  pid=6919 comm="syz.4.214" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=sctp_socket permissive=1
[  158.155249][   T30] audit: type=1400 audit(158.130:301): avc:  denied  { read open } for  pid=6927 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1842 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  158.216462][   T30] audit: type=1400 audit(158.130:302): avc:  denied  { getattr } for  pid=6927 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1842 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  158.342965][ T6911] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=27 sclass=netlink_route_socket pid=6911 comm=syz.3.212
[  158.393055][ T6911] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65 sclass=netlink_route_socket pid=6911 comm=syz.3.212
[  158.406571][ T6911] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=56 sclass=netlink_route_socket pid=6911 comm=syz.3.212
[  158.422262][ T6911] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=51 sclass=netlink_route_socket pid=6911 comm=syz.3.212
[  158.450675][ T5893] usb 4-1: USB disconnect, device number 12
[  158.781630][    T9] sierra_net 2-1:1.7 wwan0 (unregistered): usb_control_msg failed, status -19
[  158.987522][   T30] audit: type=1400 audit(158.960:303): avc:  denied  { add_name } for  pid=6926 comm="dhcpcd-run-hook" name="resolv.conf.wwan0.link" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  159.329068][ T6949] netlink: 16 bytes leftover after parsing attributes in process `syz.0.218'.
[  159.364556][   T30] audit: type=1400 audit(159.300:304): avc:  denied  { ioctl } for  pid=6946 comm="syz.0.218" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=13395 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  159.390375][ T5893] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  159.649593][ T5893] usb 5-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  159.837259][ T5893] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  160.079292][ T5893] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  160.156656][ T5893] usb 5-1: SerialNumber: syz
[  160.527644][   T30] audit: type=1400 audit(160.500:305): avc:  denied  { setopt } for  pid=6956 comm="syz.0.220" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  160.898195][ T5893] cdc_ether 5-1:1.0 usb0: register 'cdc_ether' at usb-dummy_hcd.4-1, CDC Ethernet Device, 42:42:42:42:42:42
[  161.349824][ T5893] usb 5-1: USB disconnect, device number 6
[  161.370923][ T5893] cdc_ether 5-1:1.0 usb0: unregister 'cdc_ether' usb-dummy_hcd.4-1, CDC Ethernet Device
[  162.413329][ T6980] netlink: 8 bytes leftover after parsing attributes in process `syz.3.221'.
[  162.935785][   T30] audit: type=1400 audit(162.910:306): avc:  denied  { ioctl } for  pid=6982 comm="syz.0.222" path="socket:[13512]" dev="sockfs" ino=13512 ioctlcmd=0x48cb scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  162.985875][ T6989] fuse: Invalid rootmode
[  163.021316][ T5822] Bluetooth: hci0: Malformed LE Event: 0x1b
[  163.250147][ T6995] FAULT_INJECTION: forcing a failure.
[  163.250147][ T6995] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  163.263678][ T6995] CPU: 0 UID: 0 PID: 6995 Comm: syz.2.224 Not tainted syzkaller #0 PREEMPT(full) 
[  163.263701][ T6995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  163.263708][ T6995] Call Trace:
[  163.263712][ T6995]  <TASK>
[  163.263716][ T6995]  dump_stack_lvl+0x100/0x190
[  163.263738][ T6995]  should_fail_ex.cold+0x5/0xa
[  163.263752][ T6995]  _copy_from_user+0x2e/0xd0
[  163.263768][ T6995]  sg_write+0x745/0xdb0
[  163.263783][ T6995]  ? __pfx_sg_write+0x10/0x10
[  163.263797][ T6995]  ? find_held_lock+0x2b/0x80
[  163.263811][ T6995]  ? __schedule+0x2fa6/0x60e0
[  163.263839][ T6995]  ? bpf_lsm_file_permission+0x9/0x10
[  163.263855][ T6995]  ? security_file_permission+0x76/0x210
[  163.263869][ T6995]  ? rw_verify_area+0xce/0x6d0
[  163.263885][ T6995]  vfs_write+0x2aa/0x1070
[  163.263901][ T6995]  ? __pfx_sg_write+0x10/0x10
[  163.263913][ T6995]  ? irqentry_exit+0x180/0x670
[  163.263923][ T6995]  ? lockdep_hardirqs_on+0x78/0x100
[  163.263934][ T6995]  ? __pfx_vfs_write+0x10/0x10
[  163.263956][ T6995]  ? fdget_pos+0x2e2/0x380
[  163.263969][ T6995]  ksys_write+0x12a/0x250
[  163.263985][ T6995]  ? __pfx_ksys_write+0x10/0x10
[  163.264009][ T6995]  do_syscall_64+0x106/0xf80
[  163.264020][ T6995]  ? clear_bhb_loop+0x40/0x90
[  163.264033][ T6995]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  163.264044][ T6995] RIP: 0033:0x7f1cde19c799
[  163.264054][ T6995] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  163.264064][ T6995] RSP: 002b:00007f1cdf063028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  163.264076][ T6995] RAX: ffffffffffffffda RBX: 00007f1cde416180 RCX: 00007f1cde19c799
[  163.264083][ T6995] RDX: 0000000000000038 RSI: 00002000000005c0 RDI: 0000000000000008
[  163.264089][ T6995] RBP: 00007f1cdf063090 R08: 0000000000000000 R09: 0000000000000000
[  163.264095][ T6995] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  163.264101][ T6995] R13: 00007f1cde416218 R14: 00007f1cde416180 R15: 00007ffe12ce00c8
[  163.264115][ T6995]  </TASK>
[  163.863672][   T30] audit: type=1400 audit(163.840:307): avc:  denied  { read write } for  pid=6996 comm="syz.1.227" name="rdma_cm" dev="devtmpfs" ino=1271 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1
[  163.944076][ T7003] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  164.486366][ T7002] pimreg: entered allmulticast mode
[  164.549033][   T30] audit: type=1400 audit(163.840:308): avc:  denied  { open } for  pid=6996 comm="syz.1.227" path="/dev/infiniband/rdma_cm" dev="devtmpfs" ino=1271 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1
[  164.726723][ T7002] pimreg: left allmulticast mode
[  164.960365][   T29] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  165.181054][   T29] usb 5-1: Using ep0 maxpacket: 32
[  165.200029][   T29] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  165.280510][ T6986] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  165.450468][   T29] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  165.494682][   T29] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  165.576210][   T29] usb 5-1: config 0 descriptor??
[  165.623410][   T29] hub 5-1:0.0: USB hub found
[  165.962063][   T29] hub 5-1:0.0: 1 port detected
[  165.963540][ T7026] zonefs (nullb0) ERROR: Not a zoned block device
[  166.389371][ T7032] netlink: 40 bytes leftover after parsing attributes in process `syz.1.232'.
[  166.453071][ T7034] netlink: 12 bytes leftover after parsing attributes in process `syz.1.232'.
[  166.476728][ T7001] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=27 sclass=netlink_route_socket pid=7001 comm=syz.4.226
[  166.489275][ T7001] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65 sclass=netlink_route_socket pid=7001 comm=syz.4.226
[  166.539942][ T7001] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=56 sclass=netlink_route_socket pid=7001 comm=syz.4.226
[  166.574304][ T7001] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=51 sclass=netlink_route_socket pid=7001 comm=syz.4.226
[  166.604270][ T7032] xt_hashlimit: overflow, try lower: 3/0
[  166.698035][   T30] audit: type=1400 audit(166.570:309): avc:  denied  { read } for  pid=7033 comm="syz.0.233" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  166.721870][   T30] audit: type=1400 audit(166.580:310): avc:  denied  { ioctl } for  pid=7031 comm="syz.1.232" path="/dev/vhost-net" dev="devtmpfs" ino=1274 ioctlcmd=0xaf30 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[  166.802644][   T29] usb 5-1: USB disconnect, device number 7
[  167.130366][ T7045] netlink: 8 bytes leftover after parsing attributes in process `syz.0.235'.
[  168.111494][ T7056] netlink: 8 bytes leftover after parsing attributes in process `syz.0.238'.
[  168.120546][ T7056] netlink: 4 bytes leftover after parsing attributes in process `syz.0.238'.
[  168.130377][ T7056] netlink: 'syz.0.238': attribute type 11 has an invalid length.
[  168.141079][ T7056] netlink: 'syz.0.238': attribute type 7 has an invalid length.
[  168.330869][ T1890] usb 5-1: new full-speed USB device number 8 using dummy_hcd
[  168.522917][ T1890] usb 5-1: unable to get BOS descriptor or descriptor too short
[  168.564266][ T1890] usb 5-1: not running at top speed; connect to a high speed hub
[  168.581845][ T1890] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 120, changing to 4
[  168.608446][ T1890] usb 5-1: New USB device found, idVendor=0b05, idProduct=1743, bcdDevice= 0.40
[  168.765304][ T1890] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  168.786689][ T7060] loop3: detected capacity change from 0 to 7
[  168.795563][ T7060] Dev loop3: unable to read RDB block 7
[  168.801697][ T7060]  loop3: unable to read partition table
[  168.801695][ T1890] usb 5-1: Product: Б
[  168.801713][ T1890] usb 5-1: Manufacturer: І
[  168.807448][ T7060] loop3: partition table beyond EOD, truncated
[  168.840922][ T1890] usb 5-1: SerialNumber: �
[  168.855453][ T7060] loop_reread_partitions: partition scan of loop3 (þ被xü—ŸÑà– ) failed (rc=-5)
[  169.405391][ T7055] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  169.450775][ T7055] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  169.545906][ T1890] usb 5-1: 1:1 : unknown format tag 0x5 is detected.  processed as MPEG.
[  169.578154][ T1890] usb 5-1: found format II with max.bitrate = 512, frame size=4095
[  170.024330][ T1890] usb 5-1: 1:1 : unknown format tag 0x5 is detected.  processed as MPEG.
[  170.057327][ T1890] usb 5-1: found format II with max.bitrate = 512, frame size=4095
[  170.076071][ T1890] usb 5-1: 2:1: invalid format type 0x1002 is detected, processed as PCM
[  170.114487][ T7075] FAULT_INJECTION: forcing a failure.
[  170.114487][ T7075] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  170.175996][ T7075] CPU: 1 UID: 0 PID: 7075 Comm: syz.1.245 Not tainted syzkaller #0 PREEMPT(full) 
[  170.176018][ T7075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  170.176027][ T7075] Call Trace:
[  170.176033][ T7075]  <TASK>
[  170.176039][ T7075]  dump_stack_lvl+0x100/0x190
[  170.176070][ T7075]  should_fail_ex.cold+0x5/0xa
[  170.176092][ T7075]  strncpy_from_user+0x3b/0x2d0
[  170.176117][ T7075]  do_getname+0x78/0x390
[  170.176138][ T7075]  do_sys_openat2+0xc5/0x1e0
[  170.176157][ T7075]  ? __pfx_do_sys_openat2+0x10/0x10
[  170.176184][ T7075]  __x64_sys_openat+0x12d/0x210
[  170.176204][ T7075]  ? __pfx___x64_sys_openat+0x10/0x10
[  170.176226][ T7075]  ? do_user_addr_fault+0x8d6/0x12f0
[  170.176251][ T7075]  do_syscall_64+0x106/0xf80
[  170.176271][ T7075]  ? clear_bhb_loop+0x40/0x90
[  170.176291][ T7075]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  170.176307][ T7075] RIP: 0033:0x7fcb5375cfce
[  170.176322][ T7075] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  170.176336][ T7075] RSP: 002b:00007fcb54678ea8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  170.176352][ T7075] RAX: ffffffffffffffda RBX: 00007fcb5467b6c0 RCX: 00007fcb5375cfce
[  170.176363][ T7075] RDX: 0000000000000002 RSI: 00007fcb53831ed0 RDI: ffffffffffffff9c
[  170.176373][ T7075] RBP: 00007fcb5467b090 R08: 0000000000000000 R09: 0000000000000000
[  170.176382][ T7075] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000031
[  170.176391][ T7075] R13: 0000200000000740 R14: 0000000000000003 R15: 00007ffe9f1d4498
[  170.176413][ T7075]  </TASK>
[  170.206982][ T1890] usb 5-1: USB disconnect, device number 8
[  170.228319][ T7079] netlink: 88 bytes leftover after parsing attributes in process `syz.3.246'.
[  170.409837][ T7080] sg_write: data in/out 28/14 bytes for SCSI command 0x0-- guessing data in;
[  170.409837][ T7080]    program syz.4.244 not setting count and/or reply_len properly
[  170.449689][ T5813] udevd[5813]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  170.850376][   T29] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  171.211572][   T29] usb 4-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xCE, changing to 0x8E
[  171.228086][   T29] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x8E has invalid maxpacket 999, setting to 64
[  171.240997][   T29] usb 4-1: New USB device found, idVendor=2a39, idProduct=3fd4, bcdDevice= 0.40
[  171.250247][   T29] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  171.258649][   T29] usb 4-1: Product: syz
[  171.263143][   T29] usb 4-1: Manufacturer: syz
[  171.268155][   T29] usb 4-1: SerialNumber: syz
[  171.351842][   T30] audit: type=1400 audit(171.310:311): avc:  denied  { audit_write } for  pid=7094 comm="syz.4.251" capability=29  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  171.527753][   T30] audit: type=1400 audit(171.370:312): avc:  denied  { watch watch_reads } for  pid=7094 comm="syz.4.251" path="/44" dev="tmpfs" ino=259 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  171.638088][   T29] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  171.645701][   T29] usb 4-1: MIDIStreaming interface descriptor not found
[  171.715613][   T29] usb 4-1: USB disconnect, device number 13
[  171.769398][ T6156] udevd[6156]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  171.974963][ T7099] netlink: 16 bytes leftover after parsing attributes in process `syz.4.252'.
[  172.013132][ T7105] netlink: 8 bytes leftover after parsing attributes in process `syz.1.253'.
[  172.022063][ T7105] netlink: 4 bytes leftover after parsing attributes in process `syz.1.253'.
[  172.035228][ T7105] netlink: 'syz.1.253': attribute type 11 has an invalid length.
[  172.047792][ T7105] netlink: 'syz.1.253': attribute type 7 has an invalid length.
[  172.485051][   T29] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  172.600244][ T7112] FAULT_INJECTION: forcing a failure.
[  172.600244][ T7112] name failslab, interval 1, probability 0, space 0, times 0
[  172.617531][ T7112] CPU: 1 UID: 0 PID: 7112 Comm: syz.2.255 Not tainted syzkaller #0 PREEMPT(full) 
[  172.617555][ T7112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  172.617566][ T7112] Call Trace:
[  172.617571][ T7112]  <TASK>
[  172.617579][ T7112]  dump_stack_lvl+0x100/0x190
[  172.617611][ T7112]  should_fail_ex.cold+0x5/0xa
[  172.617634][ T7112]  should_failslab+0xc2/0x120
[  172.617661][ T7112]  __kmalloc_cache_noprof+0x7a/0x6f0
[  172.617681][ T7112]  ? percpu_ref_init+0xec/0x3f0
[  172.617703][ T7112]  ? __pfx_free_ioctx_reqs+0x10/0x10
[  172.617722][ T7112]  percpu_ref_init+0xec/0x3f0
[  172.617738][ T7112]  ? __init_waitqueue_head+0xca/0x150
[  172.617762][ T7112]  ioctx_alloc+0x3ee/0x21d0
[  172.617781][ T7112]  ? irqentry_exit+0x180/0x670
[  172.617799][ T7112]  ? lockdep_hardirqs_on+0x78/0x100
[  172.617824][ T7112]  ? __pfx_ioctx_alloc+0x10/0x10
[  172.617847][ T7112]  ? __might_fault+0x111/0x140
[  172.617871][ T7112]  __x64_sys_io_setup+0xc9/0x220
[  172.617893][ T7112]  do_syscall_64+0x106/0xf80
[  172.617916][ T7112]  ? clear_bhb_loop+0x40/0x90
[  172.617938][ T7112]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  172.617955][ T7112] RIP: 0033:0x7f1cde19c799
[  172.617971][ T7112] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  172.617986][ T7112] RSP: 002b:00007f1cdf084028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ce
[  172.618004][ T7112] RAX: ffffffffffffffda RBX: 00007f1cde416090 RCX: 00007f1cde19c799
[  172.618015][ T7112] RDX: 0000000000000000 RSI: 0000200000002e40 RDI: 0000000000000009
[  172.618025][ T7112] RBP: 00007f1cdf084090 R08: 0000000000000000 R09: 0000000000000000
[  172.618035][ T7112] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  172.618045][ T7112] R13: 00007f1cde416128 R14: 00007f1cde416090 R15: 00007ffe12ce00c8
[  172.618069][ T7112]  </TASK>
[  172.864353][   T29] usb 5-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  172.873450][   T29] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  172.881560][   T29] usb 5-1: Product: syz
[  172.885709][   T29] usb 5-1: Manufacturer: syz
[  172.890312][   T29] usb 5-1: SerialNumber: syz
[  172.897246][   T29] usb 5-1: config 0 descriptor??
[  173.145044][   T29] usb 5-1: Firmware version (0.0) predates our first public release.
[  173.155271][   T30] audit: type=1326 audit(173.080:313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7113 comm="syz.3.256" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fba3e19c799 code=0x0
[  173.613398][   T29] usb 5-1: Please update to version 0.2 or newer
[  173.674545][   T29] usb 5-1: USB disconnect, device number 9
[  174.040435][   T30] audit: type=1400 audit(174.000:314): avc:  denied  { wake_alarm } for  pid=7113 comm="syz.3.256" capability=35  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  174.225145][   T30] audit: type=1400 audit(174.180:315): avc:  denied  { ioctl } for  pid=7124 comm="syz.2.258" path="/dev/uhid" dev="devtmpfs" ino=1273 ioctlcmd=0x6607 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  174.285034][   T30] audit: type=1400 audit(174.180:316): avc:  denied  { read } for  pid=7124 comm="syz.2.258" name="mice" dev="devtmpfs" ino=916 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  174.330926][   T30] audit: type=1400 audit(174.180:317): avc:  denied  { open } for  pid=7124 comm="syz.2.258" path="/dev/input/mice" dev="devtmpfs" ino=916 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  174.434657][ T7132] use of bytesused == 0 is deprecated and will be removed in the future,
[  174.467499][ T7132] use the actual size instead.
[  174.509897][ T7135] sctp: [Deprecated]: syz.2.260 (pid 7135) Use of int in max_burst socket option deprecated.
[  174.509897][ T7135] Use struct sctp_assoc_value instead
[  174.583654][   T30] audit: type=1400 audit(174.540:318): avc:  denied  { connect } for  pid=7136 comm="syz.0.262" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  174.678743][   T30] audit: type=1400 audit(174.560:319): avc:  denied  { listen } for  pid=7140 comm="syz.4.264" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  174.740145][ T7146] netlink: 8 bytes leftover after parsing attributes in process `syz.1.263'.
[  175.105957][   T30] audit: type=1400 audit(174.560:320): avc:  denied  { accept } for  pid=7140 comm="syz.4.264" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  176.697844][   T30] kauditd_printk_skb: 35 callbacks suppressed
[  176.697860][   T30] audit: type=1400 audit(176.670:356): avc:  denied  { lock } for  pid=7159 comm="syz.0.266" path="socket:[13959]" dev="sockfs" ino=13959 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1
[  176.747157][   T30] audit: type=1400 audit(176.710:357): avc:  denied  { read write } for  pid=7169 comm="syz.2.269" name="fuse" dev="devtmpfs" ino=99 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1
[  176.770341][   T30] audit: type=1400 audit(176.710:358): avc:  denied  { open } for  pid=7169 comm="syz.2.269" path="/dev/fuse" dev="devtmpfs" ino=99 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1
[  176.805117][ T7170] FAULT_INJECTION: forcing a failure.
[  176.805117][ T7170] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  176.827874][ T7172] netlink: 8 bytes leftover after parsing attributes in process `syz.0.266'.
[  176.839279][ T7172] netlink: 4 bytes leftover after parsing attributes in process `syz.0.266'.
[  176.845421][ T7170] CPU: 0 UID: 0 PID: 7170 Comm: syz.2.269 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  176.845445][ T7170] Tainted: [L]=SOFTLOCKUP
[  176.845450][ T7170] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  176.845459][ T7170] Call Trace:
[  176.845464][ T7170]  <TASK>
[  176.845470][ T7170]  dump_stack_lvl+0x100/0x190
[  176.845498][ T7170]  should_fail_ex.cold+0x5/0xa
[  176.845519][ T7170]  _copy_to_user+0x32/0xd0
[  176.845541][ T7170]  simple_read_from_buffer+0xcb/0x170
[  176.845567][ T7170]  proc_fail_nth_read+0x1af/0x230
[  176.845588][ T7170]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  176.845609][ T7170]  ? rw_verify_area+0xce/0x6d0
[  176.845627][ T7170]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  176.845647][ T7170]  vfs_read+0x1e4/0xb30
[  176.845671][ T7170]  ? __pfx_vfs_read+0x10/0x10
[  176.845691][ T7170]  ? __fget_files+0x215/0x3d0
[  176.845711][ T7170]  ? __fget_files+0x21f/0x3d0
[  176.845731][ T7170]  ksys_read+0x12a/0x250
[  176.845752][ T7170]  ? __pfx_ksys_read+0x10/0x10
[  176.845779][ T7170]  do_syscall_64+0x106/0xf80
[  176.845795][ T7170]  ? clear_bhb_loop+0x40/0x90
[  176.845814][ T7170]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  176.845829][ T7170] RIP: 0033:0x7f1cde15cfce
[  176.845842][ T7170] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  176.845857][ T7170] RSP: 002b:00007f1cdf0a4fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  176.845873][ T7170] RAX: ffffffffffffffda RBX: 00007f1cdf0a56c0 RCX: 00007f1cde15cfce
[  176.845883][ T7170] RDX: 000000000000000f RSI: 00007f1cdf0a50a0 RDI: 0000000000000005
[  176.845892][ T7170] RBP: 00007f1cdf0a5090 R08: 0000000000000000 R09: 0000000000000000
[  176.845901][ T7170] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  176.845909][ T7170] R13: 00007f1cde416038 R14: 00007f1cde415fa0 R15: 00007ffe12ce00c8
[  176.845931][ T7170]  </TASK>
[  176.846129][   T30] audit: type=1400 audit(176.710:359): avc:  denied  { mounton } for  pid=7169 comm="syz.2.269" path="/57/file0" dev="tmpfs" ino=324 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  177.090534][ T7172] netlink: 'syz.0.266': attribute type 11 has an invalid length.
[  177.098368][ T7172] netlink: 'syz.0.266': attribute type 7 has an invalid length.
[  177.106873][   T30] audit: type=1400 audit(176.710:360): avc:  denied  { mount } for  pid=7169 comm="syz.2.269" name="/" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[  177.243826][   T30] audit: type=1400 audit(176.780:361): avc:  denied  { read write } for  pid=7169 comm="syz.2.269" name="file0" dev="fuse" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[  177.687164][ T7189] syz.2.274 uses obsolete (PF_INET,SOCK_PACKET)
[  178.215702][   T30] audit: type=1400 audit(176.780:362): avc:  denied  { open } for  pid=7169 comm="syz.2.269" path="/57/file0/file0" dev="fuse" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[  178.264033][   T30] audit: type=1400 audit(176.800:363): avc:  denied  { setopt } for  pid=7159 comm="syz.0.266" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  178.298331][   T30] audit: type=1400 audit(177.110:364): avc:  denied  { create } for  pid=7173 comm="syz.3.270" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  178.337003][   T30] audit: type=1400 audit(177.110:365): avc:  denied  { setopt } for  pid=7173 comm="syz.3.270" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  178.356464][    T9] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  178.717269][    T9] usb 3-1: config 1 has an invalid descriptor of length 69, skipping remainder of the config
[  178.764810][    T9] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  178.786319][    T9] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  178.827503][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  178.854389][    T9] usb 3-1: SerialNumber: syz
[  179.653892][ T7204] netlink: 28 bytes leftover after parsing attributes in process `syz.4.279'.
[  180.298892][ T7201] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  180.329031][ T7201] Bluetooth: hci0: Error when powering off device on rfkill (-4)
[  180.365802][ T7201] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  180.378273][ T7201] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[  180.397772][ T7201] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  180.404237][ T7201] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[  180.423629][ T7201] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  180.430057][ T7201] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[  180.453076][ T7201] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  180.461219][ T7201] Bluetooth: hci4: Error when powering off device on rfkill (-4)
[  180.522628][    T9] usb 3-1: 0:2 : does not exist
[  180.527867][    T9] usb 3-1: unit 5: unexpected type 0x0e
[  180.666943][    T9] usb 3-1: USB disconnect, device number 10
[  180.781501][ T5825] udevd[5825]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  181.165889][ T7223] x_tables: ip_tables: TCPMSS target: only valid for protocol 6
[  182.350881][   T30] kauditd_printk_skb: 53 callbacks suppressed
[  182.350899][   T30] audit: type=1400 audit(182.280:419): avc:  denied  { read } for  pid=7237 comm="syz.2.288" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  182.559374][   T30] audit: type=1400 audit(182.280:420): avc:  denied  { open } for  pid=7237 comm="syz.2.288" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  182.689456][   T30] audit: type=1400 audit(182.290:421): avc:  denied  { ioctl } for  pid=7237 comm="syz.2.288" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  183.012430][   T30] audit: type=1400 audit(182.960:422): avc:  denied  { ioctl } for  pid=7241 comm="syz.2.289" path="socket:[14070]" dev="sockfs" ino=14070 ioctlcmd=0x8910 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  183.867190][   T30] audit: type=1400 audit(182.980:423): avc:  denied  { module_request } for  pid=7241 comm="syz.2.289" kmod=6E65746465762DADE94EC113C4D75DFF8F685B9F0128 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  184.267000][   T30] audit: type=1400 audit(183.670:424): avc:  denied  { sys_module } for  pid=7241 comm="syz.2.289" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  185.648032][   T30] audit: type=1400 audit(184.180:425): avc:  denied  { sqpoll } for  pid=7251 comm="syz.3.292" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  185.668823][   T30] audit: type=1400 audit(184.210:426): avc:  denied  { read write } for  pid=7251 comm="syz.3.292" name="uhid" dev="devtmpfs" ino=1273 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  185.697825][   T30] audit: type=1400 audit(184.210:427): avc:  denied  { open } for  pid=7251 comm="syz.3.292" path="/dev/uhid" dev="devtmpfs" ino=1273 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  185.780373][   T30] audit: type=1400 audit(184.220:428): avc:  denied  { ioctl } for  pid=7251 comm="syz.3.292" path="/dev/uhid" dev="devtmpfs" ino=1273 ioctlcmd=0x6607 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  186.043759][ T7276] siw: device registration error -23
[  186.058305][ T7276] TCP: tcp_parse_options: Illegal window scaling value 150 > 14 received
[  187.724122][ T7292] bridge0: entered allmulticast mode
[  188.102325][ T5893] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  188.270343][ T5893] usb 2-1: Using ep0 maxpacket: 32
[  188.276824][ T5893] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  188.289034][ T5893] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  188.435531][ T5893] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  188.472717][ T5893] usb 2-1: config 0 descriptor??
[  188.506671][ T5893] hub 2-1:0.0: USB hub found
[  188.603948][   T30] kauditd_printk_skb: 6 callbacks suppressed
[  188.603962][   T30] audit: type=1400 audit(188.580:435): avc:  denied  { create } for  pid=7298 comm="syz.0.305" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  188.650554][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  188.656866][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  188.777198][   T30] audit: type=1400 audit(188.610:436): avc:  denied  { bind } for  pid=7298 comm="syz.0.305" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  188.834056][ T5893] hub 2-1:0.0: 1 port detected
[  189.561555][ T7288] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65 sclass=netlink_route_socket pid=7288 comm=syz.1.302
[  189.584397][ T7288] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=56 sclass=netlink_route_socket pid=7288 comm=syz.1.302
[  189.620379][ T7288] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=51 sclass=netlink_route_socket pid=7288 comm=syz.1.302
[  189.656385][ T5893] usb 2-1: USB disconnect, device number 7
[  189.920366][ T1890] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  190.150341][ T1890] usb 4-1: Using ep0 maxpacket: 32
[  190.160388][ T1890] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  190.186809][ T1890] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  190.209530][ T1890] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  190.231118][ T1890] usb 4-1: config 0 descriptor??
[  190.249909][ T1890] hub 4-1:0.0: USB hub found
[  190.532726][ T7318] netlink: 12 bytes leftover after parsing attributes in process `syz.0.309'.
[  190.555326][ T7318] geneve2: entered promiscuous mode
[  190.611617][ T1890] hub 4-1:0.0: 1 port detected
[  190.709297][   T30] audit: type=1400 audit(190.610:437): avc:  denied  { connect } for  pid=7316 comm="syz.1.308" lport=255 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  190.739400][   T30] audit: type=1400 audit(190.610:438): avc:  denied  { write } for  pid=7316 comm="syz.1.308" laddr=fe80::16 lport=255 faddr=ff01::1 fport=65534 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  190.790932][ T7322] netlink: 'syz.0.309': attribute type 8 has an invalid length.
[  190.867960][ T7318] syzkaller0: entered promiscuous mode
[  190.873452][ T7318] syzkaller0: entered allmulticast mode
[  190.947435][   T30] audit: type=1400 audit(190.860:439): avc:  denied  { setopt } for  pid=7317 comm="syz.0.309" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  191.092919][ T7307] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=27 sclass=netlink_route_socket pid=7307 comm=syz.3.301
[  191.159048][ T7307] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65 sclass=netlink_route_socket pid=7307 comm=syz.3.301
[  191.169774][ T7332] netlink: 16 bytes leftover after parsing attributes in process `syz.2.311'.
[  191.234469][ T7332] bond0: entered promiscuous mode
[  191.239560][ T7332] bond_slave_0: entered promiscuous mode
[  191.249756][ T7332] bond_slave_1: entered promiscuous mode
[  191.263414][ T7332] gretap0: entered promiscuous mode
[  191.270916][ T7332] debugfs: 'hsr1' already exists in 'hsr'
[  191.276705][ T7332] Cannot create hsr debugfs directory
[  191.282314][ T7332] hsr1: entered promiscuous mode
[  191.465040][ T7307] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=56 sclass=netlink_route_socket pid=7307 comm=syz.3.301
[  191.477429][ T7307] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=51 sclass=netlink_route_socket pid=7307 comm=syz.3.301
[  191.610334][   T30] audit: type=1400 audit(190.860:440): avc:  denied  { accept } for  pid=7317 comm="syz.0.309" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  192.690351][   T30] audit: type=1400 audit(190.860:441): avc:  denied  { write } for  pid=7317 comm="syz.0.309" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  192.708902][   T30] audit: type=1400 audit(190.860:442): avc:  denied  { ioctl } for  pid=7317 comm="syz.0.309" path="socket:[14257]" dev="sockfs" ino=14257 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  192.811908][    T9] hub 4-1:0.0: hub_ext_port_status failed (err = -71)
[  192.827900][   T58] usb 4-1: Failed to suspend device, error -71
[  192.829512][ T5893] usb 4-1: USB disconnect, device number 14
[  192.922598][   T30] audit: type=1400 audit(190.910:443): avc:  denied  { write } for  pid=7317 comm="syz.0.309" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  193.001384][   T30] audit: type=1400 audit(191.010:444): avc:  denied  { map } for  pid=7329 comm="syz.2.311" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  194.075716][   T30] kauditd_printk_skb: 5 callbacks suppressed
[  194.075733][   T30] audit: type=1400 audit(194.050:450): avc:  denied  { prog_run } for  pid=7343 comm="syz.0.316" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  194.239951][   T30] audit: type=1400 audit(194.100:451): avc:  denied  { shutdown } for  pid=7343 comm="syz.0.316" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  195.110380][ T5893] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  195.211822][   T30] audit: type=1400 audit(195.170:452): avc:  denied  { write } for  pid=7363 comm="syz.1.322" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  195.324272][   T30] audit: type=1400 audit(195.170:453): avc:  denied  { connect } for  pid=7363 comm="syz.1.322" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  195.360495][   T30] audit: type=1400 audit(195.170:454): avc:  denied  { name_connect } for  pid=7363 comm="syz.1.322" dest=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1
[  195.460350][ T5893] usb 4-1: Using ep0 maxpacket: 32
[  195.471988][ T5893] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  195.503280][ T5893] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  195.540360][ T5893] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  195.591778][ T5893] usb 4-1: config 0 descriptor??
[  195.644781][ T5893] hub 4-1:0.0: USB hub found
[  195.898738][ T5893] hub 4-1:0.0: 1 port detected
[  196.203536][  T977] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  196.300756][ T7355] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=27 sclass=netlink_route_socket pid=7355 comm=syz.3.320
[  196.321953][ T7355] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65 sclass=netlink_route_socket pid=7355 comm=syz.3.320
[  196.351088][ T7355] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=56 sclass=netlink_route_socket pid=7355 comm=syz.3.320
[  196.370438][ T7355] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=51 sclass=netlink_route_socket pid=7355 comm=syz.3.320
[  196.390400][   T29] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  196.402231][ T5893] usb 4-1: USB disconnect, device number 15
[  196.419585][  T977] usb 2-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  196.475486][  T977] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  196.512691][  T977] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  196.539492][  T977] usb 2-1: SerialNumber: syz
[  196.560494][   T29] usb 5-1: Using ep0 maxpacket: 32
[  196.581538][   T29] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  196.620742][   T29] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  196.645704][   T29] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  196.674464][   T29] usb 5-1: config 0 descriptor??
[  196.693707][   T29] hub 5-1:0.0: USB hub found
[  196.993001][   T29] hub 5-1:0.0: 1 port detected
[  198.169153][  T977] cdc_ether 2-1:1.0 usb0: register 'cdc_ether' at usb-dummy_hcd.1-1, CDC Ethernet Device, 42:42:42:42:42:42
[  198.278961][ T7374] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=27 sclass=netlink_route_socket pid=7374 comm=syz.4.313
[  198.304552][ T7374] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65 sclass=netlink_route_socket pid=7374 comm=syz.4.313
[  198.336800][ T7374] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=56 sclass=netlink_route_socket pid=7374 comm=syz.4.313
[  198.369570][ T7374] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=51 sclass=netlink_route_socket pid=7374 comm=syz.4.313
[  198.401956][   T29] usb 5-1: USB disconnect, device number 10
[  198.472306][   T30] audit: type=1400 audit(198.450:455): avc:  denied  { read open } for  pid=7392 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1842 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  198.525803][   T30] audit: type=1400 audit(198.450:456): avc:  denied  { getattr } for  pid=7392 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1842 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  198.570354][  T977] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  198.697131][   T30] audit: type=1400 audit(198.670:457): avc:  denied  { add_name } for  pid=7391 comm="dhcpcd-run-hook" name="resolv.conf.usb0.link" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  198.741473][  T977] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  198.751717][  T977] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  198.770423][   T30] audit: type=1400 audit(198.670:458): avc:  denied  { create } for  pid=7391 comm="dhcpcd-run-hook" name="resolv.conf.usb0.link" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  198.792565][   T30] audit: type=1400 audit(198.670:459): avc:  denied  { write } for  pid=7391 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf.usb0.link" dev="tmpfs" ino=3647 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  198.820784][  T977] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  198.829862][  T977] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  198.839062][  T977] usb 3-1: Product: syz
[  198.843591][  T977] usb 3-1: Manufacturer: syz
[  198.848191][  T977] usb 3-1: SerialNumber: syz
[  198.866927][  T977] cdc_mbim 3-1:1.0: skipping garbage
[  199.042459][ T5893] usb 2-1: USB disconnect, device number 8
[  199.066257][ T5893] cdc_ether 2-1:1.0 usb0: unregister 'cdc_ether' usb-dummy_hcd.1-1, CDC Ethernet Device
[  199.109067][   T30] kauditd_printk_skb: 3 callbacks suppressed
[  199.109081][   T30] audit: type=1400 audit(199.080:463): avc:  denied  { append } for  pid=7412 comm="syz.3.327" name="cec0" dev="devtmpfs" ino=950 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  199.225711][   T30] audit: type=1400 audit(199.140:464): avc:  denied  { mount } for  pid=7412 comm="syz.3.327" name="/" dev="configfs" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1
[  199.380795][ T7390] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  199.399353][   T30] audit: type=1400 audit(199.140:465): avc:  denied  { mounton } for  pid=7412 comm="syz.3.327" path="/61/file0" dev="configfs" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  199.429303][ T7416] netlink: 4 bytes leftover after parsing attributes in process `syz.3.327'.
[  199.476975][ T7421] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  199.489729][ T7421] FAULT_INJECTION: forcing a failure.
[  199.489729][ T7421] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  199.502833][ T7421] CPU: 1 UID: 0 PID: 7421 Comm: syz.4.329 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  199.502860][ T7421] Tainted: [L]=SOFTLOCKUP
[  199.502866][ T7421] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  199.502881][ T7421] Call Trace:
[  199.502888][ T7421]  <TASK>
[  199.502894][ T7421]  dump_stack_lvl+0x100/0x190
[  199.502929][ T7421]  should_fail_ex.cold+0x5/0xa
[  199.502952][ T7421]  _copy_from_user+0x2e/0xd0
[  199.502977][ T7421]  memdup_user+0x6b/0xe0
[  199.503002][ T7421]  strndup_user+0x78/0xe0
[  199.503027][ T7421]  __do_sys_add_key+0x160/0x460
[  199.503053][ T7421]  ? __pfx___do_sys_add_key+0x10/0x10
[  199.503079][ T7421]  ? rcu_is_watching+0x12/0xc0
[  199.503105][ T7421]  do_syscall_64+0x106/0xf80
[  199.503122][ T7421]  ? clear_bhb_loop+0x40/0x90
[  199.503144][ T7421]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  199.503162][ T7421] RIP: 0033:0x7fabae59c799
[  199.503176][ T7421] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  199.503192][ T7421] RSP: 002b:00007fabac7b4028 EFLAGS: 00000246 ORIG_RAX: 00000000000000f8
[  199.503209][ T7421] RAX: ffffffffffffffda RBX: 00007fabae816180 RCX: 00007fabae59c799
[  199.503220][ T7421] RDX: 0000200000000440 RSI: 0000200000000300 RDI: 00002000000002c0
[  199.503231][ T7421] RBP: 00007fabac7b4090 R08: ffffffffffffffff R09: 0000000000000000
[  199.503241][ T7421] R10: 0000000000000048 R11: 0000000000000246 R12: 0000000000000001
[  199.503251][ T7421] R13: 00007fabae816218 R14: 00007fabae816180 R15: 00007ffd2bcb5c48
[  199.503275][ T7421]  </TASK>
[  199.644102][ T7390] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  200.199705][  T977] cdc_mbim 3-1:1.0: failed GET_NTB_PARAMETERS
[  200.213647][   T30] audit: type=1400 audit(200.190:466): avc:  denied  { mount } for  pid=7427 comm="syz.1.331" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1
[  200.216776][  T977] cdc_mbim 3-1:1.0: bind() failure
[  200.344009][  T977] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found
[  200.360341][  T977] cdc_ncm 3-1:1.1: bind() failure
[  200.928396][   T30] audit: type=1400 audit(200.900:467): avc:  denied  { unmount } for  pid=5806 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1
[  200.972199][ T7436] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  200.981825][ T7436] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  201.124013][ T7431] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  201.585636][   T30] audit: type=1400 audit(201.560:468): avc:  denied  { bind } for  pid=7445 comm="syz.3.333" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  201.649102][   T30] audit: type=1400 audit(201.560:469): avc:  denied  { name_bind } for  pid=7445 comm="syz.3.333" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1
[  201.809865][   T30] audit: type=1400 audit(201.560:470): avc:  denied  { node_bind } for  pid=7445 comm="syz.3.333" saddr=224.0.0.2 src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1
[  201.970383][ T7463] netlink: 16 bytes leftover after parsing attributes in process `syz.0.337'.
[  202.272100][ T5893] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  202.578811][   T24] usb 3-1: USB disconnect, device number 11
[  202.710607][ T5893] usb 2-1: Using ep0 maxpacket: 32
[  202.788239][ T5893] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  202.852036][ T5893] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  202.872292][   T30] audit: type=1400 audit(202.850:471): avc:  denied  { create } for  pid=7473 comm="syz.2.342" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  202.875305][ T5893] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  203.178725][ T5893] usb 2-1: config 0 descriptor??
[  203.199006][   T30] audit: type=1400 audit(203.000:472): avc:  denied  { create } for  pid=7470 comm="syz.0.341" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  203.217684][   T24] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  203.278622][ T5893] hub 2-1:0.0: USB hub found
[  203.370383][   T24] usb 3-1: Using ep0 maxpacket: 16
[  203.387204][   T24] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  203.462022][   T24] usb 3-1: config 0 interface 0 has no altsetting 0
[  203.477458][ T5893] hub 2-1:0.0: 1 port detected
[  203.502049][   T24] usb 3-1: New USB device found, idVendor=15c2, idProduct=0041, bcdDevice=1f.20
[  203.543585][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  203.576610][   T24] usb 3-1: Product: syz
[  203.587297][   T24] usb 3-1: Manufacturer: syz
[  203.627415][   T24] usb 3-1: SerialNumber: syz
[  203.671864][   T24] usb 3-1: config 0 descriptor??
[  203.901915][ T7444] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=27 sclass=netlink_route_socket pid=7444 comm=syz.1.334
[  204.281174][   T24] input: iMON Panel, Knob and Mouse(15c2:0041) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input6
[  204.309007][ T7444] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65 sclass=netlink_route_socket pid=7444 comm=syz.1.334
[  204.322589][ T7444] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=56 sclass=netlink_route_socket pid=7444 comm=syz.1.334
[  204.336971][ T7444] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=51 sclass=netlink_route_socket pid=7444 comm=syz.1.334
[  204.354939][   T30] kauditd_printk_skb: 5 callbacks suppressed
[  204.354951][   T30] audit: type=1400 audit(204.330:478): avc:  denied  { read } for  pid=5165 comm="acpid" name="mouse1" dev="devtmpfs" ino=2963 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  204.409164][   T30] audit: type=1400 audit(204.330:479): avc:  denied  { open } for  pid=5165 comm="acpid" path="/dev/input/mouse1" dev="devtmpfs" ino=2963 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  204.458673][ T5893] usb 2-1: USB disconnect, device number 9
[  204.513001][   T30] audit: type=1400 audit(204.330:480): avc:  denied  { ioctl } for  pid=5165 comm="acpid" path="/dev/input/mouse1" dev="devtmpfs" ino=2963 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  204.670323][   T24] rc_core: IR keymap rc-imon-pad not found
[  204.676195][   T24] Registered IR keymap rc-empty
[  204.798690][   T24] imon 3-1:0.0: Looks like you're trying to use an IR protocol this device does not support
[  204.817756][   T24] imon 3-1:0.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[  204.959123][ T7501] netlink: 4 bytes leftover after parsing attributes in process `syz.4.345'.
[  205.343724][   T24] rc rc0: iMON Remote (15c2:0041) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0
[  205.384222][   T24] input: iMON Remote (15c2:0041) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input7
[  205.450911][   T24] imon 3-1:0.0: iMON device (15c2:0041, intf0) on usb<3:12> initialized
[  205.923713][ T7523] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  205.932472][ T7523] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  205.946243][   T30] audit: type=1400 audit(205.900:481): avc:  denied  { connect } for  pid=7473 comm="syz.2.342" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  206.193845][ T1890] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  206.329897][ T7529] trusted_key: syz.3.351 sent an empty control message without MSG_MORE.
[  206.359558][   T30] audit: type=1400 audit(206.330:482): avc:  denied  { read } for  pid=7528 comm="syz.3.351" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  206.379665][ T1890] usb 5-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  206.392448][ T1890] usb 5-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18
[  206.405466][ T1890] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  206.431544][ T1890] gspca_main: stv0680-2.14.0 probing 041e:4007
[  206.630354][   T24] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  207.024856][   T24] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  207.038729][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  207.049304][   T24] usb 4-1: Product: syz
[  207.056375][   T24] usb 4-1: Manufacturer: syz
[  207.063243][   T24] usb 4-1: SerialNumber: syz
[  207.131929][   T24] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  207.148433][   T30] audit: type=1400 audit(207.120:483): avc:  denied  { firmware_load } for  pid=29 comm="kworker/1:1" path="/lib/firmware/ath9k_htc/htc_9271-1.4.0.fw" dev="sda1" ino=313 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:lib_t tclass=system permissive=1
[  207.195058][   T29] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  207.535487][ T1890] stv0680 5-1:4.0: STV(e): camera ping failed!!
[  207.635245][    C1] imon 3-1:0.0: imon usb_rx_callback_intf0: status(-71)
[  207.635622][ T1881] usb 3-1: USB disconnect, device number 12
[  207.744508][ T7538] ªªªªªª5gæ¹Q[Ô: renamed from lo (while UP)
[  207.763078][ T1890] gspca_stv0680: usb_control_msg error 0, request = 0x80, error = -71
[  207.807704][ T1890] stv0680 5-1:4.0: last error: 249,  command = 0x98
[  207.827188][ T1890] usb 5-1: USB disconnect, device number 11
[  208.024747][ T1881] usb 4-1: USB disconnect, device number 16
[  208.153349][ T7541] netlink: 16 bytes leftover after parsing attributes in process `syz.2.354'.
[  208.198744][   T30] audit: type=1400 audit(208.170:484): avc:  denied  { connect } for  pid=7544 comm="syz.1.355" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  208.259710][   T30] audit: type=1400 audit(208.190:485): avc:  denied  { setopt } for  pid=7544 comm="syz.1.355" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  208.337526][   T30] audit: type=1400 audit(208.200:486): avc:  denied  { read } for  pid=7544 comm="syz.1.355" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  208.480496][   T29] usb 4-1: Service connection timeout for: 256
[  208.972069][ T5893] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  209.075511][   T29] ath9k_htc 4-1:1.0: ath9k_htc: Unable to initialize HTC services
[  209.095445][   T29] ath9k_htc: Failed to initialize the device
[  209.112002][ T1881] usb 4-1: ath9k_htc: USB layer deinitialized
[  209.236695][ T5893] usb 3-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  209.277744][ T5893] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  209.306096][ T5893] usb 3-1: Product: syz
[  209.329982][ T5893] usb 3-1: Manufacturer: syz
[  209.349287][ T5893] usb 3-1: SerialNumber: syz
[  209.378982][ T5893] usb 3-1: config 0 descriptor??
[  209.383090][ T7563] sg_write: data in/out 28/14 bytes for SCSI command 0x0-- guessing data in;
[  209.383090][ T7563]    program syz.1.360 not setting count and/or reply_len properly
[  209.400613][   T30] audit: type=1400 audit(209.360:487): avc:  denied  { read write } for  pid=7559 comm="syz.1.360" name="sg0" dev="devtmpfs" ino=794 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  209.424409][ T7564] netlink: 4 bytes leftover after parsing attributes in process `syz.0.359'.
[  209.484280][   T30] audit: type=1400 audit(209.360:488): avc:  denied  { open } for  pid=7559 comm="syz.1.360" path="/dev/sg0" dev="devtmpfs" ino=794 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  209.894080][ T5893] usb 3-1: Firmware version (0.0) predates our first public release.
[  209.915532][ T5893] usb 3-1: Please update to version 0.2 or newer
[  209.974679][   T30] audit: type=1400 audit(209.360:489): avc:  denied  { ioctl } for  pid=7559 comm="syz.1.360" path="/dev/sg0" dev="devtmpfs" ino=794 ioctlcmd=0x2285 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  210.073905][ T7570] xt_CT: You must specify a L4 protocol and not use inversions on it
[  210.085469][ T5893] usb 3-1: USB disconnect, device number 13
[  210.122441][   T30] audit: type=1400 audit(210.100:490): avc:  denied  { create } for  pid=7552 comm="syz.4.357" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  210.563572][   T30] audit: type=1400 audit(210.500:491): avc:  denied  { write } for  pid=7552 comm="syz.4.357" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  210.700510][ T7576] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  210.924545][ T7579] kAFS: unable to lookup cell '(,c¾Ì'
[  211.339921][   T30] audit: type=1400 audit(211.310:492): avc:  denied  { mount } for  pid=7575 comm="syz.0.362" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1
[  211.558711][   T30] audit: type=1400 audit(211.530:493): avc:  denied  { read } for  pid=7584 comm="syz.2.364" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  211.977117][   T30] audit: type=1400 audit(211.530:494): avc:  denied  { open } for  pid=7584 comm="syz.2.364" path="/dev/fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  212.010843][ T7585] Bluetooth: MGMT ver 1.23
[  212.250462][ T1890] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  212.353168][   T30] audit: type=1400 audit(212.320:495): avc:  denied  { write } for  pid=7592 comm="syz.1.367" name="renderD128" dev="devtmpfs" ino=626 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  212.395581][   T30] audit: type=1400 audit(212.330:496): avc:  denied  { ioctl } for  pid=7592 comm="syz.1.367" path="/dev/dri/renderD128" dev="devtmpfs" ino=626 ioctlcmd=0x64c1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  212.442060][ T1890] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  212.454309][ T1890] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  212.478975][ T1890] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  212.488511][ T1890] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  212.505671][ T1890] usb 3-1: Product: syz
[  212.510704][ T1890] usb 3-1: Manufacturer: syz
[  212.515376][ T1890] usb 3-1: SerialNumber: syz
[  212.618706][ T1890] cdc_mbim 3-1:1.0: skipping garbage
[  213.425329][ T1890] cdc_mbim 3-1:1.0: bind() failure
[  213.447622][ T1890] usbtest 3-1:1.1: probe with driver usbtest failed with error -71
[  213.489960][ T1890] usb 3-1: USB disconnect, device number 14
[  213.802917][ T7608] overlayfs: conflicting options: userxattr,redirect_dir=on
[  214.997239][ T7616] FAULT_INJECTION: forcing a failure.
[  214.997239][ T7616] name failslab, interval 1, probability 0, space 0, times 0
[  215.010079][ T7616] CPU: 0 UID: 0 PID: 7616 Comm: syz.2.376 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  215.010105][ T7616] Tainted: [L]=SOFTLOCKUP
[  215.010108][ T7616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  215.010115][ T7616] Call Trace:
[  215.010118][ T7616]  <TASK>
[  215.010123][ T7616]  dump_stack_lvl+0x100/0x190
[  215.010145][ T7616]  should_fail_ex.cold+0x5/0xa
[  215.010159][ T7616]  should_failslab+0xc2/0x120
[  215.010177][ T7616]  __kmalloc_cache_noprof+0x7a/0x6f0
[  215.010190][ T7616]  ? copy_mount_options+0x55/0x190
[  215.010208][ T7616]  copy_mount_options+0x55/0x190
[  215.010224][ T7616]  __x64_sys_mount+0x1ab/0x310
[  215.010237][ T7616]  ? __pfx___x64_sys_mount+0x10/0x10
[  215.010254][ T7616]  do_syscall_64+0x106/0xf80
[  215.010273][ T7616]  ? clear_bhb_loop+0x40/0x90
[  215.010295][ T7616]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  215.010311][ T7616] RIP: 0033:0x7f1cde19c799
[  215.010324][ T7616] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  215.010335][ T7616] RSP: 002b:00007f1cdf084028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  215.010346][ T7616] RAX: ffffffffffffffda RBX: 00007f1cde416090 RCX: 00007f1cde19c799
[  215.010353][ T7616] RDX: 00002000000002c0 RSI: 0000200000000240 RDI: 0000000000000000
[  215.010359][ T7616] RBP: 00007f1cdf084090 R08: 0000200000000300 R09: 0000000000000000
[  215.010365][ T7616] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  215.010371][ T7616] R13: 00007f1cde416128 R14: 00007f1cde416090 R15: 00007ffe12ce00c8
[  215.010385][ T7616]  </TASK>
[  215.474783][   T30] kauditd_printk_skb: 3 callbacks suppressed
[  215.474794][   T30] audit: type=1400 audit(215.440:498): avc:  denied  { read } for  pid=7622 comm="syz.4.377" name="snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  215.527733][   T30] audit: type=1400 audit(215.440:499): avc:  denied  { open } for  pid=7622 comm="syz.4.377" path="/dev/snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  215.705764][   T30] audit: type=1400 audit(215.670:500): avc:  denied  { mount } for  pid=7626 comm="syz.3.378" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  216.341587][   T30] audit: type=1400 audit(216.320:501): avc:  denied  { setopt } for  pid=7638 comm="syz.1.374" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  216.416215][   T30] audit: type=1400 audit(216.390:502): avc:  denied  { write } for  pid=7638 comm="syz.1.374" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  216.723796][   T30] audit: type=1400 audit(216.650:503): avc:  denied  { read } for  pid=7638 comm="syz.1.374" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  217.445456][   T30] audit: type=1400 audit(217.410:504): avc:  denied  { mounton } for  pid=7646 comm="syz.0.383" path="/syzcgroup/unified/syz0" dev="cgroup2" ino=158 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1
[  217.593890][   T30] audit: type=1400 audit(217.560:505): avc:  denied  { shutdown } for  pid=7646 comm="syz.0.383" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  218.860195][ T7660] dummy0: entered promiscuous mode
[  219.474202][   T30] audit: type=1400 audit(219.160:506): avc:  denied  { write } for  pid=7656 comm="syz.1.387" name="001" dev="devtmpfs" ino=742 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  219.584040][ T7665] netlink: 28 bytes leftover after parsing attributes in process `syz.4.388'.
[  219.800585][ T7656] dummy0: left promiscuous mode
[  219.868174][   T30] audit: type=1400 audit(219.570:507): avc:  denied  { read } for  pid=7664 comm="syz.4.388" name="nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  220.016791][ T7671] netlink: 16 bytes leftover after parsing attributes in process `syz.3.390'.
[  220.028297][ T7671] bond0: entered promiscuous mode
[  220.033860][ T7671] bond_slave_0: entered promiscuous mode
[  220.040046][ T7671] bond_slave_1: entered promiscuous mode
[  220.046533][ T7671] gretap0: entered promiscuous mode
[  220.052253][ T7671] debugfs: 'hsr1' already exists in 'hsr'
[  220.057947][ T7671] Cannot create hsr debugfs directory
[  220.063319][ T7671] hsr1: entered promiscuous mode
[  220.350425][ T1881] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  220.514373][ T1881] usb 4-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  220.578984][ T1881] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  220.597350][ T1881] usb 4-1: Product: syz
[  220.607320][ T1881] usb 4-1: Manufacturer: syz
[  220.617608][ T1881] usb 4-1: SerialNumber: syz
[  220.651298][ T1881] usb 4-1: config 0 descriptor??
[  220.944401][ T7681] FAULT_INJECTION: forcing a failure.
[  220.944401][ T7681] name failslab, interval 1, probability 0, space 0, times 0
[  220.957145][ T7681] CPU: 1 UID: 0 PID: 7681 Comm: syz.1.391 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  220.957172][ T7681] Tainted: [L]=SOFTLOCKUP
[  220.957178][ T7681] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  220.957188][ T7681] Call Trace:
[  220.957194][ T7681]  <TASK>
[  220.957201][ T7681]  dump_stack_lvl+0x100/0x190
[  220.957232][ T7681]  should_fail_ex.cold+0x5/0xa
[  220.957255][ T7681]  should_failslab+0xc2/0x120
[  220.957281][ T7681]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  220.957303][ T7681]  ? alloc_empty_file+0x55/0x1c0
[  220.957323][ T7681]  ? __pfx_stack_trace_save+0x10/0x10
[  220.957349][ T7681]  alloc_empty_file+0x55/0x1c0
[  220.957370][ T7681]  path_openat+0xe8/0x31a0
[  220.957385][ T7681]  ? kasan_save_stack+0x3f/0x50
[  220.957406][ T7681]  ? kasan_save_stack+0x30/0x50
[  220.957432][ T7681]  ? kasan_save_track+0x14/0x30
[  220.957453][ T7681]  ? __kasan_slab_alloc+0x89/0x90
[  220.957476][ T7681]  ? kmem_cache_alloc_noprof+0x241/0x6e0
[  220.957497][ T7681]  ? do_getname+0x35/0x390
[  220.957515][ T7681]  ? do_sys_openat2+0xc5/0x1e0
[  220.957534][ T7681]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  220.957554][ T7681]  ? __pfx_path_openat+0x10/0x10
[  220.957581][ T7681]  do_file_open+0x20e/0x430
[  220.957600][ T7681]  ? __pfx_do_file_open+0x10/0x10
[  220.957634][ T7681]  ? alloc_fd+0x476/0x790
[  220.957654][ T7681]  ? do_getname+0x191/0x390
[  220.957676][ T7681]  do_sys_openat2+0x10d/0x1e0
[  220.957695][ T7681]  ? __pfx_do_sys_openat2+0x10/0x10
[  220.957712][ T7681]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  220.957736][ T7681]  ? __fget_files+0x21f/0x3d0
[  220.957757][ T7681]  __x64_sys_openat+0x12d/0x210
[  220.957777][ T7681]  ? __pfx___x64_sys_openat+0x10/0x10
[  220.957795][ T7681]  ? ksys_write+0x1ac/0x250
[  220.957826][ T7681]  do_syscall_64+0x106/0xf80
[  220.957843][ T7681]  ? clear_bhb_loop+0x40/0x90
[  220.957865][ T7681]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  220.957882][ T7681] RIP: 0033:0x7fcb5379c799
[  220.957897][ T7681] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  220.957913][ T7681] RSP: 002b:00007fcb54639028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  220.957930][ T7681] RAX: ffffffffffffffda RBX: 00007fcb53a16180 RCX: 00007fcb5379c799
[  220.957941][ T7681] RDX: 0000000000000042 RSI: 0000200000000080 RDI: ffffffffffffff9c
[  220.957951][ T7681] RBP: 00007fcb54639090 R08: 0000000000000000 R09: 0000000000000000
[  220.957961][ T7681] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  220.957971][ T7681] R13: 00007fcb53a16218 R14: 00007fcb53a16180 R15: 00007ffe9f1d4498
[  220.957995][ T7681]  </TASK>
[  221.220949][ T7680] overlay: filesystem on ./file0 not supported as upperdir
[  221.858959][ T1881] usb 4-1: Firmware version (0.0) predates our first public release.
[  221.868187][ T1881] usb 4-1: Please update to version 0.2 or newer
[  221.902839][ T1881] usb 4-1: USB disconnect, device number 17
[  222.720401][   T30] kauditd_printk_skb: 3 callbacks suppressed
[  222.720507][   T30] audit: type=1400 audit(222.680:511): avc:  denied  { read } for  pid=7702 comm="syz.4.397" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  222.811894][   T30] audit: type=1400 audit(222.750:512): avc:  denied  { mount } for  pid=7702 comm="syz.4.397" name="/" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1
[  222.880803][   T30] audit: type=1400 audit(222.790:513): avc:  denied  { mounton } for  pid=7702 comm="syz.4.397" path="/79/file0" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  223.210345][   T30] audit: type=1400 audit(222.890:514): avc:  denied  { create } for  pid=7702 comm="syz.4.397" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  223.255054][   T30] audit: type=1400 audit(222.890:515): avc:  denied  { setopt } for  pid=7702 comm="syz.4.397" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  223.380786][   T30] audit: type=1400 audit(223.350:516): avc:  denied  { unmount } for  pid=5815 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1
[  223.638408][   T30] audit: type=1400 audit(223.590:517): avc:  denied  { audit_control } for  pid=7711 comm="syz.4.400" capability=30  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  224.650348][   T30] audit: type=1400 audit(223.740:518): avc:  denied  { create } for  pid=7710 comm="syz.2.402" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  225.140077][   T29] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  225.159349][   T30] audit: type=1400 audit(225.130:519): avc:  denied  { open } for  pid=7722 comm="syz.2.404" path="/dev/ptyq9" dev="devtmpfs" ino=128 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1
[  225.194613][ T7723] mmap: syz.2.404 (7723) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  225.333859][   T30] audit: type=1400 audit(225.300:520): avc:  denied  { ioctl } for  pid=7729 comm="syz.2.406" path="socket:[17563]" dev="sockfs" ino=17563 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  225.390348][   T29] usb 4-1: Using ep0 maxpacket: 32
[  225.397594][   T29] usb 4-1: unable to get BOS descriptor or descriptor too short
[  225.425163][   T29] usb 4-1: New USB device found, idVendor=0499, idProduct=1054, bcdDevice= 0.40
[  225.450979][   T29] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  225.460625][  T791] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  225.487347][   T29] usb 4-1: Product: syz
[  225.498227][   T29] usb 4-1: Manufacturer: syz
[  225.510742][   T29] usb 4-1: SerialNumber: syz
[  225.630339][  T791] usb 2-1: Using ep0 maxpacket: 32
[  225.656304][  T791] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  225.667858][  T791] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  225.678651][  T791] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  225.702144][  T791] usb 2-1: config 0 descriptor??
[  225.731643][  T791] hub 2-1:0.0: USB hub found
[  225.766293][   T29] usb 4-1: parse_audio_format_rates_v2v3(): unable to find clock source (clock -22)
[  225.804623][   T29] usb 4-1: unit 37 not found!
[  225.820857][   T29] usb 4-1: unit 0 not found!
[  225.943657][   T29] usb 4-1: USB disconnect, device number 18
[  225.985932][ T1881] IPVS: starting estimator thread 0...
[  225.992734][ T7734] IPVS: set_ctl: invalid protocol: 135 10.1.1.2:20001
[  226.007003][ T7734] IPVS: wrr: FWM 3 0x00000003 - no destination available
[  226.010342][ T5826] udevd[5826]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  226.074326][ T7734] netlink: 'syz.0.407': attribute type 1 has an invalid length.
[  226.083250][  T791] hub 2-1:0.0: 1 port detected
[  226.085660][ T7734] netlink: 96 bytes leftover after parsing attributes in process `syz.0.407'.
[  226.111024][ T7735] IPVS: using max 48 ests per chain, 115200 per kthread
[  226.114455][ T7734] netlink: 1 bytes leftover after parsing attributes in process `syz.0.407'.
[  226.128523][ T7734] netlink: 'syz.0.407': attribute type 1 has an invalid length.
[  226.550890][   T29] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  226.740194][   T29] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  226.752339][ T7715] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=27 sclass=netlink_route_socket pid=7715 comm=syz.1.401
[  226.774930][ T7715] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65 sclass=netlink_route_socket pid=7715 comm=syz.1.401
[  226.790059][   T29] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  226.822708][   T29] usb 1-1: New USB device found, idVendor=0582, idProduct=0582, bcdDevice= 0.40
[  226.833531][   T29] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  226.842207][ T7715] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=56 sclass=netlink_route_socket pid=7715 comm=syz.1.401
[  226.855324][   T29] usb 1-1: Product: syz
[  226.859550][   T29] usb 1-1: Manufacturer: syz
[  226.864333][   T29] usb 1-1: SerialNumber: syz
[  226.870098][ T7715] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=51 sclass=netlink_route_socket pid=7715 comm=syz.1.401
[  226.893126][  T791] usb 2-1: USB disconnect, device number 10
[  227.017059][ T7759] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  227.106765][   T29] usb 1-1: 0:1 : does not exist
[  227.125244][   T29] usb 1-1: BAAD SPEAKER p_chmask mismatch
[  227.318245][   T29] snd-usb-audio 1-1:1.0: probe with driver snd-usb-audio failed with error -22
[  227.942175][   T30] kauditd_printk_skb: 6 callbacks suppressed
[  227.942191][   T30] audit: type=1400 audit(227.670:527): avc:  denied  { name_bind } for  pid=7762 comm="syz.4.418" src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  227.946769][   T29] usb 1-1: USB disconnect, device number 5
[  227.948287][   T30] audit: type=1400 audit(227.670:528): avc:  denied  { node_bind } for  pid=7762 comm="syz.4.418" saddr=224.0.0.1 src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[  228.135389][ T5825] udevd[5825]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  228.329595][ T7774] FAULT_INJECTION: forcing a failure.
[  228.329595][ T7774] name failslab, interval 1, probability 0, space 0, times 0
[  228.384618][ T7774] CPU: 0 UID: 0 PID: 7774 Comm: syz.0.421 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  228.384650][ T7774] Tainted: [L]=SOFTLOCKUP
[  228.384655][ T7774] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  228.384665][ T7774] Call Trace:
[  228.384671][ T7774]  <TASK>
[  228.384678][ T7774]  dump_stack_lvl+0x100/0x190
[  228.384712][ T7774]  should_fail_ex.cold+0x5/0xa
[  228.384735][ T7774]  ? tomoyo_realpath_from_path+0xb6/0x690
[  228.384756][ T7774]  should_failslab+0xc2/0x120
[  228.384783][ T7774]  __kmalloc_noprof+0xe0/0x850
[  228.384812][ T7774]  tomoyo_realpath_from_path+0xb6/0x690
[  228.384840][ T7774]  tomoyo_check_open_permission+0x2af/0x3c0
[  228.384871][ T7774]  ? __pfx_tomoyo_check_open_permission+0x10/0x10
[  228.384899][ T7774]  ? ovl_path_open+0x182/0x1d0
[  228.384925][ T7774]  ? wrap_directory_iterator+0xa2/0xe0
[  228.384949][ T7774]  ? iterate_dir+0x296/0xae0
[  228.384995][ T7774]  ? do_raw_spin_lock+0x128/0x260
[  228.385018][ T7774]  ? path_get+0x61/0x80
[  228.385040][ T7774]  tomoyo_file_open+0x6b/0x90
[  228.385064][ T7774]  security_file_open+0xb5/0x1e0
[  228.385086][ T7774]  do_dentry_open+0x5aa/0x1660
[  228.385114][ T7774]  ? lockdep_init_map_type+0x5c/0x250
[  228.385135][ T7774]  vfs_open+0x82/0x3f0
[  228.385158][ T7774]  dentry_open+0x71/0xd0
[  228.385176][ T7774]  ovl_path_open+0x182/0x1d0
[  228.385204][ T7774]  ovl_dir_read_merged+0x2e8/0x790
[  228.385235][ T7774]  ? __pfx_ovl_dir_read_merged+0x10/0x10
[  228.385272][ T7774]  ? __pfx_ovl_fill_merge+0x10/0x10
[  228.385314][ T7774]  ovl_iterate+0xb7b/0x11e0
[  228.385343][ T7774]  ? __pfx_down_read_killable+0x10/0x10
[  228.385368][ T7774]  ? __pfx_ovl_iterate+0x10/0x10
[  228.385394][ T7774]  wrap_directory_iterator+0xa2/0xe0
[  228.385420][ T7774]  iterate_dir+0x296/0xae0
[  228.385449][ T7774]  __x64_sys_getdents64+0x13b/0x2c0
[  228.385476][ T7774]  ? __pfx___x64_sys_getdents64+0x10/0x10
[  228.385500][ T7774]  ? fput+0x79/0x100
[  228.385518][ T7774]  ? __pfx_filldir64+0x10/0x10
[  228.385552][ T7774]  do_syscall_64+0x106/0xf80
[  228.385570][ T7774]  ? clear_bhb_loop+0x40/0x90
[  228.385597][ T7774]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  228.385614][ T7774] RIP: 0033:0x7f0225d9c799
[  228.385631][ T7774] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  228.385647][ T7774] RSP: 002b:00007f0226be5028 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[  228.385664][ T7774] RAX: ffffffffffffffda RBX: 00007f0226015fa0 RCX: 00007f0225d9c799
[  228.385676][ T7774] RDX: 0000000000000051 RSI: 0000200000000280 RDI: 0000000000000004
[  228.385687][ T7774] RBP: 00007f0226be5090 R08: 0000000000000000 R09: 0000000000000000
[  228.385697][ T7774] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  228.385706][ T7774] R13: 00007f0226016038 R14: 00007f0226015fa0 R15: 00007ffd5c945a58
[  228.385732][ T7774]  </TASK>
[  228.385761][ T7774] ERROR: Out of memory at tomoyo_realpath_from_path.
[  229.190380][   T30] audit: type=1400 audit(228.720:529): avc:  denied  { map } for  pid=7775 comm="syz.4.420" path="/dev/video3" dev="devtmpfs" ino=936 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[  229.218311][   T24] libceph: connect (1)[c::]:6789 error -13
[  229.334278][ T7778] ceph: No mds server is up or the cluster is laggy
[  229.343195][   T24] libceph: mon0 (1)[c::]:6789 connect error
[  229.488409][   T30] audit: type=1400 audit(229.460:530): avc:  denied  { name_bind } for  pid=7788 comm="syz.1.424" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1
[  229.596153][ T7790] bridge0: port 2(bridge_slave_1) entered disabled state
[  229.603680][ T7790] bridge0: port 1(bridge_slave_0) entered disabled state
[  229.628936][ T7790] bridge0: entered allmulticast mode
[  229.806056][ T7800] bridge_slave_1: left allmulticast mode
[  229.811931][ T7800] bridge_slave_1: left promiscuous mode
[  229.818176][ T7800] bridge0: port 2(bridge_slave_1) entered disabled state
[  229.874299][ T7800] bridge_slave_0: left allmulticast mode
[  229.926918][ T7800] bridge_slave_0: left promiscuous mode
[  229.964869][ T7800] bridge0: port 1(bridge_slave_0) entered disabled state
[  230.220380][    T9] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  230.520409][    T9] usb 1-1: Using ep0 maxpacket: 32
[  230.543346][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  230.698595][    T9] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  230.713784][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  230.737512][    T9] usb 1-1: config 0 descriptor??
[  230.746380][   T30] audit: type=1400 audit(230.720:531): avc:  denied  { watch } for  pid=7803 comm="syz.2.429" path="/85/net_prio.prioidx" dev="tmpfs" ino=479 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  230.870692][    T9] hub 1-1:0.0: USB hub found
[  231.004669][ T7806] netlink: 24 bytes leftover after parsing attributes in process `syz.2.429'.
[  231.022346][   T30] audit: type=1400 audit(230.720:532): avc:  denied  { watch_sb watch_reads } for  pid=7803 comm="syz.2.429" path="/85/net_prio.prioidx" dev="tmpfs" ino=479 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  231.346721][ T7804] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=7804 comm=syz.2.429
[  231.393665][    T9] hub 1-1:0.0: 1 port detected
[  231.702891][   T30] audit: type=1400 audit(231.680:533): avc:  denied  { bind } for  pid=7810 comm="syz.4.432" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  232.002951][ T7790] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=27 sclass=netlink_route_socket pid=7790 comm=syz.0.423
[  232.029790][ T7790] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65 sclass=netlink_route_socket pid=7790 comm=syz.0.423
[  232.050350][   T30] audit: type=1400 audit(231.680:534): avc:  denied  { name_bind } for  pid=7810 comm="syz.4.432" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1
[  232.107457][ T7790] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=56 sclass=netlink_route_socket pid=7790 comm=syz.0.423
[  232.130347][   T30] audit: type=1400 audit(231.680:535): avc:  denied  { node_bind } for  pid=7810 comm="syz.4.432" saddr=127.0.0.1 src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=sctp_socket permissive=1
[  232.180341][   T30] audit: type=1400 audit(231.790:536): avc:  denied  { create } for  pid=7810 comm="syz.4.432" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  232.208128][ T7790] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=51 sclass=netlink_route_socket pid=7790 comm=syz.0.423
[  232.224614][ T7821] FAULT_INJECTION: forcing a failure.
[  232.224614][ T7821] name failslab, interval 1, probability 0, space 0, times 0
[  232.432352][ T7821] CPU: 0 UID: 0 PID: 7821 Comm: syz.1.427 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  232.432380][ T7821] Tainted: [L]=SOFTLOCKUP
[  232.432386][ T7821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  232.432396][ T7821] Call Trace:
[  232.432402][ T7821]  <TASK>
[  232.432408][ T7821]  dump_stack_lvl+0x100/0x190
[  232.432443][ T7821]  should_fail_ex.cold+0x5/0xa
[  232.432465][ T7821]  ? tomoyo_realpath_from_path+0xb6/0x690
[  232.432486][ T7821]  should_failslab+0xc2/0x120
[  232.432512][ T7821]  __kmalloc_noprof+0xe0/0x850
[  232.432541][ T7821]  tomoyo_realpath_from_path+0xb6/0x690
[  232.432573][ T7821]  tomoyo_path_number_perm+0x23c/0x580
[  232.432600][ T7821]  ? tomoyo_path_number_perm+0x22e/0x580
[  232.432628][ T7821]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  232.432681][ T7821]  ? find_held_lock+0x2b/0x80
[  232.432701][ T7821]  ? __fget_files+0x215/0x3d0
[  232.432717][ T7821]  ? hook_file_ioctl_common+0x146/0x410
[  232.432745][ T7821]  ? __fget_files+0x21f/0x3d0
[  232.432765][ T7821]  security_file_ioctl+0xd3/0x230
[  232.432785][ T7821]  __x64_sys_ioctl+0xb7/0x210
[  232.432811][ T7821]  do_syscall_64+0x106/0xf80
[  232.432828][ T7821]  ? clear_bhb_loop+0x40/0x90
[  232.432849][ T7821]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  232.432867][ T7821] RIP: 0033:0x7fcb5379c799
[  232.432881][ T7821] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  232.432897][ T7821] RSP: 002b:00007fcb54639028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  232.432914][ T7821] RAX: ffffffffffffffda RBX: 00007fcb53a16180 RCX: 00007fcb5379c799
[  232.432925][ T7821] RDX: 0000200000000000 RSI: 00000000c0105512 RDI: 0000000000000006
[  232.432935][ T7821] RBP: 00007fcb54639090 R08: 0000000000000000 R09: 0000000000000000
[  232.432945][ T7821] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  232.432955][ T7821] R13: 00007fcb53a16218 R14: 00007fcb53a16180 R15: 00007ffe9f1d4498
[  232.432979][ T7821]  </TASK>
[  232.433001][ T7821] ERROR: Out of memory at tomoyo_realpath_from_path.
[  232.658112][ T7821] hub 9-0:1.0: USB hub found
[  232.754951][ T7821] hub 9-0:1.0: 1 port detected
[  232.760064][    T9] hub 1-1:0.0: hub_ext_port_status failed (err = -32)
[  232.856292][ T7826] netlink: 20 bytes leftover after parsing attributes in process `syz.3.430'.
[  233.004507][ T7826] bond1: option arp_interval: mode dependency failed, not supported in mode 802.3ad(4)
[  233.199367][ T7826] bond1 (unregistering): Released all slaves
[  233.422851][ T7835] netlink: 8 bytes leftover after parsing attributes in process `syz.4.435'.
[  233.446952][ T7832] sg_write: data in/out 28/14 bytes for SCSI command 0x0-- guessing data in;
[  233.446952][ T7832]    program syz.2.434 not setting count and/or reply_len properly
[  233.520610][  T791] usb 1-1: USB disconnect, device number 6
[  233.532908][   T30] kauditd_printk_skb: 2 callbacks suppressed
[  233.532921][   T30] audit: type=1400 audit(233.510:539): avc:  denied  { ioctl } for  pid=7836 comm="syz.3.437" path="/dev/input/event0" dev="devtmpfs" ino=918 ioctlcmd=0x4521 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  233.654537][   T30] audit: type=1400 audit(233.570:540): avc:  denied  { create } for  pid=7825 comm="syz.4.435" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  233.780332][   T29] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  233.981740][   T29] usb 4-1: too many endpoints for config 4 interface 0 altsetting 0: 101, using maximum allowed: 30
[  234.013238][   T29] usb 4-1: config 4 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  234.020332][  T791] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  234.025823][   T29] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  234.064824][   T29] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  234.148619][   T29] usb 4-1: config 4 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 101
[  234.229270][   T29] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  234.269742][   T29] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  234.288180][  T791] usb 2-1: Using ep0 maxpacket: 8
[  234.299681][  T791] usb 2-1: config 179 has an invalid interface number: 65 but max is 0
[  234.310415][ T7837] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  234.321474][  T791] usb 2-1: config 179 has no interface number 0
[  234.427592][  T791] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  234.439170][  T791] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  234.450697][  T791] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  234.460935][  T791] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  234.474870][  T791] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  234.489995][  T791] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  234.511908][ T7842] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  234.915700][  T791] usb 2-1: USB disconnect, device number 11
[  234.976158][ T7837] netlink: 16 bytes leftover after parsing attributes in process `syz.3.437'.
[  235.812494][   T29] ath6kl: Failed to submit usb control message: -71
[  236.000343][   T29] ath6kl: unable to send the bmi data to the device: -71
[  236.071663][   T29] ath6kl: Unable to send get target info: -71
[  236.180969][   T29] ath6kl: Failed to init ath6kl core: -71
[  236.187103][   T29] ath6kl_usb 4-1:4.0: probe with driver ath6kl_usb failed with error -71
[  236.283448][ T7862] siw: device registration error -23
[  236.296556][ T7862] TCP: tcp_parse_options: Illegal window scaling value 150 > 14 received
[  236.658823][   T29] usb 4-1: USB disconnect, device number 19
[  236.683849][ T7865] netlink: 'syz.2.446': attribute type 4 has an invalid length.
[  236.760922][ T7869] fuse: Unknown parameter 'fd0x0000000000000003'
[  237.044921][ T7865] netlink: 152 bytes leftover after parsing attributes in process `syz.2.446'.
[  237.063970][ T7865] .`: renamed from bond0 (while UP)
[  237.391264][  T977] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  237.493076][   T29] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  237.502454][   T30] audit: type=1400 audit(237.480:541): avc:  denied  { read } for  pid=7883 comm="syz.1.453" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  237.588563][  T977] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  237.603390][  T977] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  237.630777][  T977] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  237.641686][  T977] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  237.652282][  T977] usb 5-1: Product: syz
[  237.656896][  T977] usb 5-1: Manufacturer: syz
[  237.670377][  T977] usb 5-1: SerialNumber: syz
[  237.679174][ T7888] netlink: 'syz.1.453': attribute type 2 has an invalid length.
[  237.693153][  T977] cdc_mbim 5-1:1.0: skipping garbage
[  237.711689][   T29] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  237.731037][   T29] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  237.756791][   T29] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  237.780352][   T24] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  237.787921][   T29] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  237.805391][   T29] usb 4-1: Product: syz
[  237.817001][   T29] usb 4-1: Manufacturer: syz
[  237.826749][   T29] usb 4-1: SerialNumber: syz
[  237.983791][   T29] cdc_mbim 4-1:1.0: skipping garbage
[  238.096714][ T7893] bond0: entered promiscuous mode
[  238.101899][ T7893] bond_slave_0: entered promiscuous mode
[  238.108566][ T7893] bond_slave_1: entered promiscuous mode
[  238.131327][ T7893] batadv0: entered promiscuous mode
[  238.143258][ T7893] debugfs: 'hsr1' already exists in 'hsr'
[  238.149180][ T7893] Cannot create hsr debugfs directory
[  238.157261][ T7893] 8021q: adding VLAN 0 to HW filter on device hsr1
[  238.252622][ T7873] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  238.361417][ T7873] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  238.441919][   T24] usb 3-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  238.452669][   T24] usb 3-1: config 0 interface 0 has no altsetting 0
[  238.463593][   T24] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  238.472826][   T24] usb 3-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  238.481523][   T24] usb 3-1: Product: syz
[  238.485797][   T24] usb 3-1: Manufacturer: syz
[  238.490777][   T24] usb 3-1: SerialNumber: syz
[  238.514359][   T24] usb 3-1: config 0 descriptor??
[  238.524420][   T24] usb 3-1: selecting invalid altsetting 0
[  238.607133][ T7873] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  238.619444][ T7873] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  238.658923][  T977] cdc_mbim 5-1:1.0: failed GET_NTB_PARAMETERS
[  238.748208][  T977] cdc_mbim 5-1:1.0: bind() failure
[  238.777082][  T977] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found
[  238.786853][  T977] cdc_ncm 5-1:1.1: bind() failure
[  239.730313][ T7899] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR
[  239.964350][  T977] usb 5-1: USB disconnect, device number 12
[  240.065256][    T9] usb 3-1: USB disconnect, device number 15
[  240.180165][   T29] cdc_mbim 4-1:1.0: bind() failure
[  240.197681][   T29] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found
[  240.225787][   T29] cdc_ncm 4-1:1.1: bind() failure
[  240.389803][ T7874] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  240.422777][ T7874] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  241.525521][   T29] usb 4-1: USB disconnect, device number 20
[  241.690124][ T7918] capability: warning: `syz.0.457' uses 32-bit capabilities (legacy support in use)
[  241.699577][   T30] audit: type=1400 audit(241.660:542): avc:  denied  { ioctl } for  pid=7916 comm="syz.0.457" path="/dev/binderfs/binder0" dev="binder" ino=16 ioctlcmd=0x620d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  241.750416][   T30] audit: type=1400 audit(241.660:543): avc:  denied  { set_context_mgr } for  pid=7916 comm="syz.0.457" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  241.779680][   T30] audit: type=1400 audit(241.660:544): avc:  denied  { map } for  pid=7916 comm="syz.0.457" path="/dev/binderfs/binder0" dev="binder" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  242.020377][   T30] audit: type=1400 audit(241.660:545): avc:  denied  { call } for  pid=7916 comm="syz.0.457" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  242.049436][ T7917] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  243.904845][   T30] audit: type=1400 audit(243.860:546): avc:  denied  { ioctl } for  pid=7936 comm="syz.0.466" path="pid:[4026532797]" dev="nsfs" ino=4026532797 ioctlcmd=0xb706 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  243.990332][   T30] audit: type=1400 audit(243.860:547): avc:  denied  { append } for  pid=7936 comm="syz.0.466" name="001" dev="devtmpfs" ino=721 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  245.003122][ T7952] kvm: requested 7542 ns i8254 timer period limited to 200000 ns
[  245.090313][ T7952] kvm: pic: non byte read
[  245.109510][ T7952] kvm: pic: level sensitive irq not supported
[  245.124444][ T7952] kvm: pic: non byte read
[  245.713536][ T7933] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  246.220812][  T977] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  246.374377][   T24] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  247.530600][   T24] usb 1-1: Using ep0 maxpacket: 32
[  247.556370][   T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  247.670321][  T977] usb 4-1: Using ep0 maxpacket: 32
[  247.682161][   T24] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  247.720613][  T977] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  247.737807][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  247.757934][  T977] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  247.774200][   T24] usb 1-1: config 0 descriptor??
[  247.802858][  T977] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  247.844222][ T7994] netlink: 24 bytes leftover after parsing attributes in process `syz.4.479'.
[  247.853429][ T7994] netlink: 24 bytes leftover after parsing attributes in process `syz.4.479'.
[  247.865205][   T24] hub 1-1:0.0: USB hub found
[  247.890685][  T977] usb 4-1: config 0 descriptor??
[  247.907757][  T977] hub 4-1:0.0: USB hub found
[  247.999354][   T24] hub 1-1:0.0: 1 port detected
[  248.116826][  T977] hub 4-1:0.0: 1 port detected
[  248.453557][ T7977] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=27 sclass=netlink_route_socket pid=7977 comm=syz.0.475
[  248.468501][ T7977] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65 sclass=netlink_route_socket pid=7977 comm=syz.0.475
[  248.500451][ T7977] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=56 sclass=netlink_route_socket pid=7977 comm=syz.0.475
[  248.529233][ T7973] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=27 sclass=netlink_route_socket pid=7973 comm=syz.3.476
[  248.545488][ T7973] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65 sclass=netlink_route_socket pid=7973 comm=syz.3.476
[  248.558068][ T7973] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=56 sclass=netlink_route_socket pid=7973 comm=syz.3.476
[  248.558526][ T7977] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=51 sclass=netlink_route_socket pid=7977 comm=syz.0.475
[  248.586254][ T7973] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=51 sclass=netlink_route_socket pid=7973 comm=syz.3.476
[  248.837588][  T977] usb 4-1: USB disconnect, device number 21
[  249.183858][ T8000] netlink: 300 bytes leftover after parsing attributes in process `syz.4.482'.
[  249.205499][   T24] usb 1-1: USB disconnect, device number 7
[  250.092034][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  250.102670][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  252.015862][   T30] audit: type=1400 audit(251.380:548): avc:  denied  { create } for  pid=8018 comm="syz.3.488" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  255.045942][    C0] sched: DL replenish lagged too much
[  334.995441][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  335.621824][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  373.135615][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  375.320213][    C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[  375.327180][    C1] rcu: 	(detected by 1, t=10502 jiffies, g=24397, q=3207 ncpus=2)
[  375.334974][    C1] rcu: All QSes seen, last rcu_preempt kthread activity 1873 (4294974701-4294972828), jiffies_till_next_fqs=1, root ->qsmask 0x0
[  375.348239][    C1] rcu: rcu_preempt kthread starved for 1874 jiffies! g24397 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
[  375.359332][    C1] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[  375.369285][    C1] rcu: RCU grace-period kthread stack dump:
[  375.375157][    C1] task:rcu_preempt     state:R  running task     stack:28824 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00080000
[  375.388637][    C1] Call Trace:
[  375.391913][    C1]  <TASK>
[  375.394838][    C1]  __schedule+0xfee/0x60e0
[  375.399264][    C1]  ? __lock_acquire+0x4a5/0x2630
[  375.404210][    C1]  ? __pfx___schedule+0x10/0x10
[  375.409055][    C1]  ? find_held_lock+0x2b/0x80
[  375.413724][    C1]  ? schedule+0x2bf/0x390
[  375.418076][    C1]  schedule+0xdd/0x390
[  375.422139][    C1]  schedule_timeout+0x127/0x280
[  375.426986][    C1]  ? __pfx_schedule_timeout+0x10/0x10
[  375.432358][    C1]  ? __pfx_process_timeout+0x10/0x10
[  375.437638][    C1]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  375.443443][    C1]  ? prepare_to_swait_event+0xdf/0x4a0
[  375.448903][    C1]  rcu_gp_fqs_loop+0x1a9/0x900
[  375.453666][    C1]  ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[  375.458951][    C1]  ? __pfx_rcu_gp_init+0x10/0x10
[  375.463891][    C1]  ? __pfx_rcu_gp_cleanup+0x10/0x10
[  375.469081][    C1]  ? rcu_is_watching+0x12/0xc0
[  375.473837][    C1]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  375.479643][    C1]  rcu_gp_kthread+0x179/0x230
[  375.484316][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  375.489507][    C1]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  375.495313][    C1]  ? __kthread_parkme+0x18c/0x230
[  375.500334][    C1]  ? kthread+0x13a/0x450
[  375.504562][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  375.509754][    C1]  kthread+0x370/0x450
[  375.513812][    C1]  ? __pfx_kthread+0x10/0x10
[  375.518392][    C1]  ret_from_fork+0x754/0xd80
[  375.522973][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  375.528076][    C1]  ? __switch_to+0x7b4/0x1120
[  375.532743][    C1]  ? __pfx_kthread+0x10/0x10
[  375.537323][    C1]  ret_from_fork_asm+0x1a/0x30
[  375.542089][    C1]  </TASK>
[  375.545097][    C1] rcu: Stack dump where RCU GP kthread last ran:
[  375.551405][    C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  375.561892][    C1] Tainted: [L]=SOFTLOCKUP
[  375.566201][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  375.576241][    C1] RIP: 0010:__sanitizer_cov_trace_pc+0xb/0x70
[  375.582304][    C1] Code: 60 00 be 03 00 00 00 5b e9 22 e2 ec 02 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 65 8b 05 65 f1 04 12 <48> 8b 34 24 65 48 8b 15 41 f1 04 12 a9 00 01 ff 00 74 1b f6 c4 01
[  375.601900][    C1] RSP: 0018:ffffc90000a07f08 EFLAGS: 00000246
[  375.607957][    C1] RAX: 0000000080000301 RBX: ffff8881c60018c0 RCX: ffffffff896163fc
[  375.615915][    C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88801e6b2480
[  375.623878][    C1] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
[  375.631839][    C1] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88807d231100
[  375.639809][    C1] R13: dffffc0000000000 R14: ffff888037d22000 R15: 0000000000000000
[  375.647781][    C1] FS:  0000000000000000(0000) GS:ffff888124447000(0000) knlGS:0000000000000000
[  375.656705][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  375.663282][    C1] CR2: 0000200000031000 CR3: 000000000e598000 CR4: 00000000003526f0
[  375.671250][    C1] Call Trace:
[  375.674521][    C1]  <IRQ>
[  375.677351][    C1]  dev_hard_start_xmit+0x4c/0x7d0
[  375.682382][    C1]  __dev_queue_xmit+0x32c1/0x4800
[  375.687412][    C1]  ? __pfx___dev_queue_xmit+0x10/0x10
[  375.692787][    C1]  ? __lock_acquire+0x4a5/0x2630
[  375.697741][    C1]  ? __ip6_finish_output+0x357/0x1080
[  375.703111][    C1]  ? rcu_is_watching+0x12/0xc0
[  375.707872][    C1]  ip6_finish_output2+0xfd4/0x1ce0
[  375.712983][    C1]  __ip6_finish_output+0x357/0x1080
[  375.718180][    C1]  ip6_output+0x2aa/0xa60
[  375.722504][    C1]  ? __pfx_ip6_output+0x10/0x10
[  375.727352][    C1]  ? __pfx_ip6_finish_output+0x10/0x10
[  375.732810][    C1]  ip6_local_out+0xce/0x4a0
[  375.737312][    C1]  synproxy_send_tcp_ipv6+0x5f3/0x700
[  375.742673][    C1]  ? __pfx_cookie_hash.isra.0+0x10/0x10
[  375.748214][    C1]  ? __pfx_synproxy_send_tcp_ipv6+0x10/0x10
[  375.754107][    C1]  ? __cookie_v6_init_sequence+0x2d7/0x3c0
[  375.759908][    C1]  synproxy_send_client_synack_ipv6+0x601/0x7a0
[  375.766155][    C1]  ? __pfx_synproxy_send_client_synack_ipv6+0x10/0x10
[  375.772924][    C1]  ? net_generic+0xea/0x2a0
[  375.777440][    C1]  nft_synproxy_do_eval+0x941/0xd50
[  375.782638][    C1]  ? __pfx_nft_synproxy_do_eval+0x10/0x10
[  375.788332][    C1]  ? unwind_next_frame+0x3be/0x1ea0
[  375.793516][    C1]  ? __pfx_nft_synproxy_eval+0x10/0x10
[  375.798972][    C1]  nft_do_chain+0x2e8/0x1930
[  375.803553][    C1]  ? ip6t_do_table+0xbed/0x1c90
[  375.808371][    C1]  ? __local_bh_enable_ip+0x9e/0x120
[  375.813632][    C1]  ? __pfx_nft_do_chain+0x10/0x10
[  375.818654][    C1]  ? __pfx_nf_nat_ipv6_fn+0x10/0x10
[  375.823834][    C1]  nft_do_chain_inet+0xee/0x340
[  375.828681][    C1]  ? __pfx_nft_do_chain_inet+0x10/0x10
[  375.834136][    C1]  ? nf_nat_ipv6_local_in+0x37e/0x6c0
[  375.839485][    C1]  ? lock_acquire+0x1cf/0x380
[  375.844147][    C1]  nf_hook_slow+0xbf/0x220
[  375.848569][    C1]  nf_hook.constprop.0+0x2a6/0x750
[  375.853685][    C1]  ? __pfx_ip6_input_finish+0x10/0x10
[  375.859032][    C1]  ? __pfx_nf_hook.constprop.0+0x10/0x10
[  375.864643][    C1]  ? __pfx_ip6_input_finish+0x10/0x10
[  375.870017][    C1]  ip6_input+0xe0/0x2f0
[  375.874165][    C1]  ipv6_rcv+0x261/0x610
[  375.878294][    C1]  ? __pfx_ipv6_rcv+0x10/0x10
[  375.882947][    C1]  __netif_receive_skb_one_core+0x12d/0x1e0
[  375.888836][    C1]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  375.895243][    C1]  ? lock_acquire+0x1cf/0x380
[  375.899896][    C1]  ? process_backlog+0x32a/0x1580
[  375.904900][    C1]  ? process_backlog+0x32a/0x1580
[  375.909919][    C1]  __netif_receive_skb+0x1f/0x120
[  375.914933][    C1]  process_backlog+0x37a/0x1580
[  375.919756][    C1]  __napi_poll.constprop.0+0xaf/0x450
[  375.925105][    C1]  net_rx_action+0xa40/0xf20
[  375.929700][    C1]  ? __pfx_net_rx_action+0x10/0x10
[  375.934810][    C1]  ? lock_acquire+0x1cf/0x380
[  375.939459][    C1]  ? kvm_sched_clock_read+0x11/0x20
[  375.944630][    C1]  ? sched_clock+0x38/0x60
[  375.949043][    C1]  ? sched_clock_cpu+0x6c/0x570
[  375.953890][    C1]  ? rcu_is_watching+0x12/0xc0
[  375.958635][    C1]  handle_softirqs+0x1eb/0x9e0
[  375.963377][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  375.968658][    C1]  __irq_exit_rcu+0xef/0x150
[  375.973233][    C1]  irq_exit_rcu+0x9/0x30
[  375.977457][    C1]  sysvec_apic_timer_interrupt+0xa3/0xc0
[  375.983068][    C1]  </IRQ>
[  375.985988][    C1]  <TASK>
[  375.988908][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  375.994874][    C1] RIP: 0010:pv_native_safe_halt+0xf/0x20
[  376.000483][    C1] Code: b8 82 02 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 43 dc 1b 00 fb f4 <e9> bc 35 03 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90
[  376.020077][    C1] RSP: 0018:ffffc90000197df0 EFLAGS: 00000246
[  376.026119][    C1] RAX: 000000000204faaf RBX: ffff88801e6b2480 RCX: ffffffff8b8fac75
[  376.034073][    C1] RDX: 0000000000000000 RSI: ffffffff8de72aee RDI: ffffffff8c1af220
[  376.042017][    C1] RBP: 0000000000000001 R08: 0000000000000001 R09: ffffed10170a6795
[  376.049975][    C1] R10: ffff8880b8533cab R11: 0000000000000000 R12: ffffed1003cd6490
[  376.057944][    C1] R13: 0000000000000001 R14: ffffffff90d97a10 R15: 0000000000000000
[  376.065895][    C1]  ? ct_kernel_exit+0x125/0x180
[  376.070743][    C1]  default_idle+0x9/0x10
[  376.074971][    C1]  default_idle_call+0x6c/0xb0
[  376.079701][    C1]  do_idle+0x35b/0x4b0
[  376.083744][    C1]  ? __pfx_do_idle+0x10/0x10
[  376.088336][    C1]  cpu_startup_entry+0x4f/0x60
[  376.093091][    C1]  start_secondary+0x21d/0x2d0
[  376.097828][    C1]  ? __pfx_start_secondary+0x10/0x10
[  376.103093][    C1]  common_startup_64+0x13e/0x148
[  376.108033][    C1]  </TASK>
[  376.118985][ T1298] ieee802154 phy1 wpan1: encryption failed: -22