last executing test programs:

9.964933526s ago: executing program 0 (id=1831):
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000380), 0x2000, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000140)={0xbf48ce7, "1803c809800000000800000000000000000000000000d63175876b4c69a600"})
pselect6(0x40, &(0x7f0000000100)={0x0, 0x0, 0xffffffffffffffff, 0x0, 0x800, 0x2, 0x80000000000004, 0x6}, 0x0, &(0x7f0000000400)={0x1f, 0x0, 0x800000000000, 0xfffffffffffffffe, 0x1000000000, 0xfffffffffffffffc, 0xfffffffffffffffe}, &(0x7f0000000280)={0x0, 0x3938700}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast1}, 0x1c)
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_rx_ring(r3, 0x107, 0x5, &(0x7f0000000080)=@req3={0x8000, 0x200, 0x80, 0x20000, 0xddb, 0x0, 0x8}, 0x1c)
mmap(&(0x7f0000568000/0x2000)=nil, 0x1000000, 0x0, 0x11, r3, 0x0)

7.386854935s ago: executing program 2 (id=1838):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_QOS_MAP(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000180)={&(0x7f0000000240)={0x78, r0, 0xb00, 0x70bd2b, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x2, 0x9}}}}, [@NL80211_ATTR_QOS_MAP={0x1e, 0xc7, {[{0x6b}, {0xce, 0x2}, {0x9}, {0x6, 0x1}, {0xf, 0x2}, {0x1, 0x2}, {0x1, 0x2}, {0x1, 0x2}, {0x96, 0x5}], "9c0fd3bb8b32a925"}}, @NL80211_ATTR_QOS_MAP={0x36, 0xc7, {[{0x9}, {0x5, 0x3}, {0x60, 0x3}, {0x40, 0x2}, {0x9, 0x2}, {0x6, 0x2}, {0x7, 0x2}, {0x5}, {0x2, 0x4}, {0x3, 0x6}, {0xa, 0x3}, {0x2, 0x3}, {0x16}, {0x2, 0x2}, {0x3, 0x3}, {0x9, 0x3}, {0x5b, 0x7}, {0x3, 0x1}, {0xff, 0x4}, {0x8, 0x7}, {0x4, 0x7}], "dbc330c0536d08a5"}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x10)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)={0x74, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x4}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x400}, @CTA_NAT_SRC={0x18, 0x6, 0x0, 0x1, [@CTA_NAT_V6_MINIP={0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}]}]}, 0x74}}, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000002000)=""/102400, 0x19000)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b19, &(0x7f0000000000)={'pim6reg1\x00', @link_local})
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netdev_private(0xffffffffffffffff, 0x8914, &(0x7f0000000000))
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r2, 0x890b, &(0x7f0000000380)={@dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x6, @bcast, @bpq0, 0x4, [@default, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
connect$rose(r3, &(0x7f0000000200)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}}, 0x1c)
connect$rose(r3, &(0x7f0000000100)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default, 0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}}, 0x1c)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff)
write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000440)={0x50, 0x0, 0x0, {0x7, 0x29, 0x0, 0x10c024c, 0x40, 0x1, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x7fffffff}}, 0x50)
gettid()

7.119919425s ago: executing program 0 (id=1839):
syz_usb_connect(0x0, 0x24, &(0x7f00000002c0)=ANY=[@ANYBLOB="120100001a171240030472da7f35000000010902120001810600070904"], 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f000001aa40)=""/102400, 0x19000)
r1 = mq_open(0x0, 0x42, 0x0, 0x0)
mq_timedsend(r1, &(0x7f0000000600), 0x0, 0x6, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="2000000029000b0027bd700000000000050000000c000180", @ANYRES64=r1, @ANYRES32=0x0], 0x20}}, 0x8000)
mq_timedreceive(r1, 0x0, 0x0, 0x0, 0x0)
pipe2(0x0, 0x0)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), r2)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
recvmsg(0xffffffffffffffff, 0x0, 0x0)
sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000a00)={0x51c, 0x0, 0x0, 0x70bd25, 0x25dfdbfd, {}, [@TIPC_NLA_MEDIA={0xac, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x179}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x40}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x4}]}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x10}]}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffffff80}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xeb}]}, @TIPC_NLA_MEDIA_PROP={0x4c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4c}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xe1d3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x834}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffffffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9e}]}]}, @TIPC_NLA_NET={0x28, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x5}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x5}, @TIPC_NLA_NET_NODEID={0xc}]}, @TIPC_NLA_LINK={0xa0, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7656}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x10}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x2}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}]}]}, @TIPC_NLA_NET={0x6c, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x1}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x4c}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x120c}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x2}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x8}, @TIPC_NLA_NET_NODEID_W1={0xc}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x9}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x2}, @TIPC_NLA_NET_ID={0x8, 0x1, 0xffffffff}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0xa}]}, @TIPC_NLA_NODE={0x184, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x8}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x1}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_ID={0xf9, 0x3, "105df90b56a8fccd9b2c78f3d24d4fed41474a0683916515b6cf22efd5a0e500898f8f08d6f4e9762e2b3d9329a4d3ba86ca4f3592f021caebe51c9a6ba1102494f50f370f47b3c7f68de53d4b6dfd49852b85cd55add38277c8b8fc516c870ef9f54efc3c0ef469d6bf20747104355422c2c16c493d0cb9044631f3d48876c44481c4f98c05cd8f3e8f7e0e8e79a498a3c3c1983d4190c49d2f474a557b72fb143491dc3e7eb9e299a0c59bf203c1e499265daa5e47e3fa50a46dd305aac6132f4248c87fdfb5e3b7db2a0b75d296617953ac6321bf1a36d1ad8c9b11a4c594108da294ce4edd2d6ad296e8aea289dedae3713c95"}, @TIPC_NLA_NODE_ID={0x25, 0x3, "7f2aad1df196d121d9a17e456e73d503e3c2718a2510da7b9c4a0f99b8860f9d52"}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x6}, @TIPC_NLA_NODE_KEY={0x3e, 0x4, {'gcm(aes)\x00', 0x16, "3f4bfe8464993e8a2edc67009fddf1fd3ad277e545aa"}}]}, @TIPC_NLA_NODE={0xd8, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ID={0xc9, 0x3, "cdcabbce7c9c6bdc5d05cf83fd4889486249bbfdc59df6492de3b5a0a6bd8a6f8a4b232e64cb2686123202a9d3da0dbd104479446bb4bdea157016bc59382b879aaac3eea813db08522ebe3ccc54769f3bcedd774e45a44e06119ad9ae8acc248f19de79fe0cac57a5f866b753d969113fd4695d48e5d7b8161c2dad5fd9439029f3986c9716c01702b028eed809bf3167f8951431083836d00bb51a563e4ca2fb54ca2b30ae234012dd2b7689c68cc6ad01161ab85818ed898d787487fa778e594fbbbde9"}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0xffffffff}]}, @TIPC_NLA_BEARER={0x94, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xc53}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x101}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x3, @loopback, 0x1}}, {0x14, 0x2, @in={0x2, 0x4e22, @broadcast}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x2d}}}, {0x14, 0x2, @in={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}}}}]}, @TIPC_NLA_PUBL={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x80000000}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x8000}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x100}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x3}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xfffffffd}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x40}]}, @TIPC_NLA_NET={0x4}]}, 0x51c}, 0x1, 0x0, 0x0, 0x40000}, 0x4050)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x3ff}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r5}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prctl$PR_SET_NAME(0xf, 0x0)
getcwd(&(0x7f00000004c0)=""/210, 0xd2)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r2, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c00ee00", @ANYRES16=r3, @ANYBLOB="040025bd7000fbdbdf25030000000500290001000000"], 0x1c}, 0x1, 0x0, 0x0, 0x4000800}, 0x800)
fanotify_mark(0xffffffffffffffff, 0x1, 0x40001043, 0xffffffffffffffff, 0x0)
add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000000)={'fscrypt:', @auto=[0x63, 0x36, 0x62, 0x36, 0x63, 0x64, 0x36, 0x38, 0x64, 0x62, 0x34, 0x34, 0x35, 0x64, 0x50, 0x5a]}, &(0x7f0000000200)={0x0, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300", 0x14}, 0x48, 0xffffffffffffffff)

7.032496263s ago: executing program 3 (id=1841):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
add_key(0x0, 0x0, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0xc, 0x0, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, 0x0, 0x0)
r0 = socket$rxrpc(0x21, 0x2, 0xa)
r1 = syz_io_uring_setup(0x10a, &(0x7f0000000140)={0x0, 0x5883, 0x8, 0x0, 0xfffffdfc}, &(0x7f00000000c0)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r0, 0x80, &(0x7f0000000340)=@rxrpc=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e23, 0x63e, @loopback, 0xee}}, 0x0, 0x0, 0x1})
io_uring_enter(r1, 0x3516, 0x0, 0x0, 0x0, 0x0)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x80200, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
openat$nci(0xffffff9c, 0x0, 0x2, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4000)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r7, &(0x7f0000000500)={0xa, 0x2, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_int(r7, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
sendto$inet6(r7, &(0x7f0000001040)="04", 0x1, 0x20000845, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c)

6.026019773s ago: executing program 3 (id=1843):
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="01000000060000000800000008"], 0x50)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="300000000f060101000000000000000000000003050005140a0000000900020073797a30000000000500010007000000"], 0x30}}, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="300000001c0001000000000004086aa42d"], 0x30}}, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_inet6_SIOCDELRT(r1, 0x890b, &(0x7f0000000240)={@private1={0xfc, 0x1, '\x00', 0x1}, @private1, @mcast2, 0x0, 0x0, 0xfffd, 0x0, 0x0, 0x280})
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f0000008b80)=[{{&(0x7f00000002c0)=@pppol2tpin6, 0x80, &(0x7f0000000880)=[{&(0x7f0000000480)=""/226, 0xe2}, {&(0x7f0000002200)=""/4096, 0x1000}, {&(0x7f0000000580)=""/180, 0xb4}, {&(0x7f0000000640)=""/154, 0x9a}, {&(0x7f0000000340)}, {&(0x7f0000003200)=""/4096, 0x1000}, {&(0x7f0000000400)}, {&(0x7f0000000700)=""/164, 0xa4}, {&(0x7f00000007c0)=""/176, 0xb0}], 0x9, &(0x7f0000000d40)=""/119, 0x77}, 0x10001}, {{&(0x7f00000009c0)=@nfc_llcp, 0x80, &(0x7f0000006840)=[{&(0x7f0000000a40)=""/134, 0x86}, {&(0x7f0000000b00)=""/73, 0x49}, {&(0x7f0000000400)}, {&(0x7f0000000b80)=""/61, 0x3d}, {&(0x7f0000000c80)=""/168, 0xa8}, {&(0x7f0000000bc0)=""/41, 0x29}, {&(0x7f0000006400)=""/70, 0x46}], 0x7, &(0x7f0000000e40)=""/76, 0x4c}, 0x80000001}, {{0x0, 0x0, &(0x7f0000005280)=[{&(0x7f0000000ec0)=""/248, 0xf8}, {&(0x7f0000000fc0)=""/199, 0xc7}, {&(0x7f00000010c0)=""/88, 0x58}, {&(0x7f0000001140)=""/178, 0xb2}, {&(0x7f0000004200)=""/4096, 0x1000}, {&(0x7f0000000c00)=""/34, 0x22}, {&(0x7f0000005200)=""/9, 0x9}, {&(0x7f0000005240)=""/61, 0x3d}], 0x8, &(0x7f0000005300)=""/4096, 0x1000}, 0xefffffff}, {{&(0x7f0000006300)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10}, 0x80, &(0x7f00000064c0)=[{&(0x7f0000000340)=""/22, 0x16}, {&(0x7f0000000dc0)=""/108, 0x6c}, {&(0x7f0000006380)=""/86, 0x56}], 0x3, &(0x7f0000006500)=""/89, 0x59}, 0x8}, {{0x0, 0x0, &(0x7f00000079c0)=[{&(0x7f0000006580)=""/159, 0x9f}, {&(0x7f0000006640)=""/223, 0xdf}, {&(0x7f0000006740)=""/202, 0xca}, {&(0x7f0000008d00)=""/99, 0x63}, {&(0x7f00000068c0)=""/15, 0xf}, {&(0x7f0000006900)=""/143, 0x8f}, {&(0x7f00000069c0)=""/4096, 0xdbb}], 0x7, &(0x7f0000007a40)=""/4096, 0x1000}, 0x401}, {{&(0x7f0000008a40)=@isdn, 0x80, &(0x7f0000008b40)=[{&(0x7f0000008ac0)=""/126, 0x7e}], 0x1}, 0x4000000}], 0x6, 0x40010123, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
r4 = socket(0x10, 0x2, 0x0)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r5, 0x84, 0x81, &(0x7f00000002c0), 0x0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r5, 0x84, 0x6e, &(0x7f0000000c40)=[@in={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x1, 0x0}}, @in={0x2, 0x4e22, @local}], 0x20)
write(r4, &(0x7f0000000040)="1c0000001a009b8a140000003b9b301f00"/28, 0x1c)
recvmmsg(r4, &(0x7f0000002ec0), 0x400000000000ec0, 0x2, &(0x7f00000001c0)={0x77359400})
socket(0x2, 0x80805, 0x0)
add_key(0x0, &(0x7f0000000100)={'syz', 0x3}, &(0x7f0000000080)="f8", 0x1, 0xfffffffffffffffe)
preadv2(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000001200)=""/4096, 0x1000}], 0x100000000000000d, 0x0, 0x0, 0x0)
r6 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x52b281, 0x0)
r7 = fcntl$dupfd(r6, 0x0, r6)
ioctl$SG_IO(r7, 0x2285, &(0x7f0000000040)={0x53, 0xfffffffc, 0x0, 0x0, @buffer={0x2, 0x51, &(0x7f00000000c0)=""/81}, &(0x7f0000000380), 0x0, 0x0, 0x0, 0x0, 0x0})
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="000000000000d4a1ce4e9de42536000000000000", @ANYRES32=0x0, @ANYBLOB], 0x48)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000200), 0xffffffffffffffff)

6.005797816s ago: executing program 2 (id=1845):
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000240), 0x140, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000100)={0x400, 0xa, 0x640, 0x0, 0x0, 0x180, 0x20, 0x0, {}, {0xfffffff9}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0xfffffff8, 0x4, 0x80, 0x0, 0x5, 0x32})
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB="7b1300000000000008002e0000000000"], 0x28}}, 0x40800)
r2 = accept4$netrom(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'bridge_slave_1\x00', <r5=>0x0})
sendmsg$nl_route(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="440000001000010029bd7000ffdbdf2500000000", @ANYRES32=r5, @ANYBLOB="100804002010000024001280110001006272696467655f736c618c65000000000c000580050019"], 0x44}, 0x1, 0x0, 0x0, 0x404c1}, 0x40040d4)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'team0\x00', <r6=>0x0})
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x3, 0x6)
r9 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f00000005c0), 0x200000, 0x0)
ioctl$KVM_SET_MEMORY_ATTRIBUTES(r9, 0x4020aed2, &(0x7f0000000600)={0xeeee0000, 0x104000, 0x8})
r10 = socket(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f0000000040)={'team0\x00', <r11=>0x0})
sendmsg$nl_route_sched(r10, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x88, 0x24, 0xf0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r11, {0x0, 0xffff}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x2, [], 0x0, [0x4, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c4, 0x0, 0x0, 0x0, 0x3dc], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000]}}}}]}, 0x88}}, 0x20000000)
sendmsg$nl_route_sched(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000006c0)=@newqdisc={0x30, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x10000, {0x0, 0x0, 0x0, r11, {0x0, 0x5}, {0x1, 0xffff}, {0x2, 0x3}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x8041}, 0x800)
getpeername$packet(0xffffffffffffffff, &(0x7f0000000200)={0x11, 0x0, <r12=>0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000440)=0x14)
sendmsg$inet(r2, &(0x7f0000000580)={&(0x7f0000000040)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000080)="e4760210bbe48b64a779323ec0fd75bfbee9e03c171d3d6d05c319d6488a45751f65f0a8fa5f5d0afcc99c4f6c4b070df6b41e5f", 0x34}, {&(0x7f0000000280)="24ff4bb779e1f4fe0658c59182670f9ce6d8ed390470be6b714d3ff06b874cdf188e949b0713a088f6927a56b75e629cdac9c5327133c451804a39acc7ffca2db1e2d2500b0bac6593669d9eb0fc2d09dbc6f543a40b766ea491083a3a24172d0ee6e3bad5c8b6914ebed0662b48ded5a70c8e30bbf49bee8301047994db17b69c1a8781be010a6f7bdc045765a633766d8ffefa04db0e29c725b4363147870ff3566b951740e2df274b4ccf803ed4f21304421e20030ca3528aa16f9148b09338577607684de82238f967a98348b2bbb764a0f23ef9b42e2c76ef4fd4d752f6474b08cb7b2eb5", 0xe7}, {&(0x7f0000000380)="d93307b4c7c753082779a1648489126429857e9cd763e9f30b365be4d0fd59a71df9b87802180e039d6f685dda6c0fe81222facad9429e64bb6f8bbf7c9d1e8118ba7f59685c5a8bf44b9162cdf84d3ef900d1abaaba49f4fec4fffc18ab6f1e44e837ef87a0b9b6349a794a246e147b720afbae1b2f946c264e090476c73f2a5e2b6e2408377bf863be5c30446f2402c39c5c02c0bb75e146db8ec0cfee85825ee2a3bad69008df64dddf05c5d7", 0xae}], 0x3, &(0x7f0000000480)=[@ip_tos_u8={{0x11, 0x0, 0x1, 0xc}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0xfd}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {r5, @multicast2, @dev={0xac, 0x14, 0x14, 0x10}}}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @private=0xa010100, @rand_addr=0x64010100}}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {r6, @broadcast, @remote}}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {r11, @remote, @empty}}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {r12, @multicast1, @remote}}}], 0xd0}, 0x4050)

5.824631888s ago: executing program 1 (id=1846):
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = getpgid(0x0)
sched_setattr(r2, &(0x7f0000000280)={0x38, 0x3, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa0d, 0x7fff}, 0x0)
socketpair(0x1, 0x3, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r3, 0x8b06, &(0x7f0000000040)={'wlan1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}})
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000006c0)=ANY=[@ANYBLOB="500000000206010400000000000000000000000005000100070000000900020073797a19000000000500050002000000050004000800000015000300686173683a69702c706f72742c6e6574"], 0x50}, 0x1, 0x0, 0x0, 0x44090}, 0x0)
r5 = socket$packet(0x11, 0x3, 0x300)
dup(r5)
r6 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$int_in(r6, 0x40000000af01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r6, 0x4028af11, &(0x7f0000000200)={0x1, 0x1, 0x0, &(0x7f0000000740)=""/51, 0x0})
r7 = socket$packet(0x11, 0x3, 0x300)
ioctl$VHOST_SET_MEM_TABLE(r6, 0x4008af03, &(0x7f0000000340))
r8 = dup(r7)
ioctl$VHOST_NET_SET_BACKEND(r6, 0x4008af30, &(0x7f0000000000)={0x1, r8})
ioctl$VHOST_SET_FEATURES(r6, 0x4008af00, &(0x7f00000001c0)=0x304008000)
ioctl$VHOST_NET_SET_BACKEND(r6, 0x4008af30, &(0x7f0000000240)={0x3})
recvmsg(0xffffffffffffffff, &(0x7f0000001700)={0x0, 0x0, 0x0}, 0x0)

5.200549748s ago: executing program 2 (id=1847):
r0 = io_uring_setup(0x664c, &(0x7f0000000500))
r1 = socket$kcm(0x29, 0x2, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001000)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24bd8137a3aa81e0ed139a85d36bb3019d13bd2321af3c2bd67ce68f15c0ec71d0e6adfefcf1d8f7faf75e0f226bd917060000007142fa9ea4318123751c0a0e168c1886d0d4d35379bd223ec839bc16ee988e6e0dc8cedf3ceb9fbfbf9b0a49ef42d430f6296b72a83438810720a159cda90363db3d221e152dfca64057ff3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4babe802f5ab3e89cf6c662ed40000000022278d00031e5388ee5c867ddd58211d6ece3ccb0cd2b6d3cffd962867a3a2f624f992daa94a6a556f3218ce740068725c37074e468ee207d2f73902ebcfcf49822775985bf31b715f5888b24efa190000000000000000000000000000ddffffff020000000000000000ddffffff0000b27cf3d1848a54d7132be1bfb0adf9deab3323aa9fdfb52faf9cb09c3bfd09000000b91ab219ef00bb7b3de8f67ffcad3f6c3c2b1f03550000000000001cf41ab11f12fb1e0a494034007de7c6592df1a6c64d8f20a67745409e011f1264d43f153b3d34889f40159e800ea2474b540500a30b23bcee46762e2093bcc9eae5ee3e980026c96f80ee1a00000000740750fa4d9aaa705989b8e673e3296e52d337c56abf112874ec51d6fe048ba6866adebab53168770a71ad901ace383e41d277b103923a9d961f7a2591dbe4a912ffaf6f658f3f9cd16286744f83a83f138f8f92efd92239eafcc5c1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637599f35ad3f7ffffff3cac394c7bbdcd0e0eb52162e0c410ade7000026a4e739c60f03cc4146a77af02c1d4cefd4a2b94c0aed8477dfa8ceefb467f05c6977c78cdbf3f704ec73754910fe050038ec9e47de89298b7bf4d769ccc18eedd9068ca1457870eb30d219e23ccc8e06dddeb61799257ab5000013c86ba99523d61a00000000c270246c878d01160e6c07bf6cf8809c3a0d062357ba2515567230a6f8b2ad1e1f4933545fc3c741374211663f6b63b1dd044dd0a2768e825972fc4300001467c89fa0f82e8440105051e5510a33dcda5e4e202bd622549c4cffffff501d3a5dd7143fbf221fff161c12ca389cbe0000000000000fff2ecf631c6c5fd9c26a54d43fa050b88d1d43a8645bd9109b7e07869bba7131421c0f397073943330baafd243c0c6ffe673bab4113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a8400e378a9b15bc20f49e298727340e87cdefb40e56e9cfad9931b8c552b2c7c503f3d0e7ab0e958adb8629aeec90e6d1857da822e40009995ae166deb9856291a43a6f7eb2e32cefbf463789eaf79b8d4c22be89f44b032dad13007b82e6044f643fc8cd07ae636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c9920c2d2af8c5e13d52c83ac3fa7c3ae6c08384865b66d2204c2e4f3ae200f279b512b4dcb5dd9cba16b62040bf8702ae12c77e6e34991af603e3856a346cf708feeb708ab22b560cf8a4a6f31ba6d9b8cb0908000000000000001a342c010000000000e667a7592b33406f1f71c739b55db91d2309dc7ae401005f52053a39e7307c09ff3ac3e820b01c57dd74d4aafc4c383a17bc1de5347bb71ca16dcbbbaa2935ae662082b56cf666e63a759e0ef3ea7af6881513be94b362e15ffca8ec453b3a2a67be70c17b0f9c2eac765816c30c2e7133dca1c7669522e8dff8bc570a93fbdb688c3aef810000007a6ea6b11163392a19d87995b51cb6febd5f34a34998d2010fd5facf68c4f84e2f66e27c81a149d7b331983d3b74444953fc1216dfec10b724be3733c26f12538376e177ffef6fd2020000000000000008e4919a463d5332a2546032a3c06b94f168e8fc4bda0c294723fe306f26c477af4b926644672985fab7cc67bc5b5f5d38cdd8df95147ebe1cd88b0a4c6cde9951be10ba7dfddfefb238fac2303cc8982f1e55b005afcfea5eb037248fefad6bb02c162ce92ab17744c8ec3d2e80cf3205d36699fd381bc81231fb5e12e45f3059f361d08d6a6d019ebf105eaf43083c29512bcedd79ca9bf24e063d0c273ed70a2b70be521ea27dc8cf3c9bdf83b93405db07e82e2db484f8673e0e97dd7e8a872148613c3a04f3d67f4375ba5c7f1b00ffffff7f000000000801f71d79d812ced782646b5f79c8fc08bb5c11020108d702edd2ea9c96cf0d2d48aa5fc0a7bf1b51afd85350ad00b78c598fa8701b000884de790b54e5ab2e8ff0c7ae23e0b6eeac95c4c2eef2e5eb1d019d52099fbd404e8ece970f67856ba7e960bd8b1e4105ce7e31f7c9c3e3fa61aaa967b90087e91d703e98535b107b8f4653be4c46a3a1adb07d226952b8573b417018316fa96e2b8e7370baa16d4122c863709b08d4639a19a46ac90ac48a13ee9bcaa875fc700000000000003b40dc5c745fe2491e8425e600000000000000000000000000000000000000000000000000000000000000250318a44ad31baac0520a913301e630ae540f3289aebde8633f6f450c0738e16df6c7f1e0832a2a16fe6e39959735758248032cdf7320c6dc87b01e3f9a7811b200000000ae189de4b9b25f7c7a9c070000002af1c06315270de4a6605e4b4b58bef76fac54f11b84bd7bcd6b6a485edfb7684c770a39b38b08e18a51a4d4e66ca21c06a4b4198e1bc2ef990c9ba911efed626e5ee341a17bf8132b09000000d31df213c802d74797056fd3bca8b2d6cb134437cba0193ba4360bdcc98aad2560aa48291c4eb9d4e08ad7a9c5f04be1ab597124d84dfc7bd8cca8f68154a0ed356e773a797ca6d66748857b4abbf8830abeea2a46342e6a7378173cb29d5cdcd698a0203f78116b710008000000000000007c2d86b94472807c10eb9a8e2fb8bd79fe3a8316deff3ee641c9a080a2173642e673a672279bae4e7e28055da9497d7edb53be6e80482bd4d9a74b8dd4221fff0f0000705d7257ff7f76c78ba0b44ec0bdfa0d32d7042059b13a079639f14f9032b856d892ad6af5124c9c3130485e9682ff1f3c54e475d5bb496aef4bb537d7e191dfdeba109fdcf7864763f87a6d711cf52e520a6ce30e134c55e0caac037209d2f14fcddd00000000000000000000000000000000e609893bdce015e8ccfb36399844db61f6171b0b0e845e48728450c6ba4f7098f8e000676b59ab9f851f3ab77847ce05c89411277ec69c409b7ec50a3337a78675f38a568612c235ab5f2cd6d035d5f5f6a693c381adbbf7b37e37292783b2c7efe7d3a067906552f76d419e0300000000000000000000008f3a20b49fe7636806867283e35cff8d00e7b251bab3cf6377a24f8e8d4bda7503674bc94bf7f4d2fa6f25944bf0a186436d9f6831995976328a1fdc78492c65c1434855dc35c3cf7cf9610c5387794443c99b304799114132362849c3fa85d6379729ff9094933db0cfbe8887c50b87e1469fdf454cef4cbc5f7bf384000000000000a4e8c1a25f47c440144a9776be6cb40aafdb9d3cc8f6a6050974e1c4000000000000008b753f4e1bef9556efcc087a99dbf231167013a4b2eaf6338a0b100c98a331dffc"], &(0x7f0000000140)='GPL\x00'}, 0x94)
r3 = socket$kcm(0x2, 0x1, 0x0)
ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000140))
ioctl$PPPIOCSFLAGS1(0xffffffffffffffff, 0x40047459, &(0x7f0000000080)=0x40)
pwritev(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f0000000100)="80fd02000040", 0x6}], 0x1, 0x0, 0x0)
sendmsg$inet(r3, &(0x7f0000000fc0)={0x0, 0x0, 0x0}, 0x20000811)
mount(0x0, &(0x7f0000000040)='./cgroup\x00', 0x0, 0x1001, 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0xa, 0x20008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3)
r4 = syz_open_procfs(0x0, &(0x7f0000000000)='setgroups\x00')
write$P9_RLCREATE(r4, &(0x7f0000000100)={0x18, 0xf, 0x1, {{0x8, 0x3, 0x3}, 0xfffffffe}}, 0x18)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x8000000000000002)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f000001aa40)=""/102400, 0x19000)
r6 = syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="000400000000fd000000050029000100000008"], 0x2c}}, 0x40000)
mprotect(&(0x7f000044d000/0x2000)=nil, 0x2000, 0x1)
r7 = mq_open(&(0x7f0000000080)='\'-\x00', 0x42, 0x0, 0x0)
mq_notify(r7, &(0x7f0000000040)={0x0, 0xfffffffc, 0x1})
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000240)={0x2, 0xb}, 0x2)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)=0x1f00, 0x12)
ioctl$sock_kcm_SIOCKCMATTACH(r1, 0x89e0, &(0x7f0000000040)={r3, r2})
close_range(r0, 0xffffffffffffffff, 0x0)

5.085892304s ago: executing program 3 (id=1848):
openat$binfmt_register(0xffffffffffffff9c, 0x0, 0x1, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
r2 = syz_io_uring_setup(0x49f, &(0x7f0000000600)={0x0, 0xe7a9, 0x100, 0xfffa, 0x40024e}, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000440)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
r5 = syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ff6000/0x4000)=nil, &(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff3000/0x4000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000480)=@bpf_ext={0x1c, 0x1, &(0x7f0000000140)=@raw=[@kfunc={0x85, 0x0, 0x2, 0x0, 0x3}], &(0x7f0000000180)='GPL\x00', 0x9, 0x53, &(0x7f0000000540)=""/83, 0x41000, 0x47, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x1, 0x1}, 0x8, 0x10, &(0x7f00000003c0)={0x2, 0x3, 0x40595, 0x400}, 0x10, 0x41dd, r5, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
r6 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0xc89f, 0xc000, 0x7, 0x20002f7})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0x5}, {0xffe0, 0xffff}}}, 0x24}}, 0x0)
r7 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r7, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000300)=0x8)
sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)='8', 0x1}], 0x1, 0x0, 0x0, 0x2c}, 0x4000845)
io_uring_enter(r6, 0x2219, 0x771d, 0x16, 0x0, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_RECVMSG={0xa, 0x40, 0x0, r1, 0x0, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0, 0x2161, 0x1, {0x2}})
io_uring_enter(r2, 0x3d0e, 0x2004c1, 0x66, 0x0, 0x0)
mkdirat(0xffffffffffffffff, 0x0, 0x95d913cc3bd236dc)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
pipe(&(0x7f0000005880)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
fsetxattr$security_selinux(r8, &(0x7f00000000c0), &(0x7f0000000040)='system_u:object_r:dhcp_state_t:s0\x00', 0x1e, 0x0)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x0)
r9 = syz_open_dev$sg(0x0, 0xa, 0x40000)
ioctl$SG_GET_SG_TABLESIZE(r9, 0x227f, &(0x7f0000000300))
openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x88040, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)

4.66211104s ago: executing program 2 (id=1850):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_usb_connect(0x3, 0x24, &(0x7f0000000f80)=ANY=[@ANYBLOB="120100038ee3710889076001fe8201020301090212000107d1102d0904"], &(0x7f0000001c40)={0x0, 0x0, 0x0, 0x0})
prlimit64(0x0, 0x5, &(0x7f0000000040)={0x800800008, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x4fd813f5be28e27d, &(0x7f0000000200)=0xf)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xb3d68000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="480000001400090500000000fddbdf25021f00cb", @ANYRES32=r3, @ANYBLOB="080008100002000008000200ffffffff0800090006000000080009000000180008000200ac1414aa080009"], 0x48}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00'})
sendmsg$nl_route(r3, &(0x7f0000000200)={0x0, 0xed, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[], 0x70}, 0x1, 0x0, 0x0, 0x4080}, 0x0)
r4 = socket$inet6(0xa, 0x3, 0xff)
connect$inet6(r4, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c)
unshare(0x22020600)
r5 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000940)=@framed={{0x18, 0x9}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r5}}]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000005c0)={{r5}, &(0x7f0000000540), &(0x7f0000000580)=r6}, 0x20)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000007c0)={r5, &(0x7f0000000780)}, 0x20)
setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x41, &(0x7f0000000000)=0x659f, 0x4)
write$binfmt_script(r4, &(0x7f00000000c0), 0x28)
recvmmsg(r4, &(0x7f00000013c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40002000, 0x0)

4.267738695s ago: executing program 0 (id=1851):
socket$inet(0x2, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20020008008f}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000002100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
pwritev(r2, &(0x7f0000000040)=[{&(0x7f0000000240)="44d6ac627837ba0ee8de7a5fda14a49503ffd505a1f770ca6c53314b496800000000605028188cbb8b82d60205639cb0dbddd8968247542b3bc0922e51407ee42c1a366089e3dbdbf5951f16cfb8660efcbbf5a3771dd91be37874ae58c11b53dfb8f2c213eceb8e7c7407cadf87e4d98c0ac59a6a49bbf22b3a03acacdc6b94f860cccfd93da7cbc30aa2586a9867a571f76aa2d38f5b13f9e9e1d9c33e164246538fe4bd83ff39ffe954d3295bcc0673f3c4754217b8d51d4f2dc4a1775c38401b4731ac1fd5d20985d9cd504b9676", 0xd0}, {&(0x7f0000000340)="becaa9e9c5f3b135c5e7b7303064aa19e20be4df994c709b64ea99da0a6aee6dd6a00e6e4046053bd52a78ee376d2449d578c7e2faf04d74a6bb87c51b334f64ca15b4acf1fc0e97a4c23da0f635a52fd19c96788382cc7d2a0e07ec760a7ff5c6e4c971b982359eec84325d194a3b56e3fef584ed71d96f213c5208b8e96b7acbf350dcd80818bcf7dce0d7ab3f4a1a886cb9058ab4384fec717075062dd417a7c589f8617c947fe0f7f020e16664f4e070bb528f2da37f8d648a3eda5cb5355e7d32c38fb0eb478b3d024e1c4c", 0xce}], 0x2, 0xffffffff, 0x407ff)
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r5, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r6, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket(0x1, 0x803, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="440000001000090600000000fedbdf2500000000", @ANYRES32=0x0, @ANYBLOB="a7ffa888000000001c00128009000100766c616e000000000c000280060001000100000008000500", @ANYRES32=r9, @ANYBLOB], 0x44}}, 0x0)
r10 = socket(0x10, 0x803, 0x8)
sendmsg$IPVS_CMD_SET_INFO(r10, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r10, &(0x7f0000000100)={0x11, 0x0, <r11=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x60, &(0x7f0000000300)={&(0x7f0000000900)=ANY=[@ANYBLOB="5c00000010001ffffcffffff0000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000340012800b0001006772657461700000240002800800070064010100060003001008000008001500700f0d0008000700ac1414bb08000a00", @ANYRES32=r11], 0x5c}}, 0x40)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$OSF_MSG_ADD(0xffffffffffffffff, &(0x7f0000001340)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x400}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x1)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r12 = syz_init_net_socket$llc(0x1a, 0x800, 0x0)
bind$llc(r12, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x81, 0x42}, 0x10)
connect$llc(r12, 0x0, 0x0)

3.613381728s ago: executing program 4 (id=1852):
openat(0xffffffffffffff9c, &(0x7f0000001100)='./file0\x00', 0x1a19c2, 0xab1b39fa609e4367)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000002280)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x8000}})
r1 = syz_open_procfs(0x0, &(0x7f0000000700)='mounts\x00')
read$FUSE(r1, &(0x7f0000002780)={0x2020}, 0x5ecfb203)
r2 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$inet6_IPV6_RTHDR(r2, 0x29, 0x39, &(0x7f0000000000)={0x2c, 0x0, 0x2, 0x4}, 0x8)

3.542011521s ago: executing program 3 (id=1853):
r0 = syz_usb_connect(0x5, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="120100000cb768405e0483020b9901e4020109021b000100000000090400fb015c291d00090509"], 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000000), 0x3, 0x183a00)
socket$nl_generic(0x10, 0x3, 0x10)
epoll_create(0x403)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x5, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x7, 0x81}, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
r3 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VIDIOC_G_FMT(r3, 0xc0d05604, &(0x7f0000000100)={0xc, @pix_mp={0x5e0, 0x0, 0x35323645, 0x0, 0x0, [{0x6, 0xec}, {0x7fffffff, 0x7}, {0x9, 0x60}, {0x80, 0x5}, {0x80000001, 0xa3a0}, {0xfff, 0x7}, {0x0, 0x4}, {0x3, 0x6}], 0x2, 0xfa, 0x1, 0x0, 0x5}})
syz_usb_disconnect(r0)
r4 = socket$can_raw(0x1d, 0x3, 0x1)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r5, &(0x7f0000002640)={0x0, 0x0, &(0x7f0000002600)={&(0x7f0000002580)={0x1c, 0x1, 0x4, 0x3, 0x0, 0x0, {0x5, 0x0, 0x6}, [@NFULA_CFG_CMD={0x5, 0x1, 0x4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x2404c054}, 0x40)
setsockopt$CAN_RAW_ERR_FILTER(r4, 0x65, 0x2, 0x0, 0x0)
landlock_create_ruleset(0x0, 0x0, 0x0)
setsockopt$CAN_RAW_FILTER(r4, 0x65, 0x1, &(0x7f0000000480)=[{{0x2, 0x1, 0x1, 0x1}, {0x3, 0x1, 0x1}}, {{0x0, 0x0, 0x1}, {0x2, 0x1, 0x1, 0x1}}, {{0x1, 0x1}, {0x3, 0x1, 0x1, 0x1}}, {{0x1, 0x1, 0x1, 0x1}, {0x3}}, {{0x1, 0x1, 0x1}, {0x4, 0x1}}], 0x28)
close(r4)
r6 = fsopen(&(0x7f00000003c0)='tracefs\x00', 0x1)
close_range(r6, 0xffffffffffffffff, 0x0)

3.528087839s ago: executing program 4 (id=1854):
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'veth1_to_bond\x00', <r1=>0x0})
setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000100)={r1, 0x2, 0x6, @local}, 0x10)
r2 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000000)={r1, 0x1, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x39}}, 0x10)
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x1)
ioctl$KVM_IOEVENTFD(r5, 0x40a0ae49, &(0x7f0000000080)={0x7ff, 0xffff1000, 0x2, 0xffffffffffffffff, 0x2})
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0xf1)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000000c0)='./bus\x00')
r6 = open(&(0x7f00000005c0)='./file0\x00', 0x2a4c0, 0x13)
ioctl$FS_IOC_FIEMAP(r6, 0xc020660b, &(0x7f0000000040)={0x0, 0x7, 0x0, 0x2})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000540)={'bond_slave_1\x00', <r7=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=@getchain={0x24, 0x11, 0x839, 0x70bd27, 0x25dfdbff, {0x0, 0x0, 0x0, r7, {0x0, 0x6}, {0x0, 0xa}, {0x0, 0x6}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x0)

3.526389858s ago: executing program 1 (id=1855):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
openat$sndseq(0xffffffffffffff9c, 0x0, 0x200)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r1, &(0x7f0000000400)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x50, r2, 0x800, 0x70bd28, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x5, 0x7}}}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x1720}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x2}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x400}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x4}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x1}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x82}]]}, 0x50}, 0x1, 0x0, 0x0, 0x4000}, 0x800)
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000100)=0xa, 0x4)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'geneve0\x00', <r4=>0x0})
sendto$packet(r3, &(0x7f0000000180)="0b036800e0ff64000200475400f6a13bb10000000800894f4820", 0x1fffe, 0x0, &(0x7f0000000140)={0x11, 0x0, r4}, 0x14)
read$ptp(0xffffffffffffffff, 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r6 = socket(0x2, 0x80805, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, 0x0)
sendmsg$nl_route(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="440000001055f104000002000004050000000000", @ANYRES32=0x0, @ANYBLOB="0380000010e3040008000500", @ANYBLOB="140012800b0001006970766c616e000055fe028008000a", @ANYRES32=0x0, @ANYBLOB], 0x44}, 0x1, 0x0, 0x0, 0x240008c4}, 0x4054)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000240)=0xffffffffffffffff, 0x4)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
r8 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r8, 0x0, 0x482, &(0x7f0000000040)={0x84, @dev={0xac, 0x14, 0x14, 0x13}, 0x4e20, 0x3, 'wrr\x00', 0x1, 0x2, 0x6e}, 0x2c)
setsockopt$IP_VS_SO_SET_ADDDEST(r6, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010101, 0x4e21, 0x3, 'lc\x00', 0x4, 0x8, 0x77}, {@rand_addr=0x64010102, 0x4e23, 0x2, 0xcd, 0x12d5f, 0x3}}, 0x44)
setsockopt$IP_VS_SO_SET_FLUSH(r8, 0x0, 0x485, 0x0, 0x0)

3.277062816s ago: executing program 0 (id=1856):
setrlimit(0x4, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, 0x0, 0x0, 0xc10)
open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x0)
write$vhost_msg(0xffffffffffffffff, 0x0, 0x0)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, 0x0, 0x0)
ioctl$sock_netdev_private(0xffffffffffffffff, 0x8914, &(0x7f0000000000))
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r2, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x2}, 0x6, @bcast, @bpq0, 0x0, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @default, @default, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})

3.13664544s ago: executing program 4 (id=1857):
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$int_in(r0, 0x40000000af01, 0x0)
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_open_dev$vcsn(&(0x7f0000000040), 0x0, 0x200800)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x15)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0))
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
bpf$ITER_CREATE(0xb, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r3, 0x4068aea3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TIOCPKT(r5, 0x5420, &(0x7f0000000100)=0x9)
ioctl$TCSETS(r5, 0x5402, &(0x7f0000000080)={0x400, 0x3, 0x0, 0x10000, 0x16, "4415264a88b82c521113fb235902af2556c6b6"})
write$P9_RLOPEN(0xffffffffffffffff, &(0x7f0000000000)={0x18, 0xd, 0x2, {{0x4, 0x2, 0x2}, 0xfffffff6}}, 0x18)
r6 = socket$inet6(0xa, 0x2, 0x3a)
ioctl$LOOP_GET_STATUS(r2, 0x4c03, &(0x7f00000001c0))
connect$inet6(r6, &(0x7f0000000000)={0xa, 0x4e23, 0x430, @local, 0x9}, 0x1c)
sendto$inet6(r6, &(0x7f0000000080)="800037bbfa9ba1ce", 0xffd8, 0x0, 0x0, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

2.383229789s ago: executing program 4 (id=1858):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x101842, 0x0)
r1 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000100)='./bus\x00', &(0x7f0000000200)={0x280640, 0xc0, 0x1}, 0x18)
mkdirat(r1, &(0x7f0000000240)='./file0\x00', 0x1ad)
r2 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
mkdirat(r2, &(0x7f00000002c0)='./file1\x00', 0xb6)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000000c0)='./bus\x00')
mkdir(&(0x7f0000000000)='./bus\x00', 0x1)
r3 = open(&(0x7f0000000040)='./bus\x00', 0x0, 0x104)
fdatasync(r3)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000040))
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000040)=0xd)
ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000001ac0)=0xff)
ioctl$FIONREAD(r4, 0x541b, &(0x7f0000002300))
ioctl$PPPIOCGNPMODE(r0, 0xc008744c, &(0x7f0000000080)={0x283, 0x3})

2.021428298s ago: executing program 4 (id=1859):
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
ioctl$FS_IOC_GET_ENCRYPTION_NONCE(r0, 0x8010661b, &(0x7f0000000180))
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4)
r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
ioctl$vim2m_VIDIOC_G_FMT(r1, 0xc0285629, &(0x7f0000000080)={0x3, @win={{0x2}, 0x0, 0x0, 0x0, 0x0, 0x0}})

1.919872148s ago: executing program 4 (id=1860):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={0x0}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000000c0)='sctp_probe_path\x00', r0, 0x0, 0x400}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
move_pages(0x0, 0x1efe, &(0x7f0000000080), 0x0, &(0x7f0000000040), 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(r1, &(0x7f00000016c0)={0x0, 0x0, &(0x7f0000001680)={&(0x7f00000009c0)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010004000000fedbdf250e00000008000300", @ANYRES32=0x0, @ANYBLOB="0c00990000000000fdffffff15000e001c"], 0x4c}}, 0x10)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$kcm(0x10, 0x2, 0x4)
mount(0x0, 0x0, &(0x7f0000000040)='xfs\x00', 0x800000, 0x0)
lsetxattr$security_evm(&(0x7f0000004d40)='.\x00', &(0x7f0000004d80), 0x0, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x10, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b70800", @ANYRES32, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = socket$can_j1939(0x1d, 0x2, 0x7)
setsockopt$SO_J1939_SEND_PRIO(r5, 0x6b, 0x3, &(0x7f0000000040)=0x2, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xe3}, 0x0)
getpid()
r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0)
ioctl$VHOST_VSOCK_SET_GUEST_CID(r6, 0x4008af60, &(0x7f0000000040)={@my=0x1})
ioctl$VHOST_VSOCK_SET_GUEST_CID(r6, 0x4008af60, &(0x7f0000000040)={@my=0x1})

1.561407868s ago: executing program 0 (id=1861):
socket$netlink(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@base={0x1, 0x4, 0x7fe2, 0x1}, 0x50)
socket$inet_sctp(0x2, 0x1, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000380)=ANY=[@ANYBLOB="1801000000000000000000000000000085000000110000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='sys_enter\x00', r0}, 0x10)
memfd_create(&(0x7f0000000000)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05\xd7\xe7X\xc7/\xae5\x93wwT\x13\xbd,\xd6\x16\x84\xcd\xd1\xd8\xe1P_\xbf0\xd8\x8d%Yh\xb5\xb4\"\xf5\x93\xdeh\xce\xa5\xe8\xc8\xec\x88\x89\xf07{\x95\xc9\xd0\xee\xe1\x1d\x80\xcc]-\xc2\xa1\x02ELhI\xd9\xf5\xcfk\x8a&i\xc1\xff9T\x8e\xe2rY\xa3\xd2H9\xfe\x0e\x1e\xac\x0f\xc3\xbd{\xd9\xcc\xbe\xa9\x93\xe0\xa4W\x1cn>\xc1\xf1\x9e\"\x93\x19\x19\x1a\xcc\x7fy\xd2~\x05\x99\xe6\x00o\xca\xe0\xc6\xd4\xf5\xa0\xc8P\xd6;\xf3\xc6~E\xacI\xd4\xe9\xa1|>\x91.K\x81\xa9+\xcf\xff\xcb\xfa\x0f\xe7n\x83H\x12\xac\x80\x16\xf8\x87Q\x97Az\n`\xb6\xe13A\xec\x8d(\\D\xec\xa6\t1\xa0h\xfc\x1f\xdd1@-4\xb4:\xf8\xd5wP \x84m\xe2\xd9\xfcb\xa0\xc3\xc9\xe7W\x86\xd7$\xa4ml\xee\x97[\xb7\xfa', 0x2)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
preadv(r2, &(0x7f0000001b00)=[{&(0x7f0000000000)=""/222, 0xde}], 0x1, 0x8, 0xeffffffc)
socket$xdp(0x2c, 0x3, 0x0)
pselect6(0x40, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x2, 0x8000000000000}, 0x0, &(0x7f0000000100)={0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x0, 0x0)
socket$unix(0x1, 0x5, 0x0)

1.218079035s ago: executing program 1 (id=1862):
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$int_in(r0, 0x40000000af01, 0x0)
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_open_dev$vcsn(&(0x7f0000000040), 0x0, 0x200800)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x15)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0))
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
bpf$ITER_CREATE(0xb, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r3, 0x4068aea3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TIOCPKT(r5, 0x5420, &(0x7f0000000100)=0x9)
ioctl$TCSETS(r5, 0x5402, &(0x7f0000000080)={0x400, 0x3, 0x0, 0x10000, 0x16, "4415264a88b82c521113fb235902af2556c6b6"})
write$P9_RLOPEN(0xffffffffffffffff, &(0x7f0000000000)={0x18, 0xd, 0x2, {{0x4, 0x2, 0x2}, 0xfffffff6}}, 0x18)
r6 = socket$inet6(0xa, 0x2, 0x3a)
ioctl$LOOP_GET_STATUS(r2, 0x4c03, &(0x7f00000001c0))
connect$inet6(r6, &(0x7f0000000000)={0xa, 0x4e23, 0x430, @local, 0x9}, 0x1c)
sendto$inet6(r6, &(0x7f0000000080)="800037bbfa9ba1ce", 0xffd8, 0x0, 0x0, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

736.311283ms ago: executing program 2 (id=1863):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x149802, 0x0)
dup(r0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r1 = syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0x5867, 0x10, 0xfffffffc, 0x24d}, &(0x7f00000006c0)=<r2=>0x0, &(0x7f00000001c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f00000002c0)=0xfffffffc, 0x0, 0x4)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000d80)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct={0x0, 0x0, 0x0, 0x4, 0x1, 0x1}]}}, 0x0, 0x26, 0x0, 0x1}, 0x28)
bpf$BPF_BTF_GET_NEXT_ID(0x17, 0xfffffffffffffffe, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x4, 0x0, &(0x7f0000000100)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1})
io_uring_enter(r1, 0x100847c0, 0x0, 0x1, 0x0, 0x0)

673.80945ms ago: executing program 0 (id=1864):
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0)
lseek(r0, 0x0, 0x1)
fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
r1 = userfaultfd(0x80001)
r2 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r3 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x8)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x4010, r3, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
write$qrtrtun(r2, &(0x7f0000000300)="ca0e8007feff8763", 0x8)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r4, 0x0, 0x30, 0x0, @void}, 0x10)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000240)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1})
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$F2FS_IOC_RELEASE_VOLATILE_WRITE(r5, 0xf504, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = socket$kcm(0x11, 0x2, 0x0)
setsockopt$sock_attach_bpf(r6, 0x107, 0x14, &(0x7f0000000000), 0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r8, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
getpeername$qrtr(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x1000000000, 0x7, 0xfa11, 0xffffffff}, 0x0)
r9 = socket$inet6_sctp(0xa, 0x1, 0x84)
r10 = socket$nl_xfrm(0x10, 0x3, 0x6)
r11 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r11, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="fc00000019000100000000000000000000000000000000000000000000000000fc01000000000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000b93760000000000000000000000000000000000000000000200000000000000010000000000000044000500ac141400000000000000000000000000000000003c00000000000000000000000000000000000000000000000000000001"], 0xfc}, 0x1, 0x0, 0x0, 0x24008040}, 0x20040000)
sendmsg$nl_xfrm(r10, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="c400000019000100fcffffff00000000ac14142c000000000000000000000000fe8000000000000000000000000000aa4e2200004e2400000a000060000000006ad85c5eb0d459af252f4c763dd639a87c18ccabc252069a64ea01edd2643f7ce2302c4d849346f819f47ab95f021ec4546c903c9bacb67c5b9fb3287ac231159c", @ANYRES32=0x0, @ANYRES32=0x0], 0xc4}}, 0x8044)
sendto$inet6(r9, &(0x7f0000000240)="8a", 0x1, 0x51, &(0x7f0000000080)={0xa, 0x3, 0x1, @local, 0x9}, 0x1c)

503.374013ms ago: executing program 1 (id=1865):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x4000)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r3, @ANYBLOB="01000000020000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r4 = fsopen(&(0x7f0000000040)='fuse\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000480)='&&}\x00', &(0x7f00000004c0)='wlan1\x00', 0x0)
getsockname$packet(r2, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x20, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r3, 0x3c3}}, 0x20}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffd6e, &(0x7f0000000040)={&(0x7f00000007c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a78000000060a090400000000000000000200fffe0900020073797a32000000000900010073797a30000000004c00048024000180090001006d65746100000000140002800800014000000001080002400000001724000180090001006d61737100000000140002800800024000000008080003"], 0xa0}, 0x1, 0x0, 0x0, 0x24040800}, 0x4000091)

205.878481ms ago: executing program 1 (id=1866):
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x404500, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
ioctl$BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000080)={'\x00', 0xfff, 0x9241, 0x4, 0xfffffffffffffff8, 0xb09c, r2})
writev(r0, &(0x7f0000000000)=[{0x0}, {0x0}, {&(0x7f0000001480)}], 0x3)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
r4 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r4, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, r3, {0x2, 0x0, @broadcast}, 0x2}}, 0x2e)
r5 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r5, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
preadv(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000001840)=""/198, 0xc6}], 0x1, 0x33, 0xfffffffd)
ioctl$SCSI_IOCTL_GET_PCI(r0, 0x5393, &(0x7f0000000000))
r6 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TIOCL_GETKMSGREDIRECT(r6, 0x541c, &(0x7f0000000100))

140.893518ms ago: executing program 1 (id=1867):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000001680)=ANY=[@ANYBLOB="1800000000030000000000000000000095"], &(0x7f0000001700)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x9}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000240)='contention_begin\x00', r0, 0x0, 0x1200003}, 0x18)
r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$int_in(r1, 0x40000000af01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000ac0))
ioctl$VHOST_NET_SET_BACKEND(r1, 0x4008af30, &(0x7f0000000000)={0x1})
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_mptcp_buf(r2, 0x11c, 0x4, 0x0, 0x0)

112.51916ms ago: executing program 3 (id=1868):
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
ioctl$vim2m_VIDIOC_G_FMT(r0, 0xc0285628, &(0x7f0000000080)={0x3, @win={{0x2}, 0x1, 0x0, &(0x7f0000000040), 0x0, 0x0, 0x44}})
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000003c0)={'syztnl2\x00', &(0x7f00000002c0)={'syztnl2\x00', <r1=>0x0, 0x10, 0x7810, 0x0, 0xfffffff9, {{0x34, 0x4, 0x0, 0x2, 0xd0, 0x65, 0x0, 0x2, 0x4, 0x0, @local, @broadcast, {[@timestamp={0x44, 0x10, 0x90, 0x0, 0x4, [0x80000000, 0x1000, 0xfffffff3]}, @rr={0x7, 0x1b, 0x38, [@rand_addr=0x64010100, @dev={0xac, 0x14, 0x14, 0xb}, @dev={0xac, 0x14, 0x14, 0x3c}, @loopback, @multicast1, @multicast2]}, @timestamp_addr={0x44, 0x1c, 0x72, 0x1, 0x6, [{@private=0x5, 0x6}, {@empty, 0xfe}, {@multicast2, 0x8342}]}, @cipso={0x86, 0x75, 0x1, [{0x1, 0x6, "fe2c5900"}, {0x2, 0xe, "fdb8e68cc1fc3f075237a7f2"}, {0x0, 0xc, "7a3c0c7de539124975c3"}, {0x1, 0x6, "cac8190f"}, {0x0, 0x9, "f69bc9b047fce8"}, {0x6, 0x12, "8fdf7eebfd39ef6ff033cc4abfe7cc9c"}, {0x1, 0xe, "e9bd392cc335c45d2e8878b9"}, {0x7, 0xf, "ef712c97143dae9bca1514b142"}, {0x6, 0x9, "96800c057b51c6"}, {0x7, 0x8, "b445f85c3cab"}]}]}}}}})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x5}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x4}}}]}, 0x38}}, 0x20000000)
sendmsg$ETHTOOL_MSG_RINGS_GET(0xffffffffffffffff, &(0x7f00000007c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000780)={&(0x7f0000000580)={0x1d4, 0x0, 0x21c, 0x70bd28, 0x25dfdbfd, {}, [@HEADER={0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond_slave_1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @HEADER={0x9c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'hsr0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x60, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0xcb149a6d9c5f5f5d}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macsec0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0x64, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_vlan\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ipvlan1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team_slave_0\x00'}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}]}, 0x1d4}, 0x1, 0x0, 0x0, 0x40015}, 0x4)
r2 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
ioctl$vim2m_VIDIOC_G_FMT(r2, 0xc0285629, &(0x7f0000000080)={0x3, @win={{0x2}, 0x0, 0x0, 0x0, 0x0, 0x0}})

50.651724ms ago: executing program 2 (id=1869):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0x3, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0xffff0001}}, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0xc2c00, 0xb, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
close_range(r0, r0, 0x0)
r1 = signalfd4(r0, &(0x7f0000000080)={[0x716c7a6c]}, 0x8, 0x100000)
getpeername$packet(r1, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000300)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)=@newtaction={0x4c, 0x30, 0x100, 0x4000, 0x0, {}, [{0x38, 0x1, [@m_bpf={0x34, 0x1, 0x0, 0x0, {{0x8}, {0xc, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_FD={0x8}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x4c}}, 0x0)
mlock(&(0x7f0000ffe000/0x1000)=nil, 0x1000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000001a40)=""/102392, 0x18ff8)
r3 = socket$inet(0x2, 0x1, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r4, &(0x7f0000000040), 0x6)
ioctl$sock_bt_hci(r4, 0x400448e6, &(0x7f0000000240)='|')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000002700)=""/102392, 0x18ff8)
fsopen(&(0x7f0000000540)='ocfs2\x00', 0x1)
ioctl$sock_bt_hci(r4, 0x400448e7, &(0x7f0000000080))
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, 0x0, 0x0)
setsockopt$inet_opts(r3, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5)
setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000740)='bridge0\x00', 0x10)
connect$inet(r3, &(0x7f0000000140)={0x2, 0xc000, @multicast1}, 0x10)

0s ago: executing program 3 (id=1870):
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/key-users\x00', 0x0, 0x0)
mkdir(0x0, 0x115)
prlimit64(0x0, 0x8, &(0x7f0000000080)={0x5, 0x8b}, 0x0)
gettid()
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), r1)
ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x541b, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
mount(&(0x7f0000000240)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000000)='iso9660\x00', 0x11, 0x0)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r4 = socket$inet_sctp(0x2, 0x1, 0x84)
r5 = syz_io_uring_setup(0x49f, &(0x7f0000001000)={0x0, 0x54e9, 0x0, 0x7, 0x40024f}, &(0x7f0000000340)=<r6=>0x0, &(0x7f0000000040)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r4, 0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB='|\x00\x00\x00'], 0x318}, 0x0, 0x4040000})
io_uring_enter(r5, 0x3d0e, 0x4c1, 0x43, 0x0, 0x0)
r8 = openat$sysfs(0xffffff9c, &(0x7f0000000280)='/sys/power/sync_on_suspend', 0x1c9a82, 0x0)
sendfile(r8, r0, 0x0, 0x0)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB="000040000000000000004000fffffffffffffff9", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000000)=ANY=[@ANYBLOB="664e000018110000000000000000010000000000", @ANYRES32=r9, @ANYBLOB="0000000000000000b70200000000000085000000860000009500000000000000"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r10}, 0x10)
getpriority(0x0, 0xffffffffffffffff)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)

kernel console output (not intermixed with test programs):

9.943946][T10519] FAULT_INJECTION: forcing a failure.
[  389.943946][T10519] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  389.971847][T10515] 8021q: adding VLAN 0 to HW filter on device batadv0
[  389.978713][T10519] CPU: 1 UID: 0 PID: 10519 Comm: syz.0.1287 Not tainted syzkaller #0 PREEMPT(full) 
[  389.978732][T10519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  389.978739][T10519] Call Trace:
[  389.978743][T10519]  <TASK>
[  389.978748][T10519]  dump_stack_lvl+0x16c/0x1f0
[  389.978767][T10519]  should_fail_ex+0x512/0x640
[  389.978782][T10519]  _copy_from_iter+0x29f/0x1720
[  389.978797][T10519]  ? kernel_fpu_begin_mask+0x17f/0x2a0
[  389.978813][T10519]  ? __pfx_kernel_fpu_begin_mask+0x10/0x10
[  389.978828][T10519]  ? __pfx__copy_from_iter+0x10/0x10
[  389.978840][T10519]  ? do_raw_spin_lock+0x12c/0x2b0
[  389.978855][T10519]  ? find_held_lock+0x2b/0x80
[  389.978871][T10519]  ? rcu_is_watching+0x12/0xc0
[  389.978887][T10519]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  389.978901][T10519]  write_pool_user+0xe8/0x2f0
[  389.978917][T10519]  ? __pfx_write_pool_user+0x10/0x10
[  389.978936][T10519]  ? import_ubuf+0x1b6/0x220
[  389.978949][T10519]  random_ioctl+0x2ce/0x4a0
[  389.978964][T10519]  ? __pfx_random_ioctl+0x10/0x10
[  389.978981][T10519]  ? selinux_file_ioctl+0x180/0x270
[  389.978993][T10519]  ? selinux_file_ioctl+0xb4/0x270
[  389.979006][T10519]  ? __pfx_random_ioctl+0x10/0x10
[  389.979022][T10519]  __x64_sys_ioctl+0x18e/0x210
[  389.979040][T10519]  do_syscall_64+0xcd/0x4e0
[  389.979055][T10519]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  389.979066][T10519] RIP: 0033:0x7ff65c78eec9
[  389.979075][T10519] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  389.979086][T10519] RSP: 002b:00007ff65d622038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  389.979097][T10519] RAX: ffffffffffffffda RBX: 00007ff65c9e5fa0 RCX: 00007ff65c78eec9
[  389.979104][T10519] RDX: 000020000000fec0 RSI: 0000000040085203 RDI: 0000000000000003
[  389.979110][T10519] RBP: 00007ff65d622090 R08: 0000000000000000 R09: 0000000000000000
[  389.979117][T10519] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  389.979123][T10519] R13: 00007ff65c9e6038 R14: 00007ff65c9e5fa0 R15: 00007ffce00b6258
[  389.979137][T10519]  </TASK>
[  390.193111][T10515] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  390.227205][ T1556] r8152-cfgselector 3-1: USB disconnect, device number 26
[  390.241338][T10250] 8021q: adding VLAN 0 to HW filter on device team0
[  390.275590][ T8217] bridge0: port 1(bridge_slave_0) entered blocking state
[  390.282702][ T8217] bridge0: port 1(bridge_slave_0) entered forwarding state
[  390.342878][ T8217] bridge0: port 2(bridge_slave_1) entered blocking state
[  390.350029][ T8217] bridge0: port 2(bridge_slave_1) entered forwarding state
[  390.546584][T10250] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  390.563583][T10250] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  390.617816][T10528] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1288'.
[  391.298930][ T5831] usb 2-1: USB disconnect, device number 44
[  391.528064][T10250] 8021q: adding VLAN 0 to HW filter on device batadv0
[  392.035749][T10250] veth0_vlan: entered promiscuous mode
[  392.092304][T10250] veth1_vlan: entered promiscuous mode
[  392.514205][T10250] veth0_macvtap: entered promiscuous mode
[  392.551394][T10250] veth1_macvtap: entered promiscuous mode
[  392.864661][T10250] batman_adv: batadv0: Interface activated: batadv_slave_0
[  392.884007][T10250] batman_adv: batadv0: Interface activated: batadv_slave_1
[  392.907614][   T55] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  392.951671][   T55] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  393.046086][ T8217] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  393.089195][ T8217] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  393.532684][T10581] netlink: 212408 bytes leftover after parsing attributes in process `syz.4.1298'.
[  393.542666][T10581] netlink: zone id is out of range
[  393.547886][T10581] netlink: get zone limit has 8 unknown bytes
[  393.660559][ T1325] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  393.668384][ T1325] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  393.688481][T10585] af_packet: tpacket_rcv: packet too big, clamped from 68 to 4294967272. macoff=96
[  393.866265][   T55] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  393.875392][   T55] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  393.976222][   T30] audit: type=1400 audit(1759650577.535:784): avc:  denied  { mounton } for  pid=10250 comm="syz-executor" path="/root/syzkaller.kwkwOg/syz-tmp" dev="sda1" ino=2047 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[  394.160417][   T30] audit: type=1400 audit(1759650577.575:785): avc:  denied  { mounton } for  pid=10250 comm="syz-executor" path="/root/syzkaller.kwkwOg/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  394.189007][   T30] audit: type=1400 audit(1759650577.575:786): avc:  denied  { mounton } for  pid=10250 comm="syz-executor" path="/root/syzkaller.kwkwOg/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=27592 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  394.302581][   T30] audit: type=1400 audit(1759650577.645:787): avc:  denied  { mounton } for  pid=10250 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=2782 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  394.326117][   T30] audit: type=1400 audit(1759650577.645:788): avc:  denied  { mount } for  pid=10250 comm="syz-executor" name="/" dev="gadgetfs" ino=7236 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  394.451675][T10607] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1301'.
[  394.468479][T10600] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1300'.
[  394.621534][T10613] siw: device registration error -23
[  395.346031][T10629] mkiss: ax0: crc mode is auto.
[  395.379847][   T30] audit: type=1400 audit(1759650579.005:789): avc:  denied  { listen } for  pid=10620 comm="syz.2.1305" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  395.400735][   T30] audit: type=1400 audit(1759650579.005:790): avc:  denied  { accept } for  pid=10620 comm="syz.2.1305" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  395.426106][   T30] audit: type=1400 audit(1759650579.015:791): avc:  denied  { append } for  pid=10626 comm="syz.3.1306" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  395.449478][   T30] audit: type=1400 audit(1759650579.065:792): avc:  denied  { listen } for  pid=10626 comm="syz.3.1306" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  395.533501][   T30] audit: type=1400 audit(1759650579.175:793): avc:  denied  { mounton } for  pid=10626 comm="syz.3.1306" path="/" dev="ramfs" ino=27992 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=dir permissive=1
[  396.412233][T10651] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1309'.
[  397.390715][ T5835] Bluetooth: hci4: command 0x040f tx timeout
[  397.412159][T10669] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  397.940504][   T10] usb 2-1: new high-speed USB device number 45 using dummy_hcd
[  398.094092][   T10] usb 2-1: Using ep0 maxpacket: 16
[  398.109238][   T10] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  398.124299][   T10] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  398.161576][ T5930] usb 1-1: new high-speed USB device number 45 using dummy_hcd
[  398.179093][   T10] usb 2-1: New USB device found, idVendor=046d, idProduct=08f0, bcdDevice=50.0d
[  398.200454][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  398.215704][   T10] usb 2-1: Product: syz
[  398.230564][   T10] usb 2-1: Manufacturer: syz
[  398.235178][   T10] usb 2-1: SerialNumber: syz
[  398.266200][   T10] usb 2-1: config 0 descriptor??
[  398.290698][   T10] gspca_main: STV06xx-2.14.0 probing 046d:08f0
[  398.310318][   T10] gspca_stv06xx: st6422 sensor detected
[  399.005903][T10695] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1316'.
[  399.375049][ T5930] usb 1-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[  399.417858][ T5930] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  399.448550][ T5930] usb 1-1: Product: syz
[  399.520818][ T5930] usb 1-1: Manufacturer: syz
[  399.755249][ T5930] usb 1-1: SerialNumber: syz
[  399.815022][ T5930] usb 1-1: config 0 descriptor??
[  399.879172][ T5930] i2c-tiny-usb 1-1:0.0: version 6d.cc found at bus 001 address 045
[  399.938642][T10700] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1317'.
[  400.160910][ T5930]  (null): failure reading functionality
[  400.186893][ T5930] i2c i2c-1: failure reading functionality
[  400.233863][ T5930] i2c i2c-1: connected i2c-tiny-usb device
[  400.278631][ T5930] usb 1-1: USB disconnect, device number 45
[  400.334708][T10715] FAULT_INJECTION: forcing a failure.
[  400.334708][T10715] name failslab, interval 1, probability 0, space 0, times 0
[  400.634010][T10715] CPU: 0 UID: 0 PID: 10715 Comm: syz.3.1319 Not tainted syzkaller #0 PREEMPT(full) 
[  400.634039][T10715] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  400.634050][T10715] Call Trace:
[  400.634057][T10715]  <TASK>
[  400.634064][T10715]  dump_stack_lvl+0x16c/0x1f0
[  400.634090][T10715]  should_fail_ex+0x512/0x640
[  400.634108][T10715]  ? kmem_cache_alloc_node_noprof+0x65/0x770
[  400.634128][T10715]  should_failslab+0xc2/0x120
[  400.634142][T10715]  kmem_cache_alloc_node_noprof+0x78/0x770
[  400.634159][T10715]  ? __alloc_skb+0x2b2/0x380
[  400.634175][T10715]  ? __alloc_skb+0x2b2/0x380
[  400.634185][T10715]  __alloc_skb+0x2b2/0x380
[  400.634197][T10715]  ? __pfx___alloc_skb+0x10/0x10
[  400.634210][T10715]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  400.634228][T10715]  netlink_alloc_large_skb+0x69/0x140
[  400.634244][T10715]  netlink_sendmsg+0x698/0xdd0
[  400.634261][T10715]  ? __pfx_netlink_sendmsg+0x10/0x10
[  400.634280][T10715]  ____sys_sendmsg+0xa95/0xc70
[  400.634302][T10715]  ? copy_msghdr_from_user+0x10a/0x160
[  400.634315][T10715]  ? __pfx_____sys_sendmsg+0x10/0x10
[  400.634338][T10715]  ___sys_sendmsg+0x134/0x1d0
[  400.634352][T10715]  ? __pfx____sys_sendmsg+0x10/0x10
[  400.634382][T10715]  __sys_sendmsg+0x16d/0x220
[  400.634396][T10715]  ? __pfx___sys_sendmsg+0x10/0x10
[  400.634418][T10715]  do_syscall_64+0xcd/0x4e0
[  400.634432][T10715]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  400.634443][T10715] RIP: 0033:0x7f25fef8eec9
[  400.634452][T10715] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  400.634463][T10715] RSP: 002b:00007f25ffdea038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  400.634474][T10715] RAX: ffffffffffffffda RBX: 00007f25ff1e5fa0 RCX: 00007f25fef8eec9
[  400.634481][T10715] RDX: 0000000020008800 RSI: 0000200000000100 RDI: 0000000000000003
[  400.634487][T10715] RBP: 00007f25ffdea090 R08: 0000000000000000 R09: 0000000000000000
[  400.634493][T10715] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  400.634500][T10715] R13: 00007f25ff1e6038 R14: 00007f25ff1e5fa0 R15: 00007ffef1b22c98
[  400.634513][T10715]  </TASK>
[  400.906745][   T10] STV06xx 2-1:0.0: probe with driver STV06xx failed with error -71
[  400.974198][   T30] audit: type=1400 audit(1759650584.615:794): avc:  denied  { unmount } for  pid=5819 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  400.981676][   T10] usb 2-1: USB disconnect, device number 45
[  401.093266][   T30] audit: type=1400 audit(1759650584.705:795): avc:  denied  { read append } for  pid=10723 comm="syz.3.1321" name="nvram" dev="devtmpfs" ino=622 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  401.122518][   T30] audit: type=1400 audit(1759650584.705:796): avc:  denied  { ioctl } for  pid=10723 comm="syz.3.1321" path="/dev/nvram" dev="devtmpfs" ino=622 ioctlcmd=0x330f scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  401.154901][   T30] audit: type=1326 audit(1759650584.735:797): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10723 comm="syz.3.1321" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f25fef8eec9 code=0x0
[  401.207072][T10729] FAULT_INJECTION: forcing a failure.
[  401.207072][T10729] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  401.207102][T10729] CPU: 1 UID: 0 PID: 10729 Comm: syz.2.1322 Not tainted syzkaller #0 PREEMPT(full) 
[  401.207122][T10729] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  401.207131][T10729] Call Trace:
[  401.207137][T10729]  <TASK>
[  401.207144][T10729]  dump_stack_lvl+0x16c/0x1f0
[  401.207167][T10729]  should_fail_ex+0x512/0x640
[  401.207190][T10729]  _copy_from_iter+0x29f/0x1720
[  401.207214][T10729]  ? __alloc_skb+0x200/0x380
[  401.207234][T10729]  ? __pfx__copy_from_iter+0x10/0x10
[  401.207257][T10729]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  401.207287][T10729]  netlink_sendmsg+0x820/0xdd0
[  401.207312][T10729]  ? __pfx_netlink_sendmsg+0x10/0x10
[  401.207342][T10729]  ____sys_sendmsg+0xa95/0xc70
[  401.207366][T10729]  ? copy_msghdr_from_user+0x10a/0x160
[  401.207386][T10729]  ? __pfx_____sys_sendmsg+0x10/0x10
[  401.207421][T10729]  ___sys_sendmsg+0x134/0x1d0
[  401.207441][T10729]  ? __pfx____sys_sendmsg+0x10/0x10
[  401.207488][T10729]  __sys_sendmsg+0x16d/0x220
[  401.207508][T10729]  ? __pfx___sys_sendmsg+0x10/0x10
[  401.207542][T10729]  do_syscall_64+0xcd/0x4e0
[  401.207571][T10729]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  401.207587][T10729] RIP: 0033:0x7fe90958eec9
[  401.207600][T10729] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  401.207616][T10729] RSP: 002b:00007fe90a406038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  401.207633][T10729] RAX: ffffffffffffffda RBX: 00007fe9097e5fa0 RCX: 00007fe90958eec9
[  401.207643][T10729] RDX: 0000000000000000 RSI: 0000200000000600 RDI: 0000000000000003
[  401.207653][T10729] RBP: 00007fe90a406090 R08: 0000000000000000 R09: 0000000000000000
[  401.207662][T10729] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  401.207672][T10729] R13: 00007fe9097e6038 R14: 00007fe9097e5fa0 R15: 00007fffd8d0e318
[  401.207694][T10729]  </TASK>
[  401.271560][   T30] audit: type=1326 audit(1759650584.795:798): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10723 comm="syz.3.1321" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f25fef8eec9 code=0x0
[  401.320687][T10741] virtio-fs: tag </dev/nullb0> not found
[  401.498273][T10749] tmpfs: Bad value for 'mpol'
[  401.552292][T10749] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000).
[  401.552904][T10749] qnx6: wrong signature (magic) in superblock #1.
[  401.552922][T10749] qnx6: unable to read the first superblock
[  401.908928][T10755] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  401.917729][T10755] 
: renamed from bridge_slave_0 (while UP)
[  402.086683][T10761] vlan0: entered promiscuous mode
[  402.920667][ T5831] libceph: connect (1)[c::]:6789 error -101
[  402.926867][ T5831] libceph: mon0 (1)[c::]:6789 connect error
[  403.197190][T10777] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1332'.
[  403.207546][T10777] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1332'.
[  403.224096][   T10] libceph: connect (1)[c::]:6789 error -101
[  403.477040][T10768] ceph: No mds server is up or the cluster is laggy
[  403.520612][   T10] libceph: mon0 (1)[c::]:6789 connect error
[  404.587043][T10817] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1338'.
[  404.603300][T10817] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1338'.
[  404.660667][   T10] usb 4-1: new full-speed USB device number 34 using dummy_hcd
[  404.888900][   T10] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  404.888945][   T10] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E
[  404.888969][   T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10
[  404.888993][   T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[  404.889014][   T10] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  404.896535][T10822] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  404.897053][T10822] batadv_slave_0: entered promiscuous mode
[  404.956202][   T10] usb 4-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[  404.956233][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[  404.956252][   T10] usb 4-1: Product: syz
[  404.956267][   T10] usb 4-1: Manufacturer: syz
[  404.956280][   T10] usb 4-1: SerialNumber: syz
[  404.958911][   T10] usb 4-1: config 0 descriptor??
[  405.214543][T10832] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1343'.
[  405.435707][   T10] radio-si470x 4-1:0.0: DeviceID=0x0000 ChipID=0x0000
[  405.435724][   T10] radio-si470x 4-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0.
[  405.446391][T10831] netlink: 192 bytes leftover after parsing attributes in process `syz.4.1342'.
[  405.662357][   T10] radio-si470x 4-1:0.0: software version 0, hardware version 0
[  405.662374][   T10] radio-si470x 4-1:0.0: This driver is known to work with hardware version 1, but the device has hardware version 0.
[  405.662385][   T10] radio-si470x 4-1:0.0: If you have some trouble using this driver, please report to V4L ML at linux-media@vger.kernel.org
[  405.929525][   T10] radio-si470x 4-1:0.0: si470x_set_report: usb_control_msg returned -71
[  405.985894][   T10] radio-si470x 4-1:0.0: submitting int urb failed (-90)
[  405.987904][   T10] radio-si470x 4-1:0.0: si470x_set_report: usb_control_msg returned -71
[  405.988155][   T10] radio-si470x 4-1:0.0: probe with driver radio-si470x failed with error -22
[  405.993899][   T10] usb 4-1: USB disconnect, device number 34
[  406.845755][T10854] netlink: 72 bytes leftover after parsing attributes in process `syz.4.1346'.
[  406.855490][T10854] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1346'.
[  406.956769][T10856] lo speed is unknown, defaulting to 1000
[  406.962724][T10856] lo speed is unknown, defaulting to 1000
[  406.972975][T10856] lo speed is unknown, defaulting to 1000
[  407.019947][T10856] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  407.108499][T10856] lo speed is unknown, defaulting to 1000
[  407.120451][T10856] lo speed is unknown, defaulting to 1000
[  407.132157][T10856] lo speed is unknown, defaulting to 1000
[  407.146284][T10856] lo speed is unknown, defaulting to 1000
[  407.159387][T10856] lo speed is unknown, defaulting to 1000
[  407.581881][ T5888] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  407.652489][   T30] audit: type=1400 audit(1759650591.295:799): avc:  denied  { read } for  pid=10861 comm="syz.1.1351" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  407.760511][ T5888] usb 3-1: Using ep0 maxpacket: 16
[  407.772112][ T5888] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  407.791050][ T5888] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 16
[  407.807619][ T5888] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  407.817323][ T5888] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  407.832284][ T5888] usb 3-1: Product: syz
[  407.845195][ T5888] usb 3-1: Manufacturer: syz
[  407.852413][ T5888] usb 3-1: SerialNumber: syz
[  408.049972][ T5930] usb 1-1: new full-speed USB device number 46 using dummy_hcd
[  408.233493][ T5930] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  408.248678][ T5930] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  408.356325][ T5930] usb 1-1: Product: syz
[  408.361455][ T5930] usb 1-1: Manufacturer: syz
[  408.366169][ T5930] usb 1-1: SerialNumber: syz
[  408.377603][ T5930] usb 1-1: config 0 descriptor??
[  408.472733][T10851] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  408.760026][ T5930] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  408.961709][T10880] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1356'.
[  409.283053][T10882] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  409.297899][T10882] syzkaller0: entered promiscuous mode
[  409.306476][T10882] syzkaller0: entered allmulticast mode
[  409.683717][ T5888] cdc_ncm 3-1:1.0: SET_CRC_MODE failed
[  409.689785][ T5888] cdc_ncm 3-1:1.0: SET_NTB_FORMAT failed
[  409.714082][ T5888] cdc_ncm 3-1:1.0: bind() failure
[  409.721516][T10882] syzkaller0: mtu less than device minimum
[  409.729706][ T5888] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found
[  409.738384][T10881] tipc: Resetting bearer <eth:syzkaller0>
[  409.738408][ T5888] cdc_ncm 3-1:1.1: bind() failure
[  409.765016][ T5888] usb 3-1: USB disconnect, device number 27
[  409.773498][T10881] tipc: Disabling bearer <eth:syzkaller0>
[  410.476548][T10872] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  410.487850][T10872] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  410.886316][T10895] lo speed is unknown, defaulting to 1000
[  411.222117][ T5930] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  411.252998][ T5930] usb 1-1: USB disconnect, device number 46
[  411.535937][T10902] netlink: 72 bytes leftover after parsing attributes in process `syz.4.1361'.
[  411.590902][T10903] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1361'.
[  412.704584][T10919] hub 9-0:1.0: USB hub found
[  412.715484][T10919] hub 9-0:1.0: 1 port detected
[  412.914339][T10929] siw: device registration error -23
[  413.151131][ T5930] usb 2-1: new full-speed USB device number 46 using dummy_hcd
[  413.471348][ T5888] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[  413.498609][T10934] FAULT_INJECTION: forcing a failure.
[  413.498609][T10934] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  413.512114][T10934] CPU: 1 UID: 0 PID: 10934 Comm: syz.2.1372 Not tainted syzkaller #0 PREEMPT(full) 
[  413.512138][T10934] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  413.512147][T10934] Call Trace:
[  413.512153][T10934]  <TASK>
[  413.512160][T10934]  dump_stack_lvl+0x16c/0x1f0
[  413.512190][T10934]  should_fail_ex+0x512/0x640
[  413.512215][T10934]  _copy_from_user+0x2e/0xd0
[  413.512239][T10934]  copy_msghdr_from_user+0x98/0x160
[  413.512269][T10934]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  413.512304][T10934]  ___sys_sendmsg+0xfe/0x1d0
[  413.512328][T10934]  ? __pfx____sys_sendmsg+0x10/0x10
[  413.512382][T10934]  __sys_sendmsg+0x16d/0x220
[  413.512405][T10934]  ? __pfx___sys_sendmsg+0x10/0x10
[  413.512444][T10934]  do_syscall_64+0xcd/0x4e0
[  413.512469][T10934]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  413.512487][T10934] RIP: 0033:0x7fe90958eec9
[  413.512501][T10934] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  413.512518][T10934] RSP: 002b:00007fe90a406038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  413.512535][T10934] RAX: ffffffffffffffda RBX: 00007fe9097e5fa0 RCX: 00007fe90958eec9
[  413.512547][T10934] RDX: 0000000000000000 RSI: 0000200000000300 RDI: 0000000000000004
[  413.512557][T10934] RBP: 00007fe90a406090 R08: 0000000000000000 R09: 0000000000000000
[  413.512568][T10934] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  413.512578][T10934] R13: 00007fe9097e6038 R14: 00007fe9097e5fa0 R15: 00007fffd8d0e318
[  413.512602][T10934]  </TASK>
[  413.681331][ T5888] usb 4-1: Using ep0 maxpacket: 16
[  413.689604][ T5888] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  413.699163][ T5888] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  413.709171][ T5888] usb 4-1: Product: syz
[  413.714225][ T5888] usb 4-1: Manufacturer: syz
[  413.722365][ T5888] usb 4-1: SerialNumber: syz
[  413.791389][T10939] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10939 comm=syz.0.1374
[  413.829024][ T5888] r8152-cfgselector 4-1: Unknown version 0x0000
[  413.841572][ T5888] r8152-cfgselector 4-1: config 0 descriptor??
[  413.883769][ T5930] usb 2-1: config 0 has an invalid interface number: 128 but max is 0
[  413.914517][ T5930] usb 2-1: config 0 has no interface number 0
[  413.923526][ T5930] usb 2-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  414.060060][T10943] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1373'.
[  414.613202][   T30] audit: type=1400 audit(1759650597.775:800): avc:  denied  { connect } for  pid=10936 comm="syz.2.1373" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  414.836287][ T5888] r8152-cfgselector 4-1: USB disconnect, device number 35
[  414.870987][ T5930] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  414.910168][ T5930] usb 2-1: Product: syz
[  414.914362][ T5930] usb 2-1: Manufacturer: syz
[  414.969899][ T5930] usb 2-1: SerialNumber: syz
[  414.989997][ T5930] usb 2-1: config 0 descriptor??
[  415.199963][   T24] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  415.340951][   T24] usb 3-1: device descriptor read/64, error -71
[  415.409566][ T5930] usb 2-1: Firmware: major: 225, minor: 43, hardware type: UNKNOWN (184)
[  415.434245][   T30] audit: type=1400 audit(1759650599.075:801): avc:  denied  { append } for  pid=10958 comm="syz.3.1379" name="video7" dev="devtmpfs" ino=948 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[  415.670652][ T5930] usb 2-1: failed to fetch extended address, random address set
[  415.685535][ T5930] usb 2-1: atusb_probe: initialization failed, error = -524
[  415.693552][ T5930] atusb 2-1:0.128: probe with driver atusb failed with error -524
[  415.709334][ T5930] usb 2-1: USB disconnect, device number 46
[  415.743089][   T24] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  415.795212][T10966] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1382'.
[  415.953088][   T24] usb 3-1: device descriptor read/64, error -71
[  416.187220][   T24] usb usb3-port1: attempt power cycle
[  418.128148][T10987] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1385'.
[  418.148012][T10987] CIFS mount error: No usable UNC path provided in device string!
[  418.148012][T10987] 
[  418.158641][T10987] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  418.672053][   T30] audit: type=1400 audit(1759650602.305:802): avc:  denied  { setattr } for  pid=10995 comm="syz.1.1389" name="autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  419.148713][ T5831] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  419.311869][ T5831] usb 3-1: config index 0 descriptor too short (expected 65307, got 27)
[  419.320899][ T5831] usb 3-1: config 49 has too many interfaces: 255, using maximum allowed: 32
[  419.329671][ T5831] usb 3-1: config 49 has an invalid descriptor of length 54, skipping remainder of the config
[  419.367377][ T5831] usb 3-1: config 49 has 0 interfaces, different from the descriptor's value: 255
[  419.397876][ T5831] usb 3-1: New USB device found, idVendor=16e3, idProduct=f9e9, bcdDevice= 0.58
[  419.437935][ T5831] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  419.681517][   T30] audit: type=1400 audit(1759650603.325:803): avc:  denied  { append } for  pid=11005 comm="syz.2.1393" name="mice" dev="devtmpfs" ino=915 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  419.714664][T11007] cgroup: Name too long
[  419.719115][T11007] netlink: 84 bytes leftover after parsing attributes in process `syz.2.1393'.
[  420.113573][T11007] hsr_slave_1 (unregistering): left promiscuous mode
[  420.217300][ T5831] usb 3-1: string descriptor 0 read error: -71
[  420.295483][ T5831] usb 3-1: USB disconnect, device number 31
[  420.931372][   T30] audit: type=1400 audit(1759650604.535:804): avc:  denied  { setopt } for  pid=11031 comm="syz.0.1397" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  421.160622][   T30] audit: type=1400 audit(1759650604.805:805): avc:  denied  { create } for  pid=11040 comm="syz.4.1399" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  421.184531][   T30] audit: type=1400 audit(1759650604.825:806): avc:  denied  { ioctl } for  pid=11040 comm="syz.4.1399" path="socket:[28513]" dev="sockfs" ino=28513 ioctlcmd=0x5411 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  421.360800][   T30] audit: type=1400 audit(1759650604.995:807): avc:  denied  { watch } for  pid=11042 comm="syz.4.1400" path="/277" dev="tmpfs" ino=1477 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  422.810585][ T5888] usb 5-1: new high-speed USB device number 40 using dummy_hcd
[  423.011014][ T5888] usb 5-1: Using ep0 maxpacket: 32
[  423.174181][ T5888] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  423.440996][ T5888] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  423.883103][ T5888] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  423.912573][ T5888] usb 5-1: Product: syz
[  423.917839][ T5888] usb 5-1: Manufacturer: syz
[  423.923154][ T5888] usb 5-1: SerialNumber: syz
[  423.935065][ T5888] usb 5-1: config 0 descriptor??
[  423.942226][T11049] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  424.683439][ T5888] usb 4-1: new high-speed USB device number 36 using dummy_hcd
[  424.874474][ T5888] usb 4-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d
[  424.885253][ T5888] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  424.897404][ T5888] usb 4-1: Product: syz
[  424.903585][ T5888] usb 4-1: Manufacturer: syz
[  424.908380][ T5888] usb 4-1: SerialNumber: syz
[  424.919556][ T5888] r8152-cfgselector 4-1: Unknown version 0x0000
[  424.926938][ T5888] r8152-cfgselector 4-1: config 0 descriptor??
[  425.349454][ T5930] r8152-cfgselector 4-1: USB disconnect, device number 36
[  425.408383][T11097] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1414'.
[  425.418062][T11097] netlink: 'syz.1.1414': attribute type 2 has an invalid length.
[  425.426732][T11097] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1414'.
[  425.496933][T11099] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1414'.
[  425.508923][T11099] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1414'.
[  425.829945][   T24] usb 1-1: new high-speed USB device number 47 using dummy_hcd
[  425.940573][ T5831] usb 5-1: USB disconnect, device number 40
[  425.981152][   T24] usb 1-1: Using ep0 maxpacket: 16
[  426.105820][   T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  426.271090][   T24] usb 1-1: New USB device found, idVendor=04d8, idProduct=00df, bcdDevice= 0.00
[  426.281739][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  426.710272][   T24] usb 1-1: config 0 descriptor??
[  426.927317][T11116] siw: device registration error -23
[  427.248448][   T30] audit: type=1400 audit(1759650610.875:808): avc:  denied  { write } for  pid=11117 comm="syz.4.1419" dev="sockfs" ino=28652 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  427.712971][   T24] usbhid 1-1:0.0: can't add hid device: -71
[  427.718954][   T24] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  427.767409][   T24] usb 1-1: USB disconnect, device number 47
[  427.770839][ T5888] usb 5-1: new high-speed USB device number 41 using dummy_hcd
[  427.951120][ T5888] usb 5-1: Using ep0 maxpacket: 8
[  427.958777][ T5888] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 129, using maximum allowed: 30
[  427.974592][ T5888] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  427.991525][ T5888] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 129
[  428.006350][ T5888] usb 5-1: New USB device found, idVendor=0dfc, idProduct=0102, bcdDevice= 0.00
[  428.016548][ T5888] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  428.027955][ T5888] usb 5-1: config 0 descriptor??
[  428.280605][   T30] audit: type=1400 audit(1759650611.905:809): avc:  denied  { execute } for  pid=11130 comm="syz.3.1424" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=29768 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[  428.576767][   T30] audit: type=1400 audit(1759650612.215:810): avc:  denied  { bind } for  pid=11119 comm="syz.4.1421" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  428.733005][ T5888] hid-generic 0003:0DFC:0102.000D: hidraw0: USB HID v0.00 Device [HID 0dfc:0102] on usb-dummy_hcd.4-1/input0
[  429.153193][   T30] audit: type=1400 audit(1759650612.245:811): avc:  denied  { listen } for  pid=11119 comm="syz.4.1421" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  429.270828][   T30] audit: type=1400 audit(1759650612.245:812): avc:  denied  { connect } for  pid=11119 comm="syz.4.1421" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  429.343708][ T1556] usb 5-1: USB disconnect, device number 41
[  429.657185][   T30] audit: type=1400 audit(1759650612.275:813): avc:  denied  { write } for  pid=11119 comm="syz.4.1421" path="socket:[29691]" dev="sockfs" ino=29691 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  429.734308][T11152] cgroup: Unknown subsys name 'hash'
[  429.925538][   T30] audit: type=1400 audit(1759650612.275:814): avc:  denied  { accept } for  pid=11119 comm="syz.4.1421" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  429.944298][T11148] fido_id[11148]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory
[  430.057168][   T30] audit: type=1400 audit(1759650612.295:815): avc:  denied  { read } for  pid=11119 comm="syz.4.1421" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  430.153603][T11155] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  430.238127][   T30] audit: type=1400 audit(1759650613.485:816): avc:  denied  { wake_alarm } for  pid=11149 comm="syz.3.1430" capability=35  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  431.151042][T11169] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1435'.
[  431.401089][T11166] geneve2: entered promiscuous mode
[  431.401444][   T30] audit: type=1400 audit(1759650614.785:817): avc:  denied  { setopt } for  pid=11164 comm="syz.4.1435" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  431.406307][T11166] geneve2: entered allmulticast mode
[  432.749988][   T24] usb 5-1: new high-speed USB device number 42 using dummy_hcd
[  433.004115][   T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  433.015110][   T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  433.025350][   T24] usb 5-1: New USB device found, idVendor=04b4, idProduct=de64, bcdDevice= 0.00
[  433.034707][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  433.069319][   T24] usb 5-1: config 0 descriptor??
[  433.100117][ T1556] usb 4-1: new high-speed USB device number 37 using dummy_hcd
[  433.202285][ T5831] usb 2-1: new high-speed USB device number 47 using dummy_hcd
[  433.290187][ T1556] usb 4-1: Using ep0 maxpacket: 8
[  433.304551][ T1556] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9
[  433.318640][ T1556] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  433.331187][ T1556] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  433.343140][ T1556] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12592, setting to 1024
[  433.356525][ T1556] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  433.367373][ T1556] usb 4-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  433.367391][ T5831] usb 2-1: Using ep0 maxpacket: 32
[  433.383888][ T1556] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  433.420105][ T1556] usb 4-1: config 0 descriptor??
[  433.422292][ T5831] usb 2-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64
[  433.442207][ T5831] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  433.453790][T11187] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  433.503344][ T5831] usb 2-1: config 0 descriptor??
[  433.525197][ T5831] as10x_usb: device has been detected
[  433.554785][ T5831] dvbdev: DVB: registering new adapter (nBox DVB-T Dongle)
[  433.581687][ T5831] usb 2-1: DVB: registering adapter 1 frontend 0 (nBox DVB-T Dongle)...
[  433.616469][ T5831] as10x_usb: error during firmware upload part1
[  433.625050][ T5831] Registered device nBox DVB-T Dongle
[  433.736933][ T1556] usb 2-1: USB disconnect, device number 47
[  433.777585][ T1556] Unregistered device nBox DVB-T Dongle
[  433.786351][ T1556] as10x_usb: device has been disconnected
[  434.409339][T11187] fuse: Bad value for 'group_id'
[  434.422588][T11187] fuse: Bad value for 'group_id'
[  434.431944][T11201] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1441'.
[  434.445950][ T5831] usb 4-1: USB disconnect, device number 37
[  434.452320][ T5835] Bluetooth: hci5: Opcode 0x0c03 failed: -71
[  434.696190][   T30] audit: type=1400 audit(1759650618.335:818): avc:  denied  { read } for  pid=11202 comm="syz.2.1446" name="loop-control" dev="devtmpfs" ino=645 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  435.206787][   T30] audit: type=1400 audit(1759650618.335:819): avc:  denied  { open } for  pid=11202 comm="syz.2.1446" path="/dev/loop-control" dev="devtmpfs" ino=645 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  435.218930][   T24] usbhid 5-1:0.0: can't add hid device: -71
[  435.269310][   T24] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  435.343741][   T24] usb 5-1: USB disconnect, device number 42
[  435.351737][   T30] audit: type=1400 audit(1759650618.335:820): avc:  denied  { ioctl } for  pid=11202 comm="syz.2.1446" path="/dev/loop-control" dev="devtmpfs" ino=645 ioctlcmd=0x4c80 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  435.377883][    C1] vkms_vblank_simulate: vblank timer overrun
[  435.666419][T11220] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1449'.
[  435.914727][T11224] netlink: 112 bytes leftover after parsing attributes in process `syz.2.1451'.
[  435.924166][T11224] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1451'.
[  435.940541][T11224] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1451'.
[  436.940402][T11226] bridge0: port 1(team0) entered blocking state
[  436.946721][T11226] bridge0: port 1(team0) entered disabled state
[  436.953063][T11226] team0: entered allmulticast mode
[  436.958165][T11226] team_slave_0: entered allmulticast mode
[  436.963901][T11226] team_slave_1: entered allmulticast mode
[  436.971046][T11226] team0: entered promiscuous mode
[  436.976051][T11226] team_slave_0: entered promiscuous mode
[  436.981868][T11226] team_slave_1: entered promiscuous mode
[  436.988205][T11226] bridge0: port 1(team0) entered blocking state
[  436.994502][T11226] bridge0: port 1(team0) entered forwarding state
[  437.135773][T11231] syzkaller1: entered promiscuous mode
[  437.142968][T11231] syzkaller1: entered allmulticast mode
[  438.971052][ T5831] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[  439.123920][   T30] audit: type=1400 audit(1759650622.755:821): avc:  denied  { connect } for  pid=11270 comm="syz.0.1464" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  439.136164][ T5831] usb 3-1: Using ep0 maxpacket: 32
[  439.213615][ T5831] usb 3-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7
[  439.227752][ T5831] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  439.253555][T11279] FAULT_INJECTION: forcing a failure.
[  439.253555][T11279] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  439.292780][ T5831] usb 3-1: config 0 descriptor??
[  439.318948][T11279] CPU: 1 UID: 0 PID: 11279 Comm: syz.3.1466 Not tainted syzkaller #0 PREEMPT(full) 
[  439.318974][T11279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  439.318986][T11279] Call Trace:
[  439.318992][T11279]  <TASK>
[  439.318999][T11279]  dump_stack_lvl+0x16c/0x1f0
[  439.319027][T11279]  should_fail_ex+0x512/0x640
[  439.319049][T11279]  _copy_from_user+0x2e/0xd0
[  439.319071][T11279]  copy_msghdr_from_user+0x98/0x160
[  439.319093][T11279]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  439.319116][T11279]  ? kfree+0x252/0x6d0
[  439.319145][T11279]  ___sys_recvmsg+0xdb/0x1a0
[  439.319165][T11279]  ? __pfx____sys_recvmsg+0x10/0x10
[  439.319200][T11279]  ? __pfx___might_resched+0x10/0x10
[  439.319224][T11279]  ? read_tsc+0x9/0x20
[  439.319245][T11279]  ? ktime_get_ts64+0x256/0x400
[  439.319266][T11279]  do_recvmmsg+0x2fe/0x750
[  439.319290][T11279]  ? __pfx_do_recvmmsg+0x10/0x10
[  439.319307][T11279]  ? find_held_lock+0x2b/0x80
[  439.319330][T11279]  ? __might_fault+0xe3/0x190
[  439.319345][T11279]  ? __might_fault+0x13b/0x190
[  439.319371][T11279]  ? __pfx_get_timespec64+0x10/0x10
[  439.319387][T11279]  ? __fget_files+0x20e/0x3c0
[  439.319410][T11279]  __x64_sys_recvmmsg+0x199/0x280
[  439.319433][T11279]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  439.319462][T11279]  do_syscall_64+0xcd/0x4e0
[  439.319485][T11279]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  439.319502][T11279] RIP: 0033:0x7f25fef8eec9
[  439.319516][T11279] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  439.319518][ T5831] gspca_main: sunplus-2.14.0 probing 041e:400b
[  439.319533][T11279] RSP: 002b:00007f25ffdea038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  439.319551][T11279] RAX: ffffffffffffffda RBX: 00007f25ff1e5fa0 RCX: 00007f25fef8eec9
[  439.319560][T11279] RDX: 00000000000006f5 RSI: 0000200000000440 RDI: 0000000000000003
[  439.319568][T11279] RBP: 00007f25ffdea090 R08: 0000200000000480 R09: 0000000000000000
[  439.319577][T11279] R10: 0000002000000022 R11: 0000000000000246 R12: 0000000000000002
[  439.319596][T11279] R13: 00007f25ff1e6038 R14: 00007f25ff1e5fa0 R15: 00007ffef1b22c98
[  439.319617][T11279]  </TASK>
[  439.564070][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[  439.570801][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[  439.768547][T11284] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1468'.
[  439.777858][T11284] netlink: 'syz.4.1468': attribute type 2 has an invalid length.
[  439.785649][T11284] netlink: 'syz.4.1468': attribute type 1 has an invalid length.
[  439.855008][T11286] netlink: 72 bytes leftover after parsing attributes in process `syz.4.1468'.
[  439.864617][T11286] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1468'.
[  440.258575][ T5831] gspca_sunplus: reg_w_riv err -110
[  440.264393][ T5831] sunplus 3-1:0.0: probe with driver sunplus failed with error -110
[  441.093773][T11303] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1474'.
[  443.458826][ T5831] usb 3-1: USB disconnect, device number 32
[  444.500752][ T5831] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[  444.603756][   T24] usb 1-1: new high-speed USB device number 48 using dummy_hcd
[  445.200579][ T5831] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  445.277910][T11361] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1488'.
[  445.288440][   T24] usb 1-1: config 0 has an invalid interface number: 71 but max is 0
[  445.289167][ T5831] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  445.308203][   T24] usb 1-1: config 0 has no interface number 0
[  445.308611][   T24] usb 1-1: config 0 interface 71 altsetting 0 has an endpoint descriptor with address 0xFC, changing to 0x8C
[  445.308672][   T24] usb 1-1: config 0 interface 71 altsetting 0 bulk endpoint 0x8C has invalid maxpacket 1024
[  445.308728][   T24] usb 1-1: config 0 interface 71 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[  445.441831][   T24] usb 1-1: New USB device found, idVendor=0bfd, idProduct=0012, bcdDevice=cc.c0
[  445.479732][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  445.493929][   T24] usb 1-1: Product: syz
[  445.498181][   T24] usb 1-1: Manufacturer: syz
[  445.636319][   T24] usb 1-1: SerialNumber: syz
[  445.660814][ T5831] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66
[  445.680557][ T5831] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  445.684118][   T24] usb 1-1: config 0 descriptor??
[  445.793445][T11344] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  445.821704][   T24] kvaser_usb 1-1:0.71: error -ENODEV: Cannot get usb endpoint(s)
[  445.832517][ T5831] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  445.889328][ T5831] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  445.912755][ T5831] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  445.935844][ T5831] usb 3-1: Product: syz
[  445.946781][ T5831] usb 3-1: Manufacturer: syz
[  445.977641][ T5831] cdc_wdm 3-1:1.0: skipping garbage
[  445.998320][ T5831] cdc_wdm 3-1:1.0: skipping garbage
[  446.059207][ T5831] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device
[  446.093601][ T5831] cdc_wdm 3-1:1.0: Unknown control protocol
[  446.159934][   T24] usb 4-1: new high-speed USB device number 38 using dummy_hcd
[  446.393674][   T24] usb 4-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d
[  446.405628][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  446.425222][   T24] usb 4-1: Product: syz
[  446.437309][   T24] usb 4-1: Manufacturer: syz
[  446.448131][   T24] usb 4-1: SerialNumber: syz
[  446.467620][   T24] r8152-cfgselector 4-1: Unknown version 0x0000
[  446.477786][   T24] r8152-cfgselector 4-1: config 0 descriptor??
[  446.823125][   T24] usb 3-1: USB disconnect, device number 33
[  446.907959][ T5831] r8152-cfgselector 4-1: USB disconnect, device number 38
[  447.136562][ T5965] usb 1-1: USB disconnect, device number 48
[  447.199992][ T1556] usb 2-1: new high-speed USB device number 48 using dummy_hcd
[  447.313778][   T30] audit: type=1400 audit(1759650630.955:822): avc:  denied  { append } for  pid=11383 comm="syz.4.1494" name="sg0" dev="devtmpfs" ino=770 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  447.452095][ T1556] usb 2-1: Using ep0 maxpacket: 16
[  447.490727][ T1556] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 2.00
[  447.696481][ T1556] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  447.710937][ T1556] usb 2-1: config 0 descriptor??
[  448.052996][ T1556] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected
[  449.254687][T11417] siw: device registration error -23
[  449.705395][T11420] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1502'.
[  451.078697][ T1556] usb 2-1: Detected FT232A
[  451.132064][ T1556] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  451.312318][ T1556] usb 2-1: USB disconnect, device number 48
[  451.333317][ T1556] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  451.356474][ T1556] ftdi_sio 2-1:0.0: device disconnected
[  451.425495][T11446] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1507'.
[  451.435444][T11446] netlink: 'syz.4.1507': attribute type 2 has an invalid length.
[  451.443826][T11446] netlink: 'syz.4.1507': attribute type 1 has an invalid length.
[  451.513758][T11447] netlink: 72 bytes leftover after parsing attributes in process `syz.4.1507'.
[  451.523917][T11447] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1507'.
[  452.142658][T11455] netlink: 84 bytes leftover after parsing attributes in process `syz.4.1510'.
[  452.325349][ T5829] Bluetooth: hci1: unexpected event for opcode 0x0c6d
[  452.932110][   T30] audit: type=1400 audit(1759650636.575:823): avc:  denied  { bind } for  pid=11469 comm="syz.4.1514" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  454.183165][   T30] audit: type=1326 audit(1759650637.825:824): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11476 comm="syz.2.1516" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe90958eec9 code=0x0
[  454.573631][T11484] dvmrp0: entered allmulticast mode
[  454.902341][T11501] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1521'.
[  454.913724][T11501] netlink: 'syz.3.1521': attribute type 2 has an invalid length.
[  454.922401][T11501] netlink: 'syz.3.1521': attribute type 1 has an invalid length.
[  454.935273][T11501] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1521'.
[  454.946433][T11501] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1521'.
[  455.286220][T11501] bond0: (slave bond_slave_1): Releasing backup interface
[  455.368836][T11509] tipc: Can't bind to reserved service type 0
[  455.454330][T11510] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1524'.
[  455.778198][T11513] netlink: 52 bytes leftover after parsing attributes in process `syz.3.1526'.
[  455.945850][T11516] ptrace attach of "./syz-executor exec"[5827] was attempted by "./syz-executor exec"[11516]
[  456.187139][T11516] befs: (nbd0): No write support. Marking filesystem read-only
[  456.196193][T11516] befs: (nbd0): unable to read superblock
[  456.282858][T11526] overlayfs: missing 'lowerdir'
[  456.352269][T11522] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1525'.
[  456.477531][T11535] siw: device registration error -23
[  456.692869][T11522] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  456.790273][ T5888] usb 5-1: new high-speed USB device number 43 using dummy_hcd
[  456.940406][ T5888] usb 5-1: Using ep0 maxpacket: 16
[  456.957519][ T5888] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  456.967341][ T5888] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  456.978132][ T5888] usb 5-1: Product: syz
[  456.986343][ T5888] usb 5-1: Manufacturer: syz
[  456.997599][ T5888] usb 5-1: SerialNumber: syz
[  457.015157][ T5888] r8152-cfgselector 5-1: Unknown version 0x0000
[  457.023338][ T5888] r8152-cfgselector 5-1: config 0 descriptor??
[  457.403877][ T5888] r8152-cfgselector 5-1: Unknown version 0x0000
[  457.415615][ T5888] r8152-cfgselector 5-1: bad CDC descriptors
[  457.447213][ T5888] r8152-cfgselector 5-1: USB disconnect, device number 43
[  457.511980][T11549] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11549 comm=syz.1.1535
[  457.724718][   T30] audit: type=1400 audit(1759650641.265:825): avc:  denied  { write } for  pid=11545 comm="syz.1.1535" name="mice" dev="devtmpfs" ino=915 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  458.066427][T11554] netlink: 176 bytes leftover after parsing attributes in process `syz.2.1536'.
[  458.110826][ T5888] usb 4-1: new high-speed USB device number 39 using dummy_hcd
[  458.276188][ T5888] usb 4-1: Using ep0 maxpacket: 32
[  458.712615][ T5888] usb 4-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92
[  458.759595][ T5888] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  458.796501][ T5888] usb 4-1: config 0 descriptor??
[  458.813953][ T5888] gspca_main: nw80x-2.14.0 probing 055f:d001
[  459.041353][   T30] audit: type=1400 audit(1759650642.685:826): avc:  denied  { ioctl } for  pid=11573 comm="syz.0.1541" path="/dev/input/mouse0" dev="devtmpfs" ino=999 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  459.139960][ T5929] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[  459.234259][ T5888] gspca_nw80x: reg_r err -71
[  459.257385][ T5888] nw80x 4-1:0.0: probe with driver nw80x failed with error -71
[  459.312510][ T5929] usb 3-1: Using ep0 maxpacket: 16
[  459.481185][ T5888] usb 4-1: USB disconnect, device number 39
[  459.490616][   T30] audit: type=1400 audit(1759650643.055:827): avc:  denied  { validate_trans } for  pid=11577 comm="syz.1.1544" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[  459.532230][ T5929] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  459.543373][ T5929] usb 3-1: New USB device found, idVendor=04d8, idProduct=00df, bcdDevice= 0.00
[  459.568876][ T5929] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  459.697499][ T5929] usb 3-1: config 0 descriptor??
[  460.344980][ T5929] mcp2200 0003:04D8:00DF.000E: USB HID v0.05 Device [HID 04d8:00df] on usb-dummy_hcd.2-1/input0
[  460.750566][T11590] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  460.761608][T11590] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  460.852569][T11590] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  460.862940][T11590] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  460.877577][ T1556] usb 3-1: USB disconnect, device number 34
[  460.893377][ T5831] usb 1-1: new high-speed USB device number 49 using dummy_hcd
[  460.962968][T11590] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  460.973456][T11590] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  461.045553][T11590] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  461.055894][T11590] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  461.082383][ T5831] usb 1-1: config index 0 descriptor too short (expected 65307, got 27)
[  461.091581][ T5831] usb 1-1: config 49 has too many interfaces: 255, using maximum allowed: 32
[  461.104157][ T5831] usb 1-1: config 49 has an invalid descriptor of length 54, skipping remainder of the config
[  461.116026][ T5831] usb 1-1: config 49 has 0 interfaces, different from the descriptor's value: 255
[  461.120856][   T30] audit: type=1400 audit(1759650644.765:828): avc:  denied  { watch watch_reads } for  pid=11603 comm="syz.4.1550" path=2F6D656D66643A2D42D54E49C56A9A707070F00884A26D202864656C6574656429 dev="tmpfs" ino=1220 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  461.126414][ T5831] usb 1-1: New USB device found, idVendor=16e3, idProduct=f9e9, bcdDevice= 0.58
[  461.167363][ T5831] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  461.187020][ T8694] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  461.383825][ T8694] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  461.427081][T11592] netlink: 84 bytes leftover after parsing attributes in process `syz.0.1547'.
[  462.776925][T11592] hsr_slave_1 (unregistering): left promiscuous mode
[  462.892422][ T8694] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  462.992745][ T8694] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  463.091592][T11624] virtio-fs: tag </dev/nullb0> not found
[  463.103976][ T8694] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  463.146138][ T5831] usb 1-1: string descriptor 0 read error: -71
[  463.176231][   T30] audit: type=1400 audit(1759650646.735:829): avc:  denied  { mounton } for  pid=11619 comm="syz.3.1556" path="/syzcgroup/unified/syz3" dev="gadgetfs" ino=7236 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=dir permissive=1
[  463.226449][ T8694] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  463.298753][ T5831] usb 1-1: USB disconnect, device number 49
[  463.362155][ T8694] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  463.481644][ T8694] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  463.739149][T11631] FAULT_INJECTION: forcing a failure.
[  463.739149][T11631] name failslab, interval 1, probability 0, space 0, times 0
[  463.781745][T11631] CPU: 0 UID: 0 PID: 11631 Comm: syz.2.1558 Not tainted syzkaller #0 PREEMPT(full) 
[  463.781771][T11631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  463.781781][T11631] Call Trace:
[  463.781787][T11631]  <TASK>
[  463.781794][T11631]  dump_stack_lvl+0x16c/0x1f0
[  463.781822][T11631]  should_fail_ex+0x512/0x640
[  463.781842][T11631]  ? kmem_cache_alloc_noprof+0x62/0x6e0
[  463.781872][T11631]  should_failslab+0xc2/0x120
[  463.781894][T11631]  kmem_cache_alloc_noprof+0x75/0x6e0
[  463.781920][T11631]  ? getname_flags.part.0+0x4c/0x550
[  463.781950][T11631]  ? getname_flags.part.0+0x4c/0x550
[  463.781973][T11631]  getname_flags.part.0+0x4c/0x550
[  463.782001][T11631]  getname_uflags+0x98/0xf0
[  463.782020][T11631]  __x64_sys_execveat+0xc4/0x120
[  463.782040][T11631]  do_syscall_64+0xcd/0x4e0
[  463.782064][T11631]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  463.782082][T11631] RIP: 0033:0x7fe90958eec9
[  463.782097][T11631] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  463.782113][T11631] RSP: 002b:00007fe90a3e5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000142
[  463.782130][T11631] RAX: ffffffffffffffda RBX: 00007fe9097e6090 RCX: 00007fe90958eec9
[  463.782141][T11631] RDX: 0000000000000000 RSI: 0000200000000040 RDI: ffffffffffffff9c
[  463.782151][T11631] RBP: 00007fe90a3e5090 R08: 0000000000001000 R09: 0000000000000000
[  463.782161][T11631] R10: 0000200000004780 R11: 0000000000000246 R12: 0000000000000001
[  463.782172][T11631] R13: 00007fe9097e6128 R14: 00007fe9097e6090 R15: 00007fffd8d0e318
[  463.782195][T11631]  </TASK>
[  464.048365][T11637] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1555'.
[  464.640796][ T5831] usb 5-1: new high-speed USB device number 44 using dummy_hcd
[  465.885525][ T5831] usb 5-1: config index 0 descriptor too short (expected 23569, got 27)
[  466.209893][ T5831] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  466.224679][T11667] input: syz1 as /devices/virtual/input/input51
[  466.259801][ T5831] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 0
[  466.298281][ T5831] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  466.312578][ T5831] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  466.378029][ T5831] usb 5-1: Manufacturer: syz
[  466.398964][ T5831] usb 5-1: config 0 descriptor??
[  466.417683][ T5831] igorplugusb 5-1:0.0: endpoint incorrect
[  466.674771][ T5831] usb 5-1: USB disconnect, device number 44
[  466.691746][ T5929] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[  466.860779][ T5929] usb 3-1: Using ep0 maxpacket: 16
[  467.114129][ T5929] usb 3-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[  467.125629][ T5929] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  467.135103][ T5929] usb 3-1: Product: syz
[  467.140319][ T5929] usb 3-1: Manufacturer: syz
[  467.146128][ T5929] usb 3-1: SerialNumber: syz
[  467.158761][ T5929] usb 3-1: config 0 descriptor??
[  467.681302][ T5929] dvb_usb_dtv5100 3-1:0.0: probe with driver dvb_usb_dtv5100 failed with error -110
[  467.691274][ T5930] usb 1-1: new high-speed USB device number 50 using dummy_hcd
[  467.961053][T11697] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1578'.
[  468.060471][ T5930] usb 1-1: Using ep0 maxpacket: 16
[  468.196955][ T5930] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  468.228652][ T5930] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  468.243336][ T5930] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  468.258540][ T5930] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  468.275701][ T5930] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  468.293093][ T5930] usb 1-1: config 0 descriptor??
[  468.489039][ T5929] usb 2-1: new high-speed USB device number 49 using dummy_hcd
[  468.659960][ T5929] usb 2-1: Using ep0 maxpacket: 16
[  468.670593][ T5929] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  468.682917][ T5929] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  468.693029][ T5929] usb 2-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00
[  468.702217][ T5929] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  468.728946][T11708] netlink: 21 bytes leftover after parsing attributes in process `syz.4.1581'.
[  468.760914][ T5929] usb 2-1: config 0 descriptor??
[  468.766896][T11688] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  468.804302][T11688] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  469.052270][ T5929] usbhid 2-1:0.0: can't add hid device: -71
[  469.058737][ T5929] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  469.071491][ T5929] usb 2-1: USB disconnect, device number 49
[  469.078255][T11718] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  469.409612][ T1556] usb 3-1: USB disconnect, device number 35
[  469.789450][T11724] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  469.841210][T11724] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  470.688791][   T30] audit: type=1400 audit(1759650654.325:830): avc:  denied  { ioctl } for  pid=11741 comm="syz.3.1589" path="socket:[32849]" dev="sockfs" ino=32849 ioctlcmd=0x5411 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  471.423565][T11752] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1592'.
[  471.432675][T11752] netlink: 'syz.3.1592': attribute type 2 has an invalid length.
[  471.440472][T11752] netlink: 'syz.3.1592': attribute type 1 has an invalid length.
[  471.507747][T11753] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1592'.
[  471.517452][T11753] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1592'.
[  471.916892][ T5930] usbhid 1-1:0.0: can't add hid device: -71
[  471.930307][ T5930] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  472.116276][ T5930] usb 1-1: USB disconnect, device number 50
[  472.230519][T11766] UBIFS error (pid: 11766): cannot open "c:::", error -22
[  472.645272][   T30] audit: type=1400 audit(1759650655.875:831): avc:  denied  { create } for  pid=11756 comm="syz.2.1594" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmpvc_socket permissive=1
[  473.587373][T11784] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1600'.
[  473.816039][T11777] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1599'.
[  473.825169][T11777] openvswitch: netlink: Flow key attr not present in new flow.
[  473.859412][   T30] audit: type=1400 audit(1759650657.485:832): avc:  denied  { unmount } for  pid=10250 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  473.996935][T11788] FAULT_INJECTION: forcing a failure.
[  473.996935][T11788] name failslab, interval 1, probability 0, space 0, times 0
[  474.051133][T11788] CPU: 1 UID: 0 PID: 11788 Comm: syz.2.1603 Not tainted syzkaller #0 PREEMPT(full) 
[  474.051158][T11788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  474.051168][T11788] Call Trace:
[  474.051175][T11788]  <TASK>
[  474.051181][T11788]  dump_stack_lvl+0x16c/0x1f0
[  474.051209][T11788]  should_fail_ex+0x512/0x640
[  474.051237][T11788]  ? __kmalloc_node_noprof+0xcd/0x8a0
[  474.051260][T11788]  should_failslab+0xc2/0x120
[  474.051283][T11788]  __kmalloc_node_noprof+0xe0/0x8a0
[  474.051301][T11788]  ? alloc_netdev_mqs+0xe67/0x1550
[  474.051322][T11788]  ? alloc_slab_obj_exts+0x3a/0xd0
[  474.051353][T11788]  ? alloc_slab_obj_exts+0x3a/0xd0
[  474.051377][T11788]  ? __phys_addr+0xe8/0x180
[  474.051401][T11788]  alloc_slab_obj_exts+0x3a/0xd0
[  474.051426][T11788]  __memcg_slab_post_alloc_hook+0x251/0x940
[  474.051453][T11788]  ? kasan_unpoison+0x27/0x60
[  474.051472][T11788]  __kmalloc_cache_noprof+0x593/0x780
[  474.051497][T11788]  ? lockdep_init_map_type+0x5c/0x280
[  474.051517][T11788]  ? alloc_netdev_mqs+0xe67/0x1550
[  474.051542][T11788]  ? alloc_netdev_mqs+0xe67/0x1550
[  474.051563][T11788]  alloc_netdev_mqs+0xe67/0x1550
[  474.051590][T11788]  rtnl_create_link+0xc08/0xf90
[  474.051614][T11788]  rtnl_newlink+0xb69/0x2000
[  474.051643][T11788]  ? __pfx_rtnl_newlink+0x10/0x10
[  474.051663][T11788]  ? find_held_lock+0x2b/0x80
[  474.051688][T11788]  ? avc_has_perm_noaudit+0x117/0x3b0
[  474.051717][T11788]  ? avc_has_perm_noaudit+0x149/0x3b0
[  474.051763][T11788]  ? find_held_lock+0x2b/0x80
[  474.051784][T11788]  ? __pfx_rtnl_newlink+0x10/0x10
[  474.051805][T11788]  ? __pfx_rtnl_newlink+0x10/0x10
[  474.051824][T11788]  ? rtnetlink_rcv_msg+0x93a/0xe90
[  474.051846][T11788]  ? __pfx_rtnl_newlink+0x10/0x10
[  474.051868][T11788]  rtnetlink_rcv_msg+0x95b/0xe90
[  474.051892][T11788]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  474.051916][T11788]  ? do_raw_spin_unlock+0x172/0x230
[  474.051939][T11788]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  474.051959][T11788]  ? try_to_wake_up+0x160/0x1870
[  474.051988][T11788]  netlink_rcv_skb+0x155/0x420
[  474.052012][T11788]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  474.052037][T11788]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  474.052059][T11788]  ? rcu_is_watching+0x12/0xc0
[  474.052102][T11788]  netlink_unicast+0x5aa/0x870
[  474.052129][T11788]  ? __pfx_netlink_unicast+0x10/0x10
[  474.052152][T11788]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  474.052184][T11788]  netlink_sendmsg+0x8c8/0xdd0
[  474.052212][T11788]  ? __pfx_netlink_sendmsg+0x10/0x10
[  474.052253][T11788]  ____sys_sendmsg+0xa95/0xc70
[  474.052281][T11788]  ? copy_msghdr_from_user+0x10a/0x160
[  474.052303][T11788]  ? __pfx_____sys_sendmsg+0x10/0x10
[  474.052342][T11788]  ___sys_sendmsg+0x134/0x1d0
[  474.052365][T11788]  ? __pfx____sys_sendmsg+0x10/0x10
[  474.052421][T11788]  __sys_sendmsg+0x16d/0x220
[  474.052442][T11788]  ? __pfx___sys_sendmsg+0x10/0x10
[  474.052479][T11788]  do_syscall_64+0xcd/0x4e0
[  474.052502][T11788]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  474.052519][T11788] RIP: 0033:0x7fe90958eec9
[  474.052534][T11788] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  474.052550][T11788] RSP: 002b:00007fe90a406038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  474.052567][T11788] RAX: ffffffffffffffda RBX: 00007fe9097e5fa0 RCX: 00007fe90958eec9
[  474.052578][T11788] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000003
[  474.052588][T11788] RBP: 00007fe90a406090 R08: 0000000000000000 R09: 0000000000000000
[  474.052598][T11788] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  474.052608][T11788] R13: 00007fe9097e6038 R14: 00007fe9097e5fa0 R15: 00007fffd8d0e318
[  474.052633][T11788]  </TASK>
[  474.414445][    C1] vkms_vblank_simulate: vblank timer overrun
[  474.738336][   T30] audit: type=1400 audit(1759650658.375:833): avc:  denied  { mounton } for  pid=11759 comm="syz.4.1595" path="/dev/binderfs" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  474.761294][    C1] vkms_vblank_simulate: vblank timer overrun
[  474.941303][T11797] pim6reg1: entered promiscuous mode
[  474.946599][T11797] pim6reg1: entered allmulticast mode
[  474.961218][   T30] audit: type=1400 audit(1759650658.605:834): avc:  denied  { read } for  pid=11794 comm="syz.2.1604" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  475.041701][ T5831] usb 4-1: new high-speed USB device number 40 using dummy_hcd
[  475.209977][ T1556] usb 3-1: new low-speed USB device number 36 using dummy_hcd
[  475.270593][ T5831] usb 4-1: config 1 has an invalid interface number: 7 but max is 0
[  475.278648][ T5831] usb 4-1: config 1 has no interface number 0
[  475.309051][ T5831] usb 4-1: config 1 interface 7 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1024
[  475.340144][ T5831] usb 4-1: config 1 interface 7 altsetting 0 has a duplicate endpoint with address 0x6, skipping
[  475.381167][ T1556] usb 3-1: config index 0 descriptor too short (expected 6427, got 27)
[  475.392145][ T5831] usb 4-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00
[  475.401343][ T1556] usb 3-1: config 0 has an invalid interface number: 21 but max is 0
[  475.401397][ T1556] usb 3-1: config 0 has no interface number 0
[  475.401544][ T1556] usb 3-1: config 0 interface 21 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  475.401601][ T1556] usb 3-1: config 0 interface 21 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  475.401655][ T1556] usb 3-1: config 0 interface 21 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  475.401768][ T1556] usb 3-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4
[  475.401819][ T1556] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  475.478365][ T1556] usb 3-1: config 0 descriptor??
[  475.496443][T11797] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  475.544727][ T5831] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  475.555277][ T5831] usb 4-1: Product: syz
[  475.575943][ T5831] usb 4-1: Manufacturer: syz
[  475.582169][ T5831] usb 4-1: SerialNumber: syz
[  475.638888][T11793] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  475.646666][T11793] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  475.658427][ T5831] usb 4-1: Expected 3 endpoints, found: 2
[  475.705606][T11797] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  475.715405][T11797] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  475.864479][   T24] usb 4-1: USB disconnect, device number 40
[  475.878852][T11806] netlink: 'syz.1.1607': attribute type 11 has an invalid length.
[  476.401583][ T1556] usb 3-1: USB disconnect, device number 36
[  477.452734][T11831] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1612'.
[  477.529943][ T1556] usb 2-1: new high-speed USB device number 50 using dummy_hcd
[  477.752990][T11836] block nbd0: Unsupported socket: should be TCP or UNIX.
[  477.811207][   T30] audit: type=1400 audit(1759650661.455:835): avc:  denied  { map } for  pid=11838 comm="syz.2.1618" path="/dev/usbmon0" dev="devtmpfs" ino=715 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  477.880912][ T1556] usb 2-1: Using ep0 maxpacket: 32
[  477.887843][ T1556] usb 2-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  477.898032][ T1556] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  477.931944][ T1556] usb 2-1: config 0 descriptor??
[  478.001969][T11844] netlink: 'syz.3.1619': attribute type 12 has an invalid length.
[  478.010708][T11844] netlink: 'syz.3.1619': attribute type 29 has an invalid length.
[  478.018501][T11844] netlink: 148 bytes leftover after parsing attributes in process `syz.3.1619'.
[  478.027984][T11844] netlink: 'syz.3.1619': attribute type 2 has an invalid length.
[  478.037071][T11844] netlink: 23 bytes leftover after parsing attributes in process `syz.3.1619'.
[  478.090616][ T5929] usb 1-1: new full-speed USB device number 51 using dummy_hcd
[  478.147627][ T1556] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  478.164990][ T1556] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  478.178104][ T1556] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  478.186012][ T1556] usb 2-1: media controller created
[  478.234618][ T1556] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  478.263093][ T5929] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  478.275316][ T5929] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 64
[  478.309895][ T5929] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  478.331682][ T5929] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  478.394510][ T1556] az6027: usb out operation failed. (-71)
[  478.402172][ T1556] az6027: usb out operation failed. (-71)
[  478.409022][ T1556] stb0899_attach: Driver disabled by Kconfig
[  478.416136][ T1556] az6027: no front-end attached
[  478.416136][ T1556] 
[  478.433058][ T5929] usb 1-1: config 0 descriptor??
[  478.438475][ T1556] az6027: usb out operation failed. (-71)
[  478.445355][ T1556] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  478.445791][T11836] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  478.463104][ T1556] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input53
[  478.475391][ T5929] hub 1-1:0.0: USB hub found
[  478.482624][ T1556] dvb-usb: schedule remote query interval to 400 msecs.
[  478.489713][ T1556] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  478.514670][ T1556] usb 2-1: USB disconnect, device number 50
[  478.558432][ T1556] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  478.650573][ T5831] usb 5-1: new high-speed USB device number 45 using dummy_hcd
[  478.664972][ T5929] hub 1-1:0.0: 2 ports detected
[  478.800688][ T5831] usb 5-1: Using ep0 maxpacket: 8
[  478.811022][ T5831] usb 5-1: New USB device found, idVendor=0763, idProduct=2081, bcdDevice=d0.ab
[  478.820953][ T5831] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  478.829126][ T5831] usb 5-1: Product: syz
[  478.834723][ T5831] usb 5-1: Manufacturer: syz
[  478.839321][ T5831] usb 5-1: SerialNumber: syz
[  478.851885][ T5831] usb 5-1: config 0 descriptor??
[  478.890091][   T24] usb 3-1: new low-speed USB device number 37 using dummy_hcd
[  479.084741][ T5929] hub 1-1:0.0: set hub depth failed
[  479.094670][   T24] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  479.112203][   T24] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  479.197079][ T5929] usb 1-1: USB disconnect, device number 51
[  479.261281][   T24] usb 3-1: config 0 has no interface number 0
[  479.279899][   T24] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  479.297822][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  479.452316][T11863] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1627'.
[  479.554582][   T24] usb 3-1: config 0 descriptor??
[  479.616725][   T24] iowarrior 3-1:0.1: no interrupt-in endpoint found
[  479.659463][ T5831] usb 5-1: USB disconnect, device number 45
[  480.057467][   T24] usb 3-1: USB disconnect, device number 37
[  480.534807][T11883] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1629'.
[  481.365126][T11891] FAULT_INJECTION: forcing a failure.
[  481.365126][T11891] name failslab, interval 1, probability 0, space 0, times 0
[  481.520267][T11891] CPU: 0 UID: 0 PID: 11891 Comm: syz.2.1634 Not tainted syzkaller #0 PREEMPT(full) 
[  481.520292][T11891] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  481.520302][T11891] Call Trace:
[  481.520307][T11891]  <TASK>
[  481.520314][T11891]  dump_stack_lvl+0x16c/0x1f0
[  481.520341][T11891]  should_fail_ex+0x512/0x640
[  481.520361][T11891]  ? kmem_cache_alloc_node_noprof+0x65/0x770
[  481.520392][T11891]  should_failslab+0xc2/0x120
[  481.520415][T11891]  kmem_cache_alloc_node_noprof+0x78/0x770
[  481.520442][T11891]  ? __alloc_skb+0x2b2/0x380
[  481.520460][T11891]  ? __up_read+0x1f8/0x750
[  481.520495][T11891]  ? __alloc_skb+0x2b2/0x380
[  481.520513][T11891]  __alloc_skb+0x2b2/0x380
[  481.520532][T11891]  ? __pfx___alloc_skb+0x10/0x10
[  481.520563][T11891]  netlink_ack+0x15d/0xb80
[  481.520588][T11891]  ? __lock_acquire+0x62e/0x1ce0
[  481.520613][T11891]  rdma_nl_rcv_skb.constprop.0.isra.0+0x330/0x430
[  481.520648][T11891]  ? __pfx_rdma_nl_rcv_skb.constprop.0.isra.0+0x10/0x10
[  481.520689][T11891]  ? netlink_deliver_tap+0x1ae/0xd30
[  481.520710][T11891]  ? selinux_netlink_send+0x578/0x830
[  481.520727][T11891]  ? is_vmalloc_addr+0x86/0xa0
[  481.520758][T11891]  netlink_unicast+0x5aa/0x870
[  481.520786][T11891]  ? __pfx_netlink_unicast+0x10/0x10
[  481.520810][T11891]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  481.520843][T11891]  netlink_sendmsg+0x8c8/0xdd0
[  481.520871][T11891]  ? __pfx_netlink_sendmsg+0x10/0x10
[  481.520906][T11891]  ____sys_sendmsg+0xa95/0xc70
[  481.520934][T11891]  ? copy_msghdr_from_user+0x10a/0x160
[  481.520956][T11891]  ? __pfx_____sys_sendmsg+0x10/0x10
[  481.520996][T11891]  ___sys_sendmsg+0x134/0x1d0
[  481.521020][T11891]  ? __pfx____sys_sendmsg+0x10/0x10
[  481.521082][T11891]  __sys_sendmsg+0x16d/0x220
[  481.521104][T11891]  ? __pfx___sys_sendmsg+0x10/0x10
[  481.521145][T11891]  do_syscall_64+0xcd/0x4e0
[  481.521169][T11891]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  481.521186][T11891] RIP: 0033:0x7fe90958eec9
[  481.521200][T11891] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  481.521216][T11891] RSP: 002b:00007fe90a406038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  481.521227][T11891] RAX: ffffffffffffffda RBX: 00007fe9097e5fa0 RCX: 00007fe90958eec9
[  481.521234][T11891] RDX: 0000000000000004 RSI: 0000200000000180 RDI: 0000000000000003
[  481.521240][T11891] RBP: 00007fe90a406090 R08: 0000000000000000 R09: 0000000000000000
[  481.521246][T11891] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  481.521253][T11891] R13: 00007fe9097e6038 R14: 00007fe9097e5fa0 R15: 00007fffd8d0e318
[  481.521266][T11891]  </TASK>
[  482.019216][T11897] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1635'.
[  482.417508][T11905] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1639'.
[  482.720462][ T5965] usb 5-1: new high-speed USB device number 46 using dummy_hcd
[  482.775265][T11911] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1641'.
[  482.803486][T11910] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1641'.
[  482.818025][ T8694] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  482.828772][ T8694] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  482.839289][T11911] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1641'.
[  482.929894][   T24] usb 2-1: new high-speed USB device number 51 using dummy_hcd
[  482.979909][T11916] siw: device registration error -23
[  483.109981][   T24] usb 2-1: Using ep0 maxpacket: 32
[  483.286829][ T5831] usb 3-1: new high-speed USB device number 38 using dummy_hcd
[  483.301112][ T5965] usb 5-1: Using ep0 maxpacket: 16
[  483.305704][   T24] usb 2-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  483.328298][ T5965] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  483.340733][ T5965] usb 5-1: New USB device found, idVendor=04d8, idProduct=00df, bcdDevice= 0.00
[  483.350454][ T5965] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  483.353552][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  483.359665][ T8694] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  483.378610][T11910] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1641'.
[  483.378724][ T5965] usb 5-1: config 0 descriptor??
[  483.407765][ T8694] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  483.443744][   T24] usb 2-1: config 0 descriptor??
[  483.470453][ T5831] usb 3-1: Using ep0 maxpacket: 16
[  483.488395][ T5831] usb 3-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 2.00
[  483.498202][ T5831] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  483.509031][ T5831] usb 3-1: config 0 descriptor??
[  483.522073][ T5831] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected
[  483.689410][   T24] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  483.701097][   T24] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  483.816127][   T24] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  483.823673][   T24] usb 2-1: media controller created
[  483.843641][   T24] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  483.853029][ T5965] mcp2200 0003:04D8:00DF.000F: USB HID v0.05 Device [HID 04d8:00df] on usb-dummy_hcd.4-1/input0
[  483.969092][T11926] virtio-fs: tag </dev/nullb0> not found
[  484.253124][   T24] az6027: usb out operation failed. (-71)
[  484.538621][   T24] az6027: usb out operation failed. (-71)
[  484.544488][   T24] stb0899_attach: Driver disabled by Kconfig
[  484.550609][   T24] az6027: no front-end attached
[  484.550609][   T24] 
[  484.557977][   T24] az6027: usb out operation failed. (-71)
[  484.563852][   T24] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  484.572807][   T24] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input54
[  484.586020][   T24] dvb-usb: schedule remote query interval to 400 msecs.
[  484.593257][   T24] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  484.604771][   T24] usb 2-1: USB disconnect, device number 51
[  484.722985][   T24] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  484.795752][ T5965] usb 5-1: USB disconnect, device number 46
[  486.056066][T11949] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1650'.
[  486.389448][T11952] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1649'.
[  486.704758][ T5831] usb 3-1: Detected FT232A
[  486.712625][ T5831] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  486.775047][ T5831] usb 3-1: USB disconnect, device number 38
[  486.844024][ T5831] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  486.875119][ T5831] ftdi_sio 3-1:0.0: device disconnected
[  488.112840][T12000] netlink: 256 bytes leftover after parsing attributes in process `syz.3.1660'.
[  488.352290][T12004] 8021q: adding VLAN 0 to HW filter on device bond0
[  488.516369][T11989] random: crng reseeded on system resumption
[  488.532439][T12004] bond0: (slave rose0): Enslaving as an active interface with an up link
[  488.535267][   T30] audit: type=1400 audit(1759650672.155:836): avc:  denied  { write } for  pid=11988 comm="syz.3.1660" name="snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  488.626382][T12008] loop6: detected capacity change from 0 to 63
[  488.723546][ T6011] buffer_io_error: 316 callbacks suppressed
[  488.723561][ T6011] Buffer I/O error on dev loop6, logical block 0, async page read
[  488.748335][   T30] audit: type=1400 audit(1759650672.155:837): avc:  denied  { ioctl } for  pid=11988 comm="syz.3.1660" path="/dev/snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  488.780678][ T6011] Buffer I/O error on dev loop6, logical block 0, async page read
[  488.799425][ T6011] Buffer I/O error on dev loop6, logical block 0, async page read
[  488.953320][T12013] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1664'.
[  489.139930][ T6011] Buffer I/O error on dev loop6, logical block 0, async page read
[  489.237434][ T6011] Buffer I/O error on dev loop6, logical block 0, async page read
[  489.324085][   T30] audit: type=1400 audit(1759650672.955:838): avc:  denied  { read } for  pid=12021 comm="syz.4.1667" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  489.357981][T12024] l2tp_ppp: sess 2/0: no socket in recv
[  489.580155][T12034] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1667'.
[  490.771618][ T1556] usb 1-1: new full-speed USB device number 52 using dummy_hcd
[  491.211291][ T1556] usb 1-1: not running at top speed; connect to a high speed hub
[  491.225244][ T1556] usb 1-1: config 1 has an invalid interface number: 78 but max is 0
[  491.248954][ T1556] usb 1-1: config 1 has no interface number 0
[  491.377639][ T1556] usb 1-1: config 1 interface 78 has no altsetting 0
[  491.394372][ T1556] usb 1-1: New USB device found, idVendor=11ba, idProduct=1001, bcdDevice=ec.57
[  491.404071][ T1556] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  491.413652][ T1556] usb 1-1: Product: syz
[  491.418427][ T1556] usb 1-1: Manufacturer: syz
[  491.483807][T12083] siw: device registration error -23
[  492.406311][ T1556] usb 1-1: SerialNumber: syz
[  492.884977][ T1556] pvrusb2: Hardware description: OnAir USB2 Hybrid USB tuner
[  492.941820][ T1556] usb 1-1: selecting invalid altsetting 0
[  492.965183][ T2329] pvrusb2: control-write URB failure, status=-71
[  492.986539][ T1556] usb 1-1: USB disconnect, device number 52
[  493.005721][ T2329] pvrusb2: Device being rendered inoperable
[  493.019948][   T24] usb 4-1: new high-speed USB device number 41 using dummy_hcd
[  493.028167][ T2329] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  493.077582][ T2329] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  493.168553][T12099] l2tp_ppp: sess 2/0: no socket in recv
[  493.217434][   T24] usb 4-1: New USB device found, idVendor=0403, idProduct=da72, bcdDevice=35.7f
[  493.244747][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  493.722480][T12109] netlink: 'syz.3.1680': attribute type 1 has an invalid length.
[  494.181540][   T24] usb 4-1: string descriptor 0 read error: -71
[  494.204030][   T24] usb 4-1: NDI device with a latency value of 1
[  494.214326][   T24] ftdi_sio 4-1:129.0: FTDI USB Serial Device converter detected
[  494.254504][   T24] ftdi_sio ttyUSB0: unknown device type: 0x357f
[  494.295409][   T24] usb 4-1: USB disconnect, device number 41
[  494.345685][   T24] ftdi_sio 4-1:129.0: device disconnected
[  495.358996][   T30] audit: type=1400 audit(1759650678.995:839): avc:  denied  { open } for  pid=12106 comm="syz.2.1684" path="/329/file0" dev="tmpfs" ino=1730 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  495.386123][T12140] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  495.464963][   T30] audit: type=1400 audit(1759650678.995:840): avc:  denied  { ioctl } for  pid=12106 comm="syz.2.1684" path="/329/file0" dev="tmpfs" ino=1730 ioctlcmd=0x1273 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  495.781200][T12149] l2tp_ppp: sess 2/0: no socket in recv
[  496.058408][T12161] virtio-fs: tag </dev/nullb0> not found
[  497.444301][   T30] audit: type=1400 audit(1759650680.965:841): avc:  denied  { read write } for  pid=12168 comm="syz.2.1699" name="file0" dev="fuse" ino=6 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[  497.655251][   T30] audit: type=1400 audit(1759650680.965:842): avc:  denied  { open } for  pid=12168 comm="syz.2.1699" path="/333/file0/file0" dev="fuse" ino=6 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[  498.098981][ T1556] usb 4-1: new high-speed USB device number 42 using dummy_hcd
[  498.132812][T12178] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  498.240183][   T24] usb 3-1: new high-speed USB device number 39 using dummy_hcd
[  498.301276][ T1556] usb 4-1: New USB device found, idVendor=0403, idProduct=da72, bcdDevice=35.7f
[  498.311140][ T1556] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  498.410336][   T24] usb 3-1: Using ep0 maxpacket: 8
[  498.462362][   T24] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  498.474535][   T24] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  498.835986][T12186] netlink: 'syz.3.1700': attribute type 1 has an invalid length.
[  499.039882][ T1556] usb 4-1: string descriptor 0 read error: -71
[  499.056795][ T1556] usb 4-1: NDI device with a latency value of 1
[  499.067897][ T1556] ftdi_sio 4-1:129.0: FTDI USB Serial Device converter detected
[  499.068014][   T24] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  499.212013][ T1556] ftdi_sio ttyUSB0: unknown device type: 0x357f
[  499.247673][ T1556] usb 4-1: USB disconnect, device number 42
[  499.259891][   T24] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  499.270411][ T1556] ftdi_sio 4-1:129.0: device disconnected
[  499.299637][   T24] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  499.311658][   T24] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  499.343844][   T24] usb 3-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  499.371929][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  499.392188][   T24] usb 3-1: Product: syz
[  499.409529][T12194] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1706'.
[  499.426157][   T24] usb 3-1: Manufacturer: syz
[  499.426353][   T24] usb 3-1: SerialNumber: syz
[  499.429554][   T24] usb 3-1: config 0 descriptor??
[  499.746151][   T24] usb 3-1: USB disconnect, device number 39
[  499.815777][T12196] FAULT_INJECTION: forcing a failure.
[  499.815777][T12196] name failslab, interval 1, probability 0, space 0, times 0
[  499.832656][T12196] CPU: 1 UID: 0 PID: 12196 Comm: syz.4.1707 Not tainted syzkaller #0 PREEMPT(full) 
[  499.832682][T12196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  499.832692][T12196] Call Trace:
[  499.832698][T12196]  <TASK>
[  499.832704][T12196]  dump_stack_lvl+0x16c/0x1f0
[  499.832730][T12196]  should_fail_ex+0x512/0x640
[  499.832748][T12196]  ? fs_reclaim_acquire+0xae/0x150
[  499.832769][T12196]  should_failslab+0xc2/0x120
[  499.832789][T12196]  kmem_cache_alloc_node_noprof+0x78/0x770
[  499.832813][T12196]  ? __alloc_skb+0x2b2/0x380
[  499.832836][T12196]  ? __alloc_skb+0x2b2/0x380
[  499.832851][T12196]  __alloc_skb+0x2b2/0x380
[  499.832868][T12196]  ? __pfx___alloc_skb+0x10/0x10
[  499.832890][T12196]  ? netlink_has_listeners+0x20f/0x430
[  499.832915][T12196]  alloc_uevent_skb+0x7d/0x210
[  499.832941][T12196]  kobject_uevent_env+0xca4/0x1870
[  499.832970][T12196]  ? bus_to_subsys+0x131/0x160
[  499.832991][T12196]  device_del+0x623/0x9f0
[  499.833016][T12196]  ? __pfx_device_del+0x10/0x10
[  499.833046][T12196]  device_unregister+0x1d/0xc0
[  499.833068][T12196]  device_destroy+0x99/0xe0
[  499.833091][T12196]  ? __pfx_device_destroy+0x10/0x10
[  499.833116][T12196]  ? kfree+0x2b8/0x6d0
[  499.833137][T12196]  ? rfcomm_dev_destruct+0x2de/0x390
[  499.833165][T12196]  tty_unregister_device+0x82/0x1c0
[  499.833185][T12196]  rfcomm_dev_destruct+0x15f/0x390
[  499.833209][T12196]  ? __pfx_rfcomm_dev_destruct+0x10/0x10
[  499.833241][T12196]  tty_port_put+0x159/0x1b0
[  499.833264][T12196]  rfcomm_dev_ioctl+0x276/0x1c90
[  499.833291][T12196]  ? __pfx_bt_sock_ioctl+0x10/0x10
[  499.833310][T12196]  ? __pfx_rfcomm_dev_ioctl+0x10/0x10
[  499.833341][T12196]  ? tomoyo_path_number_perm+0x18d/0x580
[  499.833365][T12196]  rfcomm_sock_ioctl+0xaa/0xd0
[  499.833386][T12196]  sock_do_ioctl+0x115/0x280
[  499.833412][T12196]  ? __pfx_sock_do_ioctl+0x10/0x10
[  499.833445][T12196]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  499.833471][T12196]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  499.833497][T12196]  sock_ioctl+0x227/0x6b0
[  499.833514][T12196]  ? __pfx_sock_ioctl+0x10/0x10
[  499.833527][T12196]  ? hook_file_ioctl_common+0x145/0x410
[  499.833559][T12196]  ? selinux_file_ioctl+0x180/0x270
[  499.833577][T12196]  ? selinux_file_ioctl+0xb4/0x270
[  499.833599][T12196]  ? __pfx_sock_ioctl+0x10/0x10
[  499.833616][T12196]  __x64_sys_ioctl+0x18e/0x210
[  499.833644][T12196]  do_syscall_64+0xcd/0x4e0
[  499.833671][T12196]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  499.833689][T12196] RIP: 0033:0x7f322b58eec9
[  499.833704][T12196] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  499.833720][T12196] RSP: 002b:00007f322c3ce038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  499.833737][T12196] RAX: ffffffffffffffda RBX: 00007f322b7e5fa0 RCX: 00007f322b58eec9
[  499.833748][T12196] RDX: 0000200000000100 RSI: 00000000400452c9 RDI: 0000000000000004
[  499.833758][T12196] RBP: 00007f322c3ce090 R08: 0000000000000000 R09: 0000000000000000
[  499.833768][T12196] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  499.833778][T12196] R13: 00007f322b7e6038 R14: 00007f322b7e5fa0 R15: 00007ffe11961088
[  499.833803][T12196]  </TASK>
[  500.202674][T12176] FAULT_INJECTION: forcing a failure.
[  500.202674][T12176] name failslab, interval 1, probability 0, space 0, times 0
[  500.262259][T12176] CPU: 0 UID: 0 PID: 12176 Comm: syz.2.1701 Not tainted syzkaller #0 PREEMPT(full) 
[  500.262282][T12176] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  500.262291][T12176] Call Trace:
[  500.262297][T12176]  <TASK>
[  500.262304][T12176]  dump_stack_lvl+0x16c/0x1f0
[  500.262329][T12176]  should_fail_ex+0x512/0x640
[  500.262352][T12176]  should_failslab+0xc2/0x120
[  500.262374][T12176]  kmem_cache_alloc_noprof+0x75/0x6e0
[  500.262401][T12176]  ? skb_clone+0x190/0x3f0
[  500.262424][T12176]  ? skb_clone+0x190/0x3f0
[  500.262440][T12176]  skb_clone+0x190/0x3f0
[  500.262459][T12176]  netlink_deliver_tap+0xabd/0xd30
[  500.262489][T12176]  netlink_dump+0x881/0xd30
[  500.262511][T12176]  ? __pfx_netlink_dump+0x10/0x10
[  500.262529][T12176]  ? rcu_is_watching+0x12/0xc0
[  500.262566][T12176]  ? kfree_skbmem+0x1a4/0x1f0
[  500.262588][T12176]  ? kfree_skbmem+0x1a4/0x1f0
[  500.262615][T12176]  netlink_recvmsg+0x7dc/0xa90
[  500.262638][T12176]  ? __pfx_netlink_recvmsg+0x10/0x10
[  500.262659][T12176]  ? __fget_files+0x204/0x3c0
[  500.262687][T12176]  sock_recvmsg+0x1f6/0x250
[  500.262713][T12176]  __sys_recvfrom+0x203/0x310
[  500.262735][T12176]  ? __pfx___sys_recvfrom+0x10/0x10
[  500.262763][T12176]  ? bpf_trace_run2+0x26b/0x590
[  500.262796][T12176]  ? __might_fault+0xe3/0x190
[  500.262810][T12176]  ? __might_fault+0x13b/0x190
[  500.262825][T12176]  __x64_sys_recvfrom+0xe0/0x1c0
[  500.262837][T12176]  ? syscall_trace_enter+0xee/0x240
[  500.262852][T12176]  do_syscall_64+0xcd/0x4e0
[  500.262866][T12176]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  500.262878][T12176] RIP: 0033:0x7fe90958eec9
[  500.262887][T12176] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  500.262897][T12176] RSP: 002b:00007fe90a406038 EFLAGS: 00000246 ORIG_RAX: 000000000000002d
[  500.262909][T12176] RAX: ffffffffffffffda RBX: 00007fe9097e5fa0 RCX: 00007fe90958eec9
[  500.262916][T12176] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005
[  500.262922][T12176] RBP: 00007fe90a406090 R08: 0000000000000000 R09: 0000000000000000
[  500.262928][T12176] R10: 0000000040002000 R11: 0000000000000246 R12: 0000000000000001
[  500.262934][T12176] R13: 00007fe9097e6038 R14: 00007fe9097e5fa0 R15: 00007fffd8d0e318
[  500.262948][T12176]  </TASK>
[  500.855276][T12203] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1709'.
[  500.994083][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[  501.000455][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[  501.313281][T12201] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1710'.
[  501.766361][T12219] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1714'.
[  501.960923][T12225] FAULT_INJECTION: forcing a failure.
[  501.960923][T12225] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  501.977272][T12225] CPU: 0 UID: 0 PID: 12225 Comm: syz.0.1716 Not tainted syzkaller #0 PREEMPT(full) 
[  501.977297][T12225] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  501.977308][T12225] Call Trace:
[  501.977314][T12225]  <TASK>
[  501.977327][T12225]  dump_stack_lvl+0x16c/0x1f0
[  501.977354][T12225]  should_fail_ex+0x512/0x640
[  501.977380][T12225]  _copy_from_user+0x2e/0xd0
[  501.977403][T12225]  map_update_elem+0x754/0x940
[  501.977431][T12225]  ? __pfx_map_update_elem+0x10/0x10
[  501.977456][T12225]  ? selinux_bpf+0xee/0x130
[  501.977485][T12225]  __sys_bpf+0x1573/0x4980
[  501.977506][T12225]  ? __pfx___sys_bpf+0x10/0x10
[  501.977521][T12225]  ? find_held_lock+0x2b/0x80
[  501.977552][T12225]  ? find_held_lock+0x2b/0x80
[  501.977583][T12225]  ? __mutex_unlock_slowpath+0x161/0x7b0
[  501.977620][T12225]  ? fput+0x9b/0xd0
[  501.977644][T12225]  ? ksys_write+0x1ac/0x250
[  501.977661][T12225]  ? __pfx_ksys_write+0x10/0x10
[  501.977687][T12225]  __x64_sys_bpf+0x78/0xc0
[  501.977703][T12225]  ? lockdep_hardirqs_on+0x7c/0x110
[  501.977723][T12225]  do_syscall_64+0xcd/0x4e0
[  501.977747][T12225]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  501.977765][T12225] RIP: 0033:0x7ff65c78eec9
[  501.977779][T12225] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  501.977796][T12225] RSP: 002b:00007ff65d622038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  501.977814][T12225] RAX: ffffffffffffffda RBX: 00007ff65c9e5fa0 RCX: 00007ff65c78eec9
[  501.977825][T12225] RDX: 0000000000000020 RSI: 00002000000000c0 RDI: 0000000000000002
[  501.977836][T12225] RBP: 00007ff65d622090 R08: 0000000000000000 R09: 0000000000000000
[  501.977846][T12225] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  501.977856][T12225] R13: 00007ff65c9e6038 R14: 00007ff65c9e5fa0 R15: 00007ffce00b6258
[  501.977879][T12225]  </TASK>
[  502.363083][T12235] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1719'.
[  502.374330][   T30] audit: type=1400 audit(1759650686.015:843): avc:  denied  { append } for  pid=12231 comm="syz.4.1719" name="binder1" dev="binder" ino=17 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  503.054734][T12242] virtio-fs: tag </dev/nullb0> not found
[  503.120463][ T5881] usb 1-1: new high-speed USB device number 53 using dummy_hcd
[  504.140625][ T5881] usb 1-1: config 1 has an invalid interface number: 7 but max is 0
[  504.174592][ T5881] usb 1-1: config 1 has no interface number 0
[  504.187147][ T5881] usb 1-1: config 1 interface 7 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1024
[  504.230457][ T5881] usb 1-1: config 1 interface 7 altsetting 0 has a duplicate endpoint with address 0x6, skipping
[  504.258799][ T5881] usb 1-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00
[  504.978185][ T5881] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  504.990231][ T5881] usb 1-1: Product: syz
[  504.997451][ T5881] usb 1-1: Manufacturer: syz
[  505.012282][ T5881] usb 1-1: SerialNumber: syz
[  505.043899][T12239] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  505.178779][T12239] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  505.201268][ T5881] usb 1-1: Expected 3 endpoints, found: 2
[  505.327699][T12260] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1724'.
[  505.430187][   T24] usb 4-1: new full-speed USB device number 43 using dummy_hcd
[  505.657065][ T5881] usb 1-1: USB disconnect, device number 53
[  505.787606][   T24] usb 4-1: config 16 has an invalid interface number: 19 but max is 0
[  506.000906][ T5831] usb 5-1: new high-speed USB device number 47 using dummy_hcd
[  506.070715][   T24] usb 4-1: config 16 has an invalid descriptor of length 255, skipping remainder of the config
[  506.200246][ T5831] usb 5-1: Using ep0 maxpacket: 16
[  506.206871][ T5831] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  506.221197][   T24] usb 4-1: config 16 has no interface number 0
[  506.231433][   T24] usb 4-1: config 16 interface 19 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  506.253256][   T24] usb 4-1: New USB device found, idVendor=0499, idProduct=cdf4, bcdDevice=78.ee
[  506.264130][   T30] audit: type=1400 audit(1759650689.905:844): avc:  denied  { watch } for  pid=12263 comm="syz.1.1725" path="/dev/nvram" dev="devtmpfs" ino=622 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[  506.288935][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  506.289365][ T5831] usb 5-1: New USB device found, idVendor=04d8, idProduct=00df, bcdDevice= 0.00
[  506.297984][   T24] usb 4-1: Product: syz
[  506.298041][   T24] usb 4-1: Manufacturer: syz
[  506.298196][   T24] usb 4-1: SerialNumber: syz
[  506.389701][   T30] audit: type=1400 audit(1759650689.905:845): avc:  denied  { watch_sb } for  pid=12263 comm="syz.1.1725" path="/dev/nvram" dev="devtmpfs" ino=622 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  506.520157][ T5831] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  506.591501][ T5831] usb 5-1: config 0 descriptor??
[  506.619368][   T24] usb 4-1: USB disconnect, device number 43
[  506.652223][ T5948] udevd[5948]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:16.19/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  506.900996][   T30] audit: type=1400 audit(1759650690.545:846): avc:  denied  { setopt } for  pid=12276 comm="syz.1.1728" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  507.025132][ T5831] mcp2200 0003:04D8:00DF.0010: USB HID v0.05 Device [HID 04d8:00df] on usb-dummy_hcd.4-1/input0
[  507.487326][T12299] virtio-fs: tag </dev/nullb0> not found
[  508.251943][ T5888] usb 5-1: USB disconnect, device number 47
[  508.656420][T12302] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1734'.
[  509.007022][T12308] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1735'.
[  509.501539][T12314] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1737'.
[  509.897668][T12325] pim6reg: entered allmulticast mode
[  510.058896][T12328] lo speed is unknown, defaulting to 1000
[  510.244889][T12327] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1742'.
[  510.439876][ T1556] usb 3-1: new low-speed USB device number 40 using dummy_hcd
[  510.477950][   T30] audit: type=1400 audit(1759650694.115:847): avc:  denied  { write } for  pid=12336 comm="syz.0.1744" name="ptp0" dev="devtmpfs" ino=1264 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  510.651343][ T1556] usb 3-1: config 0 has an invalid interface number: 55 but max is 0
[  510.670142][ T1556] usb 3-1: config 0 has no interface number 0
[  510.676262][ T1556] usb 3-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  510.792458][ T1556] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8
[  510.863166][T12346] netdevsim netdevsim0: loading /lib/firmware/. failed with error -22
[  510.871668][T12346] netdevsim netdevsim0: Direct firmware load for . failed with error -22
[  510.882047][T12346] netdevsim netdevsim0: Falling back to sysfs fallback for: .
[  510.957210][   T30] audit: type=1400 audit(1759650694.525:848): avc:  denied  { firmware_load } for  pid=12336 comm="syz.0.1744" scontext=system_u:system_r:kernel_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  511.059703][ T1556] usb 3-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  511.322818][ T1556] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  511.408764][ T1556] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8
[  511.458880][ T1556] usb 3-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  511.481179][ T1556] usb 3-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  511.490690][ T1556] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  511.530764][ T1556] usb 3-1: config 0 descriptor??
[  511.572965][T12332] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  511.582789][T12332] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  511.646038][T12358] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1749'.
[  511.760925][ T1556] ldusb 3-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  511.879255][T12364] netlink: 'syz.4.1747': attribute type 2 has an invalid length.
[  511.887126][T12364] netlink: 'syz.4.1747': attribute type 1 has an invalid length.
[  511.894987][T12364] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1747'.
[  511.964085][T12366] netlink: 72 bytes leftover after parsing attributes in process `syz.4.1747'.
[  511.973759][T12366] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1747'.
[  512.314377][ T5829] block nbd3: Receive control failed (result -107)
[  512.722229][T12360] block nbd3: shutting down sockets
[  513.018671][T12380] siw: device registration error -23
[  513.720547][ T1556] usb 4-1: new high-speed USB device number 44 using dummy_hcd
[  513.884054][   T24] usb 3-1: USB disconnect, device number 40
[  513.892559][   T24] ldusb 3-1:0.55: LD USB Device #0 now disconnected
[  514.461277][ T1556] usb 4-1: Using ep0 maxpacket: 8
[  514.492863][ T1556] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  514.508638][ T1556] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  514.536739][ T1556] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  514.562644][ T1556] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  514.652937][ T1556] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  514.664467][ T1556] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  514.933589][T12383] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  515.154258][ T1556] usb 4-1: usb_control_msg returned -71
[  515.173592][ T1556] usbtmc 4-1:16.0: can't read capabilities
[  515.221289][ T1556] usb 4-1: USB disconnect, device number 44
[  515.460262][ T5831] usb 2-1: new high-speed USB device number 52 using dummy_hcd
[  515.620207][ T5831] usb 2-1: Using ep0 maxpacket: 16
[  515.635577][ T5831] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  515.673942][ T5831] usb 2-1: New USB device found, idVendor=04d8, idProduct=00df, bcdDevice= 0.00
[  515.697991][ T5831] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  515.788559][ T5831] usb 2-1: config 0 descriptor??
[  515.893613][T12411] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1765'.
[  516.229272][ T5888] usb 1-1: new high-speed USB device number 54 using dummy_hcd
[  516.331670][ T5831] mcp2200 0003:04D8:00DF.0011: USB HID v0.05 Device [HID 04d8:00df] on usb-dummy_hcd.1-1/input0
[  516.461176][ T5888] usb 1-1: Using ep0 maxpacket: 16
[  516.513997][ T5888] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  516.538363][ T5888] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  516.681112][ T5888] usb 1-1: Product: syz
[  516.685349][ T1556] usb 2-1: USB disconnect, device number 52
[  516.743380][T12425] virtio-fs: tag </dev/nullb0> not found
[  517.399230][ T5888] usb 1-1: Manufacturer: syz
[  517.440584][ T5888] usb 1-1: SerialNumber: syz
[  517.492995][ T5888] r8152-cfgselector 1-1: Unknown version 0x0000
[  517.516656][T12427] netlink: 'syz.4.1771': attribute type 1 has an invalid length.
[  517.527343][ T5888] r8152-cfgselector 1-1: config 0 descriptor??
[  518.020299][ T5888] r8152-cfgselector 1-1: Unknown version 0x0000
[  518.026927][ T5888] r8152-cfgselector 1-1: bad CDC descriptors
[  518.134645][ T5888] r8152-cfgselector 1-1: USB disconnect, device number 54
[  518.278311][T12441] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1775'.
[  519.258947][T12450] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1777'.
[  519.905047][ T5881] usb 2-1: new high-speed USB device number 53 using dummy_hcd
[  519.937639][T12471] virtio-fs: tag </dev/nullb0> not found
[  520.575023][T12468] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1783'.
[  520.684956][   T30] audit: type=1400 audit(1759650704.325:849): avc:  denied  { audit_write } for  pid=12473 comm="syz.0.1785" capability=29  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  520.712835][   T30] audit: type=1400 audit(1759650704.345:850): avc:  denied  { watch watch_reads } for  pid=12473 comm="syz.0.1785" path="pipe:[35482]" dev="pipefs" ino=35482 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[  520.802376][ T5881] usb 2-1: New USB device found, idVendor=0403, idProduct=da72, bcdDevice=35.7f
[  520.888796][ T5881] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  521.046993][T12483] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1786'.
[  521.290685][T12485] netlink: 'syz.1.1780': attribute type 1 has an invalid length.
[  521.822327][T12490] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1790'.
[  522.098101][ T5881] usb 2-1: string descriptor 0 read error: -71
[  522.134060][ T5881] usb 2-1: NDI device with a latency value of 1
[  522.164362][ T5881] ftdi_sio 2-1:129.0: FTDI USB Serial Device converter detected
[  522.184522][ T5881] ftdi_sio ttyUSB0: unknown device type: 0x357f
[  522.211991][ T5881] usb 2-1: USB disconnect, device number 53
[  522.233553][ T5881] ftdi_sio 2-1:129.0: device disconnected
[  522.653700][T12500] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1793'.
[  522.762187][T12498] netlink: 76 bytes leftover after parsing attributes in process `syz.0.1794'.
[  523.542256][T12511] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1796'.
[  524.163137][T12504] virtio-fs: tag </dev/nullb0> not found
[  524.664859][   T30] audit: type=1400 audit(1759650708.305:851): avc:  denied  { map } for  pid=12531 comm="syz.2.1800" path="/dev/bus/usb/002/001" dev="devtmpfs" ino=723 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  526.080740][ T5888] usb 3-1: new high-speed USB device number 41 using dummy_hcd
[  526.090165][ T5881] usb 5-1: new high-speed USB device number 48 using dummy_hcd
[  526.230768][ T5888] usb 3-1: Using ep0 maxpacket: 16
[  526.359893][ T5881] usb 5-1: Using ep0 maxpacket: 16
[  526.369401][ T5881] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  526.378887][ T5881] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  526.387760][ T5888] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  526.407396][ T5888] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  526.438477][ T5888] usb 3-1: Product: syz
[  526.461961][ T5888] usb 3-1: Manufacturer: syz
[  526.478487][ T5888] usb 3-1: SerialNumber: syz
[  526.565750][ T5888] r8152-cfgselector 3-1: Unknown version 0x0000
[  526.619343][ T5888] r8152-cfgselector 3-1: config 0 descriptor??
[  526.687674][ T5881] usb 5-1: Product: syz
[  526.691931][ T5881] usb 5-1: Manufacturer: syz
[  526.696534][ T5881] usb 5-1: SerialNumber: syz
[  526.705659][ T5881] r8152-cfgselector 5-1: Unknown version 0x0000
[  526.713557][ T5881] r8152-cfgselector 5-1: config 0 descriptor??
[  526.850824][ T5888] r8152-cfgselector 3-1: Unknown version 0x0000
[  526.861092][ T5888] r8152-cfgselector 3-1: bad CDC descriptors
[  526.934068][ T5881] r8152-cfgselector 5-1: Unknown version 0x0000
[  526.947980][ T5881] r8152-cfgselector 5-1: bad CDC descriptors
[  527.134233][T12563] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1809'.
[  527.142741][ T5881] r8152-cfgselector 5-1: USB disconnect, device number 48
[  527.295145][ T5888] r8152-cfgselector 3-1: USB disconnect, device number 41
[  527.687514][T12572] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1812'.
[  527.965615][   T30] audit: type=1400 audit(1759650711.595:852): avc:  denied  { watch_reads } for  pid=12574 comm="syz.3.1814" path="/" dev="mqueue" ino=26170 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  528.124853][T12580] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1815'.
[  528.339855][ T5929] usb 3-1: new high-speed USB device number 42 using dummy_hcd
[  528.635649][ T5929] usb 3-1: config 0 has an invalid interface number: 255 but max is 0
[  528.659270][ T5929] usb 3-1: config 0 has no interface number 0
[  528.679134][ T5929] usb 3-1: config 0 interface 255 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  528.690485][ T5929] usb 3-1: config 0 interface 255 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  528.704232][ T5929] usb 3-1: New USB device found, idVendor=10cf, idProduct=8065, bcdDevice=91.79
[  528.714418][ T5929] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  528.741058][ T5929] usb 3-1: Product: syz
[  528.751399][ T5929] usb 3-1: Manufacturer: syz
[  528.766805][ T5929] usb 3-1: SerialNumber: syz
[  528.778996][ T5929] usb 3-1: config 0 descriptor??
[  528.802394][ T5929] vmk80xx 3-1:0.255: driver 'vmk80xx' failed to auto-configure device.
[  528.844563][ T5929] vmk80xx 3-1:0.255: probe with driver vmk80xx failed with error -22
[  529.075542][ T5888] usb 3-1: USB disconnect, device number 42
[  530.899659][   T30] audit: type=1400 audit(1759650714.535:853): avc:  denied  { setopt } for  pid=12615 comm="syz.0.1826" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  530.922855][T12617] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1826'.
[  531.525051][   T30] audit: type=1400 audit(1759650715.135:854): avc:  denied  { lock } for  pid=12614 comm="syz.1.1825" path="socket:[34616]" dev="sockfs" ino=34616 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1
[  531.905936][T12630] virtio-fs: tag </dev/nullb0> not found
[  532.301837][ T5888] usb 3-1: new high-speed USB device number 43 using dummy_hcd
[  532.600465][ T5888] usb 3-1: Using ep0 maxpacket: 16
[  532.626095][ T5888] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  532.655607][ T5888] usb 3-1: New USB device found, idVendor=04d8, idProduct=00df, bcdDevice= 0.00
[  532.710358][ T5888] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  532.773246][ T5888] usb 3-1: config 0 descriptor??
[  532.887457][T12641] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1833'.
[  533.462042][ T5888] mcp2200 0003:04D8:00DF.0012: USB HID v0.05 Device [HID 04d8:00df] on usb-dummy_hcd.2-1/input0
[  533.902674][ T5888] usb 3-1: USB disconnect, device number 43
[  535.098542][T12669] FAULT_INJECTION: forcing a failure.
[  535.098542][T12669] name failslab, interval 1, probability 0, space 0, times 0
[  535.111461][T12669] CPU: 1 UID: 0 PID: 12669 Comm: syz.1.1840 Not tainted syzkaller #0 PREEMPT(full) 
[  535.111484][T12669] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  535.111493][T12669] Call Trace:
[  535.111501][T12669]  <TASK>
[  535.111508][T12669]  dump_stack_lvl+0x16c/0x1f0
[  535.111533][T12669]  should_fail_ex+0x512/0x640
[  535.111548][T12669]  ? fs_reclaim_acquire+0xae/0x150
[  535.111563][T12669]  should_failslab+0xc2/0x120
[  535.111577][T12669]  __kmalloc_noprof+0xdd/0x880
[  535.111594][T12669]  ? tomoyo_encode2+0x100/0x3e0
[  535.111610][T12669]  ? tomoyo_encode2+0x100/0x3e0
[  535.111622][T12669]  tomoyo_encode2+0x100/0x3e0
[  535.111636][T12669]  tomoyo_encode+0x29/0x50
[  535.111648][T12669]  tomoyo_realpath_from_path+0x18f/0x6e0
[  535.111665][T12669]  tomoyo_path_number_perm+0x245/0x580
[  535.111676][T12669]  ? tomoyo_path_number_perm+0x237/0x580
[  535.111688][T12669]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  535.111700][T12669]  ? find_held_lock+0x2b/0x80
[  535.111728][T12669]  ? find_held_lock+0x2b/0x80
[  535.111742][T12669]  ? hook_file_ioctl_common+0x145/0x410
[  535.111761][T12669]  ? __fget_files+0x20e/0x3c0
[  535.111775][T12669]  security_file_ioctl+0x9b/0x240
[  535.111789][T12669]  __x64_sys_ioctl+0xb7/0x210
[  535.111807][T12669]  do_syscall_64+0xcd/0x4e0
[  535.111822][T12669]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  535.111833][T12669] RIP: 0033:0x7fd64458eec9
[  535.111843][T12669] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  535.111854][T12669] RSP: 002b:00007fd645491038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  535.111865][T12669] RAX: ffffffffffffffda RBX: 00007fd6447e5fa0 RCX: 00007fd64458eec9
[  535.111872][T12669] RDX: 0000200000000240 RSI: 0000000080045439 RDI: 0000000000000003
[  535.111878][T12669] RBP: 00007fd645491090 R08: 0000000000000000 R09: 0000000000000000
[  535.111884][T12669] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  535.111890][T12669] R13: 00007fd6447e6038 R14: 00007fd6447e5fa0 R15: 00007ffd54603cc8
[  535.111904][T12669]  </TASK>
[  535.111916][T12669] ERROR: Out of memory at tomoyo_realpath_from_path.
[  535.802572][   T30] audit: type=1400 audit(1759650719.445:855): avc:  denied  { ioctl } for  pid=12667 comm="syz.1.1840" path="/dev/ptyq6" dev="devtmpfs" ino=124 ioctlcmd=0x5439 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1
[  535.922463][ T5888] usb 1-1: new high-speed USB device number 55 using dummy_hcd
[  536.032181][T12673] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1843'.
[  536.043647][T12676] hpfs: hpfs_map_sector(): read error
[  536.118440][   T30] audit: type=1400 audit(1759650719.755:856): avc:  denied  { ioctl } for  pid=12674 comm="syz.2.1845" path="socket:[34689]" dev="sockfs" ino=34689 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  536.122263][ T5888] usb 1-1: New USB device found, idVendor=0403, idProduct=da72, bcdDevice=35.7f
[  536.186511][ T5888] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  536.568496][T12694] netlink: 'syz.0.1839': attribute type 1 has an invalid length.
[  536.725747][ T5888] usb 1-1: string descriptor 0 read error: -71
[  536.746177][ T5888] usb 1-1: NDI device with a latency value of 1
[  536.753480][ T5888] ftdi_sio 1-1:129.0: FTDI USB Serial Device converter detected
[  536.938770][ T5888] ftdi_sio ttyUSB0: unknown device type: 0x357f
[  537.303354][ T5888] usb 1-1: USB disconnect, device number 55
[  537.354808][ T5888] ftdi_sio 1-1:129.0: device disconnected
[  537.395152][   T30] audit: type=1400 audit(1759650721.035:857): avc:  denied  { relabelfrom } for  pid=12699 comm="syz.3.1848" name="" dev="pipefs" ino=34710 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[  537.705426][   T30] audit: type=1400 audit(1759650721.275:858): avc:  denied  { read } for  pid=12706 comm="syz.4.1849" path="socket:[34783]" dev="sockfs" ino=34783 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  537.790931][ T5831] usb 3-1: new high-speed USB device number 44 using dummy_hcd
[  537.804899][T12713] netlink: 'syz.0.1851': attribute type 1 has an invalid length.
[  537.833560][T12713] 8021q: adding VLAN 0 to HW filter on device bond2
[  537.848803][T12713] vlan2: entered promiscuous mode
[  537.853883][T12713] bond2: entered promiscuous mode
[  537.858975][T12713] vlan2: entered allmulticast mode
[  537.864131][T12713] bond2: entered allmulticast mode
[  537.871255][   T30] audit: type=1400 audit(1759650721.515:859): avc:  denied  { create } for  pid=12712 comm="syz.0.1851" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1
[  537.899570][T12713] bond2: (slave gretap1): making interface the new active one
[  537.907088][T12713] gretap1: entered promiscuous mode
[  537.912368][T12713] gretap1: entered allmulticast mode
[  537.919960][T12713] bond2: (slave gretap1): Enslaving as an active interface with an up link
[  537.931609][   T30] audit: type=1400 audit(1759650721.535:860): avc:  denied  { write } for  pid=12712 comm="syz.0.1851" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1
[  538.030300][ T5831] usb 3-1: Using ep0 maxpacket: 8
[  538.047521][ T5831] usb 3-1: unable to get BOS descriptor or descriptor too short
[  538.093044][ T5831] usb 3-1: New USB device found, idVendor=0789, idProduct=0160, bcdDevice=82.fe
[  538.134550][ T5831] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  538.176002][ T5831] usb 3-1: Product: syz
[  538.195468][ T5831] usb 3-1: Manufacturer: syz
[  538.223070][ T5831] usb 3-1: SerialNumber: syz
[  538.637342][T12713] syz.0.1851 (12713) used greatest stack depth: 20120 bytes left
[  538.661159][T12729] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1854'.
[  538.672958][T12728] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=21776 sclass=netlink_route_socket pid=12728 comm=syz.1.1855
[  538.705557][ T5888] usb 4-1: new high-speed USB device number 45 using dummy_hcd
[  538.884736][ T5888] usb 4-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  538.905174][ T5888] usb 4-1: config 0 interface 0 has no altsetting 0
[  538.938805][ T5888] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  538.948716][ T5888] usb 4-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  538.975777][ T5888] usb 4-1: Product: syz
[  538.982134][ T5888] usb 4-1: Manufacturer: syz
[  538.986849][ T5888] usb 4-1: SerialNumber: syz
[  539.004593][ T5888] usb 4-1: config 0 descriptor??
[  539.014173][ T5888] usb 4-1: selecting invalid altsetting 0
[  539.239188][T12742] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1850'.
[  539.681592][ T1556] usb 4-1: USB disconnect, device number 45
[  539.696072][T12748] overlayfs: failed to resolve './file0': -2
[  541.156746][ T5831] asix 3-1:7.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  541.170458][ T5831] asix 3-1:7.0: probe with driver asix failed with error -71
[  541.196859][ T5831] usb 3-1: USB disconnect, device number 44
[  541.517662][T12775] netlink: 'syz.1.1865': attribute type 1 has an invalid length.
[  541.588416][T12775] bond1: entered promiscuous mode
[  541.598970][T12775] bond1: entered allmulticast mode
[  541.650721][T12775] 8021q: adding VLAN 0 to HW filter on device bond1
[  541.661125][T12777] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1864'.
[  541.677941][   T30] audit: type=1400 audit(1759650725.315:861): avc:  denied  { name_connect } for  pid=12772 comm="syz.0.1864" dest=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=sctp_socket permissive=1
[  541.949813][    C0] ------------[ cut here ]------------
[  541.955689][    C0] ODEBUG: free active (active state 0) object: ffff8880304dfc90 object type: timer_list hint: rose_t0timer_expiry+0x0/0x150
[  541.968947][    C0] WARNING: CPU: 0 PID: 12759 at lib/debugobjects.c:612 debug_print_object+0x1a2/0x2b0
[  541.978547][    C0] Modules linked in:
[  541.982851][    C0] CPU: 0 UID: 0 PID: 12759 Comm: syz.4.1860 Not tainted syzkaller #0 PREEMPT(full) 
[  541.992249][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  542.002362][    C0] RIP: 0010:debug_print_object+0x1a2/0x2b0
[  542.008190][    C0] Code: fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 54 41 56 48 8b 14 dd a0 56 d0 8b 4c 89 e6 48 c7 c7 20 4b d0 8b e8 0f 24 d0 fc 90 <0f> 0b 90 90 58 83 05 16 52 b6 0b 01 48 83 c4 18 5b 5d 41 5c 41 5d
[  542.027880][    C0] RSP: 0018:ffffc90000007a18 EFLAGS: 00010282
[  542.033967][    C0] RAX: 0000000000000000 RBX: 0000000000000003 RCX: ffffffff81799b88
[  542.041961][    C0] RDX: ffff88802cb08000 RSI: ffffffff81799b95 RDI: 0000000000000001
[  542.049971][    C0] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
[  542.057942][    C0] R10: 0000000000000000 R11: 0000000000000001 R12: ffffffff8bd051c0
[  542.065944][    C0] R13: ffffffff8b6fffe0 R14: ffffffff8a43aed0 R15: ffffc90000007b18
[  542.073929][    C0] FS:  00007f322c3ad6c0(0000) GS:ffff888124e77000(0000) knlGS:0000000000000000
[  542.082866][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  542.089431][    C0] CR2: 00007fe90a3156c0 CR3: 00000000799ab000 CR4: 00000000003526f0
[  542.097410][    C0] Call Trace:
[  542.100678][    C0]  <IRQ>
[  542.103496][    C0]  ? __pfx_rose_t0timer_expiry+0x10/0x10
[  542.109111][    C0]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  542.114908][    C0]  debug_check_no_obj_freed+0x4b7/0x600
[  542.120455][    C0]  ? __pfx_debug_check_no_obj_freed+0x10/0x10
[  542.126521][    C0]  ? mark_held_locks+0x49/0x80
[  542.131288][    C0]  ? kasan_quarantine_put+0x10a/0x240
[  542.136637][    C0]  ? lockdep_hardirqs_on+0x7c/0x110
[  542.141854][    C0]  kfree+0x291/0x6d0
[  542.145740][    C0]  ? rose_timer_expiry+0x53f/0x630
[  542.150842][    C0]  ? rose_timer_expiry+0x53f/0x630
[  542.155927][    C0]  rose_timer_expiry+0x53f/0x630
[  542.160851][    C0]  ? __pfx_rose_timer_expiry+0x10/0x10
[  542.166281][    C0]  call_timer_fn+0x19a/0x620
[  542.170857][    C0]  ? __pfx_call_timer_fn+0x10/0x10
[  542.175945][    C0]  ? rcu_is_watching+0x12/0xc0
[  542.180712][    C0]  ? __pfx_rose_timer_expiry+0x10/0x10
[  542.186145][    C0]  __run_timers+0x6ef/0x960
[  542.190636][    C0]  ? __pfx___run_timers+0x10/0x10
[  542.195643][    C0]  run_timer_base+0x114/0x190
[  542.200331][    C0]  ? __pfx_run_timer_base+0x10/0x10
[  542.205534][    C0]  ? rcu_is_watching+0x12/0xc0
[  542.210296][    C0]  run_timer_softirq+0x1a/0x40
[  542.215031][    C0]  handle_softirqs+0x219/0x8e0
[  542.219798][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  542.225081][    C0]  __irq_exit_rcu+0x109/0x170
[  542.229840][    C0]  irq_exit_rcu+0x9/0x30
[  542.234063][    C0]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  542.239677][    C0]  </IRQ>
[  542.242616][    C0]  <TASK>
[  542.245558][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  542.251546][    C0] RIP: 0010:__sanitizer_cov_trace_pc+0x56/0x70
[  542.257709][    C0] Code: 00 f0 00 75 35 8b 82 7c 16 00 00 85 c0 74 2b 8b 82 58 16 00 00 83 f8 02 75 20 48 8b 8a 60 16 00 00 8b 92 5c 16 00 00 48 8b 01 <48> 83 c0 01 48 39 d0 73 07 48 89 01 48 89 34 c1 e9 c5 8b 95 09 0f
[  542.277314][    C0] RSP: 0018:ffffc9000cdcf9f8 EFLAGS: 00000246
[  542.283372][    C0] RAX: 000000000007ffff RBX: 0000000000000000 RCX: ffffc9000d80a000
[  542.291418][    C0] RDX: 0000000000080000 RSI: ffffffff8923c5d6 RDI: ffffc9000cdcf7b8
[  542.299362][    C0] RBP: ffffc9000cdcfd98 R08: 0000000000000001 R09: fffff520019b9ef7
[  542.307330][    C0] R10: ffffc9000cdcf7bf R11: 0000000000000000 R12: ffff888058321140
[  542.315292][    C0] R13: 00002000001e8c00 R14: ffffc9000cdcfddc R15: 0000000000000002
[  542.323264][    C0]  ? ____sys_recvmsg+0x4c6/0x6b0
[  542.328211][    C0]  ____sys_recvmsg+0x4c6/0x6b0
[  542.332970][    C0]  ? __pfx_____sys_recvmsg+0x10/0x10
[  542.338247][    C0]  ? kfree+0x252/0x6d0
[  542.342339][    C0]  ___sys_recvmsg+0x114/0x1a0
[  542.346994][    C0]  ? __pfx____sys_recvmsg+0x10/0x10
[  542.352187][    C0]  ? __pfx___might_resched+0x10/0x10
[  542.357455][    C0]  do_recvmmsg+0x2fe/0x750
[  542.361861][    C0]  ? __pfx_do_recvmmsg+0x10/0x10
[  542.366783][    C0]  ? __lock_acquire+0xb97/0x1ce0
[  542.371714][    C0]  ? find_held_lock+0x2b/0x80
[  542.376385][    C0]  __x64_sys_recvmmsg+0x22a/0x280
[  542.381399][    C0]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  542.386921][    C0]  ? rcu_is_watching+0x12/0xc0
[  542.391672][    C0]  do_syscall_64+0xcd/0x4e0
[  542.396154][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  542.402031][    C0] RIP: 0033:0x7f322b58eec9
[  542.406420][    C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  542.426011][    C0] RSP: 002b:00007f322c3ad038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  542.434409][    C0] RAX: ffffffffffffffda RBX: 00007f322b7e6090 RCX: 00007f322b58eec9
[  542.442383][    C0] RDX: 0000000000010106 RSI: 00002000000000c0 RDI: 0000000000000006
[  542.450342][    C0] RBP: 00007f322b611f91 R08: 0000000000000000 R09: 0000000000000000
[  542.458286][    C0] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000
[  542.466254][    C0] R13: 00007f322b7e6128 R14: 00007f322b7e6090 R15: 00007ffe11961088
[  542.474237][    C0]  </TASK>
[  542.477246][    C0] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  542.484501][    C0] CPU: 0 UID: 0 PID: 12759 Comm: syz.4.1860 Not tainted syzkaller #0 PREEMPT(full) 
[  542.493839][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  542.503867][    C0] Call Trace:
[  542.507120][    C0]  <IRQ>
[  542.509951][    C0]  dump_stack_lvl+0x3d/0x1f0
[  542.514520][    C0]  vpanic+0x640/0x6f0
[  542.518478][    C0]  ? debug_print_object+0x1a2/0x2b0
[  542.523651][    C0]  panic+0xca/0xd0
[  542.527344][    C0]  ? __pfx_panic+0x10/0x10
[  542.531737][    C0]  ? check_panic_on_warn+0x1f/0xb0
[  542.536824][    C0]  check_panic_on_warn+0xab/0xb0
[  542.541831][    C0]  __warn+0xf6/0x3c0
[  542.545712][    C0]  ? debug_print_object+0x1a2/0x2b0
[  542.550903][    C0]  report_bug+0x3c3/0x580
[  542.555220][    C0]  ? debug_print_object+0x1a2/0x2b0
[  542.560394][    C0]  handle_bug+0x184/0x210
[  542.564698][    C0]  exc_invalid_op+0x17/0x50
[  542.569188][    C0]  asm_exc_invalid_op+0x1a/0x20
[  542.574009][    C0] RIP: 0010:debug_print_object+0x1a2/0x2b0
[  542.579796][    C0] Code: fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 54 41 56 48 8b 14 dd a0 56 d0 8b 4c 89 e6 48 c7 c7 20 4b d0 8b e8 0f 24 d0 fc 90 <0f> 0b 90 90 58 83 05 16 52 b6 0b 01 48 83 c4 18 5b 5d 41 5c 41 5d
[  542.599403][    C0] RSP: 0018:ffffc90000007a18 EFLAGS: 00010282
[  542.605442][    C0] RAX: 0000000000000000 RBX: 0000000000000003 RCX: ffffffff81799b88
[  542.613396][    C0] RDX: ffff88802cb08000 RSI: ffffffff81799b95 RDI: 0000000000000001
[  542.621339][    C0] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
[  542.629284][    C0] R10: 0000000000000000 R11: 0000000000000001 R12: ffffffff8bd051c0
[  542.637232][    C0] R13: ffffffff8b6fffe0 R14: ffffffff8a43aed0 R15: ffffc90000007b18
[  542.645178][    C0]  ? __pfx_rose_t0timer_expiry+0x10/0x10
[  542.650795][    C0]  ? __warn_printk+0x198/0x350
[  542.655535][    C0]  ? __warn_printk+0x1a5/0x350
[  542.660278][    C0]  ? debug_print_object+0x1a1/0x2b0
[  542.665539][    C0]  ? __pfx_rose_t0timer_expiry+0x10/0x10
[  542.671157][    C0]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  542.676940][    C0]  debug_check_no_obj_freed+0x4b7/0x600
[  542.682468][    C0]  ? __pfx_debug_check_no_obj_freed+0x10/0x10
[  542.688528][    C0]  ? mark_held_locks+0x49/0x80
[  542.693266][    C0]  ? kasan_quarantine_put+0x10a/0x240
[  542.698615][    C0]  ? lockdep_hardirqs_on+0x7c/0x110
[  542.703804][    C0]  kfree+0x291/0x6d0
[  542.707683][    C0]  ? rose_timer_expiry+0x53f/0x630
[  542.712770][    C0]  ? rose_timer_expiry+0x53f/0x630
[  542.717865][    C0]  rose_timer_expiry+0x53f/0x630
[  542.722775][    C0]  ? __pfx_rose_timer_expiry+0x10/0x10
[  542.728213][    C0]  call_timer_fn+0x19a/0x620
[  542.732788][    C0]  ? __pfx_call_timer_fn+0x10/0x10
[  542.737876][    C0]  ? rcu_is_watching+0x12/0xc0
[  542.742627][    C0]  ? __pfx_rose_timer_expiry+0x10/0x10
[  542.748064][    C0]  __run_timers+0x6ef/0x960
[  542.752561][    C0]  ? __pfx___run_timers+0x10/0x10
[  542.757579][    C0]  run_timer_base+0x114/0x190
[  542.762231][    C0]  ? __pfx_run_timer_base+0x10/0x10
[  542.767413][    C0]  ? rcu_is_watching+0x12/0xc0
[  542.772153][    C0]  run_timer_softirq+0x1a/0x40
[  542.776900][    C0]  handle_softirqs+0x219/0x8e0
[  542.781665][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  542.786933][    C0]  __irq_exit_rcu+0x109/0x170
[  542.791589][    C0]  irq_exit_rcu+0x9/0x30
[  542.795805][    C0]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  542.801412][    C0]  </IRQ>
[  542.804315][    C0]  <TASK>
[  542.807222][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  542.813173][    C0] RIP: 0010:__sanitizer_cov_trace_pc+0x56/0x70
[  542.819304][    C0] Code: 00 f0 00 75 35 8b 82 7c 16 00 00 85 c0 74 2b 8b 82 58 16 00 00 83 f8 02 75 20 48 8b 8a 60 16 00 00 8b 92 5c 16 00 00 48 8b 01 <48> 83 c0 01 48 39 d0 73 07 48 89 01 48 89 34 c1 e9 c5 8b 95 09 0f
[  542.838885][    C0] RSP: 0018:ffffc9000cdcf9f8 EFLAGS: 00000246
[  542.844935][    C0] RAX: 000000000007ffff RBX: 0000000000000000 RCX: ffffc9000d80a000
[  542.852885][    C0] RDX: 0000000000080000 RSI: ffffffff8923c5d6 RDI: ffffc9000cdcf7b8
[  542.860840][    C0] RBP: ffffc9000cdcfd98 R08: 0000000000000001 R09: fffff520019b9ef7
[  542.868793][    C0] R10: ffffc9000cdcf7bf R11: 0000000000000000 R12: ffff888058321140
[  542.876769][    C0] R13: 00002000001e8c00 R14: ffffc9000cdcfddc R15: 0000000000000002
[  542.884754][    C0]  ? ____sys_recvmsg+0x4c6/0x6b0
[  542.889685][    C0]  ____sys_recvmsg+0x4c6/0x6b0
[  542.894434][    C0]  ? __pfx_____sys_recvmsg+0x10/0x10
[  542.899706][    C0]  ? kfree+0x252/0x6d0
[  542.903761][    C0]  ___sys_recvmsg+0x114/0x1a0
[  542.908415][    C0]  ? __pfx____sys_recvmsg+0x10/0x10
[  542.913597][    C0]  ? __pfx___might_resched+0x10/0x10
[  542.918863][    C0]  do_recvmmsg+0x2fe/0x750
[  542.923255][    C0]  ? __pfx_do_recvmmsg+0x10/0x10
[  542.928170][    C0]  ? __lock_acquire+0xb97/0x1ce0
[  542.933095][    C0]  ? find_held_lock+0x2b/0x80
[  542.937749][    C0]  __x64_sys_recvmmsg+0x22a/0x280
[  542.942750][    C0]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  542.948272][    C0]  ? rcu_is_watching+0x12/0xc0
[  542.953023][    C0]  do_syscall_64+0xcd/0x4e0
[  542.957594][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  542.963462][    C0] RIP: 0033:0x7f322b58eec9
[  542.967852][    C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  542.987446][    C0] RSP: 002b:00007f322c3ad038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  542.995829][    C0] RAX: ffffffffffffffda RBX: 00007f322b7e6090 RCX: 00007f322b58eec9
[  543.003773][    C0] RDX: 0000000000010106 RSI: 00002000000000c0 RDI: 0000000000000006
[  543.011714][    C0] RBP: 00007f322b611f91 R08: 0000000000000000 R09: 0000000000000000
[  543.019659][    C0] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000
[  543.027603][    C0] R13: 00007f322b7e6128 R14: 00007f322b7e6090 R15: 00007ffe11961088
[  543.035557][    C0]  </TASK>
[  543.038751][    C0] Kernel Offset: disabled
[  543.043063][    C0] Rebooting in 86400 seconds..