last executing test programs:

17m56.806736499s ago: executing program 1 (id=7902):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = fsopen(&(0x7f0000000040)='9p\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x10) (async)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000002c0)='./bus\x00', 0x42, 0x58) (async)
renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./bus\x00', r2, &(0x7f00000004c0)='./file0\x00', 0x2)
r3 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={0x20, 0x52, 0x1, 0x0, 0x0, {0x1c}, [@typed={0xc, 0x1, 0x0, 0x0, @u64=0x1}]}, 0x20}}, 0x0) (async)
r4 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
mkdirat(r4, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) (async)
renameat2(r4, &(0x7f0000000340)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000380)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x2) (async, rerun: 32)
unlink(&(0x7f0000000180)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00') (async, rerun: 32)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000d40)='\xd0\x9e^\xa0\xee\xc8\x17T\xb1GI\x90\xe2Q1\xb0\x8f\xe1\xa8\x95\xa0\xcd\fL\xf1<e\a\xa5\x8f\xab\x1a\xdaY\xfb\x03dhS\x97nZ\xf8\xc6\x1f\xd3K\xfa\xc8\x8d#\xce)\x9bg-D#g\x16\xf4\xd9\x00\x00\x00\x00\x00eA\x9f\xc3\x11\x18\xe6\xc5\x95\x9e!\xdeg\x8d\x16wW\xf6\xac>\x03\xd6\xbd\x1c+\n\xc7Q( \xba\xff\x17N\x1fB\x91\x15\x83\xec(B4/#W\xc5\x05\x9d\xd6\x02\x8c=!a\xdc|6\xdc\xee$\xb5\x1deC\xfb\xa2\xaa\xe0#\xcb\xde;sa\xad\xa6\xb6P\xa3\xf7\xc3\x93\xd4\xb6\x95\x02\xd8*\xa8\xd2\x94\xa3\x89\xa9\xa0\xc5\xc9=\xa5^\xe3\xfe\xff\xff\xff\xff\xff\xffYF\xc6\xf6\xd2\x0031\x82\x01\xb47\x17E\xb3\x02\x00\x04\x00\x00\xc1\xc0\xdb~\xc1\xcaC\xe5g\x15\x92-3\xe1\x88Wd=\x19\f\xcf\xf2\xf1\x95@\xcb\x01\xa3-\xf5\xa5\t\xa9\xf6\xb9\xd2\xaa\x14\a\x93_d{\n\x1a\xb1\xff\xb2\xce\x16k\x02\xf5\xd54\xf3mUX\x0e]\x95J\x8cQ41#U6\x85V\"yR\x83\x85\x0e\"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xba\x84\x1dJ\x97\xc3\xd7jrI\xcb5\xf4j\x0e\a\xf3\x96\x01{\x9b\xdf\x8d\xcf\xca\xe9K\xda\xb0\x0e\x19\xcc\xc6W]\xbb\\\xd2l:', &(0x7f0000000840)='\b\xa5b\xfe\a\xbd\x14\x14\x94\xa5\xbe\x13\xd2_B\x83Fq\b\xdfY\xda\x92\x87\xbe\xde\x10\xb2\x9f\xff\xd7\xf1\xa6]\xe7\xa8\x84\x7f:\vMt\x89w\xf3s0]`\x8b\xf9\tr\xa0S\xc6F\b\xdc^^\x1aE\x89\"AL\x80\xe3!\xe9\xf0\xcb\x92\xd7\x1e\\AG\r_\x96\xec\t\xc9.\x87\x938\xed\x91\xf1\xd50g\x18;D\x18\x889\xa1\f\x1a\x10\x93\x1bh2\x8cb\xbef\xedEh,\f\xc5c\xf9\x11\r{\x00}\xa11b\xa1\x9egB\xbdQ4\x1e\xf6\xfc\xd4\xdaC\xf9x\xcb5\xb4\xddEu\xd88\xea\x1f\x802\xbb\x8d\xa9\xedM\xc1\xf8^\xda\xb0\xcd_O?\xc7\xc2\xc9\x1b\xfcq\x02M\xd8\xe3\xb0\xbc\x918\x8e\x8b\xb8\xa4\xc6G\x04\x94`\xaaeI\xea\xa1t\xfe\x16\x8d\xc8\xe3\xa2hK\xf2\x03\xe2+`s\b\x92Gs\xc0r\xf5[\xa8\x14\xac\x86\xce\xba1h\x97\x17W<\xbfWCx\xddi\xf3\x8c\xfd8#\x06\xcd\xad\xbf~\x7fg\x9c\xa2\x05\xb4F\x85\x7f\xe1P\xca\xed5I\xbd\xb7\xa6\x82\xfeH\xed0', 0x0)
syz_open_dev$media(0x0, 0x3, 0x123000) (async, rerun: 32)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (rerun: 32)
r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r6 = dup(r5)
write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c)
syz_io_uring_setup(0x2b9, &(0x7f0000000740)={0x0, 0x5d0, 0x10100, 0x2, 0x39c, 0x0, r6}, &(0x7f0000000080)=<r7=>0x0, &(0x7f00000001c0)=<r8=>0x0)
syz_io_uring_submit(r7, r8, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r5, 0x0, 0x0, 0x0, {}, 0x1}) (async)
socket(0x1e, 0x3, 0x49)
io_uring_enter(r6, 0x2def, 0xef92, 0x0, 0x0, 0x0) (async)
r9 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
sendmsg$BATADV_CMD_SET_HARDIF(r6, 0x0, 0x24000000) (async)
fsconfig$FSCONFIG_SET_PATH_EMPTY(r6, 0x4, 0x0, &(0x7f0000000040)='./file0\x00', r6) (async)
readv(r9, &(0x7f0000000000)=[{&(0x7f0000000100)=""/54, 0x36}], 0x1) (async)
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000100)=ANY=[@ANYBLOB="48000000103505ff00000000000000000000004a", @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800e00010069703667726574617000000008000280040012000a000100aaaaaaaaaa000000"], 0x48}}, 0x0) (async)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'vxcan0\x00', <r10=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000001800010000000000000200001d01080008000a00", @ANYRES32, @ANYBLOB='\b\x00\t\x00', @ANYRES32=r10], 0x24}}, 0x0) (async)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000400)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000300)={&(0x7f0000000980)={0x348, 0x0, 0x400, 0x70bd27, 0x80000001, {}, [@ETHTOOL_A_LINKMODES_OURS={0x31c, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x80000000}, @ETHTOOL_A_BITSET_BITS={0x50, 0x3, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x7, 0x2, '9p\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x5}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x2}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x2}]}, {0x10, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x3da}]}, {0x8, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}]}, @ETHTOOL_A_BITSET_MASK={0xf8, 0x5, "f295dfd8d6800407c5812e3374a12f5796119e8c1179feeb12aaa9e4d0bc3d0e3a2b146a96919be2d8a695838a3ced882b3bf61e5b1e567eff74ebbf65668401541695a483f27b58cb2fe9c763385d0b5cfcde1366ae8471ce9d1cf233da1e2b2d261f588222107c8676e35750937a564273b26c76a9e8d31bbda62a4fa0a0038edec18ec7e72a5d4615de12e22024cde864cf0539283bedffe85178887aa2bed64e4bdfd2a2ab55cf2851706cda1e07085727f10c27d16f61be88d9af8abf06cfddbc2a709b3f3d6e1ded4b781dcac560cf0f9bca084b60742a9c933a4f0a4dcf2fc91072143febc293a412f3af808b116632e6"}, @ETHTOOL_A_BITSET_MASK={0x102, 0x5, "a964d8932cbdec8cd1e0e002fcec3add8e89277cf0dca0332c92c209b49aedad241696c25f052c11269a8fb0363d9699ef15b34dc64bc0e050c67604969eebcfd9a5b4bb25d3fa96f8c18f6032f53d20326dd9d7db3364981338b7649bb74f80555000ad7b1dfd7994723dd1d8eb508a7126fd1edba7fb77497c8a543db8ec7690ccdd5b5dae22e761c4a25b448782156906cc2e1b4c314cfd6d238461a56b330d6e335ee4f3ccfa5f3c67a9193a8845a2b548e04f266598c47fc366cce29ca5031df1539c82e7ac8ae4fce448524347eb798c7dc9fd046edace6f9c69bf831f305e91ab7b708cb3af4808f5b014deaa6234dc4acda30a3a1f250fda39bc"}, @ETHTOOL_A_BITSET_MASK={0x63, 0x5, "50021fd4eaab2ec3cfc479db878c85ad336efd2a2c26809e10a4ddf76d4a4acccc64d1ed8c5bf2b898ed30700dda6443e1fa8455a8a0f24f5f88b94d318535da9ce39d0c38c50ce2c4a48391cc757c39cd45d93327906378412c8b27d836dd"}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x8}, @ETHTOOL_A_BITSET_BITS={0x58, 0x3, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0xd, 0x2, '/dev/sg#\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x9613}, @ETHTOOL_A_BITSET_BIT_NAME={0x8, 0x2, '*&\x15\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x7, 0x2, '9p\x00'}]}, {0x8, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x7fffffff}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x8, 0x2, '*&\x15\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}]}]}]}, @ETHTOOL_A_LINKMODES_AUTONEG={0x5, 0x2, 0x52}, @ETHTOOL_A_LINKMODES_AUTONEG={0x5, 0x2, 0x9}, @ETHTOOL_A_LINKMODES_SPEED={0x8, 0x5, 0xffffffff}]}, 0x348}, 0x1, 0x0, 0x0, 0x4041}, 0x20000000)

17m56.723624506s ago: executing program 1 (id=7904):
syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='syscall\x00')
connect$unix(0xffffffffffffffff, &(0x7f0000000300)=@abs, 0x6e)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x3, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000004c00)=""/102392, 0x18ff8)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/fib_triestat\x00')
read$FUSE(r1, &(0x7f0000000800)={0x2020}, 0x2020)
creat(&(0x7f00000002c0)='./file0\x00', 0x109)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
truncate(&(0x7f0000000180)='./file0\x00', 0x8fff5)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000300)=[0x6], 0x0, 0x0, 0x1}}, 0x40)
r3 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r3, 0x0)
write$tcp_mem(0xffffffffffffffff, &(0x7f0000000480)={0x5, 0x20, 0x6, 0x20, 0x7}, 0x48)
shmctl$SHM_LOCK(0x0, 0xb)
shmat(0x0, &(0x7f0000ffd000/0x1000)=nil, 0x7000)
r4 = mq_open(&(0x7f000084dff0)='rmdF\x17\x16\xbc\xec', 0x6e93ebbbcc0884f2, 0x0, &(0x7f0000000040)={0x0, 0x6, 0x101})
ppoll(&(0x7f0000002280)=[{r4, 0x800}], 0x1, 0x0, 0x0, 0x0)
mq_timedsend(r4, 0x0, 0x0, 0x4, 0x0)
futex(0x0, 0x3, 0x801, 0x0, 0x0, 0xfffffffc)
setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x100000000a, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)

17m53.12350392s ago: executing program 1 (id=7917):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0xc171}, 0x4000000)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000700000a44000000060a000000000000000000000a0000050900010073797a310000000018000480140001800c000100626974776973650004000280090002007300000000000000140000001100010000000000000000000100000a"], 0x6c}, 0x1, 0x0, 0x0, 0x4000850}, 0x20008040)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000280)=ANY=[@ANYBLOB="12011600000000406d1594c000000000000109022400010000700009040000c50300020009210010ff012207000905810300000dfd40"], 0x0)
r2 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1182, 0x0)
ioctl$mixer_OSS_ALSAEMULVER(r2, 0x80044df9, &(0x7f00000000c0))
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x488c0}, 0x2004c014)
syz_usb_control_io$hid(r1, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket$packet(0x11, 0x2, 0x300)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000040)=0x2)
readv(r5, &(0x7f0000000000)=[{&(0x7f0000001300)=""/244, 0x940}], 0x1)
ioctl$TIOCVHANGUP(r5, 0x5437, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r6 = dup(0xffffffffffffffff)
write$FUSE_BMAP(r6, &(0x7f0000000100)={0x18, 0x0, 0x0, {0x1}}, 0x18)
write$FUSE_GETXATTR(r6, &(0x7f00000000c0)={0x18}, 0x18)
openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
write$FUSE_INIT(r6, &(0x7f0000000600)={0x50, 0x0, 0x0, {0x7, 0x2b, 0x3, 0x4200000, 0xf800, 0xfff9, 0xe, 0x800, 0x0, 0x0, 0x8, 0x9}}, 0x50)
mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="7472616e733d66642c7266646e6f3d33db42f64e5d07f16969fb23aa0beb2ca03c0fa7709980402f52e1cf1a6541e58581be0ccf8b8e8235a5bdb801e3f3d047148c3033e93a352c82afa92cce68e4be7b059dd0705c7d5e6e32b8", @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r6, @ANYBLOB=',cache=fscache,\x00'])

17m50.711650292s ago: executing program 1 (id=7924):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
socket$inet_udp(0x2, 0x2, 0x0)
syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000066000000004b64ffec850000006d000000c50000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='sched_switch\x00', r1, 0x0, 0x2}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r6 = socket(0x400000000010, 0x3, 0x0)
r7 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r8, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000007c0)=@newtfilter={0x40, 0x2c, 0xd27, 0x70bd25, 0x8000, {0x0, 0x0, 0x0, r8, {0x0, 0x7}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0x10, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS_MASK={0x8, 0x55, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x4}]}, @TCA_FLOWER_KEY_ENC_OPTS={0x4}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x80}, 0x800)
bind$bt_hci(r0, &(0x7f0000000080)={0x1f, 0xffff, 0x2}, 0x6)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)

17m49.219094033s ago: executing program 1 (id=7930):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0400000004000000080000000800000092000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000001080)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB], 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fsopen(&(0x7f0000000500)='ramfs\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000280)='./bus\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x16, 0x18, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70500000800000085000000730000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0xc3100, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$OBJ_GET_MAP(0x7, &(0x7f00000001c0)=@generic={&(0x7f0000000180)='./file1/file0/file0\x00', 0x0, 0x18}, 0x18)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x220)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x40000, 0x120)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000300)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r7 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x888000, 0x0)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r7, 0xc018937c, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r6, {0x1}}, './file0\x00'})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000001b40)='sched_switch\x00', r1}, 0x10)

17m47.974907172s ago: executing program 1 (id=7932):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
write$tun(r0, &(0x7f0000000140)={@val={0x3, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x14}, @ipv4=@icmp={{0x5, 0x4, 0x0, 0x0, 0x8016, 0x1400, 0x0, 0x0, 0x1, 0x0, @private=0xa010100, @local}, @dest_unreach={0x4, 0x0, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, @local, @loopback}}}}, 0xfdef)

17m32.515008581s ago: executing program 32 (id=7932):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
write$tun(r0, &(0x7f0000000140)={@val={0x3, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x14}, @ipv4=@icmp={{0x5, 0x4, 0x0, 0x0, 0x8016, 0x1400, 0x0, 0x0, 0x1, 0x0, @private=0xa010100, @local}, @dest_unreach={0x4, 0x0, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, @local, @loopback}}}}, 0xfdef)

9m29.834748054s ago: executing program 4 (id=9728):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50)
ioctl$KVM_CAP_EXIT_HYPERCALL(0xffffffffffffffff, 0x4068aea3, &(0x7f00000005c0)={0x79, 0x0, 0xc})
mount(0x0, 0x0, 0x0, 0x12000, &(0x7f0000000840)='/dev/media#\x00')
creat(0x0, 0x0)
syz_emit_ethernet(0x74, &(0x7f0000000000)={@link_local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x73, 0x0, @private=0x300, @multicast1}, {0x0, 0x0, 0xfffffe9a, 0x0, @gue={{0x2}}}}}}}, 0x0)
fcntl$setsig(0xffffffffffffffff, 0xa, 0x26)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(0x0, 0x0, 0x0)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000380)=ANY=[@ANYBLOB="1801000000000000000000000000000085000000050000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008008000b703000000009c8c850000006d0000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
dup2(0xffffffffffffffff, 0xffffffffffffffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@base={0x12, 0x8, 0x4, 0x7cb4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x50)

9m29.674001928s ago: executing program 4 (id=9729):
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x30, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000021, 0xfa11, 0xffffffff}, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x101201, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x8)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x88)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000380)='./file2\x00', &(0x7f0000000080), 0x0, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@volatile}]})
r3 = open(&(0x7f0000000480)='./file0\x00', 0x0, 0x718bb647156ec3b7)
chdir(&(0x7f0000000140)='./bus\x00')
linkat(r3, &(0x7f0000000040)='./file1\x00', r3, &(0x7f0000000180)='./bus\x00', 0x0)
link(&(0x7f0000000000)='./file1\x00', &(0x7f00000003c0)='./file1\x00')
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x18)

9m28.290082134s ago: executing program 4 (id=9738):
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x218, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
recvmsg(r3, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0xd68210}], 0x1, 0x0, 0x1f00000000000000, 0x200000}, 0x1f00)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
sendmsg$tipc(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="100000002d000b02d25a806f8c6394f9101a04000a", 0x15}], 0x1}, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d80000001c0081044e81f782db44b9040a1d08030e000000e8fea4a1180015000600142603600e1208000f1000810401a80016000a0001", 0x37}], 0x1, 0x0, 0x0, 0x7400}, 0x10)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, 0x0, 0x0, 0x0, 0x5c8}, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce620300fe"], 0xfe1b)
r6 = socket$kcm(0x10, 0x2, 0x0)
write$cgroup_subtree(r6, &(0x7f0000000000)=ANY=[@ANYBLOB="563f00001800599c6d0eab070004000523"], 0xfe33)
write$cgroup_subtree(r5, &(0x7f0000000000)=ANY=[@ANYBLOB="563f000019"], 0xfe33)
setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, 0x0, 0x0)
listen(0xffffffffffffffff, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="240000002b000b00000000000000000001000000000000000c00018006000000884800ef"], 0x24}}, 0x840)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000680)={'pcl816\x00', [0x8001, 0x4, 0x0, 0x3, 0x67, 0xcc7, 0x8, 0x7, 0xa, 0x3e, 0xfffffffe, 0x0, 0x820, 0x1, 0x6, 0xfffffeff, 0x979d, 0x1a44d, 0xf7ffffe3, 0x40000003, 0x1, 0xfffffffe, 0x9, 0x20001e58, 0xfffffb7f, 0xa, 0x3c, 0x8, 0x9, 0x10000, 0xfffffff8]})
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=<r7=>0x0)
sendmsg$NFC_CMD_DEV_UP(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="1c000000", @ANYRES16, @ANYBLOB, @ANYRES32=r7], 0x1c}}, 0x0)
write$nci(0xffffffffffffffff, &(0x7f0000000780)=ANY=[@ANYBLOB="210302080202a6020002"], 0xa)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f000043b000/0x1000)=nil, 0xfffffffffffffdb5, &(0x7f0000000080)='\x00\xc9\xf5\x00\x00\x00\x00\x00\x00\x00+\x1ct\xc6\fr\xbaU\xc1\xb2\xd2\xde\xbfk\xc0\x18\x94\xc5&\xec\x03\xa0w\"E\xc9\xf2,K4\x10\xc8\x8cuj\xd3\xf0\xb3\xa9f\xf7\xb7\x17\xdf\xca\xac\x8b\x81K\t\x14^\xc3\xb7<\xa1\x15\v4\xd0\xbe\xa8\x01\x00<:-Y\n<\x1d\xb2\xe0kU\xc0\xc1\x14')
socket$nl_crypto(0x10, 0x3, 0x15)

9m27.074794649s ago: executing program 4 (id=9741):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x262)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000000740)={"8c3ef01be86258108b331b07f91efab2", 0x0, 0x0, {0x6, 0x40}, {0x3, 0x1}, 0x6, [0x3, 0x5, 0x9, 0x7, 0x7, 0x5, 0x10, 0x953, 0x1, 0x4, 0x8, 0x9000000000000000, 0x2, 0x4, 0x2, 0x5]})
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='contention_end\x00', r3}, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000007c0)=ANY=[@ANYBLOB="280300002d00090027bd70000000000004000000130317"], 0x328}, 0x1, 0x0, 0x0, 0x1}, 0x84)

9m27.047712646s ago: executing program 4 (id=9742):
r0 = socket(0x10, 0x3, 0x0)
syz_usb_connect(0x6, 0x3f, &(0x7f00000001c0)=ANY=[@ANYRES32=r0], 0x0)
r1 = msgget$private(0x0, 0x40)
msgsnd(r1, &(0x7f0000000480)=ANY=[@ANYBLOB="0100000000000000d4998204c8be3a1ea0fc7b3a06d189298d951a4bdc79cd5d691ed71674ecf277e3b72f297cca204485352181d4f09ff887dad08fab2ad6a24a0bfd8f2afaf746d15265777f1505f837"], 0x51, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$nl_route(0x10, 0x3, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), r2)
r4 = socket$inet_sctp(0x2, 0x1, 0x84)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r5, 0x0, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg(r6, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0)
unlinkat(0xffffffffffffffff, &(0x7f00000002c0)='./file0\x00', 0x0)
syz_usb_connect(0x0, 0x5f, 0x0, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r7 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$6lowpan_control(r7, &(0x7f0000000180)='connect aa:aa:aa:aa:aa:11 0', 0x1b)
r8 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r8, 0xc004500a, &(0x7f0000000000)=0xffff0018)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000680), 0x40000, 0x19)
socket$rxrpc(0x21, 0x2, 0xa)
write$6lowpan_control(r7, &(0x7f0000000340)='connect aa:aa:aa:aa:aa:10 0', 0x1b)
r9 = landlock_create_ruleset(0x0, 0x0, 0x1)
landlock_restrict_self(r9, 0x5)
setsockopt$EBT_SO_SET_ENTRIES(r4, 0x0, 0x80, &(0x7f0000000240)=@filter={'filter\x00', 0xe, 0x0, 0x90, [0x0, 0x200000000180, 0x2000000001b0, 0x2000000001e0], 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB]}, 0x78)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000840)={'wlan1\x00'})

9m26.612280794s ago: executing program 4 (id=9743):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x20})
close(0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc(0x0, r1)
sendmsg$TIPC_CMD_ENABLE_BEARER(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r2, @ANYRES32], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x4a000, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, &(0x7f00000003c0)={0x7ff, <r4=>r3, 0x2})
ioctl$TUNSETFILTEREBPF(0xffffffffffffffff, 0x800454e1, &(0x7f0000000700)=r4)
r5 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000), 0x8502, 0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x11, 0x3, &(0x7f0000000300)=ANY=[@ANYRES16=r4, @ANYRESOCT=r0, @ANYRES8, @ANYRESOCT=r3, @ANYRESHEX], &(0x7f0000000380)='syzkaller\x00', 0x5, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, r4, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42, 0x0, 0x0, 0x10, 0xd1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', r6}, 0x10)
write$sndseq(r5, &(0x7f00000005c0)=[{0x6, 0x0, 0x0, 0x0, @time, {0x4}, {}, @ext={0x0, 0x0}}, {0x0, 0x0, 0xfe, 0x5, @time={0xb, 0x8}, {}, {}, @raw32={[0x53]}}, {0x0, 0x0, 0x0, 0x0, @time, {0x8}, {0x20}, @raw8={"272be5806cd46d37ea9a65a0"}}, {0x0, 0x0, 0x0, 0x0, @time={0x7ffc, 0x8}, {}, {}, @result={0xbac, 0x28}}], 0x70)
close(r3)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet_udp(0x2, 0x2, 0x0)
syz_genetlink_get_family_id$l2tp(0x0, 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
r7 = getpid()
sched_setscheduler(r7, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
connect$unix(r8, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e)
sendmmsg$unix(r9, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r8, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)

9m25.958741709s ago: executing program 33 (id=9743):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x20})
close(0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc(0x0, r1)
sendmsg$TIPC_CMD_ENABLE_BEARER(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r2, @ANYRES32], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x4a000, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, &(0x7f00000003c0)={0x7ff, <r4=>r3, 0x2})
ioctl$TUNSETFILTEREBPF(0xffffffffffffffff, 0x800454e1, &(0x7f0000000700)=r4)
r5 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000), 0x8502, 0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x11, 0x3, &(0x7f0000000300)=ANY=[@ANYRES16=r4, @ANYRESOCT=r0, @ANYRES8, @ANYRESOCT=r3, @ANYRESHEX], &(0x7f0000000380)='syzkaller\x00', 0x5, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, r4, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42, 0x0, 0x0, 0x10, 0xd1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', r6}, 0x10)
write$sndseq(r5, &(0x7f00000005c0)=[{0x6, 0x0, 0x0, 0x0, @time, {0x4}, {}, @ext={0x0, 0x0}}, {0x0, 0x0, 0xfe, 0x5, @time={0xb, 0x8}, {}, {}, @raw32={[0x53]}}, {0x0, 0x0, 0x0, 0x0, @time, {0x8}, {0x20}, @raw8={"272be5806cd46d37ea9a65a0"}}, {0x0, 0x0, 0x0, 0x0, @time={0x7ffc, 0x8}, {}, {}, @result={0xbac, 0x28}}], 0x70)
close(r3)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet_udp(0x2, 0x2, 0x0)
syz_genetlink_get_family_id$l2tp(0x0, 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
r7 = getpid()
sched_setscheduler(r7, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
connect$unix(r8, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e)
sendmmsg$unix(r9, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r8, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)

1m52.547837082s ago: executing program 5 (id=10939):
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0)
socket$packet(0x11, 0x3, 0x300)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
syz_emit_ethernet(0xae, &(0x7f0000000000)={@link_local, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "010120", 0x78, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, [{0x0, 0xa, "a78ce54006598080a8030037004023493b87aafaffffffffffffff23732472eefa45ad96489269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af1802"}, {0x0, 0x1, "000000000400260004000000"}, {0x1, 0x1, "fe906d17efe3"}]}}}}}}, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
ioctl$SNDCTL_SEQ_OUTOFBAND(0xffffffffffffffff, 0x40085112, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
r1 = open(0x0, 0x0, 0x0)
r2 = userfaultfd(0x801)
r3 = add_key(&(0x7f0000000480)='asymmetric\x00', &(0x7f00000004c0)={'syz', 0x1}, &(0x7f0000000500)="10a84a716453e84e48f29658b278e1315d5e1f18f60c9d7ae4193b0ff192ccbfad04854a8ef0358840703851a47863183d0241c27587dcaced0f6608efff2285ec3ad84565727d4b48c6412f6d3e84b35d0cc2e52febeadb6e3c5fc3df33629cc761aa46b659db3fe206ca4d4674245119f11556dccf770df0b2ae30471722340bed264755f064b4add33634b3f861375f5f9890a7dc44ff33edbf680e329db471f10c2f0e42d79b708ab8bc11878bc17471", 0xb2, 0xfffffffffffffffd)
keyctl$KEYCTL_PKEY_QUERY(0x18, r3, 0x0, &(0x7f0000000600)='^\x00', &(0x7f0000000640))
getsockopt$IP_SET_OP_GET_BYINDEX(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000400)={0x7, 0x7, 0x2}, 0x0)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x484})
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$UFFDIO_CONTINUE(r2, 0xc020aa08, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8)
getsockopt$inet6_mptcp_buf(r1, 0x11c, 0x2, &(0x7f0000000040)=""/15, &(0x7f0000000080)=0xf)
r4 = socket$igmp(0x2, 0x3, 0x2)
sendmsg$inet(r4, &(0x7f0000001ec0)={&(0x7f0000000c00)={0x2, 0x4e22, @broadcast}, 0x10, 0x0, 0x0, &(0x7f0000001dc0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0xf}, @loopback}}}, @ip_retopts={{0x10}}], 0x30}, 0x4)
socket(0x10, 0x3, 0x0)

1m37.157705726s ago: executing program 5 (id=10939):
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0)
socket$packet(0x11, 0x3, 0x300)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
syz_emit_ethernet(0xae, &(0x7f0000000000)={@link_local, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "010120", 0x78, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, [{0x0, 0xa, "a78ce54006598080a8030037004023493b87aafaffffffffffffff23732472eefa45ad96489269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af1802"}, {0x0, 0x1, "000000000400260004000000"}, {0x1, 0x1, "fe906d17efe3"}]}}}}}}, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
ioctl$SNDCTL_SEQ_OUTOFBAND(0xffffffffffffffff, 0x40085112, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
r1 = open(0x0, 0x0, 0x0)
r2 = userfaultfd(0x801)
r3 = add_key(&(0x7f0000000480)='asymmetric\x00', &(0x7f00000004c0)={'syz', 0x1}, &(0x7f0000000500)="10a84a716453e84e48f29658b278e1315d5e1f18f60c9d7ae4193b0ff192ccbfad04854a8ef0358840703851a47863183d0241c27587dcaced0f6608efff2285ec3ad84565727d4b48c6412f6d3e84b35d0cc2e52febeadb6e3c5fc3df33629cc761aa46b659db3fe206ca4d4674245119f11556dccf770df0b2ae30471722340bed264755f064b4add33634b3f861375f5f9890a7dc44ff33edbf680e329db471f10c2f0e42d79b708ab8bc11878bc17471", 0xb2, 0xfffffffffffffffd)
keyctl$KEYCTL_PKEY_QUERY(0x18, r3, 0x0, &(0x7f0000000600)='^\x00', &(0x7f0000000640))
getsockopt$IP_SET_OP_GET_BYINDEX(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000400)={0x7, 0x7, 0x2}, 0x0)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x484})
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$UFFDIO_CONTINUE(r2, 0xc020aa08, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8)
getsockopt$inet6_mptcp_buf(r1, 0x11c, 0x2, &(0x7f0000000040)=""/15, &(0x7f0000000080)=0xf)
r4 = socket$igmp(0x2, 0x3, 0x2)
sendmsg$inet(r4, &(0x7f0000001ec0)={&(0x7f0000000c00)={0x2, 0x4e22, @broadcast}, 0x10, 0x0, 0x0, &(0x7f0000001dc0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0xf}, @loopback}}}, @ip_retopts={{0x10}}], 0x30}, 0x4)
socket(0x10, 0x3, 0x0)

1m25.781250121s ago: executing program 5 (id=10939):
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0)
socket$packet(0x11, 0x3, 0x300)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
syz_emit_ethernet(0xae, &(0x7f0000000000)={@link_local, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "010120", 0x78, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, [{0x0, 0xa, "a78ce54006598080a8030037004023493b87aafaffffffffffffff23732472eefa45ad96489269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af1802"}, {0x0, 0x1, "000000000400260004000000"}, {0x1, 0x1, "fe906d17efe3"}]}}}}}}, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
ioctl$SNDCTL_SEQ_OUTOFBAND(0xffffffffffffffff, 0x40085112, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
r1 = open(0x0, 0x0, 0x0)
r2 = userfaultfd(0x801)
r3 = add_key(&(0x7f0000000480)='asymmetric\x00', &(0x7f00000004c0)={'syz', 0x1}, &(0x7f0000000500)="10a84a716453e84e48f29658b278e1315d5e1f18f60c9d7ae4193b0ff192ccbfad04854a8ef0358840703851a47863183d0241c27587dcaced0f6608efff2285ec3ad84565727d4b48c6412f6d3e84b35d0cc2e52febeadb6e3c5fc3df33629cc761aa46b659db3fe206ca4d4674245119f11556dccf770df0b2ae30471722340bed264755f064b4add33634b3f861375f5f9890a7dc44ff33edbf680e329db471f10c2f0e42d79b708ab8bc11878bc17471", 0xb2, 0xfffffffffffffffd)
keyctl$KEYCTL_PKEY_QUERY(0x18, r3, 0x0, &(0x7f0000000600)='^\x00', &(0x7f0000000640))
getsockopt$IP_SET_OP_GET_BYINDEX(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000400)={0x7, 0x7, 0x2}, 0x0)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x484})
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$UFFDIO_CONTINUE(r2, 0xc020aa08, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8)
getsockopt$inet6_mptcp_buf(r1, 0x11c, 0x2, &(0x7f0000000040)=""/15, &(0x7f0000000080)=0xf)
r4 = socket$igmp(0x2, 0x3, 0x2)
sendmsg$inet(r4, &(0x7f0000001ec0)={&(0x7f0000000c00)={0x2, 0x4e22, @broadcast}, 0x10, 0x0, 0x0, &(0x7f0000001dc0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0xf}, @loopback}}}, @ip_retopts={{0x10}}], 0x30}, 0x4)
socket(0x10, 0x3, 0x0)

1m16.129797086s ago: executing program 5 (id=10939):
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0)
socket$packet(0x11, 0x3, 0x300)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
syz_emit_ethernet(0xae, &(0x7f0000000000)={@link_local, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "010120", 0x78, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, [{0x0, 0xa, "a78ce54006598080a8030037004023493b87aafaffffffffffffff23732472eefa45ad96489269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af1802"}, {0x0, 0x1, "000000000400260004000000"}, {0x1, 0x1, "fe906d17efe3"}]}}}}}}, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
ioctl$SNDCTL_SEQ_OUTOFBAND(0xffffffffffffffff, 0x40085112, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
r1 = open(0x0, 0x0, 0x0)
r2 = userfaultfd(0x801)
r3 = add_key(&(0x7f0000000480)='asymmetric\x00', &(0x7f00000004c0)={'syz', 0x1}, &(0x7f0000000500)="10a84a716453e84e48f29658b278e1315d5e1f18f60c9d7ae4193b0ff192ccbfad04854a8ef0358840703851a47863183d0241c27587dcaced0f6608efff2285ec3ad84565727d4b48c6412f6d3e84b35d0cc2e52febeadb6e3c5fc3df33629cc761aa46b659db3fe206ca4d4674245119f11556dccf770df0b2ae30471722340bed264755f064b4add33634b3f861375f5f9890a7dc44ff33edbf680e329db471f10c2f0e42d79b708ab8bc11878bc17471", 0xb2, 0xfffffffffffffffd)
keyctl$KEYCTL_PKEY_QUERY(0x18, r3, 0x0, &(0x7f0000000600)='^\x00', &(0x7f0000000640))
getsockopt$IP_SET_OP_GET_BYINDEX(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000400)={0x7, 0x7, 0x2}, 0x0)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x484})
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$UFFDIO_CONTINUE(r2, 0xc020aa08, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8)
getsockopt$inet6_mptcp_buf(r1, 0x11c, 0x2, &(0x7f0000000040)=""/15, &(0x7f0000000080)=0xf)
r4 = socket$igmp(0x2, 0x3, 0x2)
sendmsg$inet(r4, &(0x7f0000001ec0)={&(0x7f0000000c00)={0x2, 0x4e22, @broadcast}, 0x10, 0x0, 0x0, &(0x7f0000001dc0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0xf}, @loopback}}}, @ip_retopts={{0x10}}], 0x30}, 0x4)
socket(0x10, 0x3, 0x0)

1m1.429623923s ago: executing program 5 (id=10939):
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0)
socket$packet(0x11, 0x3, 0x300)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
syz_emit_ethernet(0xae, &(0x7f0000000000)={@link_local, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "010120", 0x78, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, [{0x0, 0xa, "a78ce54006598080a8030037004023493b87aafaffffffffffffff23732472eefa45ad96489269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af1802"}, {0x0, 0x1, "000000000400260004000000"}, {0x1, 0x1, "fe906d17efe3"}]}}}}}}, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
ioctl$SNDCTL_SEQ_OUTOFBAND(0xffffffffffffffff, 0x40085112, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
r1 = open(0x0, 0x0, 0x0)
r2 = userfaultfd(0x801)
r3 = add_key(&(0x7f0000000480)='asymmetric\x00', &(0x7f00000004c0)={'syz', 0x1}, &(0x7f0000000500)="10a84a716453e84e48f29658b278e1315d5e1f18f60c9d7ae4193b0ff192ccbfad04854a8ef0358840703851a47863183d0241c27587dcaced0f6608efff2285ec3ad84565727d4b48c6412f6d3e84b35d0cc2e52febeadb6e3c5fc3df33629cc761aa46b659db3fe206ca4d4674245119f11556dccf770df0b2ae30471722340bed264755f064b4add33634b3f861375f5f9890a7dc44ff33edbf680e329db471f10c2f0e42d79b708ab8bc11878bc17471", 0xb2, 0xfffffffffffffffd)
keyctl$KEYCTL_PKEY_QUERY(0x18, r3, 0x0, &(0x7f0000000600)='^\x00', &(0x7f0000000640))
getsockopt$IP_SET_OP_GET_BYINDEX(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000400)={0x7, 0x7, 0x2}, 0x0)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x484})
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$UFFDIO_CONTINUE(r2, 0xc020aa08, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8)
getsockopt$inet6_mptcp_buf(r1, 0x11c, 0x2, &(0x7f0000000040)=""/15, &(0x7f0000000080)=0xf)
r4 = socket$igmp(0x2, 0x3, 0x2)
sendmsg$inet(r4, &(0x7f0000001ec0)={&(0x7f0000000c00)={0x2, 0x4e22, @broadcast}, 0x10, 0x0, 0x0, &(0x7f0000001dc0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0xf}, @loopback}}}, @ip_retopts={{0x10}}], 0x30}, 0x4)
socket(0x10, 0x3, 0x0)

48.856775033s ago: executing program 5 (id=10939):
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0)
socket$packet(0x11, 0x3, 0x300)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
syz_emit_ethernet(0xae, &(0x7f0000000000)={@link_local, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "010120", 0x78, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, [{0x0, 0xa, "a78ce54006598080a8030037004023493b87aafaffffffffffffff23732472eefa45ad96489269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af1802"}, {0x0, 0x1, "000000000400260004000000"}, {0x1, 0x1, "fe906d17efe3"}]}}}}}}, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
ioctl$SNDCTL_SEQ_OUTOFBAND(0xffffffffffffffff, 0x40085112, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
r1 = open(0x0, 0x0, 0x0)
r2 = userfaultfd(0x801)
r3 = add_key(&(0x7f0000000480)='asymmetric\x00', &(0x7f00000004c0)={'syz', 0x1}, &(0x7f0000000500)="10a84a716453e84e48f29658b278e1315d5e1f18f60c9d7ae4193b0ff192ccbfad04854a8ef0358840703851a47863183d0241c27587dcaced0f6608efff2285ec3ad84565727d4b48c6412f6d3e84b35d0cc2e52febeadb6e3c5fc3df33629cc761aa46b659db3fe206ca4d4674245119f11556dccf770df0b2ae30471722340bed264755f064b4add33634b3f861375f5f9890a7dc44ff33edbf680e329db471f10c2f0e42d79b708ab8bc11878bc17471", 0xb2, 0xfffffffffffffffd)
keyctl$KEYCTL_PKEY_QUERY(0x18, r3, 0x0, &(0x7f0000000600)='^\x00', &(0x7f0000000640))
getsockopt$IP_SET_OP_GET_BYINDEX(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000400)={0x7, 0x7, 0x2}, 0x0)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x484})
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$UFFDIO_CONTINUE(r2, 0xc020aa08, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8)
getsockopt$inet6_mptcp_buf(r1, 0x11c, 0x2, &(0x7f0000000040)=""/15, &(0x7f0000000080)=0xf)
r4 = socket$igmp(0x2, 0x3, 0x2)
sendmsg$inet(r4, &(0x7f0000001ec0)={&(0x7f0000000c00)={0x2, 0x4e22, @broadcast}, 0x10, 0x0, 0x0, &(0x7f0000001dc0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0xf}, @loopback}}}, @ip_retopts={{0x10}}], 0x30}, 0x4)
socket(0x10, 0x3, 0x0)

9.550729512s ago: executing program 0 (id=11560):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x3)
r2 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r2, 0x29, 0x2b, &(0x7f0000000200)={0x711bab44, {{0xa, 0x0, 0x1, @mcast2}}, {{0xa, 0x4, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, 0x108)
ioctl$UI_SET_ABSBIT(r1, 0x40045567, 0x0)
write$uinput_user_dev(r1, &(0x7f0000000540)={'syz1\x00', {0x6, 0x7fff, 0xb25, 0xb}, 0xb, [0x9, 0x8, 0x5, 0x6, 0x6, 0x3, 0xafc, 0x32, 0x838, 0xb2, 0x6ff5, 0x9f5, 0x8, 0x1000000, 0x0, 0x6, 0x8001, 0x6, 0x4a4c, 0x3, 0xfffffffd, 0xa, 0x10, 0x8001, 0x5, 0x1, 0xd4a, 0xffefe87a, 0x1, 0x6, 0x9, 0x9, 0x8, 0x0, 0x0, 0xe, 0x1, 0x3ff, 0x3ff, 0x4, 0xd, 0xff, 0x8, 0x7, 0x3ff, 0x83f5, 0x0, 0x2, 0xfe0, 0x7ff, 0x8, 0x3, 0x4, 0x2, 0x400a2, 0x3, 0xffff, 0x3, 0x0, 0x9, 0xf, 0x101, 0x200, 0x9a0], [0x3, 0x8, 0x6, 0xd, 0x1, 0xad10, 0x6, 0x13a0, 0x86, 0x7fff, 0x101, 0x8, 0x5, 0x1, 0x2, 0xffff, 0x4, 0x4a, 0xf, 0xfffff32a, 0xfffffff7, 0x4c4, 0x400, 0x7f, 0x1, 0x7, 0x4, 0x8, 0x30, 0x9, 0x1, 0x3, 0x4c6fbc51, 0x10001, 0xd35, 0xa, 0x6, 0x1, 0x1, 0x2, 0x20, 0x9, 0x0, 0x3ec8d8d2, 0x0, 0x3, 0x3, 0x2, 0x4, 0x6, 0xe51, 0x1, 0x7, 0x8, 0x3, 0x2, 0x0, 0x62, 0x7, 0x6, 0x4, 0x6, 0xfff, 0x4], [0xffffffff, 0x9, 0x6, 0xffff, 0x6, 0x8, 0xffffffff, 0xfd, 0x20, 0x8, 0x9, 0x74, 0x283, 0x2, 0x4d, 0x6, 0x6, 0x3ff, 0x10000, 0x5, 0x40, 0x4, 0x8, 0x0, 0x4, 0x5, 0x8001, 0x7, 0x1, 0xffff, 0x5, 0x7, 0x1, 0x9, 0x4, 0xfff, 0x3, 0x0, 0x1, 0x80000001, 0x53c2, 0x4, 0x2, 0x3, 0x80, 0x50, 0x3, 0xc, 0x8, 0x5, 0x4, 0x400, 0x3, 0x5, 0x86, 0x6, 0x400000, 0xb, 0x4, 0x0, 0x400, 0xfe6c, 0x2, 0x9], [0x3, 0x9, 0xffffffff, 0x2, 0x266, 0x10000, 0x401, 0x6, 0x8, 0x3, 0x101, 0x4, 0x9, 0x8, 0xce, 0x2, 0x8001, 0x1, 0x7, 0x6, 0x601000, 0x9, 0x5, 0xd, 0x1, 0x446, 0x800, 0x2, 0x0, 0x3, 0x2, 0x375, 0xfffffff1, 0x6, 0x5, 0x4, 0x7fff, 0x4, 0x3a2, 0x3, 0x2005, 0xe, 0xee6, 0x0, 0x7, 0x3, 0x8241, 0x7, 0x3, 0x9, 0xc, 0x3, 0x1, 0x1, 0x3, 0x296, 0x6, 0x7, 0xf, 0x0, 0x100, 0x7, 0xd, 0x56be]}, 0x45c)
ioctl$UI_DEV_CREATE(r1, 0x5501)
write$uinput_user_dev(r1, &(0x7f0000000a40)={'syz1\x00', {0x0, 0x0, 0x6}, 0x0, [0x0, 0x0, 0x0, 0x4, 0x1, 0x0, 0x401, 0x0, 0x4, 0x20008001, 0x2000, 0x4, 0x0, 0x0, 0x80, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x90, 0x801, 0x0, 0x80000001, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0xfffffffb, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0xffffd188, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x3, 0x0, 0x0, 0x5, 0x7], [0x0, 0x3, 0x6, 0x0, 0x6a, 0x5, 0x3, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x6189fbd8, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x2, 0x0, 0x9e2b, 0x0, 0xfffffffd, 0x5, 0x4, 0x100000, 0x60000, 0x40002, 0xffffffff, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x1, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0xfd5], [0x0, 0x0, 0x0, 0xd1, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x3, 0x7, 0x0, 0x1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x6, 0x8000000, 0x8, 0x0, 0x0, 0x9b, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0xffffeffd, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x2], [0x0, 0x0, 0x0, 0x0, 0x0, 0x4bdf, 0x2, 0xf152, 0x0, 0x10000, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffff9bf, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x1, 0x0, 0x6, 0x8, 0x0, 0x735, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x4, 0x0, 0x0, 0x4]}, 0x45c)
listen(r0, 0x3)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10)
syz_emit_ethernet(0x36, &(0x7f0000000340)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x65, 0x0, 0xf, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2, 0xffff}}}}}}, 0x0)
close(0x3)
syz_emit_ethernet(0x36, &(0x7f00000001c0)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x3, 0x28, 0xda18, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x1, 0x2d7d, 0x0, 0x1000}}}}}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x2a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x38011, r3, 0x0)
r4 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c01803001d000b0ad25a80648c2594f90124fc60100c050000040009053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1, 0x0, 0x0, 0x4000}, 0x3500000000000000)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nfc(&(0x7f0000000140), r5)
sendfile(r3, r3, 0x0, 0x40008)

9.324280517s ago: executing program 0 (id=11562):
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
setsockopt$inet6_int(r3, 0x29, 0x31, &(0x7f0000000000)=0x6, 0x4)
connect$inet6(r3, &(0x7f0000000080)={0xa, 0x4e05, 0x1, @mcast1, 0x7}, 0x1c)
sendto$inet6(r3, &(0x7f00000001c0)="80006466d3805699", 0x8, 0x20004840, 0x0, 0x0)
recvmmsg(r3, &(0x7f0000000bc0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=""/7, 0x7}, 0x1}], 0x40000000000025b, 0x40000002, 0x0)

8.453841489s ago: executing program 0 (id=11566):
r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
connect$unix(r1, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000005c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
r4 = creat(&(0x7f0000000580)='./file1\x00', 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
getsockopt$bt_BT_RCVMTU(r5, 0x112, 0xf, &(0x7f0000000000), &(0x7f0000000080)=0x2)
r6 = fanotify_init(0xf00, 0x1)
getsockname$netlink(r4, &(0x7f0000000040), &(0x7f0000000180)=0xc)
fanotify_mark(r6, 0x105, 0x40009975, r4, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r3, 0x0)
ioctl$VIDIOC_QUERYMENU(r0, 0xc02c5625, &(0x7f0000000040)={0x0, 0xf6fd, @value=0x4})
syz_emit_ethernet(0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="aaaaaa52420000800000000816119078000000000000000007040416000000000010907802fe00000000000000000000000000000000c168c70bf225588e7cfb6eb321f09131481aac218b96d56fe4"], 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
syz_usb_connect(0x5, 0x59, &(0x7f0000000780)=ANY=[@ANYBLOB="12011bca5d6e9f4099041b1029560102030109024700010a03750809042920000e010006"], &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x3, [{0x2, &(0x7f0000000000)=@string={0x2}}, {0x0, 0x0}, {0x4, &(0x7f0000000140)=@lang_id={0x4, 0x3, 0x1009}}]})
r8 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r8, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r8, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c)
sendto$inet6(r8, &(0x7f0000000100)="b8", 0xffe0, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)
setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r8, 0x84, 0x19, &(0x7f0000001600)={0x0, 0x6}, 0x8)
sendmsg$nl_generic(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000002a00)={0x18, 0x3c, 0x107, 0x0, 0x4000, {0x1, 0x7c}, [@nested={0x4, 0xfc}]}, 0x18}, 0x1, 0x0, 0x0, 0xc000}, 0xc010)
syz_usb_connect(0x5, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0)
syz_usb_connect(0x0, 0x81, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000a7420040ab050103000101020301090224000100000000090400"], 0x0)

7.014114294s ago: executing program 6 (id=11573):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x3)
r2 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r2, 0x29, 0x2b, &(0x7f0000000200)={0x711bab44, {{0xa, 0x0, 0x1, @mcast2}}, {{0xa, 0x4, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, 0x108)
ioctl$UI_SET_ABSBIT(r1, 0x40045567, 0x0)
write$uinput_user_dev(r1, &(0x7f0000000540)={'syz1\x00', {0x6, 0x7fff, 0xb25, 0xb}, 0xb, [0x9, 0x8, 0x5, 0x6, 0x6, 0x3, 0xafc, 0x32, 0x838, 0xb2, 0x6ff5, 0x9f5, 0x8, 0x1000000, 0x0, 0x6, 0x8001, 0x6, 0x4a4c, 0x3, 0xfffffffd, 0xa, 0x10, 0x8001, 0x5, 0x1, 0xd4a, 0xffefe87a, 0x1, 0x6, 0x9, 0x9, 0x8, 0x0, 0x0, 0xe, 0x1, 0x3ff, 0x3ff, 0x4, 0xd, 0xff, 0x8, 0x7, 0x3ff, 0x83f5, 0x0, 0x2, 0xfe0, 0x7ff, 0x8, 0x3, 0x4, 0x2, 0x400a2, 0x3, 0xffff, 0x3, 0x0, 0x9, 0xf, 0x101, 0x200, 0x9a0], [0x3, 0x8, 0x6, 0xd, 0x1, 0xad10, 0x6, 0x13a0, 0x86, 0x7fff, 0x101, 0x8, 0x5, 0x1, 0x2, 0xffff, 0x4, 0x4a, 0xf, 0xfffff32a, 0xfffffff7, 0x4c4, 0x400, 0x7f, 0x1, 0x7, 0x4, 0x8, 0x30, 0x9, 0x1, 0x3, 0x4c6fbc51, 0x10001, 0xd35, 0xa, 0x6, 0x1, 0x1, 0x2, 0x20, 0x9, 0x0, 0x3ec8d8d2, 0x0, 0x3, 0x3, 0x2, 0x4, 0x6, 0xe51, 0x1, 0x7, 0x8, 0x3, 0x2, 0x0, 0x62, 0x7, 0x6, 0x4, 0x6, 0xfff, 0x4], [0xffffffff, 0x9, 0x6, 0xffff, 0x6, 0x8, 0xffffffff, 0xfd, 0x20, 0x8, 0x9, 0x74, 0x283, 0x2, 0x4d, 0x6, 0x6, 0x3ff, 0x10000, 0x5, 0x40, 0x4, 0x8, 0x0, 0x4, 0x5, 0x8001, 0x7, 0x1, 0xffff, 0x5, 0x7, 0x1, 0x9, 0x4, 0xfff, 0x3, 0x0, 0x1, 0x80000001, 0x53c2, 0x4, 0x2, 0x3, 0x80, 0x50, 0x3, 0xc, 0x8, 0x5, 0x4, 0x400, 0x3, 0x5, 0x86, 0x6, 0x400000, 0xb, 0x4, 0x0, 0x400, 0xfe6c, 0x2, 0x9], [0x3, 0x9, 0xffffffff, 0x2, 0x266, 0x10000, 0x401, 0x6, 0x8, 0x3, 0x101, 0x4, 0x9, 0x8, 0xce, 0x2, 0x8001, 0x1, 0x7, 0x6, 0x601000, 0x9, 0x5, 0xd, 0x1, 0x446, 0x800, 0x2, 0x0, 0x3, 0x2, 0x375, 0xfffffff1, 0x6, 0x5, 0x4, 0x7fff, 0x4, 0x3a2, 0x3, 0x2005, 0xe, 0xee6, 0x0, 0x7, 0x3, 0x8241, 0x7, 0x3, 0x9, 0xc, 0x3, 0x1, 0x1, 0x3, 0x296, 0x6, 0x7, 0xf, 0x0, 0x100, 0x7, 0xd, 0x56be]}, 0x45c)
ioctl$UI_DEV_CREATE(r1, 0x5501)
write$uinput_user_dev(r1, &(0x7f0000000a40)={'syz1\x00', {0x0, 0x0, 0x6}, 0x0, [0x0, 0x0, 0x0, 0x4, 0x1, 0x0, 0x401, 0x0, 0x4, 0x20008001, 0x2000, 0x4, 0x0, 0x0, 0x80, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x90, 0x801, 0x0, 0x80000001, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0xfffffffb, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0xffffd188, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x3, 0x0, 0x0, 0x5, 0x7], [0x0, 0x3, 0x6, 0x0, 0x6a, 0x5, 0x3, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x6189fbd8, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x2, 0x0, 0x9e2b, 0x0, 0xfffffffd, 0x5, 0x4, 0x100000, 0x60000, 0x40002, 0xffffffff, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x1, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0xfd5], [0x0, 0x0, 0x0, 0xd1, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x3, 0x7, 0x0, 0x1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x6, 0x8000000, 0x8, 0x0, 0x0, 0x9b, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0xffffeffd, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x2], [0x0, 0x0, 0x0, 0x0, 0x0, 0x4bdf, 0x2, 0xf152, 0x0, 0x10000, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffff9bf, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x1, 0x0, 0x6, 0x8, 0x0, 0x735, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x4, 0x0, 0x0, 0x4]}, 0x45c)
listen(r0, 0x3)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10)
syz_emit_ethernet(0x36, &(0x7f0000000340)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x65, 0x0, 0xf, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2, 0xffff}}}}}}, 0x0)
close(0x3)
syz_emit_ethernet(0x36, &(0x7f00000001c0)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x3, 0x28, 0xda18, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x1, 0x2d7d, 0x0, 0x1000}}}}}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x2a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x38011, r3, 0x0)
r4 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c01803001d000b0ad25a80648c2594f90124fc60100c050000040009053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1, 0x0, 0x0, 0x4000}, 0x3500000000000000)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nfc(&(0x7f0000000140), r5)
sendfile(r3, r3, 0x0, 0x40008)

6.926190542s ago: executing program 6 (id=11574):
sendmmsg$alg(0xffffffffffffffff, 0x0, 0x0, 0x40800)
recvmsg(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
mount(0x0, 0x0, &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0)
recvmsg(0xffffffffffffffff, 0x0, 0x1f00)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
fcntl$setownex(0xffffffffffffffff, 0xf, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000006c40), 0x0, 0x40015)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000c40)=[{&(0x7f00000006c0)="104f3fc590fd13", 0x7}, {&(0x7f0000000780)="976ec236ae6a5ab51079164203a657ef347fdac769d16dbcf1c699ca4aae92580f00060e51f0bba096de815dd667499a81b0e175b793a98b9771da29cc85ad9e1a5142df663bffe3548609810d474ce2d5f6514b22f7c86b9ac3e499c89f396da82cd0c20d848eadbfbef5057575919126833e7e293851901fff3fa01e431b53d988b6480016639f8f3f05a8076922fd54b713a6e1371c23af3e1cef1e72d7ea241ced76f209040cee3517979b39f2", 0xaf}, {&(0x7f0000000880)="d603a9fcce5eb91e3f5325bbb391b4e518d08d214088e70501d9c294b18d13f9f3597c23f2eb493c892e618c3f9cd42d672c05db8e77d65ee804d441a4b3843f00f481104df2a6555d858cd24227a06aea69674bc3dd7ec73a1ba3f66566bf8abc7c579c28c7ae5d17e8fef25c57d0d287eec8", 0x73}, {&(0x7f0000000940)="1d66259ac111570cd01d4c0f5348590a5a45180311b061325c0660f7adb823bd517df0b4e38fa8d90527f654253f46a2b5996f5b7f24861b6845b6a445c8ec7f9bf60948534c7718b9a708f1b51cb2092a76001027dd9be851c530f215b9affe8c8491323ae74db3e79d970849b60b792c9a83d518dc87fa9e05ef93687d0a4ad418ebe674e7ddd1918fa058c00cf155ee29a6fa054336ce2a1c80ce4b867279b0357e343b0556900a8d23afbf1ed245124d8d18364cc33770261c", 0xbb}], 0x4}, 0x1)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r1, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r2], 0x6f4}}, 0x0)

6.839119954s ago: executing program 6 (id=11575):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
connect$bt_rfcomm(r5, &(0x7f0000000040)={0x1f, @none, 0x2}, 0xa)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x3, 0x0, 0x8}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWFLOWTABLE={0x30, 0x16, 0xa, 0x801, 0x0, 0x0, {0x3}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_FLOWTABLE_HOOK={0x4}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz1\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x78}, 0x1, 0x0, 0x0, 0x8000}, 0x804)
sendmsg$sock(r2, 0x0, 0x4008895)
shutdown(r5, 0x1)

6.802238586s ago: executing program 2 (id=11576):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x3)
r2 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r2, 0x29, 0x2b, &(0x7f0000000200)={0x711bab44, {{0xa, 0x0, 0x1, @mcast2}}, {{0xa, 0x4, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, 0x108)
ioctl$UI_SET_ABSBIT(r1, 0x40045567, 0x0)
write$uinput_user_dev(r1, &(0x7f0000000540)={'syz1\x00', {0x6, 0x7fff, 0xb25, 0xb}, 0xb, [0x9, 0x8, 0x5, 0x6, 0x6, 0x3, 0xafc, 0x32, 0x838, 0xb2, 0x6ff5, 0x9f5, 0x8, 0x1000000, 0x0, 0x6, 0x8001, 0x6, 0x4a4c, 0x3, 0xfffffffd, 0xa, 0x10, 0x8001, 0x5, 0x1, 0xd4a, 0xffefe87a, 0x1, 0x6, 0x9, 0x9, 0x8, 0x0, 0x0, 0xe, 0x1, 0x3ff, 0x3ff, 0x4, 0xd, 0xff, 0x8, 0x7, 0x3ff, 0x83f5, 0x0, 0x2, 0xfe0, 0x7ff, 0x8, 0x3, 0x4, 0x2, 0x400a2, 0x3, 0xffff, 0x3, 0x0, 0x9, 0xf, 0x101, 0x200, 0x9a0], [0x3, 0x8, 0x6, 0xd, 0x1, 0xad10, 0x6, 0x13a0, 0x86, 0x7fff, 0x101, 0x8, 0x5, 0x1, 0x2, 0xffff, 0x4, 0x4a, 0xf, 0xfffff32a, 0xfffffff7, 0x4c4, 0x400, 0x7f, 0x1, 0x7, 0x4, 0x8, 0x30, 0x9, 0x1, 0x3, 0x4c6fbc51, 0x10001, 0xd35, 0xa, 0x6, 0x1, 0x1, 0x2, 0x20, 0x9, 0x0, 0x3ec8d8d2, 0x0, 0x3, 0x3, 0x2, 0x4, 0x6, 0xe51, 0x1, 0x7, 0x8, 0x3, 0x2, 0x0, 0x62, 0x7, 0x6, 0x4, 0x6, 0xfff, 0x4], [0xffffffff, 0x9, 0x6, 0xffff, 0x6, 0x8, 0xffffffff, 0xfd, 0x20, 0x8, 0x9, 0x74, 0x283, 0x2, 0x4d, 0x6, 0x6, 0x3ff, 0x10000, 0x5, 0x40, 0x4, 0x8, 0x0, 0x4, 0x5, 0x8001, 0x7, 0x1, 0xffff, 0x5, 0x7, 0x1, 0x9, 0x4, 0xfff, 0x3, 0x0, 0x1, 0x80000001, 0x53c2, 0x4, 0x2, 0x3, 0x80, 0x50, 0x3, 0xc, 0x8, 0x5, 0x4, 0x400, 0x3, 0x5, 0x86, 0x6, 0x400000, 0xb, 0x4, 0x0, 0x400, 0xfe6c, 0x2, 0x9], [0x3, 0x9, 0xffffffff, 0x2, 0x266, 0x10000, 0x401, 0x6, 0x8, 0x3, 0x101, 0x4, 0x9, 0x8, 0xce, 0x2, 0x8001, 0x1, 0x7, 0x6, 0x601000, 0x9, 0x5, 0xd, 0x1, 0x446, 0x800, 0x2, 0x0, 0x3, 0x2, 0x375, 0xfffffff1, 0x6, 0x5, 0x4, 0x7fff, 0x4, 0x3a2, 0x3, 0x2005, 0xe, 0xee6, 0x0, 0x7, 0x3, 0x8241, 0x7, 0x3, 0x9, 0xc, 0x3, 0x1, 0x1, 0x3, 0x296, 0x6, 0x7, 0xf, 0x0, 0x100, 0x7, 0xd, 0x56be]}, 0x45c)
ioctl$UI_DEV_CREATE(r1, 0x5501)
write$uinput_user_dev(r1, &(0x7f0000000a40)={'syz1\x00', {0x0, 0x0, 0x6}, 0x0, [0x0, 0x0, 0x0, 0x4, 0x1, 0x0, 0x401, 0x0, 0x4, 0x20008001, 0x2000, 0x4, 0x0, 0x0, 0x80, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x90, 0x801, 0x0, 0x80000001, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0xfffffffb, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0xffffd188, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x3, 0x0, 0x0, 0x5, 0x7], [0x0, 0x3, 0x6, 0x0, 0x6a, 0x5, 0x3, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x6189fbd8, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x2, 0x0, 0x9e2b, 0x0, 0xfffffffd, 0x5, 0x4, 0x100000, 0x60000, 0x40002, 0xffffffff, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x1, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0xfd5], [0x0, 0x0, 0x0, 0xd1, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x3, 0x7, 0x0, 0x1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x6, 0x8000000, 0x8, 0x0, 0x0, 0x9b, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0xffffeffd, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x2], [0x0, 0x0, 0x0, 0x0, 0x0, 0x4bdf, 0x2, 0xf152, 0x0, 0x10000, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffff9bf, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x1, 0x0, 0x6, 0x8, 0x0, 0x735, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x4, 0x0, 0x0, 0x4]}, 0x45c)
listen(r0, 0x3)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10)
syz_emit_ethernet(0x36, &(0x7f0000000340)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x65, 0x0, 0xf, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2, 0xffff}}}}}}, 0x0)
close(0x3)
syz_emit_ethernet(0x36, &(0x7f00000001c0)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x3, 0x28, 0xda18, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x1, 0x2d7d, 0x0, 0x1000}}}}}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x2a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x38011, r3, 0x0)
socket$kcm(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
sendfile(r3, r3, 0x0, 0x40008)

6.653537435s ago: executing program 2 (id=11577):
socket$kcm(0x21, 0x2, 0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000100)=[{&(0x7f0000000000)="0097cb8c3157a3fb8d4317e862a96089ed4b9892d92f919779382d25c7032714411ec68aed8fdb695dfc014a941f7fc264cf7a500b273acab69dec8cb1f037c4d2be998b6f2bc0c432aa13e9d77efa68af35ffa508117f8ec3791c95ae93b1c1b01da9", 0x1}, {0x0, 0xfded}, {&(0x7f0000000080)="a732a2c7820fc0260fe3bce3e28624bc467faa2c3fabe07f8fcfd7e9969ea482766d496c816481b643449b7a98000658be7986132289f60cedb2720e0d6d16089e21df551f0b41176ad81b0998034033dc54a704"}, {&(0x7f0000001180)="22563d7d15a23d2a26874cdc1bb5c0589417b6ab295693dc49292b3ad318401abffaec8c1418b993d9ea7d96610f55453532b02168200a2ee612cd9633fb1649fbd617fe2e11d12581c0026ef4bf675816f39e1903b1b219b0c67044ceb23cdbf2831de186ca1c5f8f6257cb9d724116a1af2de89b046ce19546846f0c68c790e559958238d55569e0d30e68b2e8c3add865d74362499438696433c01d8ae817a81cd85007590478195d1ad221e46c685220e0b0b8dfa9bda03719720c61e152cfd886dc583688d7b7ec8cde407f182e03a80a19281104ca3b62279b229f44868af6ac126c0a80c36d273f9c3cdb2fd89b1396558d8d5c85cd990b319180473b6c7f322e41e285c61c5b94add61fc580d3b05bdf46041243771dff5df1273bf7a1fac62aac5347581006430bc655fdadc753b699d42e1e3d4b5d2f082de14c3b6b3648228fbe183153bf591d5f970af8be9aaf500690159502b7acd034a91b5bb11f8dddfd7977a6115133fdab38e176543bf153308b78061f2ccd96eb30d3408041c6fd31c29cc509c8c7dbc6e43f04b3b9a4d52246d5ed356d04660cae7506c4c1c880a4eb37e0d0fc3e6251b5032144cde3db771b9b233fa44aaaae8b42696a9db4ff2f7a447938f04341add6177e3f5b8977131c094671425cb79f04b2c341ec7f881491c03acae06a381bb062bea220a53fc42eba9d6c862c3632ec1ec83189889fa3b325b12cff3bd3b3a1416d4b503b1510c806420c9c06c0ed81004510a2884475e4a894bae5676cde56a8f23ae59540c2ac5a9f178a8c562e4f4c099a79c5c5a6424427db6c3c8427382364a5445252bb93ff4b0ea7665e97b9d22c4efc17c4f244bb3b1d4e93c885f501b07367cab6339056c0d03d8c0615eb52a17040c7056bea1f52f09cc22ea64175087330622e1e3bf083d8d65efbd7dd2d3bdacab7d3e7f46c57ad37dbf82573078cf963dacb325605e7a640400c158e90f6a462ae6aa6937b2b86966fe81cefa2e318988550049c5cd9c0bc5f4fa97466fcd7d5dec24c6986ea1a7fab0f9f63b28a29182fe2d1a9c92a9ffda188c304c70ada7a70ad99c8a7d4fb87584e1b9e5571e91139407e4c70c5e94672483495f41046d22c934c98a0bd2e997b474006b003ed1abbb0557aafe4f7e180890b23dc33e8e6f8024b426fc7c75627c9325e28e71d31cf535203c712c0e79dce056f748fe3d772943441591ca7a2553d7d5d3aa5dda9db5dc9048732591cab84efc1eca3aa399277097be967c61348525c12981af426da9c338a276aaf1fa5f00ff27ce03fbb53f2ed366c444331f4be92e2d5ecd5891bbe63fc896e0e5a0810a240cfb9ab8640d745a9fc1739da3eec44f704e53195b6dff61f9a9a57532d5b18f0302224df95b613a16165a187972533e8791ab67caa01092256bc571fe6b7bd1569764bf299d4cd08899a27dd60f33dc7250cd8bd56e7c935ebe678453206da5e08bf0e9e1169bbc2c6a8b62c87201e4b14336bd04940b055df11ff8a501a4cf2c9f1ef6ca2d04116b579c5621a9c396de17f538e26bc3106e0dc4df48d59b550275a71a5d0720678b4f412fcba507046ddc0df1fed825d3b8366b8ae6242be7ea24a4765ed514272994217c0888adb98b32688407a5423641b00f1536a76a2a81c3394baeb81de78b103d6eca4cd2932562224910e0f85ec827aebaa8f8c78650f23e8ec4e0d031e38a6bda1228e05a3f04321763d74689c6acc54c5e154d897987426f99b22c915718a371a81d39c8df9a353870db4f104243a3bff826f03612353e56e5091f5757a04f433170b2bc5a163da26becc2ad3f030db67e97581cebdca6e8728fc7b4460717de82d4ef67c42215794ef1606179b8664167c30958548ec084a9296aa373ff991aa9af07dfe7df30a1f4e737a0b40547766eadea00178bbf9c33bc085d8dbdb63a642a9f70ac2106babe64ebf763d9d3a8444eee6645623930bb3391bfdf8b2ff33f6a3486f818f64031643ccf1569023984993aeb8cb9c0d8143c696922be257181c9cd5cb903a65630e3d85a68a72ea73bba93c9ec23afa97254250df082a1c41e70de9b20beccdc44a18118a5191c36826124ff1469b7db3ed47ef510330e09c183d6771b18d9a0095cfacf17f20aadc0a90c6196e395fa779fbeb5e48676b30be1551d84df8dd002db48d7fe3885ffc43ba4cfb7e4dea1afd037527eb290b19542d6c86b3ef6025661e1b15dfb8c4ab43463f279f6700ed4a02b8677c3c0efc3cb0190e9fff68b34b9bb801f3971877625805e775c9e5a4f31c7c03a56731d75a28a6c50e50794fab05f571bf532195ad1c0800cad1ae7d14a211861ff4cac1a5633afa98c2f3dc4c638efa0ff83d504e4296126071fc07d45859826b1bf33e3583018f371e2a343e74cc766f79d6e571d2edfc2501e035d514b5399a9c6fa5c42bef1a5ea159e719837dd346c1d87f84a68b8cfd5352bb158d8aabcc69524cf302aa0218cfdcf70711ab0a52f4834b13bae683a44547868273485ef4550d4ea934c31d3c93cb6db7ffe76dd83411fbbd367b60fc35e52c0d30d2c526a02a818a485d3d3e9fc4288f659fdff43feeec6d2cc504fad9e8fb4730338ca016d2467ee0d439cbf2ee0ea13c07dca2b83c906b3f113d62846db94441103205e7ca30838e1da74b50efa3701ef06c3480cf1b4ddbf664907dd8a14c274956e23c3c4ee4a4984a2122659d941bb9ad0c840a46f23ae882e6a00c8673f69bcef4a1a3d740cb4113056b904a7b4e639ad6e282dd1dd584794b31e266f4c34ca752d21f198f69dcb00c90acc684958bf3d7d421b393aa90463ef2ad0c213580768646f4ce23cc150d1c625769fee27ee13cf0029be0a1ba769e25501fbe9da4d7edaa0ca0e8e88577be0aa855c40719d2d0dfc8c9f7e5d28558362af1b007dff097f575f808a7e8864cc9f930441fbb2457e9095194da3aa4d9bb52b2707fb7a310d4dc072ad59d769295da7dcbf421b2ad4af2ddd745fa42722a9a68098d9a4f440de9faa6bc175e3640859b6dd2c0f4bb64e40deacf899bf5356beca7e645db963f9a2349b962a953f0a23ec0683d280ea7e87f9524cb37b2210fb0a04c8336e91b8046f60b4887814f5358212cf78f650d18052f46b3b7ddeb0f8467f852090108badc06c39b92cac4818e6bea340cfb7368cd359769a781bb0ec168961baae8a296c616cea4280831cff970b0308f6ec3964311b9df757e18692bc15864eafc2f2f371fe131f295c8598e948b141350c48f7e72d6e4ab799e3f7e6a7941b46f3f848df4e7003127b11e44742ddb25b17074fa9f9333e6d99f840fbdcfcb888ea936fd533fdc5274b5b359c31c8909979420f0c2115842bbd91b5df113521608bb989b129a6236d63d985168f0fa72845609a630211c13941b6c93cb4098e695e6e66f56480dc83bb95efa5247c6391b842c08500ebe5c833cebe96ff4f5dd3ee1ee6760695d962aa12fb1eca72825ef26abec850849aa0cef089899325ffd762f3e9c944cedfe07cc8e80a25865868ad12407b8fc282b0fa266ceb6b540174938c24c72cde28ac9e658a2dc2243282ef2e88801ff508ac914b742f00b7e2430129ad70e52cde4e10f63e57925f23bcd7f0d4c0da45b7c23782f4e52e13267e570dd1ee84f86f13b2564c413f56d198890f31837852d3e23d5be3f7af4a4616ba63f97c6b4a14f48300883f23cb007799145169e0eb57b78c5d572f767f377b4a43408d84888164c642fdf650be523f5d1849081e420bb6c012f485947e09267fa4f114e19a769dd8e4cb1b38764efd09f377b4991ede6848d6bce790aead60ef78c56dded8450f15ebab7dd90a7a32831bfc5ac5aabd0c1c409383e86f76d33d92152a99d677fea918b756a59261a625b3d296b1de8e23472b93666e733fbc624f46dc11aa67b1bb2e12636f3de4ebf31b757703d0594acd996f8ee5f592c43af39df944986d2d91d6dd96ee89ae4324918c91dc109aad0f093caddcc2ff344875c130fa8372641a4069a3886ed2eda4e3d12b552f607ac4ae7cd5a2ea055bb1f570ae6dcad3670f2cf2fefaa84132402e95050a62a1f68b25ccadb5727ad37a8c864f8d0004b44d25369fd0c7a433b4323a7debdf301b58ce29a59a6bf5563795e79788116486c8a45a376346c9202dcf4eea582ff8108629e0a807e0ff399069c8bba26e4629b37e72eeb0314816b2ee74e673630402a0dbbacca30a6af5ec1ccd1600f90820e5916722939f97bc33c805173c6b0fb9b572456b50240bb0049ca947279e5239c926d0c7d2c214e80f22c457c807729b8079b501b2cd11d30ad9818c0cdd42f35dc8a83a017844953ef9cbfe8ddf493c2e1b6060bcde5111470e5ac150ac011765f7035234253b9c5688e141037d347c9a772bc50789e36669c9ab0e097ddc0ee05edc4f09d57cf48a4a858093766774b2835bf3b6ecfb525bed9f8a21e8b0b2ecb97d6efcd92f42c44f4d508544c24c37320a64a307360b418610bf665af2f271951f690c7bf48e6569195fea5c03a1d2bcabf981b95d8384174bba246d148b110e5904631858884de1d3b9a70a15c2771aadf96de7ac826a037c096f04d7ca45aec20b7b0539c80e3514db681cafd833da26fb90acb6175134dce6b1a308e8ae708d8dd1af2105b38c414255f5f69b10761e716670330460c490a3200d1688872be79e1c2cff94eef7244726c9e96f43f14c90a9785b7227441465c4f5cdf254d57205f31e8486d519951cafeedf4842f95d71d563d19deb9d6502fb6b3eef9abcea9b02ec75d671ef40bede52c899984fedc234aca9a7f81843ca290094095b801a3a7d65201fe3d88f6baacc85bfbc19675a21ec1d67b8857047e407a8ec9ca0e592d385e4eaef12a175ded6c5b790ee7ab25301c7b673d617872acdc302ced5aba6a1c2ebada2191c561cc6639fb0ddbc1e76ddebc304d43150b9bbbe52f7bdba7eb1022b60b4947167d89f1020987f446c77705b616de5ccacfcdc93788c9e019a3269ccd3e6a01f3506b9b38f028f18956ed0d8b17f7c37e3a09c1fba199364cea2ae96e5f2d5ab0406241fb76431e88a988712eba1ac1d35403eeacf00ab13e02031248f4a2c6b40c0d4bf7364aa40c239fede89138e50bcaaf228986f13c13033ea5bd0c0bff52d0a6e06cf594fbe9d5814bf70b0036b4d9c214616524079ef3a8931d891c406c1a9624cc224bbe0d718de76672e4ea9d017abe3eba6cf7b9b7f5d8863f0a9d683c518743353c875ed1cb6fc5ea49a20baf3aad5a6066d3d8497c00651f10966bafd824275961ac952839d15379b41a34e3ecd7940592e4ca8f7a620b0125234c6958bf7e594f2126d75f71d6ce6d553e7b2db8191c5a7e840d87c0eb0da7745b708f07e7625388783439ffd40fb225a43922b44d49d5b838badc76926934325eeedc66e96c4b78cc2b65f3100f96edf1a18ddfe6566363d639fc24f2110c6877541e0171e9927a6b48cd65885b417131cf3c9bd5df3f22822715b04921554c0b6b2a19d391e7d8527b076eebca55153153a10f68deb40eddaca57a9ae77e45a921775809a17aed11357860b692cb629dbb77754919796b1d3f59d555b80b35b49cef6e426e4f431410f40fb640155bcd1ef04080ef04e6378d9929d7e4df548ff0dbc446df5f43f72213167fe6a34c38fcb919b9df5a05546b7b3ad09101abd4e1ab48d3569b0786e95151de935929a18ce4e6894967a84e5e36ad20c8f985b22be888322803"}], 0x2)
r1 = socket$tipc(0x1e, 0x5, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
openat$procfs(0xffffffffffffff9c, &(0x7f0000001140)='/proc/slabinfo\x00', 0x0, 0x0)
ioctl$SIOCGSKNS(r1, 0x894c, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x6, 0x0, 0x100000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000000ffe, 0x49}, 0x0, &(0x7f00000002c0)={0x3fb, 0x7, 0x8000000000000001, 0x4, 0x0, 0xfffffffffffffff3, 0x800}, 0x0, 0x0)

5.8639449s ago: executing program 6 (id=11579):
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x20000, 0x0)
modify_ldt$write(0x1, 0x0, 0x0)
syz_open_dev$dri(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000020c0)='net/rt_cache\x00')
read$FUSE(r2, &(0x7f0000000000)={0x2020}, 0x2020)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff})
r4 = syz_io_uring_setup(0x117, &(0x7f0000000100)={0x0, 0x0, 0x80, 0x2000000, 0x3a6}, &(0x7f00000001c0)=<r5=>0x0, &(0x7f0000000200)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffc00, 0x0, 0x4)
syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0)
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000340)={{{@in6=@private0, @in=@dev}}, {{@in6=@dev}, 0x0, @in6=@ipv4={""/10, ""/2, @loopback}}}, &(0x7f0000000000)=0xffffffffffffff0f)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r5, r6, &(0x7f00000000c0)=@IORING_OP_SENDMSG={0x9, 0x40, 0x0, r3, 0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000100000001000000"], 0x18}, 0x0, 0x40000, 0x1})
io_uring_enter(r4, 0x47f6, 0x80ffff, 0x0, 0x0, 0x0)

5.788253749s ago: executing program 2 (id=11580):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = syz_init_net_socket$llc(0x1a, 0x801, 0x0)
bind$llc(r1, &(0x7f0000000080), 0x10)

5.642994723s ago: executing program 2 (id=11581):
syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1b1c, 0x1c0c, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x80, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200}}}}}]}}]}}, 0x0)
socketpair(0x1, 0x100000005, 0x0, 0x0)
r0 = syz_open_dev$usbmon(&(0x7f0000000900), 0x0, 0x0)
syz_usb_connect$uac1(0x5, 0xb1, &(0x7f0000000180)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x8, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x9f, 0x3, 0x1, 0x8, 0x40, 0xfd, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x6, 0x3}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0xa, 0x24, 0x2, 0x2, 0x7f, 0x240, 0x4, '~'}]}, {{0x9, 0x5, 0x1, 0x9, 0x0, 0x0, 0x0, 0x1, {0x7, 0x25, 0x1, 0x86, 0x40, 0x7}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0xa, 0x24, 0x2, 0x2, 0x9c, 0xff, 0x7, "e6"}, @as_header={0x7, 0x24, 0x1, 0x1, 0x3, 0xb6b5a15060f31540}, @format_type_i_continuous={0xb, 0x24, 0x2, 0x1, 0x2, 0x3, 0x8, 0x2, "d6ed", "84"}, @format_type_i_discrete={0x8, 0x24, 0x2, 0x1, 0x2, 0x2, 0x4, 0x25}, @as_header={0x7, 0x24, 0x1, 0xb, 0xe, 0x3}, @format_type_i_discrete={0xb, 0x24, 0x2, 0x1, 0x85, 0x4, 0xd, 0xb, "dd0000"}]}, {{0x9, 0x5, 0x82, 0x9, 0x3ff, 0x9, 0x7e, 0xcb, {0x7, 0x25, 0x1, 0x2}}}}}}}]}}, &(0x7f0000000540)={0xa, &(0x7f0000000280)={0xa, 0x6, 0x8a3fee061f876177, 0xd3, 0x9, 0x5, 0x8}, 0xd6, &(0x7f00000006c0)=ANY=[@ANYBLOB="050fd68103ae100a5fee976e35e91f4eecba9dcaa75b1b35c28a424a935282d987665a7bbd3ebaa9459ebf0bfe8f3bec541aba1f1f27bfbc8db2cde70a9e1f2cdee8937df0425c4b8a03cad6681877433b03f3ec7eee474fc1f4a5beab620192e1b072b725c1664cf79c92bcf75e9001d1126b1e30bcfbcf95925c94ce83483b4496d881a90bca920e1744dc3680508839f60eae130615cda9ea4f55c67260705bae457b68c42d5ecbeb6ec2820e07619601a40710021a7509001c100a0664000000000021000000ff000000ff00003f0000cfc00000efc8377db95622445422d6cc0871f029a823c8"], 0x2, [{0x4, &(0x7f0000000340)=@lang_id={0x4, 0x3, 0x2c09}}, {0x4, &(0x7f0000000380)=@lang_id={0x4, 0x3, 0x402}}]})
ioctl$MON_IOCT_RING_SIZE(r0, 0x80089203, 0x200000000000000)
syz_open_dev$sg(&(0x7f0000000640), 0x8f, 0x206600)

5.40370926s ago: executing program 0 (id=11582):
mlock2(&(0x7f0000370000/0x3000)=nil, 0x3000, 0x1)
r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = syz_io_uring_setup(0x113, &(0x7f0000000100)={0x0, 0x4, 0x80, 0x2000000, 0x3a2}, &(0x7f00000001c0)=<r6=>0x0, &(0x7f0000000180)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffc00, 0x0, 0x4)
getpid()
r8 = syz_pidfd_open(r2, 0x0)
ioctl$BTRFS_IOC_ADD_DEV(r8, 0xff05, 0x0)
wait4(0x0, &(0x7f0000000380), 0x2, &(0x7f0000000e00))
syz_io_uring_submit(r6, r7, &(0x7f00000000c0)=@IORING_OP_SENDMSG={0x9, 0x40, 0x0, r1, 0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000001000000"], 0x18}, 0x0, 0x40000, 0x1})
io_uring_enter(r5, 0x47f6, 0x80ffff, 0x0, 0x0, 0x0)
syz_usb_disconnect(r0)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000021000010000000000000000000000000a20000000000a05000000000000000000070000000900010073797a300000000050000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000000414000980100002800c0001800800014000000002140000001000010000000000000000000084000a"], 0x98}, 0x1, 0x0, 0x0, 0x20000080}, 0x0)
gettid()
syz_usb_connect(0x4, 0x24, &(0x7f0000000740)=ANY=[], 0x0)
r10 = syz_open_dev$swradio(&(0x7f0000002a40), 0x1, 0x2)
accept4$ax25(0xffffffffffffffff, &(0x7f00000002c0)={{0x3, @null}, [@null, @bcast, @bcast, @default, @rose, @remote, @bcast]}, &(0x7f0000000340)=0x48, 0x0)
ioctl$VIDIOC_DQBUF(r10, 0xc0585611, &(0x7f0000002b00)=@multiplanar_overlay={0x66906dc8, 0x1, 0x4, 0x4000, 0xff, {0x0, 0x2710}, {0x0, 0xc, 0x1, 0x0, 0x8, 0x9, "88998790"}, 0x9, 0x3, {0x0}, 0x101})
syz_usb_connect$uac1(0x3, 0x9e, &(0x7f0000000000)=ANY=[@ANYBLOB="12010002000000106b1d010140000102030109028c0003010301000904000000010100000a24010c00080201020c24020101010400010106d40904010000010200000904010101010200000724010a8000000724019b0701100c24020106030329bcc422990905010900040f830a072501020ffe7f0904020000010200000904020101010200000724010106040009058209000405010307250182020b00"], 0x0)

4.233883263s ago: executing program 6 (id=11584):
socket$kcm(0x10, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1e}, @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x2, 0x0, 0x58, 0x0, 0x0, 0x0, 0x2f, 0x0, @remote, @multicast1}, {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x4, 0x86dd}, {0x0, 0x0, 0x0, 0x0, 0x11}}}}}}, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, 0x0, 0x0)
syz_usb_connect(0x0, 0x5f, 0x0, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
openat$dir(0xffffffffffffff9c, 0x0, 0x2100, 0x0)
syz_open_dev$usbfs(&(0x7f0000000100), 0x0, 0x10080)
getsockname$unix(r1, 0x0, &(0x7f00000000c0))
bpf$MAP_DELETE_BATCH(0x1b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x4}, 0x38)
set_mempolicy(0x4005, 0x0, 0x9)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0)
r2 = getpid()
creat(&(0x7f0000000140)='./file0\x00', 0x62)
process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)

3.059462432s ago: executing program 0 (id=11586):
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000280)=ANY=[@ANYBLOB="1201000000000040d90455a000000000000109022400010000100009040000c4030002000921001000012207000925810300000d0040"], 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, &(0x7f0000000500)={0x24, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="002207000000880c000000a7"], 0x0}, 0x0)
migrate_pages(r0, 0x5, &(0x7f0000000040)=0x9, &(0x7f0000000080)=0x272)
r2 = syz_open_dev$usbfs(&(0x7f0000000180), 0x204, 0x2581)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x141101)
r4 = dup(r3)
r5 = syz_io_uring_setup(0x235, &(0x7f0000000500)={0x0, 0x4533, 0x10100, 0x0, 0x24c, 0x0, r4}, &(0x7f00000001c0)=<r6=>0x0, &(0x7f0000000280)=<r7=>0x0)
syz_io_uring_submit(r6, r7, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {0x201}, 0x1})
io_uring_enter(r5, 0x234f, 0x2d59, 0x2, 0x0, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r8 = socket(0x10, 0x803, 0xfffffffd)
getsockname$packet(r8, 0x0, 0x0)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x275a, 0x0)
fcntl$lock(r9, 0x6, &(0x7f0000000000)={0x0, 0x0, 0x8})
fcntl$lock(r9, 0x26, &(0x7f0000000080)={0x1, 0x0, 0x2007, 0x1fd})
r10 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x13, r10, 0x0)
socket$unix(0x1, 0x1, 0x0)
fcntl$lock(r9, 0x7, &(0x7f0000000280)={0x1, 0x0, 0x2f, 0x9})
r11 = fcntl$dupfd(r2, 0x0, r2)
ioctl$USBDEVFS_SUBMITURB(r11, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000080)={0x80, 0xf, 0x0, 0x0, 0x7995}, 0x10007, 0x0, 0x0, 0x48000000, 0x0, 0x40000000, 0x0})
fchdir(r2)

2.602256876s ago: executing program 2 (id=11587):
openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000005c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x42, 0x0)
creat(&(0x7f0000000580)='./file1\x00', 0x0)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
getsockopt$bt_BT_RCVMTU(r2, 0x112, 0xf, &(0x7f0000000000), &(0x7f0000000080)=0x2)

2.439517899s ago: executing program 3 (id=11588):
r0 = fsopen(&(0x7f0000000040)='nfs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='source', &(0x7f0000000180)='%(,c\xbe\xfbL:', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='source', &(0x7f00000000c0)='%(,\xc7', 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
link(&(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='./file0\x00')
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x4000811}, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket$inet(0x2, 0x6000000000000001, 0x0)
mmap(&(0x7f0000001000/0x200000)=nil, 0x200000, 0x2000001, 0x2011, r2, 0x0)
r3 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000010c0)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newtaction={0x70, 0x30, 0x1, 0x70bd28, 0x0, {}, [{0x5c, 0x1, [@m_simple={0x58, 0x1, 0x0, 0x0, {{0xb}, {0x2c, 0x2, 0x0, 0x1, [@TCA_DEF_PARMS={0x18, 0x2, {0x2, 0xfffffff8, 0x1, 0x9, 0x7}}, @TCA_DEF_DATA={0xd, 0x3, ')+@$(:(\\\x00'}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x3}}}}]}]}, 0x70}, 0x1, 0x0, 0x0, 0x4}, 0x0)
socket$kcm(0x29, 0x5, 0x0)
sendmmsg(r1, &(0x7f00000002c0), 0x40000000000009f, 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f00000002c0)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota')
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f00000001c0)={<r5=>0x0}, &(0x7f0000000200)=0xc)
process_vm_readv(r5, &(0x7f0000001a80)=[{&(0x7f00000003c0)=""/88, 0x58}, {&(0x7f0000000480)=""/4096, 0x1000}, {&(0x7f0000001480)=""/252, 0xfc}, {&(0x7f0000001580)=""/241, 0xf1}, {&(0x7f0000001680)=""/98, 0x62}, {&(0x7f0000000280)=""/40, 0x28}, {&(0x7f0000001700)=""/242, 0xf2}, {&(0x7f0000001800)=""/253, 0xfd}, {&(0x7f0000001900)=""/163, 0xa3}, {&(0x7f00000019c0)=""/171, 0xab}], 0xa, &(0x7f0000001bc0)=[{&(0x7f0000001b40)=""/75, 0x4b}], 0x1, 0x0)
openat$cgroup_subtree(r4, &(0x7f00000000c0), 0x2, 0x0)
lchown(&(0x7f0000000040)='./file1\x00', 0xee01, 0xee01)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x4, 0x3032, 0xffffffffffffffff, 0x0)
chdir(&(0x7f0000000140)='./file1\x00')
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x3ff)

2.364056161s ago: executing program 3 (id=11589):
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000100)={0x2ffc, 0x4000006, 0xfffffefc, 0x6}, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c000000160001f47efde4be701161000a000000040000800400", @ANYRES32=r0], 0x1c}}, 0x804)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x1, 0xb, &(0x7f0000000180)=ANY=[@ANYRESDEC=r0], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='percpu_alloc_percpu\x00', r1}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x13, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

2.287039015s ago: executing program 3 (id=11590):
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000)={<r0=>0x0}, &(0x7f00000000c0)=0xc)
sched_setaffinity(r0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f000001b000)=""/102395, 0x18ffb)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), r2)
sendmsg$NLBL_CIPSOV4_C_ADD(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[], 0xd0}}, 0x8000)

2.286755875s ago: executing program 3 (id=11591):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r2=>0x0})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x17, 0xc, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000000000000000"], 0x48)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000b80)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = socket$inet6_udplite(0xa, 0x2, 0x88)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000540)={r4, &(0x7f00000001c0), &(0x7f0000000340)=@udp6=r6}, 0x20)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000300)={r5, r2, 0x25, 0x2, @val=@tcx}, 0x1c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r4, &(0x7f0000000040)="ec", &(0x7f00000001c0)=@udp=r0}, 0x20)
syz_emit_ethernet(0xfdef, &(0x7f0000000180)=ANY=[], 0x0) (fail_nth: 2)

2.280157913s ago: executing program 3 (id=11592):
socket$nl_audit(0x10, 0x3, 0x9)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000340)={0x1f, 0xffff, 0x3}, 0x6)
syz_io_uring_setup(0x45, &(0x7f0000000300)={0x0, 0x0, 0x40, 0x2, 0x18}, &(0x7f0000000100), &(0x7f00000000c0))
getpeername$packet(0xffffffffffffffff, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket(0xa, 0x3, 0xf2c)
r1 = syz_usb_connect(0x0, 0x2d, 0x0, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f0000000540), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = socket$inet6(0xa, 0x3, 0x7)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, &(0x7f00000000c0)={@dev, 0x800, 0x0, 0x2000000000903, 0x1}, 0x20)
setsockopt$inet6_int(r3, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x7fff, 0x4)
setsockopt$inet6_int(r3, 0x29, 0x24, &(0x7f0000000500)=0x40, 0x4)
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000240)={0x3, 0x1, {0xffffffffffffffff}, {0xee00}, 0x7, 0x3})
write$FUSE_LK(0xffffffffffffffff, &(0x7f0000000280)={0x28, 0xffffffffffffffda, 0x0, {{0x3, 0x10001, 0x2}}}, 0x28)
connect$inet6(r3, &(0x7f0000000040)={0xa, 0x4e20, 0x380002, @dev={0xfe, 0x80, '\x00', 0x34}, 0x692}, 0x1c)
sendmsg$inet(r3, &(0x7f0000000880)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000680)=[@ip_tos_int={{0x14, 0x0, 0x1, 0xe}}], 0x18}, 0x2000c045)
io_destroy(0x0)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000001c0), 0x480, 0x0)
socket(0x40000000015, 0x5, 0x0)
ioctl$TIOCSSOFTCAR(r4, 0x5453, 0x0)
write(r0, &(0x7f0000000000)="09000000010000", 0x7)
socket$nl_generic(0x10, 0x3, 0x10)

1.79343381s ago: executing program 2 (id=11593):
r0 = socket(0xa, 0x3, 0x3a)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="34000000e5c6ca2bea7f00000044f70e913f280457b3d29df4ca6e0919681ce568abf6727b147bfd3f9c3ed0ee34aff973fc0a2c310e15b50a91c1264aa8886e40456decdb9fccc9171799a331768e603ebc8be9ed46568f068bdb", @ANYRES16=r2, @ANYBLOB="1b00000000000300000005000000180001801400020073797a5f74756e0000000000000000000800038004000380"], 0x34}}, 0x0)
setsockopt$MRT6_ADD_MFC(r0, 0x29, 0xcc, &(0x7f0000000000)={{0xa, 0x0, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}, 0x809}, {0xa, 0x8, 0x0, @empty}, 0x2, {[0x0, 0x1, 0xfffffffe, 0x0, 0xffffffff, 0x8]}}, 0x5c)
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="1b00000000000000000000000000000000000000d3cc9762b03782cea897458a3639f23428092f50b18e3856209d26215250336c73bb97ba046965f1f335bf5467b28196ee1316987c3d804a8a98c531b7df221d8a19d911ca46e238116343910b78370ffa4bd70fd990dd911b190d349618365882c9e185a9fde5668990281903f8e0ddd12035c1514b586d8f2e579b5187b261da7f67f4f743e0d93a79cfc41211c1a8c068756698da", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r3 = epoll_create1(0x0)
dup(r3)
mount$9p_fd(0x0, &(0x7f0000000540)='.\x00', &(0x7f0000000180), 0x0, &(0x7f0000000340)=ANY=[])
syz_genetlink_get_family_id$nl80211(&(0x7f0000000480), r0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x50, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
bind$bt_sco(0xffffffffffffffff, &(0x7f0000000140)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}}, 0x8)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$netlink(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000003c0)=ANY=[@ANYBLOB="1c0000002d000100000000000000000004000080050011802f"], 0x1c}], 0x1}, 0x310)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x400000000a802, 0x0)
r7 = dup(r3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r7, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
madvise(&(0x7f0000d2d000/0x8000)=nil, 0x8000, 0x11)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
syz_usb_connect$hid(0x0, 0x36, &(0x7f00000002c0)=ANY=[@ANYBLOB="1201000000000040ef0e01000000000000010902240001000000000904000f05030001000921fe0f0601220b000905810300020f0201d9226a2c621d7f9a7da8f7bd3f2793a5d128befcd6f3a15fbeaa43021c13d01b5a5b97a1d60a55406515759cb704d2e6"], 0x0)
bind$netlink(0xffffffffffffffff, &(0x7f0000000840)={0x10, 0x0, 0x25dfdbfe, 0x8}, 0xc)

1.421506158s ago: executing program 3 (id=11594):
r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
connect$unix(r1, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000005c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
r4 = creat(&(0x7f0000000580)='./file1\x00', 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
getsockopt$bt_BT_RCVMTU(r5, 0x112, 0xf, &(0x7f0000000000), &(0x7f0000000080)=0x2)
r6 = fanotify_init(0xf00, 0x1)
getsockname$netlink(r4, &(0x7f0000000040), &(0x7f0000000180)=0xc)
fanotify_mark(r6, 0x105, 0x40009975, r4, 0x0)
fallocate(r3, 0x0, 0x1000000, 0x3)
ioctl$VIDIOC_QUERYMENU(r0, 0xc02c5625, &(0x7f0000000040)={0x0, 0xf6fd, @value=0x4})
syz_emit_ethernet(0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="aaaaaa52420000800000000816119078000000000000000007040416000000000010907802fe00000000000000000000000000000000c168c70bf225588e7cfb6eb321f09131481aac218b96d56fe4"], 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
syz_usb_connect(0x5, 0x59, &(0x7f0000000780)=ANY=[@ANYBLOB="12011bca5d6e9f4099041b1029560102030109024700010a03750809042920000e010006"], &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x3, [{0x2, &(0x7f0000000000)=@string={0x2}}, {0x0, 0x0}, {0x4, &(0x7f0000000140)=@lang_id={0x4, 0x3, 0x1009}}]})
r8 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r8, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r8, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c)
sendto$inet6(r8, &(0x7f0000000100)="b8", 0xffe0, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)
getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r8, 0x84, 0x72, &(0x7f0000000700)={0x0, 0x9, 0x10}, &(0x7f0000000740)=0xc)
setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r8, 0x84, 0x19, &(0x7f0000001600)={0x0, 0x6}, 0x8)
sendmsg$nl_generic(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000002a00)={0x18, 0x3c, 0x107, 0x0, 0x4000, {0x1, 0x7c}, [@nested={0x4, 0xfc}]}, 0x18}, 0x1, 0x0, 0x0, 0xc000}, 0xc010)
syz_usb_connect(0x5, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0)

1.177588793s ago: executing program 6 (id=11595):
r0 = socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x50, 0x0, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mremap(&(0x7f0000715000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
r3 = openat$sequencer2(0xffffff9c, 0x0, 0x143240, 0x0)
ioctl$SNDCTL_SEQ_NRMIDIS(r3, 0xc0045103, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
syz_emit_ethernet(0x0, 0x0, 0x0)
setsockopt$MRT6_INIT(r0, 0x29, 0xc8, &(0x7f0000000340), 0x4)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000840), 0xffffffffffffffff)
sendmsg$WG_CMD_GET_DEVICE(r4, &(0x7f00000026c0)={0x0, 0x0, &(0x7f0000002680)={&(0x7f0000002640)={0x28, r5, 0x311, 0x70bd2b, 0x25dfdbfb, {}, [@WGDEVICE_A_IFNAME={0x14, 0x2, 'wg2\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x20}, 0x20000880)
setsockopt$MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000040)={0x0, 0x1}, 0xc)
setsockopt$MRT6_ADD_MFC_PROXY(r0, 0x29, 0xd2, 0x0, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000bc0)=ANY=[@ANYBLOB="120141018f991220720c0c0009d40102030109021b0001000010000904"], 0x0)
setsockopt$MRT6_FLUSH(r0, 0x29, 0xd4, 0x0, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48)

0s ago: executing program 0 (id=11596):
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000280)=ANY=[@ANYBLOB="1201000000000040d90455a000000000000109022400010000100009040000c4030002000921001000012207000925810300000d0040"], 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, &(0x7f0000000500)={0x24, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="002207000000880c000000a7"], 0x0}, 0x0)
migrate_pages(r0, 0x5, &(0x7f0000000040)=0x9, &(0x7f0000000080)=0x272)
r2 = syz_open_dev$usbfs(&(0x7f0000000180), 0x204, 0x2581)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x141101)
r4 = dup(r3)
r5 = syz_io_uring_setup(0x235, &(0x7f0000000500)={0x0, 0x4533, 0x10100, 0x0, 0x24c, 0x0, r4}, &(0x7f00000001c0)=<r6=>0x0, &(0x7f0000000280)=<r7=>0x0)
syz_io_uring_submit(r6, r7, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {0x201}, 0x1})
io_uring_enter(r5, 0x234f, 0x2d59, 0x2, 0x0, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r8 = socket(0x10, 0x803, 0xfffffffd)
getsockname$packet(r8, 0x0, 0x0)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x275a, 0x0)
fcntl$lock(r9, 0x6, &(0x7f0000000000)={0x0, 0x0, 0x8})
fcntl$lock(r9, 0x26, &(0x7f0000000080)={0x1, 0x0, 0x2007, 0x1fd})
r10 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x13, r10, 0x0)
socket$unix(0x1, 0x1, 0x0)
fcntl$lock(r9, 0x7, &(0x7f0000000280)={0x1, 0x0, 0x2f, 0x9})
r11 = fcntl$dupfd(r2, 0x0, r2)
ioctl$USBDEVFS_SUBMITURB(r11, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000080)={0x80, 0xf, 0x0, 0x0, 0x7995}, 0x10007, 0x0, 0x0, 0x48000000, 0x0, 0x40000000, 0x0})
ioctl$USBDEVFS_REAPURBNDELAY(r2, 0x4004550c, 0x0)

kernel console output (not intermixed with test programs):

 timer overrun
[ 2257.841880][T11876] netlink: 44 bytes leftover after parsing attributes in process `syz.0.11282'.
[ 2257.842730][   T30] audit: type=1400 audit(1758765909.231:2572): avc:  denied  { nlmsg_write } for  pid=11875 comm="syz.0.11282" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[ 2257.883915][T32119] Bluetooth: hci4: command tx timeout
[ 2258.852636][   T30] audit: type=1400 audit(1758765910.241:2573): avc:  denied  { read } for  pid=11886 comm="syz.6.11285" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[ 2259.497868][T11822] netdevsim netdevsim5 netdevsim0: renamed from eth9
[ 2259.521684][T11822] netdevsim netdevsim5 netdevsim1: renamed from eth10
[ 2259.552385][T11822] netdevsim netdevsim5 netdevsim2: renamed from eth11
[ 2259.585900][T11822] netdevsim netdevsim5 netdevsim3: renamed from eth12
[ 2259.602689][   T92] usb 1-1: new high-speed USB device number 71 using dummy_hcd
[ 2259.742777][ T5961] usb 4-1: new high-speed USB device number 64 using dummy_hcd
[ 2259.762868][   T92] usb 1-1: Using ep0 maxpacket: 16
[ 2259.769587][   T92] usb 1-1: config 33 has 0 interfaces, different from the descriptor's value: 9
[ 2259.781562][   T92] usb 1-1: New USB device found, idVendor=046d, idProduct=c29c, bcdDevice= 0.00
[ 2259.794384][   T92] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2259.894589][ T5961] usb 4-1: Using ep0 maxpacket: 8
[ 2259.915461][ T5961] usb 4-1: config 0 has an invalid interface number: 143 but max is 0
[ 2259.938633][ T5961] usb 4-1: config 0 has no interface number 0
[ 2259.967748][T32119] Bluetooth: hci4: command tx timeout
[ 2259.979628][ T5961] usb 4-1: New USB device found, idVendor=2058, idProduct=1005, bcdDevice=c1.9b
[ 2260.009729][ T5961] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2260.045602][ T5961] usb 4-1: config 0 descriptor??
[ 2260.170464][ T5961] viperboard 4-1:0.143: version 0.00 found at bus 004 address 064
[ 2260.240073][T11892] netlink: 'syz.0.11286': attribute type 4 has an invalid length.
[ 2260.277292][ T5961] viperboard-i2c viperboard-i2c.2.auto: error -EIO: failure setting i2c_bus_freq to 100
[ 2260.328774][T11915] netlink: 'syz.0.11286': attribute type 4 has an invalid length.
[ 2260.357124][ T5961] viperboard-i2c viperboard-i2c.2.auto: probe with driver viperboard-i2c failed with error -5
[ 2260.383081][   T92] usb 1-1: string descriptor 0 read error: -71
[ 2260.395122][ T5961] usb 4-1: USB disconnect, device number 64
[ 2260.408370][   T92] usb 1-1: USB disconnect, device number 71
[ 2260.654886][T11822] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[ 2260.683235][T11822] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[ 2260.704242][T11822] wireguard: wg0: Could not create IPv4 socket
[ 2260.711911][T11822] wireguard: wg1: Could not create IPv4 socket
[ 2260.722101][T11822] wireguard: wg2: Could not create IPv4 socket
[ 2260.812805][T10683] usb 7-1: new high-speed USB device number 60 using dummy_hcd
[ 2260.972776][T10683] usb 7-1: Using ep0 maxpacket: 32
[ 2261.097723][T10683] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2261.153991][T10683] usb 7-1: New USB device found, idVendor=0c72, idProduct=000c, bcdDevice=d4.09
[ 2261.192311][T10683] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2261.233357][T10683] usb 7-1: Product: syz
[ 2261.250038][T10683] usb 7-1: Manufacturer: syz
[ 2261.290484][T10683] usb 7-1: SerialNumber: syz
[ 2261.416057][T10683] usb 7-1: config 0 descriptor??
[ 2262.288387][T31056] usb 4-1: new high-speed USB device number 65 using dummy_hcd
[ 2262.300499][T10683] peak_usb 7-1:0.0 can0: sending cmd f=0x6 n=0x1 failure: -22
[ 2262.318206][T10683] peak_usb 7-1:0.0: unable to read PCAN-USB serial number (err -22)
[ 2262.393200][T10683] peak_usb 7-1:0.0: probe with driver peak_usb failed with error -22
[ 2262.492718][T31056] usb 4-1: Using ep0 maxpacket: 16
[ 2263.286544][T31056] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 2263.305327][T31056] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[ 2263.342595][T31056] usb 4-1: config 1 has no interface number 1
[ 2263.390665][T31056] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 2263.423858][T11940] netlink: 56 bytes leftover after parsing attributes in process `syz.0.11299'.
[ 2263.426989][T31056] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 2263.454050][T31056] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2263.466607][T31056] usb 4-1: Product: syz
[ 2263.475689][T31056] usb 4-1: Manufacturer: syz
[ 2263.477929][T11942] FAULT_INJECTION: forcing a failure.
[ 2263.477929][T11942] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2263.484661][T31056] usb 4-1: SerialNumber: syz
[ 2263.496845][T11942] CPU: 0 UID: 0 PID: 11942 Comm: syz.2.11298 Not tainted syzkaller #0 PREEMPT(full) 
[ 2263.496872][T11942] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 2263.496881][T11942] Call Trace:
[ 2263.496887][T11942]  <TASK>
[ 2263.496894][T11942]  dump_stack_lvl+0x16c/0x1f0
[ 2263.496920][T11942]  should_fail_ex+0x512/0x640
[ 2263.496943][T11942]  strncpy_from_user+0x3b/0x2e0
[ 2263.496964][T11942]  getname_flags.part.0+0x8f/0x550
[ 2263.496991][T11942]  getname_flags+0x93/0xf0
[ 2263.497008][T11942]  __x64_sys_acct+0x75/0x230
[ 2263.497025][T11942]  ? lockdep_hardirqs_on+0x7c/0x110
[ 2263.497045][T11942]  do_syscall_64+0xcd/0x4e0
[ 2263.497067][T11942]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2263.497082][T11942] RIP: 0033:0x7f768818eec9
[ 2263.497096][T11942] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2263.497112][T11942] RSP: 002b:00007f7688fd8038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a3
[ 2263.497127][T11942] RAX: ffffffffffffffda RBX: 00007f76883e5fa0 RCX: 00007f768818eec9
[ 2263.497138][T11942] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000200
[ 2263.497148][T11942] RBP: 00007f7688fd8090 R08: 0000000000000000 R09: 0000000000000000
[ 2263.497158][T11942] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2263.497168][T11942] R13: 00007f76883e6038 R14: 00007f76883e5fa0 R15: 00007fff873ee908
[ 2263.497189][T11942]  </TASK>
[ 2263.585801][   T30] audit: type=1400 audit(1758765914.891:2574): avc:  denied  { append } for  pid=11941 comm="syz.2.11298" name="001" dev="devtmpfs" ino=721 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[ 2263.723713][ T5961] usb 1-1: new high-speed USB device number 72 using dummy_hcd
[ 2263.873226][ T5961] usb 1-1: too many configurations: 68, using maximum allowed: 8
[ 2263.888265][ T5961] usb 1-1: config index 0 descriptor too short (expected 65458, got 45)
[ 2263.906739][ T5961] usb 1-1: config index 1 descriptor too short (expected 65458, got 45)
[ 2263.917781][ T5961] usb 1-1: config index 2 descriptor too short (expected 65458, got 45)
[ 2263.929979][ T5961] usb 1-1: config index 3 descriptor too short (expected 65458, got 45)
[ 2263.939535][ T5961] usb 1-1: config index 4 descriptor too short (expected 65458, got 45)
[ 2263.949475][ T5961] usb 1-1: config index 5 descriptor too short (expected 65458, got 45)
[ 2263.958966][ T5961] usb 1-1: config index 6 descriptor too short (expected 65458, got 45)
[ 2263.968461][ T5961] usb 1-1: config index 7 descriptor too short (expected 65458, got 45)
[ 2263.978971][ T5961] usb 1-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[ 2263.988179][ T5961] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2263.997163][ T5961] usb 1-1: Product: syz
[ 2264.001337][ T5961] usb 1-1: Manufacturer: syz
[ 2264.006239][ T5961] usb 1-1: SerialNumber: syz
[ 2264.226075][ T5961] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPROTO
[ 2264.238688][ T5961] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): lan78xx_setup_irq_domain() failed : -71
[ 2264.249413][ T5961] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[ 2264.260275][ T5961] lan78xx 1-1:1.0: probe with driver lan78xx failed with error -71
[ 2264.277857][ T5961] usb 1-1: USB disconnect, device number 72
[ 2264.294951][T11943] Process accounting resumed
[ 2264.499761][ T5961] usb 7-1: USB disconnect, device number 60
[ 2264.539022][T11948] FAULT_INJECTION: forcing a failure.
[ 2264.539022][T11948] name failslab, interval 1, probability 0, space 0, times 0
[ 2264.553089][T11948] CPU: 1 UID: 0 PID: 11948 Comm: syz.6.11301 Not tainted syzkaller #0 PREEMPT(full) 
[ 2264.553117][T11948] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 2264.553127][T11948] Call Trace:
[ 2264.553134][T11948]  <TASK>
[ 2264.553142][T11948]  dump_stack_lvl+0x16c/0x1f0
[ 2264.553170][T11948]  should_fail_ex+0x512/0x640
[ 2264.553196][T11948]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[ 2264.553220][T11948]  should_failslab+0xc2/0x120
[ 2264.553241][T11948]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[ 2264.553260][T11948]  ? __alloc_skb+0x2b2/0x380
[ 2264.553285][T11948]  __alloc_skb+0x2b2/0x380
[ 2264.553303][T11948]  ? __pfx___alloc_skb+0x10/0x10
[ 2264.553329][T11948]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[ 2264.553355][T11948]  netlink_alloc_large_skb+0x69/0x130
[ 2264.553379][T11948]  netlink_sendmsg+0x6a1/0xdd0
[ 2264.553406][T11948]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 2264.553439][T11948]  ____sys_sendmsg+0xa98/0xc70
[ 2264.553467][T11948]  ? copy_msghdr_from_user+0x10a/0x160
[ 2264.553489][T11948]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 2264.553526][T11948]  ___sys_sendmsg+0x134/0x1d0
[ 2264.553549][T11948]  ? __pfx____sys_sendmsg+0x10/0x10
[ 2264.553600][T11948]  __sys_sendmsg+0x16d/0x220
[ 2264.553622][T11948]  ? __pfx___sys_sendmsg+0x10/0x10
[ 2264.553659][T11948]  do_syscall_64+0xcd/0x4e0
[ 2264.553685][T11948]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2264.553704][T11948] RIP: 0033:0x7f96ab58eec9
[ 2264.553718][T11948] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2264.553735][T11948] RSP: 002b:00007f96ac4cc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2264.553753][T11948] RAX: ffffffffffffffda RBX: 00007f96ab7e5fa0 RCX: 00007f96ab58eec9
[ 2264.553765][T11948] RDX: 0000000004008020 RSI: 0000200000000d00 RDI: 0000000000000003
[ 2264.553776][T11948] RBP: 00007f96ac4cc090 R08: 0000000000000000 R09: 0000000000000000
[ 2264.553787][T11948] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2264.553797][T11948] R13: 00007f96ab7e6038 R14: 00007f96ab7e5fa0 R15: 00007ffe133c87b8
[ 2264.553820][T11948]  </TASK>
[ 2265.036280][T31056] usb 4-1: 2:1 : no UAC_FORMAT_TYPE desc
[ 2265.067858][T31056] usb 4-1: USB disconnect, device number 65
[ 2266.755294][T11964] FAULT_INJECTION: forcing a failure.
[ 2266.755294][T11964] name failslab, interval 1, probability 0, space 0, times 0
[ 2266.768021][T11964] CPU: 1 UID: 0 PID: 11964 Comm: syz.2.11303 Not tainted syzkaller #0 PREEMPT(full) 
[ 2266.768039][T11964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 2266.768046][T11964] Call Trace:
[ 2266.768050][T11964]  <TASK>
[ 2266.768055][T11964]  dump_stack_lvl+0x16c/0x1f0
[ 2266.768075][T11964]  should_fail_ex+0x512/0x640
[ 2266.768091][T11964]  ? fs_reclaim_acquire+0xae/0x150
[ 2266.768107][T11964]  ? tomoyo_encode2+0x100/0x3e0
[ 2266.768124][T11964]  should_failslab+0xc2/0x120
[ 2266.768137][T11964]  __kmalloc_noprof+0xd2/0x510
[ 2266.768149][T11964]  ? d_absolute_path+0x136/0x1a0
[ 2266.768169][T11964]  tomoyo_encode2+0x100/0x3e0
[ 2266.768187][T11964]  tomoyo_encode+0x29/0x50
[ 2266.768203][T11964]  tomoyo_realpath_from_path+0x18f/0x6e0
[ 2266.768224][T11964]  tomoyo_path_number_perm+0x245/0x580
[ 2266.768238][T11964]  ? tomoyo_path_number_perm+0x237/0x580
[ 2266.768254][T11964]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 2266.768269][T11964]  ? find_held_lock+0x2b/0x80
[ 2266.768297][T11964]  ? find_held_lock+0x2b/0x80
[ 2266.768310][T11964]  ? hook_file_ioctl_common+0x145/0x410
[ 2266.768325][T11964]  ? __fget_files+0x20e/0x3c0
[ 2266.768341][T11964]  security_file_ioctl+0x9b/0x240
[ 2266.768359][T11964]  __x64_sys_ioctl+0xb7/0x210
[ 2266.768377][T11964]  do_syscall_64+0xcd/0x4e0
[ 2266.768394][T11964]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2266.768405][T11964] RIP: 0033:0x7f768818eec9
[ 2266.768415][T11964] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2266.768427][T11964] RSP: 002b:00007f7688fb7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2266.768438][T11964] RAX: ffffffffffffffda RBX: 00007f76883e6090 RCX: 00007f768818eec9
[ 2266.768446][T11964] RDX: 0000000000000000 RSI: 0000000000007002 RDI: 0000000000000008
[ 2266.768452][T11964] RBP: 00007f7688fb7090 R08: 0000000000000000 R09: 0000000000000000
[ 2266.768459][T11964] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2266.768466][T11964] R13: 00007f76883e6128 R14: 00007f76883e6090 R15: 00007fff873ee908
[ 2266.768480][T11964]  </TASK>
[ 2266.768491][T11964] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 2266.852732][   T30] audit: type=1400 audit(1758765918.151:2575): avc:  denied  { read } for  pid=11958 comm="syz.2.11303" name="rtc0" dev="devtmpfs" ino=921 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[ 2267.092757][   T30] audit: type=1400 audit(1758765918.151:2576): avc:  denied  { open } for  pid=11958 comm="syz.2.11303" path="/dev/rtc0" dev="devtmpfs" ino=921 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[ 2267.213277][   T30] audit: type=1400 audit(1758765918.251:2577): avc:  denied  { ioctl } for  pid=11958 comm="syz.2.11303" path="/dev/rtc0" dev="devtmpfs" ino=921 ioctlcmd=0x7002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[ 2267.306101][   T30] audit: type=1400 audit(1758765918.371:2578): avc:  denied  { setopt } for  pid=11962 comm="syz.6.11306" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[ 2267.314591][T25658] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 2267.330068][   T30] audit: type=1400 audit(1758765918.371:2579): avc:  denied  { read } for  pid=11962 comm="syz.6.11306" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[ 2267.365204][T25658] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 2267.385133][T25658] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 2267.386771][T11971] input: syz1 as /devices/virtual/input/input114
[ 2267.403170][   T30] audit: type=1400 audit(1758765918.431:2580): avc:  denied  { write } for  pid=11962 comm="syz.6.11306" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[ 2267.437706][T11971] netlink: 'syz.3.11308': attribute type 5 has an invalid length.
[ 2267.447977][T11971] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.11308'.
[ 2267.494206][T25658] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 2267.509872][T25658] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 2267.516970][   T30] audit: type=1400 audit(1758765918.831:2581): avc:  denied  { map } for  pid=11970 comm="syz.3.11308" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[ 2267.517158][   T30] audit: type=1400 audit(1758765918.831:2582): avc:  denied  { execute } for  pid=11970 comm="syz.3.11308" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[ 2267.588591][T11969] Failed to initialize the IGMP autojoin socket (err -2)
[ 2267.623303][   T92] usb 1-1: new high-speed USB device number 73 using dummy_hcd
[ 2268.294559][   T92] usb 1-1: Using ep0 maxpacket: 8
[ 2268.529197][   T92] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[ 2268.552063][   T92] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 2268.592550][   T92] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 2268.602312][   T92] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 2268.990639][   T30] audit: type=1400 audit(1758765920.201:2583): avc:  denied  { kexec_image_load } for  pid=11985 comm="syz.2.11312" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1
[ 2269.108227][T11989] FAULT_INJECTION: forcing a failure.
[ 2269.108227][T11989] name failslab, interval 1, probability 0, space 0, times 0
[ 2269.135750][T11989] CPU: 1 UID: 0 PID: 11989 Comm: syz.3.11313 Not tainted syzkaller #0 PREEMPT(full) 
[ 2269.135779][T11989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 2269.135790][T11989] Call Trace:
[ 2269.135796][T11989]  <TASK>
[ 2269.135804][T11989]  dump_stack_lvl+0x16c/0x1f0
[ 2269.135833][T11989]  should_fail_ex+0x512/0x640
[ 2269.135855][T11989]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[ 2269.135878][T11989]  should_failslab+0xc2/0x120
[ 2269.135899][T11989]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[ 2269.135918][T11989]  ? __alloc_skb+0x2b2/0x380
[ 2269.135942][T11989]  __alloc_skb+0x2b2/0x380
[ 2269.135963][T11989]  ? __pfx___alloc_skb+0x10/0x10
[ 2269.135985][T11989]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[ 2269.136014][T11989]  netlink_alloc_large_skb+0x69/0x130
[ 2269.136039][T11989]  netlink_sendmsg+0x6a1/0xdd0
[ 2269.136067][T11989]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 2269.136100][T11989]  ____sys_sendmsg+0xa98/0xc70
[ 2269.136127][T11989]  ? copy_msghdr_from_user+0x10a/0x160
[ 2269.136149][T11989]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 2269.136188][T11989]  ___sys_sendmsg+0x134/0x1d0
[ 2269.136211][T11989]  ? __pfx____sys_sendmsg+0x10/0x10
[ 2269.136271][T11989]  __sys_sendmsg+0x16d/0x220
[ 2269.136295][T11989]  ? __pfx___sys_sendmsg+0x10/0x10
[ 2269.136337][T11989]  do_syscall_64+0xcd/0x4e0
[ 2269.136363][T11989]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2269.136382][T11989] RIP: 0033:0x7fdac8d8eec9
[ 2269.136398][T11989] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2269.136416][T11989] RSP: 002b:00007fdac9b9b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2269.136434][T11989] RAX: ffffffffffffffda RBX: 00007fdac8fe5fa0 RCX: 00007fdac8d8eec9
[ 2269.136447][T11989] RDX: 0000000020000000 RSI: 0000200000000000 RDI: 0000000000000006
[ 2269.136458][T11989] RBP: 00007fdac9b9b090 R08: 0000000000000000 R09: 0000000000000000
[ 2269.136470][T11989] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2269.136480][T11989] R13: 00007fdac8fe6038 R14: 00007fdac8fe5fa0 R15: 00007ffdf71dafb8
[ 2269.136506][T11989]  </TASK>
[ 2269.392917][   T92] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 2269.597447][   T92] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 2269.644960][T25658] Bluetooth: hci4: command tx timeout
[ 2269.682214][   T92] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2269.808502][   T92] usb 1-1: can't set config #16, error -71
[ 2269.817715][T11997] FAULT_INJECTION: forcing a failure.
[ 2269.817715][T11997] name failslab, interval 1, probability 0, space 0, times 0
[ 2269.835651][T11997] CPU: 1 UID: 0 PID: 11997 Comm: syz.3.11315 Not tainted syzkaller #0 PREEMPT(full) 
[ 2269.835678][T11997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 2269.835689][T11997] Call Trace:
[ 2269.835696][T11997]  <TASK>
[ 2269.835704][T11997]  dump_stack_lvl+0x16c/0x1f0
[ 2269.835731][T11997]  should_fail_ex+0x512/0x640
[ 2269.835754][T11997]  ? fs_reclaim_acquire+0xae/0x150
[ 2269.835780][T11997]  ? tomoyo_encode2+0x100/0x3e0
[ 2269.835805][T11997]  should_failslab+0xc2/0x120
[ 2269.835826][T11997]  __kmalloc_noprof+0xd2/0x510
[ 2269.835845][T11997]  ? d_absolute_path+0x136/0x1a0
[ 2269.835876][T11997]  tomoyo_encode2+0x100/0x3e0
[ 2269.835904][T11997]  tomoyo_encode+0x29/0x50
[ 2269.835928][T11997]  tomoyo_realpath_from_path+0x18f/0x6e0
[ 2269.835962][T11997]  tomoyo_path_number_perm+0x245/0x580
[ 2269.835984][T11997]  ? tomoyo_path_number_perm+0x237/0x580
[ 2269.836014][T11997]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 2269.836039][T11997]  ? find_held_lock+0x2b/0x80
[ 2269.836084][T11997]  ? find_held_lock+0x2b/0x80
[ 2269.836105][T11997]  ? hook_file_ioctl_common+0x145/0x410
[ 2269.836129][T11997]  ? __fget_files+0x20e/0x3c0
[ 2269.836154][T11997]  security_file_ioctl+0x9b/0x240
[ 2269.836181][T11997]  __x64_sys_ioctl+0xb7/0x210
[ 2269.836210][T11997]  do_syscall_64+0xcd/0x4e0
[ 2269.836239][T11997]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2269.836256][T11997] RIP: 0033:0x7fdac8d8eec9
[ 2269.836272][T11997] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2269.836289][T11997] RSP: 002b:00007fdac9b9b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2269.836308][T11997] RAX: ffffffffffffffda RBX: 00007fdac8fe5fa0 RCX: 00007fdac8d8eec9
[ 2269.836320][T11997] RDX: 0000200000000140 RSI: 0000000040946400 RDI: 0000000000000003
[ 2269.836332][T11997] RBP: 00007fdac9b9b090 R08: 0000000000000000 R09: 0000000000000000
[ 2269.836343][T11997] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2269.836354][T11997] R13: 00007fdac8fe6038 R14: 00007fdac8fe5fa0 R15: 00007ffdf71dafb8
[ 2269.836380][T11997]  </TASK>
[ 2269.836627][T11997] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 2269.948748][   T92] usb 1-1: USB disconnect, device number 73
[ 2270.319397][T11997] comedi comedi0: comedi_bond: 3:2 3:3  attached, 48 channels from 2 devices
[ 2270.674133][T11998] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 2270.680285][T11998] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 2270.738978][T11998] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 2270.750621][T11998] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 2270.782914][T11998] Bluetooth: hci4: Opcode 0x0406 failed: -4
[ 2270.809623][T12011] netlink: 16 bytes leftover after parsing attributes in process `syz.0.11320'.
[ 2270.826313][T11998] Bluetooth: hci4: Opcode 0x0406 failed: -4
[ 2270.833233][T11969] netdevsim netdevsim5 netdevsim0: renamed from eth9
[ 2270.868587][T11969] netdevsim netdevsim5 netdevsim1: renamed from eth10
[ 2270.997948][T11969] netdevsim netdevsim5 netdevsim2: renamed from eth11
[ 2271.909789][T12020] netlink: del zone limit has 4 unknown bytes
[ 2271.938675][T11969] netdevsim netdevsim5 netdevsim3: renamed from eth12
[ 2272.137790][T12024] "syz.2.11324" (12024) uses obsolete ecb(arc4) skcipher
[ 2272.310649][T25658] Bluetooth: hci1: command 0x0c1a tx timeout
[ 2272.692870][T25658] Bluetooth: hci3: command 0x0405 tx timeout
[ 2272.692993][ T2308] usb 7-1: new high-speed USB device number 61 using dummy_hcd
[ 2272.790865][T25658] Bluetooth: hci2: command 0x041b tx timeout
[ 2272.797236][T25658] Bluetooth: hci4: command 0x040f tx timeout
[ 2272.936821][ T2308] usb 7-1: too many endpoints for config 0 interface 0 altsetting 0: 196, using maximum allowed: 30
[ 2273.062598][ T2308] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 196
[ 2273.208596][ T2308] usb 7-1: New USB device found, idVendor=04d9, idProduct=a055, bcdDevice= 0.00
[ 2273.252595][ T2308] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2273.312016][ T2308] usb 7-1: config 0 descriptor??
[ 2273.355705][ T2308] usbhid 7-1:0.0: couldn't find an input interrupt endpoint
[ 2273.489041][T11969] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[ 2273.545768][T11969] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[ 2273.583966][T11969] wireguard: wg0: Could not create IPv4 socket
[ 2273.616791][T11969] wireguard: wg1: Could not create IPv4 socket
[ 2273.645115][T11969] wireguard: wg2: Could not create IPv4 socket
[ 2274.072699][T31491] usb 1-1: new high-speed USB device number 74 using dummy_hcd
[ 2274.232612][T31491] usb 1-1: Using ep0 maxpacket: 32
[ 2274.239234][T31491] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2274.266456][T31491] usb 1-1: New USB device found, idVendor=0c72, idProduct=000c, bcdDevice=d4.09
[ 2274.277227][T31491] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2274.287731][T31491] usb 1-1: Product: syz
[ 2274.291873][T31491] usb 1-1: Manufacturer: syz
[ 2274.296670][T31491] usb 1-1: SerialNumber: syz
[ 2274.307792][T31491] usb 1-1: config 0 descriptor??
[ 2274.353740][T31491] peak_usb 1-1:0.0 can0: sending cmd f=0x6 n=0x1 failure: -22
[ 2274.367838][T31491] peak_usb 1-1:0.0: unable to read PCAN-USB serial number (err -22)
[ 2274.377819][   T30] audit: type=1400 audit(1758765925.771:2584): avc:  denied  { map } for  pid=12029 comm="syz.6.11325" path="/dev/bus/usb/006/001" dev="devtmpfs" ino=736 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[ 2274.483162][T31491] peak_usb 1-1:0.0: probe with driver peak_usb failed with error -22
[ 2274.530819][T12065] netlink: 24 bytes leftover after parsing attributes in process `syz.2.11332'.
[ 2274.662932][   T30] audit: type=1400 audit(1758765926.051:2585): avc:  denied  { getopt } for  pid=12058 comm="syz.2.11332" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[ 2275.017339][   T30] audit: type=1400 audit(1758765926.411:2586): avc:  denied  { search } for  pid=12072 comm="syz.3.11333" name="/" dev="nfsd" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfsd_fs_t tclass=dir permissive=1
[ 2275.172908][   T30] audit: type=1400 audit(1758765926.411:2587): avc:  denied  { search } for  pid=12072 comm="syz.3.11333" name="/" dev="nfsd" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfsd_fs_t tclass=dir permissive=1
[ 2275.221819][   T30] audit: type=1400 audit(1758765926.431:2588): avc:  denied  { search } for  pid=12072 comm="syz.3.11333" name="/" dev="nfsd" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfsd_fs_t tclass=dir permissive=1
[ 2275.445019][T31491] usb 7-1: USB disconnect, device number 61
[ 2275.586451][T12077] sp0: Synchronizing with TNC
[ 2275.732426][T12080] random: crng reseeded on system resumption
[ 2275.781846][T12082] netlink: 32 bytes leftover after parsing attributes in process `syz.2.11336'.
[ 2275.791025][T12082] netlink: 'syz.2.11336': attribute type 3 has an invalid length.
[ 2275.952614][   T30] audit: type=1107 audit(1758765927.321:2589): pid=12079 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg='��~܃z,P�Du�˷~v�_�3�Fֹ7N�2Ѹ�%��ݻYr�����/��4����!��a<p�Q�,�!A����kO�������h���8�{�X���f�^*������~h-u���:.Ն�P�tFޭ��]�숥ʥMI��\M�"� o>���*�o��(���
[ 2275.952614][   T30] f��a���y{�%D��u�i����=cky(�)DK���AN���;�/[G-�o�����'
[ 2276.329320][ T2308] usb 1-1: USB disconnect, device number 74
[ 2276.635440][   T92] usb 7-1: new high-speed USB device number 62 using dummy_hcd
[ 2276.804864][   T92] usb 7-1: config 0 has an invalid interface number: 30 but max is 0
[ 2276.818229][   T92] usb 7-1: config 0 has no interface number 0
[ 2276.824489][   T92] usb 7-1: New USB device found, idVendor=2040, idProduct=c000, bcdDevice=ae.86
[ 2276.833868][   T92] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2276.844927][   T92] usb 7-1: config 0 descriptor??
[ 2276.852567][   T92] smsusb:smsusb_probe: board id=8, interface number 30
[ 2277.334957][T12092] netlink: 4 bytes leftover after parsing attributes in process `syz.3.11340'.
[ 2278.288710][T25658] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 2278.302252][T25658] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 2278.313781][T25658] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 2278.324185][T25658] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 2278.333463][T25658] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 2278.374728][T12092] team0 (unregistering): Port device team_slave_0 removed
[ 2278.384080][T12092] team0 (unregistering): Port device team_slave_1 removed
[ 2278.393654][T12092] team0 (unregistering): Port device batadv0 removed
[ 2278.408791][T12101] Failed to initialize the IGMP autojoin socket (err -2)
[ 2278.971987][T12114] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 2278.981225][T12114] syzkaller0: entered promiscuous mode
[ 2278.986987][T12114] syzkaller0: entered allmulticast mode
[ 2279.029019][T12114] netlink: 44 bytes leftover after parsing attributes in process `syz.0.11344'.
[ 2279.051427][T12114] tipc: Resetting bearer <eth:syzkaller0>
[ 2279.169707][T12113] tipc: Resetting bearer <eth:syzkaller0>
[ 2279.189949][T12113] tipc: Disabling bearer <eth:syzkaller0>
[ 2279.202717][   T92] usb 7-1: USB disconnect, device number 62
[ 2279.349250][   T30] audit: type=1400 audit(1758765930.721:2590): avc:  denied  { setopt } for  pid=12111 comm="syz.2.11343" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[ 2279.373992][   T30] audit: type=1400 audit(1758765930.721:2591): avc:  denied  { setopt } for  pid=12111 comm="syz.2.11343" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[ 2279.742853][   T92] usb 7-1: new high-speed USB device number 63 using dummy_hcd
[ 2279.958841][T12101] netdevsim netdevsim5 netdevsim0: renamed from eth9
[ 2280.015034][T12101] netdevsim netdevsim5 netdevsim1: renamed from eth10
[ 2280.062136][T12101] netdevsim netdevsim5 netdevsim2: renamed from eth11
[ 2280.109074][T12101] netdevsim netdevsim5 netdevsim3: renamed from eth12
[ 2280.297013][T12123] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 2280.313295][T12123] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 2280.347783][T12123] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 2280.377129][T12123] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 2280.414817][T12123] Bluetooth: hci4: Opcode 0x0406 failed: -4
[ 2280.585657][T12123] Bluetooth: hci4: Opcode 0x0406 failed: -4
[ 2280.842730][T10683] usb 4-1: new high-speed USB device number 66 using dummy_hcd
[ 2280.865346][   T92] usb 7-1: config 0 has no interfaces?
[ 2280.870846][   T92] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 2281.018675][T10683] usb 4-1: unable to get BOS descriptor or descriptor too short
[ 2281.040041][   T92] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2281.068057][   T92] usb 7-1: config 0 descriptor??
[ 2281.083319][T10683] usb 4-1: config 10 has an invalid interface number: 41 but max is 0
[ 2281.154293][T10683] usb 4-1: config 10 has an invalid descriptor of length 0, skipping remainder of the config
[ 2281.247195][T10683] usb 4-1: config 10 has no interface number 0
[ 2281.261156][T10683] usb 4-1: config 10 interface 41 has no altsetting 0
[ 2281.282117][T10683] usb 4-1: New USB device found, idVendor=0499, idProduct=101b, bcdDevice=56.29
[ 2281.298686][T10683] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2281.361943][T10683] usb 4-1: Product: syz
[ 2281.395200][T10683] usb 4-1: Manufacturer: syz
[ 2281.417684][T10683] usb 4-1: SerialNumber: syz
[ 2282.146864][T32119] Bluetooth: hci1: command 0x0c1a tx timeout
[ 2282.367788][T32119] Bluetooth: hci3: command 0x0405 tx timeout
[ 2282.384395][T12124] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2282.401160][T12124] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2282.411684][T12101] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[ 2282.442785][T32119] Bluetooth: hci4: command 0x041b tx timeout
[ 2282.451871][T32119] Bluetooth: hci2: command 0x041b tx timeout
[ 2282.695146][T12101] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[ 2282.769393][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[ 2282.790443][T12101] wireguard: wg0: Could not create IPv4 socket
[ 2282.798418][T12101] wireguard: wg1: Could not create IPv4 socket
[ 2282.808385][T12101] wireguard: wg2: Could not create IPv4 socket
[ 2283.241028][T12147] trusted_key: encrypted_key: master key parameter 'invalid' is invalid
[ 2283.278029][T12147] netlink: 132 bytes leftover after parsing attributes in process `syz.2.11349'.
[ 2283.459125][T10683] usb 4-1: Found UVC 0.00 device syz (0499:101b)
[ 2283.469900][T10683] usb 4-1: No valid video chain found.
[ 2283.491287][T10683] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[ 2283.543275][T10683] snd-usb-audio 4-1:10.41: probe with driver snd-usb-audio failed with error -2
[ 2283.554629][T10683] usb 4-1: USB disconnect, device number 66
[ 2283.573803][T10105] usb 7-1: USB disconnect, device number 63
[ 2283.688647][T12154] FAULT_INJECTION: forcing a failure.
[ 2283.688647][T12154] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2283.709781][T12154] CPU: 0 UID: 0 PID: 12154 Comm: syz.3.11350 Not tainted syzkaller #0 PREEMPT(full) 
[ 2283.709809][T12154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 2283.709818][T12154] Call Trace:
[ 2283.709824][T12154]  <TASK>
[ 2283.709832][T12154]  dump_stack_lvl+0x16c/0x1f0
[ 2283.709860][T12154]  should_fail_ex+0x512/0x640
[ 2283.709886][T12154]  _copy_from_user+0x2e/0xd0
[ 2283.709912][T12154]  move_addr_to_kernel+0x65/0x170
[ 2283.709942][T12154]  __copy_msghdr+0x386/0x470
[ 2283.709963][T12154]  copy_msghdr_from_user+0xc1/0x160
[ 2283.709984][T12154]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 2283.710015][T12154]  ___sys_sendmsg+0xfe/0x1d0
[ 2283.710036][T12154]  ? __pfx____sys_sendmsg+0x10/0x10
[ 2283.710085][T12154]  __sys_sendmsg+0x16d/0x220
[ 2283.710107][T12154]  ? __pfx___sys_sendmsg+0x10/0x10
[ 2283.710149][T12154]  do_syscall_64+0xcd/0x4e0
[ 2283.710172][T12154]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2283.710190][T12154] RIP: 0033:0x7fdac8d8eec9
[ 2283.710204][T12154] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2283.710221][T12154] RSP: 002b:00007fdac9b9b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2283.710238][T12154] RAX: ffffffffffffffda RBX: 00007fdac8fe5fa0 RCX: 00007fdac8d8eec9
[ 2283.710250][T12154] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[ 2283.710260][T12154] RBP: 00007fdac9b9b090 R08: 0000000000000000 R09: 0000000000000000
[ 2283.710270][T12154] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2283.710280][T12154] R13: 00007fdac8fe6038 R14: 00007fdac8fe5fa0 R15: 00007ffdf71dafb8
[ 2283.710304][T12154]  </TASK>
[ 2284.186470][T12175] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[ 2284.219236][   T30] audit: type=1400 audit(1758765935.601:2592): avc:  denied  { mount } for  pid=12161 comm="syz.3.11356" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1
[ 2284.250279][T12175] VFS: Can't find a romfs filesystem on dev nullb0.
[ 2284.250279][T12175] 
[ 2284.303975][   T30] audit: type=1326 audit(1758765935.681:2593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12155 comm="syz.6.11353" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f96ab58eec9 code=0x0
[ 2285.073755][T12183] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 2287.482618][   T30] audit: type=1400 audit(1758765938.871:2594): avc:  denied  { connect } for  pid=12203 comm="syz.2.11367" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[ 2287.807854][   T30] audit: type=1400 audit(1758765938.871:2595): avc:  denied  { ioctl } for  pid=12203 comm="syz.2.11367" path="socket:[184450]" dev="sockfs" ino=184450 ioctlcmd=0x5411 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[ 2287.918374][T12214] netlink: 12 bytes leftover after parsing attributes in process `syz.2.11370'.
[ 2287.972590][   T92] usb 1-1: new full-speed USB device number 75 using dummy_hcd
[ 2288.277011][T32119] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 2288.290010][T32119] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 2288.304833][T32119] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 2288.312681][T32119] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 2288.321946][T32119] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 2288.347672][T12216] Failed to initialize the IGMP autojoin socket (err -2)
[ 2288.373586][   T92] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 2288.384830][   T92] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64
[ 2288.399005][   T92] usb 1-1: New USB device found, idVendor=1b1c, idProduct=1c0c, bcdDevice= 0.00
[ 2288.412762][   T92] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2288.423927][   T92] usb 1-1: config 0 descriptor??
[ 2288.429535][T12206] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 2288.457209][   T30] audit: type=1400 audit(1758765939.831:2596): avc:  denied  { write } for  pid=12205 comm="syz.3.11368" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[ 2288.945364][T12206] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2289.005523][T12206] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2289.058762][   T92] usbhid 1-1:0.0: can't add hid device: -71
[ 2289.245784][   T92] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[ 2290.094270][   T92] usb 1-1: USB disconnect, device number 75
[ 2290.448204][T25658] Bluetooth: hci4: command tx timeout
[ 2290.864601][T12237] input: syz1 as /devices/virtual/input/input115
[ 2291.386397][T12229] SELinux:  Context system_u:object_r:inetd_log_t:s0 is not valid (left unmapped).
[ 2291.552840][   T30] audit: type=1400 audit(1758765942.891:2597): avc:  denied  { relabelto } for  pid=12227 comm="syz.3.11374" name="538" dev="tmpfs" ino=2879 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:inetd_log_t:s0"
[ 2291.965423][   T30] audit: type=1400 audit(1758765942.891:2598): avc:  denied  { associate } for  pid=12227 comm="syz.3.11374" name="538" dev="tmpfs" ino=2879 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="system_u:object_r:inetd_log_t:s0"
[ 2292.489097][   T30] audit: type=1400 audit(1758765943.181:2599): avc:  denied  { remove_name } for  pid=2952 comm="syz-executor" name="binderfs" dev="tmpfs" ino=2883 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:inetd_log_t:s0"
[ 2292.517182][T12255] FAULT_INJECTION: forcing a failure.
[ 2292.517182][T12255] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2292.536261][T25658] Bluetooth: hci4: command tx timeout
[ 2292.552919][T12255] CPU: 0 UID: 0 PID: 12255 Comm: syz.6.11379 Not tainted syzkaller #0 PREEMPT(full) 
[ 2292.552949][T12255] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 2292.552959][T12255] Call Trace:
[ 2292.552965][T12255]  <TASK>
[ 2292.552973][T12255]  dump_stack_lvl+0x16c/0x1f0
[ 2292.553002][T12255]  should_fail_ex+0x512/0x640
[ 2292.553030][T12255]  _copy_from_user+0x2e/0xd0
[ 2292.553058][T12255]  kstrtouint_from_user+0xd6/0x1d0
[ 2292.553078][T12255]  ? __pfx_kstrtouint_from_user+0x10/0x10
[ 2292.553098][T12255]  ? __lock_acquire+0xb97/0x1ce0
[ 2292.553138][T12255]  proc_fail_nth_write+0x83/0x220
[ 2292.553168][T12255]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 2292.553197][T12255]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 2292.553216][T12255]  vfs_write+0x2a0/0x11d0
[ 2292.553240][T12255]  ? __pfx___mutex_lock+0x10/0x10
[ 2292.553265][T12255]  ? __pfx_vfs_write+0x10/0x10
[ 2292.553291][T12255]  ? __fget_files+0x20e/0x3c0
[ 2292.553319][T12255]  ksys_write+0x12a/0x250
[ 2292.553338][T12255]  ? __pfx_ksys_write+0x10/0x10
[ 2292.553359][T12255]  ? fdget+0x187/0x210
[ 2292.553382][T12255]  do_syscall_64+0xcd/0x4e0
[ 2292.553409][T12255]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2292.553428][T12255] RIP: 0033:0x7f96ab58d97f
[ 2292.553443][T12255] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 2292.553461][T12255] RSP: 002b:00007f96ac4ab030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 2292.553479][T12255] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f96ab58d97f
[ 2292.553490][T12255] RDX: 0000000000000001 RSI: 00007f96ac4ab0a0 RDI: 0000000000000004
[ 2292.553501][T12255] RBP: 00007f96ac4ab090 R08: 0000000000000000 R09: 0000000000000000
[ 2292.553511][T12255] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[ 2292.553522][T12255] R13: 00007f96ab7e6128 R14: 00007f96ab7e6090 R15: 00007ffe133c87b8
[ 2292.553547][T12255]  </TASK>
[ 2292.554728][T12256] program syz.3.11381 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 2292.726915][T12216] netdevsim netdevsim5 netdevsim0: renamed from eth9
[ 2292.782728][   T30] audit: type=1400 audit(1758765943.181:2600): avc:  denied  { rmdir } for  pid=2952 comm="syz-executor" name="538" dev="tmpfs" ino=2879 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:inetd_log_t:s0"
[ 2293.132259][T12216] netdevsim netdevsim5 netdevsim1: renamed from eth10
[ 2293.162303][T12216] netdevsim netdevsim5 netdevsim2: renamed from eth11
[ 2293.651317][T12216] netdevsim netdevsim5 netdevsim3: renamed from eth12
[ 2293.867998][T12267] cgroup: none used incorrectly
[ 2293.915598][T25658] Bluetooth: hci1: Invalid handle: 0x20c9 > 0x0eff
[ 2294.399337][T12292] random: crng reseeded on system resumption
[ 2294.612635][T25658] Bluetooth: hci4: command tx timeout
[ 2295.428681][   T30] audit: type=1107 audit(1758765946.821:2601): pid=12291 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg='��~܃z,P�Du�˷~v�_�3�Fֹ7N�2Ѹ�%��ݻYr�����/��4����!��a<p�Q�,�!A����kO�������h���8�{�X���f�^*������~h-u���:.Ն�P�tFޭ��]�숥ʥMI��\M�"� o>���*�o��(���
[ 2295.428681][   T30] f��a���y{�%D��u�i����=cky(�)DK���AN���;�/[G-�o�����'
[ 2295.585166][T12305] Failed to initialize the IGMP autojoin socket (err -2)
[ 2295.638957][T12216] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[ 2295.686986][T12216] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[ 2295.721352][T12216] wireguard: wg0: Could not create IPv4 socket
[ 2295.746275][T12216] wireguard: wg1: Could not create IPv4 socket
[ 2295.761569][T12216] wireguard: wg2: Could not create IPv4 socket
[ 2295.768040][   T92] usb 4-1: new high-speed USB device number 67 using dummy_hcd
[ 2296.171435][   T92] usb 4-1: config 0 has an invalid interface number: 30 but max is 0
[ 2296.179854][   T92] usb 4-1: config 0 has no interface number 0
[ 2296.188014][   T92] usb 4-1: New USB device found, idVendor=2040, idProduct=c000, bcdDevice=ae.86
[ 2296.197368][   T92] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2296.208968][   T92] usb 4-1: config 0 descriptor??
[ 2296.229656][   T92] smsusb:smsusb_probe: board id=8, interface number 30
[ 2296.623910][T12321] Bluetooth: MGMT ver 1.23
[ 2296.942170][T12332] audit: audit_lost=6 audit_rate_limit=0 audit_backlog_limit=64
[ 2296.950099][T12332] audit: out of memory in audit_log_start
[ 2296.957849][   T30] audit: type=1400 audit(1758765948.351:2602): avc:  denied  { execute } for  pid=12329 comm="syz.6.11402" path="/dev/sg0" dev="devtmpfs" ino=747 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[ 2298.274023][T12346] FAULT_INJECTION: forcing a failure.
[ 2298.274023][T12346] name failslab, interval 1, probability 0, space 0, times 0
[ 2298.287550][T12346] CPU: 0 UID: 0 PID: 12346 Comm: syz.0.11405 Not tainted syzkaller #0 PREEMPT(full) 
[ 2298.287574][T12346] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 2298.287584][T12346] Call Trace:
[ 2298.287590][T12346]  <TASK>
[ 2298.287600][T12346]  dump_stack_lvl+0x16c/0x1f0
[ 2298.287630][T12346]  should_fail_ex+0x512/0x640
[ 2298.287650][T12346]  should_failslab+0xc2/0x120
[ 2298.287664][T12346]  __kmalloc_cache_node_noprof+0x6d/0x420
[ 2298.287677][T12346]  ? __get_vm_area_node+0x101/0x330
[ 2298.287695][T12346]  __get_vm_area_node+0x101/0x330
[ 2298.287713][T12346]  __vmalloc_node_range_noprof+0x271/0x14b0
[ 2298.287731][T12346]  ? bpf_prog_alloc_no_stats+0x54/0x5d0
[ 2298.287745][T12346]  ? lockdep_hardirqs_on+0x7c/0x110
[ 2298.287763][T12346]  ? bpf_prog_alloc_no_stats+0x54/0x5d0
[ 2298.287776][T12346]  ? irqentry_exit+0x3b/0x90
[ 2298.287791][T12346]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 2298.287808][T12346]  ? bpf_prog_alloc_no_stats+0x54/0x5d0
[ 2298.287821][T12346]  ? bpf_prog_alloc_no_stats+0x54/0x5d0
[ 2298.287834][T12346]  ? bpf_prog_alloc_no_stats+0x54/0x5d0
[ 2298.287845][T12346]  __vmalloc_node_noprof+0xad/0xf0
[ 2298.287867][T12346]  ? bpf_prog_alloc_no_stats+0x54/0x5d0
[ 2298.287880][T12346]  bpf_prog_alloc_no_stats+0x54/0x5d0
[ 2298.287894][T12346]  bpf_prog_alloc+0x3b/0x230
[ 2298.287906][T12346]  bpf_prog_load+0x1a04/0x2490
[ 2298.287924][T12346]  ? __pfx_bpf_prog_load+0x10/0x10
[ 2298.287949][T12346]  ? __sys_bpf+0x284/0x4de0
[ 2298.287966][T12346]  __sys_bpf+0x4a3f/0x4de0
[ 2298.287983][T12346]  ? __pfx___sys_bpf+0x10/0x10
[ 2298.287998][T12346]  ? ksys_write+0x190/0x250
[ 2298.288012][T12346]  ? __mutex_unlock_slowpath+0x161/0x7b0
[ 2298.288036][T12346]  ? fput+0x9b/0xd0
[ 2298.288051][T12346]  ? ksys_write+0x1ac/0x250
[ 2298.288062][T12346]  ? __pfx_ksys_write+0x10/0x10
[ 2298.288076][T12346]  __x64_sys_bpf+0x78/0xc0
[ 2298.288091][T12346]  ? lockdep_hardirqs_on+0x7c/0x110
[ 2298.288104][T12346]  do_syscall_64+0xcd/0x4e0
[ 2298.288120][T12346]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2298.288132][T12346] RIP: 0033:0x7f7dce98eec9
[ 2298.288142][T12346] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2298.288153][T12346] RSP: 002b:00007f7dcf791038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 2298.288165][T12346] RAX: ffffffffffffffda RBX: 00007f7dcebe6090 RCX: 00007f7dce98eec9
[ 2298.288172][T12346] RDX: 0000000000000094 RSI: 0000200000000680 RDI: 0000000000000005
[ 2298.288179][T12346] RBP: 00007f7dcf791090 R08: 0000000000000000 R09: 0000000000000000
[ 2298.288185][T12346] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2298.288192][T12346] R13: 00007f7dcebe6128 R14: 00007f7dcebe6090 R15: 00007ffc9ce8b0e8
[ 2298.288206][T12346]  </TASK>
[ 2298.288228][T12346] syz.0.11405: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1
[ 2298.582188][T12346] CPU: 0 UID: 0 PID: 12346 Comm: syz.0.11405 Not tainted syzkaller #0 PREEMPT(full) 
[ 2298.582214][T12346] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 2298.582226][T12346] Call Trace:
[ 2298.582233][T12346]  <TASK>
[ 2298.582241][T12346]  dump_stack_lvl+0x16c/0x1f0
[ 2298.582270][T12346]  warn_alloc+0x248/0x3a0
[ 2298.582292][T12346]  ? __pfx_warn_alloc+0x10/0x10
[ 2298.582314][T12346]  ? __kmalloc_cache_node_noprof+0x272/0x420
[ 2298.582336][T12346]  ? __kasan_kmalloc+0x8a/0xb0
[ 2298.582356][T12346]  ? __get_vm_area_node+0x208/0x330
[ 2298.582386][T12346]  __vmalloc_node_range_noprof+0xb2d/0x14b0
[ 2298.582413][T12346]  ? lockdep_hardirqs_on+0x7c/0x110
[ 2298.582442][T12346]  ? bpf_prog_alloc_no_stats+0x54/0x5d0
[ 2298.582467][T12346]  ? irqentry_exit+0x3b/0x90
[ 2298.582496][T12346]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 2298.582522][T12346]  ? bpf_prog_alloc_no_stats+0x54/0x5d0
[ 2298.582542][T12346]  ? bpf_prog_alloc_no_stats+0x54/0x5d0
[ 2298.582563][T12346]  ? bpf_prog_alloc_no_stats+0x54/0x5d0
[ 2298.582581][T12346]  __vmalloc_node_noprof+0xad/0xf0
[ 2298.582606][T12346]  ? bpf_prog_alloc_no_stats+0x54/0x5d0
[ 2298.582628][T12346]  bpf_prog_alloc_no_stats+0x54/0x5d0
[ 2298.582650][T12346]  bpf_prog_alloc+0x3b/0x230
[ 2298.582671][T12346]  bpf_prog_load+0x1a04/0x2490
[ 2298.582699][T12346]  ? __pfx_bpf_prog_load+0x10/0x10
[ 2298.582741][T12346]  ? __sys_bpf+0x284/0x4de0
[ 2298.582774][T12346]  __sys_bpf+0x4a3f/0x4de0
[ 2298.582801][T12346]  ? __pfx___sys_bpf+0x10/0x10
[ 2298.582825][T12346]  ? ksys_write+0x190/0x250
[ 2298.582849][T12346]  ? __mutex_unlock_slowpath+0x161/0x7b0
[ 2298.582888][T12346]  ? fput+0x9b/0xd0
[ 2298.582912][T12346]  ? ksys_write+0x1ac/0x250
[ 2298.582930][T12346]  ? __pfx_ksys_write+0x10/0x10
[ 2298.582954][T12346]  __x64_sys_bpf+0x78/0xc0
[ 2298.582978][T12346]  ? lockdep_hardirqs_on+0x7c/0x110
[ 2298.582999][T12346]  do_syscall_64+0xcd/0x4e0
[ 2298.583024][T12346]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2298.583042][T12346] RIP: 0033:0x7f7dce98eec9
[ 2298.583057][T12346] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2298.583075][T12346] RSP: 002b:00007f7dcf791038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 2298.583093][T12346] RAX: ffffffffffffffda RBX: 00007f7dcebe6090 RCX: 00007f7dce98eec9
[ 2298.583105][T12346] RDX: 0000000000000094 RSI: 0000200000000680 RDI: 0000000000000005
[ 2298.583116][T12346] RBP: 00007f7dcf791090 R08: 0000000000000000 R09: 0000000000000000
[ 2298.583127][T12346] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2298.583138][T12346] R13: 00007f7dcebe6128 R14: 00007f7dcebe6090 R15: 00007ffc9ce8b0e8
[ 2298.583163][T12346]  </TASK>
[ 2298.845251][T12346] Mem-Info:
[ 2298.848687][T12346] active_anon:9626 inactive_anon:0 isolated_anon:0
[ 2298.848687][T12346]  active_file:22355 inactive_file:41557 isolated_file:0
[ 2298.848687][T12346]  unevictable:2816 dirty:609 writeback:0
[ 2298.848687][T12346]  slab_reclaimable:8466 slab_unreclaimable:109245
[ 2298.848687][T12346]  mapped:43495 shmem:5946 pagetables:1247
[ 2298.848687][T12346]  sec_pagetables:0 bounce:0
[ 2298.848687][T12346]  kernel_misc_reclaimable:0
[ 2298.848687][T12346]  free:1266767 free_pcp:15521 free_cma:0
[ 2298.895130][T12346] Node 0 active_anon:38504kB inactive_anon:0kB active_file:89240kB inactive_file:166028kB unevictable:9728kB isolated(anon):0kB isolated(file):0kB mapped:173876kB dirty:2436kB writeback:0kB shmem:22248kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12248kB pagetables:4852kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 2298.928397][T12346] Node 1 active_anon:0kB inactive_anon:0kB active_file:180kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:104kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:136kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 2298.959863][T12346] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2298.992824][T12346] lowmem_reserve[]: 0 2479 2481 2481 2481
[ 2298.998653][T12346] Node 0 DMA32 free:1148104kB boost:0kB min:34076kB low:42592kB high:51108kB reserved_highatomic:0KB free_highatomic:0KB active_anon:38476kB inactive_anon:0kB active_file:89240kB inactive_file:164712kB unevictable:9728kB writepending:2436kB present:3129332kB managed:2539312kB mlocked:8192kB bounce:0kB free_pcp:53000kB local_pcp:22764kB free_cma:0kB
[ 2299.035837][T12346] lowmem_reserve[]: 0 0 1 1 1
[ 2299.040813][T12346] Node 0 Normal free:8kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:28kB inactive_anon:0kB active_file:0kB inactive_file:1316kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:36kB local_pcp:28kB free_cma:0kB
[ 2299.071600][T12346] lowmem_reserve[]: 0 0 0 0 0
[ 2299.076713][T12346] Node 1 Normal free:3903596kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:180kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:8944kB local_pcp:8944kB free_cma:0kB
[ 2299.108876][T12346] lowmem_reserve[]: 0 0 0 0 0
[ 2299.113960][T12346] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 2299.127343][T12346] Node 0 DMA32: 2266*4kB (ME) 1885*8kB (UME) 648*16kB (UME) 416*32kB (UME) 325*64kB (UME) 321*128kB (UME) 226*256kB (UME) 243*512kB (UME) 136*1024kB (UME) 6*2048kB (UE) 172*4096kB (UM) = 1148048kB
[ 2299.149149][T12346] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB
[ 2299.161822][T12346] Node 1 Normal: 215*4kB (UME) 68*8kB (UME) 41*16kB (UME) 207*32kB (UME) 108*64kB (UME) 33*128kB (UME) 11*256kB (UM) 6*512kB (UME) 5*1024kB (UM) 3*2048kB (UE) 944*4096kB (M) = 3903596kB
[ 2299.181831][T12346] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 2299.191454][T12346] Node 0 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB
[ 2299.200873][T12346] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 2299.211218][T12346] Node 1 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB
[ 2299.220635][T12346] 69855 total pagecache pages
[ 2299.225393][T12346] 0 pages in swap cache
[ 2299.229570][T12346] Free swap  = 124996kB
[ 2299.234457][T12346] Total swap = 124996kB
[ 2299.238626][T12346] 2097051 pages RAM
[ 2299.242451][T12346] 0 pages HighMem/MovableOnly
[ 2299.247160][T12346] 430261 pages reserved
[ 2299.251340][T12346] 0 pages cma reserved
[ 2299.511874][T12351] netlink: 4 bytes leftover after parsing attributes in process `syz.6.11408'.
[ 2299.643405][ T5961] usb 4-1: USB disconnect, device number 67
[ 2299.842935][   T92] usb 7-1: new high-speed USB device number 64 using dummy_hcd
[ 2300.003620][   T92] usb 7-1: Using ep0 maxpacket: 32
[ 2300.028117][   T92] usb 7-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 1568, setting to 1024
[ 2300.051727][   T92] usb 7-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[ 2300.094660][   T92] usb 7-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 32
[ 2300.135612][   T92] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2300.146459][   T92] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2300.161717][   T92] usb 7-1: Product: О
[ 2300.219833][T12351] team0 (unregistering): Port device team_slave_0 removed
[ 2300.271476][T12351] team0 (unregistering): Port device team_slave_1 removed
[ 2300.446565][   T92] cdc_ncm 7-1:1.0: bind() failure
[ 2300.466036][   T92] cdc_ncm 7-1:1.1: CDC Union missing and no IAD found
[ 2300.474206][   T92] cdc_ncm 7-1:1.1: bind() failure
[ 2300.481873][   T92] usb 7-1: USB disconnect, device number 64
[ 2301.914992][T12360] FAULT_INJECTION: forcing a failure.
[ 2301.914992][T12360] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2301.934213][T12360] CPU: 1 UID: 0 PID: 12360 Comm: syz.0.11410 Not tainted syzkaller #0 PREEMPT(full) 
[ 2301.934240][T12360] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 2301.934251][T12360] Call Trace:
[ 2301.934257][T12360]  <TASK>
[ 2301.934264][T12360]  dump_stack_lvl+0x16c/0x1f0
[ 2301.934292][T12360]  should_fail_ex+0x512/0x640
[ 2301.934318][T12360]  _copy_from_user+0x2e/0xd0
[ 2301.934344][T12360]  kstrtouint_from_user+0xd6/0x1d0
[ 2301.934364][T12360]  ? __pfx_kstrtouint_from_user+0x10/0x10
[ 2301.934382][T12360]  ? __lock_acquire+0xb97/0x1ce0
[ 2301.934421][T12360]  proc_fail_nth_write+0x83/0x220
[ 2301.934444][T12360]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 2301.934471][T12360]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 2301.934490][T12360]  vfs_write+0x2a0/0x11d0
[ 2301.934511][T12360]  ? __pfx___mutex_lock+0x10/0x10
[ 2301.934535][T12360]  ? __pfx_vfs_write+0x10/0x10
[ 2301.934560][T12360]  ? __fget_files+0x20e/0x3c0
[ 2301.934589][T12360]  ksys_write+0x12a/0x250
[ 2301.934607][T12360]  ? __pfx_ksys_write+0x10/0x10
[ 2301.934633][T12360]  do_syscall_64+0xcd/0x4e0
[ 2301.934657][T12360]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2301.934676][T12360] RIP: 0033:0x7f7dce98d97f
[ 2301.934691][T12360] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 2301.934709][T12360] RSP: 002b:00007f7dcf7b2030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 2301.934726][T12360] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f7dce98d97f
[ 2301.934737][T12360] RDX: 0000000000000001 RSI: 00007f7dcf7b20a0 RDI: 0000000000000006
[ 2301.934748][T12360] RBP: 00007f7dcf7b2090 R08: 0000000000000000 R09: 0000000000000000
[ 2301.934766][T12360] R10: 00002000000003c0 R11: 0000000000000293 R12: 0000000000000001
[ 2301.934777][T12360] R13: 00007f7dcebe6038 R14: 00007f7dcebe5fa0 R15: 00007ffc9ce8b0e8
[ 2301.934801][T12360]  </TASK>
[ 2302.638058][T12378] netlink: 4 bytes leftover after parsing attributes in process `syz.2.11416'.
[ 2302.784231][T32119] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 2302.800261][T32119] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 2302.815526][T32119] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 2302.823653][T32119] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 2302.833857][T32119] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 2302.870048][T12384] Failed to initialize the IGMP autojoin socket (err -2)
[ 2303.631511][T12391] netlink: 5 bytes leftover after parsing attributes in process `syz.2.11419'.
[ 2303.678278][   T30] audit: type=1326 audit(1758765955.051:2603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12396 comm="syz.0.11420" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7dce98eec9 code=0x7ffc0000
[ 2303.741113][   T30] audit: type=1326 audit(1758765955.051:2604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12396 comm="syz.0.11420" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7dce98eec9 code=0x7ffc0000
[ 2304.062980][T12408] usb usb1: usbfs: interface 0 claimed by hub while 'syz.2.11419' sets config #0
[ 2304.945287][T32119] Bluetooth: hci4: command tx timeout
[ 2305.814564][T12384] netdevsim netdevsim5 netdevsim0: renamed from eth9
[ 2305.844266][T12384] netdevsim netdevsim5 netdevsim1: renamed from eth10
[ 2305.898421][T12384] netdevsim netdevsim5 netdevsim2: renamed from eth11
[ 2305.954092][T12384] netdevsim netdevsim5 netdevsim3: renamed from eth12
[ 2306.456583][   T30] audit: type=1400 audit(1758765957.851:2605): avc:  denied  { create } for  pid=12432 comm="syz.6.11430" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[ 2306.546600][   T30] audit: type=1400 audit(1758765957.891:2606): avc:  denied  { ioctl } for  pid=12432 comm="syz.6.11430" path="socket:[185929]" dev="sockfs" ino=185929 ioctlcmd=0x89e2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[ 2306.790550][T12446] input: syz1 as /devices/virtual/input/input117
[ 2306.934479][T12453] netlink: 'syz.6.11433': attribute type 5 has an invalid length.
[ 2306.965985][T12453] netlink: 199836 bytes leftover after parsing attributes in process `syz.6.11433'.
[ 2307.002786][   T92] usb 1-1: new high-speed USB device number 76 using dummy_hcd
[ 2307.010658][T32119] Bluetooth: hci4: command tx timeout
[ 2307.121733][T12457] FAULT_INJECTION: forcing a failure.
[ 2307.121733][T12457] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2307.134939][T12457] CPU: 1 UID: 0 PID: 12457 Comm: syz.2.11434 Not tainted syzkaller #0 PREEMPT(full) 
[ 2307.134971][T12457] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 2307.134982][T12457] Call Trace:
[ 2307.134989][T12457]  <TASK>
[ 2307.134997][T12457]  dump_stack_lvl+0x16c/0x1f0
[ 2307.135026][T12457]  should_fail_ex+0x512/0x640
[ 2307.135054][T12457]  _copy_to_iter+0x463/0x1710
[ 2307.135087][T12457]  ? __pfx__copy_to_iter+0x10/0x10
[ 2307.135115][T12457]  ? find_held_lock+0x2b/0x80
[ 2307.135139][T12457]  ? igmp_mc_seq_stop+0xab/0x150
[ 2307.135167][T12457]  seq_read_iter+0xcf8/0x12c0
[ 2307.135198][T12457]  seq_read+0x3a3/0x570
[ 2307.135216][T12457]  ? __pfx_seq_read+0x10/0x10
[ 2307.135241][T12457]  ? get_pid_task+0xfc/0x250
[ 2307.135263][T12457]  ? avc_policy_seqno+0x9/0x20
[ 2307.135287][T12457]  ? __pfx_seq_read+0x10/0x10
[ 2307.135304][T12457]  proc_reg_read+0x23d/0x330
[ 2307.135331][T12457]  ? __pfx_proc_reg_read+0x10/0x10
[ 2307.135358][T12457]  vfs_read+0x1e1/0xcf0
[ 2307.135383][T12457]  ? __pfx_vfs_read+0x10/0x10
[ 2307.135399][T12457]  ? find_held_lock+0x2b/0x80
[ 2307.135421][T12457]  ? __fget_files+0x204/0x3c0
[ 2307.135445][T12457]  ? __fget_files+0x20e/0x3c0
[ 2307.135462][T12457]  ? __fget_files+0x190/0x3c0
[ 2307.135489][T12457]  __x64_sys_pread64+0x1eb/0x250
[ 2307.135510][T12457]  ? __pfx___x64_sys_pread64+0x10/0x10
[ 2307.135538][T12457]  do_syscall_64+0xcd/0x4e0
[ 2307.135565][T12457]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2307.135584][T12457] RIP: 0033:0x7f768818eec9
[ 2307.135599][T12457] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2307.135617][T12457] RSP: 002b:00007f7688f96038 EFLAGS: 00000246 ORIG_RAX: 0000000000000011
[ 2307.135635][T12457] RAX: ffffffffffffffda RBX: 00007f76883e6180 RCX: 00007f768818eec9
[ 2307.135647][T12457] RDX: 00000000fffffe9c RSI: 0000200000000180 RDI: 000000000000000b
[ 2307.135658][T12457] RBP: 00007f7688f96090 R08: 0000000000000000 R09: 0000000000000000
[ 2307.135669][T12457] R10: 00000000000000b6 R11: 0000000000000246 R12: 0000000000000001
[ 2307.135679][T12457] R13: 00007f76883e6218 R14: 00007f76883e6180 R15: 00007fff873ee908
[ 2307.135703][T12457]  </TASK>
[ 2307.399310][   T92] usb 1-1: Using ep0 maxpacket: 16
[ 2307.454437][   T92] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2307.487464][   T92] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2307.506992][   T92] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 2307.540669][   T92] usb 1-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[ 2307.571488][   T92] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2307.643762][   T92] usb 1-1: config 0 descriptor??
[ 2307.670411][   T30] audit: type=1326 audit(1758765959.011:2607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12459 comm="syz.3.11435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdac8d8eec9 code=0x7ffc0000
[ 2308.679230][   T30] audit: type=1326 audit(1758765959.011:2608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12459 comm="syz.3.11435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7fdac8d8eec9 code=0x7ffc0000
[ 2308.706123][   T30] audit: type=1326 audit(1758765959.011:2609): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12459 comm="syz.3.11435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdac8d8eec9 code=0x7ffc0000
[ 2308.730538][   T30] audit: type=1326 audit(1758765959.011:2610): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12459 comm="syz.3.11435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fdac8d8eec9 code=0x7ffc0000
[ 2308.754055][   T30] audit: type=1326 audit(1758765959.011:2611): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12459 comm="syz.3.11435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdac8d8eec9 code=0x7ffc0000
[ 2308.786958][   T30] audit: type=1326 audit(1758765959.011:2612): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12459 comm="syz.3.11435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=248 compat=0 ip=0x7fdac8d8eec9 code=0x7ffc0000
[ 2308.815621][   T30] audit: type=1326 audit(1758765959.011:2613): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12459 comm="syz.3.11435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdac8d8eec9 code=0x7ffc0000
[ 2308.848174][   T30] audit: type=1326 audit(1758765959.011:2614): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12459 comm="syz.3.11435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7fdac8d8eec9 code=0x7ffc0000
[ 2308.876131][   T30] audit: type=1326 audit(1758765959.011:2615): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12459 comm="syz.3.11435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdac8d8eec9 code=0x7ffc0000
[ 2308.926418][   T30] audit: type=1326 audit(1758765959.011:2616): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12459 comm="syz.3.11435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fdac8d8eec9 code=0x7ffc0000
[ 2309.096051][T32119] Bluetooth: hci4: command tx timeout
[ 2309.146773][   T30] audit: type=1326 audit(1758765959.011:2617): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12459 comm="syz.3.11435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdac8d8eec9 code=0x7ffc0000
[ 2309.171676][   T30] audit: type=1326 audit(1758765959.011:2618): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12459 comm="syz.3.11435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=250 compat=0 ip=0x7fdac8d8eec9 code=0x7ffc0000
[ 2309.225864][ T2308] usb 7-1: new high-speed USB device number 65 using dummy_hcd
[ 2309.363367][T12384] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[ 2309.410914][ T2308] usb 7-1: unable to get BOS descriptor or descriptor too short
[ 2309.419824][ T2308] usb 7-1: config 10 has an invalid interface number: 41 but max is 0
[ 2309.430460][ T2308] usb 7-1: config 10 has an invalid descriptor of length 0, skipping remainder of the config
[ 2309.459151][T12384] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[ 2309.476742][ T2308] usb 7-1: config 10 has no interface number 0
[ 2309.489407][T12441] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 2309.547338][ T2308] usb 7-1: config 10 interface 41 has no altsetting 0
[ 2309.566853][T12441] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 2309.592018][T12384] wireguard: wg0: Could not create IPv4 socket
[ 2309.608862][T12441] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 2309.609473][ T2308] usb 7-1: language id specifier not provided by device, defaulting to English
[ 2309.645019][ T2308] usb 7-1: New USB device found, idVendor=0499, idProduct=101b, bcdDevice=56.29
[ 2309.645759][T12384] wireguard: wg1: Could not create IPv4 socket
[ 2309.654981][ T2308] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2309.668977][T12441] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 2309.679260][T12441] Bluetooth: hci4: Opcode 0x0406 failed: -4
[ 2309.686031][ T2308] usb 7-1: Product: ဉ
[ 2309.692683][ T2308] usb 7-1: SerialNumber: syz
[ 2309.723722][T12441] Bluetooth: hci4: Opcode 0x0406 failed: -4
[ 2309.782722][T12384] wireguard: wg2: Could not create IPv4 socket
[ 2310.000302][T12476] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2310.041672][T12476] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2310.635202][   T92] usbhid 1-1:0.0: can't add hid device: -71
[ 2310.641266][   T92] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[ 2310.652081][   T92] usb 1-1: USB disconnect, device number 76
[ 2311.483976][T32119] Bluetooth: hci1: command 0x0c1a tx timeout
[ 2311.649822][T32119] Bluetooth: hci2: command 0x041b tx timeout
[ 2311.656100][T32119] Bluetooth: hci3: command 0x0405 tx timeout
[ 2312.623014][ T2308] usb 7-1: Found UVC 0.00 device ဉ (0499:101b)
[ 2312.643810][   T92] usb 4-1: new high-speed USB device number 68 using dummy_hcd
[ 2312.678212][ T2308] usb 7-1: No valid video chain found.
[ 2312.714330][ T2308] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[ 2312.779435][ T2308] snd-usb-audio 7-1:10.41: probe with driver snd-usb-audio failed with error -2
[ 2312.843228][   T92] usb 4-1: Using ep0 maxpacket: 16
[ 2312.853236][ T2308] usb 7-1: USB disconnect, device number 65
[ 2312.889680][   T92] usb 4-1: unable to read config index 0 descriptor/start: -61
[ 2312.931508][   T92] usb 4-1: can't read configurations, error -61
[ 2313.092835][   T92] usb 4-1: new high-speed USB device number 69 using dummy_hcd
[ 2313.272430][   T92] usb 4-1: Using ep0 maxpacket: 16
[ 2313.291940][   T92] usb 4-1: unable to read config index 0 descriptor/start: -61
[ 2313.309311][   T92] usb 4-1: can't read configurations, error -61
[ 2313.327813][   T92] usb usb4-port1: attempt power cycle
[ 2313.722623][   T92] usb 4-1: new high-speed USB device number 70 using dummy_hcd
[ 2313.743284][   T92] usb 4-1: Using ep0 maxpacket: 16
[ 2313.750217][   T92] usb 4-1: unable to read config index 0 descriptor/start: -61
[ 2313.757975][   T92] usb 4-1: can't read configurations, error -61
[ 2313.822594][T31056] usb 7-1: new high-speed USB device number 66 using dummy_hcd
[ 2313.902916][   T92] usb 4-1: new high-speed USB device number 71 using dummy_hcd
[ 2313.923237][   T92] usb 4-1: Using ep0 maxpacket: 16
[ 2313.929958][   T92] usb 4-1: unable to read config index 0 descriptor/start: -61
[ 2313.937777][   T92] usb 4-1: can't read configurations, error -61
[ 2313.944414][   T92] usb usb4-port1: unable to enumerate USB device
[ 2313.972557][T31056] usb 7-1: Using ep0 maxpacket: 32
[ 2313.979093][T31056] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2313.991042][T31056] usb 7-1: New USB device found, idVendor=0c72, idProduct=000c, bcdDevice=d4.09
[ 2314.001796][T31056] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2314.009860][T31056] usb 7-1: Product: syz
[ 2314.014057][T31056] usb 7-1: Manufacturer: syz
[ 2314.018635][T31056] usb 7-1: SerialNumber: syz
[ 2314.024962][T31056] usb 7-1: config 0 descriptor??
[ 2314.035327][T31056] peak_usb 7-1:0.0 can0: sending cmd f=0x6 n=0x1 failure: -22
[ 2314.042897][T31056] peak_usb 7-1:0.0: unable to read PCAN-USB serial number (err -22)
[ 2314.083773][T31056] peak_usb 7-1:0.0: probe with driver peak_usb failed with error -22
[ 2314.765648][T12520] netlink: 12 bytes leftover after parsing attributes in process `syz.0.11447'.
[ 2314.965468][ T5860] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 2314.980651][ T5860] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 2314.988684][ T5860] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 2314.997652][ T5860] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 2315.005254][ T5860] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 2315.054221][T12522] Failed to initialize the IGMP autojoin socket (err -2)
[ 2315.912848][T12548] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1005 sclass=netlink_route_socket pid=12548 comm=syz.3.11453
[ 2315.983844][T12550] netlink: 4 bytes leftover after parsing attributes in process `syz.0.11452'.
[ 2315.993277][T12550] netlink: 4 bytes leftover after parsing attributes in process `syz.0.11452'.
[ 2316.002570][T12550] netlink: 4 bytes leftover after parsing attributes in process `syz.0.11452'.
[ 2316.380841][T31056] usb 7-1: USB disconnect, device number 66
[ 2316.406253][T12553] FAULT_INJECTION: forcing a failure.
[ 2316.406253][T12553] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2316.419563][T12553] CPU: 1 UID: 0 PID: 12553 Comm: syz.6.11454 Not tainted syzkaller #0 PREEMPT(full) 
[ 2316.419584][T12553] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 2316.419591][T12553] Call Trace:
[ 2316.419595][T12553]  <TASK>
[ 2316.419600][T12553]  dump_stack_lvl+0x16c/0x1f0
[ 2316.419619][T12553]  should_fail_ex+0x512/0x640
[ 2316.419636][T12553]  _copy_from_user+0x2e/0xd0
[ 2316.419653][T12553]  kstrtouint_from_user+0xd6/0x1d0
[ 2316.419665][T12553]  ? __pfx_kstrtouint_from_user+0x10/0x10
[ 2316.419677][T12553]  ? __lock_acquire+0xb97/0x1ce0
[ 2316.419701][T12553]  proc_fail_nth_write+0x83/0x220
[ 2316.419715][T12553]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 2316.419732][T12553]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 2316.419745][T12553]  vfs_write+0x2a0/0x11d0
[ 2316.419763][T12553]  ? __pfx___mutex_lock+0x10/0x10
[ 2316.419779][T12553]  ? __pfx_vfs_write+0x10/0x10
[ 2316.419794][T12553]  ? __fget_files+0x20e/0x3c0
[ 2316.419811][T12553]  ksys_write+0x12a/0x250
[ 2316.419822][T12553]  ? __pfx_ksys_write+0x10/0x10
[ 2316.419838][T12553]  do_syscall_64+0xcd/0x4e0
[ 2316.419854][T12553]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2316.419866][T12553] RIP: 0033:0x7f96ab58d97f
[ 2316.419875][T12553] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 2316.419886][T12553] RSP: 002b:00007f96ac4cc030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 2316.419898][T12553] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f96ab58d97f
[ 2316.419905][T12553] RDX: 0000000000000001 RSI: 00007f96ac4cc0a0 RDI: 0000000000000003
[ 2316.419911][T12553] RBP: 00007f96ac4cc090 R08: 0000000000000000 R09: 0000000000000000
[ 2316.419918][T12553] R10: 00000000000000c0 R11: 0000000000000293 R12: 0000000000000001
[ 2316.419924][T12553] R13: 00007f96ab7e6038 R14: 00007f96ab7e5fa0 R15: 00007ffe133c87b8
[ 2316.419938][T12553]  </TASK>
[ 2317.098455][T25658] Bluetooth: hci4: command tx timeout
[ 2317.341453][T12571] FAULT_INJECTION: forcing a failure.
[ 2317.341453][T12571] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2317.533934][T12571] CPU: 1 UID: 0 PID: 12571 Comm: syz.2.11459 Not tainted syzkaller #0 PREEMPT(full) 
[ 2317.533961][T12571] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 2317.533973][T12571] Call Trace:
[ 2317.533979][T12571]  <TASK>
[ 2317.533987][T12571]  dump_stack_lvl+0x16c/0x1f0
[ 2317.534015][T12571]  should_fail_ex+0x512/0x640
[ 2317.534041][T12571]  _copy_to_user+0x32/0xd0
[ 2317.534069][T12571]  simple_read_from_buffer+0xcb/0x170
[ 2317.534091][T12571]  proc_fail_nth_read+0x197/0x240
[ 2317.534113][T12571]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 2317.534136][T12571]  ? rw_verify_area+0xcf/0x6c0
[ 2317.534162][T12571]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 2317.534183][T12571]  vfs_read+0x1e1/0xcf0
[ 2317.534203][T12571]  ? __pfx___mutex_lock+0x10/0x10
[ 2317.534227][T12571]  ? __pfx_vfs_read+0x10/0x10
[ 2317.534252][T12571]  ? __fget_files+0x20e/0x3c0
[ 2317.534279][T12571]  ksys_read+0x12a/0x250
[ 2317.534296][T12571]  ? __pfx_ksys_read+0x10/0x10
[ 2317.534322][T12571]  do_syscall_64+0xcd/0x4e0
[ 2317.534347][T12571]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2317.534366][T12571] RIP: 0033:0x7f768818d8dc
[ 2317.534381][T12571] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 2317.534398][T12571] RSP: 002b:00007f7688fd8030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 2317.534415][T12571] RAX: ffffffffffffffda RBX: 00007f76883e5fa0 RCX: 00007f768818d8dc
[ 2317.534428][T12571] RDX: 000000000000000f RSI: 00007f7688fd80a0 RDI: 0000000000000003
[ 2317.534439][T12571] RBP: 00007f7688fd8090 R08: 0000000000000000 R09: 0000000000000000
[ 2317.534450][T12571] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2317.534461][T12571] R13: 00007f76883e6038 R14: 00007f76883e5fa0 R15: 00007fff873ee908
[ 2317.534486][T12571]  </TASK>
[ 2317.842611][T31056] usb 7-1: new high-speed USB device number 67 using dummy_hcd
[ 2317.952627][T10105] usb 1-1: new high-speed USB device number 77 using dummy_hcd
[ 2317.995141][T31056] usb 7-1: unable to get BOS descriptor or descriptor too short
[ 2318.013816][T31056] usb 7-1: config 10 has an invalid interface number: 41 but max is 0
[ 2318.029812][T31056] usb 7-1: config 10 has an invalid descriptor of length 0, skipping remainder of the config
[ 2318.112602][T10105] usb 1-1: Using ep0 maxpacket: 16
[ 2318.373867][T10105] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 2318.390038][T12522] netdevsim netdevsim5 netdevsim0: renamed from eth9
[ 2318.392546][T31056] usb 7-1: config 10 has no interface number 0
[ 2318.403328][T10105] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[ 2318.432600][T31056] usb 7-1: config 10 interface 41 has no altsetting 0
[ 2318.459796][T10105] usb 1-1: config 1 has no interface number 1
[ 2318.462449][T12522] netdevsim netdevsim5 netdevsim1: renamed from eth10
[ 2318.495122][T31056] usb 7-1: language id specifier not provided by device, defaulting to English
[ 2318.523786][T10105] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 2318.546823][T31056] usb 7-1: New USB device found, idVendor=0499, idProduct=101b, bcdDevice=56.29
[ 2318.550238][T12522] netdevsim netdevsim5 netdevsim2: renamed from eth11
[ 2318.562589][T31056] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2318.572885][T10105] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 2318.582077][T10105] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2318.846665][T12522] netdevsim netdevsim5 netdevsim3: renamed from eth12
[ 2319.162928][T25658] Bluetooth: hci4: command tx timeout
[ 2319.402774][T10105] usb 1-1: Product: syz
[ 2319.412574][T31056] usb 7-1: Product: ဉ
[ 2319.416766][T31056] usb 7-1: SerialNumber: syz
[ 2319.426987][T10105] usb 1-1: Manufacturer: syz
[ 2319.442666][T10105] usb 1-1: SerialNumber: syz
[ 2320.298153][   T30] kauditd_printk_skb: 32 callbacks suppressed
[ 2320.298175][   T30] audit: type=1400 audit(1758765971.201:2651): avc:  denied  { write } for  pid=12586 comm="syz.3.11464" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[ 2320.419299][T12593] trusted_key: encrypted_key: insufficient parameters specified
[ 2320.522109][T31056] usb 7-1: Found UVC 0.00 device ဉ (0499:101b)
[ 2320.553868][T31056] usb 7-1: No valid video chain found.
[ 2320.613748][T31056] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[ 2320.683310][T31056] snd-usb-audio 7-1:10.41: probe with driver snd-usb-audio failed with error -2
[ 2320.744659][T31056] usb 7-1: USB disconnect, device number 67
[ 2320.971161][T12604] FAULT_INJECTION: forcing a failure.
[ 2320.971161][T12604] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2320.984708][T12604] CPU: 0 UID: 0 PID: 12604 Comm: syz.6.11466 Not tainted syzkaller #0 PREEMPT(full) 
[ 2320.984735][T12604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 2320.984746][T12604] Call Trace:
[ 2320.984752][T12604]  <TASK>
[ 2320.984759][T12604]  dump_stack_lvl+0x16c/0x1f0
[ 2320.984785][T12604]  should_fail_ex+0x512/0x640
[ 2320.984811][T12604]  _copy_from_user+0x2e/0xd0
[ 2320.984837][T12604]  kstrtouint_from_user+0xd6/0x1d0
[ 2320.984856][T12604]  ? __pfx_kstrtouint_from_user+0x10/0x10
[ 2320.984873][T12604]  ? __lock_acquire+0xb97/0x1ce0
[ 2320.984899][T12604]  proc_fail_nth_write+0x83/0x220
[ 2320.984914][T12604]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 2320.984931][T12604]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 2320.984947][T12604]  vfs_write+0x2a0/0x11d0
[ 2320.984969][T12604]  ? __pfx___mutex_lock+0x10/0x10
[ 2320.984992][T12604]  ? __pfx_vfs_write+0x10/0x10
[ 2320.985016][T12604]  ? __fget_files+0x20e/0x3c0
[ 2320.985034][T12604]  ksys_write+0x12a/0x250
[ 2320.985045][T12604]  ? __pfx_ksys_write+0x10/0x10
[ 2320.985057][T12604]  ? fdget+0x187/0x210
[ 2320.985072][T12604]  do_syscall_64+0xcd/0x4e0
[ 2320.985091][T12604]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2320.985109][T12604] RIP: 0033:0x7f96ab58d97f
[ 2320.985124][T12604] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 2320.985140][T12604] RSP: 002b:00007f96ac48a030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 2320.985157][T12604] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f96ab58d97f
[ 2320.985166][T12604] RDX: 0000000000000001 RSI: 00007f96ac48a0a0 RDI: 0000000000000004
[ 2320.985173][T12604] RBP: 00007f96ac48a090 R08: 0000000000000000 R09: 0000000000000000
[ 2320.985180][T12604] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[ 2320.985186][T12604] R13: 00007f96ab7e6218 R14: 00007f96ab7e6180 R15: 00007ffe133c87b8
[ 2320.985200][T12604]  </TASK>
[ 2321.242795][T25658] Bluetooth: hci4: command tx timeout
[ 2321.367216][T10105] usb 1-1: 2:1 : no UAC_FORMAT_TYPE desc
[ 2321.660845][T10105] usb 1-1: USB disconnect, device number 77
[ 2322.809763][T12522] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[ 2322.855653][T12522] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[ 2322.905409][T12522] wireguard: wg0: Could not create IPv4 socket
[ 2322.931827][T12522] wireguard: wg1: Could not create IPv4 socket
[ 2322.951226][T12522] wireguard: wg2: Could not create IPv4 socket
[ 2323.080067][T12621] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[ 2323.104853][T12621] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[ 2323.354784][T32119] Bluetooth: hci4: command tx timeout
[ 2323.647621][T12646] FAULT_INJECTION: forcing a failure.
[ 2323.647621][T12646] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2323.662757][T12646] CPU: 1 UID: 0 PID: 12646 Comm: syz.2.11475 Not tainted syzkaller #0 PREEMPT(full) 
[ 2323.662783][T12646] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 2323.662794][T12646] Call Trace:
[ 2323.662800][T12646]  <TASK>
[ 2323.662807][T12646]  dump_stack_lvl+0x16c/0x1f0
[ 2323.662835][T12646]  should_fail_ex+0x512/0x640
[ 2323.662861][T12646]  _copy_to_user+0x32/0xd0
[ 2323.662889][T12646]  simple_read_from_buffer+0xcb/0x170
[ 2323.662911][T12646]  proc_fail_nth_read+0x197/0x240
[ 2323.662934][T12646]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 2323.662956][T12646]  ? rw_verify_area+0xcf/0x6c0
[ 2323.662983][T12646]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 2323.663004][T12646]  vfs_read+0x1e1/0xcf0
[ 2323.663026][T12646]  ? __pfx___mutex_lock+0x10/0x10
[ 2323.663050][T12646]  ? __pfx_vfs_read+0x10/0x10
[ 2323.663074][T12646]  ? __fget_files+0x20e/0x3c0
[ 2323.663103][T12646]  ksys_read+0x12a/0x250
[ 2323.663120][T12646]  ? __pfx_ksys_read+0x10/0x10
[ 2323.663146][T12646]  do_syscall_64+0xcd/0x4e0
[ 2323.663171][T12646]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2323.663190][T12646] RIP: 0033:0x7f768818d8dc
[ 2323.663206][T12646] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 2323.663223][T12646] RSP: 002b:00007f7688fb7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 2323.663241][T12646] RAX: ffffffffffffffda RBX: 00007f76883e6090 RCX: 00007f768818d8dc
[ 2323.663253][T12646] RDX: 000000000000000f RSI: 00007f7688fb70a0 RDI: 0000000000000003
[ 2323.663263][T12646] RBP: 00007f7688fb7090 R08: 0000000000000000 R09: 0000000000000000
[ 2323.663273][T12646] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2323.663283][T12646] R13: 00007f76883e6128 R14: 00007f76883e6090 R15: 00007fff873ee908
[ 2323.663308][T12646]  </TASK>
[ 2324.462943][T12648] FAULT_INJECTION: forcing a failure.
[ 2324.462943][T12648] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2324.510845][T12648] CPU: 1 UID: 0 PID: 12648 Comm: syz.6.11476 Not tainted syzkaller #0 PREEMPT(full) 
[ 2324.510873][T12648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 2324.510883][T12648] Call Trace:
[ 2324.510889][T12648]  <TASK>
[ 2324.510897][T12648]  dump_stack_lvl+0x16c/0x1f0
[ 2324.510925][T12648]  should_fail_ex+0x512/0x640
[ 2324.510953][T12648]  should_fail_alloc_page+0xe7/0x130
[ 2324.510976][T12648]  prepare_alloc_pages+0x3c2/0x610
[ 2324.511003][T12648]  __alloc_frozen_pages_noprof+0x18b/0x23f0
[ 2324.511027][T12648]  ? lock_acquire+0x179/0x350
[ 2324.511044][T12648]  ? find_held_lock+0x2b/0x80
[ 2324.511066][T12648]  ? start_dl_timer+0x25a/0x5e0
[ 2324.511090][T12648]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 2324.511113][T12648]  ? __resched_curr+0xfd/0x3b0
[ 2324.511141][T12648]  ? __lock_acquire+0x62e/0x1ce0
[ 2324.511168][T12648]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 2324.511192][T12648]  ? policy_nodemask+0xea/0x4e0
[ 2324.511216][T12648]  alloc_pages_mpol+0x1fb/0x550
[ 2324.511237][T12648]  ? __pfx_alloc_pages_mpol+0x10/0x10
[ 2324.511260][T12648]  ? __lock_acquire+0x62e/0x1ce0
[ 2324.511289][T12648]  folio_alloc_mpol_noprof+0x36/0x2f0
[ 2324.511314][T12648]  vma_alloc_folio_noprof+0xed/0x1e0
[ 2324.511338][T12648]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[ 2324.511367][T12648]  do_pte_missing+0x2230/0x3ba0
[ 2324.511393][T12648]  ? find_held_lock+0x2b/0x80
[ 2324.511420][T12648]  __handle_mm_fault+0x152a/0x2a50
[ 2324.511453][T12648]  ? __pfx___handle_mm_fault+0x10/0x10
[ 2324.511483][T12648]  ? lock_vma_under_rcu+0x1eb/0x530
[ 2324.511518][T12648]  ? __pfx_lock_vma_under_rcu+0x10/0x10
[ 2324.511551][T12648]  handle_mm_fault+0x589/0xd10
[ 2324.511578][T12648]  ? trace_raw_output_exceptions+0x131/0x150
[ 2324.511609][T12648]  do_user_addr_fault+0x60c/0x1370
[ 2324.511630][T12648]  ? rcu_is_watching+0x12/0xc0
[ 2324.511664][T12648]  exc_page_fault+0x5c/0xb0
[ 2324.511686][T12648]  asm_exc_page_fault+0x26/0x30
[ 2324.511703][T12648] RIP: 0033:0x7f96ab53c3ab
[ 2324.511719][T12648] Code: c0 8b 87 c0 00 00 00 66 0f 6c c0 85 c0 0f 85 44 01 00 00 c7 87 c0 00 00 00 ff ff ff ff 48 8d 84 24 20 21 00 00 48 8d 7c 24 20 <0f> 29 44 24 40 49 89 e4 48 89 44 24 50 8b 43 74 48 89 9c 24 00 01
[ 2324.511736][T12648] RSP: 002b:00007f96ac443e10 EFLAGS: 00010246
[ 2324.511751][T12648] RAX: 00007f96ac445f30 RBX: 00007f96ab7b7640 RCX: 0000000000000000
[ 2324.511763][T12648] RDX: 00007f96ac445f78 RSI: 00007f96ab5eedf8 RDI: 00007f96ac443e30
[ 2324.511774][T12648] RBP: 0000000000000009 R08: 0000000000000000 R09: 0000000000000000
[ 2324.511785][T12648] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001
[ 2324.511796][T12648] R13: 00007f96ab7e6128 R14: 00007f96ab7e6090 R15: 00007ffe133c87b8
[ 2324.511820][T12648]  </TASK>
[ 2325.410419][   T30] audit: type=1400 audit(1758765976.801:2652): avc:  denied  { bind } for  pid=12658 comm="syz.6.11479" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[ 2326.132888][T10105] usb 7-1: new high-speed USB device number 68 using dummy_hcd
[ 2326.295148][T10105] usb 7-1: too many endpoints for config 0 interface 0 altsetting 0: 197, using maximum allowed: 30
[ 2326.306079][T10105] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2326.315900][T10105] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 197
[ 2326.328975][T10105] usb 7-1: New USB device found, idVendor=156d, idProduct=c094, bcdDevice= 0.00
[ 2326.338078][T10105] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2326.347349][T10105] usb 7-1: config 0 descriptor??
[ 2326.638281][T12679] FAULT_INJECTION: forcing a failure.
[ 2326.638281][T12679] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2326.652386][T12679] CPU: 0 UID: 0 PID: 12679 Comm: syz.0.11485 Not tainted syzkaller #0 PREEMPT(full) 
[ 2326.652414][T12679] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 2326.652425][T12679] Call Trace:
[ 2326.652431][T12679]  <TASK>
[ 2326.652439][T12679]  dump_stack_lvl+0x16c/0x1f0
[ 2326.652471][T12679]  should_fail_ex+0x512/0x640
[ 2326.652493][T12679]  ? page_copy_sane+0xcd/0x2d0
[ 2326.652518][T12679]  copy_folio_from_iter_atomic+0x36f/0x1ac0
[ 2326.652556][T12679]  ? __pfx_copy_folio_from_iter_atomic+0x10/0x10
[ 2326.652582][T12679]  ? shmem_write_begin+0x176/0x300
[ 2326.652603][T12679]  ? __pfx_shmem_write_begin+0x10/0x10
[ 2326.652631][T12679]  ? balance_dirty_pages_ratelimited_flags+0x92/0x1260
[ 2326.652658][T12679]  ? irqentry_exit+0x3b/0x90
[ 2326.652682][T12679]  generic_perform_write+0x221/0x900
[ 2326.652719][T12679]  ? __pfx_generic_perform_write+0x10/0x10
[ 2326.652751][T12679]  ? generic_update_time+0xcf/0xf0
[ 2326.652775][T12679]  ? mnt_put_write_access_file+0x45/0xf0
[ 2326.652798][T12679]  shmem_file_write_iter+0x10e/0x140
[ 2326.652823][T12679]  do_iter_readv_writev+0x65f/0x9e0
[ 2326.652854][T12679]  ? __pfx_do_iter_readv_writev+0x10/0x10
[ 2326.652894][T12679]  vfs_iter_write+0x1e2/0x9c0
[ 2326.652917][T12679]  backing_file_write_iter+0x647/0x8f0
[ 2326.652944][T12679]  ovl_write_iter+0x35b/0x430
[ 2326.652970][T12679]  ? __pfx_ovl_write_iter+0x10/0x10
[ 2326.652993][T12679]  ? __pfx_ovl_file_end_write+0x10/0x10
[ 2326.653024][T12679]  vfs_write+0x7d3/0x11d0
[ 2326.653043][T12679]  ? __pfx_ovl_write_iter+0x10/0x10
[ 2326.653067][T12679]  ? __pfx___mutex_lock+0x10/0x10
[ 2326.653089][T12679]  ? __pfx_vfs_write+0x10/0x10
[ 2326.653126][T12679]  ksys_write+0x12a/0x250
[ 2326.653145][T12679]  ? __pfx_ksys_write+0x10/0x10
[ 2326.653172][T12679]  do_syscall_64+0xcd/0x4e0
[ 2326.653197][T12679]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2326.653215][T12679] RIP: 0033:0x7f7dce98eec9
[ 2326.653230][T12679] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2326.653247][T12679] RSP: 002b:00007f7dcf770038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 2326.653266][T12679] RAX: ffffffffffffffda RBX: 00007f7dcebe6180 RCX: 00007f7dce98eec9
[ 2326.653278][T12679] RDX: 0000000000000050 RSI: 0000200000000040 RDI: 0000000000000006
[ 2326.653289][T12679] RBP: 00007f7dcf770090 R08: 0000000000000000 R09: 0000000000000000
[ 2326.653299][T12679] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2326.653310][T12679] R13: 00007f7dcebe6218 R14: 00007f7dcebe6180 R15: 00007ffc9ce8b0e8
[ 2326.653335][T12679]  </TASK>
[ 2326.966603][   T30] audit: type=1400 audit(1758765978.351:2653): avc:  denied  { ioctl } for  pid=12680 comm="syz.3.11486" path="/dev/binderfs/binder0" dev="binder" ino=4 ioctlcmd=0x620d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[ 2326.995695][   T30] audit: type=1400 audit(1758765978.351:2654): avc:  denied  { set_context_mgr } for  pid=12680 comm="syz.3.11486" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[ 2327.099244][T12682] serio: Serial port ptm0
[ 2328.580420][T12688] netlink: 12 bytes leftover after parsing attributes in process `syz.0.11488'.
[ 2328.785347][T12692] FAULT_INJECTION: forcing a failure.
[ 2328.785347][T12692] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2328.799557][T12692] CPU: 1 UID: 0 PID: 12692 Comm: syz.2.11489 Not tainted syzkaller #0 PREEMPT(full) 
[ 2328.799593][T12692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 2328.799604][T12692] Call Trace:
[ 2328.799610][T12692]  <TASK>
[ 2328.799617][T12692]  dump_stack_lvl+0x16c/0x1f0
[ 2328.799643][T12692]  should_fail_ex+0x512/0x640
[ 2328.799669][T12692]  _copy_from_user+0x2e/0xd0
[ 2328.799695][T12692]  core_sys_select+0x35b/0xc10
[ 2328.799723][T12692]  ? __pfx_core_sys_select+0x10/0x10
[ 2328.799765][T12692]  ? set_user_sigmask+0x21b/0x2b0
[ 2328.799787][T12692]  ? __pfx_set_user_sigmask+0x10/0x10
[ 2328.799813][T12692]  do_pselect.constprop.0+0x19f/0x1e0
[ 2328.799833][T12692]  ? __pfx_do_pselect.constprop.0+0x10/0x10
[ 2328.799862][T12692]  __x64_sys_pselect6+0x182/0x240
[ 2328.799883][T12692]  ? __pfx___x64_sys_pselect6+0x10/0x10
[ 2328.799911][T12692]  do_syscall_64+0xcd/0x4e0
[ 2328.799937][T12692]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2328.799956][T12692] RIP: 0033:0x7f768818eec9
[ 2328.799971][T12692] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2328.799989][T12692] RSP: 002b:00007f7688fb7038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[ 2328.800007][T12692] RAX: ffffffffffffffda RBX: 00007f76883e6090 RCX: 00007f768818eec9
[ 2328.800019][T12692] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000040
[ 2328.800031][T12692] RBP: 00007f7688fb7090 R08: 0000000000000000 R09: 0000000000000000
[ 2328.800042][T12692] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001
[ 2328.800052][T12692] R13: 00007f76883e6128 R14: 00007f76883e6090 R15: 00007fff873ee908
[ 2328.800077][T12692]  </TASK>
[ 2329.699096][T10105] usbhid 7-1:0.0: can't add hid device: -71
[ 2329.712038][   T30] audit: type=1400 audit(1758765981.101:2655): avc:  denied  { watch watch_reads } for  pid=12697 comm="syz.2.11493" path="pipe:[187129]" dev="pipefs" ino=187129 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[ 2329.743274][T10105] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[ 2329.803590][T10105] usb 7-1: USB disconnect, device number 68
[ 2330.390874][T12726] vivid-001: disconnect
[ 2331.088140][T12720] vivid-001: reconnect
[ 2332.102578][ T5961] usb 7-1: new high-speed USB device number 69 using dummy_hcd
[ 2332.252623][ T5961] usb 7-1: Using ep0 maxpacket: 8
[ 2332.274170][ T5961] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[ 2332.285454][ T5961] usb 7-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[ 2332.396996][ T5961] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 2332.425643][ T5961] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2332.473278][T10105] usb 1-1: new high-speed USB device number 78 using dummy_hcd
[ 2332.646936][T10105] usb 1-1: unable to get BOS descriptor or descriptor too short
[ 2332.660562][T10105] usb 1-1: config 10 has an invalid interface number: 41 but max is 0
[ 2332.669453][T10105] usb 1-1: config 10 has an invalid descriptor of length 0, skipping remainder of the config
[ 2332.684196][T10105] usb 1-1: config 10 has no interface number 0
[ 2332.690861][T10105] usb 1-1: config 10 interface 41 has no altsetting 0
[ 2332.703133][T10105] usb 1-1: language id specifier not provided by device, defaulting to English
[ 2332.718160][T10105] usb 1-1: New USB device found, idVendor=0499, idProduct=101b, bcdDevice=56.29
[ 2332.729578][T10105] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2332.737853][T31056] usb 4-1: new high-speed USB device number 72 using dummy_hcd
[ 2332.748710][T10105] usb 1-1: Product: ဉ
[ 2332.757627][T10105] usb 1-1: SerialNumber: syz
[ 2332.900869][T31056] usb 4-1: unable to get BOS descriptor or descriptor too short
[ 2332.917155][T31056] usb 4-1: config 10 has an invalid interface number: 41 but max is 0
[ 2332.948369][T31056] usb 4-1: config 10 has an invalid descriptor of length 0, skipping remainder of the config
[ 2332.968442][T31056] usb 4-1: config 10 has no interface number 0
[ 2332.981026][T31056] usb 4-1: config 10 interface 41 has no altsetting 0
[ 2332.993304][T31056] usb 4-1: language id specifier not provided by device, defaulting to English
[ 2333.037826][T31056] usb 4-1: New USB device found, idVendor=0499, idProduct=101b, bcdDevice=56.29
[ 2333.067455][T31056] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2333.225054][T31056] usb 4-1: Product: ဉ
[ 2333.229245][T31056] usb 4-1: SerialNumber: syz
[ 2333.789719][T12738] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2333.802407][T12738] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2333.848409][T12738] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2333.890767][T12738] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2333.996808][T12744] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2334.010546][T12744] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2334.137348][T12744] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2334.146121][T12744] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2334.866117][ T5961] usb 7-1: USB disconnect, device number 69
[ 2335.799650][T31056] usb 4-1: Found UVC 0.00 device ဉ (0499:101b)
[ 2335.836634][T31056] usb 4-1: No valid video chain found.
[ 2335.879638][T10105] usb 1-1: Found UVC 0.00 device ဉ (0499:101b)
[ 2335.888927][T31056] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[ 2335.896389][T10105] usb 1-1: No valid video chain found.
[ 2335.916971][T10105] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[ 2335.924140][T31056] snd-usb-audio 4-1:10.41: probe with driver snd-usb-audio failed with error -2
[ 2335.936892][T12771] netlink: 'syz.6.11509': attribute type 5 has an invalid length.
[ 2335.939298][T31056] usb 4-1: USB disconnect, device number 72
[ 2335.945134][T12771] netlink: 199836 bytes leftover after parsing attributes in process `syz.6.11509'.
[ 2335.958513][T10105] snd-usb-audio 1-1:10.41: probe with driver snd-usb-audio failed with error -2
[ 2335.997096][T10105] usb 1-1: USB disconnect, device number 78
[ 2336.720658][T12765] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 2336.727107][T12765] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 2336.734152][T12765] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 2336.957656][T12781] netlink: 8 bytes leftover after parsing attributes in process `syz.3.11513'.
[ 2336.978698][T12781] netlink: 8 bytes leftover after parsing attributes in process `syz.3.11513'.
[ 2337.493251][   T30] audit: type=1326 audit(1758765988.881:2656): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12778 comm="syz.0.11512" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7dce98eec9 code=0x7ffc0000
[ 2337.666933][   T30] audit: type=1326 audit(1758765988.911:2657): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12778 comm="syz.0.11512" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7dce98eec9 code=0x7ffc0000
[ 2337.782799][   T30] audit: type=1326 audit(1758765988.911:2658): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12778 comm="syz.0.11512" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f7dce98eec9 code=0x7ffc0000
[ 2337.815273][   T30] audit: type=1326 audit(1758765988.911:2659): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12778 comm="syz.0.11512" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7dce98eec9 code=0x7ffc0000
[ 2337.841902][   T30] audit: type=1326 audit(1758765988.911:2660): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12778 comm="syz.0.11512" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7dce98eec9 code=0x7ffc0000
[ 2337.962901][T32119] Bluetooth: hci1: command 0x0c1a tx timeout
[ 2337.988306][   T30] audit: type=1326 audit(1758765988.911:2661): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12778 comm="syz.0.11512" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f7dce98eec9 code=0x7ffc0000
[ 2338.077215][   T30] audit: type=1326 audit(1758765988.911:2662): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12778 comm="syz.0.11512" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7dce98eec9 code=0x7ffc0000
[ 2338.216621][   T30] audit: type=1326 audit(1758765988.911:2663): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12778 comm="syz.0.11512" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7dce98eec9 code=0x7ffc0000
[ 2338.241327][   T30] audit: type=1326 audit(1758765988.921:2664): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12778 comm="syz.0.11512" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f7dce98eec9 code=0x7ffc0000
[ 2338.266552][   T30] audit: type=1400 audit(1758765989.451:2665): avc:  denied  { ioctl } for  pid=12778 comm="syz.0.11512" path="/dev/nullb0" dev="devtmpfs" ino=696 ioctlcmd=0xae46 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[ 2338.764634][T32119] Bluetooth: hci2: command 0x041b tx timeout
[ 2338.770712][T32119] Bluetooth: hci3: command 0x0405 tx timeout
[ 2338.798106][ T5961] usb 4-1: new high-speed USB device number 73 using dummy_hcd
[ 2338.808995][T12785] loop6: detected capacity change from 0 to 63
[ 2338.962543][T10105] usb 7-1: new high-speed USB device number 70 using dummy_hcd
[ 2339.124341][ T5961] usb 4-1: unable to get BOS descriptor or descriptor too short
[ 2339.133532][ T5961] usb 4-1: config 10 has an invalid interface number: 41 but max is 0
[ 2339.141669][ T5961] usb 4-1: config 10 has an invalid descriptor of length 0, skipping remainder of the config
[ 2339.182667][T10105] usb 7-1: Using ep0 maxpacket: 8
[ 2339.194772][T10105] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[ 2339.212674][T10105] usb 7-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[ 2339.225061][ T5961] usb 4-1: config 10 has no interface number 0
[ 2339.232978][ T5961] usb 4-1: config 10 interface 41 has no altsetting 0
[ 2339.242639][T10105] usb 7-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[ 2339.260322][ T5961] usb 4-1: language id specifier not provided by device, defaulting to English
[ 2339.281762][T10105] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 2339.321313][T10105] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2339.342977][ T5961] usb 4-1: New USB device found, idVendor=0499, idProduct=101b, bcdDevice=56.29
[ 2339.362556][ T5961] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2339.382803][ T5961] usb 4-1: Product: syz
[ 2339.386978][ T5961] usb 4-1: Manufacturer: syz
[ 2339.391557][ T5961] usb 4-1: SerialNumber: syz
[ 2339.401974][T10105] usbtmc 7-1:16.0: bulk endpoints not found
[ 2339.686215][T12807] input: syz1 as /devices/virtual/input/input118
[ 2339.697634][T12791] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2339.744116][T12791] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2339.754930][T12791] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2339.771585][T12807] netlink: 'syz.0.11518': attribute type 5 has an invalid length.
[ 2339.780322][T12791] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2339.783511][T12807] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.11518'.
[ 2340.313510][   T92] usb 1-1: new high-speed USB device number 79 using dummy_hcd
[ 2340.484350][   T92] usb 1-1: unable to get BOS descriptor or descriptor too short
[ 2340.493580][   T92] usb 1-1: config 10 has an invalid interface number: 41 but max is 0
[ 2340.501818][   T92] usb 1-1: config 10 has an invalid descriptor of length 0, skipping remainder of the config
[ 2340.512024][   T92] usb 1-1: config 10 has no interface number 0
[ 2340.518256][   T92] usb 1-1: config 10 interface 41 has no altsetting 0
[ 2340.525778][   T92] usb 1-1: language id specifier not provided by device, defaulting to English
[ 2340.538929][   T92] usb 1-1: New USB device found, idVendor=0499, idProduct=101b, bcdDevice=56.29
[ 2340.548044][   T92] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2340.559592][   T92] usb 1-1: Product: ဉ
[ 2340.563810][   T92] usb 1-1: SerialNumber: syz
[ 2340.791556][T12810] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2340.809058][T12810] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2340.831622][T12810] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2340.898921][T12810] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2340.914894][ T5961] usb 4-1: Found UVC 0.00 device syz (0499:101b)
[ 2340.921291][ T5961] usb 4-1: No valid video chain found.
[ 2340.927867][ T5961] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[ 2340.942495][ T5961] snd-usb-audio 4-1:10.41: probe with driver snd-usb-audio failed with error -2
[ 2340.954887][ T5961] usb 4-1: USB disconnect, device number 73
[ 2341.726980][ T5961] usb 7-1: USB disconnect, device number 70
[ 2342.771657][T12834] netlink: 8 bytes leftover after parsing attributes in process `syz.6.11526'.
[ 2342.786945][T12834] netlink: 8 bytes leftover after parsing attributes in process `syz.6.11526'.
[ 2342.872678][T10105] usb 4-1: new high-speed USB device number 74 using dummy_hcd
[ 2342.884779][T12837] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[ 2342.914098][   T92] usb 1-1: Found UVC 0.00 device ဉ (0499:101b)
[ 2342.926169][   T92] usb 1-1: No valid video chain found.
[ 2342.938945][   T92] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[ 2342.963502][   T30] kauditd_printk_skb: 15 callbacks suppressed
[ 2342.963518][   T30] audit: type=1400 audit(1758765994.361:2681): avc:  denied  { connect } for  pid=12838 comm="syz.0.11528" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[ 2343.003381][   T92] snd-usb-audio 1-1:10.41: probe with driver snd-usb-audio failed with error -2
[ 2343.022605][T10105] usb 4-1: Using ep0 maxpacket: 16
[ 2343.032320][T10105] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 2343.042780][   T92] usb 1-1: USB disconnect, device number 79
[ 2343.064867][T10105] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[ 2343.076184][T10105] usb 4-1: config 1 has no interface number 1
[ 2343.082300][T10105] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 2343.116185][T10105] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 2343.131848][T10105] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2343.144849][T10105] usb 4-1: Product: syz
[ 2343.149208][T10105] usb 4-1: Manufacturer: syz
[ 2343.155253][T10105] usb 4-1: SerialNumber: syz
[ 2344.152557][ T5961] usb 1-1: new high-speed USB device number 80 using dummy_hcd
[ 2344.208843][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[ 2344.326361][ T5961] usb 1-1: Using ep0 maxpacket: 32
[ 2344.344128][ T5961] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2344.359048][ T5961] usb 1-1: New USB device found, idVendor=0c72, idProduct=000c, bcdDevice=d4.09
[ 2344.369135][ T5961] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2344.379697][ T5961] usb 1-1: Product: syz
[ 2344.384028][ T5961] usb 1-1: Manufacturer: syz
[ 2344.388872][ T5961] usb 1-1: SerialNumber: syz
[ 2344.403782][ T5961] usb 1-1: config 0 descriptor??
[ 2344.424568][ T5961] peak_usb 1-1:0.0 can0: sending cmd f=0x6 n=0x1 failure: -22
[ 2344.432156][ T5961] peak_usb 1-1:0.0: unable to read PCAN-USB serial number (err -22)
[ 2344.483906][ T5961] peak_usb 1-1:0.0: probe with driver peak_usb failed with error -22
[ 2345.284559][T10105] usb 4-1: 2:1 : no UAC_FORMAT_TYPE desc
[ 2345.307284][T10105] usb 4-1: USB disconnect, device number 74
[ 2345.632853][T10105] usb 4-1: new high-speed USB device number 75 using dummy_hcd
[ 2345.792651][T10105] usb 4-1: Using ep0 maxpacket: 8
[ 2345.799033][T10105] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[ 2345.807335][T10105] usb 4-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[ 2345.817552][T10105] usb 4-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[ 2345.830785][T10105] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 2345.856605][T10105] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2345.880878][T10105] usbtmc 4-1:16.0: bulk endpoints not found
[ 2346.139907][T10105] usb 1-1: USB disconnect, device number 80
[ 2346.820948][T12876] netlink: 64 bytes leftover after parsing attributes in process `syz.0.11538'.
[ 2347.339115][T12881] FAULT_INJECTION: forcing a failure.
[ 2347.339115][T12881] name failslab, interval 1, probability 0, space 0, times 0
[ 2347.351868][T12881] CPU: 0 UID: 0 PID: 12881 Comm: syz.6.11539 Not tainted syzkaller #0 PREEMPT(full) 
[ 2347.351893][T12881] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 2347.351903][T12881] Call Trace:
[ 2347.351910][T12881]  <TASK>
[ 2347.351917][T12881]  dump_stack_lvl+0x16c/0x1f0
[ 2347.351945][T12881]  should_fail_ex+0x512/0x640
[ 2347.351972][T12881]  should_failslab+0xc2/0x120
[ 2347.351993][T12881]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[ 2347.352014][T12881]  ? __alloc_skb+0x2b2/0x380
[ 2347.352039][T12881]  __alloc_skb+0x2b2/0x380
[ 2347.352059][T12881]  ? __pfx___alloc_skb+0x10/0x10
[ 2347.352077][T12881]  ? __pfx_tomoyo_socket_sendmsg_permission+0x10/0x10
[ 2347.352115][T12881]  pfkey_sendmsg+0x16e/0x850
[ 2347.352145][T12881]  ____sys_sendmsg+0xa98/0xc70
[ 2347.352172][T12881]  ? copy_msghdr_from_user+0x10a/0x160
[ 2347.352194][T12881]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 2347.352225][T12881]  ? __pfx__kstrtoull+0x10/0x10
[ 2347.352250][T12881]  ___sys_sendmsg+0x134/0x1d0
[ 2347.352274][T12881]  ? __pfx____sys_sendmsg+0x10/0x10
[ 2347.352308][T12881]  ? find_held_lock+0x2b/0x80
[ 2347.352347][T12881]  __sys_sendmmsg+0x200/0x420
[ 2347.352372][T12881]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 2347.352414][T12881]  ? fput+0x9b/0xd0
[ 2347.352437][T12881]  ? ksys_write+0x1ac/0x250
[ 2347.352464][T12881]  __x64_sys_sendmmsg+0x9c/0x100
[ 2347.352484][T12881]  ? lockdep_hardirqs_on+0x7c/0x110
[ 2347.352505][T12881]  do_syscall_64+0xcd/0x4e0
[ 2347.352530][T12881]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2347.352549][T12881] RIP: 0033:0x7f96ab58eec9
[ 2347.352564][T12881] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2347.352582][T12881] RSP: 002b:00007f96ac48a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 2347.352599][T12881] RAX: ffffffffffffffda RBX: 00007f96ab7e6180 RCX: 00007f96ab58eec9
[ 2347.352611][T12881] RDX: 000000000400008a RSI: 0000200000000180 RDI: 0000000000000006
[ 2347.352622][T12881] RBP: 00007f96ac48a090 R08: 0000000000000000 R09: 0000000000000000
[ 2347.352633][T12881] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2347.352644][T12881] R13: 00007f96ab7e6218 R14: 00007f96ab7e6180 R15: 00007ffe133c87b8
[ 2347.352689][T12881]  </TASK>
[ 2347.671151][T12885] netlink: 8 bytes leftover after parsing attributes in process `syz.0.11540'.
[ 2348.574848][   T30] audit: type=1400 audit(1758765999.961:2682): avc:  denied  { write } for  pid=12900 comm="syz.0.11546" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1
[ 2348.718181][T10105] usb 4-1: USB disconnect, device number 75
[ 2349.461666][T12887] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2350.358888][T12922] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[ 2350.511909][T12922] VFS: Can't find a romfs filesystem on dev nullb0.
[ 2350.511909][T12922] 
[ 2350.568953][T12925] netlink: 1752 bytes leftover after parsing attributes in process `syz.0.11552'.
[ 2350.742585][T10105] usb 7-1: new full-speed USB device number 71 using dummy_hcd
[ 2350.904294][T10105] usb 7-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[ 2350.927117][T10105] usb 7-1: New USB device found, idVendor=3344, idProduct=22f0, bcdDevice=ef.4d
[ 2350.947897][T10105] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2350.962532][T10105] usb 7-1: Product: syz
[ 2350.972546][T10105] usb 7-1: Manufacturer: syz
[ 2350.977156][T10105] usb 7-1: SerialNumber: syz
[ 2351.119100][T12933] FAULT_INJECTION: forcing a failure.
[ 2351.119100][T12933] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2351.163827][T12933] CPU: 0 UID: 0 PID: 12933 Comm: syz.0.11553 Not tainted syzkaller #0 PREEMPT(full) 
[ 2351.163855][T12933] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 2351.163867][T12933] Call Trace:
[ 2351.163873][T12933]  <TASK>
[ 2351.163881][T12933]  dump_stack_lvl+0x16c/0x1f0
[ 2351.163909][T12933]  should_fail_ex+0x512/0x640
[ 2351.163935][T12933]  _copy_from_user+0x2e/0xd0
[ 2351.163961][T12933]  memdup_user+0x6b/0xe0
[ 2351.163981][T12933]  strndup_user+0x78/0xe0
[ 2351.163999][T12933]  __x64_sys_mount+0x137/0x310
[ 2351.164021][T12933]  ? __pfx___x64_sys_mount+0x10/0x10
[ 2351.164051][T12933]  do_syscall_64+0xcd/0x4e0
[ 2351.164077][T12933]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2351.164096][T12933] RIP: 0033:0x7f7dce98eec9
[ 2351.164110][T12933] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2351.164126][T12933] RSP: 002b:00007f7dcf770038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2351.164143][T12933] RAX: ffffffffffffffda RBX: 00007f7dcebe6180 RCX: 00007f7dce98eec9
[ 2351.164153][T12933] RDX: 0000200000000000 RSI: 0000200000000180 RDI: 0000000000000000
[ 2351.164164][T12933] RBP: 00007f7dcf770090 R08: 00002000000001c0 R09: 0000000000000000
[ 2351.164174][T12933] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2351.164184][T12933] R13: 00007f7dcebe6218 R14: 00007f7dcebe6180 R15: 00007ffc9ce8b0e8
[ 2351.164208][T12933]  </TASK>
[ 2351.322582][T10105] usb 7-1: selecting invalid altsetting 1
[ 2351.328847][T10105] LME2510(C): Firmware Status: 00 00 00 00 00 00
[ 2351.328940][T10105] dvb_usb_lmedm04 7-1:2.0: probe with driver dvb_usb_lmedm04 failed with error -22
[ 2351.379135][T10105] usb 7-1: USB disconnect, device number 71
[ 2351.398540][   T30] audit: type=1400 audit(1758766002.791:2683): avc:  denied  { write } for  pid=12937 comm="syz.2.11556" name="ptp0" dev="devtmpfs" ino=1265 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[ 2351.723046][T12940] netlink: 8 bytes leftover after parsing attributes in process `syz.3.11557'.
[ 2352.165757][T12954] input: syz1 as /devices/virtual/input/input119
[ 2352.230196][T12955] input: syz1 as /devices/virtual/input/input120
[ 2352.241185][T12954] netlink: 'syz.6.11561': attribute type 5 has an invalid length.
[ 2352.258466][T12954] netlink: 199836 bytes leftover after parsing attributes in process `syz.6.11561'.
[ 2352.276614][T12955] netlink: 'syz.0.11560': attribute type 5 has an invalid length.
[ 2352.286828][T12955] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.11560'.
[ 2352.407355][T12959] netlink: 1752 bytes leftover after parsing attributes in process `syz.6.11563'.
[ 2353.614148][T12980] netlink: 16 bytes leftover after parsing attributes in process `syz.6.11570'.
[ 2353.854938][   T30] audit: type=1400 audit(1758766005.251:2684): avc:  denied  { mount } for  pid=12984 comm="syz.6.11571" name="/" dev="ramfs" ino=188027 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[ 2353.882809][T10105] usb 1-1: new high-speed USB device number 81 using dummy_hcd
[ 2354.044659][T10105] usb 1-1: unable to get BOS descriptor or descriptor too short
[ 2354.053433][T10105] usb 1-1: config 10 has an invalid interface number: 41 but max is 0
[ 2354.061622][T10105] usb 1-1: config 10 has an invalid descriptor of length 0, skipping remainder of the config
[ 2354.071939][T10105] usb 1-1: config 10 has no interface number 0
[ 2354.078254][T10105] usb 1-1: config 10 interface 41 has no altsetting 0
[ 2354.085732][T10105] usb 1-1: language id specifier not provided by device, defaulting to English
[ 2354.099079][T10105] usb 1-1: New USB device found, idVendor=0499, idProduct=101b, bcdDevice=56.29
[ 2354.108245][T10105] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2354.116498][T10105] usb 1-1: Product: ဉ
[ 2354.120691][T10105] usb 1-1: SerialNumber: syz
[ 2354.363526][T12971] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2354.381579][T12971] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2354.390572][T12971] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2354.400131][T12971] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2354.675892][T12995] input: syz1 as /devices/virtual/input/input121
[ 2354.702011][T12995] netlink: 'syz.6.11573': attribute type 5 has an invalid length.
[ 2354.710069][T12995] netlink: 199836 bytes leftover after parsing attributes in process `syz.6.11573'.
[ 2354.766991][T12997] netlink: 1752 bytes leftover after parsing attributes in process `syz.6.11574'.
[ 2354.897492][T13001] input: syz1 as /devices/virtual/input/input122
[ 2355.188407][   T30] audit: type=1400 audit(1758766006.581:2685): avc:  denied  { shutdown } for  pid=12998 comm="syz.6.11575" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 2355.642629][T32119] Bluetooth: hci2: command 0x041b tx timeout
[ 2356.284031][T10105] usb 1-1: Found UVC 0.00 device ဉ (0499:101b)
[ 2356.468777][T10105] usb 1-1: No valid video chain found.
[ 2356.490906][T10105] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[ 2356.547643][T10105] snd-usb-audio 1-1:10.41: probe with driver snd-usb-audio failed with error -2
[ 2356.559009][T10105] usb 1-1: USB disconnect, device number 81
[ 2356.768334][T13013] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 2356.775532][T13013] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 2356.784835][T13013] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 2357.402790][ T5961] usb 1-1: new high-speed USB device number 82 using dummy_hcd
[ 2357.512935][T13030] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[ 2357.562961][ T5961] usb 1-1: Using ep0 maxpacket: 16
[ 2357.581468][ T5961] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 2357.750141][ T5961] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[ 2357.769504][ T5961] usb 1-1: config 1 has no interface number 1
[ 2357.779695][ T5961] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 2357.811494][ T5961] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 2357.828832][ T5961] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2357.847389][ T5961] usb 1-1: Product: syz
[ 2357.864487][ T5961] usb 1-1: Manufacturer: syz
[ 2357.871367][ T5961] usb 1-1: SerialNumber: syz
[ 2357.963532][T32119] Bluetooth: hci1: command 0x0c1a tx timeout
[ 2358.087190][ T5961] usb 1-1: 2:1 : no UAC_FORMAT_TYPE desc
[ 2358.107663][ T5961] usb 1-1: USB disconnect, device number 82
[ 2358.212853][T10105] usb 4-1: new high-speed USB device number 76 using dummy_hcd
[ 2358.372515][T10105] usb 4-1: Using ep0 maxpacket: 16
[ 2358.386508][T10105] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 2358.395387][T10105] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[ 2358.404454][T10105] usb 4-1: config 1 has no interface number 1
[ 2358.410938][T10105] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 2358.426975][T10105] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 2358.436446][T10105] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2358.444613][T10105] usb 4-1: Product: syz
[ 2358.452814][T10105] usb 4-1: Manufacturer: syz
[ 2358.459048][T10105] usb 4-1: SerialNumber: syz
[ 2358.678858][T10105] usb 4-1: 2:1 : no UAC_FORMAT_TYPE desc
[ 2358.691349][T10105] usb 4-1: USB disconnect, device number 76
[ 2358.843640][ T5860] Bluetooth: hci3: command 0x0405 tx timeout
[ 2358.849661][T32119] Bluetooth: hci2: command 0x041b tx timeout
[ 2358.893909][T31056] usb 1-1: new high-speed USB device number 83 using dummy_hcd
[ 2359.044350][T31056] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 196, using maximum allowed: 30
[ 2359.055417][T31056] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 196
[ 2359.068684][T31056] usb 1-1: New USB device found, idVendor=04d9, idProduct=a055, bcdDevice= 0.00
[ 2359.077751][T31056] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2359.090621][T31056] usb 1-1: config 0 descriptor??
[ 2359.099197][T31056] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[ 2359.950494][   T30] audit: type=1326 audit(1758766011.341:2686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13054 comm="syz.2.11593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f768818eec9 code=0x7ffc0000
[ 2359.978314][   T30] audit: type=1326 audit(1758766011.341:2687): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13054 comm="syz.2.11593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f768818eec9 code=0x7ffc0000
[ 2360.006672][T13056] debugfs: '!' already exists in 'ieee80211'
[ 2360.007172][   T30] audit: type=1326 audit(1758766011.371:2688): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13054 comm="syz.2.11593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f768818eec9 code=0x7ffc0000
[ 2360.037025][   T30] audit: type=1326 audit(1758766011.371:2689): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13054 comm="syz.2.11593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f768818eec9 code=0x7ffc0000
[ 2360.061011][   T30] audit: type=1326 audit(1758766011.371:2690): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13054 comm="syz.2.11593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f768818eec9 code=0x7ffc0000
[ 2360.096292][   T30] audit: type=1326 audit(1758766011.371:2691): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13054 comm="syz.2.11593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f768818eec9 code=0x7ffc0000
[ 2360.129333][   T30] audit: type=1326 audit(1758766011.371:2692): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13054 comm="syz.2.11593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f768818eec9 code=0x7ffc0000
[ 2360.155037][   T30] audit: type=1326 audit(1758766011.371:2693): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13054 comm="syz.2.11593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f768818eec9 code=0x7ffc0000
[ 2360.180330][   T30] audit: type=1326 audit(1758766011.371:2694): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13054 comm="syz.2.11593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f768818eec9 code=0x7ffc0000
[ 2360.208928][   T30] audit: type=1326 audit(1758766011.431:2695): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13054 comm="syz.2.11593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f768818eec9 code=0x7ffc0000
[ 2360.792545][ T5961] usb 4-1: new high-speed USB device number 77 using dummy_hcd
[ 2360.946195][ T5961] usb 4-1: unable to get BOS descriptor or descriptor too short
[ 2360.964151][ T5961] usb 4-1: config 10 has an invalid interface number: 41 but max is 0
[ 2360.980690][ T5961] usb 4-1: config 10 has an invalid descriptor of length 0, skipping remainder of the config
[ 2360.992680][T31056] usb 7-1: new high-speed USB device number 72 using dummy_hcd
[ 2361.011478][ T5961] usb 4-1: config 10 has no interface number 0
[ 2361.018008][ T5961] usb 4-1: config 10 interface 41 has no altsetting 0
[ 2361.027245][ T5961] usb 4-1: language id specifier not provided by device, defaulting to English
[ 2361.052038][ T5961] usb 4-1: New USB device found, idVendor=0499, idProduct=101b, bcdDevice=56.29
[ 2361.061314][ T5961] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2361.078980][ T5961] usb 4-1: Product: ဉ
[ 2361.089624][ T5961] usb 4-1: SerialNumber: syz
[ 2361.152586][T31056] usb 7-1: Using ep0 maxpacket: 32
[ 2361.162129][T31056] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2361.184648][T31056] usb 7-1: New USB device found, idVendor=0c72, idProduct=000c, bcdDevice=d4.09
[ 2361.196688][T31056] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2361.204938][T31056] usb 7-1: Product: syz
[ 2361.209191][T31056] usb 7-1: Manufacturer: syz
[ 2361.216338][T31056] usb 7-1: SerialNumber: syz
[ 2361.223513][T31056] usb 7-1: config 0 descriptor??
[ 2361.238970][T31056] peak_usb 7-1:0.0 can0: sending cmd f=0x6 n=0x1 failure: -22
[ 2361.249128][T31056] peak_usb 7-1:0.0: unable to read PCAN-USB serial number (err -22)
[ 2361.313047][T31056] peak_usb 7-1:0.0: probe with driver peak_usb failed with error -22
[ 2361.361592][T13063] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2361.370379][T13063] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2361.662200][T31056] usb 1-1: USB disconnect, device number 83
[ 2362.042541][T31056] usb 1-1: new high-speed USB device number 84 using dummy_hcd
[ 2362.125788][   T92] ------------[ cut here ]------------
[ 2362.131659][   T92] workqueue: cannot queue hci_conn_timeout on wq hci4
[ 2362.138436][   T92] WARNING: CPU: 0 PID: 92 at kernel/workqueue.c:2255 __queue_work+0xd03/0x1160
[ 2362.147347][   T92] Modules linked in:
[ 2362.151487][   T92] CPU: 0 UID: 0 PID: 92 Comm: kworker/0:2 Not tainted syzkaller #0 PREEMPT(full) 
[ 2362.160654][   T92] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 2362.170692][   T92] Workqueue: events l2cap_chan_timeout
[ 2362.176130][   T92] RIP: 0010:__queue_work+0xd03/0x1160
[ 2362.181478][   T92] Code: 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 4b 04 00 00 48 8b 75 18 4c 89 fa 48 c7 c7 a0 03 ac 8b e8 be 1e f7 ff 90 <0f> 0b 90 90 e9 2f f7 ff ff e8 3f 7a 38 00 90 0f 0b 90 e9 b4 f5 ff
[ 2362.201062][   T92] RSP: 0018:ffffc900025dfa48 EFLAGS: 00010082
[ 2362.207108][   T92] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff817a4388
[ 2362.215052][   T92] RDX: ffff88801f7ba440 RSI: ffffffff817a4395 RDI: 0000000000000001
[ 2362.222998][   T92] RBP: ffff8880262d8948 R08: 0000000000000001 R09: 0000000000000000
[ 2362.230940][   T92] R10: 0000000000000000 R11: 0000000000175b78 R12: 0000000000000000
[ 2362.238885][   T92] R13: ffff888028260000 R14: ffff8880262d8990 R15: ffff888028260178
[ 2362.246830][   T92] FS:  0000000000000000(0000) GS:ffff8881246b2000(0000) knlGS:0000000000000000
[ 2362.255743][   T92] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2362.262298][   T92] CR2: 00007ff7638b51be CR3: 0000000075ef6000 CR4: 00000000003526f0
[ 2362.270243][   T92] Call Trace:
[ 2362.273495][   T92]  <TASK>
[ 2362.276408][   T92]  ? __cancel_work+0x2c8/0x370
[ 2362.281147][   T92]  ? clear_pending_if_disabled+0xa8/0x210
[ 2362.286841][   T92]  ? __pfx_clear_pending_if_disabled+0x10/0x10
[ 2362.292968][   T92]  __queue_delayed_work+0x35b/0x460
[ 2362.298139][   T92]  queue_delayed_work_on+0x1b5/0x200
[ 2362.303397][   T92]  l2cap_chan_del+0x5a0/0x8f0
[ 2362.308052][   T92]  l2cap_chan_close+0xfe/0xa30
[ 2362.312787][   T92]  ? __pfx_l2cap_chan_close+0x10/0x10
[ 2362.318132][   T92]  l2cap_chan_timeout+0x196/0x310
[ 2362.323128][   T92]  process_one_work+0x9cc/0x1b70
[ 2362.328042][   T92]  ? __pfx_process_one_work+0x10/0x10
[ 2362.333392][   T92]  ? assign_work+0x1a0/0x250
[ 2362.337953][   T92]  worker_thread+0x6c8/0xf10
[ 2362.342535][   T92]  ? __pfx_worker_thread+0x10/0x10
[ 2362.347626][   T92]  kthread+0x3c2/0x780
[ 2362.351663][   T92]  ? __pfx_kthread+0x10/0x10
[ 2362.356222][   T92]  ? rcu_is_watching+0x12/0xc0
[ 2362.360967][   T92]  ? __pfx_kthread+0x10/0x10
[ 2362.365533][   T92]  ret_from_fork+0x56a/0x730
[ 2362.370099][   T92]  ? __pfx_kthread+0x10/0x10
[ 2362.374656][   T92]  ret_from_fork_asm+0x1a/0x30
[ 2362.379398][   T92]  </TASK>
[ 2362.382398][   T92] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 2362.389646][   T92] CPU: 0 UID: 0 PID: 92 Comm: kworker/0:2 Not tainted syzkaller #0 PREEMPT(full) 
[ 2362.398807][   T92] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 2362.408831][   T92] Workqueue: events l2cap_chan_timeout
[ 2362.414261][   T92] Call Trace:
[ 2362.417509][   T92]  <TASK>
[ 2362.420419][   T92]  dump_stack_lvl+0x3d/0x1f0
[ 2362.424985][   T92]  vpanic+0x6e8/0x7a0
[ 2362.428941][   T92]  ? __pfx_vpanic+0x10/0x10
[ 2362.433434][   T92]  ? __queue_work+0xd03/0x1160
[ 2362.438166][   T92]  panic+0xca/0xd0
[ 2362.441856][   T92]  ? __pfx_panic+0x10/0x10
[ 2362.446252][   T92]  ? check_panic_on_warn+0x1f/0xb0
[ 2362.451331][   T92]  check_panic_on_warn+0xab/0xb0
[ 2362.456236][   T92]  __warn+0xf6/0x3c0
[ 2362.460097][   T92]  ? __queue_work+0xd03/0x1160
[ 2362.464832][   T92]  report_bug+0x3c3/0x580
[ 2362.469134][   T92]  ? __queue_work+0xd03/0x1160
[ 2362.473866][   T92]  handle_bug+0x184/0x210
[ 2362.478167][   T92]  exc_invalid_op+0x17/0x50
[ 2362.482645][   T92]  asm_exc_invalid_op+0x1a/0x20
[ 2362.487464][   T92] RIP: 0010:__queue_work+0xd03/0x1160
[ 2362.492806][   T92] Code: 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 4b 04 00 00 48 8b 75 18 4c 89 fa 48 c7 c7 a0 03 ac 8b e8 be 1e f7 ff 90 <0f> 0b 90 90 e9 2f f7 ff ff e8 3f 7a 38 00 90 0f 0b 90 e9 b4 f5 ff
[ 2362.512385][   T92] RSP: 0018:ffffc900025dfa48 EFLAGS: 00010082
[ 2362.518421][   T92] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff817a4388
[ 2362.526361][   T92] RDX: ffff88801f7ba440 RSI: ffffffff817a4395 RDI: 0000000000000001
[ 2362.534301][   T92] RBP: ffff8880262d8948 R08: 0000000000000001 R09: 0000000000000000
[ 2362.542255][   T92] R10: 0000000000000000 R11: 0000000000175b78 R12: 0000000000000000
[ 2362.550194][   T92] R13: ffff888028260000 R14: ffff8880262d8990 R15: ffff888028260178
[ 2362.558139][   T92]  ? __warn_printk+0x198/0x350
[ 2362.562878][   T92]  ? __warn_printk+0x1a5/0x350
[ 2362.567618][   T92]  ? __queue_work+0xd02/0x1160
[ 2362.572361][   T92]  ? __cancel_work+0x2c8/0x370
[ 2362.577098][   T92]  ? clear_pending_if_disabled+0xa8/0x210
[ 2362.582792][   T92]  ? __pfx_clear_pending_if_disabled+0x10/0x10
[ 2362.588929][   T92]  __queue_delayed_work+0x35b/0x460
[ 2362.594099][   T92]  queue_delayed_work_on+0x1b5/0x200
[ 2362.599356][   T92]  l2cap_chan_del+0x5a0/0x8f0
[ 2362.604017][   T92]  l2cap_chan_close+0xfe/0xa30
[ 2362.608752][   T92]  ? __pfx_l2cap_chan_close+0x10/0x10
[ 2362.614097][   T92]  l2cap_chan_timeout+0x196/0x310
[ 2362.619091][   T92]  process_one_work+0x9cc/0x1b70
[ 2362.624003][   T92]  ? __pfx_process_one_work+0x10/0x10
[ 2362.629348][   T92]  ? assign_work+0x1a0/0x250
[ 2362.633909][   T92]  worker_thread+0x6c8/0xf10
[ 2362.638475][   T92]  ? __pfx_worker_thread+0x10/0x10
[ 2362.643557][   T92]  kthread+0x3c2/0x780
[ 2362.647597][   T92]  ? __pfx_kthread+0x10/0x10
[ 2362.652157][   T92]  ? rcu_is_watching+0x12/0xc0
[ 2362.656894][   T92]  ? __pfx_kthread+0x10/0x10
[ 2362.661453][   T92]  ret_from_fork+0x56a/0x730
[ 2362.666011][   T92]  ? __pfx_kthread+0x10/0x10
[ 2362.670582][   T92]  ret_from_fork_asm+0x1a/0x30
[ 2362.675338][   T92]  </TASK>
[ 2362.678562][   T92] Kernel Offset: disabled
[ 2362.682869][   T92] Rebooting in 86400 seconds..