last executing test programs:

18.536539343s ago: executing program 3 (id=1844):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = geteuid()
quotactl_fd$Q_GETNEXTQUOTA(0xffffffffffffffff, 0xffffffff80000900, r3, &(0x7f0000000180))
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
r5 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000000c0), 0x140, 0x0)
ioctl$PTP_SYS_OFFSET(r5, 0x43403d05, &(0x7f0000000100))
r6 = syz_open_dev$audion(0x0, 0x4, 0xa0080)
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000003c0), 0x600, 0x0)
ioctl$TCSETS(r7, 0x40045431, 0x0)
r8 = syz_open_pts(r7, 0xc0000)
r9 = dup3(r8, r7, 0x0)
r10 = openat$urandom(0xffffffffffffff9c, &(0x7f0000001700), 0x400, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001d80)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32=r0, @ANYRES32=r3, @ANYBLOB="2457563d2f14b52a0120913df38a984af5b459e43390beb19c388eebf0c7a2285cc955f4fec592769621743263f2682de6dcbe254d1a7dc837da36e9d58da352f79402198b72dc469229aebd45794532d932526a011c8d3171e90e733512e9a0e9c9cbf73324966b12429c2fe5859993fef22175740b40e07923898678a8b1948f01ff52193e89abcc819f544e542e06e0d22c62af86d8dc00acfb0c734f10841bcecd164a1e1d8d6939e6e5034c372a0bcec4361183e9adb3639d537212275521a7c5517986a6c2481e214c405e09c3601e162085b57a898fba12e828882448e198167374f27f8643e402e172cc18aee522d776ce45", @ANYBLOB="000000002c000000000000000100000001000000", @ANYRES32=r1, @ANYRES32=r1, @ANYRES32=r4, @ANYRES8=r9, @ANYRESDEC, @ANYRES32=r6, @ANYRES32=r8, @ANYRES64=r0, @ANYRES32=r1, @ANYRES64=r1, @ANYRES32=r2, @ANYRES32=r2, @ANYRES16=r10, @ANYRES32=r1, @ANYRES8=r7, @ANYRES32=r2, @ANYBLOB="0000000018940000", @ANYRES16, @ANYRES32=r2, @ANYBLOB="30000000000000000100000001000000", @ANYRES32=r2, @ANYRES32=r2, @ANYRES32=r1, @ANYRES32, @ANYRES32=r1, @ANYRES32=r2, @ANYRES32=r2], 0xd0, 0xd0}}, {{&(0x7f0000001840)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000001d00)=[{&(0x7f00000018c0)}, {&(0x7f0000001980)}, {&(0x7f0000001a00)="37adc84873337daaaeb738981cfa91a2eb38256d835e0bacb002cb2b8a2d1760e1ab758d59e818824fbe2e37e617791fbf91f37d0986df19ee7a17d4310fe813e29b29887f4d537519091a48de3a1064bf23b5ecdaded4", 0x57}, {&(0x7f0000001ac0)="c9dd94", 0x3}, {&(0x7f0000001b00)="758e9e6017712a38ec70897109725e820e5f8bf56de1c2098e4c684b22e7b90746f7b75df71a1dfda8f2f130db8d1f87b61b76eef46708e266fd8108f6d04ec4847f4d0142d96805bf192bdea7008a0e684fd5170862a1298df4381c841091a25573f8302c909956c8eea191a15d4d616085ace4cade48", 0x77}, {&(0x7f0000001c80)}], 0x6, 0x0, 0x0, 0x8000}}], 0x2, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
socket$nl_xfrm(0x10, 0x3, 0x6)
statx(0xffffffffffffffff, 0xfffffffffffffffd, 0x1000, 0x20, 0x0)
add_key$user(&(0x7f00000003c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
r11 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TCSETS(r11, 0x4b72, &(0x7f0000000240)={0x1, 0x80084, 0x3, 0xe, 0x8e, "0060730000efa489040401000000000000f600"})

17.524328503s ago: executing program 3 (id=1849):
socket$nl_rdma(0x10, 0x3, 0x14)
r0 = socket$inet(0x2, 0x800, 0x4)
close(0x4)
fcntl$getownex(r0, 0x10, &(0x7f0000000000)={0x0, <r1=>0x0})
wait4(r1, &(0x7f0000000080), 0x80000000, &(0x7f00000000c0))
close(0x4)
syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/cgroup\x00')
mmap(&(0x7f00009c0000/0x3000)=nil, 0x3000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x215eb000)
close(0xffffffffffffffff)
openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000300)='net/ptype\x00')
pread64(r2, &(0x7f0000002240)=""/237, 0xed, 0x4eb)
ioctl$USBDEVFS_CONTROL(r2, 0xc0185500, &(0x7f0000000100)={0x0, 0xe, 0x2, 0x80, 0xa0, 0x8000, &(0x7f0000000040)="d88fe6d66be8e8807d19449604d1669baf2276cb31235ca0a205db679270533f161176e9249e742567013acb9c795b0c71fcc9819798789259655bae3de8670802418cc27bfcc4a48906efcfc485ebda637007fc15819cd84eaf9a2034612aa9cb34ccc8b052841c217d60747b699ac95df747cc45f0bfc44634ccc9641f4665e085b7e5d9d058a955b712528a94380746b8e351222f305f43e6be97a9abef22"})
r3 = getpid()
sched_setscheduler(r3, 0x1, &(0x7f0000000200)=0x7)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x5, &(0x7f0000000400)=ANY=[@ANYRESDEC, @ANYBLOB="b3fb8da68b931fbd4c42bd54f1dfb13401b203814666fa5efd9f5c2a7ba7085ca7cb8704993ebb00cb372a7145c3b2eba23c8e14ab0f3c722c87e56d9a28e8ea7fdd4cb773b9c33d220a976cda474587d52bea205b260b466e154d968c8a671ecc2877b2d5073bc0", @ANYRESHEX, @ANYRES8=r3], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2b, r2}, 0x94)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000004640)={0x0}}, 0x81)
r4 = syz_io_uring_setup(0x10f, &(0x7f00000000c0)={0x0, 0x78bf, 0x0, 0x40204, 0x100039}, &(0x7f0000000340)=<r5=>0x0, &(0x7f0000000f80)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000040)=0xefefffd7, 0x0, 0x4)
sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB='>'], 0x38}}, 0x80)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r7, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r7, 0x0)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_ACCEPT={0xd, 0x8, 0x1, 0xffffffffffffffff, 0x0})
io_uring_enter(r4, 0x3516, 0xc2de, 0x8, 0x0, 0x0)
socket(0x14, 0x2, 0x4)
listen(r0, 0x3)

17.083158526s ago: executing program 3 (id=1850):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'macvlan0\x00', <r1=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000040)={'batadv0\x00', <r2=>0x0})
r3 = socket$igmp6(0xa, 0x3, 0x2)
r4 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
r5 = gettid()
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x16, 0x4, &(0x7f0000000500)=ANY=[@ANYBLOB], &(0x7f0000000000)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41100, 0x7, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r6, 0x0, 0x7, 0x0, &(0x7f0000000900)="e02742e8680d85", 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x10000000001, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1400200bce)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
cachestat(r7, &(0x7f0000000240)={0x3, 0x8}, &(0x7f0000000280), 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
r8 = syz_open_dev$sndctrl(&(0x7f00000002c0), 0x9, 0x400)
ioctl$SNDRV_CTL_IOCTL_ELEM_INFO(r8, 0xc1105511, &(0x7f0000000680)={{0x4, 0x2, 0x6, 0xc3b, 'syz1\x00', 0x8}, 0x4, 0x100, 0x7f, r5, 0x4, 0x3, 'syz1\x00', &(0x7f0000000300)=['\x00', '\x00', 'system.posix_acl_access\x00', 'system.posix_acl_access\x00'], 0x32})
r9 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r9, &(0x7f0000002700)=""/102392, 0x18ff8)
r10 = socket$inet(0x2, 0x2, 0x1)
setsockopt$inet_mreqn(r10, 0x0, 0x20, 0x0, 0x300)
socket$kcm(0x10, 0x2, 0x0)
r11 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
mmap(&(0x7f0000fa3000/0x4000)=nil, 0x4000, 0x1000003, 0x13, r11, 0xdd81000)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000a40), 0x4)
r12 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r12, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="6000000002060103000000000000000000000004050001000700000013000300686173683a6e65742c696661636500000900020073797a30000000000500040000000000050005000a0000001400078005"], 0x60}}, 0x0)
setsockopt$MRT6_TABLE(r3, 0x29, 0xcf, &(0x7f0000000080)=0xfc, 0x4)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000b40)=@newlink={0x44, 0x10, 0x401, 0x20000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x8003}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r1}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x44}, 0x1, 0x0, 0x0, 0x240008c4}, 0x4054)

15.731948785s ago: executing program 3 (id=1855):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r1 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$inet6_int(r1, 0x29, 0x1000000000021, &(0x7f0000000200)=0xffffffff, 0x4)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
socket$can_raw(0x1d, 0x3, 0x1)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
r4 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_IO(r4, 0x2285, 0x0)
r5 = fcntl$dupfd(r4, 0x0, r4)
write$sndseq(r5, 0x0, 0x0)
read$FUSE(r5, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0)
r6 = openat$random(0xffffffffffffff9c, &(0x7f00000003c0), 0x40202, 0x0)
sendfile(r6, r6, 0x0, 0x4800000009)

12.732762579s ago: executing program 2 (id=1860):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
ioctl$SW_SYNC_IOC_INC(0xffffffffffffffff, 0xc0105702, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
ioctl$sock_netrom_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1ff, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r0, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, 0x0}], 0x1, 0x72, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3)
sched_setaffinity(0x0, 0xfffffffffffffd7a, &(0x7f0000000580)=0x8000000002)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f0000000400), 0x0, 0x0)
read$msr(r4, &(0x7f000001aa40)=""/102392, 0x18ff8)
setsockopt$inet6_udp_encap(0xffffffffffffffff, 0x11, 0x64, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x100000000000000)

12.268220901s ago: executing program 2 (id=1862):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x20}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_GETMODE(r2, 0x5601, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
close_range(r3, 0xffffffffffffffff, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmsg$inet(r5, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r4, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000014c0), 0xe8}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
sendmsg$inet(r7, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r6, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff)
r8 = openat$rtc(0xffffff9c, &(0x7f0000000040), 0xa200, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0x635c, 0x1f480, 0x0, 0x399})
readv(r8, &(0x7f0000000000)=[{&(0x7f00000012c0)=""/191, 0x4}], 0x3)
openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)

9.289269569s ago: executing program 0 (id=1866):
r0 = syz_io_uring_setup(0x810, &(0x7f0000000480)={0x0, 0x5c2d, 0x80, 0x2, 0x12c}, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffff8, 0x0, 0x4) (async)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2f, 0x25, 0x0, 0x2000004}]}, 0x10) (async)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_FADVISE={0x18, 0xe5, 0x0, @fd, 0xff, 0x0, 0x0, 0x1}) (async)
r3 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev}, &(0x7f0000000040)=0x1c, 0x0)
ioctl$sock_SIOCGIFVLAN_SET_VLAN_FLAG_CMD(r3, 0x8982, &(0x7f0000000080)={0x7, 'lo\x00', {0x9}, 0x9c}) (async)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="9feb010018000000000000003c0000003c000000040000000000df00000000034f720dfe91c23f00000000040000000400000003000000000000000000000500000000020000000000000802000000000000000000000a03"], 0x0, 0x58}, 0x28) (async, rerun: 64)
io_uring_enter(r0, 0x22d0, 0x20, 0x0, 0x0, 0x0) (rerun: 64)

9.052205419s ago: executing program 2 (id=1868):
syz_io_uring_setup(0x18d7, &(0x7f0000000040)={0x0, 0x0, 0x2, 0x0, 0x17b}, &(0x7f0000ffe000), &(0x7f0000ffe000))
openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
userfaultfd(0x80001)
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000002140)={0x2020}, 0x2020)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="12000000040000000400000008"], 0x48)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0900000008000000800000004000000042000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000000000000000000000000000000000000000005ad314fcfcd9027525fe9e786a91d2a4ef5f7473e14e841f224efb5b820a51fbba1932f57089f3676c1250065cdf33a8fb45549c16a3ac0eb829dfc5155c5320bf9f5ebfc4ec9b5d15cacfda4ea1bf8b7fc6a7b20d3ef72af2f05e9c9ba40de3e2c5dfb30aa0f7c41d7a118d037356658cd95430d4b8bbfa6999e142c8adb04b257849dd"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @flow_dissector=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r2, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x4002000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

8.727227237s ago: executing program 2 (id=1870):
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/wireless\x00')
msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x0)
socket$inet(0xa, 0x801, 0x84)
r1 = socket$packet(0x11, 0x3, 0x300)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$ipvs(0x0, r2)
getsockname$packet(r2, &(0x7f0000000140)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000005c0)=0x56)
sendto$packet(r1, &(0x7f0000000400)="05d936277c6f5422007f83477ca1b278e3e4018a34e7bfd3de1a00ad6762646c95c716727eb53b", 0x27, 0x40880, &(0x7f0000000200)={0x11, 0x86dd, r3, 0x1, 0x4, 0x6, @local}, 0x14)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r5 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$uinput_user_dev(r5, &(0x7f0000000cc0)={'syz0\x00', {}, 0x3, [0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f9, 0x100, 0x0, 0x101, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x2, 0x0, 0x0, 0x0, 0x3, 0xe, 0x721a2d63, 0x0, 0x8, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x400, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x6], [0x0, 0x0, 0x0, 0x0, 0x63c, 0x10, 0x8, 0x7f, 0x0, 0xfffffffd, 0x6, 0x197a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x289, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x0, 0xa46, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x71, 0x0, 0x0, 0x0, 0xffffffff, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x10000], [0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x5, 0x8, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x3, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0xfffffffe], [0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x1000008, 0xc7, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x3, 0x0, 0x3, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2, 0x0, 0xffffff00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7, 0x0, 0x6, 0x0, 0x0, 0x0, 0xbffffffd, 0x400, 0xffffffff, 0xfffffffc, 0x40, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x4]}, 0x45c)
r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb01001800000000000000180000001800000004000000020000000100000c02000000000000000000000d0000000000005f"], 0x0, 0x34}, 0x20)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0xc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r6, 0x8, &(0x7f00000000c0)={0x0, 0x1}, 0x8}, 0x94)
ioctl$UI_DEV_SETUP(r5, 0x5501, 0x0)
readv(r7, &(0x7f0000000080)=[{&(0x7f0000000040)=""/64, 0x40}, {&(0x7f0000001340)=""/80, 0x50}, {&(0x7f00000013c0)=""/153, 0x99}], 0x3)
preadv(r0, &(0x7f00000026c0)=[{&(0x7f0000000240)=""/4088, 0xff8}], 0x1, 0x15f, 0x0)
sendmsg$IPCTNL_MSG_EXP_NEW(r2, &(0x7f00000012c0)={&(0x7f0000000180), 0xc, &(0x7f0000001280)={&(0x7f0000001240)={0x28, 0x0, 0x2, 0x201, 0x0, 0x0, {0x7, 0x0, 0x9}, [@CTA_EXPECT_HELP_NAME={0x9, 0x6, 'snmp\x00'}, @CTA_EXPECT_ZONE={0x6, 0x7, 0x1, 0x0, 0x3}]}, 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x800)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x18, 0x3, &(0x7f0000000300)=@framed, 0x0, 0x2, 0x0, 0x0, 0x0, 0x8}, 0x94)
r8 = socket$packet(0x11, 0x2, 0x300)
recvmmsg(r8, &(0x7f0000006500)=[{{0x0, 0x0, 0x0}, 0x401}], 0x1, 0x10042, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

8.460556093s ago: executing program 2 (id=1871):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
timer_create(0x0, &(0x7f00000002c0)={0x0, 0x21, 0x2}, &(0x7f0000000b80)=<r1=>0x0)
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
ioperm(0x101, 0xa, 0x8)
timer_settime(r1, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
pipe2(&(0x7f0000000580)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$P9_RGETLOCK(r3, &(0x7f0000000040)=ANY=[], 0xffffff6a)
pipe2(&(0x7f0000000200)={0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
tee(r2, r4, 0xfffffffffffffc01, 0x0)
tee(r2, r4, 0x60000000000, 0x0)
sendmsg$NLBL_MGMT_C_ADDDEF(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='L\x00UJ', @ANYRES16, @ANYBLOB="01000000000000000000040000001400050003030000000a0000005dc00000000001080002"], 0x4c}}, 0x4040000)

7.911991519s ago: executing program 0 (id=1872):
r0 = syz_usb_connect(0x3, 0x36, &(0x7f0000000080)=ANY=[], 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x1000000}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000000)={&(0x7f0000b32000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000001c0)=0x40)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x5, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x34, 0x2, 0x6, 0x5, 0x0, 0x0, {0x1, 0x0, 0x3}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0xd1}, @IPSET_ATTR_NETMASK={0x5, 0x14, 0x4}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x2404c822}, 0x8000)
r4 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_SUBDEV_QUERY_DV_TIMINGS(r4, 0x80845663, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r5=>0xffffffffffffffff})
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="12000000060000000800000002"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r6, <r7=>0xffffffffffffffff}, &(0x7f0000000180), &(0x7f0000000100)=r5}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000200)={r6}, 0x4)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000240)={r7, 0x0, 0x0}, 0x20)
madvise(&(0x7f0000735000/0x1000)=nil, 0x1000, 0x65)
r8 = socket$nl_route(0x10, 0x3, 0x0)
r9 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r9, 0x8933, &(0x7f0000000000)={'vxcan0\x00'})
r10 = fsopen(&(0x7f0000000140)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r10, 0x6, 0x0, 0x0, 0x0)
r11 = fsmount(r10, 0x0, 0x0)
r12 = openat$cgroup_procs(r11, &(0x7f00000001c0)='cgroup.threads\x00', 0x2, 0x0)
readv(r12, &(0x7f0000000780)=[{&(0x7f0000000580)=""/225, 0xe1}, {&(0x7f0000000400)=""/102, 0x66}, {0x0}], 0x3)
close_range(r8, 0xffffffffffffffff, 0x0)
openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000380), 0x4401, 0x0)

7.439319167s ago: executing program 2 (id=1874):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
r1 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000000)={0x9, 0xfffffffe}, 0x10)
write(r1, &(0x7f00000000c0)="240000001e005f0214fffffffffffff80700000001000000000000000800080002000000", 0x24)
r2 = accept4(r0, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000200)="ad00"/16, 0x10)
recvmmsg(r2, &(0x7f0000002440), 0x3ffffffffffff67, 0x0, 0x0)
ioctl$sock_bt_hidp_HIDPGETCONNLIST(r2, 0x800448d2, &(0x7f00000001c0)={0x3, &(0x7f0000000240)=[{@none}, {@fixed}, {@fixed}]})
r3 = userfaultfd(0x80801)
bind$tipc(r2, &(0x7f0000000080)=@id={0x1e, 0x3, 0x1, {0x4e23, 0x1}}, 0x1)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x100})
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x1})
ioctl$UFFDIO_ZEROPAGE(r3, 0xc020aa08, &(0x7f0000000000)={{&(0x7f0000ffd000/0x2000)=nil, 0x2000}, 0x1})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000100)={0x2, 0x3, 0xffffe000, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
rt_sigprocmask(0x0, &(0x7f00000000c0)={[0xffffffffffffffff]}, 0x0, 0x8)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbeef, 0x10, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x1032, r2, 0x21d67000)
r7 = socket$inet6(0xa, 0x5, 0x3)
getsockopt$inet6_mreq(r7, 0x29, 0x7, 0x0, &(0x7f0000000100))

7.20812268s ago: executing program 1 (id=1875):
r0 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'netdevsim0\x00', <r1=>0x0})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
get_mempolicy(0x0, &(0x7f0000000100), 0x2, &(0x7f0000ffc000/0x3000)=nil, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x8081)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
sendto$inet(0xffffffffffffffff, &(0x7f0000000140)='^', 0x34000, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10)
r4 = socket$inet(0x2, 0x801, 0x4000000)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0xe8, 0x0, 0x0)
r8 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SYS_GET(r8, 0x0, 0x4008050)
bind$inet(r4, &(0x7f0000000000)={0x2, 0x4e23, @multicast2}, 0x10)
socket$packet(0x11, 0xa, 0x300)
sendto$inet(r4, 0x0, 0x1, 0x2004cfe9, &(0x7f0000000180)={0x2, 0x4e23, @loopback}, 0x10)
sendto$inet(r4, &(0x7f0000000040)="ee", 0x1, 0x20004010, 0x0, 0x0)
splice(r4, 0x0, 0xffffffffffffffff, 0x0, 0x7ffff000, 0x3)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000005a40)=ANY=[@ANYBLOB="b40000001000090400000000000000160d0ddd00", @ANYRES32=0x0, @ANYBLOB="fffffffed9526cfd8400128009000100766c616e000000007400028006000100000600000c000200367da1650e000000280003800c00010001800000002000000c000100a1000000c84200000c0001000800000008000000340004800cef010006000000ff0300000c00010004000000080000000c00010004000000020000000c000100050000000300000008000500", @ANYRES32=r1], 0xb4}}, 0x0)

4.691919535s ago: executing program 0 (id=1877):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x6, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r1, 0x5, 0xe, 0x0, &(0x7f0000000080)="007dfbcf373ffdd0ba88c4f4cdbc", 0x0, 0x1, 0xf000000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x6}, 0x50)

4.165771713s ago: executing program 1 (id=1878):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x101})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4000}, 0x6e)
mremap(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000, 0x2, &(0x7f000061d000/0x4000)=nil)
close(0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0))
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x12, 0x5, 0x4, 0x2, 0x4, 0xffffffffffffffff, 0x1}, 0x50)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000300)={r5, &(0x7f00000000c0), &(0x7f0000000100)=@tcp6=r4, 0x1}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r5}, &(0x7f0000000040), &(0x7f0000000140)=r4}, 0x20)
bpf$MAP_DELETE_ELEM(0x3, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x0)
read$msr(r6, &(0x7f0000001a40)=""/102392, 0x18ff8)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x15, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000300)={@flat=@weak_binder={0x77622a85, 0x100a, 0x8000000000}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}, @fd={0x66642a85, 0x0, r1}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000580)="b3185d7bb56f70f003360fa8bf71ac3086aedebf6fff904f92849a7a07395ee7f0e4cb1d78001c08a0ab73ffcf5ad07693727980eea946e6cba1723e81bfa5c3688803c8a124dcb27df7938e7ddfdd52"})
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, 0x0)

4.123798226s ago: executing program 0 (id=1879):
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000140)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000002240)={0x38, 0x0, 0x20, 0x5, 0xd20a, 0x2, 0x8, 0x4, 0x4, 0x4}, 0x0)
syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x28040)
r2 = socket(0x10, 0x3, 0x0)
write(r2, &(0x7f0000000180)="2000000012005f0214f9f4070000fbe40a0000000000", 0x41d)
recvmmsg(r2, &(0x7f0000000580)=[{{0x0, 0x0, &(0x7f0000001500)}, 0x6}], 0x1, 0x40000020, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0100000005000000fd0900008400000005010000", @ANYRES32, @ANYBLOB="000000000000000000000000eae4fa38bb07af1f", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0xffffffffffffffff, 0x0, &(0x7f00000000c0), &(0x7f0000000100), 0x800, r3}, 0x38)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x38011, 0xffffffffffffffff, 0x0)
bpf$MAP_LOOKUP_BATCH(0x19, &(0x7f0000000800)={0x0, &(0x7f0000000840)=""/121, &(0x7f0000000680), &(0x7f0000000540), 0x6c, r3}, 0x38)

3.745364242s ago: executing program 4 (id=1880):
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip_vti0\x00', &(0x7f0000000000)=@ethtool_wolinfo={0xa, 0x0, 0x800, "2d51305d39af"}})
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50)
sendto$packet(0xffffffffffffffff, &(0x7f0000000000)='1', 0x1, 0x0, 0x0, 0x0)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
poll(&(0x7f00000004c0)=[{}, {0xffffffffffffffff, 0x8}], 0x2, 0x0)
ioctl$SNDRV_TIMER_IOCTL_CREATE(0xffffffffffffffff, 0xc02054a5, &(0x7f00000000c0)={0x2, <r2=>r0, 'id1\x00'})
r3 = socket$packet(0x11, 0x3, 0x300)
sendto$packet(r3, 0x0, 0x0, 0x40008c0, &(0x7f00000000c0)={0x11, 0x86dd, 0x0, 0x1, 0x4, 0x6, @local}, 0x14)
r4 = socket$inet6(0xa, 0x2, 0x0)
r5 = socket(0x18, 0x803, 0x0)
sendmsg$SMC_PNETID_GET(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14)
sendmsg$nl_route(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="640000001000370403000000ffffffff00000000", @ANYRES32=r6, @ANYBLOB="0b1b050000000000440012800b00010069703667726500003400028008000100", @ANYRES32, @ANYBLOB="14000600fe8000000000000000000000000000aa1400070000000000000000000000000000bb"], 0x64}, 0x1, 0x0, 0x0, 0x48810}, 0x4000010)
r7 = socket$inet_smc(0x2b, 0x1, 0x0)
sendmmsg$inet(r7, &(0x7f0000006ac0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x240448d5)
r8 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$DCCPDIAG_GETSOCK(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000640)={0x4c, 0x14, 0x511, 0x0, 0x0, {0x2b, 0x0, 0x0, 0x1, {0x4e22, 0x4, [], [0x0, 0x0, 0x0, 0x3]}, 0x4}}, 0x4c}, 0x1, 0x0, 0x0, 0x4000840}, 0x8004)
sendmmsg$inet(r4, &(0x7f0000000440)=[{{&(0x7f0000000000)={0x2, 0x4e24, @multicast2}, 0x10, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="100000000000000000110000070000001c000000000000000000000008000000", @ANYRES32=r6, @ANYBLOB="00000000ac1e000103000000"], 0x30}}], 0x1, 0xc0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(0xffffffffffffffff, 0x3ba0, &(0x7f0000000140)={0x48, 0x2, 0x0, 0x0, 0x0, <r9=>0x0})
socket$inet_smc(0x2b, 0x1, 0x0)
r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r11 = socket$kcm(0x10, 0x2, 0x0)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r11, 0x8982, &(0x7f0000000400)={0x0, 'batadv0\x00', {0x5}})
ioctl$sock_SIOCGPGRP(r11, 0x8904, &(0x7f0000000500))
r12 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r10, &(0x7f0000000480)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000340)={&(0x7f0000000600)={0x14, r12, 0x100, 0x70bd26, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x6841}, 0x20000000)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$IOMMU_DESTROY$hwpt(r2, 0x3b80, &(0x7f00000001c0)={0x8, r9})
bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r1, &(0x7f0000000000), 0xd)

3.66151546s ago: executing program 1 (id=1881):
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/wireless\x00')
msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x0)
socket$inet(0xa, 0x801, 0x84)
r1 = socket$packet(0x11, 0x3, 0x300)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$ipvs(0x0, r2)
getsockname$packet(r2, &(0x7f0000000140)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000005c0)=0x56)
sendto$packet(r1, &(0x7f0000000400)="05d936277c6f5422007f83477ca1b278e3e4018a34e7bfd3de1a00ad6762646c95c716727eb53b", 0x27, 0x40880, &(0x7f0000000200)={0x11, 0x86dd, r3, 0x1, 0x4, 0x6, @local}, 0x14)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r5 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$uinput_user_dev(r5, &(0x7f0000000cc0)={'syz0\x00', {}, 0x3, [0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f9, 0x100, 0x0, 0x101, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x2, 0x0, 0x0, 0x0, 0x3, 0xe, 0x721a2d63, 0x0, 0x8, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x400, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x6], [0x0, 0x0, 0x0, 0x0, 0x63c, 0x10, 0x8, 0x7f, 0x0, 0xfffffffd, 0x6, 0x197a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x289, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x0, 0xa46, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x71, 0x0, 0x0, 0x0, 0xffffffff, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x10000], [0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x3, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x5, 0x8, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x3, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0xfffffffe], [0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x1000008, 0xc7, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x3, 0x0, 0x3, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2, 0x0, 0xffffff00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7, 0x0, 0x6, 0x0, 0x0, 0x0, 0xbffffffd, 0x400, 0xffffffff, 0xfffffffc, 0x40, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x4]}, 0x45c)
r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb01001800000000000000180000001800000004000000020000000100000c02000000000000000000000d0000000000005f"], 0x0, 0x34}, 0x20)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1800}}, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r6, 0x8, &(0x7f00000000c0)={0x0, 0x1}, 0x8}, 0x94)
ioctl$UI_DEV_SETUP(r5, 0x5501, 0x0)
readv(r7, &(0x7f0000000080)=[{&(0x7f0000000040)=""/64, 0x40}, {&(0x7f0000001340)=""/80, 0x50}, {&(0x7f00000013c0)=""/153, 0x99}], 0x3)
preadv(r0, &(0x7f00000026c0)=[{&(0x7f0000000240)=""/4088, 0xff8}], 0x1, 0x15f, 0x0)
sendmsg$IPCTNL_MSG_EXP_NEW(r2, &(0x7f00000012c0)={&(0x7f0000000180), 0xc, &(0x7f0000001280)={&(0x7f0000001240)={0x28, 0x0, 0x2, 0x201, 0x0, 0x0, {0x7, 0x0, 0x9}, [@CTA_EXPECT_HELP_NAME={0x9, 0x6, 'snmp\x00'}, @CTA_EXPECT_ZONE={0x6, 0x7, 0x1, 0x0, 0x3}]}, 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x800)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x18, 0x3, &(0x7f0000000300)=@framed, 0x0, 0x2, 0x0, 0x0, 0x0, 0x8}, 0x94)
r8 = socket$packet(0x11, 0x2, 0x300)
recvmmsg(r8, &(0x7f0000006500)=[{{0x0, 0x0, 0x0}, 0x401}], 0x1, 0x10042, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

3.403026805s ago: executing program 4 (id=1882):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x103)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
lsetxattr$trusted_overlay_origin(&(0x7f0000000180)='./file1\x00', &(0x7f0000000000), &(0x7f0000000100), 0x2, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r0, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0)
dup(r1)
sendmmsg$sock(0xffffffffffffffff, &(0x7f0000001500)=[{{&(0x7f0000000600)=@can, 0x80, &(0x7f0000000680)=[{&(0x7f0000000980)}, {&(0x7f0000000780)="92bdcafd7ac9e21583ea71b9eb5feeb69b7eeb919260393d59069611e6d460fd38481da64e5ad543477ed7b768b1a06c0a5d60edf6c5610c123e3572a7c3bd74b7bd876c6f1c54709ef06cb9187fa5ddecc04cdc8fd3e74782c0aa0579531662e6d5fcdddc53becdd0b8a59c3a97fe428e75e7707525647bd822", 0x7a}, {&(0x7f0000000580)}, {&(0x7f0000000a80)="190e431aa3b287c28be2f5404c8034cc87b917c381ccff6f8d431e872be3df64fee6c95001ceff12f2e942df6a8738cd4ad9ef7ad532fd0c824bf8d36d616e99807b3be837b3145efe65f7c6b66b9813e122d9be7799ebf0160d4bd329ac230e639a58a6538ec01e2de41722469556b03344f32eac19", 0x76}], 0x4}}], 0x1, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000f80)=[{{&(0x7f0000000340)={0xa, 0x4e20, 0x80000000, @empty, 0x7}, 0x1c, 0x0}}], 0x1, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f00000001c0)={{0xeeee8000, 0x4, 0x3, 0xf1, 0x5, 0xfa, 0xd4, 0x6, 0x0, 0x4, 0x7, 0x4f}, {0x5000, 0x2, 0xd, 0x9, 0x8, 0x3, 0xb, 0x90, 0x5, 0xf, 0x3, 0xc0}, {0xffff1000, 0x8000000, 0xb, 0x1, 0x2, 0x7, 0x4, 0x4, 0x81, 0x0, 0x6, 0x5}, {0xeeee8000, 0x2000, 0x8, 0xfc, 0x3, 0x46, 0x2, 0xd, 0x6, 0xf3, 0x8, 0x1}, {0x100000, 0x4000, 0x9, 0x9, 0x3, 0x9, 0xd, 0x6, 0x5, 0x9, 0xc, 0x4b}, {0x6000, 0x0, 0x4, 0x44, 0x3, 0x7d, 0x1, 0x1, 0x4, 0x90, 0x1, 0xfe}, {0x8000000, 0x4000, 0x0, 0x9d, 0x3, 0x0, 0x0, 0xb, 0x5, 0x7, 0x9, 0xf8}, {0xf7f63004, 0x8000000, 0xf, 0x5, 0x7, 0x3, 0xa, 0xfd, 0x54, 0x1, 0x2, 0x7}, {0xdddd1000, 0x5}, {0x4, 0x9}, 0x40030000, 0x0, 0x80a0000, 0x300, 0x1, 0x8000, 0xe6e70c00, [0x3, 0x401, 0x3, 0xc]})
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6)
ioctl$XFS_IOC_ATTRMULTI_BY_HANDLE(r2, 0x4048587b, &(0x7f0000001280)={{r3, &(0x7f0000000300)='-\x00', 0x30081, &(0x7f0000000500)={@align, {0x0, 0x100, 0x0, 0x80000000}}, 0x1, 0x0, &(0x7f0000000580)=0x771c}, 0x9, &(0x7f0000001580)=[{0x3, 0x9, &(0x7f00000006c0)='/dev/kvm\x00', &(0x7f0000000880)="7bf6c0549d5fcf3fe6a019493b2ea47964e083a7734d0b9c311e443aea42b9c1ff77ba37ca99a4948b31a8d5c6a73805ab57aa7a7cdc2d7974d7b53806a71f25421e83a7ae8edc3a1686a80f3e78738f8d5a176a575bc24cdbd6325c09f3a6c205d48815f968ac0f90975d499d311a5b", 0x70, 0xa}, {0x1, 0x6, &(0x7f0000000700)='\\\x00', &(0x7f0000000980)="f93584b84289c1f39df51ea5cfcc4d9b16514ff6a605241a83f7c2f472a664167d2b2394c029966cc137ee5837c484516fe0eed68afe5494b1d05b9a8ade17fc5341535e49c7147856eb8ca77ecf0dbeb8ffeb63143a3f0d470a3a43b8cac826a6ff529d38b3f79510ff57ca112eb471881bb419", 0x74, 0x12}, {0x1, 0x6, &(0x7f0000000740)='/dev/kvm\x00', &(0x7f0000000b40)="2230a1da687713fe791914f529a9cc21648f45bc2e3d1b329778607776b8bf8d9c2edfdc435cb99711fa802e2895539683c725e191de26ebcba132f79092907ad0e691b2fdda1b89acae1a5ac3ff61025d3a5b38f9c9052cc94c56c65fed6065d637acd5677ecc95141276539884b99a97afe7e0b3c9a3af517d7615043919cd10300c3755b1dcd9376fdf117b72bd0cf0e32b2feab28c8cf9d0ff9479834f22b1fe64b9b691fb3b16809e6c9ab3119344e9e15eb38490050b5e52b531060b8895327f79f889c4fb423084fff03fa3e629695ccd5bb7375c7569d92fee65492e8d304ac271174a6c3cd3cb4b63e784fc2e63538d9352940f", 0xf8, 0x10}, {0x1, 0xffffffff, &(0x7f0000000a00)='\x00', &(0x7f0000000e00)="789a926ed498fd2f7f2610fe21915019a3107d2659652d853823435ca59ffc9581d78a2f10823d716e9629f9dbb2477c4da9dcc262593d9ebf01178227ce92108db222e37777bb5a02fa878d41cb7e34c08a83f762570cbf89d7ef3dc22193ea5ca1ef6ebc18ab043c50c34e8aad34de81bd779ac5e45a6a713342fd3b53ca30de97c14f333f0dfcb0d7f3096dcd2ee09aab7aa31a483e5d86bd56145d697fd5ca43c1ed4a37f598a11e6c531c05dc7e53d22a60d158f9690681fdb28db94c0271bb7e37a2a646012b14d46310c0d61d0549106f21fabb480fdc3bd32ce1c4fb92cdb1d54a54d01f8cb745", 0xeb, 0x22}, {0x3, 0x0, &(0x7f0000000a40)='cbc-cast5-avx\x00', &(0x7f0000000c40)="6993abfcc045ea0a336ffd1a872dfa3a1f0823f4d7b60190004a4c53f58a0d3eaf388a6fe6bc11f64c134620f3d6c6fa3ab3c9a9fb87a0b19cfd8c6ce504cf", 0x3f, 0x18}, {0x2, 0xde, &(0x7f0000000c80)='-$&/$#\x00', &(0x7f00000010c0)="13e4cc05c80bfa216dfd4d99d1fc11da5144c80628aaa0d843f0700f9e4ae7222c4c093ee75396d8d600c18b8e1d5ab9030304e68f48f6827cdd486efea2204f0ee29af0a2b44e94b5a682b8c174e921c5473befc0cf91d60940208e34cb5efeecd2919b7a8d8d09c856e9c06bd39e4a8ab7a5a18f2e082604703209c0f2b29d0c22a53c6141dafc17cfd51b5bbf9bf9e586264daa55222cda0c76b8f9eb9462cd9ade6e6dd78f5647073a487e", 0xad, 0x6}, {0x2, 0x0, &(0x7f0000000cc0)='/dev/kvm\x00', &(0x7f0000001180)="97498fec3fe110bbdd82f340b42195190f8634fbbbeb0b14cd3d7d6da02abdf00316819d4806a7bba60a2b69387faed0454983a5aeb56ac38ac2fa5d2ddb709a6a0b9c79959bec1584d4e276dc937b2ddd98e5b9a89ccb839f1b1cc2fdc7b22e973a9afc3099753924e54ee0f39b89430495eeacc5c7dee1a944b037e2684dbf90476037b3e031e41d8a62adcacf39769dc7f5b47f689967f28e92751c896c4935f051", 0xa3, 0x22}, {0x2, 0x10000, &(0x7f0000000f00)='\x00', &(0x7f0000000f40)="d7466f93ff09a55c4352f365914ed4c7bfc7d526688f", 0x16, 0x28}, {0x1, 0x7ff, &(0x7f0000001240)='#]^\x00', &(0x7f0000002840)="64fa6c37f4ccd9a70242de9ff1fabdac0e3e81071f4b7e61e9792ee514c82372139b247501e2dbae2d1f40ef813fd09096d69b38c2a972c24d6943e9ec67e67e51bc6c6c62e64f389d8b7264342cc9db25519fac6be76fbca1a4706fa3704908fd6880a8e2d9c591884cb639b0c2456cd235805e57c528bff43efea011f702cd3f3c21b1e2def701576775d5c95be49b158f857c7a73b93657999dc72a448c2561611dc8fd154fc0659439bafb97247c148ad99fbc4342f46b76246cebe4d44640cc693d3090fd47c5b7115dfcb275b82176d74c3090594645941d13e4ca6fd26f63fc8b26d4133a204ad9678f4451bc8a5b432d737f3f365f4cee3431ce28cd22331f5c4b2d8e78c5c1d5a286316412be80552cd2edb15fce4fec34c11ed4c923c6386c9b8118184057e705756b0f2aad5c199326f74b5e0adda86a399316a10e8852a59ebb6b7d6be39fbb8d84b0766b909d7d284068437852ad087e43b3fed6e03cabc13924ed2942ce2e5fa686caa5456f276389e3f0fac0cb650af60cc81280eaeb22e287221d211a6e3a7c029e46d4d70ec667b3da7834fbf003a7f3c955be2c51ff198ed5f9546050f5c17f272291fa920222fa9da0582fc3fe002c1328d952b7816587f22c4edf712c7b2c357df3ad9a214e1b5ff490864bd499796a6da1df71b3221fecbc621e895c19bac051ed79eead9a30698c87af98b60a9751070dbdcc6c65e6ceca8341508d9ac68538bd43614baf5754e76e6ff36198d0232896c6c5bfd2f756bc12a2e09a536ca991e28e0e930310c8771a59228eda0cab0307314f48a5b2f6bc1006518d968341017822e226f3dbf0f1cc8fd508cf6d1570d7c8914901e86b8557f19f033bf0c13d58e85bf6409b0e665827e3f683189a66cabb710a3e3810103aaf4da5db86a29fadb8ac9494a4d58c600b07d620fa545ab3413af4159f5165eb982f1dcd83181af46b98386fd5307a69c404c03eca7d90a239dd6bc7b382e95792e085436dff48a938aa7ca9257b312beef0682e486b719fa49079195072c7696650a6b8348ffaf31d59e46c5976855a2948cee93e1b216eb67603fc5a96fdc642ab2fdb87acdce1ad7a10af5a5245eef02c3562e10652a2fb74f249f61d0bf8cb6ba5d751f19a00e2f75519193dead92586aa0925db0d8d6db5e2a73e31125181e866df9697074635a4ce87dc1243aa45381fb664a67521d46d0fb46ba0b1c66e15066de12c95c6039a7ffa61b6bb728bb2bed805138875c583dc0f59db664e5d9c4f06aec5f6805ee169559c42eeb8a4e9e0bb7c942bf2525668001110b82b1c988b869765e5f830697a5d5818a313f41773d0cb5af9569f2dd15d5cff73499724ab470970c300ca9d664fb7ad43b4bd9cd6920c7f7f32955a8c04cc429d4b99286c6bcc8f4049ad6af72df3c9a7c25a69f89a81894e26441c73734252cbe6aa1e0a4e1061ad1c00b898fe9afbee2c8a40ac5ceeb0862e992ee097a186a024601ca861975efaff3c1dc20da8ebad92449f041f42bf92797196197505d59f0963819f65ca76c9867c1b4f1310cbb9c2e938f3fe319ea4c513a209b556a69685fbd3d3e63b9d64b9821f1c6709520e20bacfaed7900ac25c8bc36d77511dc85d5225052b8197f517835987edd8d0f5bf70ec775bb2b1cd27cfa7871b4c5953f509327f64fd7d0d4dd5794a43f002dc48002568f99b083dad8a7a6a62c8de7094b3f753639208b2e1b2966d6d6bc3579a2c8ea7c4e16f3a7e71d4db9e60c7e7f20162775c34ac2d38df2aef31da59a2a9526f4967c027438183a280977e59b540f278367bb29c7eb9be7d8c49a4bdbc90ea6b5dd4cba003e7f96c7f4c818352810c1083195b375abfd916d80513d2b18e14c94bf1cd08fe9e8fb6361380705514e3ea5839ae3cb2b0d3560372ec8a2fc951326ade81ece47ffc8018aaa90d92fb6d18137aab0d805140235163079c9586b23035b4ed8e3f5f2d74681385154bda8b5fa7ffc92a0aa453e1dc86b53cf7ede4fd2f2b068e2463cc6600c51fea2277a7d7cc0ef3b9f703cc9e2f632e8f04992e29e8e40a729ee1bae52eb6e4a1c94a5e07924a2531ce41480a75cc198450fc4671d059771b7d77658ea6c748d211b5377c955689d8f0995fda2977e14f808cdbe21ef4f15f9e808f482a01419285bf42def6e1cda51f73ebfeffd9b0216da957664801d5acf21ee690dae949170654b495b367448ea0ce8460bb37f9c438101ee2a29098da6aef19651ba447b01d4bb7813517810e52ab0987e32adc2733af7ddb85d9c3fc62f7cc47c945c5b870dae75b807b3f2e08e537957fb2a598391c3b1974022a313c198020baf3eaa7c0f6a35a91cc13e78e7c7cf08211fe33a88f7a907ee9be5ba47c3a6d56e15b54455a6f8462f9a1d015a17e1b7a1091d8ac0baf9ad6fdad987e0aa6d553860ac415ff6c010f24826f2c2100d74d3708f2c2831a0cde2354e88d5904b681c6e9e2e1a3224c9c51f06c3200d0ec7c7e983e9282a1afd7470757ffbf41e7f675d1354489bf5b461b72feac73f9d98c1a031ddb86e5abd792e90a53aaee5661c8b721b520a1abc9db0a888ea4b554fd46ada1b233e25c5994d67f0c12a35fff1cffe1b73a72963fd63cc61349190997f5feea5a70bb01e9f53ec48fd54e891f618491672527b457377541b6207559906e0381485b4545304b1c43160251b7e10035f81a462cbf33cf3984f015305826cdc59c36d5bfef4b5fd511861e32b303028153478b7ad2c92d25710c78d23ddf436c8a1d968dda62e4e5864f112296c5231e23d41a24c315810a2deabe2df8395b22a04bc72fa2b6fdb3c1cf599669ead24c54cd4ee3c10ba74e5f8ce03be13c3603e0d0c6a05178a3e015d0fe67d1b29c69bab639596dbecb00ff5bcc5d714b2405d6cf72b2a840518e11df6759278f70bccd68398d78f5fdc3b74c9cb463227a4c081dfc92710441f687fff3335c1b4519be56eaaf78b2e36dc7196ceccdd7e16b7f6e921c908a3136da46a292430ad88883aa9d4eb2e2b69b5e387bd44d63d083f13bbf8b70b62de468609db14f43da8609d5fcf1f8ac74dabc129a620deedbc46d083828ce4fccaaa3740a7b4bfd6e7ee3e8ed57f406cd6d27bd8fa515dee02ab403c567ffac8d2a8869d9bf9c83a5fbdc6405f20d55a212ed6c87a7a1496abc5740103499c540b346476adfe8eb2402e396ef22c16fc9e4413d4c4a187be905f4e447de61aaca03f3dbc74e92c3988b483b3f4a034a1a73f5b64e1ae1e2437416c665d4306b6c637f0901a2b1f755e91bd53b74c2ccc2c0bb32e03fa65f98637e5182456c9b49e551115052352a0c5c2eac3f492ec3f5ae2988d0e0b0dbb384ab41f89987bfb93b6c865a53e243a916af082dee62acfc2fe34e407c1e5d0ef663098f482644cbc1ee0826d135161bf13812dd6a554cc0b5730d15f2ae96f07b383cb8584b8d83f4e6cfb5f96229eebc7ba87ace68a58b92bded8d131240fb59d854a4ee40ea4591fdfd0b18c577627291da2a79bf3722cee0a9de32500a86274338aa4b235971e528efbd3e89a17e63d69d6ccf6769ffc4a45c77c305b5b0c139b856de6e2145db6b5f70004e1bfd3d4d805e1aa88fd03b0f6bad052dd52f22a9dfc819ace72fa1c207d9e5e00500674930eb29eab175994d3e37f9dc0c1af634e205dd2abf7f849015c84a2a78abed30cd34445114eaa972324c328e6c2ded2cf44d90c1d1a30a7e27efa2924c446e3ae59a655852c0b89738e4cb9e07497fe522bbd52fb33b0e0f4aa7670c8e1adb5e9c97073d2308820d8abc8af3af62230e35a44e6f974248b56741710ef4afaed222eb300b2efa4a0d53bb83d143956d2a0ec40b5999db66d8607fd01eebc87f0375a356d1f785a4c978d1597b95fa54ad51669b2fec1c8b2f7e5a2e752a9090fd4029a3f898332ef8c352cb2d6566ec6b0fc63b1f3314a339afd7c3c1743494aa26104be53b8e6c98fa0586de2e46b14012e75ec735b958a4e82b4989d3d00c87afd2d66f4ffa1d0d49af7a2e4bc158a7596584ef2a65bce1b71e20e5000ffd8c2404c74df4a4c1c2dd5fe1c6137ea0d178ac96ef1b18dd843980dff526f876286c3e50dbdb4599c1cd42d084d6c15a35a0bacad0c4b540c299db95c3f4f0645421967da2f274f640f0894dc6a5f1982de1e203a3870959945edcf2b4000c90d04d7ed31264456bd08647f24cc2785befcabc72f0c46a67d168a79ec67a5a457658fd27b855c9beb519dc9d2e2ce12c8893bdc99a9cb974acef4a066f968633678abbbce7efa28f98447008c565a5c9ccb59874307b8c1afdadbcb5f51b21e294e5dd2fe0abc5d290c6c2ea04bccd0ce84e1551352acc8c6aa413cafe41a0d88c6b8ba696e9049a01821b7b5410fa144432faf52fe035230ccb88381cadae98f61429cceeefef0919597b24d596c248b6e20372e892cf0f2132ddadfdc350cb2030935425bf562749313faeb42449a155f185eb370a7c07a19ab322d5843e0a8b20c9a47c465e027efa93b7a2ddea25475affc13d2276050b093bb3c672922266612633178e307b8be1906b5fe2ed38851dde40a4b66ec393c028da3e9130b3408a3014c4b07d01a0b63446a50ff94067312d2ddbf464d9085c80e92c480840c91f9bfbeda31fc7fe697a3eb6d2ba94680bd92a532a3857f6dab67efc751477ecb8e6a3a32ac69a6db9318ef88a894cf059f136c8bc119e321097e0d5cd3bd0828ba4e749bace95053cfe8f5ff8964e29f206bb93b27433195bb191a5e5a0f7546ed5f28d620e2de65f96b59d829a19a7bc504800029228b8f01c3c98092a6c6fc62de8ad77ff680926b9bcdb437591de088f5a8adf18fb10747bc8818531d15027c7f43b32278a515014e26d97dde564f0a4b9cee1033fba9c1a78b7b1da774a4c224cb5e1e339e26beb01c74512649b12f8154e2f6cb4b50cc08691575815a4c46db91ce94f2f90d691adb100ec6553fa5501d97af0409b7b4cf73a96744e62feafd01f4feaa4c992aa478e1ee13522ab233f82f6fcb326db5b2e3ec2638ae2e7deec8f989609de3ecc034075d00442a92bd6680e9198021557f70853cfffa5ee80a98c927ac6b70faec50db7f9c46440553f83022e7b854f426d26e62bfdd9e4afeeab35420d78896476f64bae6dadede2056e1a7c0cdba3148bd1bf642fff84eb31f3c5d423ee7bdb21f9651613ba851763137a04690d1df1b7fe7c1b01fc69af25438f791a7e2cf0cfd87c9a75034b1cf6d570553455da89308f1c30d3fa8dbd93a8bdeb1c9935c0f00e7af991594dbe0bdf85f1046bbf18e9c4181033942e671dd5a557b5e6f4ba75aadbf9ad072ab0a5c499f1f1c943f86732ef0b78851d9fd248377c6f3b2e32eed425bcbba861bfecf29654f6ae054671b92140479748de3bcdb3728894b746bb112bfbe8a7c12883a2fd5b29c907180b957128118f72bdf087e610324e365bfd0701943731d31b5b9ef06b832338f8da0e15f8c2e3ff3b43e2a2ca2de5ff8df940e07a9409b20f0219e38d38e72f0861eb0bc39b269491863034b4eac50c310d165a0c5588f0bbb4ed05640733855cb0ee3536999f5f6c601ee21009a50bac51af94ca44f4032542d7b8c392762fbd95b57973eee3d93daa59e39d3b94eb9027b32a35d7904ad6bd953ae6a40db67159fa39e6685787356c83deedfb2b257cf42c39a9ef3b2388f2fceda1682a62bd3bfadcac49d5cf1eebd7ec234341de2566fe0fd46f682ad66db44b77370c", 0x1000, 0x30}]})
r5 = accept4(r4, 0x0, 0x0, 0x800)
sendmmsg$alg(r5, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000001780)={0x14, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000004000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff1d6405000000000065040400210000000404000001e37c60b7040000000000006a0a00fe000000008500000032000000b70000000000000095000000000000000ce0de7621e5e832249c04112cf7af2b75d0d1f034b1b3fb6bd3ce8fa62c7941272ff49142d860010ab162aa2264ab67e55a00000000000000edfe0969a9ddc125b686a1e83c8790c893d713b3295dad0ea697181d1e85b64126b5d72f204754d1d4a93f24215dee354e93cfc3f50ff23f8432c72012f021c84c59a9d4c142f439d3040cfee621589fb3a2f1407c7cbed48e7026f8d52d4bca2608c79aa4a73732028f88ce07ed1075da4a2ef44e3d8b88873f0b1de87dfb6d15936ec0a27cb554def9e27396df6b7851ffa26237ea6730880f06371beb3b290b7d8629a6f0373fefa0acb60888fc14ad2b83ca03ac2aee792482ced58af4140cc4ce3efef26e00c5b2200a91cb80c6065a697d6fc8aa8b65aee0783b04cff0218ce82c9687b4474da89c474c23727555fc5e5f8ad0f2f7a261140440fce1f12cc6df312accd011d888384283092d987c40bbb46f68c2431b97906f00000000349834fa147bd5923bbd4e606708034931a8f1a89bdf77093a0000427aab8e21e1a33d3fe093547532fce6549dd648ad233e05a7b3ea178007c1c32e871ac81f287c4aabbd153390b16d1d41ee433e3aee000000000009e106d6b5289f0000000000000000000000f7bc9f46cb71f6b889d37807865e3b4e9916dd0f72c9d58ea333b90f8886dcbf5ddda0e42ca08e3303632401f2f5212b40c0e88c957fd767dbfc80b07ad668b4f6f92fb209d7c2dbac597843c8eb7bf92fe6d0bb0b72549795c2ed19e441eb69869844152ba9da0588e42cdbc5fcd245ce5e3ef0dca64931276702a312db7956f0a75eb9caa17d47a6331c7c963cbf86a845ce27c26b7136d3e7207318b1df7a6320c64f18ccd926eaeddcde8d5006d6c38db117fb1115221a66169172720ccca770bff37e59511b2606138377eda44b2f288b491ab8aae0e11a98303b0e407e0f9d21f4a3ebbd3fabf6da9a1a1f869a339fab465d8322b7280b0734fd115a19b33c8644fff71b3c62f2e1b827e2663e06a751182e968c8ab05fb1d0115d4b11d944f2c06acc023a02b7416a9a10218d21503cda13bb5df6c992e52e1c01793b728eac000058ab3b3900d279297dadc127e2f38fc60c23af2e1fefa5a83456647191ba1953d320f59aa261fe79613df6bf43884e9649691e32680d75a541c27ffe74f9d13340f2cf1c7dc2b7db01213216cd4ecfd30efe137641471987289b7e23482e026b26eacd1b97443e2ea2d1d6e31a01ee0ae7fa195a2152b2338b086423a3883f2ce3e2f84e04f4d52c985eac4b46336908599564b47db0e6aa97ee51a360f4382fd99745725d44c77d097f69d19fe86f71c38a0226d44ebe0ecbd959f14b540745cd03b8c9f02b825ba45ca85706c73115f70871db9d2a1bc2a517b39f9648123917a5db07ba4e27f961373767e1ea8f7cc558e483abef1a9923c5cfa2081e430680950b7d7c377726b557ad31fdee17ba7057741f39d29d8ab295222f96297a777bb235416e72c84afef2bdb08fb375147b028b89f15af45bc8976b91158c13c9876daa71e7db0f5a17376be39ea79ce1246c547c740e31c64e5d293e0e5a544dd166010061d6ccae46c173b8e11721e4bce22c16af00000021f80ac6c3971006db853e3c40a5417d6eac09eb0e01ac6bd4c6dacdcb1d6d2ef9c8bdea91c984022821e961236d08f8b9072ec6cb5d5a68833fd5b4e80a5ac2bc6ff323f5ce612b59ce8177956c1affcc8baf4c8b59ab959aff9a7bd81f7c7c1f1bb92ddbeed6bce8041c7f0c1c584e6ae027678ce3cfbfea938aecc3c5119c5875b7fb35dc20f5c7aaae1e276104f607a73fe501c1045873a2b1eb80e95c87f099d98028dc82bdc7ef08c871fb3061c3c5ebd613e6e5e8cf099bb6e8c0441a133c85138b36a02c47fbedf7ed1d3ce74c9ec2c676c0b2d4b5eca61dbf5769b483c2a9f6bec666dae4e81960e9bad7f17cfc3d5bcc7b7f437110ca8ffa908c12086b2227eb202a8d56e0925ba994b05c98c39de44d25932449ddf08e5377814a40877eab4440ca01b3f50d2014a61a7d32105254b424238122386424efa3a7041254f686a5faac120942287f75e8e3db569ce47b120059d774a37e11d013be50cd2cbb00f6d2a23af61ec7d30bb7dc33a92f900b6ff1d29dc61cc40b846040dbafd00c6bcfbcf700"/1664], &(0x7f0000000340)='syzkaller\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @lirc_mode2=0x10, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r7, 0x702, 0xe, 0x0, &(0x7f00000010c0)="e4eb89cf14efb3f160334470b8d4", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x50)

2.283364835s ago: executing program 0 (id=1883):
r0 = socket$caif_stream(0x25, 0x1, 0x1)
r1 = syz_io_uring_setup(0x497, &(0x7f0000000180)={0x0, 0x4885, 0x100, 0x3, 0x2b4}, &(0x7f00000000c0)=<r2=>0x0, &(0x7f0000000600)=<r3=>0x0)
io_uring_register$IORING_REGISTER_PBUF_RING(r1, 0x16, &(0x7f0000000000)={&(0x7f0000001000)={[{0x0, 0x0, 0x3, 0xf4}]}, 0x1, 0x1}, 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x10, r0, 0x0, 0x0, 0x0, 0x40002202, 0x1, {0x1}})
io_uring_enter(r1, 0x3516, 0x3e000000, 0x0, 0x0, 0x0)

2.209794077s ago: executing program 1 (id=1884):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f) (async)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) (async)
r2 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r2, &(0x7f0000000040)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x2, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private2}}}, 0x32) (async)
r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000000c0), 0x101800, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000001c0)={r3, 0x0, 0xcd, 0x8a, &(0x7f0000000280)="14e74633e6c306f94ad415dfe55c11d1a5ad805a78a4da9b05b51b1cf0b769165e0fa61484433b538f6c04288b0106311ef6c38ff92a3ff1d020eea1562c80c2c787b86c51182660b8356a838df711335b042e362c79ba7dabdb3b2612cae366f238491c1464b4a5bb89eabf91658b4186960e7daf76fe97bf56d4569701c80a46f0b8a426a37a01f91c1af0a648d14697962db6a61547b451a134544677c958eac4b0f96be3545b6683325aa06bf7a0ca79a8db5720152b87c6d1829c084941ec0cbbadefd2dbbf069d4750d5", &(0x7f0000000380)=""/138, 0x1, 0x0, 0xd, 0x81, &(0x7f0000000140)="00c8c05178b2ded207b1b6d2ef", &(0x7f0000000440)="52c58082d1377af0c42cfbc995a946b0ea17a6e412acad37296479e585e4c40be8d9300f0130eb5c9627ece39dade5629e701c6ada8f723aad12506de4b384543555078ac5ccf6a793024adb722e64f8ee25020504bae4409ea5479daaea76ba1bfdb9883c5b082f658709f38398673aba89ac7ff69679fa79cfde41f25d95a52d", 0x3, 0x0, 0x443cb681}, 0x50)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
r5 = dup(r4)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r5, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @loopback, 0x3}], 0x1c) (async)
sendmsg$inet6(r4, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0xb, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x48043) (async)
r6 = dup(r5)
setsockopt$SO_BINDTODEVICE(r6, 0x1, 0x19, &(0x7f0000000000)='ip6gretap0\x00', 0x10)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r6, 0x84, 0x9, &(0x7f0000000400)={0x0, @in={{0x2, 0x4e22, @empty}}, 0x8003, 0xbffc, 0xe652, 0x2, 0x4, 0x48, 0xff}, 0x9c) (async)
setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, 0x0, 0x0) (async)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r6, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in6={{0xa, 0x4e60, 0xeffffff2, @empty, 0x5}}, 0x10001fc, 0x6, 0xffff1896, 0x3, 0x26, 0xffffffb9, 0x1a}, 0x9c)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) (async)
sendto$inet(r1, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='yeah', 0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000) (async)
recvfrom$inet(r1, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25)
r7 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r8, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xffe, 0x0, 0x40000000000180, 0x2, 0x80000000, 0xf2, 0xd, 0x7fffffffffffe, 0x7, 0x5, 0x7, 0x0, 0x5, 0x4, 0x8], 0x25000, 0x16202})
r9 = socket(0xa, 0x5, 0x0)
getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r9, 0x84, 0x10, &(0x7f0000000040)=@assoc_value={0x0, 0x2}, &(0x7f0000000100)=0x8) (async)
ioctl$KVM_RUN(r8, 0xae80, 0x0)

1.987703397s ago: executing program 0 (id=1885):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
r1 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000000)={0x9, 0xfffffffe}, 0x10)
write(r1, &(0x7f00000000c0)="240000001e005f0214fffffffffffff80700000001000000000000000800080002000000", 0x24)
r2 = accept4(r0, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000200)="ad00"/16, 0x10)
recvmmsg(r2, &(0x7f0000002440), 0x3ffffffffffff67, 0x0, 0x0)
ioctl$sock_bt_hidp_HIDPGETCONNLIST(r2, 0x800448d2, &(0x7f00000001c0)={0x3, &(0x7f0000000240)=[{@none}, {@fixed}, {@fixed}]})
r3 = userfaultfd(0x80801)
bind$tipc(r2, &(0x7f0000000080)=@id={0x1e, 0x3, 0x1, {0x4e23, 0x1}}, 0x1)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x100})
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x1})
ioctl$UFFDIO_ZEROPAGE(r3, 0xc020aa08, &(0x7f0000000000)={{&(0x7f0000ffd000/0x2000)=nil, 0x2000}, 0x1})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000100)={0x2, 0x3, 0xffffe000, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
rt_sigprocmask(0x0, &(0x7f00000000c0)={[0xffffffffffffffff]}, 0x0, 0x8)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbeef, 0x10, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x1032, r2, 0x21d67000)
r7 = socket$inet6(0xa, 0x5, 0x3)
getsockopt$inet6_mreq(r7, 0x29, 0x7, 0x0, &(0x7f0000000100))

1.922799707s ago: executing program 4 (id=1886):
syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x141341)
mount$tmpfs(0x0, 0x0, 0x0, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
shmctl$SHM_UNLOCK(0x0, 0xc)
read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000cc0)="adf802e5370fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)

1.366288591s ago: executing program 4 (id=1887):
sendmsg$NL80211_CMD_SET_QOS_MAP(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}, 0x1, 0x0, 0x0, 0xc000}, 0x20044040)
r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40186f40, &(0x7f0000000440)=0x10000)

1.235859329s ago: executing program 3 (id=1888):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = dup(r1)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
mkdir(&(0x7f00000003c0)='./file0\x00', 0x21)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000200)='./bus\x00', 0x10)
r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x103001)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r3, 0xc0a85320, &(0x7f00000005c0)={{0x80, 0xbd}, 'port1\x00', 0x72, 0x11cfa, 0x0, 0x8000008, 0x3, 0x2, 0x1000001})
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r3, 0x40505330, &(0x7f00000001c0)={0x800100, 0xffffffff, 0x2, 0x2, 0x1101, 0x3})
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f00000021c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chroot(&(0x7f0000000000)='./bus\x00')
pivot_root(&(0x7f0000000100)='./file1\x00', &(0x7f00000001c0)='./file0\x00')
writev(r0, &(0x7f0000000500)=[{&(0x7f0000000100)="2e1221b23bb601c477d3df163e75963d86dd606712e9000d118db0049d90491c3248040000db", 0x26}, {&(0x7f0000000080)="b00c7037e07686acd2c8dd812560e8ae4712639d", 0x14}], 0x2)

1.186597373s ago: executing program 4 (id=1889):
r0 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'netdevsim0\x00', <r1=>0x0})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
get_mempolicy(0x0, &(0x7f0000000100), 0x2, &(0x7f0000ffc000/0x3000)=nil, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x8081)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
sendto$inet(0xffffffffffffffff, &(0x7f0000000140)='^', 0x34000, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10)
r4 = socket$inet(0x2, 0x801, 0x4000000)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0xe8, 0x0, 0x0)
r8 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SYS_GET(r8, 0x0, 0x4008050)
bind$inet(r4, &(0x7f0000000000)={0x2, 0x4e23, @multicast2}, 0x10)
socket$packet(0x11, 0xa, 0x300)
sendto$inet(r4, 0x0, 0x1, 0x2004cfe9, &(0x7f0000000180)={0x2, 0x4e23, @loopback}, 0x10)
sendto$inet(r4, &(0x7f0000000040)="ee", 0x1, 0x20004010, 0x0, 0x0)
splice(r4, 0x0, 0xffffffffffffffff, 0x0, 0x7ffff000, 0x3)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000005a40)=ANY=[@ANYBLOB="b40000001000090400000000000000160d0ddd00", @ANYRES32=0x0, @ANYBLOB="fffffffed9526cfd8400128009000100766c616e000000007400028006000100000600000c000200367da1650e000000280003800c00010001800000002000000c000100a1000000c84200000c0001000800000008000000340004800cef010006000000ff0300000c00010004000000080000000c00010004000000020000000c000100050000000300000008000500", @ANYRES32=r1], 0xb4}}, 0x0)

284.666978ms ago: executing program 1 (id=1890):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendmmsg$inet(r1, &(0x7f00000042c0)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000800)="cc5a4dbac0affd0a979c63ea8352d608a51fc8625318716ddf62b7752be4540c4ac7d344c53a3ad28313abc2437b60b03c0e587cafcf9a435bf90c618351f70a828238fdf90bc5d36c7d614b82552649954e0185662defd28f78449f073bad544f586136c5076a6f", 0x68}], 0x1}}, {{0x0, 0x0, &(0x7f00000022c0)=[{&(0x7f0000001040)="39e6f0f5240525bf127de94fe5cfc0b0f2c98c4ac8bf0568e948e0274b0445d03a56f1bfe147fb8ac1da60b16f07dbe40e90d68b4619d12165154b679949da907d460d298e92e0d24077e89d302255e0a9626f61e6dc304713126dd04ca5e168c8f7894d2d189c22945826101c5199f90c3734146364f2195120530ab5e42614a3cb5651b1fc7b17d61955840b5c9adbeffa334d38da282e42b01ea9d6b5a7", 0x9f}, {&(0x7f0000001200)="e86b23ea031a0d0335d120405fcbc0e8261e54e194b7ac7427e456a0c74eba6fd030e30723c080ff9d1d60aa58929f37061fea9199560e8c9734c24ad5a9849b6dc72795f44e9954bf08f35b5483099d17afa38d10de84516fb241942b5dc2443a0df8de2b82fba03bd1aaf1a8b54a56340e1c17ec2c1f797cb9e8534005fad205586e8df9c5e5846de0a63ea0935349fbe97099bcd39d198870265cb0e9d30982731773077edf0340e001654b40167f7172daaaf09261d1a91c77ab96126862c5af4dedd795869895c3f9770a945fc27c4579371167a0e2981f9e678f36a1f5c630359af6d41a45159b21d214d2b46132bc35cb5dc8a2324c3b447144e3ec5aa60a0791c33111d4c18e54f0f61d99dc68d109530c58fbb766a533071d8f12d4fa93efa0867620756cb13183b963714fc8f641ff59bcb98d36d132c30e4aacf1585a2aa076bf6ab258ee85734651c05ab4c24c32f18f2a884ff3562b367cb24c4e35587a42b7da49d69756a1f5e1e8eac669e0b968e8d88d863f7ea0a364926f0fb64d8f347c39f68a", 0x189}], 0x2}}], 0x2, 0xc054)
setsockopt$inet6_int(r0, 0x29, 0x3c, &(0x7f0000000080)=0x1, 0x4)
r2 = socket(0x10, 0x3, 0x0)
sendto$inet6(r2, &(0x7f0000000180)="7800000018002507b9409b14ffff00000204be04020b06050e020909430009003f00064c0a0000000d0085a168d0bf46d32345653600648d0a000500eb16000049935ade4a460c89b6ec0cff3959547f509058ba86c902000000004a32000400160004000a0000000000e000e218d1ddf66ed538f2523250", 0x78, 0x4, 0x0, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_TDLS_MGMT(r2, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000140)={&(0x7f0000000280)={0x64, r3, 0x20, 0x70bd29, 0x25dfdbfc, {{}, {@val={0x35, 0x3, r4}, @val={0xc, 0x99, {0x8, 0x5a}}}}, [@NL80211_ATTR_TDLS_ACTION={0x5, 0x88, 0x1}, @NL80211_ATTR_TDLS_INITIATOR={0x4}, @NL80211_ATTR_TDLS_ACTION={0x5, 0x88, 0x7}, @NL80211_ATTR_TDLS_DIALOG_TOKEN={0x5, 0x89, 0x7}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0xffffff81}, @NL80211_ATTR_IE={0xc, 0x2a, [@mesh_id={0x72, 0x6}]}, @NL80211_ATTR_STATUS_CODE={0x6, 0x48, 0x2b}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x64}, 0x1, 0x0, 0x0, 0x40000}, 0x4004040)
recvfrom$inet6(r0, 0x0, 0x31, 0x100c0, 0x0, 0x4b)

44.096576ms ago: executing program 3 (id=1891):
r0 = syz_open_dev$radio(&(0x7f0000000280), 0x2, 0x2)
r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SNDCTL_DSP_GETOPTR(r1, 0x800c5012, &(0x7f00000002c0))
ioctl$VIDIOC_S_HW_FREQ_SEEK(r0, 0x40305652, &(0x7f00000002c0)={0x0, 0x1, 0x0, 0x0, 0x80, 0xfa000, 0x8})

32.508232ms ago: executing program 1 (id=1892):
r0 = socket(0xa, 0x3, 0x3a)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=@newtfilter={0x2c, 0x2c, 0xf35, 0x70bd23, 0x2, {0x0, 0x0, 0x0, r3, {0x0, 0x2400}, {}, {0x8, 0x4}}, [@TCA_CHAIN={0x8, 0xb, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x440}, 0x0)
setsockopt$MRT6_INIT(r0, 0x29, 0xc8, &(0x7f0000000340), 0x4)
setsockopt$MRT6_FLUSH(r0, 0x29, 0xd1, &(0x7f0000000080)=0x2, 0x4)

0s ago: executing program 4 (id=1893):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xffffeffffffffffe)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f00000003c0)={0x0, <r0=>0x0})
prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x1, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
getsockname$netlink(r2, &(0x7f0000000100), &(0x7f0000000200)=0xc)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001ec0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000001f00)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_DEL_PMKSA(r1, &(0x7f0000002180)={0x0, 0x0, &(0x7f0000002140)={&(0x7f00000020c0)={0x1c, r3, 0x1, 0x70bd29, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r4}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4044000}, 0x8080)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000300))
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'netdevsim0\x00'})
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=ANY=[@ANYBLOB="1400000042000501"], 0x14}}, 0x44014)
recvmmsg(r6, &(0x7f0000000e00)=[{{&(0x7f0000000440)=@pppoe={0x18, 0x0, {0x0, @multicast}}, 0x80, 0x0}, 0x800}, {{&(0x7f0000000900)=@pptp={0x18, 0x2, {0x0, @empty}}, 0x80, &(0x7f0000000a80)=[{&(0x7f0000000980)=""/255, 0xff}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f00000005c0)=""/18, 0x12}], 0x3, &(0x7f0000000ac0)=""/34, 0x22}, 0x81}, {{0x0, 0x0, &(0x7f0000000dc0)=[{&(0x7f0000000cc0)=""/32, 0x20}, {&(0x7f00000010c0)=""/133, 0x85}], 0x2}, 0x3}], 0x3, 0x2, 0x0)
sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)={0x34, 0x0, 0x20, 0x70bd29, 0xfffffffc, {}, [@ETHTOOL_A_COALESCE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @ETHTOOL_A_COALESCE_USE_CQE_MODE_RX={0x5, 0x19, 0x1}]}, 0x34}}, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000440), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_CHANNELS_SET(r7, 0x0, 0x44800)
socket$nl_route(0x10, 0x3, 0x0)

0s ago: executing program 1 (id=1894):
msgctl$IPC_SET(0x0, 0x1, 0x0)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000006c0)={0x1, &(0x7f0000000500)=[{0x6, 0x43, 0x0, 0x7fff0000}]})
r1 = socket$pptp(0x18, 0x1, 0x2)
bind$pptp(r1, &(0x7f0000000000)={0x18, 0x2, {0x0, @local}}, 0x1e)
connect$pptp(r1, &(0x7f0000000080)={0x18, 0x2, {0x0, @rand_addr=0x64010102}}, 0x1e)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000000)=<r2=>0x0)
ioctl$sock_SIOCDELRT(r1, 0x890c, &(0x7f00000000c0)={0x0, @in={0x2, 0x4e22, @multicast1}, @isdn={0x22, 0x40, 0x40, 0xe7, 0xff}, @nfc={0x27, r2, 0x0, 0x4}, 0x6, 0x0, 0x0, 0x0, 0x200, &(0x7f0000000040)='ip_vti0\x00', 0x40, 0x7, 0x1})
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r3, &(0x7f0000000380)={0x2, 0x4e22, @empty}, 0x10)
listen(r3, 0x0)
mount$9p_tcp(&(0x7f0000000640), &(0x7f0000000680)='.\x00', &(0x7f00000006c0), 0x8010, &(0x7f0000000080)={'trans=tcp,', {'port', 0x3d, 0x4e22}})
r4 = socket$phonet_pipe(0x23, 0x5, 0x2)
ioctl$AUTOFS_IOC_EXPIRE(r4, 0x810c9365, &(0x7f0000000140)={{0x9, 0x5}, 0x100, './file0\x00'})
close_range(r0, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x3)

kernel console output (not intermixed with test programs):

 usb 4-1: can't set first interface for hiFace device.
[  538.427583][ T5807] snd-usb-hiface 4-1:1.1: probe with driver snd-usb-hiface failed with error -5
[  538.445077][ T5807] usb 4-1: can't set first interface for hiFace device.
[  538.452703][ T5807] snd-usb-hiface 4-1:1.2: probe with driver snd-usb-hiface failed with error -5
[  538.467988][ T5807] usb 4-1: USB disconnect, device number 32
[  538.491827][ T5798] udevd[5798]: setting mode of /dev/snd/controlC3 to 020660 failed: No such file or directory
[  538.529232][ T5798] udevd[5798]: setting owner of /dev/snd/controlC3 to uid=0, gid=29 failed: No such file or directory
[  538.854171][   T30] audit: type=1400 audit(1774655368.565:938): avc:  denied  { append } for  pid=11396 comm="syz.0.1419" name="hwrng" dev="devtmpfs" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1
[  539.474171][ T5807] usb 5-1: new high-speed USB device number 41 using dummy_hcd
[  539.709645][T11416] fuse: Bad value for 'fd'
[  539.734965][ T5807] usb 5-1: Using ep0 maxpacket: 32
[  539.847222][   T30] audit: type=1400 audit(1774655369.545:939): avc:  denied  { create } for  pid=11403 comm="syz.3.1423" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  539.904429][ T5807] usb 5-1: config 0 has an invalid interface number: 196 but max is 0
[  539.954580][ T5807] usb 5-1: config 0 has no interface number 0
[  540.001985][ T5807] usb 5-1: config 0 interface 196 altsetting 1 bulk endpoint 0x2 has invalid maxpacket 528
[  540.090603][ T5807] usb 5-1: config 0 interface 196 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  540.100899][ T5807] usb 5-1: config 0 interface 196 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  540.111649][ T5807] usb 5-1: config 0 interface 196 has no altsetting 0
[  540.139282][ T5807] usb 5-1: New USB device found, idVendor=05ac, idProduct=7700, bcdDevice=eb.3a
[  540.178461][ T5807] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  540.221894][ T5807] usb 5-1: Product: syz
[  540.230278][ T5807] usb 5-1: Manufacturer: syz
[  540.239872][ T5807] usb 5-1: SerialNumber: syz
[  540.259782][ T5807] usb 5-1: config 0 descriptor??
[  540.274514][T11402] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  541.025048][ T5807] ipheth 5-1:0.196: ipheth_get_macaddr: usb_control_msg: -71
[  541.039387][   T30] audit: type=1400 audit(1774655370.755:940): avc:  denied  { ioctl } for  pid=11400 comm="syz.4.1421" path="socket:[35367]" dev="sockfs" ino=35367 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  541.040598][ T5807] ipheth 5-1:0.196: probe with driver ipheth failed with error -71
[  541.161730][ T5807] usb 5-1: USB disconnect, device number 41
[  541.844241][ T5885] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[  542.190313][   T30] audit: type=1400 audit(1774655371.825:941): avc:  denied  { create } for  pid=11405 comm="syz.2.1422" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  542.418231][ T5885] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  542.640578][ T5885] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  542.653951][ T5885] usb 4-1: New USB device found, idVendor=0c45, idProduct=6005, bcdDevice=b5.55
[  542.663164][ T5885] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  542.671199][ T5885] usb 4-1: Product: syz
[  542.675390][ T5885] usb 4-1: Manufacturer: syz
[  542.679954][ T5885] usb 4-1: SerialNumber: syz
[  542.696009][ T5885] usb 4-1: config 0 descriptor??
[  544.152302][T11459] fuse: Bad value for 'fd'
[  546.019836][ T5927] usb 4-1: USB disconnect, device number 33
[  546.370563][T11483] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1441'.
[  546.388382][T11483] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1441'.
[  546.397502][T11483] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1441'.
[  549.105402][    T9] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  550.995582][   T30] audit: type=1400 audit(1774655380.715:942): avc:  denied  { write } for  pid=11491 comm="syz.2.1443" name="binder0" dev="binder" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  551.149204][   T30] audit: type=1400 audit(1774655380.735:943): avc:  denied  { bind } for  pid=11491 comm="syz.2.1443" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  551.410131][   T30] audit: type=1400 audit(1774655380.745:944): avc:  denied  { listen } for  pid=11491 comm="syz.2.1443" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  551.987242][T11499] xt_connbytes: Forcing CT accounting to be enabled
[  551.993881][T11499] set match dimension is over the limit!
[  552.224317][   T30] audit: type=1400 audit(1774655380.795:945): avc:  denied  { create } for  pid=11491 comm="syz.2.1443" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  552.245338][   T30] audit: type=1400 audit(1774655380.845:946): avc:  denied  { accept } for  pid=11491 comm="syz.2.1443" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  552.265349][   T30] audit: type=1400 audit(1774655380.845:947): avc:  denied  { write } for  pid=11491 comm="syz.2.1443" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  552.288394][   T30] audit: type=1400 audit(1774655380.845:948): avc:  denied  { read } for  pid=11491 comm="syz.2.1443" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  552.315861][   T30] audit: type=1400 audit(1774655380.845:949): avc:  denied  { create } for  pid=11491 comm="syz.2.1443" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  552.335407][   T30] audit: type=1400 audit(1774655380.855:950): avc:  denied  { ioctl } for  pid=11491 comm="syz.2.1443" path="socket:[35535]" dev="sockfs" ino=35535 ioctlcmd=0x89ea scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  552.367572][T11506] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1447'.
[  552.863438][   T30] audit: type=1400 audit(1774655382.575:951): avc:  denied  { unlink } for  pid=5810 comm="syz-executor" name="file0" dev="tmpfs" ino=1522 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  553.160486][T11518] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1451'.
[  553.179067][T11519] xt_hashlimit: size too large, truncated to 1048576
[  553.934899][T11519] xt_hashlimit: invalid rate
[  554.724129][ T5949] usb 3-1: new high-speed USB device number 43 using dummy_hcd
[  554.757785][T11534] input: syz0 as /devices/virtual/input/input49
[  554.780209][T11534] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=512 sclass=netlink_route_socket pid=11534 comm=syz.1.1454
[  555.454213][ T5949] usb 3-1: device descriptor read/64, error -71
[  555.495233][T11544] netlink: 'syz.4.1455': attribute type 21 has an invalid length.
[  555.521891][T11544] netlink: 128 bytes leftover after parsing attributes in process `syz.4.1455'.
[  555.786836][T11544] netlink: 3 bytes leftover after parsing attributes in process `syz.4.1455'.
[  555.838038][T11545] cgroup2: Unknown parameter 'fO±Û¸üjÂavordynmods'
[  555.987539][ T5949] usb 3-1: new high-speed USB device number 44 using dummy_hcd
[  556.013195][   T30] kauditd_printk_skb: 6 callbacks suppressed
[  556.013212][   T30] audit: type=1400 audit(1774655385.725:958): avc:  denied  { relabelfrom } for  pid=11546 comm="syz.1.1458" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  556.095706][   T30] audit: type=1400 audit(1774655385.785:959): avc:  denied  { relabelto } for  pid=11546 comm="syz.1.1458" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  556.126454][ T5949] usb 3-1: device descriptor read/64, error -71
[  556.234385][ T5949] usb usb3-port1: attempt power cycle
[  556.372585][   T30] audit: type=1400 audit(2000000000.000:960): avc:  denied  { listen } for  pid=11560 comm="syz.2.1460" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  556.413592][T11562] block nbd0: NBD_DISCONNECT
[  556.418699][T11562] block nbd0: Send disconnect failed -32
[  556.425144][T11562] block nbd0: shutting down sockets
[  556.433115][    C1] blk_print_req_error: 10 callbacks suppressed
[  556.433135][    C1] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  556.448921][    C1] buffer_io_error: 10 callbacks suppressed
[  556.448938][    C1] Buffer I/O error on dev nbd0, logical block 0, async page read
[  556.462719][    C1] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  556.472252][    C1] Buffer I/O error on dev nbd0, logical block 1, async page read
[  556.480029][    C1] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  556.489524][    C1] Buffer I/O error on dev nbd0, logical block 2, async page read
[  556.497296][    C1] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  556.506776][    C1] Buffer I/O error on dev nbd0, logical block 3, async page read
[  556.515414][   T30] audit: type=1400 audit(2000000000.150:961): avc:  denied  { write } for  pid=11558 comm="syz.0.1453" name="ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  556.539972][   T30] audit: type=1400 audit(2000000000.150:962): avc:  denied  { open } for  pid=11558 comm="syz.0.1453" path="/dev/ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  556.541861][ T5796] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  556.563416][   T30] audit: type=1400 audit(2000000000.170:963): avc:  denied  { ioctl } for  pid=11558 comm="syz.0.1453" path="/dev/ppp" dev="devtmpfs" ino=709 ioctlcmd=0x7438 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  556.609820][ T5796] Buffer I/O error on dev nbd0, logical block 0, async page read
[  556.619693][ T5796] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  556.631005][ T5796] Buffer I/O error on dev nbd0, logical block 1, async page read
[  556.638935][ T5796] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  556.649844][ T5796] Buffer I/O error on dev nbd0, logical block 2, async page read
[  556.658198][ T5796] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  556.667867][ T5796] Buffer I/O error on dev nbd0, logical block 3, async page read
[  556.675756][ T5885] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[  556.684464][ T5796] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  556.694833][ T5796] Buffer I/O error on dev nbd0, logical block 0, async page read
[  556.702785][ T5796] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  556.714561][ T5796] Buffer I/O error on dev nbd0, logical block 1, async page read
[  556.722967][ T5796] ldm_validate_partition_table(): Disk read failed.
[  556.730536][ T5796] Dev nbd0: unable to read RDB block 0
[  556.736784][ T5796]  nbd0: unable to read partition table
[  556.747986][ T5796] ldm_validate_partition_table(): Disk read failed.
[  556.755698][ T5796] Dev nbd0: unable to read RDB block 0
[  556.761748][ T5796]  nbd0: unable to read partition table
[  556.834149][ T5885] usb 4-1: Using ep0 maxpacket: 8
[  556.853930][ T5885] usb 4-1: unable to get BOS descriptor or descriptor too short
[  556.876963][ T5885] usb 4-1: New USB device found, idVendor=04b4, idProduct=930b, bcdDevice= 0.40
[  556.881047][   T30] audit: type=1400 audit(2000000000.510:964): avc:  denied  { kexec_image_load } for  pid=11568 comm="syz.2.1462" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1
[  556.907136][ T5885] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  556.915649][ T5885] usb 4-1: Product: syz
[  556.924286][ T5885] usb 4-1: Manufacturer: syz
[  556.934318][ T5885] usb 4-1: SerialNumber: syz
[  556.946233][   T30] audit: type=1400 audit(2000000000.550:965): avc:  denied  { ioctl } for  pid=11568 comm="syz.2.1462" path="socket:[35712]" dev="sockfs" ino=35712 ioctlcmd=0x42c8 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  557.596180][ T5885] usb 4-1: can't set first interface for hiFace device.
[  557.620953][ T5885] snd-usb-hiface 4-1:1.1: probe with driver snd-usb-hiface failed with error -5
[  557.709079][ T5885] usb 4-1: can't set first interface for hiFace device.
[  557.730921][ T5885] snd-usb-hiface 4-1:1.2: probe with driver snd-usb-hiface failed with error -5
[  558.884110][   T30] audit: type=1400 audit(2000000002.450:966): avc:  denied  { firmware_load } for  pid=11587 comm="syz.4.1467" path="/lib/firmware/regulatory.db" dev="sda1" ino=448 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:lib_t tclass=system permissive=1
[  558.926814][ T5885] usb 4-1: USB disconnect, device number 35
[  559.590799][   T30] audit: type=1400 audit(2000000003.220:967): avc:  denied  { mount } for  pid=11598 comm="syz.3.1471" name="/" dev="hugetlbfs" ino=35759 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1
[  559.590890][ T5807] usb 3-1: new high-speed USB device number 46 using dummy_hcd
[  559.881057][T11605] random: crng reseeded on system resumption
[  559.904552][ T5807] usb 3-1: Using ep0 maxpacket: 8
[  559.917987][ T5807] usb 3-1: New USB device found, idVendor=0fe9, idProduct=db01, bcdDevice=e9.9b
[  559.937590][ T5807] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  559.966454][ T5807] usb 3-1: Product: syz
[  559.977648][T11607] FAT-fs (nbd3): unable to read boot sector
[  560.001317][ T5807] usb 3-1: Manufacturer: syz
[  560.052520][ T5807] usb 3-1: SerialNumber: syz
[  560.196889][ T5807] usb 3-1: config 0 descriptor??
[  560.207934][ T5807] dvb-usb: found a 'DViCO FusionHDTV DVB-T USB (LGZ201)' in warm state.
[  560.249930][ T5807] dvb-usb: bulk message failed: -22 (2/0)
[  560.284944][ T5807] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  560.334448][ T5807] dvbdev: DVB: registering new adapter (DViCO FusionHDTV DVB-T USB (LGZ201))
[  560.343381][ T5807] usb 3-1: media controller created
[  560.381476][ T5807] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  560.479520][ T5807] dvb-usb: bulk message failed: -22 (1/0)
[  560.636734][T11624] block nbd1: NBD_DISCONNECT
[  560.642684][T11624] block nbd1: Send disconnect failed -32
[  560.648491][T11624] block nbd1: Send disconnect failed -32
[  560.654325][T11624] block nbd1: shutting down sockets
[  561.102222][    C1] sd 0:0:1:0: [sda] tag#2401 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[  561.112665][    C1] sd 0:0:1:0: [sda] tag#2401 CDB: Read(6) 08 00 00 00 00 00
[  561.120505][    C1] sd 0:0:1:0: [sda] tag#2402 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[  561.130920][    C1] sd 0:0:1:0: [sda] tag#2402 CDB: Read(6) 08 00 00 00 00 00
[  561.138645][    C1] sd 0:0:1:0: [sda] tag#2403 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[  561.149027][    C1] sd 0:0:1:0: [sda] tag#2403 CDB: Read(6) 08 00 00 00 00 00
[  561.156633][    T9] usb 1-1: new full-speed USB device number 30 using dummy_hcd
[  561.156648][    C1] sd 0:0:1:0: [sda] tag#2404 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[  561.156694][    C1] sd 0:0:1:0: [sda] tag#2404 CDB: Read(6) 08 00 00 00 00 00
[  561.164302][   T30] kauditd_printk_skb: 4 callbacks suppressed
[  561.164315][   T30] audit: type=1400 audit(2000000004.730:972): avc:  denied  { ioctl } for  pid=11622 comm="syz.3.1478" path="/dev/sg0" dev="devtmpfs" ino=792 ioctlcmd=0x2285 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  561.251808][ T5807] DVB: Unable to find symbol mt352_attach()
[  561.267077][ T5807] dvb-usb: no frontend was attached by 'DViCO FusionHDTV DVB-T USB (LGZ201)'
[  561.365847][    T9] usb 1-1: config 8 has an invalid interface number: 33 but max is 0
[  561.374202][    T9] usb 1-1: config 8 has no interface number 0
[  561.380269][    T9] usb 1-1: config 8 interface 33 has no altsetting 0
[  561.404215][T11630] ªªªªªª: renamed from vlan0 (while UP)
[  561.422711][    T9] usb 1-1: New USB device found, idVendor=10b8, idProduct=1e6e, bcdDevice=9f.db
[  561.434080][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  561.458945][   T30] audit: type=1400 audit(2000000005.090:973): avc:  denied  { read } for  pid=11629 comm="syz.1.1479" name="ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  561.482150][    T9] usb 1-1: Product: syz
[  561.486628][    T9] usb 1-1: Manufacturer: syz
[  561.491233][    T9] usb 1-1: SerialNumber: syz
[  561.508031][T11630] xt_hashlimit: size too large, truncated to 1048576
[  561.514825][ T5807] rc_core: IR keymap rc-dvico-portable not found
[  561.518194][T11634] FAULT_INJECTION: forcing a failure.
[  561.518194][T11634] name failslab, interval 1, probability 0, space 0, times 0
[  561.521161][ T5807] Registered IR keymap rc-empty
[  561.563307][   T30] audit: type=1400 audit(2000000005.130:974): avc:  denied  { read write } for  pid=11629 comm="syz.1.1479" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  561.573581][T11634] CPU: 1 UID: 0 PID: 11634 Comm: syz.3.1480 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  561.573616][T11634] Tainted: [L]=SOFTLOCKUP
[  561.573623][T11634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  561.573636][T11634] Call Trace:
[  561.573643][T11634]  <TASK>
[  561.573651][T11634]  dump_stack_lvl+0x100/0x190
[  561.573691][T11634]  should_fail_ex.cold+0x5/0xa
[  561.573720][T11634]  should_failslab+0xc2/0x120
[  561.573743][T11634]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  561.573774][T11634]  ? do_getname_kernel+0x5d/0x250
[  561.573808][T11634]  do_getname_kernel+0x5d/0x250
[  561.573836][T11634]  kern_path+0x1f/0x50
[  561.573856][T11634]  tomoyo_mount_acl+0x2f4/0x8b0
[  561.573884][T11634]  ? is_bpf_text_address+0x8a/0x1a0
[  561.573917][T11634]  ? bpf_ksym_find+0x128/0x1c0
[  561.573942][T11634]  ? __pfx_tomoyo_mount_acl+0x10/0x10
[  561.573970][T11634]  ? kernel_text_address+0x8d/0x100
[  561.573996][T11634]  ? unwind_get_return_address+0x59/0xa0
[  561.574055][T11634]  ? tomoyo_domain+0xb2/0x150
[  561.574075][T11634]  ? tomoyo_profile+0x47/0x60
[  561.574098][T11634]  tomoyo_mount_permission+0x214/0x460
[  561.574137][T11634]  ? tomoyo_mount_permission+0x1f6/0x460
[  561.574169][T11634]  ? __pfx_tomoyo_mount_permission+0x10/0x10
[  561.574216][T11634]  security_sb_mount+0xdd/0x270
[  561.574246][T11634]  path_mount+0x158/0x23d0
[  561.574278][T11634]  ? __pfx_path_mount+0x10/0x10
[  561.574304][T11634]  ? lockdep_hardirqs_on+0x78/0x100
[  561.574338][T11634]  ? putname+0xb1/0x110
[  561.574360][T11634]  ? kmem_cache_free+0x124/0x6a0
[  561.574399][T11634]  ? __x64_sys_mount+0x293/0x310
[  561.574424][T11634]  __x64_sys_mount+0x293/0x310
[  561.574452][T11634]  ? __pfx___x64_sys_mount+0x10/0x10
[  561.574489][T11634]  do_syscall_64+0x106/0xf80
[  561.574518][T11634]  ? clear_bhb_loop+0x40/0x90
[  561.574545][T11634]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  561.574567][T11634] RIP: 0033:0x7f57a379c799
[  561.574584][T11634] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  561.574604][T11634] RSP: 002b:00007f57a45e6028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  561.574625][T11634] RAX: ffffffffffffffda RBX: 00007f57a3a15fa0 RCX: 00007f57a379c799
[  561.574639][T11634] RDX: 0000200000002280 RSI: 0000200000000100 RDI: 0000200000000040
[  561.574653][T11634] RBP: 00007f57a45e6090 R08: 0000000000000000 R09: 0000000000000000
[  561.574665][T11634] R10: 0000000000008000 R11: 0000000000000246 R12: 0000000000000002
[  561.574678][T11634] R13: 00007f57a3a16038 R14: 00007f57a3a15fa0 R15: 00007ffc9d7838c8
[  561.574708][T11634]  </TASK>
[  561.848630][ T5807] rc rc0: DViCO FusionHDTV DVB-T USB (LGZ201) as /devices/platform/dummy_hcd.2/usb3/3-1/rc/rc0
[  561.860216][ T5807] input: DViCO FusionHDTV DVB-T USB (LGZ201) as /devices/platform/dummy_hcd.2/usb3/3-1/rc/rc0/input50
[  561.873821][   T30] audit: type=1400 audit(2000000005.130:975): avc:  denied  { open } for  pid=11629 comm="syz.1.1479" path="/dev/fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  561.924682][ T5807] dvb-usb: schedule remote query interval to 100 msecs.
[  561.931689][ T5807] dvb-usb: DViCO FusionHDTV DVB-T USB (LGZ201) successfully initialized and connected.
[  561.958987][T11640] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[  561.958987][T11640] The task syz.0.1477 (11640) triggered the difference, watch for misbehavior.
[  562.036640][ T5927] dvb-usb: bulk message failed: -22 (1/0)
[  562.050799][ T5807] usb 3-1: USB disconnect, device number 46
[  562.178348][   T30] audit: type=1400 audit(2000000005.130:976): avc:  denied  { ioctl } for  pid=11629 comm="syz.1.1479" path="/dev/fb0" dev="devtmpfs" ino=629 ioctlcmd=0x4601 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  562.616831][    T9] dvb-usb: found a 'DiBcom TFE7790P reference design' in cold state, will try to load a firmware
[  562.644163][   T30] audit: type=1400 audit(2000000005.130:977): avc:  denied  { name_bind } for  pid=11629 comm="syz.1.1479" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  562.678445][ T5807] dvb-usb: DViCO FusionHDTV DVB-T USB (LGZ201) successfully deinitialized and disconnected.
[  562.691095][    T9] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  562.732135][    T9] dib0700: firmware download failed at 7 with -22
[  562.748105][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[  562.774164][   T10] usb 5-1: new low-speed USB device number 42 using dummy_hcd
[  562.786569][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[  562.795121][   T30] audit: type=1400 audit(2000000005.860:978): avc:  denied  { create } for  pid=11643 comm="syz.4.1483" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  562.955066][    T9] usb 4-1: new high-speed USB device number 36 using dummy_hcd
[  563.501473][   T30] audit: type=1400 audit(2000000005.870:979): avc:  denied  { setopt } for  pid=11643 comm="syz.4.1483" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  563.523731][   T10] usb 5-1: unable to get BOS descriptor or descriptor too short
[  563.588814][   T10] usb 5-1: config 8 has an invalid interface number: 241 but max is 0
[  563.606931][   T10] usb 5-1: config 8 has no interface number 0
[  563.620525][   T10] usb 5-1: config 8 interface 241 has no altsetting 0
[  563.642733][   T10] usb 5-1: string descriptor 0 read error: -22
[  563.653436][   T10] usb 5-1: New USB device found, idVendor=29fe, idProduct=4d53, bcdDevice=b5.07
[  563.674103][    T9] usb 4-1: Using ep0 maxpacket: 8
[  563.688689][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  563.705483][    T9] usb 4-1: unable to get BOS descriptor or descriptor too short
[  563.731934][    T9] usb 4-1: New USB device found, idVendor=04b4, idProduct=930b, bcdDevice= 0.40
[  563.753567][   T10] uvcvideo 5-1:8.241: Found UVC 0.00 device <unnamed> (29fe:4d53)
[  563.769841][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  563.786894][ T5807] usb 1-1: USB disconnect, device number 30
[  563.797168][   T10] uvcvideo 5-1:8.241: No valid video chain found.
[  563.812120][    T9] usb 4-1: Product: syz
[  563.828246][    T9] usb 4-1: Manufacturer: syz
[  563.849585][    T9] usb 4-1: SerialNumber: syz
[  564.000615][T11655] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=35183 sclass=netlink_xfrm_socket pid=11655 comm=syz.2.1482
[  564.609896][ T1207] usb 5-1: USB disconnect, device number 42
[  564.643061][    T9] usb 4-1: can't set first interface for hiFace device.
[  564.651155][    T9] snd-usb-hiface 4-1:1.1: probe with driver snd-usb-hiface failed with error -5
[  564.665667][    T9] usb 4-1: can't set first interface for hiFace device.
[  564.672875][    T9] snd-usb-hiface 4-1:1.2: probe with driver snd-usb-hiface failed with error -5
[  564.689572][    T9] usb 4-1: USB disconnect, device number 36
[  564.727259][ T5798] udevd[5798]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  564.903940][   T30] audit: type=1400 audit(2000000008.530:980): avc:  denied  { bind } for  pid=11657 comm="syz.2.1486" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  566.011715][T11666] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1490'.
[  566.022719][T11666] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1490'.
[  566.031642][T11666] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1490'.
[  566.060509][   T30] audit: type=1400 audit(2000000009.690:981): avc:  denied  { map } for  pid=11667 comm="syz.1.1491" path="/dev/binderfs/binder0" dev="binder" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  566.085926][T11668] FAULT_INJECTION: forcing a failure.
[  566.085926][T11668] name failslab, interval 1, probability 0, space 0, times 0
[  566.098667][T11668] CPU: 1 UID: 0 PID: 11668 Comm: syz.1.1491 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  566.098700][T11668] Tainted: [L]=SOFTLOCKUP
[  566.098707][T11668] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  566.098718][T11668] Call Trace:
[  566.098725][T11668]  <TASK>
[  566.098732][T11668]  dump_stack_lvl+0x100/0x190
[  566.098768][T11668]  should_fail_ex.cold+0x5/0xa
[  566.098794][T11668]  ? tomoyo_encode2+0xfb/0x3c0
[  566.098820][T11668]  should_failslab+0xc2/0x120
[  566.098846][T11668]  __kmalloc_noprof+0xe0/0x850
[  566.098875][T11668]  ? d_absolute_path+0x136/0x1b0
[  566.098908][T11668]  tomoyo_encode2+0xfb/0x3c0
[  566.098940][T11668]  tomoyo_encode+0x29/0x50
[  566.098968][T11668]  tomoyo_realpath_from_path+0x18c/0x690
[  566.099006][T11668]  tomoyo_path_number_perm+0x23c/0x580
[  566.099031][T11668]  ? tomoyo_path_number_perm+0x22e/0x580
[  566.099058][T11668]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  566.099116][T11668]  ? find_held_lock+0x2b/0x80
[  566.099143][T11668]  ? __fget_files+0x215/0x3d0
[  566.099169][T11668]  ? hook_file_ioctl_common+0x146/0x410
[  566.099197][T11668]  ? __fget_files+0x21f/0x3d0
[  566.099225][T11668]  security_file_ioctl+0xd3/0x230
[  566.099258][T11668]  __x64_sys_ioctl+0xb7/0x210
[  566.099293][T11668]  do_syscall_64+0x106/0xf80
[  566.099323][T11668]  ? clear_bhb_loop+0x40/0x90
[  566.099351][T11668]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  566.099373][T11668] RIP: 0033:0x7f189b99c799
[  566.099392][T11668] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  566.099412][T11668] RSP: 002b:00007f189c77a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  566.099434][T11668] RAX: ffffffffffffffda RBX: 00007f189bc15fa0 RCX: 00007f189b99c799
[  566.099448][T11668] RDX: 0000200000000180 RSI: 00000000c0306201 RDI: 0000000000000005
[  566.099462][T11668] RBP: 00007f189c77a090 R08: 0000000000000000 R09: 0000000000000000
[  566.099475][T11668] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  566.099488][T11668] R13: 00007f189bc16038 R14: 00007f189bc15fa0 R15: 00007ffe7721efa8
[  566.099520][T11668]  </TASK>
[  566.099541][T11668] ERROR: Out of memory at tomoyo_realpath_from_path.
[  566.238622][   T30] audit: type=1400 audit(2000000009.870:982): avc:  denied  { watch } for  pid=11669 comm="syz.4.1492" path="/293" dev="tmpfs" ino=1571 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  566.342534][T11668] binder: 11667:11668 ioctl c0306201 200000000180 returned -14
[  566.639305][   T30] audit: type=1400 audit(2000000010.060:983): avc:  denied  { remount } for  pid=11669 comm="syz.4.1492" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  567.603446][T11686] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1497'.
[  567.925892][    T9] usb 1-1: new high-speed USB device number 31 using dummy_hcd
[  568.085740][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  568.098350][    T9] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  568.160991][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  568.199182][    T9] usb 1-1: config 0 descriptor??
[  568.355304][T11691] input: syz0 as /devices/virtual/input/input51
[  568.373442][T11691] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=512 sclass=netlink_route_socket pid=11691 comm=syz.2.1489
[  572.023606][T11713] netlink: 'syz.4.1502': attribute type 4 has an invalid length.
[  573.034617][    T9] usbhid 1-1:0.0: can't add hid device: -71
[  573.050850][    T9] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  573.088001][    T9] usb 1-1: USB disconnect, device number 31
[  573.981003][ T5885] usb 3-1: new high-speed USB device number 47 using dummy_hcd
[  574.386413][ T5885] usb 3-1: Using ep0 maxpacket: 8
[  574.399712][ T5885] usb 3-1: unable to get BOS descriptor or descriptor too short
[  574.414107][ T5885] usb 3-1: New USB device found, idVendor=04b4, idProduct=930b, bcdDevice= 0.40
[  574.484740][T11726] netlink: 212348 bytes leftover after parsing attributes in process `syz.4.1505'.
[  574.502808][T11726] dlm: non-version read from control device 0
[  574.870577][ T5885] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  574.878894][ T5885] usb 3-1: Product: syz
[  574.883131][ T5885] usb 3-1: Manufacturer: syz
[  574.909722][ T5885] usb 3-1: SerialNumber: syz
[  574.934419][ T5885] usb 3-1: can't set config #1, error -71
[  574.987061][ T5885] usb 3-1: USB disconnect, device number 47
[  576.272143][T11744] syz_tun: left allmulticast mode
[  578.361127][   T30] audit: type=1400 audit(2000000021.960:984): avc:  denied  { write } for  pid=11733 comm="syz.2.1506" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  578.649282][   T30] audit: type=1400 audit(2000000022.270:985): avc:  denied  { write } for  pid=11760 comm="syz.0.1514" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  578.731703][   T30] audit: type=1400 audit(2000000022.270:986): avc:  denied  { read } for  pid=11760 comm="syz.0.1514" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  579.894132][    T9] usb 1-1: new high-speed USB device number 32 using dummy_hcd
[  580.560474][    T9] usb 1-1: Using ep0 maxpacket: 8
[  580.626018][    T9] usb 1-1: unable to get BOS descriptor or descriptor too short
[  580.663151][    T9] usb 1-1: New USB device found, idVendor=04b4, idProduct=930b, bcdDevice= 0.40
[  580.709312][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  580.746809][    T9] usb 1-1: Product: syz
[  580.750977][    T9] usb 1-1: Manufacturer: syz
[  580.774764][    T9] usb 1-1: SerialNumber: syz
[  581.011641][T11778] batadv_slave_1: entered promiscuous mode
[  581.082953][T11777] batadv_slave_1: left promiscuous mode
[  581.125060][    T9] usb 1-1: can't set first interface for hiFace device.
[  581.154133][    T9] snd-usb-hiface 1-1:1.1: probe with driver snd-usb-hiface failed with error -5
[  581.193022][    T9] usb 1-1: can't set first interface for hiFace device.
[  581.224619][    T9] snd-usb-hiface 1-1:1.2: probe with driver snd-usb-hiface failed with error -5
[  581.261463][    T9] usb 1-1: USB disconnect, device number 32
[  581.916842][T11776] udevd[11776]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  582.074414][   T30] audit: type=1400 audit(2000000025.700:987): avc:  denied  { bind } for  pid=11791 comm="syz.3.1522" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  582.168331][T11798] netlink: 212348 bytes leftover after parsing attributes in process `syz.0.1523'.
[  582.183490][T11798] dlm: non-version read from control device 0
[  582.627139][T11797] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1522'.
[  582.698049][T11793] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1522'.
[  582.717088][T11804] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1518'.
[  582.727797][T11804] IPVS: dh: FWM 3 0x00000003 - no destination available
[  582.964106][T10164] usb 5-1: new high-speed USB device number 43 using dummy_hcd
[  583.043504][T11815] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=512 sclass=netlink_route_socket pid=11815 comm=syz.0.1527
[  583.184965][T10164] usb 5-1: Using ep0 maxpacket: 32
[  583.267189][T10164] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  583.410816][T10164] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  583.804913][T10164] usb 5-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  583.907138][T10164] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  583.967405][   T30] audit: type=1400 audit(2000000027.580:988): avc:  denied  { write } for  pid=11813 comm="syz.1.1528" name="rtc0" dev="devtmpfs" ino=921 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  584.009974][T10164] usb 5-1: config 0 descriptor??
[  584.193053][   T30] audit: type=1400 audit(2000000027.820:989): avc:  denied  { checkpoint_restore } for  pid=11823 comm="syz.3.1529" capability=40  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  584.823088][T11828] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1530'.
[  584.842729][T10164] ft260 0003:0403:6030.000D: unknown main item tag 0x0
[  584.857452][T11828] 8021q: adding VLAN 0 to HW filter on device bond2
[  584.907203][T11828] 8021q: adding VLAN 0 to HW filter on device bond3
[  584.915090][T11828] bond2: (slave bond3): Enslaving as an active interface with an up link
[  584.923608][T11829] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1530'.
[  584.932850][T10164] ft260 0003:0403:6030.000D: unknown main item tag 0x0
[  584.994910][T11829] bond2 (unregistering): (slave bond3): Releasing backup interface
[  585.004343][T11829] bond2 (unregistering): Released all slaves
[  585.167372][T10164] ft260 0003:0403:6030.000D: chip code: 0000 0000
[  585.371378][T10164] ft260 0003:0403:6030.000D: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.4-1/input0
[  585.404579][    T9] usb 4-1: new high-speed USB device number 37 using dummy_hcd
[  585.594126][    T9] usb 4-1: Using ep0 maxpacket: 32
[  585.601639][T10164] ft260 0003:0403:6030.000D: failed to retrieve status: -32, no wakeup
[  585.602721][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  585.640677][T10164] ft260 0003:0403:6030.000D: i2c bus error: 0xe
[  585.654253][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  585.676478][T11839] binder: 11837:11839 ioctl c0306201 2000000004c0 returned -14
[  585.685421][T11839] binder_alloc: 11837: binder_alloc_buf, no vma
[  585.698391][    T9] usb 4-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  585.708634][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  585.733568][    T9] usb 4-1: config 0 descriptor??
[  585.791109][   T30] audit: type=1400 audit(2000000029.420:990): avc:  denied  { getopt } for  pid=11843 comm="syz.1.1535" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  585.847293][T11806] netdevsim netdevsim4: Direct firmware load for .
[  585.847293][T11806]  failed with error -2
[  585.861001][T11806] netdevsim netdevsim4: Falling back to sysfs fallback for: .
[  585.861001][T11806] 
[  585.870936][   T30] audit: type=1400 audit(2000000029.490:991): avc:  denied  { firmware_load } for  pid=11805 comm="syz.4.1525" scontext=system_u:system_r:kernel_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  585.976820][T11834] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  585.987201][T11834] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  586.024196][   T10] usb 1-1: new high-speed USB device number 33 using dummy_hcd
[  586.195870][   T10] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  586.207073][   T10] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  586.217177][   T10] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  586.226521][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  586.239164][T11841] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[  586.251392][   T10] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  586.599296][   T30] audit: type=1400 audit(2000000030.230:992): avc:  denied  { write } for  pid=11840 comm="syz.0.1534" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  586.656443][   T30] audit: type=1400 audit(2000000030.280:993): avc:  denied  { read } for  pid=11840 comm="syz.0.1534" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  586.882326][T11859] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  586.981358][T10164] ft260 0003:0403:6030.000D: failed to reset I2C controller: -71
[  587.019749][T11859] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  587.049272][T10164] usb 5-1: USB disconnect, device number 43
[  588.027241][T11870] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=512 sclass=netlink_route_socket pid=11870 comm=syz.4.1540
[  590.257574][    T9] usbhid 4-1:0.0: can't add hid device: -71
[  590.263638][    T9] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  590.450860][    T9] usb 4-1: USB disconnect, device number 37
[  590.578940][   T10] usb 1-1: USB disconnect, device number 33
[  591.494112][T10164] usb 5-1: new high-speed USB device number 44 using dummy_hcd
[  591.664173][T10164] usb 5-1: Using ep0 maxpacket: 16
[  591.996114][T10164] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  592.107046][T10164] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  592.191175][T10164] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  592.204711][T11907] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=20607 sclass=netlink_route_socket pid=11907 comm=syz.3.1549
[  592.217666][T10164] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  592.235710][T10164] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  592.253630][T10164] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  592.267304][T10164] usb 5-1: Manufacturer: syz
[  592.281117][T11909] exFAT-fs (nullb0): mounting with "discard" option, but the device does not support discard
[  592.294962][T11909] exFAT-fs (nullb0): invalid boot record signature
[  592.295355][T10164] usb 5-1: config 0 descriptor??
[  592.301473][T11909] exFAT-fs (nullb0): failed to read boot sector
[  592.315620][T11909] exFAT-fs (nullb0): failed to recognize exfat type
[  592.333620][T11911] bond2: entered promiscuous mode
[  592.338919][T11911] bond2: entered allmulticast mode
[  592.344325][T11911] 8021q: adding VLAN 0 to HW filter on device bond2
[  592.354918][T11911] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1550'.
[  592.363856][T11911] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1550'.
[  592.811406][   T10] usb 5-1: USB disconnect, device number 44
[  592.833949][   T30] audit: type=1400 audit(2000000036.460:994): avc:  denied  { ioctl } for  pid=11915 comm="syz.0.1552" path="socket:[37393]" dev="sockfs" ino=37393 ioctlcmd=0x9408 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  592.868786][T11918] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1551'.
[  593.252813][   T30] audit: type=1400 audit(2000000036.780:995): avc:  denied  { map } for  pid=11916 comm="syz.3.1551" path="socket:[37410]" dev="sockfs" ino=37410 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  594.434753][   T30] audit: type=1400 audit(2000000036.780:996): avc:  denied  { read accept } for  pid=11916 comm="syz.3.1551" path="socket:[37410]" dev="sockfs" ino=37410 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  595.007228][ T5927] usb 4-1: new high-speed USB device number 38 using dummy_hcd
[  595.075865][   T10] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[  595.311080][ T5927] usb 4-1: Using ep0 maxpacket: 16
[  595.369470][ T5927] usb 4-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  595.383486][   T10] usb 2-1: Using ep0 maxpacket: 8
[  595.466365][   T10] usb 2-1: unable to get BOS descriptor or descriptor too short
[  595.487200][ T5927] usb 4-1: config 0 interface 0 altsetting 9 endpoint 0x81 has invalid wMaxPacketSize 0
[  595.571506][   T10] usb 2-1: New USB device found, idVendor=04b4, idProduct=930b, bcdDevice= 0.40
[  595.599122][ T5927] usb 4-1: config 0 interface 0 has no altsetting 0
[  595.637129][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  595.656777][ T5927] usb 4-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00
[  595.700191][   T10] usb 2-1: Product: syz
[  595.717756][ T5927] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  595.737586][   T10] usb 2-1: Manufacturer: syz
[  595.765384][   T10] usb 2-1: SerialNumber: syz
[  595.909461][ T5927] usb 4-1: config 0 descriptor??
[  596.915270][ T5927] nzxt-smart2 0003:1E71:2009.000E: unknown main item tag 0x0
[  596.966158][ T5927] nzxt-smart2 0003:1E71:2009.000E: unknown main item tag 0x0
[  596.974987][ T5927] nzxt-smart2 0003:1E71:2009.000E: unknown main item tag 0x0
[  597.025625][ T5927] nzxt-smart2 0003:1E71:2009.000E: unknown main item tag 0x0
[  597.099361][ T5927] nzxt-smart2 0003:1E71:2009.000E: unknown main item tag 0x0
[  597.120491][ T5927] nzxt-smart2 0003:1E71:2009.000E: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.3-1/input0
[  597.299476][   T10] usb 2-1: can't set first interface for hiFace device.
[  597.309170][   T10] snd-usb-hiface 2-1:1.1: probe with driver snd-usb-hiface failed with error -5
[  597.351981][   T10] usb 2-1: can't set first interface for hiFace device.
[  597.379500][   T10] snd-usb-hiface 2-1:1.2: probe with driver snd-usb-hiface failed with error -5
[  597.389512][ T5807] usb 1-1: new high-speed USB device number 34 using dummy_hcd
[  597.421277][   T10] usb 2-1: USB disconnect, device number 37
[  597.544388][ T5807] usb 1-1: Using ep0 maxpacket: 32
[  597.552301][ T5807] usb 1-1: config 0 has an invalid descriptor of length 169, skipping remainder of the config
[  597.564306][ T5807] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  597.636413][ T5807] usb 1-1: New USB device found, idVendor=0424, idProduct=9941, bcdDevice=c2.57
[  597.645779][ T5807] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  597.657301][ T5807] usb 1-1: Product: syz
[  597.664727][ T5807] usb 1-1: Manufacturer: syz
[  597.669463][ T5807] usb 1-1: SerialNumber: syz
[  597.801281][   T30] audit: type=1400 audit(2000000041.370:997): avc:  denied  { ioctl } for  pid=11959 comm="syz.1.1562" path="socket:[36848]" dev="sockfs" ino=36848 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  597.871499][ T5807] usb 1-1: config 0 descriptor??
[  598.058944][   T30] audit: type=1400 audit(2000000041.370:998): avc:  denied  { bind } for  pid=11959 comm="syz.1.1562" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  598.214677][ T5807] kernel read not supported for file /dsp1 (pid: 5807 comm: kworker/0:3)
[  598.229352][   T30] audit: type=1400 audit(2000000041.370:999): avc:  denied  { connect } for  pid=11959 comm="syz.1.1562" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  598.329620][   T30] audit: type=1400 audit(2000000041.370:1000): avc:  denied  { write } for  pid=11959 comm="syz.1.1562" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  598.394118][ T5807] usb 4-1: reset high-speed USB device number 38 using dummy_hcd
[  598.665955][   T30] audit: type=1400 audit(2000000041.930:1001): avc:  denied  { bind } for  pid=11945 comm="syz.0.1560" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  599.814118][  T792] usb 1-1: USB disconnect, device number 34
[  599.896658][T11983] block nbd0: shutting down sockets
[  600.139405][ T5808] Bluetooth: hci2: Dropping invalid advertising data
[  600.223684][T11989] openvswitch: netlink: IP tunnel dst address not specified
[  600.235156][   T30] audit: type=1400 audit(2000000043.870:1002): avc:  denied  { append } for  pid=11991 comm="syz.1.1572" name="card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  601.005678][   T10] usb 4-1: USB disconnect, device number 38
[  601.435785][   T30] audit: type=1400 audit(2000000045.050:1003): avc:  denied  { read write } for  pid=11998 comm="syz.4.1574" name="file0" dev="fuse" ino=67 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[  601.464336][   T30] audit: type=1400 audit(2000000045.050:1004): avc:  denied  { open } for  pid=11998 comm="syz.4.1574" path="/313/file0/file0" dev="fuse" ino=67 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[  601.608596][   T30] audit: type=1400 audit(2000000045.240:1005): avc:  denied  { write } for  pid=11998 comm="syz.4.1574" name="card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  601.654523][T12004] xt_cluster: node mask cannot exceed total number of nodes
[  601.695011][ T1087] wlan1: Trigger new scan to find an IBSS to join
[  603.069793][T12025] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1579'.
[  603.112359][T12025] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1579'.
[  603.121317][T12025] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1579'.
[  603.260613][T12032] netlink: 'syz.3.1581': attribute type 1 has an invalid length.
[  603.274098][   T30] audit: type=1400 audit(2000000046.890:1006): avc:  denied  { accept } for  pid=12026 comm="syz.3.1581" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1
[  604.864630][T12042] loop6: detected capacity change from 0 to 2640
[  604.871279][T12042] buffer_io_error: 138 callbacks suppressed
[  604.871290][T12042] Buffer I/O error on dev loop6, logical block 0, async page read
[  604.885164][T12042] Buffer I/O error on dev loop6, logical block 0, async page read
[  604.892985][T12042] Buffer I/O error on dev loop6, logical block 0, async page read
[  604.900831][T12042] Buffer I/O error on dev loop6, logical block 0, async page read
[  604.908671][T12042] Buffer I/O error on dev loop6, logical block 0, async page read
[  604.916554][T12042] Buffer I/O error on dev loop6, logical block 0, async page read
[  604.924539][T12042] Buffer I/O error on dev loop6, logical block 0, async page read
[  604.932345][T12042] Buffer I/O error on dev loop6, logical block 0, async page read
[  604.940184][T12042] ldm_validate_partition_table(): Disk read failed.
[  604.946834][T12042] Buffer I/O error on dev loop6, logical block 0, async page read
[  604.954676][T12042] Buffer I/O error on dev loop6, logical block 0, async page read
[  604.962518][T12042] Dev loop6: unable to read RDB block 0
[  604.968356][T12042]  loop6: unable to read partition table
[  604.974163][T12042] loop_reread_partitions: partition scan of loop6 (3Ÿ¾‚³˜) failed (rc=-5)
[  605.446131][T12050] input: syz0 as /devices/virtual/input/input54
[  605.459793][T12050] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=512 sclass=netlink_route_socket pid=12050 comm=syz.0.1584
[  605.694615][ T1116] wlan1: Trigger new scan to find an IBSS to join
[  605.954317][T10164] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  606.177989][T10164] usb 2-1: device descriptor read/64, error -71
[  606.207227][T11938] udevd[11938]: setting owner of /dev/input/event4 to uid=0, gid=104 failed: No such file or directory
[  606.529452][   T30] audit: type=1326 audit(2000000050.160:1007): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12060 comm="syz.2.1589" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe9fab9c799 code=0x0
[  606.704176][T10164] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[  606.896720][   T30] audit: type=1400 audit(2000000050.370:1008): avc:  denied  { execute } for  pid=12057 comm="syz.0.1588" name="file0" dev="tmpfs" ino=1674 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  606.925271][   T30] audit: type=1400 audit(2000000050.400:1009): avc:  denied  { remount } for  pid=12057 comm="syz.0.1588" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  606.946406][   T30] audit: type=1400 audit(2000000050.400:1010): avc:  denied  { execute_no_trans } for  pid=12057 comm="syz.0.1588" path="/312/file0" dev="tmpfs" ino=1674 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  606.994700][   T13] wlan1: Creating new IBSS network, BSSID ca:2c:c7:58:9a:4b
[  607.141107][T10164] usb 2-1: device descriptor read/64, error -71
[  607.869553][T12075] syzkaller0: entered promiscuous mode
[  607.894434][T10164] usb usb2-port1: attempt power cycle
[  607.924146][T12075] syzkaller0: entered allmulticast mode
[  608.047815][T12080] FAULT_INJECTION: forcing a failure.
[  608.047815][T12080] name failslab, interval 1, probability 0, space 0, times 0
[  608.060679][T12080] CPU: 0 UID: 0 PID: 12080 Comm: syz.0.1593 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  608.060710][T12080] Tainted: [L]=SOFTLOCKUP
[  608.060716][T12080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  608.060728][T12080] Call Trace:
[  608.060734][T12080]  <TASK>
[  608.060742][T12080]  dump_stack_lvl+0x100/0x190
[  608.060781][T12080]  should_fail_ex.cold+0x5/0xa
[  608.060810][T12080]  should_failslab+0xc2/0x120
[  608.060834][T12080]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  608.060866][T12080]  ? do_getname+0x35/0x390
[  608.060894][T12080]  ? tracing_record_taskinfo_sched_switch+0xac/0x560
[  608.060933][T12080]  do_getname+0x35/0x390
[  608.060964][T12080]  do_sys_openat2+0xc5/0x1e0
[  608.060993][T12080]  ? __pfx_do_sys_openat2+0x10/0x10
[  608.061027][T12080]  ? kvm_sched_clock_read+0x11/0x20
[  608.061062][T12080]  __x64_sys_openat+0x12d/0x210
[  608.061091][T12080]  ? __pfx___x64_sys_openat+0x10/0x10
[  608.061121][T12080]  ? trace_csd_function_exit+0x73/0x210
[  608.061152][T12080]  ? __pfx___rdmsr_safe_on_cpu+0x10/0x10
[  608.061191][T12080]  do_syscall_64+0x106/0xf80
[  608.061221][T12080]  ? clear_bhb_loop+0x40/0x90
[  608.061248][T12080]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  608.061270][T12080] RIP: 0033:0x7f29f835cfce
[  608.061289][T12080] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  608.061310][T12080] RSP: 002b:00007f29f91f9ea8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  608.061330][T12080] RAX: ffffffffffffffda RBX: 00007f29f91fc6c0 RCX: 00007f29f835cfce
[  608.061345][T12080] RDX: 0000000000000002 RSI: 00007f29f8431f90 RDI: ffffffffffffff9c
[  608.061366][T12080] RBP: 00007f29f91fc090 R08: 0000000000000000 R09: 0000000000000000
[  608.061379][T12080] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000024
[  608.061392][T12080] R13: 0000200000000e40 R14: 0000000000000001 R15: 00007fffc57d9588
[  608.061421][T12080]  </TASK>
[  608.344320][T10164] usb 2-1: new high-speed USB device number 40 using dummy_hcd
[  608.367205][T10164] usb 2-1: device descriptor read/8, error -71
[  608.604266][T10164] usb 2-1: new high-speed USB device number 41 using dummy_hcd
[  608.897572][T10164] usb 2-1: device descriptor read/8, error -71
[  609.034467][T10164] usb usb2-port1: unable to enumerate USB device
[  609.084442][T12093] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1597'.
[  609.324257][T10164] usb 2-1: new high-speed USB device number 42 using dummy_hcd
[  609.332405][ T5885] usb 3-1: new high-speed USB device number 48 using dummy_hcd
[  609.484129][ T5885] usb 3-1: device descriptor read/64, error -71
[  609.494128][T10164] usb 2-1: Using ep0 maxpacket: 32
[  609.501143][T10164] usb 2-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7
[  609.529526][T10164] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  609.551517][T10164] usb 2-1: config 0 descriptor??
[  609.693274][T12099] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=512 sclass=netlink_route_socket pid=12099 comm=syz.0.1599
[  609.754123][ T5885] usb 3-1: new high-speed USB device number 49 using dummy_hcd
[  610.252929][T12098] input: syz0 as /devices/virtual/input/input55
[  610.626533][T10164] gspca_main: sq930x-2.14.0 probing 041e:403c
[  610.894444][ T5807] usb 4-1: new high-speed USB device number 39 using dummy_hcd
[  611.094363][ T5807] usb 4-1: Using ep0 maxpacket: 32
[  611.122158][ T5807] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  611.176588][ T5807] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  611.210809][ T5807] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  611.279027][ T5807] usb 4-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00
[  611.493455][ T5885] usb 3-1: device descriptor read/64, error -71
[  611.500263][T10164] gspca_sq930x: ucbus_write failed -71
[  611.506790][T10164] sq930x 2-1:0.0: probe with driver sq930x failed with error -71
[  611.516547][T10164] usb 2-1: USB disconnect, device number 42
[  611.550842][ T5807] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  611.585878][ T5807] usb 4-1: config 0 descriptor??
[  611.604381][ T5885] usb usb3-port1: attempt power cycle
[  611.968736][ T5885] usb 3-1: new high-speed USB device number 50 using dummy_hcd
[  611.969871][T12116] binder: 12113:12116 ioctl c0306201 2000000004c0 returned -14
[  612.047999][T12116] binder_alloc: 12113: binder_alloc_buf, no vma
[  612.148706][ T5885] usb 3-1: device descriptor read/8, error -71
[  612.330687][T12121] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  612.391598][T12121] netlink: 84 bytes leftover after parsing attributes in process `syz.2.1606'.
[  612.486137][T12122] nbd: must specify a size in bytes for the device
[  612.546495][T12105] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  612.567080][T12105] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  612.578803][ T5807] usbhid 4-1:0.0: can't add hid device: -71
[  612.585825][ T5807] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  612.619087][ T5807] usb 4-1: USB disconnect, device number 39
[  613.064093][ T5807] usb 2-1: new high-speed USB device number 43 using dummy_hcd
[  613.184206][   T10] usb 1-1: new high-speed USB device number 35 using dummy_hcd
[  613.200311][T12146] syzkaller0: entered promiscuous mode
[  613.206452][T12146] syzkaller0: entered allmulticast mode
[  613.223725][T12146] 0: reclassify loop, rule prio 0, protocol 800
[  613.230973][ T5807] usb 2-1: Using ep0 maxpacket: 16
[  613.244090][ T5885] usb 3-1: new high-speed USB device number 51 using dummy_hcd
[  613.244436][ T5807] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  613.276843][ T5807] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  613.291069][ T5807] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  613.302688][ T5807] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  613.304839][ T5885] usb 3-1: Using ep0 maxpacket: 8
[  613.310868][ T5807] usb 2-1: Product: syz
[  613.320480][ T5807] usb 2-1: Manufacturer: syz
[  613.322316][ T5885] usb 3-1: config 0 has an invalid interface number: 55 but max is 0
[  613.325324][ T5807] usb 2-1: SerialNumber: syz
[  613.338381][ T5885] usb 3-1: config 0 has no interface number 0
[  613.341146][ T5807] usb 2-1: config 0 descriptor??
[  613.354172][   T10] usb 1-1: Using ep0 maxpacket: 32
[  613.364640][ T5885] usb 3-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  613.368489][   T10] usb 1-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=d4.15
[  613.388283][ T5885] usb 3-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  613.390829][ T5807] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  613.400280][ T5885] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  613.400355][ T5885] usb 3-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  613.400522][ T5885] usb 3-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  613.400585][ T5885] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  613.405936][ T5885] usb 3-1: config 0 descriptor??
[  613.424185][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  613.424213][   T10] usb 1-1: Product: syz
[  613.424229][   T10] usb 1-1: Manufacturer: syz
[  613.424245][   T10] usb 1-1: SerialNumber: syz
[  613.425674][ T5807] em28xx 2-1:0.0: Audio interface 0 found (Vendor Class)
[  613.491521][   T10] usb 1-1: config 0 descriptor??
[  613.594416][ T5885] ldusb 3-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  613.677235][T12151] IPVS: set_ctl: invalid protocol: 1 0.0.0.0:1536
[  613.727948][   T10] RobotFuzz Open Source InterFace, OSIF 1-1:0.0: version d4.15 found at bus 001 address 035
[  613.804217][ T5885] usb 5-1: new low-speed USB device number 45 using dummy_hcd
[  613.812879][T10164] usb 3-1: USB disconnect, device number 51
[  613.823501][T10164] ldusb 3-1:0.55: LD USB Device #0 now disconnected
[  613.967210][ T5885] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  613.978446][ T5885] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 64, setting to 8
[  613.989589][ T5885] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  613.990057][ T5807] em28xx 2-1:0.0: chip ID is em2874
[  614.008561][ T5885] usb 5-1: New USB device found, idVendor=0755, idProduct=2626, bcdDevice= 0.00
[  614.018726][ T5885] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  614.052533][ T5885] usb 5-1: config 0 descriptor??
[  614.058747][T12148] raw-gadget.3 gadget.4: fail, usb_ep_enable returned -22
[  614.544979][ T5885] aureal 0003:0755:2626.000F: ignoring exceeding usage max
[  614.552901][ T5885] aureal 0003:0755:2626.000F: item fetching failed at offset 5/6
[  614.564929][ T5885] aureal 0003:0755:2626.000F: probe with driver aureal failed with error -22
[  614.636671][T12161] openvswitch: netlink: IP tunnel TTL not specified.
[  614.657416][   T30] audit: type=1400 audit(2000000058.280:1011): avc:  denied  { lock } for  pid=12157 comm="syz.2.1620" path="socket:[39094]" dev="sockfs" ino=39094 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1
[  614.989083][T12163] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1613'.
[  615.040499][ T5885] usb 5-1: USB disconnect, device number 45
[  615.298675][   T30] audit: type=1400 audit(2000000058.930:1012): avc:  denied  { ioctl } for  pid=12164 comm="syz.3.1621" path="socket:[38285]" dev="sockfs" ino=38285 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  616.111932][T12174] overlayfs: missing 'lowerdir'
[  616.172316][ T5885] usb 2-1: USB disconnect, device number 43
[  616.226603][T12169] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12169 comm=syz.2.1622
[  616.241623][ T5885] em28xx 2-1:0.0: Disconnecting em28xx
[  616.254233][T12175] binder: 12172:12175 ioctl c0306201 2000000004c0 returned -14
[  616.262216][T12175] binder_alloc: 12172: binder_alloc_buf, no vma
[  616.280212][ T5885] em28xx 2-1:0.0: Freeing device
[  616.684479][ T5885] usb 2-1: new high-speed USB device number 44 using dummy_hcd
[  616.737876][ T5807] usb 1-1: USB disconnect, device number 35
[  616.897947][   T30] audit: type=1400 audit(2000000060.530:1013): avc:  denied  { bind } for  pid=12193 comm="syz.0.1631" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  616.995589][T12199] lo speed is unknown, defaulting to 1000
[  617.001753][T12199] lo speed is unknown, defaulting to 1000
[  617.017031][T12199] lo speed is unknown, defaulting to 1000
[  617.088059][T12199] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  617.404352][   T30] audit: type=1400 audit(2000000060.850:1014): avc:  denied  { write } for  pid=12188 comm="syz.2.1629" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  617.424420][   T30] audit: type=1400 audit(2000000060.880:1015): avc:  denied  { getopt } for  pid=12188 comm="syz.2.1629" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  617.446889][T12199] lo speed is unknown, defaulting to 1000
[  617.453583][T12199] lo speed is unknown, defaulting to 1000
[  617.460578][T12199] lo speed is unknown, defaulting to 1000
[  617.467277][T12199] lo speed is unknown, defaulting to 1000
[  617.473871][T12199] lo speed is unknown, defaulting to 1000
[  617.528894][ T5885] usb 2-1: config 0 has an invalid interface number: 120 but max is 0
[  617.537290][ T5885] usb 2-1: config 0 has no interface number 0
[  617.543472][ T5885] usb 2-1: config 0 interface 120 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  617.586874][ T5885] usb 2-1: config 0 interface 120 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  617.674454][ T5885] usb 2-1: config 0 interface 120 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  617.684256][   T10] usb 4-1: new high-speed USB device number 40 using dummy_hcd
[  617.686000][ T5885] usb 2-1: New USB device found, idVendor=16e3, idProduct=f9e9, bcdDevice= 0.58
[  617.702613][ T5885] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  617.780145][ T5885] usb 2-1: config 0 descriptor??
[  617.799418][T12180] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  617.843536][T12209] netlink: 'syz.2.1634': attribute type 1 has an invalid length.
[  617.883752][ T5885] input: USB Touchscreen 16e3:f9e9 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.120/input/input56
[  617.904879][   T10] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  617.945478][   T10] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  618.465317][   T10] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  618.504943][   T10] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=31.c9
[  618.561461][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  618.618177][   T10] usb 4-1: config 0 descriptor??
[  618.807361][ T5885] usb 1-1: new high-speed USB device number 36 using dummy_hcd
[  618.820955][   T30] audit: type=1400 audit(2000000062.400:1016): avc:  denied  { create } for  pid=12179 comm="syz.1.1625" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1
[  619.074092][ T5885] usb 1-1: Using ep0 maxpacket: 32
[  619.097299][ T5885] usb 1-1: config 0 has an invalid interface number: 35 but max is 0
[  619.105453][ T5885] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  619.124087][ T5885] usb 1-1: config 0 has no interface number 0
[  619.146085][   T10] ath6kl: Failed to submit usb control message: -71
[  619.152838][ T5885] usb 1-1: config 0 interface 35 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  619.171881][   T10] ath6kl: unable to send the bmi data to the device: -71
[  619.180724][ T5885] usb 1-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.ad
[  619.190567][ T5885] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  619.220930][ T5885] usb 1-1: Product: syz
[  619.242776][ T5885] usb 1-1: Manufacturer: syz
[  619.251616][ T5885] usb 1-1: SerialNumber: syz
[  619.253296][   T10] ath6kl: Unable to send get target info: -71
[  619.334999][ T5885] usb 1-1: config 0 descriptor??
[  619.537143][T12216] ufs: You didn't specify the type of your ufs filesystem
[  619.537143][T12216] 
[  619.537143][T12216] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ...
[  619.537143][T12216] 
[  619.537143][T12216] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old
[  619.657595][   T10] ath6kl: Failed to init ath6kl core: -71
[  619.705647][   T10] ath6kl_usb 4-1:0.0: probe with driver ath6kl_usb failed with error -71
[  619.780243][   T10] usb 4-1: USB disconnect, device number 40
[  619.903067][T12216] ufs: ufstype=old is supported read-only
[  619.916374][ T5885] usb 2-1: USB disconnect, device number 44
[  619.986494][T12216] ufs: ufs_fill_super(): bad magic number
[  620.145653][   T30] audit: type=1400 audit(2000000063.770:1017): avc:  denied  { create } for  pid=12203 comm="syz.0.1632" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  620.236421][T12233] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  620.262277][   T30] audit: type=1800 audit(2000000063.830:1018): pid=12205 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=set_data cause=unavailable-hash-algorithm comm="syz.0.1632" name="/newroot/322/pids.events" dev="tmpfs" ino=1736 res=0 errno=0
[  620.364324][ T5808] Bluetooth: hci2: unexpected subevent 0x22 length: 10 < 19
[  620.372674][   T30] audit: type=1400 audit(2000000063.850:1019): avc:  denied  { ioctl } for  pid=12230 comm="syz.3.1638" path="socket:[39373]" dev="sockfs" ino=39373 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  620.398654][   T30] audit: type=1400 audit(2000000063.890:1020): avc:  denied  { connect } for  pid=12225 comm="syz.2.1637" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  620.454407][T12235] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1638'.
[  621.044108][ T5885] usb 2-1: new high-speed USB device number 45 using dummy_hcd
[  621.218906][T12240] FAULT_INJECTION: forcing a failure.
[  621.218906][T12240] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  621.233454][T12240] CPU: 0 UID: 0 PID: 12240 Comm: syz.3.1639 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  621.233489][T12240] Tainted: [L]=SOFTLOCKUP
[  621.233497][T12240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  621.233510][T12240] Call Trace:
[  621.233516][T12240]  <TASK>
[  621.233525][T12240]  dump_stack_lvl+0x100/0x190
[  621.233566][T12240]  should_fail_ex.cold+0x5/0xa
[  621.233597][T12240]  _copy_to_user+0x32/0xd0
[  621.233622][T12240]  simple_read_from_buffer+0xcb/0x170
[  621.233648][T12240]  proc_fail_nth_read+0x1af/0x230
[  621.233735][T12240]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  621.233771][T12240]  ? rw_verify_area+0xce/0x6d0
[  621.233808][T12240]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  621.233840][T12240]  vfs_read+0x1e4/0xb30
[  621.233877][T12240]  ? __pfx_vfs_read+0x10/0x10
[  621.233906][T12240]  ? __fget_files+0x215/0x3d0
[  621.233934][T12240]  ? __fget_files+0x21f/0x3d0
[  621.233963][T12240]  ksys_read+0x12a/0x250
[  621.233984][T12240]  ? __pfx_ksys_read+0x10/0x10
[  621.234012][T12240]  do_syscall_64+0x106/0xf80
[  621.234039][T12240]  ? clear_bhb_loop+0x40/0x90
[  621.234064][T12240]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  621.234083][T12240] RIP: 0033:0x7f57a375cfce
[  621.234101][T12240] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  621.234119][T12240] RSP: 002b:00007f57a45e5fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  621.234139][T12240] RAX: ffffffffffffffda RBX: 00007f57a45e66c0 RCX: 00007f57a375cfce
[  621.234152][T12240] RDX: 000000000000000f RSI: 00007f57a45e60a0 RDI: 0000000000000004
[  621.234164][T12240] RBP: 00007f57a45e6090 R08: 0000000000000000 R09: 0000000000000000
[  621.234175][T12240] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  621.234187][T12240] R13: 00007f57a3a16038 R14: 00007f57a3a15fa0 R15: 00007ffc9d7838c8
[  621.234213][T12240]  </TASK>
[  621.234215][ T5885] usb 2-1: Using ep0 maxpacket: 16
[  621.436444][   T30] audit: type=1400 audit(2000000065.070:1021): avc:  denied  { watch_reads } for  pid=12241 comm="syz.3.1640" path="/348" dev="tmpfs" ino=1837 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  621.461772][ T5885] usb 2-1: config 157 has an invalid descriptor of length 0, skipping remainder of the config
[  621.472261][ T5885] usb 2-1: config 157 has 0 interfaces, different from the descriptor's value: 1
[  621.484321][ T5885] usb 2-1: New USB device found, idVendor=0db0, idProduct=5581, bcdDevice=f9.22
[  621.493538][ T5885] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  621.501948][ T5885] usb 2-1: Product: syz
[  621.506191][ T5885] usb 2-1: Manufacturer: syz
[  621.511037][ T5885] usb 2-1: SerialNumber: syz
[  621.601820][T10164] usb 1-1: USB disconnect, device number 36
[  621.613202][   T30] audit: type=1400 audit(2000000065.230:1022): avc:  denied  { unmount } for  pid=5805 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  621.714250][   T10] usb 5-1: new high-speed USB device number 46 using dummy_hcd
[  621.722801][   T30] audit: type=1400 audit(2000000065.300:1023): avc:  denied  { mount } for  pid=12241 comm="syz.3.1640" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  622.058390][   T10] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  622.066541][   T30] audit: type=1400 audit(2000000065.690:1024): avc:  denied  { append } for  pid=12250 comm="syz.2.1644" name="ubi_ctrl" dev="devtmpfs" ino=706 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  622.096736][   T10] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  622.107903][   T10] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  622.131441][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  622.141056][   T10] usb 5-1: SerialNumber: syz
[  622.141587][   T30] audit: type=1400 audit(2000000065.740:1025): avc:  denied  { getopt } for  pid=12252 comm="syz.0.1643" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  622.566323][   T10] usb 5-1: 0:2 : does not exist
[  622.648576][   T10] usb 5-1: USB disconnect, device number 46
[  622.853092][   T30] audit: type=1400 audit(2000000322.472:1026): avc:  denied  { unmount } for  pid=5806 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  623.451986][T12277] input: syz0 as /devices/virtual/input/input57
[  623.469566][T12277] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=512 sclass=netlink_route_socket pid=12277 comm=syz.4.1650
[  623.762313][ T5927] usb 2-1: USB disconnect, device number 45
[  624.194558][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[  624.216898][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[  624.566177][T12295] netlink: 220 bytes leftover after parsing attributes in process `syz.0.1653'.
[  624.981153][T12298] comedi comedi3: comedi_config --init_data is deprecated
[  625.806229][T12313] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1658'.
[  625.817639][T12312] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1657'.
[  626.548251][T12328] xt_hashlimit: size too large, truncated to 1048576
[  626.958880][T12334] netlink: 'syz.3.1663': attribute type 1 has an invalid length.
[  627.260905][T12334] 8021q: adding VLAN 0 to HW filter on device bond1
[  627.474087][   T30] kauditd_printk_skb: 1 callbacks suppressed
[  627.474105][   T30] audit: type=1400 audit(2000000327.092:1028): avc:  denied  { create } for  pid=12339 comm="syz.0.1664" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmsvc_socket permissive=1
[  627.669232][T12334] vivid-006: disconnect
[  627.924487][T12327] vivid-006: reconnect
[  628.167089][T12342] delete_channel: no stack
[  628.568287][T12371] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1670'.
[  628.582716][T12371] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1670'.
[  628.591790][T12371] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1670'.
[  629.312790][   T30] audit: type=1400 audit(2000000328.812:1029): avc:  denied  { name_bind } for  pid=12374 comm="syz.3.1673" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1
[  633.700234][T12428] syzkaller0: entered promiscuous mode
[  633.705871][T12428] syzkaller0: entered allmulticast mode
[  633.939372][T12432] sp0: Synchronizing with TNC
[  633.948001][   T30] audit: type=1400 audit(2000000333.572:1030): avc:  denied  { open } for  pid=12429 comm="syz.3.1685" path="/dev/ptyqa" dev="devtmpfs" ino=129 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1
[  634.214637][   T30] audit: type=1400 audit(2000000333.572:1031): avc:  denied  { ioctl } for  pid=12429 comm="syz.3.1685" path="/dev/ptyqa" dev="devtmpfs" ino=129 ioctlcmd=0x5423 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1
[  634.452825][T12438] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=2324 sclass=netlink_tcpdiag_socket pid=12438 comm=syz.1.1687
[  635.340221][   T30] audit: type=1400 audit(2000000334.962:1032): avc:  denied  { mount } for  pid=12436 comm="syz.2.1688" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1
[  635.654558][   T30] audit: type=1400 audit(2000000335.272:1033): avc:  denied  { watch_reads } for  pid=12450 comm="syz.4.1690" path="pipe:[5287]" dev="pipefs" ino=5287 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[  635.897067][ T5875] IPVS: starting estimator thread 0...
[  636.004344][T12460] IPVS: using max 37 ests per chain, 88800 per kthread
[  636.174209][ T5807] usb 5-1: new full-speed USB device number 47 using dummy_hcd
[  636.294098][ T5927] usb 2-1: new high-speed USB device number 46 using dummy_hcd
[  636.764068][ T5927] usb 2-1: Using ep0 maxpacket: 8
[  636.927535][   T30] audit: type=1400 audit(2000000336.552:1034): avc:  denied  { write } for  pid=12465 comm="syz.0.1694" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  637.075188][ T1100] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  637.096372][   T30] audit: type=1400 audit(2000000336.582:1035): avc:  denied  { open } for  pid=12465 comm="syz.0.1694" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  637.626248][ T5807] usb 5-1: config 0 has an invalid interface number: 113 but max is 0
[  637.638555][T12468] binder: 12465:12468 ioctl 4018620d 0 returned -22
[  637.898009][ T5807] usb 5-1: config 0 has no interface number 0
[  637.904704][ T5927] usb 2-1: unable to get BOS descriptor or descriptor too short
[  637.912596][ T5807] usb 5-1: config 0 interface 113 altsetting 2 has an endpoint descriptor with address 0x14, changing to 0x4
[  637.929400][ T5807] usb 5-1: config 0 interface 113 altsetting 2 endpoint 0x82 has invalid maxpacket 65535, setting to 64
[  637.941366][   T30] audit: type=1400 audit(2000000337.552:1036): avc:  denied  { read } for  pid=12465 comm="syz.0.1694" path="socket:[40577]" dev="sockfs" ino=40577 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  637.941370][ T5807] usb 5-1: config 0 interface 113 has no altsetting 0
[  637.983265][ T5927] usb 2-1: New USB device found, idVendor=04b4, idProduct=930b, bcdDevice= 0.40
[  637.992532][ T5927] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  638.000991][ T5927] usb 2-1: Product: syz
[  638.005284][ T5927] usb 2-1: Manufacturer: syz
[  638.009931][ T5927] usb 2-1: SerialNumber: syz
[  638.362500][ T5807] usb 5-1: New USB device found, idVendor=054c, idProduct=02e1, bcdDevice=e2.c8
[  638.384159][ T5807] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  638.437269][ T5807] usb 5-1: Product: syz
[  638.441517][ T5807] usb 5-1: Manufacturer: syz
[  638.485678][ T5807] usb 5-1: config 0 descriptor??
[  638.501386][ T5807] usb 5-1: can't set config #0, error -71
[  638.554403][ T5807] usb 5-1: USB disconnect, device number 47
[  638.692670][T12481] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1698'.
[  638.753543][ T5927] usb 2-1: can't set first interface for hiFace device.
[  638.803194][ T5927] snd-usb-hiface 2-1:1.1: probe with driver snd-usb-hiface failed with error -5
[  639.131370][ T5927] usb 2-1: can't set first interface for hiFace device.
[  639.138538][ T5927] snd-usb-hiface 2-1:1.2: probe with driver snd-usb-hiface failed with error -5
[  639.151655][ T5927] usb 2-1: USB disconnect, device number 46
[  639.234807][T11776] udevd[11776]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  639.348750][T12494] netlink: 'syz.2.1703': attribute type 1 has an invalid length.
[  639.385174][   T30] audit: type=1400 audit(2000000339.012:1037): avc:  denied  { connect } for  pid=12493 comm="syz.2.1703" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  640.774131][ T5927] usb 1-1: new high-speed USB device number 37 using dummy_hcd
[  641.304155][ T5927] usb 1-1: Using ep0 maxpacket: 8
[  641.490951][ T5927] usb 1-1: config 179 has an invalid descriptor of length 52, skipping remainder of the config
[  641.511708][ T5927] usb 1-1: config 179 has 0 interfaces, different from the descriptor's value: 1
[  641.531076][   T30] audit: type=1400 audit(2000000341.152:1038): avc:  denied  { write } for  pid=12483 comm="syz.3.1701" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  641.564093][ T5927] usb 1-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[  641.733793][T12522] input: syz0 as /devices/virtual/input/input59
[  641.770511][T12522] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=512 sclass=netlink_route_socket pid=12522 comm=syz.4.1707
[  642.664438][ T5927] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  643.153232][   T30] audit: type=1400 audit(2000000342.772:1039): avc:  denied  { connect } for  pid=12532 comm="syz.1.1711" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  644.071986][ T5875] usb 2-1: new high-speed USB device number 47 using dummy_hcd
[  644.252224][ T5875] usb 2-1: Using ep0 maxpacket: 16
[  644.268733][ T5875] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  644.284087][ T5875] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  644.301409][ T5875] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  644.362833][ T5875] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  644.398742][ T5875] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  644.459055][ T5875] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  644.488916][ T5875] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  644.504170][  T792] usb 4-1: new high-speed USB device number 41 using dummy_hcd
[  644.529313][ T5875] usb 2-1: Manufacturer: syz
[  644.557736][ T5875] usb 2-1: config 0 descriptor??
[  644.655256][  T792] usb 4-1: device descriptor read/64, error -71
[  644.797493][ T5949] usb 1-1: USB disconnect, device number 37
[  644.875783][ T5875] rc_core: IR keymap rc-hauppauge not found
[  644.881722][ T5875] Registered IR keymap rc-empty
[  644.896895][  T792] usb 4-1: new high-speed USB device number 42 using dummy_hcd
[  644.944515][ T5875] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  645.073381][ T5875] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  645.118187][ T5875] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0
[  645.164117][  T792] usb 4-1: device descriptor read/64, error -71
[  645.226926][ T5875] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input60
[  645.281164][ T5875] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  645.324972][  T792] usb usb4-port1: attempt power cycle
[  645.454315][ T5875] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  645.474481][ T5875] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  645.497348][ T5875] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  645.567836][T12593] netlink: 212348 bytes leftover after parsing attributes in process `syz.2.1723'.
[  645.978447][ T5875] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  646.012571][ T5875] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  646.064134][ T5875] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  646.215752][T12600] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1726'.
[  646.226137][ T5875] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  646.254185][ T5875] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  646.279279][ T5875] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  646.349498][  T792] usb 4-1: new high-speed USB device number 43 using dummy_hcd
[  646.393777][  T792] usb 4-1: device descriptor read/8, error -71
[  646.415982][ T5875] mceusb 2-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  646.481324][T12607] openvswitch: netlink: IP tunnel TTL not specified.
[  646.892577][ T5875] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  646.962964][ T5875] usb 2-1: USB disconnect, device number 47
[  646.976434][  T792] usb 4-1: new high-speed USB device number 44 using dummy_hcd
[  647.017926][  T792] usb 4-1: device descriptor read/8, error -71
[  647.148495][  T792] usb usb4-port1: unable to enumerate USB device
[  647.162326][   T30] audit: type=1326 audit(2000000346.782:1040): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12614 comm="syz.0.1728" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f29f839c799 code=0x0
[  647.793127][T12633] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1732'.
[  647.851704][   T30] audit: type=1400 audit(2000000347.472:1041): avc:  denied  { map } for  pid=12628 comm="syz.3.1731" path="/dev/tty1" dev="devtmpfs" ino=20 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tty_device_t tclass=chr_file permissive=1
[  648.043928][T12638] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1733'.
[  648.144134][  T792] usb 4-1: new high-speed USB device number 45 using dummy_hcd
[  648.157407][T12638] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  648.775796][  T792] usb 4-1: config index 0 descriptor too short (expected 23569, got 27)
[  648.790478][T12638] batadv_slave_1 (unregistering): left allmulticast mode
[  648.806919][  T792] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  648.939584][  T792] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  648.988204][  T792] usb 4-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  649.044145][  T792] usb 4-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  649.066513][T12638] batman_adv: batadv0: Removing interface: batadv_slave_1
[  649.090563][  T792] usb 4-1: Manufacturer: syz
[  649.115633][  T792] usb 4-1: config 0 descriptor??
[  649.128886][  T792] igorplugusb 4-1:0.0: incorrect number of endpoints
[  649.368549][ T5807] usb 4-1: USB disconnect, device number 45
[  649.453844][   T30] audit: type=1326 audit(2000000349.072:1042): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12670 comm="syz.2.1740" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fe9fab9c799 code=0x0
[  649.726723][   T30] audit: type=1400 audit(2000000349.342:1043): avc:  denied  { ioctl } for  pid=12673 comm="syz.1.1741" path="socket:[41978]" dev="sockfs" ino=41978 ioctlcmd=0x89e2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  649.822996][   T30] audit: type=1400 audit(2000000349.402:1044): avc:  denied  { connect } for  pid=12673 comm="syz.1.1741" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  649.932441][   T30] audit: type=1400 audit(2000000349.552:1045): avc:  denied  { lock } for  pid=12683 comm="syz.4.1744" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  650.580255][T12696] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1745'.
[  650.633063][T12696] : entered promiscuous mode
[  650.634450][T12701] ubi: mtd0 is already attached to ubi31
[  650.720011][T12704] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1747'.
[  651.190653][T12712] syzkaller0: entered promiscuous mode
[  651.198708][T12712] syzkaller0: entered allmulticast mode
[  651.201018][  T792] libceph: connect (1)[c::]:6789 error -22
[  651.221800][  T792] libceph: mon0 (1)[c::]:6789 connect error
[  651.254116][T12716] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1750'.
[  651.328989][T12717] binder: 12714:12717 ioctl c0306201 2000000004c0 returned -14
[  651.436961][   T30] audit: type=1400 audit(2000000350.972:1046): avc:  denied  { transfer } for  pid=12714 comm="syz.4.1752" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  651.457384][T12708] ceph: No mds server is up or the cluster is laggy
[  651.488063][  T792] libceph: connect (1)[c::]:6789 error -22
[  651.494891][  T792] libceph: mon0 (1)[c::]:6789 connect error
[  651.760044][   T30] audit: type=1400 audit(2000000351.382:1047): avc:  denied  { connect } for  pid=12706 comm="syz.0.1750" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  651.810099][   T30] audit: type=1400 audit(2000000351.432:1048): avc:  denied  { lock } for  pid=12706 comm="syz.0.1750" path="socket:[42425]" dev="sockfs" ino=42425 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1
[  651.906619][T12722] FAULT_INJECTION: forcing a failure.
[  651.906619][T12722] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  651.950258][T12722] CPU: 0 UID: 0 PID: 12722 Comm: syz.4.1755 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  651.950295][T12722] Tainted: [L]=SOFTLOCKUP
[  651.950301][T12722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  651.950313][T12722] Call Trace:
[  651.950320][T12722]  <TASK>
[  651.950328][T12722]  dump_stack_lvl+0x100/0x190
[  651.950368][T12722]  should_fail_ex.cold+0x5/0xa
[  651.950394][T12722]  _copy_to_user+0x32/0xd0
[  651.950417][T12722]  simple_read_from_buffer+0xcb/0x170
[  651.950440][T12722]  proc_fail_nth_read+0x1af/0x230
[  651.950474][T12722]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  651.950507][T12722]  ? rw_verify_area+0xce/0x6d0
[  651.950536][T12722]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  651.950565][T12722]  vfs_read+0x1e4/0xb30
[  651.950601][T12722]  ? __pfx_vfs_read+0x10/0x10
[  651.950635][T12722]  ? __fget_files+0x215/0x3d0
[  651.950663][T12722]  ? __fget_files+0x21f/0x3d0
[  651.950692][T12722]  ksys_read+0x12a/0x250
[  651.950710][T12722]  ? __pfx_ksys_read+0x10/0x10
[  651.950738][T12722]  do_syscall_64+0x106/0xf80
[  651.950767][T12722]  ? clear_bhb_loop+0x40/0x90
[  651.950794][T12722]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  651.950817][T12722] RIP: 0033:0x7f5fc9f5cfce
[  651.950835][T12722] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  651.950855][T12722] RSP: 002b:00007f5fcadd1fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  651.950875][T12722] RAX: ffffffffffffffda RBX: 00007f5fcadd26c0 RCX: 00007f5fc9f5cfce
[  651.950888][T12722] RDX: 000000000000000f RSI: 00007f5fcadd20a0 RDI: 0000000000000006
[  651.950902][T12722] RBP: 00007f5fcadd2090 R08: 0000000000000000 R09: 0000000000000000
[  651.950914][T12722] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  651.950927][T12722] R13: 00007f5fca216038 R14: 00007f5fca215fa0 R15: 00007ffce7ce3038
[  651.950959][T12722]  </TASK>
[  652.288609][T12732] tmpfs: Bad value for 'mpol'
[  652.417359][T12738] binder: 12735:12738 ioctl c0306201 2000000004c0 returned -14
[  652.448157][T12738] binder_alloc: 12735: binder_alloc_buf, no vma
[  653.592483][   T30] audit: type=1400 audit(2000000353.212:1049): avc:  denied  { create } for  pid=12749 comm="syz.4.1763" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  653.827156][T12752] nbd: must specify at least one socket
[  654.948068][T12760] netlink: 'syz.1.1766': attribute type 1 has an invalid length.
[  655.033651][   T30] audit: type=1400 audit(2000000354.652:1050): avc:  denied  { write } for  pid=12764 comm="syz.0.1767" path="socket:[42503]" dev="sockfs" ino=42503 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  655.123149][T12760] 8021q: adding VLAN 0 to HW filter on device bond4
[  655.153302][T12760] bond3: (slave bond4): making interface the new active one
[  655.164377][T12760] bond3: (slave bond4): Enslaving as an active interface with an up link
[  655.181042][T12773] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1769'.
[  655.350451][T12760] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1766'.
[  655.352772][T12779] overlayfs: failed lookup in lower (newroot/353, name='file0', err=-40): overlapping layers
[  655.481456][T12770] bond3: (slave gretap1): Enslaving as a backup interface with an up link
[  655.491973][ T5808] Bluetooth: hci4: unexpected event for opcode 0x0c7b
[  655.501182][T12772] bridge1: entered promiscuous mode
[  655.513101][   T30] audit: type=1326 audit(2000000355.142:1051): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12769 comm="syz.0.1770" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29f839c799 code=0x7ffc0000
[  655.515591][T12772] overlayfs: failed lookup in lower (newroot/353, name='file0', err=-40): overlapping layers
[  655.547892][   T30] audit: type=1326 audit(2000000355.142:1052): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12769 comm="syz.0.1770" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29f839c799 code=0x7ffc0000
[  655.555330][T12760] 8021q: adding VLAN 0 to HW filter on device bond3
[  655.571646][   T30] audit: type=1326 audit(2000000355.142:1053): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12769 comm="syz.0.1770" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f29f839c799 code=0x7ffc0000
[  655.771797][   T30] audit: type=1326 audit(2000000355.142:1054): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12769 comm="syz.0.1770" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29f839c799 code=0x7ffc0000
[  655.867424][T12772] overlayfs: failed lookup in lower (newroot/353, name='file0', err=-40): overlapping layers
[  655.924359][   T30] audit: type=1326 audit(2000000355.142:1055): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12769 comm="syz.0.1770" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f29f839c799 code=0x7ffc0000
[  656.070662][   T30] audit: type=1326 audit(2000000355.262:1056): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12769 comm="syz.0.1770" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29f839c799 code=0x7ffc0000
[  656.114625][   T30] audit: type=1326 audit(2000000355.262:1057): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12769 comm="syz.0.1770" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29f839c799 code=0x7ffc0000
[  656.138541][   T30] audit: type=1326 audit(2000000355.362:1058): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12769 comm="syz.0.1770" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7f29f839c799 code=0x7ffc0000
[  656.265126][T12785] overlayfs: failed lookup in lower (newroot/353, name='file0', err=-40): overlapping layers
[  656.299921][T12785] overlayfs: failed lookup in lower (newroot/353, name='file0', err=-40): overlapping layers
[  656.333786][T12785] overlayfs: failed lookup in lower (newroot/353, name='file0', err=-40): overlapping layers
[  656.394350][T12785] overlayfs: failed lookup in lower (newroot/353, name='file0', err=-40): overlapping layers
[  656.431529][T12785] overlayfs: failed lookup in lower (newroot/353, name='file0', err=-40): overlapping layers
[  656.547691][T12785] overlayfs: failed lookup in lower (newroot/353, name='file0', err=-40): overlapping layers
[  656.954163][T12785] overlayfs: failed lookup in lower (newroot/353, name='file0', err=-40): overlapping layers
[  657.584125][ T5807] usb 1-1: new high-speed USB device number 38 using dummy_hcd
[  657.628219][T12802] overlayfs: failed to clone upperpath
[  657.754086][ T5807] usb 1-1: Using ep0 maxpacket: 16
[  657.765881][ T5807] usb 1-1: config 28 has no interfaces?
[  657.803592][ T5807] usb 1-1: string descriptor 0 read error: -71
[  657.977638][ T5807] usb 1-1: New USB device found, idVendor=0b3b, idProduct=5630, bcdDevice=a9.d9
[  658.025180][ T5807] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  658.041597][ T5807] usb 1-1: rejected 1 configuration due to insufficient available bus power
[  658.060696][ T5807] usb 1-1: no configuration chosen from 1 choice
[  658.093654][ T5807] usb 1-1: USB disconnect, device number 38
[  659.794951][   T30] kauditd_printk_skb: 17 callbacks suppressed
[  659.794969][   T30] audit: type=1400 audit(2000000359.412:1076): avc:  denied  { watch } for  pid=12822 comm="syz.2.1782" path="/354/net_prio.prioidx" dev="tmpfs" ino=1916 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  660.174079][   T30] audit: type=1400 audit(2000000359.412:1077): avc:  denied  { watch_sb watch_reads } for  pid=12822 comm="syz.2.1782" path="/354/net_prio.prioidx" dev="tmpfs" ino=1916 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  660.970224][   T30] audit: type=1400 audit(2000000360.592:1078): avc:  denied  { ioctl } for  pid=12849 comm="syz.1.1788" path="socket:[42672]" dev="sockfs" ino=42672 ioctlcmd=0x8946 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  661.046731][T12851] FAULT_INJECTION: forcing a failure.
[  661.046731][T12851] name failslab, interval 1, probability 0, space 0, times 0
[  661.059453][T12851] CPU: 1 UID: 0 PID: 12851 Comm: syz.0.1787 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  661.059488][T12851] Tainted: [L]=SOFTLOCKUP
[  661.059495][T12851] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  661.059508][T12851] Call Trace:
[  661.059515][T12851]  <TASK>
[  661.059522][T12851]  dump_stack_lvl+0x100/0x190
[  661.059564][T12851]  should_fail_ex.cold+0x5/0xa
[  661.059594][T12851]  should_failslab+0xc2/0x120
[  661.059617][T12851]  __kmalloc_cache_node_noprof+0x7d/0x770
[  661.059652][T12851]  ? __get_vm_area_node+0x101/0x330
[  661.059675][T12851]  ? finish_task_switch.isra.0+0x205/0xb80
[  661.059712][T12851]  __get_vm_area_node+0x101/0x330
[  661.059742][T12851]  __vmalloc_node_range_noprof+0x213/0x1530
[  661.059770][T12851]  ? bpf_prog_alloc_no_stats+0x59/0x630
[  661.059809][T12851]  ? bpf_prog_alloc_no_stats+0x59/0x630
[  661.059839][T12851]  ? __pfx___schedule+0x10/0x10
[  661.059875][T12851]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  661.059902][T12851]  ? irqentry_exit+0x180/0x670
[  661.059932][T12851]  ? lockdep_hardirqs_on+0x78/0x100
[  661.059963][T12851]  ? irqentry_exit+0x180/0x670
[  661.060002][T12851]  ? bpf_prog_alloc_no_stats+0x59/0x630
[  661.060032][T12851]  __vmalloc_node_noprof+0xad/0xf0
[  661.060059][T12851]  ? bpf_prog_alloc_no_stats+0x59/0x630
[  661.060093][T12851]  __vmalloc_noprof+0xa3/0x120
[  661.060118][T12851]  ? __pfx___vmalloc_noprof+0x10/0x10
[  661.060147][T12851]  ? rcu_is_watching+0x12/0xc0
[  661.060174][T12851]  ? cap_capable+0x107/0x460
[  661.060203][T12851]  bpf_prog_alloc_no_stats+0x59/0x630
[  661.060232][T12851]  ? security_capable+0x80/0x260
[  661.060260][T12851]  bpf_prog_alloc+0x3b/0x200
[  661.060288][T12851]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  661.060321][T12851]  bpf_prog_load+0x494/0x2c20
[  661.060349][T12851]  ? avc_has_perm_noaudit+0x11e/0x3b0
[  661.060373][T12851]  ? __pfx_bpf_prog_load+0x10/0x10
[  661.060404][T12851]  ? avc_has_perm_noaudit+0x145/0x3b0
[  661.060431][T12851]  ? avc_has_perm+0x135/0x1e0
[  661.060467][T12851]  ? selinux_bpf+0xfb/0x150
[  661.060496][T12851]  __sys_bpf+0x223a/0x4b90
[  661.060524][T12851]  ? __pfx___sys_bpf+0x10/0x10
[  661.060546][T12851]  ? proc_fail_nth_write+0x9f/0x220
[  661.060578][T12851]  ? find_held_lock+0x2b/0x80
[  661.060612][T12851]  ? find_held_lock+0x2b/0x80
[  661.060640][T12851]  ? ksys_write+0x190/0x250
[  661.060666][T12851]  ? __mutex_unlock_slowpath+0x15c/0x790
[  661.060700][T12851]  ? __fget_files+0x215/0x3d0
[  661.060739][T12851]  ? fput+0x79/0x100
[  661.060765][T12851]  ? ksys_write+0x1ac/0x250
[  661.060785][T12851]  ? __pfx_ksys_write+0x10/0x10
[  661.060811][T12851]  __x64_sys_bpf+0x7b/0xc0
[  661.060835][T12851]  ? lockdep_hardirqs_on+0x78/0x100
[  661.060866][T12851]  do_syscall_64+0x106/0xf80
[  661.060897][T12851]  ? clear_bhb_loop+0x40/0x90
[  661.060924][T12851]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  661.060946][T12851] RIP: 0033:0x7f29f839c799
[  661.060965][T12851] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  661.060985][T12851] RSP: 002b:00007f29f91db028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  661.061006][T12851] RAX: ffffffffffffffda RBX: 00007f29f8616180 RCX: 00007f29f839c799
[  661.061021][T12851] RDX: 000000000000006d RSI: 00002000000000c0 RDI: 0000000000000005
[  661.061034][T12851] RBP: 00007f29f91db090 R08: 0000000000000000 R09: 0000000000000000
[  661.061047][T12851] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  661.061061][T12851] R13: 00007f29f8616218 R14: 00007f29f8616180 R15: 00007fffc57d9588
[  661.061092][T12851]  </TASK>
[  661.061426][T12851] syz.0.1787: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1
[  661.427687][T12851] CPU: 1 UID: 0 PID: 12851 Comm: syz.0.1787 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  661.427719][T12851] Tainted: [L]=SOFTLOCKUP
[  661.427726][T12851] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  661.427738][T12851] Call Trace:
[  661.427745][T12851]  <TASK>
[  661.427753][T12851]  dump_stack_lvl+0x100/0x190
[  661.427792][T12851]  warn_alloc.cold+0x95/0x1c1
[  661.427826][T12851]  ? __pfx_warn_alloc+0x10/0x10
[  661.427843][T12851]  ? lockdep_hardirqs_on+0x78/0x100
[  661.427860][T12851]  ? irqentry_exit+0x180/0x670
[  661.427886][T12851]  __vmalloc_node_range_noprof+0xbf4/0x1530
[  661.427905][T12851]  ? bpf_prog_alloc_no_stats+0x59/0x630
[  661.427922][T12851]  ? __pfx___schedule+0x10/0x10
[  661.427940][T12851]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  661.427954][T12851]  ? irqentry_exit+0x180/0x670
[  661.427970][T12851]  ? lockdep_hardirqs_on+0x78/0x100
[  661.427986][T12851]  ? irqentry_exit+0x180/0x670
[  661.428007][T12851]  ? bpf_prog_alloc_no_stats+0x59/0x630
[  661.428023][T12851]  __vmalloc_node_noprof+0xad/0xf0
[  661.428037][T12851]  ? bpf_prog_alloc_no_stats+0x59/0x630
[  661.428054][T12851]  __vmalloc_noprof+0xa3/0x120
[  661.428068][T12851]  ? __pfx___vmalloc_noprof+0x10/0x10
[  661.428083][T12851]  ? rcu_is_watching+0x12/0xc0
[  661.428098][T12851]  ? cap_capable+0x107/0x460
[  661.428113][T12851]  bpf_prog_alloc_no_stats+0x59/0x630
[  661.428128][T12851]  ? security_capable+0x80/0x260
[  661.428143][T12851]  bpf_prog_alloc+0x3b/0x200
[  661.428158][T12851]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  661.428176][T12851]  bpf_prog_load+0x494/0x2c20
[  661.428190][T12851]  ? avc_has_perm_noaudit+0x11e/0x3b0
[  661.428203][T12851]  ? __pfx_bpf_prog_load+0x10/0x10
[  661.428216][T12851]  ? avc_has_perm_noaudit+0x145/0x3b0
[  661.428230][T12851]  ? avc_has_perm+0x135/0x1e0
[  661.428249][T12851]  ? selinux_bpf+0xfb/0x150
[  661.428264][T12851]  __sys_bpf+0x223a/0x4b90
[  661.428278][T12851]  ? __pfx___sys_bpf+0x10/0x10
[  661.428290][T12851]  ? proc_fail_nth_write+0x9f/0x220
[  661.428307][T12851]  ? find_held_lock+0x2b/0x80
[  661.428326][T12851]  ? find_held_lock+0x2b/0x80
[  661.428340][T12851]  ? ksys_write+0x190/0x250
[  661.428354][T12851]  ? __mutex_unlock_slowpath+0x15c/0x790
[  661.428378][T12851]  ? __fget_files+0x215/0x3d0
[  661.428399][T12851]  ? fput+0x79/0x100
[  661.428413][T12851]  ? ksys_write+0x1ac/0x250
[  661.428423][T12851]  ? __pfx_ksys_write+0x10/0x10
[  661.428436][T12851]  __x64_sys_bpf+0x7b/0xc0
[  661.428449][T12851]  ? lockdep_hardirqs_on+0x78/0x100
[  661.428465][T12851]  do_syscall_64+0x106/0xf80
[  661.428482][T12851]  ? clear_bhb_loop+0x40/0x90
[  661.428496][T12851]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  661.428509][T12851] RIP: 0033:0x7f29f839c799
[  661.428519][T12851] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  661.428531][T12851] RSP: 002b:00007f29f91db028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  661.428543][T12851] RAX: ffffffffffffffda RBX: 00007f29f8616180 RCX: 00007f29f839c799
[  661.428551][T12851] RDX: 000000000000006d RSI: 00002000000000c0 RDI: 0000000000000005
[  661.428558][T12851] RBP: 00007f29f91db090 R08: 0000000000000000 R09: 0000000000000000
[  661.428564][T12851] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  661.428571][T12851] R13: 00007f29f8616218 R14: 00007f29f8616180 R15: 00007fffc57d9588
[  661.428587][T12851]  </TASK>
[  661.428602][T12851] Mem-Info:
[  661.763348][T12851] active_anon:16138 inactive_anon:0 isolated_anon:0
[  661.763348][T12851]  active_file:26097 inactive_file:40936 isolated_file:0
[  661.763348][T12851]  unevictable:768 dirty:288 writeback:0
[  661.763348][T12851]  slab_reclaimable:12927 slab_unreclaimable:99421
[  661.763348][T12851]  mapped:38571 shmem:7077 pagetables:1345
[  661.763348][T12851]  sec_pagetables:0 bounce:0
[  661.763348][T12851]  kernel_misc_reclaimable:0
[  661.763348][T12851]  free:1272086 free_pcp:18408 free_cma:0
[  661.764509][   T30] audit: type=1400 audit(2000000360.932:1079): avc:  denied  { write } for  pid=12849 comm="syz.1.1788" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  661.809001][T12851] Node 0 active_anon:64612kB inactive_anon:0kB active_file:104352kB inactive_file:163544kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:154232kB dirty:1148kB writeback:0kB shmem:26852kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12384kB pagetables:5308kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  661.860690][T12851] Node 1 active_anon:0kB inactive_anon:0kB active_file:36kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:36kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:32kB pagetables:136kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  661.890710][T12851] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  661.920555][T12851] lowmem_reserve[]: 0 2477 2478 2478 2478
[  661.926312][T12851] Node 0 DMA32 free:1136908kB boost:0kB min:34056kB low:42568kB high:51080kB reserved_highatomic:0KB free_highatomic:0KB active_anon:64612kB inactive_anon:0kB active_file:104352kB inactive_file:163544kB unevictable:1536kB writepending:1148kB zspages:0kB present:3129332kB managed:2537088kB mlocked:0kB bounce:0kB free_pcp:71372kB local_pcp:12040kB free_cma:0kB
[  661.960181][T12851] lowmem_reserve[]: 0 0 1 1 1
[  661.964908][T12851] Node 0 Normal free:0kB boost:0kB min:12kB low:12kB high:12kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1044kB mlocked:0kB bounce:0kB free_pcp:4kB local_pcp:4kB free_cma:0kB
[  661.994482][T12851] lowmem_reserve[]: 0 0 0 0 0
[  661.999381][T12851] Node 1 Normal free:3936044kB boost:0kB min:55832kB low:69788kB high:83744kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:36kB inactive_file:200kB unevictable:1536kB writepending:4kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:2256kB local_pcp:0kB free_cma:0kB
[  662.031360][T12851] lowmem_reserve[]: 0 0 0 0 0
[  662.036114][T12851] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  662.048747][T12851] Node 0 DMA32: 1537*4kB (UME) 3041*8kB (UM) 1676*16kB (UME) 1080*32kB (UME) 165*64kB (UME) 82*128kB (UME) 124*256kB (UM) 78*512kB (UME) 46*1024kB (UM) 14*2048kB (ME) 214*4096kB (UM) = 1136908kB
[  662.068127][T12851] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  662.079582][T12851] Node 1 Normal: 3*4kB (UM) 2*8kB (UM) 1*16kB (U) 2*32kB (UM) 1*64kB (M) 1*128kB (M) 4*256kB (U) 3*512kB (UM) 3*1024kB (UM) 1*2048kB (U) 959*4096kB (M) = 3936044kB
[  662.096091][T12851] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  662.105649][T12851] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  662.114943][T12851] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  662.124493][T12851] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  662.133855][T12851] 74126 total pagecache pages
[  662.138580][T12851] 0 pages in swap cache
[  662.142716][T12851] Free swap  = 124996kB
[  662.146891][T12851] Total swap = 124996kB
[  662.151027][T12851] 2097051 pages RAM
[  662.154843][T12851] 0 pages HighMem/MovableOnly
[  662.159487][T12851] 430903 pages reserved
[  662.163847][T12851] 0 pages cma reserved
[  662.305668][T12854] nbd: must specify at least one socket
[  662.479403][T12861] FAULT_INJECTION: forcing a failure.
[  662.479403][T12861] name failslab, interval 1, probability 0, space 0, times 0
[  662.492135][T12861] CPU: 1 UID: 0 PID: 12861 Comm: syz.3.1791 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  662.492158][T12861] Tainted: [L]=SOFTLOCKUP
[  662.492162][T12861] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  662.492170][T12861] Call Trace:
[  662.492175][T12861]  <TASK>
[  662.492180][T12861]  dump_stack_lvl+0x100/0x190
[  662.492210][T12861]  should_fail_ex.cold+0x5/0xa
[  662.492226][T12861]  ? bpf_test_init.isra.0+0x88/0x100
[  662.492240][T12861]  should_failslab+0xc2/0x120
[  662.492254][T12861]  __kmalloc_noprof+0xe0/0x850
[  662.492271][T12861]  ? __lock_acquire+0x4a5/0x2630
[  662.492285][T12861]  bpf_test_init.isra.0+0x88/0x100
[  662.492302][T12861]  bpf_prog_test_run_xdp+0x57e/0x1670
[  662.492324][T12861]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  662.492345][T12861]  ? fput+0x79/0x100
[  662.492359][T12861]  ? __bpf_prog_get+0x97/0x2a0
[  662.492376][T12861]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  662.492392][T12861]  __sys_bpf+0x1725/0x4b90
[  662.492408][T12861]  ? __pfx___sys_bpf+0x10/0x10
[  662.492419][T12861]  ? proc_fail_nth_write+0x9f/0x220
[  662.492441][T12861]  ? find_held_lock+0x2b/0x80
[  662.492460][T12861]  ? find_held_lock+0x2b/0x80
[  662.492474][T12861]  ? ksys_write+0x190/0x250
[  662.492489][T12861]  ? __mutex_unlock_slowpath+0x15c/0x790
[  662.492508][T12861]  ? __fget_files+0x215/0x3d0
[  662.492529][T12861]  ? fput+0x79/0x100
[  662.492543][T12861]  ? ksys_write+0x1ac/0x250
[  662.492553][T12861]  ? __pfx_ksys_write+0x10/0x10
[  662.492566][T12861]  __x64_sys_bpf+0x7b/0xc0
[  662.492579][T12861]  ? lockdep_hardirqs_on+0x78/0x100
[  662.492596][T12861]  do_syscall_64+0x106/0xf80
[  662.492612][T12861]  ? clear_bhb_loop+0x40/0x90
[  662.492627][T12861]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  662.492639][T12861] RIP: 0033:0x7f57a379c799
[  662.492650][T12861] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  662.492662][T12861] RSP: 002b:00007f57a45e6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  662.492673][T12861] RAX: ffffffffffffffda RBX: 00007f57a3a15fa0 RCX: 00007f57a379c799
[  662.492681][T12861] RDX: 0000000000000050 RSI: 0000200000000280 RDI: 000000000000000a
[  662.492688][T12861] RBP: 00007f57a45e6090 R08: 0000000000000000 R09: 0000000000000000
[  662.492695][T12861] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  662.492701][T12861] R13: 00007f57a3a16038 R14: 00007f57a3a15fa0 R15: 00007ffc9d7838c8
[  662.492717][T12861]  </TASK>
[  663.040577][   T30] audit: type=1400 audit(2000000362.662:1080): avc:  denied  { append } for  pid=12863 comm="syz.4.1793" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  663.995760][ T5875] usb 1-1: new high-speed USB device number 39 using dummy_hcd
[  664.046519][T12878] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1796'.
[  664.384090][ T5875] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  664.393167][ T5875] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  664.426090][ T5875] usb 1-1: config 0 descriptor??
[  664.455461][ T5875] cp210x 1-1:0.0: cp210x converter detected
[  664.614784][T12891] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1802'.
[  664.631598][T12891] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1802'.
[  664.640739][T12891] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1802'.
[  666.568613][T12902] binder: 12897:12902 ioctl c0306201 2000000004c0 returned -14
[  666.950360][ T5875] cp210x 1-1:0.0: failed to get vendor val 0x370b size 1: -71
[  666.962034][ T5875] cp210x 1-1:0.0: querying part number failed
[  666.988330][ T5875] usb 1-1: cp210x converter now attached to ttyUSB0
[  667.011156][ T5875] usb 1-1: USB disconnect, device number 39
[  667.174951][T12909] 9p: Bad value for 'rfdno'
[  667.196344][   T30] audit: type=1400 audit(2000000366.802:1081): avc:  denied  { mounton } for  pid=12905 comm="syz.1.1807" path="/351/file0" dev="tmpfs" ino=1903 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=fifo_file permissive=1
[  667.249007][ T5875] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  667.258813][ T5875] cp210x 1-1:0.0: device disconnected
[  667.504392][T10164] usb 4-1: new high-speed USB device number 46 using dummy_hcd
[  667.684204][T10164] usb 4-1: Using ep0 maxpacket: 32
[  667.691199][T10164] usb 4-1: config 10 has an invalid interface number: 251 but max is 0
[  667.705244][T10164] usb 4-1: config 10 has no interface number 0
[  667.712120][T10164] usb 4-1: config 10 interface 251 has no altsetting 0
[  667.746423][T10164] usb 4-1: New USB device found, idVendor=052b, idProduct=1803, bcdDevice= 5.ff
[  667.771896][T10164] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  667.800826][T10164] usb 4-1: Product: syz
[  667.811175][T10164] usb 4-1: Manufacturer: syz
[  667.819899][ T5808] Bluetooth: hci2: unexpected event for opcode 0x2010
[  667.820357][T10164] usb 4-1: SerialNumber: syz
[  668.624074][ T5875] usb 1-1: new high-speed USB device number 40 using dummy_hcd
[  668.814268][ T5875] usb 1-1: Using ep0 maxpacket: 16
[  668.823096][ T5875] usb 1-1: config 0 has an invalid interface number: 105 but max is 0
[  668.873367][ T5875] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  669.311888][T10164] gspca_main: sunplus-2.14.0 probing 052b:1803
[  669.319450][ T5875] usb 1-1: config 0 has no interface number 0
[  669.331475][   T63] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  669.349607][ T5875] usb 1-1: New USB device found, idVendor=046d, idProduct=08d3, bcdDevice= b.17
[  669.361706][T10164] gspca_sunplus: reg_r err -71
[  669.374567][ T5875] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  669.383303][T10164] sunplus 4-1:10.251: probe with driver sunplus failed with error -71
[  669.393109][ T5875] usb 1-1: Product: syz
[  669.435481][T10164] usb 4-1: USB disconnect, device number 46
[  669.441897][ T5875] usb 1-1: Manufacturer: syz
[  669.474246][ T5875] usb 1-1: SerialNumber: syz
[  669.508503][ T5875] usb 1-1: config 0 descriptor??
[  669.671150][ T5875] uvcvideo 1-1:0.105: Found UVC 0.00 device syz (046d:08d3)
[  669.679268][ T5875] uvcvideo 1-1:0.105: No valid video chain found.
[  670.473783][T12945] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  670.541247][T10164] usb 2-1: new high-speed USB device number 48 using dummy_hcd
[  671.005349][T10164] usb 2-1: Using ep0 maxpacket: 16
[  671.020527][T10164] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  671.038667][T10164] usb 2-1: config 0 has no interface number 0
[  671.047161][T10164] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  671.064749][T10164] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  672.052163][ T5875] usb 1-1: USB disconnect, device number 40
[  672.084351][T10164] usb 2-1: New USB device found, idVendor=04d9, idProduct=a081, bcdDevice= 0.00
[  672.093420][T10164] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  672.110354][T12950] overlayfs: invalid origin (0000)
[  672.462516][T10164] usb 2-1: config 0 descriptor??
[  672.498218][T12954] sch_tbf: burst 555 is lower than device syzkaller0 mtu (1514) !
[  672.664895][   T30] audit: type=1400 audit(2000000372.292:1082): avc:  denied  { ioctl } for  pid=12953 comm="syz.0.1820" path="socket:[44221]" dev="sockfs" ino=44221 ioctlcmd=0x8914 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  672.684365][T12954] syzkaller0: entered promiscuous mode
[  673.156122][T12954] syzkaller0: entered allmulticast mode
[  673.768144][T12977] input: syz0 as /devices/virtual/input/input62
[  673.828882][T12977] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=512 sclass=netlink_route_socket pid=12977 comm=syz.3.1824
[  673.866020][   T30] audit: type=1400 audit(2000000373.452:1083): avc:  denied  { create } for  pid=12974 comm="syz.4.1825" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  674.394433][   T30] audit: type=1400 audit(2000000373.522:1084): avc:  denied  { ioctl } for  pid=12974 comm="syz.4.1825" path="socket:[43387]" dev="sockfs" ino=43387 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  676.334629][T10164] usb 2-1: can't set config #0, error -71
[  676.393827][T10164] usb 2-1: USB disconnect, device number 48
[  677.564698][T10164] usb 4-1: new high-speed USB device number 47 using dummy_hcd
[  677.781340][T10164] usb 4-1: Using ep0 maxpacket: 8
[  677.950575][T10164] usb 4-1: New USB device found, idVendor=0fe9, idProduct=db01, bcdDevice=e9.9b
[  677.962139][T10164] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  677.973306][T10164] usb 4-1: Product: syz
[  677.977601][T10164] usb 4-1: Manufacturer: syz
[  677.982516][T10164] usb 4-1: SerialNumber: syz
[  677.988690][T10164] usb 4-1: config 0 descriptor??
[  678.010201][T13013] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1834'.
[  678.023914][T10164] dvb-usb: found a 'DViCO FusionHDTV DVB-T USB (LGZ201)' in warm state.
[  678.039621][T10164] dvb-usb: bulk message failed: -22 (2/0)
[  678.075653][T10164] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  678.247381][T13016] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1835'.
[  678.414609][T10164] dvbdev: DVB: registering new adapter (DViCO FusionHDTV DVB-T USB (LGZ201))
[  678.481288][T10164] usb 4-1: media controller created
[  678.534952][T10164] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  678.562693][T13022] netlink: 'syz.2.1838': attribute type 1 has an invalid length.
[  678.596060][T10164] dvb-usb: bulk message failed: -22 (1/0)
[  678.598727][T13022] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1838'.
[  678.679620][T10164] DVB: Unable to find symbol mt352_attach()
[  678.685977][T10164] dvb-usb: no frontend was attached by 'DViCO FusionHDTV DVB-T USB (LGZ201)'
[  678.764110][T10164] rc_core: IR keymap rc-dvico-portable not found
[  678.776440][T10164] Registered IR keymap rc-empty
[  678.787433][T10164] rc rc0: DViCO FusionHDTV DVB-T USB (LGZ201) as /devices/platform/dummy_hcd.3/usb4/4-1/rc/rc0
[  678.815782][T10164] input: DViCO FusionHDTV DVB-T USB (LGZ201) as /devices/platform/dummy_hcd.3/usb4/4-1/rc/rc0/input63
[  678.835325][T10164] dvb-usb: schedule remote query interval to 100 msecs.
[  678.846159][T10164] dvb-usb: DViCO FusionHDTV DVB-T USB (LGZ201) successfully initialized and connected.
[  678.883203][T10164] usb 4-1: USB disconnect, device number 47
[  678.951535][T10164] dvb-usb: DViCO FusionHDTV DVB-T USB (LGZ201) successfully deinitialized and disconnected.
[  679.079792][T13038] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1841'.
[  680.180962][T13052] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1846'.
[  680.465504][   T30] audit: type=1400 audit(2000000380.072:1085): avc:  denied  { write } for  pid=13056 comm="syz.4.1847" path="socket:[43520]" dev="sockfs" ino=43520 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  680.503053][   T30] audit: type=1400 audit(2000000380.122:1086): avc:  denied  { mounton } for  pid=13056 comm="syz.4.1847" path="/syzcgroup/unified/syz4" dev="cgroup2" ino=158 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1
[  680.527654][T13060] overlayfs: workdir and upperdir must be separate subtrees
[  680.565423][   T30] audit: type=1400 audit(2000000380.122:1087): avc:  denied  { mount } for  pid=13056 comm="syz.4.1847" name="/" dev="afs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  680.588176][T13053] lo speed is unknown, defaulting to 1000
[  682.187377][T13087] input: syz0 as /devices/virtual/input/input64
[  682.213957][T13087] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=512 sclass=netlink_route_socket pid=13087 comm=syz.1.1852
[  684.720634][T10164] usb 5-1: new high-speed USB device number 48 using dummy_hcd
[  685.260597][   T30] audit: type=1400 audit(2000000384.882:1088): avc:  denied  { getopt } for  pid=13103 comm="syz.1.1859" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  685.308160][T13106] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1858'.
[  685.625678][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[  685.637674][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[  685.715934][   T30] audit: type=1400 audit(2000000385.342:1089): avc:  denied  { write } for  pid=13095 comm="syz.3.1855" name="random" dev="devtmpfs" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1
[  685.828917][T13111] lo speed is unknown, defaulting to 1000
[  685.955415][T13119] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1863'.
[  685.964532][T13119] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1863'.
[  688.042764][T13132] openvswitch: netlink: IP tunnel TTL not specified.
[  689.294052][ T5949] usb 5-1: new high-speed USB device number 49 using dummy_hcd
[  689.460734][T13149] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=512 sclass=netlink_route_socket pid=13149 comm=syz.2.1870
[  689.484169][ T5949] usb 5-1: device descriptor read/64, error -71
[  689.734338][ T5949] usb 5-1: new high-speed USB device number 50 using dummy_hcd
[  689.904206][ T5949] usb 5-1: device descriptor read/64, error -71
[  690.038269][ T5949] usb usb5-port1: attempt power cycle
[  690.317006][T13158] lo speed is unknown, defaulting to 1000
[  690.404103][ T5949] usb 5-1: new high-speed USB device number 51 using dummy_hcd
[  690.424981][ T5949] usb 5-1: device descriptor read/8, error -71
[  690.455118][    T9] usb 1-1: new high-speed USB device number 41 using dummy_hcd
[  690.625299][    T9] usb 1-1: device descriptor read/64, error -71
[  690.682050][ T5949] usb 5-1: new high-speed USB device number 52 using dummy_hcd
[  690.725367][ T5949] usb 5-1: device descriptor read/8, error -71
[  690.864288][ T5949] usb usb5-port1: unable to enumerate USB device
[  690.876348][    T9] usb 1-1: new high-speed USB device number 42 using dummy_hcd
[  691.014070][    T9] usb 1-1: device descriptor read/64, error -71
[  691.032717][T13172] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1875'.
[  691.041912][T13172] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1875'.
[  692.291731][    T9] usb usb1-port1: attempt power cycle
[  693.392731][T13177] openvswitch: netlink: IP tunnel TTL not specified.
[  693.992141][T13185] binder: 13181:13185 ioctl c0306201 2000000004c0 returned -14
[  694.352438][   T30] audit: type=1400 audit(2000000393.972:1090): avc:  denied  { write } for  pid=13186 comm="syz.4.1880" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  694.698847][T13192] input: syz0 as /devices/virtual/input/input65
[  694.727202][T13192] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=512 sclass=netlink_route_socket pid=13192 comm=syz.1.1881
[  695.456657][T13198] overlayfs: invalid origin (0000)
[  695.841966][   T30] audit: type=1400 audit(2000000395.462:1091): avc:  denied  { read } for  pid=13200 comm="syz.0.1883" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  696.727502][T13217] ubi: mtd0 is already attached to ubi31
[  696.757448][T13205] sctp: [Deprecated]: syz.1.1884 (pid 13205) Use of struct sctp_assoc_value in delayed_ack socket option.
[  696.757448][T13205] Use struct sctp_sack_info instead
[  697.026370][T13226] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1889'.
[  697.035510][T13226] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1889'.
[  697.931710][T13228] netlink: 'syz.1.1890': attribute type 4 has an invalid length.
[  697.947946][   T30] audit: type=1400 audit(2000000397.562:1092): avc:  denied  { read } for  pid=13227 comm="syz.1.1890" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  698.491931][T13237] 
[  698.494271][T13237] ======================================================
[  698.501263][T13237] WARNING: possible circular locking dependency detected
[  698.508344][T13237] syzkaller #0 Tainted: G             L     
[  698.514291][T13237] ------------------------------------------------------
[  698.521280][T13237] syz.1.1894/13237 is trying to acquire lock:
[  698.527330][T13237] ffffffff8e9ab860 (fs_reclaim){+.+.}-{0:0}, at: kmem_cache_alloc_node_noprof+0x53/0x6f0
[  698.537145][T13237] 
[  698.537145][T13237] but task is already holding lock:
[  698.544488][T13237] ffff888055084ee0 (k-sk_lock-AF_INET){+.+.}-{0:0}, at: inet_stream_connect+0x43/0xa0
[  698.554032][T13237] 
[  698.554032][T13237] which lock already depends on the new lock.
[  698.554032][T13237] 
[  698.564409][T13237] 
[  698.564409][T13237] the existing dependency chain (in reverse order) is:
[  698.573398][T13237] 
[  698.573398][T13237] -> #7 (k-sk_lock-AF_INET){+.+.}-{0:0}:
[  698.581205][T13237]        lock_sock_nested+0x41/0xf0
[  698.586390][T13237]        mptcp_connect+0x64f/0xad0
[  698.591487][T13237]        __inet_stream_connect+0x208/0xfa0
[  698.597270][T13237]        inet_stream_connect+0x57/0xa0
[  698.602704][T13237]        __sys_connect_file+0x141/0x1a0
[  698.608239][T13237]        __sys_connect+0x141/0x170
[  698.613329][T13237]        __x64_sys_connect+0x72/0xb0
[  698.618597][T13237]        do_syscall_64+0x106/0xf80
[  698.623688][T13237]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  698.630084][T13237] 
[  698.630084][T13237] -> #6 (sk_lock-AF_INET){+.+.}-{0:0}:
[  698.637705][T13237]        lock_sock_nested+0x41/0xf0
[  698.642887][T13237]        inet_shutdown+0x67/0x410
[  698.647896][T13237]        nbd_mark_nsock_dead+0xae/0x5c0
[  698.653434][T13237]        recv_work+0x5fb/0x8c0
[  698.658208][T13237]        process_one_work+0xa23/0x19a0
[  698.663644][T13237]        worker_thread+0x5ef/0xe50
[  698.668731][T13237]        kthread+0x370/0x450
[  698.673296][T13237]        ret_from_fork+0x754/0xd80
[  698.678378][T13237]        ret_from_fork_asm+0x1a/0x30
[  698.683636][T13237] 
[  698.683636][T13237] -> #5 (&nsock->tx_lock){+.+.}-{4:4}:
[  698.691250][T13237]        __mutex_lock+0x1a2/0x1b90
[  698.696346][T13237]        nbd_queue_rq+0x428/0x1080
[  698.701518][T13237]        blk_mq_dispatch_rq_list+0x422/0x1e70
[  698.707562][T13237]        __blk_mq_sched_dispatch_requests+0xcea/0x1620
[  698.714400][T13237]        blk_mq_sched_dispatch_requests+0xd7/0x1c0
[  698.720874][T13237]        blk_mq_run_hw_queue+0x23c/0x670
[  698.726487][T13237]        blk_mq_dispatch_list+0x51d/0x1360
[  698.732269][T13237]        blk_mq_flush_plug_list+0x130/0x600
[  698.738136][T13237]        __blk_flush_plug+0x2c4/0x4b0
[  698.743486][T13237]        __submit_bio+0x584/0x6c0
[  698.748486][T13237]        submit_bio_noacct_nocheck+0x562/0xc10
[  698.754613][T13237]        submit_bio_noacct+0xd17/0x2010
[  698.760132][T13237]        submit_bh_wbc+0x59c/0x770
[  698.765217][T13237]        block_read_full_folio+0x264/0x8e0
[  698.770998][T13237]        filemap_read_folio+0xfc/0x3b0
[  698.776432][T13237]        do_read_cache_folio+0x2d7/0x6b0
[  698.782040][T13237]        read_part_sector+0xd1/0x370
[  698.787297][T13237]        adfspart_check_ICS+0x93/0x910
[  698.792745][T13237]        bdev_disk_changed+0x7f8/0xc80
[  698.798175][T13237]        blkdev_get_whole+0x187/0x290
[  698.803520][T13237]        bdev_open+0x2c7/0xe40
[  698.808257][T13237]        blkdev_open+0x34e/0x4f0
[  698.813196][T13237]        do_dentry_open+0x6d8/0x1660
[  698.818451][T13237]        vfs_open+0x82/0x3f0
[  698.823041][T13237]        path_openat+0x208c/0x31a0
[  698.828211][T13237]        do_file_open+0x20e/0x430
[  698.833206][T13237]        do_sys_openat2+0x10d/0x1e0
[  698.838378][T13237]        __x64_sys_openat+0x12d/0x210
[  698.843724][T13237]        do_syscall_64+0x106/0xf80
[  698.848809][T13237]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  698.855193][T13237] 
[  698.855193][T13237] -> #4 (&cmd->lock){+.+.}-{4:4}:
[  698.862369][T13237]        __mutex_lock+0x1a2/0x1b90
[  698.867459][T13237]        nbd_queue_rq+0xba/0x1080
[  698.872457][T13237]        blk_mq_dispatch_rq_list+0x422/0x1e70
[  698.878503][T13237]        __blk_mq_sched_dispatch_requests+0xcea/0x1620
[  698.885323][T13237]        blk_mq_sched_dispatch_requests+0xd7/0x1c0
[  698.891797][T13237]        blk_mq_run_hw_queue+0x23c/0x670
[  698.897403][T13237]        blk_mq_dispatch_list+0x51d/0x1360
[  698.903183][T13237]        blk_mq_flush_plug_list+0x130/0x600
[  698.909049][T13237]        __blk_flush_plug+0x2c4/0x4b0
[  698.914393][T13237]        __submit_bio+0x584/0x6c0
[  698.919389][T13237]        submit_bio_noacct_nocheck+0x562/0xc10
[  698.925516][T13237]        submit_bio_noacct+0xd17/0x2010
[  698.931034][T13237]        submit_bh_wbc+0x59c/0x770
[  698.936139][T13237]        block_read_full_folio+0x264/0x8e0
[  698.941920][T13237]        filemap_read_folio+0xfc/0x3b0
[  698.947353][T13237]        do_read_cache_folio+0x2d7/0x6b0
[  698.952958][T13237]        read_part_sector+0xd1/0x370
[  698.958213][T13237]        adfspart_check_ICS+0x93/0x910
[  698.963641][T13237]        bdev_disk_changed+0x7f8/0xc80
[  698.969090][T13237]        blkdev_get_whole+0x187/0x290
[  698.974432][T13237]        bdev_open+0x2c7/0xe40
[  698.979191][T13237]        blkdev_open+0x34e/0x4f0
[  698.984099][T13237]        do_dentry_open+0x6d8/0x1660
[  698.989354][T13237]        vfs_open+0x82/0x3f0
[  698.993916][T13237]        path_openat+0x208c/0x31a0
[  698.999012][T13237]        do_file_open+0x20e/0x430
[  699.004006][T13237]        do_sys_openat2+0x10d/0x1e0
[  699.009176][T13237]        __x64_sys_openat+0x12d/0x210
[  699.014523][T13237]        do_syscall_64+0x106/0xf80
[  699.019610][T13237]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  699.025997][T13237] 
[  699.025997][T13237] -> #3 (set->srcu){.+.+}-{0:0}:
[  699.033120][T13237]        __synchronize_srcu+0xa2/0x300
[  699.038553][T13237]        blk_mq_quiesce_queue+0x149/0x1c0
[  699.044245][T13237]        elevator_switch+0x17b/0x7e0
[  699.049500][T13237]        elevator_change+0x352/0x530
[  699.054762][T13237]        elevator_set_default+0x29e/0x360
[  699.060464][T13237]        blk_register_queue+0x412/0x590
[  699.065984][T13237]        __add_disk+0x73f/0xe40
[  699.070817][T13237]        add_disk_fwnode+0x118/0x5c0
[  699.076083][T13237]        nbd_dev_add+0x77a/0xb10
[  699.081009][T13237]        nbd_init+0x291/0x2b0
[  699.085661][T13237]        do_one_initcall+0x11d/0x760
[  699.090924][T13237]        kernel_init_freeable+0x6e5/0x7a0
[  699.096627][T13237]        kernel_init+0x1f/0x1e0
[  699.101453][T13237]        ret_from_fork+0x754/0xd80
[  699.106537][T13237]        ret_from_fork_asm+0x1a/0x30
[  699.111799][T13237] 
[  699.111799][T13237] -> #2 (&q->elevator_lock){+.+.}-{4:4}:
[  699.119588][T13237]        __mutex_lock+0x1a2/0x1b90
[  699.124685][T13237]        elevator_change+0x1bc/0x530
[  699.129969][T13237]        elevator_set_none+0x92/0xf0
[  699.135235][T13237]        blk_mq_update_nr_hw_queues+0x4c1/0x15f0
[  699.141546][T13237]        nbd_start_device+0x1a6/0xbd0
[  699.146897][T13237]        nbd_genl_connect+0xff2/0x1a40
[  699.152337][T13237]        genl_family_rcv_msg_doit+0x214/0x300
[  699.158470][T13237]        genl_rcv_msg+0x560/0x800
[  699.163475][T13237]        netlink_rcv_skb+0x159/0x420
[  699.168747][T13237]        genl_rcv+0x28/0x40
[  699.173227][T13237]        netlink_unicast+0x5aa/0x870
[  699.178494][T13237]        netlink_sendmsg+0x8b0/0xda0
[  699.183760][T13237]        ____sys_sendmsg+0x9e1/0xb70
[  699.189021][T13237]        ___sys_sendmsg+0x190/0x1e0
[  699.194202][T13237]        __sys_sendmsg+0x170/0x220
[  699.199313][T13237]        do_syscall_64+0x106/0xf80
[  699.204422][T13237]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  699.210830][T13237] 
[  699.210830][T13237] -> #1 (&q->q_usage_counter(io)#50){++++}-{0:0}:
[  699.219435][T13237]        blk_alloc_queue+0x610/0x790
[  699.224714][T13237]        blk_mq_alloc_queue+0x174/0x290
[  699.230254][T13237]        __blk_mq_alloc_disk+0x29/0x120
[  699.235792][T13237]        nbd_dev_add+0x492/0xb10
[  699.240729][T13237]        nbd_init+0x291/0x2b0
[  699.245401][T13237]        do_one_initcall+0x11d/0x760
[  699.250687][T13237]        kernel_init_freeable+0x6e5/0x7a0
[  699.256404][T13237]        kernel_init+0x1f/0x1e0
[  699.261254][T13237]        ret_from_fork+0x754/0xd80
[  699.266362][T13237]        ret_from_fork_asm+0x1a/0x30
[  699.271640][T13237] 
[  699.271640][T13237] -> #0 (fs_reclaim){+.+.}-{0:0}:
[  699.278837][T13237]        __lock_acquire+0x14b8/0x2630
[  699.284196][T13237]        lock_acquire+0x1cf/0x380
[  699.289203][T13237]        fs_reclaim_acquire+0xc4/0x100
[  699.294649][T13237]        kmem_cache_alloc_node_noprof+0x53/0x6f0
[  699.300970][T13237]        __alloc_skb+0x140/0x710
[  699.305898][T13237]        tcp_stream_alloc_skb+0x34/0x660
[  699.311516][T13237]        tcp_connect+0xe8c/0x5630
[  699.316530][T13237]        tcp_v4_connect+0x1603/0x1b40
[  699.321888][T13237]        __inet_stream_connect+0x208/0xfa0
[  699.327680][T13237]        inet_stream_connect+0x57/0xa0
[  699.333123][T13237]        p9_fd_create_tcp+0x379/0x4d0
[  699.338482][T13237]        p9_client_create+0x563/0xd40
[  699.343853][T13237]        v9fs_session_init+0x40/0xce0
[  699.349221][T13237]        v9fs_get_tree+0xb8/0xb50
[  699.354230][T13237]        vfs_get_tree+0x92/0x320
[  699.359163][T13237]        path_mount+0x7d0/0x23d0
[  699.364093][T13237]        __x64_sys_mount+0x293/0x310
[  699.369371][T13237]        do_syscall_64+0x106/0xf80
[  699.374479][T13237]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  699.380890][T13237] 
[  699.380890][T13237] other info that might help us debug this:
[  699.380890][T13237] 
[  699.391096][T13237] Chain exists of:
[  699.391096][T13237]   fs_reclaim --> sk_lock-AF_INET --> k-sk_lock-AF_INET
[  699.391096][T13237] 
[  699.403860][T13237]  Possible unsafe locking scenario:
[  699.403860][T13237] 
[  699.411284][T13237]        CPU0                    CPU1
[  699.416626][T13237]        ----                    ----
[  699.421970][T13237]   lock(k-sk_lock-AF_INET);
[  699.426543][T13237]                                lock(sk_lock-AF_INET);
[  699.433462][T13237]                                lock(k-sk_lock-AF_INET);
[  699.440557][T13237]   lock(fs_reclaim);
[  699.444537][T13237] 
[  699.444537][T13237]  *** DEADLOCK ***
[  699.444537][T13237] 
[  699.452655][T13237] 1 lock held by syz.1.1894/13237:
[  699.457743][T13237]  #0: ffff888055084ee0 (k-sk_lock-AF_INET){+.+.}-{0:0}, at: inet_stream_connect+0x43/0xa0
[  699.467748][T13237] 
[  699.467748][T13237] stack backtrace:
[  699.473620][T13237] CPU: 0 UID: 0 PID: 13237 Comm: syz.1.1894 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  699.473650][T13237] Tainted: [L]=SOFTLOCKUP
[  699.473658][T13237] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  699.473671][T13237] Call Trace:
[  699.473680][T13237]  <TASK>
[  699.473689][T13237]  dump_stack_lvl+0x100/0x190
[  699.473724][T13237]  print_circular_bug.cold+0x178/0x1c7
[  699.473759][T13237]  check_noncircular+0x146/0x160
[  699.473796][T13237]  __lock_acquire+0x14b8/0x2630
[  699.473819][T13237]  ? ipv4_dst_check+0x1a8/0x3b0
[  699.473841][T13237]  lock_acquire+0x1cf/0x380
[  699.473860][T13237]  ? kmem_cache_alloc_node_noprof+0x53/0x6f0
[  699.473894][T13237]  ? __lock_acquire+0x4a5/0x2630
[  699.473916][T13237]  fs_reclaim_acquire+0xc4/0x100
[  699.473938][T13237]  ? kmem_cache_alloc_node_noprof+0x53/0x6f0
[  699.473970][T13237]  kmem_cache_alloc_node_noprof+0x53/0x6f0
[  699.474002][T13237]  ? __alloc_skb+0x140/0x710
[  699.474030][T13237]  __alloc_skb+0x140/0x710
[  699.474056][T13237]  ? __pfx___alloc_skb+0x10/0x10
[  699.474085][T13237]  tcp_stream_alloc_skb+0x34/0x660
[  699.474109][T13237]  tcp_connect+0xe8c/0x5630
[  699.474140][T13237]  ? __pfx_tcp_connect+0x10/0x10
[  699.474163][T13237]  ? get_random_u16+0x583/0x7d0
[  699.474183][T13237]  ? tcp_fastopen_cookie_check+0x3ba/0x450
[  699.474222][T13237]  tcp_v4_connect+0x1603/0x1b40
[  699.474247][T13237]  ? __pfx_tcp_v4_connect+0x10/0x10
[  699.474268][T13237]  ? __lock_acquire+0x4a5/0x2630
[  699.474290][T13237]  __inet_stream_connect+0x208/0xfa0
[  699.474315][T13237]  ? __pfx___inet_stream_connect+0x10/0x10
[  699.474337][T13237]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  699.474365][T13237]  ? __local_bh_enable_ip+0x9e/0x120
[  699.474394][T13237]  inet_stream_connect+0x57/0xa0
[  699.474416][T13237]  p9_fd_create_tcp+0x379/0x4d0
[  699.474442][T13237]  ? __pfx_p9_fd_create_tcp+0x10/0x10
[  699.474474][T13237]  ? lockdep_init_map_type+0x5c/0x250
[  699.474503][T13237]  p9_client_create+0x563/0xd40
[  699.474536][T13237]  ? __pfx_p9_client_create+0x10/0x10
[  699.474570][T13237]  ? lockdep_init_map_type+0x5c/0x250
[  699.474592][T13237]  ? __raw_spin_lock_init+0x3a/0x110
[  699.474618][T13237]  v9fs_session_init+0x40/0xce0
[  699.474651][T13237]  ? kasan_save_track+0x14/0x30
[  699.474684][T13237]  v9fs_get_tree+0xb8/0xb50
[  699.474706][T13237]  ? rcu_is_watching+0x12/0xc0
[  699.474732][T13237]  ? __pfx_v9fs_get_tree+0x10/0x10
[  699.474755][T13237]  ? bpf_lsm_capable+0x9/0x10
[  699.474777][T13237]  ? security_capable+0x80/0x260
[  699.474802][T13237]  vfs_get_tree+0x92/0x320
[  699.474832][T13237]  path_mount+0x7d0/0x23d0
[  699.474862][T13237]  ? __pfx_path_mount+0x10/0x10
[  699.474887][T13237]  ? lockdep_hardirqs_on+0x78/0x100
[  699.474919][T13237]  ? putname+0xb1/0x110
[  699.474941][T13237]  ? kmem_cache_free+0x124/0x6a0
[  699.474973][T13237]  ? __x64_sys_mount+0x293/0x310
[  699.474999][T13237]  __x64_sys_mount+0x293/0x310
[  699.475026][T13237]  ? __pfx___x64_sys_mount+0x10/0x10
[  699.475057][T13237]  do_syscall_64+0x106/0xf80
[  699.475087][T13237]  ? clear_bhb_loop+0x40/0x90
[  699.475112][T13237]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  699.475134][T13237] RIP: 0033:0x7f189b99c799
[  699.475151][T13237] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  699.475173][T13237] RSP: 002b:00007f189c77a028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  699.475193][T13237] RAX: ffffffffffffffda RBX: 00007f189bc15fa0 RCX: 00007f189b99c799
[  699.475208][T13237] RDX: 00002000000006c0 RSI: 0000200000000680 RDI: 0000200000000640
[  699.475222][T13237] RBP: 00007f189ba32c99 R08: 0000200000000080 R09: 0000000000000000
[  699.475236][T13237] R10: 0000000000008010 R11: 0000000000000246 R12: 0000000000000000
[  699.475249][T13237] R13: 00007f189bc16038 R14: 00007f189bc15fa0 R15: 00007ffe7721efa8
[  699.475270][T13237]  </TASK>
[  699.484024][   T30] audit: type=1400 audit(2000000398.112:1093): avc:  denied  { bind } for  pid=13236 comm="syz.1.1894" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  702.508615][   T36] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)