last executing test programs:

13.866875055s ago: executing program 0 (id=1650):
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
r0 = dup(0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008002010b7040000000000008500000001000000"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x4, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r1, &(0x7f0000000280), 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x2c000010)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, 0x0, 0x0)
sendmsg$nl_xfrm(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="c4000000150001000000000000000000e00000020000000000000000000000007f0000010000000000000000000000004e230000000000000200100000000000665ab02148f867d132cc4c0ebfb8302c4f9a10cbbafe03dd36fd21b22b31400dafbfeaadf9bdc9ebbb7189d93e91e9c93b990830f770669172f57fc936b780627201728f365c5d4594c51800e8751ba106d7c6cea9ee5b0f859fde64b88c30a282dde977d52ada6f70674ac2", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fbffffffffffffff01000000000000000000000000000000070000000000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b56b6e0000000000000000000a0010000100000000000000"], 0xc4}}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102376, 0x18fe8)
mlock2(&(0x7f0000ff5000/0x9000)=nil, 0x9000, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50)
pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x7)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r4, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
r5 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r6 = syz_io_uring_setup(0x49a, &(0x7f00000000c0)={0x0, 0x79af, 0x3180, 0x2, 0x40024e}, &(0x7f0000000340)=<r7=>0x0, &(0x7f0000000040)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_submit(r7, r8, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x4007, @fd_index=0x3, 0x6, 0x0, 0x0, 0x2, 0x1})
io_uring_enter(r6, 0x627, 0x4c1, 0x43, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r5, 0x80044940, &(0x7f0000001b00))
write$binfmt_misc(r4, &(0x7f0000000000), 0xd)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)

12.700082962s ago: executing program 0 (id=1655):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r1 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x141000, 0x0)
fcntl$setpipe(0xffffffffffffffff, 0x11, 0x7efffeff00000000)
r2 = gettid()
r3 = socket(0x40000000015, 0x5, 0x0)
recvmmsg(r3, &(0x7f0000003c40)=[{{0x0, 0x0, 0x0}, 0x80000000}], 0x1, 0x60010002, 0x0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r1, 0x3ba0, &(0x7f00000001c0)={0x48, 0x5, 0x0, 0x0, 0xffffffffffffffff, 0x1})
sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x20, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="1400002f2500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0)

10.028008783s ago: executing program 1 (id=1657):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000003c0)={'wlan0\x00'})
syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0)
openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0)
syz_open_dev$video(0x0, 0x7, 0x0)
ioctl$VIDIOC_G_FREQUENCY(0xffffffffffffffff, 0xc02c5638, &(0x7f0000000240)={0x0, 0x1, 0x6fc0})
io_uring_setup(0x2471, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
close(0xffffffffffffffff)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000180), 0x8e180, 0x0)
socket$nl_sock_diag(0x10, 0x3, 0x4)

9.864095806s ago: executing program 4 (id=1658):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r3 = getpgrp(r0)
process_vm_readv(r3, &(0x7f0000000680), 0x0, 0x0, 0x0, 0x0)
ioperm(0x0, 0x2, 0x7e)
r4 = gettid()
timer_create(0xb, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
syslog(0x2, &(0x7f00000001c0)=""/229, 0xe5)
r5 = socket$inet(0x2, 0x4000000000000001, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, 0x0, 0x0)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r7 = dup(r6)
write$UHID_INPUT(r7, &(0x7f0000001040)={0xfc, {"a2e3ad09edfc09f91b44090987f70e06d038e7ff7fc6e5539b0d3d0e8b089b0732306c090890e0879b0a0ac6e70a9b3361959b4b9a240d5b0af3988f7ef319520100ffe8d178708c523c921b1b5b31070d074a0936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb000000002f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d6ced5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed700129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb21fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20040000}, 0x40805)
socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
openat$kvm(0xffffff9c, &(0x7f0000000000), 0x40080, 0x0)
syz_usb_connect(0x6, 0x3f, &(0x7f0000000300)=ANY=[@ANYRESOCT=r0, @ANYRESOCT=0x0, @ANYRESDEC], 0x0)

8.922933465s ago: executing program 3 (id=1661):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x202, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
ioctl$KVM_SET_CLOCK(r5, 0x4030ae7b, &(0x7f00000000c0)={0x9, 0x0, 0x1, 0x538, 0xa67d})

7.622085878s ago: executing program 3 (id=1663):
r0 = socket$netlink(0x10, 0x3, 0x15)
sendmsg$TCPDIAG_GETSOCK(r0, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000001100)={0xe0, 0x12, 0x1, 0x70bd28, 0x25dfdbfc, {0x1d, 0x9, 0x7, 0xff, {0x4e23, 0x4e23, [0x7, 0x80000001, 0x800, 0x8000], [0x9, 0x2, 0x1, 0x1], 0x0, [0x8, 0x1]}, 0x60, 0x4}, [@INET_DIAG_REQ_BYTECODE={0x91, 0x1, "124ed85e0cbc5d98c407d0baaceab477c3d5f145d2d47c1b3ff7b126cac8effac1681d033d5af3afb90c571fc1a828b280414dc9f3386d7fc3ca2e66f2cb26c73e003312fe611adb1bc0a21ccdb66678ee3ebb38d8bfe5604cfb35cea3615c85c813a494862d1f53d2222ebe5ba95b154d2ad33b761c5c84f403adb2ec4946a88354820cee7ea319b59c16dd27"}]}, 0xe0}}, 0x20004000) (async)
syz_usb_connect$cdc_ncm(0x0, 0x7a, &(0x7f0000000680)=ANY=[@ANYBLOB="12010000020000402505a1a44000010203010902680002010040000904000001020e0000052406000105240000000d370f010000000000000000000624beb400000c241b4800f3ff0005008005090581030002000000090401"], 0x0)

7.399209748s ago: executing program 2 (id=1665):
openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@flushpolicy={0x10, 0x12, 0x105, 0xf0, 0x25dfdbfe}, 0x10}, 0x1, 0x0, 0x0, 0x4000}, 0x20040810)

7.295096967s ago: executing program 2 (id=1666):
socket$netlink(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
getsockopt$XDP_MMAP_OFFSETS(0xffffffffffffffff, 0x11b, 0x1, 0x0, &(0x7f0000000140))
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000580)='mm_khugepaged_scan_pmd\x00', r2, 0x0, 0xa17}, 0x18)
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000440)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)={0x2c, r1, 0x1, 0x70bd28, 0x1, {}, [@BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x4}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r3}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}]}, 0x2c}}, 0x80)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r5=>0x0})
sendmsg$nl_route(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=@dellink={0x20, 0x11, 0x1, 0x70bd27, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, 0x1480, 0x2104}}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x80)

7.160209102s ago: executing program 0 (id=1667):
socketpair(0x1d, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r0, 0x8b06, &(0x7f0000000140)={'virt_wifi0\x00', @random="0100000000eb"})
r1 = syz_usb_connect(0x0, 0x202, &(0x7f0000000180)=ANY=[@ANYRES16], 0x0) (async)
futex(&(0x7f00000006c0)=0x2, 0x0, 0x2, &(0x7f0000000140)={0x77359400}, 0x0, 0x80000002)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x3938700}, {0x0, 0x3938700}}, 0x0) (async)
r2 = gettid()
rt_sigaction(0x16, &(0x7f0000000080)={0x0, 0x90000003, 0x0}, 0x0, 0x8, &(0x7f0000000200)) (async)
tkill(r2, 0x16)
syz_usb_control_io$printer(r1, 0x0, &(0x7f0000001c40)={0x34, &(0x7f0000001a80)={0x0, 0x30, 0x2, "6dfc"}, 0x0, 0x0, 0x0, 0x0, 0x0})

7.077659627s ago: executing program 2 (id=1668):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x3)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x7)
r1 = accept4$bt_l2cap(0xffffffffffffffff, 0x0, &(0x7f0000000040), 0x80000)
getsockopt$bt_l2cap_L2CAP_OPTIONS(r1, 0x6, 0x1, &(0x7f0000000240), &(0x7f0000000280)=0xc)
ioctl$KDGKBENT(0xffffffffffffffff, 0x4b46, 0x0)
r2 = getpid()
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000180)={0x26, 'aead\x00', 0x0, 0x0, 'authencesn(wp512-generic,cbc-camellia-aesni-avx2)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5", 0x4)
ptrace$ARCH_SHSTK_UNLOCK(0x1e, r2, 0x0, 0x5004)
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000080)=<r4=>0x0)
ioprio_set$pid(0x0, r4, 0x6000)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0xbf2f000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='locks_get_lock_context\x00'}, 0x18)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="650a00000000000061118000000000001800000000000000000000000000000095"], &(0x7f0000000000)='GPL\x00'}, 0x94)

6.889286024s ago: executing program 0 (id=1669):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0600000004000000404000000500000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000007c0), &(0x7f0000000380), 0xfff, r0, 0x0, 0xa0028000}, 0x38)

6.835551173s ago: executing program 4 (id=1670):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)=@newtaction={0x6c, 0x30, 0x1af, 0x1000, 0x0, {}, [{0x58, 0x1, [@m_nat={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0x9, 0xfc000000, 0x7, 0x4, 0xfffffffd}, @multicast1, @broadcast, 0xffffffff}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x6c}}, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2c}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r1, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000440)=ANY=[@ANYBLOB="9feb010018000000000000007c0000007c00000002000000000000000000000e0000000000000000000000000600000d000000000000000000000000000000000000000000000000fd000000000000000000000000000000000000000000000000000000000000000000000c00000000000000000000000900000000000000000000000900000000000000000000000a02"], 0x0, 0x96, 0x0, 0x3}, 0x28)
r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000780)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26, 0x0, 0x1}, 0x28)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000"], &(0x7f0000000280)='GPL\x00', 0x5, 0xd7, &(0x7f00000002c0)=""/226, 0x0, 0x0, '\x00', 0x0, 0x25, r2, 0x8, 0x0, 0x0, 0x10, &(0x7f00000004c0), 0x2}, 0x80)
pipe2$9p(&(0x7f00000001c0), 0x0)
io_setup(0x8, &(0x7f0000004200))
r3 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)}, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000000)=0x1, 0x4)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
lsetxattr$system_posix_acl(&(0x7f0000002540)='./file0\x00', &(0x7f0000002580)='system.posix_acl_default\x00', &(0x7f0000002640)=ANY=[@ANYBLOB="0200000001000200000000000100020006000000100001000000000020"], 0x24, 0x3)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
getsockopt$EBT_SO_GET_ENTRIES(0xffffffffffffffff, 0x84, 0x81, 0x0, &(0x7f0000000080))
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x10)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x0, 0x0})
close_range(r5, r5, 0x0)
r6 = fanotify_init(0x0, 0x0)
fanotify_mark(r6, 0x1, 0x4800003e, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x110, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x3}, 0x0, &(0x7f0000000000))
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)

6.341326347s ago: executing program 1 (id=1671):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1f00000000000000000000000010"], 0x50)
mmap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x200000000000000, 0x4000012, r0, 0x0)

6.124624152s ago: executing program 2 (id=1672):
r0 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7fffffff, 0x400, 0x1, 0xd, 0x1, 0x6, 0x6}, 0x1c)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, 0x0, 0x0, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000a80)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1088d8b8588d72ec29c48f0af5f2d9f51c4b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465ad32b77a74e802a0dc6bf25cca242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767042361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae645ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1fb8f72cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa7956488bef241875f3b4b6ab7929a57affe760e797724f4fce1093b62d7e8c7123d890decacec55bf404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f870b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f154772f514216bdf57d2a40d40b51ab67903ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1594e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c471c784ae7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec30cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e"], &(0x7f0000000100)='GPL\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00')
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000440)={0xffffffffffffffff, 0x0, 0x25, 0x0, @void}, 0x10)
recvmmsg$unix(r0, &(0x7f0000004180)=[{{&(0x7f0000001d40), 0x6e, &(0x7f00000021c0)=[{&(0x7f0000001dc0)=""/69, 0x45}], 0x1}}, {{&(0x7f0000002240)=@abs, 0x6e, &(0x7f00000025c0)=[{&(0x7f0000002300)=""/202, 0xca}, {0x0}], 0x2}}], 0x2, 0x0, 0x0)
sendmmsg(r0, &(0x7f00000030c0)=[{{0x0, 0x0, &(0x7f0000000400)}}], 0x1, 0x9200000000000000)

4.961092809s ago: executing program 1 (id=1673):
syz_emit_vhci(&(0x7f0000000000)=@HCI_VENDOR_PKT, 0x2)
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x4, 0x0)
r0 = socket$inet(0x2, 0x5, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x7d, &(0x7f0000000000)=@assoc_value, &(0x7f0000000140)=0x8)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89101)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000140)=ANY=[@ANYRES32=r1, @ANYBLOB="cca63b428ce94680620f16f567d8775b351abf6332df545ac0d337817281c5caeedab1bd04ea1ac2d43136fb15d4e53336284a5634feeddcf9bc9f1488158eb2c468c393d666b0d5438b22c5bde8d9dae9ebfaa91d9418bb48ea84da643caf", @ANYRES64=r1], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
syz_emit_ethernet(0x2a, &(0x7f0000000440)={@broadcast, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x3e, 0x1c, 0x0, 0x0, 0x2, 0x67, 0x0, @rand_addr=0x3, @broadcast}, @address_reply={0x12, 0x0, 0x0, 0x9}}}}}, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff})
recvmmsg(r3, 0x0, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, 0x0, 0x0, 0x0, 0x0)
fcntl$setstatus(r1, 0x4, 0x40400)
r4 = socket$kcm(0x10, 0x2, 0x4)
r5 = syz_io_uring_setup(0x8d2, &(0x7f00000002c0)={0x0, 0xd80a, 0x3010, 0xfffffffc, 0xffffffff}, &(0x7f00000001c0)=<r6=>0x0, &(0x7f0000000080)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
r8 = socket$igmp6(0xa, 0x3, 0x2)
syz_io_uring_submit(r6, r7, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0, 0x14008045, 0x1})
io_uring_enter(r5, 0x47ba, 0x3e80, 0x0, 0x0, 0x0)
close(r4)
write$cgroup_pid(r1, &(0x7f00000001c0)=r2, 0x12)
socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300), 0x0, 0x0, 0x0, 0x1f00c00e}, 0x4004004)

4.959797416s ago: executing program 0 (id=1674):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x40ead000)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='scalable', 0x8)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window={0x3, 0x7}, @sack_perm, @window={0x3, 0x3, 0x401}, @window], 0x63)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, 0x0, 0x0)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x12, 0x0, 0x12)
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0x2)
r2 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r3=>0x0})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
getsockopt$sock_cred(r4, 0x1, 0x4d, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc)
connect$can_bcm(r2, &(0x7f00000000c0)={0x1d, r3}, 0x10)
setsockopt$inet_mreqn(r0, 0x0, 0x20, &(0x7f00000001c0)={@multicast1, @private=0xa010101, r3}, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000002700)=""/102392, 0x18ff8)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/devices.allow\x00', 0x2, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
madvise(&(0x7f0000130000/0xd000)=nil, 0xd000, 0x66)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x16)
getrandom(&(0x7f0000000040)=""/133, 0xfffffffffffffdde, 0x2)

4.784006711s ago: executing program 3 (id=1675):
r0 = syz_io_uring_setup(0x4325, &(0x7f00000005c0)={0x0, 0x3005, 0x40, 0x0, 0x206}, &(0x7f00000001c0), &(0x7f0000000280))
syz_io_uring_setup(0x10d, &(0x7f0000000300)={0x0, 0x40000, 0x0, 0xfffffffc, 0x23c, 0x0, r0}, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000640))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
mount(0x0, 0x0, 0x0, 0x28008c4, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
syz_open_dev$sndctrl(&(0x7f0000000080), 0x2, 0x101000)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
close(0x3)
socket$inet6(0xa, 0x3, 0x4)
r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000180)='sys_enter\x00', r5}, 0x18)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, 0x0)
chdir(&(0x7f0000000140)='./file1\x00')
quotactl_fd$Q_GETINFO(r4, 0xffffffff80000500, 0x0, 0x0)
socket(0xf, 0x1, 0xfffffffe)
connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0xfffc, @broadcast}, 0x2}}, 0x2e)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$evdev(0x0, 0x6, 0x200000)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)

4.783076605s ago: executing program 4 (id=1676):
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000200), 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0700000004000000800000000101"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000500)=ANY=[@ANYBLOB="18000000020000000000000007000040181200000738279176a59c7cc4568f219ff1a960477f82e6fd1dbb2660266f80a516964aaa81b7a5ede4b24935cc155a6cdee5cc9419aefddc79670b9f697a7c055e88ac4290ca04ca6293419eef92549c346a046a178a558061de8114e23c7910c4ebd4d2d771fa97ad16dd9d7aa4bab4cc0b2419556e5aed05365045dec86bd43b1b40739106f2f240ef6cae3491492b8accfec498b00bf0950800653aaf23dd", @ANYRES8=r0, @ANYBLOB], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYRES8, @ANYRESOCT, @ANYBLOB="5ca01f3604646bacd1145cee8247fd873c3807ac83eedf636fa97b3f23d274d667ddd72416b15a0d994fef7adb115f24f51e1c91d129d141f017c21de4a4692c4443343f34993606e0ca27fc9da3efd9e61eee301d8596ddd9e62317d6209f86a07c0dd2b7072ea393b508586d190175fced806139d877005c14c7d186829481d3357971d1ddddb8cbf8d52c292478a316c2dbe5c0c3", @ANYRES8], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r3}, 0x10)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000a, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r4, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
write$P9_RVERSION(0xffffffffffffffff, 0x0, 0x15)
r7 = dup(0xffffffffffffffff)
write$FUSE_BMAP(r7, &(0x7f0000000100)={0xffffff31, 0xffffffffffffffda}, 0x18)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x4, &(0x7f0000000380)=ANY=[])
io_uring_register$IORING_UNREGISTER_FILES(r7, 0x3, 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB='\x00\x00', @ANYBLOB="ffb8", @ANYBLOB='\x00'/19], 0x48)
r8 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
connect$bt_rfcomm(r8, &(0x7f0000005dc0)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x15}, 0xa)

4.620600192s ago: executing program 3 (id=1677):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000940)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a98000000060a0b040000000000000000020000006c000480680001800a000100696e6e6572800000580002800800024000000084080003400000000708000440000000350800014000000000340005800c0001007061796c6f61640024000280080004400000001c0800034000201d6efa42a4857742ac10d28f074f370000b9080002400000000008000240000000020900010073797a30000000000900020073795a3200000000130000001100010000000000000000000300000af63f514cc8783fc8d18a7f545575a91687350d9e4e6b99977195543b527c3c1619191d354fee9dd9d9eb32e8acf9"], 0xc0}}, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
openat$dsp(0xffffffffffffff9c, &(0x7f00000003c0), 0xa8202, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeeb, 0x8031, r3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x0, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000180)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_VENDOR(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000001b40)={&(0x7f00000001c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="9cab00000000fbdbdf2532000000080001006000000008000300", @ANYRES32=r7, @ANYBLOB], 0x24}, 0x1, 0x0, 0x0, 0x48d4}, 0x40010)
setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r3, 0x84, 0x75, &(0x7f0000000100)={0x0, 0x8}, 0x8)
setsockopt$inet_sctp_SCTP_MAXSEG(r0, 0x84, 0xd, &(0x7f0000000240)=@assoc_value={0x0, 0x8001}, 0x8)
setsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x14, 0x0, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000180)=[@in={0x2, 0x4e21, @empty}], 0x10)
setsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000040)={0x0, 0x5}, 0x8)
sendmsg$inet_sctp(r0, &(0x7f0000000140)={&(0x7f0000000340)=@in={0x2, 0x4e21, @local}, 0x10, &(0x7f00000002c0)=[{&(0x7f00000001c0)='N', 0x1}], 0x1, 0x0, 0x0, 0xc04c000}, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
setsockopt$inet_sctp_SCTP_ADD_STREAMS(r0, 0x84, 0x79, &(0x7f00000000c0)={0x0, 0x9, 0xa}, 0x7)
r8 = syz_init_net_socket$ax25(0x3, 0x3, 0xcc)
setsockopt$ax25_int(r8, 0x101, 0x8, &(0x7f00000001c0)=0xcc5, 0x4)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x60081, 0x0)

4.029875058s ago: executing program 2 (id=1678):
openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/run\x00', 0x1, 0x0)
r0 = openat$comedi(0xffffff9c, &(0x7f0000000140)='/dev/comedi2\x00', 0x103180, 0x0)
ioctl$COMEDI_INSN(r0, 0x8028640c, &(0x7f0000000240)={0x8000001, 0x0, 0x0, 0x0, 0x3})
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec8500000075000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380))
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = socket$nl_rdma(0x10, 0x3, 0x14)
r6 = dup(r5)
sendmsg$RDMA_NLDEV_CMD_STAT_GET(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="1800000011146d7700000000000000e40700"], 0x18}}, 0x8000)
r7 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r7, 0x0, 0x0)
r8 = syz_io_uring_setup(0x10b, &(0x7f0000000140)={0x0, 0x800334f, 0x0, 0x3, 0x801}, &(0x7f0000000100)=<r9=>0x0, &(0x7f00000001c0)=<r10=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000540)=0xfffffffc, 0x0, 0x4)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0)
syz_io_uring_submit(r9, r10, &(0x7f0000000000)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000040)='./file0/file0\x00', 0x60, 0x185500, 0x12345})
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
io_uring_enter(r8, 0x7277, 0x4000, 0x0, 0x0, 0x0)

3.567776784s ago: executing program 4 (id=1679):
r0 = syz_io_uring_setup(0x497, &(0x7f0000000a40)={0x0, 0x465d, 0x800, 0x6, 0x14a}, &(0x7f00000006c0)=<r1=>0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, &(0x7f0000000040)={0x101, <r2=>r0, 0xa740cb53a4a912ca})
r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x84880, 0x150)
prctl$PR_SET_IO_FLUSHER(0x43, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
socket$vsock_stream(0x28, 0x1, 0x0)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
chmod(0x0, 0xfeff)
r5 = socket$netlink(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r5, 0x0, 0x0)
lsetxattr$security_capability(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040), &(0x7f0000000080)=@v3={0x3000000, [{0x8, 0x9}, {0x7f, 0x8}]}, 0x18, 0x0)
r6 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000180)=@IORING_OP_RENAMEAT={0x23, 0x0, 0x0, r2, 0x0, &(0x7f0000000100)='./file0\x00', r3, 0x0, 0x1, {0x0, r6}})
io_uring_enter(r0, 0x507, 0x966, 0x21, &(0x7f0000000000)={[0x10000]}, 0x8)
r7 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x20402, 0x0)
pwrite64(r7, 0x0, 0x0, 0x4)

3.392068079s ago: executing program 3 (id=1680):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000880)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a50000000090a0104002a0000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc0c0009800800014000005bec3ad4084000000001140000001100010000"], 0x78}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
fchownat(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1000)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000003c0), 0x40181, 0x0)
ioctl$TIOCGPTLCK(r2, 0x80045439, 0xffffffffffffffff)
sendmsg$NFT_MSG_GETSET(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000000a0a0102"], 0x14}}, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0x6, &(0x7f0000006680))
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r1, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000040)={0x1c, 0x0, 0x8, 0x301, 0x0, 0x0, {0x7, 0x0, 0x8}, [@CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x88}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4880}, 0x8000)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_NEW(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="b80000000002010400000000000000000a00fffc680003800c00028005000100890000002c000180140003002001000000000000000000000000000114000400fe8000000000000000000000000000aa2c00018014000300fc01000000000000000000000000000114000400fe80000000000000000000313c0002802c0001801400030000000000000000000000ffff7f00000114000400200100000000000000000000000000000c000280050001"], 0xb8}, 0x1, 0x0, 0x0, 0x20040015}, 0x20008090)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001540)=ANY=[@ANYBLOB="1c0000000706010800000000000000000a000004050001"], 0x1c}, 0x1, 0x0, 0x0, 0x20000005}, 0x80)
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="14"], &(0x7f0000000700), 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)=@newtaction={0x64, 0x30, 0x1, 0x0, 0x0, {}, [{0x50, 0x1, [@m_vlan={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_VLAN_PARMS={0x1c, 0x2, {{0x5, 0x0, 0x0, 0x80000008}, 0x4}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x64}}, 0x0)

2.438793903s ago: executing program 2 (id=1681):
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000180)={0x1, 0xaa4, 0x0, &(0x7f0000000340)})
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, 0x0, 0x0)
write$cgroup_pid(0xffffffffffffffff, &(0x7f00000003c0), 0xffffffa0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0xfff3}}}, 0x24}}, 0x0)
sendmsg$ETHTOOL_MSG_TSINFO_GET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380)={0x20, 0x0, 0x1, 0x70bd2d, 0x0, {0x22}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x1}, 0x0)
r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000540)={&(0x7f0000000380)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x6, [@restrict={0xb, 0x0, 0x0, 0xb, 0x2}, @typedef={0x6}]}, {0x0, [0x5f, 0x0, 0x61, 0x2e]}}, &(0x7f0000000480)=""/140, 0x36, 0x8c, 0x1}, 0x28)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000008c0)={0xffffffffffffffff, 0xe0, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000600)=[0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x8, 0x7, &(0x7f0000000640)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000680)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], <r3=>0x0, 0x6a, &(0x7f00000006c0)=[{}, {}, {}, {}], 0x20, 0x10, &(0x7f0000000700), &(0x7f0000000740), 0x8, 0x49, 0x8, 0x8, &(0x7f0000000780)}}, 0x10)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000900), 0x2a00, 0x0)
r5 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000980)=@o_path={&(0x7f0000000940)='./file0\x00', 0x0, 0x4000, r1}, 0x18)
r6 = syz_open_procfs(0x0, &(0x7f0000000180)='pagemap\x00')
mq_getsetattr(r6, &(0x7f0000000040)={0x1000, 0x10000, 0x1, 0x7}, &(0x7f0000000140))
pread64(r6, &(0x7f0000001240)=""/102400, 0x200000, 0x0)
r7 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000009c0)={0x0, 0x5, 0x30}, 0xc)
r8 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000a00)={0x1b, 0x0, 0x0, 0x0, 0x0, 0x1, 0xffffff58, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x4, 0x5}, 0x50)
r9 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000100), 0x842, 0x0)
writev(r9, &(0x7f0000000a40)=[{&(0x7f0000000000)="ff071d6ce89d", 0x6}, {0x0, 0x5000}, {0x0}], 0x3)
r10 = dup(r1)
r11 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89101)
syz_usb_connect$uac1(0x0, 0xa4, &(0x7f0000000200)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2407000005000000000000000c240000e9fffff5ffffffff092403f3ff000005024524", @ANYRES8=r11, @ANYBLOB="05", @ANYRES16=r11], 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x10, 0x12, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0xa554, 0x0, 0x0, 0x0, 0x3}, [@map_idx={0x18, 0x0, 0x5, 0x0, 0xd}, @jmp={0x5, 0x0, 0x4, 0x0, 0x1, 0xfffffffffffffef4, 0x8}, @ldst={0x0, 0x3, 0x5, 0x8, 0xb, 0xffffffffffffffc0, 0x10}, @cb_func={0x18, 0x1, 0x4, 0x0, 0x3}, @map_val={0x18, 0x2, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xfffffff9}, @func={0x85, 0x0, 0x1, 0x0, 0xffffffffffffffff}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @tail_call]}, &(0x7f0000000340)='syzkaller\x00', 0x2, 0x4c, &(0x7f0000000400)=""/76, 0x40f00, 0x605d72878b430c1a, '\x00', 0x0, @sk_msg, r2, 0x8, &(0x7f0000000580)={0xa, 0x4}, 0x8, 0x10, &(0x7f00000005c0)={0x4, 0xb, 0x7}, 0x10, r3, r4, 0xa, &(0x7f0000000a80)=[r5, r6, r7, r8, r9, r10], &(0x7f0000000ac0)=[{0x1, 0x4, 0x4, 0x1}, {0x5, 0x2, 0x4, 0x7}, {0x1, 0x3, 0xa, 0x7}, {0x5, 0x2, 0x2, 0x1}, {0x1, 0x4, 0x1, 0x8}, {0x4, 0x2, 0xc, 0x9}, {0x1, 0x5, 0x5, 0x4}, {0x2, 0x4, 0x0, 0x3}, {0x4, 0x1, 0x1, 0xa}, {0x1, 0x4, 0xe}], 0x10, 0x66e66551, @value=r11}, 0x94)
r12 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r12, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
setsockopt$inet_tcp_TCP_CONGESTION(r12, 0x6, 0xd, &(0x7f0000000200)='dctcp', 0x5)
connect$inet(r12, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
r13 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_CLOCK(r13, 0x4188aec6, &(0x7f0000000040))
ioctl$KVM_SET_CLOCK(r13, 0x4188aec6, &(0x7f0000000040)={0x0, 0x8, 0x0, 0x95d})

2.139610207s ago: executing program 4 (id=1682):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
ptrace$ARCH_MAP_VDSO_64(0x1e, r0, 0x3, 0x2003)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r3, 0x6, 0xd, 0x0, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x24048800, 0x0, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r4)
sendmsg$NL80211_CMD_STOP_AP(r4, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)={0x14, r5, 0x200, 0x70bd25, 0x25dfdbff, {{}, {@void, @void}}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x14)
sendmsg$nl_generic(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001500)=ANY=[@ANYBLOB="1c0000001500010300000000000000000c00000008000400"], 0x1c}, 0x1, 0x0, 0x0, 0xc000}, 0x4000000)

1.844015338s ago: executing program 1 (id=1683):
prctl$PR_SCHED_CORE(0x3e, 0x10000000001, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
r0 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
timerfd_create(0x2, 0x0)
mprotect(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0)
read$msr(r0, &(0x7f000001b700)=""/102392, 0x18ff8)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x6, 0xe, &(0x7f0000000300)=ANY=[@ANYBLOB="b700000018000000bca30000000000002403000040feffff720af0ff0000000071a4f0ff000000001f030000000000002e140200000000002604fdffffff000061140400000000001d430000000000007a0a00fe0000001f6114000000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f30002af51efd601b6bf01c8e8b1fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f0177184b6a89adaf17b0a6041bdef728f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101ab062cd54e67051d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566de74e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48b936e6f9e0fcda88fe4413537528fd79153baae244e7bf573eac34b781337ad5901a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab51380d7b4ead35a385e0b4a26b602396df7e0c1e02b88c114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb1188883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcc536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d648532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2654026c6ea08b83b123145ab5703dad844ceb201efeb6dc5f6a9037d2283c42efc54dd84323afc4c10eff462c8843187f1dd48ef0900000000000000ff0f4000000000f00700003c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fcdb4c1011e32f808890205f0e6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15edb4d91675767912d146aef7799738b292fd64bbca48568325b2969e2b15f36b788bce0900000000000000499f6947a967a794963442aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2869291b7d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e637d4219ef7ec61261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ecab5d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addbc4b3093c91b8068c5adfcb0d7fd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f0100e0eda300a43a13bd1b9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf699b3746979f99f6a1527f004f37e84fb478199dc1020f4beb98b8074bf7df8b5e783637daf121f175a81cffff4ac55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc682928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a4a274000000000000000000000000000000000000000000000009dd14b38f2f5426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4120260ffcd030000006d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb3928143be1c1023a375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10b0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d3b332240d450fdb0a9a69f432e277f3a0386eb2bd1305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07e18b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e8c0a0d213c3ffad44d2a376def42e41e9fc3167a257e040fa7cf32c221aaac6cfdeb33c27500001a0000000000000000000017350000c11ae694b0c69c2c03f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d10522a7a945b93fb705b95b6aae27a8fab1e6984c8bdc12360627137ab6737b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481ffe46a4ce86be0b1f8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0b74903580ac98708007c80d6c7d0de4614195e40d797c0348de20f36a220e8b3710fb5358c27e90793bcb9ee6319342c4b239ca8cbc6fc83d32e6eb62ad92e43991f2447be9c2a1ae1119eafb901a43d57e885116d19aa152bfb89f8d0b2516f80120a1cddff771657f3d0288ec3899f1e3ba0151c4037148fb479de703fc52b6573349c28d1b107d859b4961324c17756dde99de1924a1d2b7095d34a55060f47f4407d89acf9f285b20c2e6b3d0491d0d3591b0d94713332b6b79c8297117b0d14eff64e0aca8a4b4aa773d8fba1217e9519952419bb9dd998d0ec870ff00b6d556018602738fbc6cec89d6dd13cf55b96f6fe9a137d2d6a56ad78e52c23ed080000000000002bc261a781fd14126c146a0aac4221839a4b9bbf61e4bba695a41e2109eba8e40c370267cc51ffadbd15cafc97b4d3edfdcb9b5729307c6bdaf7b69325fb05fa8a9869de0600ee477d71bf3e36d1d9019edfa27aae24b632f251df210c86a18fae731ecb8b0d48357378caf2b6789509b1bacfd4fa812dc341875cfa5e798bbf59770000000000000000c8a594ea3c3347962d9113b1fecdfad5a8da641053f02e49456f5d21674521e67a5b18ea451eccf69dd6af928d2d68da9304a296c22fdcea26498d26229110b1aade386b113045033a6188d56e675564d8cb8d5b40114b4f5bf15dd64c9ece60b8588ee8777d0ea8f4713b258427c7d90f9e93348e17723ba9ab8ae790f74cc41ae5795835f3cec40dff485d2802c08611454d9ea784a205bcc07ec26f906f3cf45bb37014ab6f22af6213618e242b283ea9d3f0677ee598072ec06f7170009d92bb7ed9d12c378dfd3e74ec056ee83eef666423d934fc5908c9ff98715218a5964f1e00000000426ac9588e27aefe307f49662990ee823568bbc2f89596ced7c6c52d76b8096f1848410843b93fd404f535be474f456778b5ef85abb8fc2336abd5ea64a6efea8a5aca0015499b88ae780a7bae4df603bd3c72808cf300440b1b638a6640f7de8d0d82f359ca2f779cd48cd8d3603f4f69e47f386988c9b7b5d6dd3d48a1fdca780049d7c87bea42161a4c0d7cf0125b43dc9d8845f3c05a08acda647e7143d0e0aee2949a45e2848890522c2288072467d2afe269f589fb1bfe206c9690b6d0eebb06a29349229eb45ff15c63aa2c82c56d7420738cd1b04eb36e87cb524315d7361ea3635d3799bb7fcc56aa5e1dbe031a7a12554dee6754b72f43a6fddf427f32ec3df274a88097725679769beebf1aa6eb09d5154e4900000000000d0f7160a05911d969879953d3d4702b78825d5ed789711b77d40dc31e0b8fc651b45559da463f0000000000000000000000000052d42124e9c26aba885015e69d42ecd710342ac597ebea576ae15fdf611356f622e831741ab15549e0d7a2bd0324e2b3b48a10551607492c19eaf58485feb4cab19c303b30ba2ddea0d792d77724c9fa4ed58b93668fc20484f141ee2b6a0029e88fdc853189b4dafd36ff23b11967090e8a52ef275cf9e3e4b5d30b12d138dfa70930c603b5e3f4b7be67be3dba3cbd8d4d143195af0697d779445d67dcfbd922d12a8b49f93eac7a72faacf80346b3b60000000000000000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffff8, 0x10, &(0x7f00000000c0), 0xffffffffffffffc2}, 0x48)
fallocate(r1, 0x0, 0x7, 0x81)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0)
getsockname$packet(r2, &(0x7f0000000140)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="400000001000390400"/20, @ANYRES32=r3, @ANYBLOB="01980000000000002000128008000100677265001400028008000100", @ANYRES32=r3], 0x40}, 0x1, 0x0, 0x0, 0x4014}, 0x0)
r5 = socket(0x10, 0x3, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route_sched(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x44, 0x24, 0x5820a61ca228659, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0x9}, {0xffff, 0xffff}, {0x0, 0x7}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0xffffffffffffffdb, 0x3, {0x6, 0x2}}}}]}, 0x44}}, 0x800)
socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001300)=@delqdisc={0x90, 0x25, 0x4, 0x70bd29, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0xffe0, 0x1}, {0x10, 0xffff}, {0x0, 0xa}}, [@TCA_INGRESS_BLOCK={0x8, 0xd, 0x1}, @qdisc_kind_options=@q_red={{0x8}, {0x2c, 0x2, [@TCA_RED_MAX_P={0x8, 0x3, 0x9}, @TCA_RED_FLAGS={0xc, 0x4, {0x17, 0x7}}, @TCA_RED_EARLY_DROP_BLOCK={0x8, 0x5, 0x1}, @TCA_RED_FLAGS={0xc, 0x4, {0x7, 0x7}}]}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0xe, 0x40, 0xa8, 0x40, 0x1, 0x6, 0xc9a5, 0x2}}, {0x8, 0x2, [0x1ff, 0xa08]}}]}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0xffff5fb8}]}, 0x90}, 0x1, 0x0, 0x0, 0x810}, 0x40040c4)
getdents64(0xffffffffffffffff, 0x0, 0x25)
setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000002a40)='system.posix_acl_default\x00', &(0x7f0000000180)=ANY=[@ANYBLOB], 0x24, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$PROG_BIND_MAP(0xa, 0x0, 0x0)
fchown(0xffffffffffffffff, 0x0, 0x0)

1.107749369s ago: executing program 4 (id=1684):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'gre0\x00'})
r1 = gettid()
mknod(&(0x7f0000000180)='./file0\x00', 0x1ffa, 0x0)
acct(&(0x7f0000000140)='./file0\x00')
timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000002700)=""/102392, 0x18ff8)
sendmsg$nl_xfrm(r0, 0x0, 0x0)

812.088166ms ago: executing program 1 (id=1685):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x4d, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x10000, 0x6}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000a63000/0x8000)=nil, 0x8000, 0xb635773f06ebbeef, 0x810, 0xffffffffffffffff, 0xc36e5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f0000000140)={0x1, [<r6=>0x0]}, &(0x7f0000000240)=0x8)
getsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000000)={r6, 0x55e, 0x0, 0x3eae}, &(0x7f0000000040)=0x10)
getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r5, 0x84, 0x1a, &(0x7f0000000300)={r6, 0x74, "f698fdbd45ec77e3c1c0f7ff065ee06cbc3f8f8fd0d9ccdc60ea33c9647a8187863821de6778e3273faccedc58a41653aaca3a6270620ff21ce80794d61df67197d63dd248a26f1249b1c0c6ff4ddc6a2e5747bfac57edba9dd9fbd147e83454d275f33f08ba2a10d3159abc3ac83c0000000000"}, &(0x7f0000000040)=0x7c)
r7 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r7, 0x0, 0x0)
fcntl$dupfd(r7, 0x406, r7)
setsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, 0x0, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0xe0, 0x0, 0x0)
r8 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_inet_SIOCADDRT(r8, 0x890b, &(0x7f0000000380)={0x0, {0x2, 0x0, @empty}, {0x4, 0x0, @rand_addr=0x64010101}, {0x2, 0x0, @local}, 0x184, 0x0, 0x0, 0xfdffffffffffffff, 0x80, &(0x7f0000000180)='lo\x00'})
r9 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCADDRT(r9, 0x890b, &(0x7f0000000080)={0x0, {0x2, 0x0, @empty}, {0x2, 0x0, @remote}, {0x2, 0x0, @private}})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(r2, 0x6, &(0x7f0000000000)=0x9948)
pipe2(&(0x7f0000000040)={0xffffffffffffffff, <r10=>0xffffffffffffffff}, 0x0)
fcntl$setpipe(r10, 0x408, 0x7)
r11 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000f00), r0)
sendmsg$IEEE802154_LLSEC_DEL_DEV(r0, &(0x7f0000000fc0)={0x0, 0x0, &(0x7f0000000f80)={&(0x7f0000000f40)=ANY=[@ANYBLOB="2c00fd00", @ANYRES16=r11, @ANYBLOB="010027bd7000ffdbdf252b0000000c0005000203aaaaaaaaaaaa0a0001007770616e31000000"], 0x2c}}, 0x4)

565.486039ms ago: executing program 1 (id=1686):
sendmsg$NFNL_MSG_ACCT_GET_CTRZERO(0xffffffffffffffff, 0x0, 0x4000) (async)
ioctl$vim2m_VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, 0x0) (async, rerun: 32)
openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async, rerun: 32)
r0 = socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x1}, 0x6e) (async)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) (async)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1) (async)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x50, 0x0, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) (async, rerun: 32)
r3 = socket$packet(0x11, 0x3, 0x300) (rerun: 32)
setsockopt$packet_tx_ring(r3, 0x107, 0xd, &(0x7f00000002c0)=@req3={0x10000, 0x1, 0x100, 0x100, 0xe, 0x0, 0x3}, 0x1c) (async)
setsockopt$packet_int(r3, 0x107, 0xc, &(0x7f0000000000)=0x8, 0x4) (async)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mremap(&(0x7f0000715000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil) (async)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
r4 = openat$sequencer2(0xffffff9c, &(0x7f0000000080), 0x40241, 0x0)
ioctl$SNDCTL_SEQ_NRMIDIS(r4, 0xc0045103, &(0x7f0000000040)) (async)
socket$nl_xfrm(0x10, 0x3, 0x6) (async)
setsockopt$MRT6_INIT(r0, 0x29, 0xc8, &(0x7f0000000340), 0x4) (async)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000840), 0xffffffffffffffff)
sendmsg$WG_CMD_GET_DEVICE(r5, &(0x7f00000026c0)={0x0, 0x0, &(0x7f0000002680)={&(0x7f0000002640)={0x28, r6, 0x311, 0x70bd2b, 0x25dfdbfb, {}, [@WGDEVICE_A_IFNAME={0x14, 0x2, 'wg2\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x20}, 0x20000880) (async)
setsockopt$MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000040)={0x0, 0x1}, 0xc) (async, rerun: 64)
setsockopt$MRT6_ADD_MFC_PROXY(r0, 0x29, 0xd2, 0x0, 0x0) (rerun: 64)

558.313703ms ago: executing program 0 (id=1687):
r0 = syz_open_dev$usbfs(&(0x7f0000000080), 0x76, 0x181381)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x80045518, &(0x7f0000000000)=0x1)
close(0x3)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2, 0x0, 0xfffffffffffffffd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r7, r8, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000000)=[@text32={0x20, &(0x7f0000000100)="d8df0f23b3b9ce000000b807000000ba000000000f301b8154fea900c1210680320000c4e28ddc8dcd000000c182fd3f0000c8b950020000b801000400b9a6080000b80000010066b87a000f00d80f300f300fc79d53bf0000c4b9e16dc30101220f01c3", 0x64}], 0x1, 0x16, 0x0, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
ioctl$KVM_GET_LAPIC(r8, 0x8400ae8e, &(0x7f00000005c0))
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r9 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)=ANY=[@ANYBLOB='\\\x004e', @ANYRES16=r9, @ANYBLOB="1709a70000000000000101000000080009003f00000014001f00000000000000000000000000000000011400200000000000000000000000ffffffffffff0500070000000000060002000100000008000a0004000000"], 0x5c}}, 0x0)
openat$vsock(0xffffffffffffff9c, &(0x7f0000000040), 0x232001, 0x0)
setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x3f, &(0x7f00000004c0), 0x4)
socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket(0x10, 0x803, 0x0)

0s ago: executing program 3 (id=1688):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
timer_create(0x8, &(0x7f00000002c0)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080), 0x101080, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
ioctl$SNAPSHOT_ATOMIC_RESTORE(r0, 0x3304)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
mprotect(&(0x7f000004f000/0x800000)=nil, 0x800000, 0x0)
r3 = openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x22242, 0x0)
write$USERIO_CMD_SET_PORT_TYPE(r3, &(0x7f00000002c0)={0x1, 0x6}, 0x2)
write$USERIO_CMD_REGISTER(r3, &(0x7f00000000c0), 0x2)
write$USERIO_CMD_SEND_INTERRUPT(r3, &(0x7f00000001c0)={0x2, 0x6}, 0x2)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00003, 0x8)

kernel console output (not intermixed with test programs):

rame sizes
[  460.475841][   T43] usb 1-1: USB disconnect, device number 36
[  461.039358][T11029] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1112'.
[  461.697506][T11033] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  461.971379][T11040] netlink: 'syz.0.1115': attribute type 10 has an invalid length.
[  461.983311][T11040] vlan0: entered allmulticast mode
[  461.988591][T11040] veth0_vlan: entered allmulticast mode
[  462.157630][T11040] team0: Port device vlan0 added
[  462.171501][   T30] audit: type=1400 audit(1760514387.211:743): avc:  denied  { execute } for  pid=11032 comm="syz.4.1114" dev="hugetlbfs" ino=29776 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[  462.379073][   T30] audit: type=1400 audit(1760514387.221:744): avc:  denied  { execute_no_trans } for  pid=11032 comm="syz.4.1114" path=2F6D656D66643AA39F6EB4645204693502ACCEE1889D5B4038D7CE1F2039497F151D933DB5E75C274CE6D28EBC294A7454447181CF81BAE531F520C8103EC95C85174CBFCF91DF4DF3025E542A202864656C6574656429 dev="hugetlbfs" ino=29776 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[  462.418296][   T43] usb 4-1: new high-speed USB device number 37 using dummy_hcd
[  462.632014][   T43] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  462.643190][   T43] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  462.725524][   T30] audit: type=1400 audit(1760514387.861:745): avc:  denied  { setopt } for  pid=11044 comm="syz.2.1118" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  462.761068][   T43] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  462.765331][   T30] audit: type=1400 audit(1760514387.891:746): avc:  denied  { getopt } for  pid=11044 comm="syz.2.1118" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  462.771405][   T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  462.935194][   T30] audit: type=1400 audit(1760514387.891:747): avc:  denied  { connect } for  pid=11044 comm="syz.2.1118" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  463.469496][   T30] audit: type=1400 audit(1760514387.891:748): avc:  denied  { getopt } for  pid=11044 comm="syz.2.1118" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  463.539634][   T30] audit: type=1400 audit(1760514387.981:749): avc:  denied  { setopt } for  pid=11046 comm="syz.4.1119" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  463.573592][T11037] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  463.599620][   T43] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  463.938888][   T30] audit: type=1400 audit(1760514389.021:750): avc:  denied  { map } for  pid=11052 comm="syz.4.1121" path="/dev/dri/card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  464.410536][   T24] usb 1-1: new high-speed USB device number 37 using dummy_hcd
[  464.602886][   T24] usb 1-1: Using ep0 maxpacket: 32
[  464.650084][   T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  464.721590][   T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  464.761080][   T24] usb 1-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  464.774366][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  464.787006][   T24] usb 1-1: config 0 descriptor??
[  464.800753][ T5897] usb 4-1: USB disconnect, device number 37
[  465.856630][   T24] ft260 0003:0403:6030.0015: unknown main item tag 0x7
[  465.868807][ T5977] usb 5-1: new high-speed USB device number 45 using dummy_hcd
[  466.004023][   T30] audit: type=1400 audit(1760514391.141:751): avc:  denied  { bind } for  pid=11075 comm="syz.2.1128" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  466.040489][ T5977] usb 5-1: Using ep0 maxpacket: 16
[  466.047430][ T5977] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  466.073666][ T5977] usb 5-1: config 0 has no interface number 0
[  466.081865][T11062] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1124'.
[  466.093222][ T5977] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0xC has an invalid bInterval 0, changing to 7
[  466.120308][ T5977] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0xC has invalid wMaxPacketSize 0
[  466.183118][ T5977] usb 5-1: New USB device found, idVendor=1a86, idProduct=752d, bcdDevice=2d.4d
[  466.193914][ T5977] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  466.205159][ T5977] usb 5-1: Product: syz
[  466.209512][ T5977] usb 5-1: Manufacturer: syz
[  466.223023][ T5977] usb 5-1: SerialNumber: syz
[  466.241555][ T5977] usb 5-1: config 0 descriptor??
[  466.256330][ T5977] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  466.554221][   T56] usb 5-1: usb_submit_urb: -90
[  466.566595][ T5977] usb 5-1: USB disconnect, device number 45
[  466.714374][   T24] ft260 0003:0403:6030.0015: failed to retrieve chip version
[  466.723610][   T24] ft260 0003:0403:6030.0015: probe with driver ft260 failed with error -71
[  466.735687][   T24] usb 1-1: USB disconnect, device number 37
[  468.057329][   T30] audit: type=1400 audit(1760514393.181:752): avc:  denied  { create } for  pid=11104 comm="syz.4.1136" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  468.082518][T11105] FAT-fs (nullb0): bogus number of reserved sectors
[  468.127605][T11105] FAT-fs (nullb0): Can't find a valid FAT filesystem
[  468.150422][   T30] audit: type=1400 audit(1760514393.211:753): avc:  denied  { setopt } for  pid=11104 comm="syz.4.1136" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  468.229387][   T30] audit: type=1400 audit(1760514393.211:754): avc:  denied  { bind } for  pid=11104 comm="syz.4.1136" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  468.419120][T11110] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1138'.
[  468.470026][   T30] audit: type=1400 audit(1760514393.211:755): avc:  denied  { write } for  pid=11104 comm="syz.4.1136" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  468.540648][T11116] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1139'.
[  468.694053][T11123] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1140'.
[  469.672547][T11134] fuse: Unknown parameter '/dev/cpu/#/msr'
[  470.566509][T11142] netlink: 100 bytes leftover after parsing attributes in process `syz.0.1137'.
[  471.656121][T11161] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1148'.
[  471.665078][T11161] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1148'.
[  472.329249][   T30] audit: type=1400 audit(1760514397.461:756): avc:  denied  { read write } for  pid=11152 comm="syz.1.1147" name="autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  472.395314][   T30] audit: type=1400 audit(1760514397.531:757): avc:  denied  { open } for  pid=11152 comm="syz.1.1147" path="/dev/autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  473.799923][T11179] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1153'.
[  475.856320][T11203] ubi31: attaching mtd0
[  475.862217][T11203] ubi31: scanning is finished
[  476.026757][T11202] netlink: 100 bytes leftover after parsing attributes in process `syz.1.1159'.
[  478.218746][T11207] kAFS: No cell specified
[  478.271895][T11203] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[  478.279536][T11203] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  478.288518][T11203] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[  478.295630][T11203] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[  478.303101][T11203] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  478.309943][T11203] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[  478.318150][T11203] ubi31: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 1260176444
[  478.328276][T11203] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  478.374679][T11210] ubi31: background thread "ubi_bgt31d" started, PID 11210
[  479.832967][   T30] audit: type=1400 audit(1760514404.951:758): avc:  denied  { bind } for  pid=11223 comm="syz.3.1166" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  479.874945][   T30] audit: type=1400 audit(1760514405.011:759): avc:  denied  { firmware_load } for  pid=11225 comm="syz.1.1167" path="/lib/firmware/regulatory.db" dev="sda1" ino=448 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:lib_t tclass=system permissive=1
[  479.899739][    C0] vkms_vblank_simulate: vblank timer overrun
[  480.750423][T11226] syz.1.1167 (11226) used greatest stack depth: 19720 bytes left
[  480.982423][T11240] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1168'.
[  481.450575][  T911] usb 1-1: new high-speed USB device number 38 using dummy_hcd
[  481.588249][T11252] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1173'.
[  481.613066][T11252] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1173'.
[  481.622659][   T30] audit: type=1400 audit(1760514406.721:760): avc:  denied  { create } for  pid=11251 comm="syz.4.1174" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  481.708879][T11254] comedi comedi3: 8255: I/O port conflict (0x4f27,4)
[  481.716631][T11254] comedi comedi3: 8255: I/O port conflict (0x7,4)
[  481.724530][T11254] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  481.732346][T11254] comedi comedi3: 8255: I/O port conflict (0x16,4)
[  481.739230][T11254] comedi comedi3: 8255: I/O port conflict (0x5,4)
[  481.745840][T11254] comedi comedi3: 8255: I/O port conflict (0x5,4)
[  481.753485][T11254] comedi comedi3: 8255: I/O port conflict (0x8,4)
[  481.800348][  T911] usb 1-1: Using ep0 maxpacket: 16
[  481.800795][   T30] audit: type=1400 audit(1760514406.721:761): avc:  denied  { ioctl } for  pid=11251 comm="syz.4.1174" path="socket:[30202]" dev="sockfs" ino=30202 ioctlcmd=0x890c scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  481.830129][    C0] vkms_vblank_simulate: vblank timer overrun
[  481.841708][  T911] usb 1-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4
[  481.850911][T11254] comedi comedi3: 8255: I/O port conflict (0x3,4)
[  481.853925][  T911] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  481.861118][T11254] comedi comedi3: 8255: I/O port conflict (0xa,4)
[  481.875279][T11254] comedi comedi3: 8255: I/O port conflict (0xfd,4)
[  481.882033][T11254] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  481.887521][  T911] usb 1-1: config 0 descriptor??
[  481.888804][T11254] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  481.904765][T11254] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  481.911602][T11254] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  481.918131][T11254] comedi comedi3: 8255: I/O port conflict (0x6,4)
[  481.925047][T11254] comedi comedi3: 8255: I/O port conflict (0x80009,4)
[  481.932137][T11254] comedi comedi3: 8255: I/O port conflict (0xfffffffffffffffe,4)
[  481.939965][T11254] comedi comedi3: 8255: I/O port conflict (0x7f,4)
[  481.946990][T11254] comedi comedi3: 8255: I/O port conflict (0x3,4)
[  481.953970][T11254] comedi comedi3: 8255: I/O port conflict (0x40000004,4)
[  481.962024][T11254] comedi comedi3: 8255: I/O port conflict (0x89,4)
[  481.969229][T11254] comedi comedi3: 8255: I/O port conflict (0x3,4)
[  481.979800][T11254] comedi comedi3: 8255: I/O port conflict (0x20001e58,4)
[  481.987302][T11254] comedi comedi3: 8255: I/O port conflict (0xb,4)
[  481.994772][T11254] comedi comedi3: 8255: I/O port conflict (0x3,4)
[  482.003020][T11254] comedi comedi3: 8255: I/O port conflict (0x995d000,4)
[  482.262848][  T911] gspca_main: sonixj-2.14.0 probing 0471:0327
[  482.818172][T11264] erofs (device nbd3): cannot find valid erofs superblock
[  482.857096][  T911] gspca_sonixj: reg_w1 err -71
[  482.862038][  T911] sonixj 1-1:0.0: probe with driver sonixj failed with error -71
[  482.882083][T11259] syzkaller1: entered promiscuous mode
[  482.894449][  T911] usb 1-1: USB disconnect, device number 38
[  482.903765][T11259] syzkaller1: entered allmulticast mode
[  482.949086][   T30] audit: type=1400 audit(1760514408.081:762): avc:  denied  { write } for  pid=11275 comm="syz.0.1179" name="uinput" dev="devtmpfs" ino=920 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  483.339689][T11278] input input29: cannot allocate more than FF_MAX_EFFECTS effects
[  483.968906][   T30] audit: type=1400 audit(1760514408.111:763): avc:  denied  { ioctl } for  pid=11275 comm="syz.0.1179" path="/dev/uinput" dev="devtmpfs" ino=920 ioctlcmd=0x5504 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  484.487483][   T30] audit: type=1400 audit(1760514409.291:764): avc:  denied  { append } for  pid=11272 comm="syz.4.1178" name="video1" dev="devtmpfs" ino=931 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[  484.996973][   T30] audit: type=1400 audit(1760514410.131:765): avc:  denied  { mount } for  pid=11287 comm="syz.3.1181" name="/" dev="hugetlbfs" ino=30750 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1
[  485.001074][T11292] audit: audit_lost=2 audit_rate_limit=0 audit_backlog_limit=64
[  485.054655][T11292] audit: out of memory in audit_log_start
[  485.062019][T11292] hugetlbfs: Bad value 'V' for mount option 'nr_inodes'
[  485.062019][T11292] 
[  485.218767][   T30] audit: type=1400 audit(1760514410.351:766): avc:  denied  { unmount } for  pid=5810 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1
[  485.333332][  T911] usb 1-1: new high-speed USB device number 39 using dummy_hcd
[  485.546400][T11308] overlayfs: option "workdir=./file1" is useless in a non-upper mount, ignore
[  485.582707][T11308] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off.
[  485.604122][T11308] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  485.630362][ T5822] Bluetooth: hci1: unexpected event for opcode 0x2029
[  485.644295][T11308] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1188'.
[  485.683693][   T30] audit: type=1400 audit(1760514410.821:767): avc:  denied  { getopt } for  pid=11307 comm="syz.2.1188" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  485.771496][  T911] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  485.801810][  T911] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  485.872266][  T911] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  485.915910][  T911] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  485.949582][T11291] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  486.071315][T11324] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1191'.
[  486.206290][  T911] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  487.317590][ T5865] usb 1-1: USB disconnect, device number 39
[  488.190178][T11351] openvswitch: netlink: IP tunnel attribute has 8 unknown bytes.
[  488.560676][   T30] audit: type=1400 audit(1760514413.661:768): avc:  denied  { name_connect } for  pid=11346 comm="syz.4.1198" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=sctp_socket permissive=1
[  488.613203][ T5813] IPVS: starting estimator thread 0...
[  488.664819][   T30] audit: type=1400 audit(1760514413.671:769): avc:  denied  { write } for  pid=11346 comm="syz.4.1198" lport=52397 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1
[  488.718545][T11356] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1198'.
[  488.731015][T11360] IPVS: using max 38 ests per chain, 91200 per kthread
[  488.738778][   T30] audit: type=1400 audit(1760514413.671:770): avc:  denied  { setopt } for  pid=11346 comm="syz.4.1198" lport=52397 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1
[  488.811127][T11359] gfs2: not a GFS2 filesystem
[  488.867357][   T30] audit: type=1400 audit(1760514413.671:771): avc:  denied  { mount } for  pid=11346 comm="syz.4.1198" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[  488.936758][   T30] audit: type=1400 audit(1760514413.711:772): avc:  denied  { unmount } for  pid=5824 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  490.210420][   T30] kauditd_printk_skb: 2 callbacks suppressed
[  490.210463][   T30] audit: type=1400 audit(1760514415.291:775): avc:  denied  { read write } for  pid=11376 comm="syz.0.1207" name="uhid" dev="devtmpfs" ino=1273 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  490.239895][    C1] vkms_vblank_simulate: vblank timer overrun
[  490.283977][ T5897] IPVS: starting estimator thread 0...
[  490.309913][T11368] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1205'.
[  490.400387][T11381] IPVS: using max 42 ests per chain, 100800 per kthread
[  490.446171][   T30] audit: type=1400 audit(1760514415.301:776): avc:  denied  { open } for  pid=11376 comm="syz.0.1207" path="/dev/uhid" dev="devtmpfs" ino=1273 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  490.469553][    C1] vkms_vblank_simulate: vblank timer overrun
[  490.860495][ T5865] usb 1-1: new high-speed USB device number 40 using dummy_hcd
[  491.021720][ T5865] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  491.891995][   T30] audit: type=1400 audit(1760514415.941:777): avc:  denied  { write } for  pid=11383 comm="syz.2.1208" name="001" dev="devtmpfs" ino=745 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  491.914990][ T5865] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  491.925371][ T5865] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  491.937672][ T5865] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  491.971310][T11389] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  492.032313][ T5865] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  492.242375][ T5865] usb 1-1: USB disconnect, device number 40
[  492.714445][   T30] audit: type=1400 audit(1760514417.851:778): avc:  denied  { write } for  pid=11404 comm="syz.3.1213" name="ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  492.737231][    C1] vkms_vblank_simulate: vblank timer overrun
[  492.760669][   T30] audit: type=1400 audit(1760514417.881:779): avc:  denied  { ioctl } for  pid=11404 comm="syz.3.1213" path="/dev/ppp" dev="devtmpfs" ino=709 ioctlcmd=0x743e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  493.955832][T11426] netlink: 100 bytes leftover after parsing attributes in process `syz.3.1218'.
[  494.582428][ T5822] Bluetooth: hci2: unexpected event for opcode 0x0c5b
[  494.707449][T11423] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1217'.
[  495.820369][ T5813] usb 3-1: new high-speed USB device number 51 using dummy_hcd
[  495.954584][T11455] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1227'.
[  496.132991][ T5813] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  496.644907][ T5813] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  496.677781][ T5813] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  496.756118][ T5813] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  496.864273][T11452] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  497.084194][ T5822] Bluetooth: hci2: unexpected event for opcode 0x2029
[  497.173045][ T5813] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  497.327339][T11473] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1232'.
[  497.349758][  T911] usb 3-1: USB disconnect, device number 51
[  497.382612][T11474] netlink: 'syz.3.1230': attribute type 1 has an invalid length.
[  497.390446][T11474] netlink: 144 bytes leftover after parsing attributes in process `syz.3.1230'.
[  497.399526][T11474] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1230'.
[  497.882716][   T30] audit: type=1400 audit(1760514423.011:780): avc:  denied  { write } for  pid=11478 comm="syz.0.1234" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  498.740366][ T5813] usb 3-1: new high-speed USB device number 52 using dummy_hcd
[  498.913010][ T5813] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  498.924469][ T5813] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  498.938934][ T5813] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  498.948308][ T5813] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  499.062316][T11491] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  499.076679][ T5813] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  499.810365][   T24] usb 2-1: new high-speed USB device number 43 using dummy_hcd
[  499.844513][  T911] usb 3-1: USB disconnect, device number 52
[  500.010416][ T5822] Bluetooth: hci1: unexpected event for opcode 0x2029
[  500.038242][   T24] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  500.049292][   T30] audit: type=1400 audit(1760514425.181:781): avc:  denied  { create } for  pid=11512 comm="syz.4.1244" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  500.068746][    C1] vkms_vblank_simulate: vblank timer overrun
[  500.078236][   T24] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  500.105999][   T24] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  500.115120][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  500.187542][T11506] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  500.265181][   T24] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  500.566966][T11518] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  501.074784][   T24] usb 2-1: USB disconnect, device number 43
[  501.213865][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  501.220363][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  501.428389][ T5813] usb 4-1: new high-speed USB device number 38 using dummy_hcd
[  501.682241][ T5813] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  501.768795][ T5813] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  501.790093][ T5813] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  501.800589][ T5813] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  501.814446][T11523] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  501.826579][ T5813] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  502.037322][ T5813] usb 4-1: USB disconnect, device number 38
[  502.389663][   T30] audit: type=1400 audit(1760514427.521:782): avc:  denied  { connect } for  pid=11536 comm="syz.4.1252" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  502.507940][   T24] usb 2-1: new full-speed USB device number 44 using dummy_hcd
[  502.593218][  T911] libceph: connect (1)[c::]:6789 error -22
[  502.606114][  T911] libceph: mon0 (1)[c::]:6789 connect error
[  502.713858][   T24] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  502.734431][T11539] ceph: No mds server is up or the cluster is laggy
[  502.820131][T11547] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci0/hci0:200/input31
[  503.121623][   T24] usb 2-1: New USB device found, idVendor=4752, idProduct=0011, bcdDevice=32.4f
[  503.144939][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  503.164960][   T24] usb 2-1: Product: syz
[  503.180408][   T24] usb 2-1: Manufacturer: syz
[  503.197425][   T24] usb 2-1: SerialNumber: syz
[  503.295260][   T24] usb 2-1: config 0 descriptor??
[  503.497683][T11551] 9pnet_fd: Insufficient options for proto=fd
[  503.537253][   T24] hub 2-1:0.0: bad descriptor, ignoring hub
[  503.550405][   T24] hub 2-1:0.0: probe with driver hub failed with error -5
[  503.679719][   T24] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  503.752045][   T24] snd-usb-audio 2-1:0.0: probe with driver snd-usb-audio failed with error -2
[  503.795469][   T24] usb 2-1: USB disconnect, device number 44
[  503.850466][ T5813] usb 1-1: new high-speed USB device number 41 using dummy_hcd
[  503.933952][ T5822] Bluetooth: hci2: unexpected event for opcode 0x2029
[  504.098713][ T5813] usb 1-1: config 0 has no interfaces?
[  504.152024][ T5813] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  504.161686][ T5813] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  504.179797][ T5813] usb 1-1: Product: syz
[  504.184509][ T5813] usb 1-1: Manufacturer: syz
[  504.189674][ T5813] usb 1-1: SerialNumber: syz
[  504.201097][ T5813] usb 1-1: config 0 descriptor??
[  504.242104][   T30] audit: type=1400 audit(1760514429.381:783): avc:  denied  { ioctl } for  pid=11566 comm="syz.4.1260" path="/dev/autofs" dev="devtmpfs" ino=98 ioctlcmd=0x9374 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  504.282163][ T5897] usb 3-1: new high-speed USB device number 53 using dummy_hcd
[  504.481783][ T5897] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  504.521809][ T5897] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  504.531949][   T30] audit: type=1400 audit(1760514429.651:784): avc:  denied  { map } for  pid=11555 comm="syz.0.1256" path="/dev/usbmon0" dev="devtmpfs" ino=716 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  504.561533][ T5897] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  504.576188][ T5897] usb 3-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0
[  504.603336][ T5897] usb 3-1: Manufacturer: syz
[  504.619986][ T5897] usb 3-1: config 0 descriptor??
[  504.855799][T11563] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1258'.
[  505.150035][   T30] audit: type=1400 audit(1760514430.141:785): avc:  denied  { append } for  pid=11583 comm="syz.4.1262" name="sg0" dev="devtmpfs" ino=782 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  505.233673][   T30] audit: type=1400 audit(1760514430.141:786): avc:  denied  { map } for  pid=11562 comm="syz.2.1258" path="socket:[31953]" dev="sockfs" ino=31953 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1
[  505.330651][T10352] usb 2-1: new high-speed USB device number 45 using dummy_hcd
[  505.447963][T11579] team0 (unregistering): Port device team_slave_0 removed
[  505.473337][T11579] team0 (unregistering): Port device team_slave_1 removed
[  505.502381][T10352] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  505.517549][T10352] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  505.534602][T10352] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  505.554441][T11579] team0 (unregistering): Port device vlan0 removed
[  505.593888][T10352] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  505.863231][T11581] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22
[  505.922740][T10352] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  506.004430][ T5897] uclogic 0003:256C:006D.0016: interface is invalid, ignoring
[  506.139070][   T24] usb 2-1: USB disconnect, device number 45
[  506.382945][ T5822] Bluetooth: hci0: link tx timeout
[  506.388978][ T5822] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa
[  506.399095][ T5822] Bluetooth: hci0: link tx timeout
[  506.406220][ T5822] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa
[  507.376286][T11613] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1270'.
[  508.287970][ T5897] usb 3-1: USB disconnect, device number 53
[  508.380164][ T5813] usb 1-1: USB disconnect, device number 41
[  508.449685][T11617] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1271'.
[  508.460402][ T5822] Bluetooth: hci0: command 0x0406 tx timeout
[  509.645912][T11632] mkiss: ax0: crc mode is auto.
[  509.700680][   T30] audit: type=1400 audit(1760514434.771:787): avc:  denied  { map } for  pid=11625 comm="syz.4.1274" path="socket:[31437]" dev="sockfs" ino=31437 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  509.742766][   T30] audit: type=1400 audit(1760514434.791:788): avc:  denied  { bind } for  pid=11625 comm="syz.4.1274" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  510.261610][T11638] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1273'.
[  510.550350][   T24] usb 3-1: new high-speed USB device number 54 using dummy_hcd
[  510.700935][   T24] usb 3-1: Using ep0 maxpacket: 32
[  510.730997][   T24] usb 3-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[  510.743239][   T24] usb 3-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[  510.760470][   T24] usb 3-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  510.776705][   T24] usb 3-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[  510.822394][ T5819] Bluetooth: hci2: unexpected event for opcode 0x2029
[  510.968251][   T24] usb 3-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[  511.032633][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  511.070471][   T24] usb 3-1: Product: syz
[  511.079197][   T24] usb 3-1: Manufacturer: syz
[  511.104129][   T24] usb 3-1: SerialNumber: syz
[  511.359749][    C1] imon 3-1:155.0: imon usb_rx_callback_intf0: status(-71)
[  511.370246][   T24] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:155.0/input/input32
[  511.411422][ T5897] usb 2-1: new full-speed USB device number 46 using dummy_hcd
[  511.621030][   T24] imon 3-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR
[  512.175123][ T5897] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  512.186228][ T5897] usb 2-1: config 1 has 0 interfaces, different from the descriptor's value: 1
[  512.203978][ T5897] usb 2-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=31.6d
[  512.217780][ T5897] usb 2-1: New USB device strings: Mfr=107, Product=102, SerialNumber=146
[  512.226406][ T5897] usb 2-1: Product: syz
[  512.230615][ T5897] usb 2-1: Manufacturer: syz
[  512.235202][ T5897] usb 2-1: SerialNumber: syz
[  512.237458][   T24]  (id 0x00)
[  512.364441][   T24] rc_core: IR keymap rc-imon-pad not found
[  512.394952][   T24] Registered IR keymap rc-empty
[  512.402339][   T24] imon 3-1:155.0: Looks like you're trying to use an IR protocol this device does not support
[  512.458266][   T24] imon 3-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[  512.689426][   T24] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:155.0/rc/rc0
[  512.749946][ T5819] Bluetooth: hci1: Ignoring connect complete event for invalid link type
[  512.753179][   T24] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:155.0/rc/rc0/input33
[  512.783136][T11669] netlink: 180 bytes leftover after parsing attributes in process `syz.0.1286'.
[  512.820784][T11669] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1286'.
[  512.853760][   T24] imon 3-1:155.0: iMON device (15c2:ffdc, intf0) on usb<3:54> initialized
[  512.876903][   T30] audit: type=1400 audit(1760514438.011:789): avc:  denied  { read } for  pid=11648 comm="syz.1.1281" name="file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[  512.915878][T11670] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  512.927473][   T24] usb 3-1: USB disconnect, device number 54
[  512.982707][T11670] block device autoloading is deprecated and will be removed.
[  513.143038][   T30] audit: type=1400 audit(1760514438.011:790): avc:  denied  { open } for  pid=11648 comm="syz.1.1281" path="/251/file0/file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[  513.166168][   T30] audit: type=1400 audit(1760514438.081:791): avc:  denied  { append } for  pid=11672 comm="syz.4.1289" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  513.189459][    C1] vkms_vblank_simulate: vblank timer overrun
[  513.567998][   T30] audit: type=1400 audit(1760514438.081:792): avc:  denied  { map } for  pid=11672 comm="syz.4.1289" path="/dev/fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  513.591473][    C1] vkms_vblank_simulate: vblank timer overrun
[  513.604997][   T30] audit: type=1400 audit(1760514438.081:793): avc:  denied  { execute } for  pid=11672 comm="syz.4.1289" path="/dev/fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  513.630375][   T30] audit: type=1400 audit(1760514438.691:794): avc:  denied  { ioctl } for  pid=11648 comm="syz.1.1281" path="/251/file0/file0" dev="fuse" ino=64 ioctlcmd=0x921 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[  513.651805][  T911] usb 2-1: USB disconnect, device number 46
[  513.901658][T11687] : entered promiscuous mode
[  514.016104][T11689] netlink: 'syz.4.1291': attribute type 1 has an invalid length.
[  514.104609][   T30] audit: type=1400 audit(1760514439.241:795): avc:  denied  { read } for  pid=11690 comm="syz.3.1292" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  514.894115][T11701] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1295'.
[  515.980358][ T5897] usb 4-1: new high-speed USB device number 39 using dummy_hcd
[  516.698061][ T5897] usb 4-1: config index 0 descriptor too short (expected 39, got 27)
[  516.706393][ T5897] usb 4-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  516.716304][ T5897] usb 4-1: config 0 interface 0 has no altsetting 0
[  516.945762][ T5897] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  516.966713][ T5897] usb 4-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  517.011959][   T30] audit: type=1400 audit(1760514442.121:796): avc:  denied  { connect } for  pid=11725 comm="syz.1.1302" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  517.051473][ T5897] usb 4-1: Product: syz
[  517.055662][ T5897] usb 4-1: Manufacturer: syz
[  517.085394][ T5897] usb 4-1: SerialNumber: syz
[  517.125930][ T5897] usb 4-1: config 0 descriptor??
[  517.150334][ T5897] hub 4-1:0.0: bad descriptor, ignoring hub
[  517.166490][ T5897] hub 4-1:0.0: probe with driver hub failed with error -5
[  517.183122][ T5897] usb 4-1: selecting invalid altsetting 0
[  517.567970][   T30] audit: type=1400 audit(1760514442.571:797): avc:  denied  { write } for  pid=11729 comm="syz.0.1303" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  517.751898][T11716] netlink: 'syz.3.1299': attribute type 4 has an invalid length.
[  517.849295][T11744] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  517.878806][T11744] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  517.934860][T10352] usb 4-1: USB disconnect, device number 39
[  518.090386][  T911] usb 3-1: new high-speed USB device number 55 using dummy_hcd
[  518.332865][  T911] usb 3-1: New USB device found, idVendor=0af7, idProduct=0101, bcdDevice=2d.62
[  518.342052][  T911] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  518.353457][  T911] usb 3-1: config 0 descriptor??
[  518.360621][  T911] usb 3-1: selecting invalid altsetting 1
[  518.366379][  T911] flexcop_usb: set interface failed.
[  518.372192][  T911] b2c2_flexcop_usb 3-1:0.0: probe with driver b2c2_flexcop_usb failed with error -22
[  518.470405][T10352] usb 2-1: new full-speed USB device number 47 using dummy_hcd
[  518.480354][ T5897] usb 5-1: new high-speed USB device number 46 using dummy_hcd
[  518.508634][   T30] audit: type=1400 audit(1760514443.641:798): avc:  denied  { append } for  pid=11755 comm="syz.3.1310" name="loop3" dev="devtmpfs" ino=650 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  518.622419][T10352] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  518.659497][ T5897] usb 5-1: Using ep0 maxpacket: 32
[  518.745456][ T5897] usb 5-1: New USB device found, idVendor=04b4, idProduct=861f, bcdDevice=f9.d6
[  518.754784][T10352] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  518.835083][ T5897] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  518.923383][T10352] usb 2-1: New USB device found, idVendor=4752, idProduct=0011, bcdDevice=32.4f
[  518.974606][ T5897] usb 5-1: config 0 descriptor??
[  518.995822][T10352] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  519.049715][ T5897] usb 5-1: dvb_usb_v2: found a 'Anysee' in warm state
[  519.078090][T10352] usb 2-1: Product: syz
[  519.092783][ T5897] usb 5-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  519.100655][T10352] usb 2-1: Manufacturer: syz
[  519.140429][T10352] usb 2-1: SerialNumber: syz
[  519.146210][ T5897] dvb_usb_anysee 5-1:0.0: probe with driver dvb_usb_anysee failed with error -22
[  519.161010][T10352] usb 2-1: config 0 descriptor??
[  519.184743][T10352] hub 2-1:0.0: bad descriptor, ignoring hub
[  519.193808][T10352] hub 2-1:0.0: probe with driver hub failed with error -5
[  519.205906][T10352] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  519.282373][T10352] snd-usb-audio 2-1:0.0: probe with driver snd-usb-audio failed with error -2
[  519.560627][T10352] usb 2-1: USB disconnect, device number 47
[  519.581940][T10352] usb 5-1: USB disconnect, device number 46
[  520.036598][T11767] xt_connbytes: Forcing CT accounting to be enabled
[  520.800567][  T911] usb 4-1: new high-speed USB device number 40 using dummy_hcd
[  520.841294][T11784] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1317'.
[  521.069809][  T911] usb 4-1: config 21 has an invalid interface number: 217 but max is 0
[  521.094205][  T911] usb 4-1: config 21 has no interface number 0
[  521.306151][  T911] usb 4-1: New USB device found, idVendor=2304, idProduct=023e, bcdDevice=d7.69
[  521.328163][  T911] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  521.345661][  T911] usb 4-1: Product: syz
[  521.346778][T10352] usb 3-1: USB disconnect, device number 55
[  521.432619][  T911] usb 4-1: Manufacturer: syz
[  521.450444][  T911] usb 4-1: SerialNumber: syz
[  521.464493][  T911] hub 4-1:21.217: bad descriptor, ignoring hub
[  521.480488][  T911] hub 4-1:21.217: probe with driver hub failed with error -5
[  521.582274][   T43] usb 5-1: new high-speed USB device number 47 using dummy_hcd
[  521.917627][T11793] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1319'.
[  521.943511][   T43] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  521.960479][  T911] dvb-usb: found a 'Pinnacle PCTV Hybrid Stick Solo' in cold state, will try to load a firmware
[  521.971987][   T43] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  521.999334][   T43] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  522.031140][  T911] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  522.039334][  T911] dib0700: firmware download failed at 7 with -22
[  522.045818][   T43] usb 5-1: config 1 has no interface number 1
[  522.054359][   T43] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  522.080552][   T43] usb 5-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  522.099257][   T43] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  522.108562][   T43] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  522.117090][   T43] usb 5-1: Product: syz
[  522.121341][   T43] usb 5-1: Manufacturer: syz
[  522.126354][   T43] usb 5-1: SerialNumber: syz
[  522.767152][   T30] audit: type=1400 audit(1760514447.901:799): avc:  denied  { mount } for  pid=11777 comm="syz.3.1316" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1
[  522.789432][    C0] vkms_vblank_simulate: vblank timer overrun
[  522.932743][T10352] usb 4-1: USB disconnect, device number 40
[  523.561786][T11809] siw: device registration error -23
[  523.983043][T10352] usb 4-1: new full-speed USB device number 41 using dummy_hcd
[  524.146163][T10352] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  524.453666][   T30] audit: type=1400 audit(1760514449.101:800): avc:  denied  { execute_no_trans } for  pid=11813 comm="syz.0.1324" path="/51/file0" dev="tmpfs" ino=292 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  524.489656][T10352] usb 4-1: New USB device found, idVendor=4752, idProduct=0011, bcdDevice=32.4f
[  524.499000][T10352] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  524.859723][T11817] ALSA: mixer_oss: invalid OSS volume 'u'
[  524.894829][T10352] usb 4-1: Product: syz
[  524.904563][T10352] usb 4-1: Manufacturer: syz
[  524.917192][T10352] usb 4-1: SerialNumber: syz
[  524.933520][T10352] usb 4-1: config 0 descriptor??
[  524.954841][T10352] hub 4-1:0.0: bad descriptor, ignoring hub
[  525.103825][T10352] hub 4-1:0.0: probe with driver hub failed with error -5
[  525.118230][T10352] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  525.162053][T10352] snd-usb-audio 4-1:0.0: probe with driver snd-usb-audio failed with error -2
[  525.164454][   T43] usb 5-1: No MIDI 2.0 at altset 1, falling back to MIDI 1.0
[  525.225453][   T43] usb 5-1: MIDIStreaming interface descriptor not found
[  525.250627][T10352] usb 4-1: USB disconnect, device number 41
[  525.404384][   T43] usb 5-1: USB disconnect, device number 47
[  525.505751][T11833] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  525.637687][   T30] audit: type=1400 audit(1760514450.771:801): avc:  denied  { read } for  pid=11834 comm="syz.1.1330" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  525.808148][   T30] audit: type=1400 audit(1760514450.941:802): avc:  denied  { append } for  pid=11838 comm="syz.3.1331" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  525.890378][   T43] usb 5-1: new high-speed USB device number 48 using dummy_hcd
[  526.181059][   T43] usb 5-1: New USB device found, idVendor=05ac, idProduct=b301, bcdDevice=e4.00
[  526.319575][   T43] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  526.334440][   T43] usb 5-1: Product: syz
[  526.338685][   T43] usb 5-1: Manufacturer: syz
[  526.343645][   T43] usb 5-1: SerialNumber: syz
[  526.385551][   T43] usb 5-1: config 0 descriptor??
[  526.930879][   T43] usb 5-1: USB disconnect, device number 48
[  528.318947][T11862] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  528.326247][T11862] IPv6: NLM_F_CREATE should be set when creating new route
[  528.333594][T11862] IPv6: NLM_F_CREATE should be set when creating new route
[  528.340900][T11862] IPv6: NLM_F_CREATE should be set when creating new route
[  528.350564][   T30] audit: type=1400 audit(1760514453.361:803): avc:  denied  { create } for  pid=11864 comm="syz.1.1340" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmpvc_socket permissive=1
[  528.613242][   T30] audit: type=1400 audit(1760514453.561:804): avc:  denied  { execute } for  pid=11864 comm="syz.1.1340" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=32934 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  529.420587][ T5813] usb 5-1: new high-speed USB device number 49 using dummy_hcd
[  529.737597][ T5813] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  529.751197][ T5813] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  529.769590][ T5813] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  529.868152][ T5813] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  529.911351][T11883] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  529.924832][ T5813] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  530.190511][  T911] usb 1-1: new high-speed USB device number 42 using dummy_hcd
[  530.451587][T10352] usb 5-1: USB disconnect, device number 49
[  530.500510][ T5813] usb 4-1: new high-speed USB device number 42 using dummy_hcd
[  530.614576][  T911] usb 1-1: Using ep0 maxpacket: 16
[  530.621253][  T911] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  530.631895][  T911] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  530.642966][  T911] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  530.653394][  T911] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  530.665302][  T911] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  530.680603][ T5813] usb 4-1: Using ep0 maxpacket: 32
[  530.686057][  T911] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  530.689421][ T5813] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  530.705448][  T911] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  530.707016][ T5813] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  530.724942][  T911] usb 1-1: Manufacturer: syz
[  530.727564][ T5813] usb 4-1: New USB device found, idVendor=046d, idProduct=c082, bcdDevice= 0.00
[  530.739128][ T5813] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  530.749804][ T5813] usb 4-1: config 0 descriptor??
[  530.756322][  T911] usb 1-1: config 0 descriptor??
[  531.081727][  T911] rc_core: IR keymap rc-hauppauge not found
[  531.174668][T11894] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  531.205093][  T911] Registered IR keymap rc-empty
[  531.473149][T11894] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  531.590211][  T911] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  531.630651][  T911] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  531.773002][T11914] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1345'.
[  531.857175][T11914] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1345'.
[  531.874623][  T911] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0
[  531.875321][ T5819] Bluetooth: hci0: unexpected event 0x03 length: 17 > 11
[  532.035970][T11914] bridge0: port 1(bridge_slave_0) entered disabled state
[  532.065713][ T5813] hid (null): invalid report_size 4194304
[  532.068831][ T5813] logitech-hidpp-device 0003:046D:C082.0017: invalid report_size 4194304
[  532.068855][ T5813] logitech-hidpp-device 0003:046D:C082.0017: item 0 4 1 7 parsing failed
[  532.069471][ T5813] logitech-hidpp-device 0003:046D:C082.0017: hidpp_probe:parse failed
[  532.069560][ T5813] logitech-hidpp-device 0003:046D:C082.0017: probe with driver logitech-hidpp-device failed with error -22
[  532.102342][  T911] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input34
[  532.200762][  T911] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  532.220651][  T911] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  532.244969][  T911] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  532.260576][  T911] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  532.280461][  T911] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  532.310571][  T911] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  532.330454][  T911] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  532.350719][  T911] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  532.380514][  T911] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  532.400564][  T911] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  532.433369][  T911] mceusb 1-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  532.433413][  T911] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  532.437985][T11914] bridge_slave_0 (unregistering): left allmulticast mode
[  532.438028][T11914] bridge_slave_0 (unregistering): left promiscuous mode
[  532.438265][T11914] bridge0: port 1(bridge_slave_0) entered disabled state
[  533.672467][ T5813] usb 1-1: USB disconnect, device number 42
[  535.086952][  T911] usb 4-1: USB disconnect, device number 42
[  535.143977][   T30] audit: type=1400 audit(1760514460.281:805): avc:  denied  { write } for  pid=11938 comm="syz.2.1358" name="loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  535.252122][T11944] SQUASHFS error: Failed to read block 0x0: -5
[  535.261110][T11944] unable to read squashfs_super_block
[  535.470707][   T43] usb 3-1: new high-speed USB device number 56 using dummy_hcd
[  535.500655][   T24] usb 1-1: new high-speed USB device number 43 using dummy_hcd
[  535.631123][   T43] usb 3-1: Using ep0 maxpacket: 8
[  535.676071][   T43] usb 3-1: config 179 has an invalid interface number: 65 but max is 0
[  535.684597][   T43] usb 3-1: config 179 has no interface number 0
[  535.695322][   T43] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9
[  535.707363][   T24] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  535.719145][   T24] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  535.729214][   T43] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024
[  535.741953][   T24] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  535.751906][   T43] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 52, changing to 9
[  535.763548][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  535.771614][   T43] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid maxpacket 8241, setting to 1024
[  535.799138][   T43] usb 3-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  535.799710][T11945] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  535.820837][   T43] usb 3-1: config 179 interface 65 has no altsetting 0
[  535.827919][   T43] usb 3-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[  535.837934][   T43] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  535.873235][   T24] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  535.910468][ T5865] usb 5-1: new high-speed USB device number 50 using dummy_hcd
[  535.919025][   T43] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:179.65/input/input35
[  536.001856][ T5172] input input35: unable to receive magic message: -110
[  536.029966][ T5172] input input35: unable to receive magic message: -32
[  536.051252][ T5172] input input35: unable to receive magic message: -32
[  536.068327][ T5172] input input35: unable to receive magic message: -32
[  536.108974][   T30] audit: type=1400 audit(1760514461.241:806): avc:  denied  { read } for  pid=11937 comm="syz.4.1359" dev="sockfs" ino=33021 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  536.550778][   T43] usb 1-1: USB disconnect, device number 43
[  536.604315][ T5865] usb 5-1: unable to get BOS descriptor or descriptor too short
[  536.614342][ T5865] usb 5-1: no configurations
[  536.832305][ T5865] usb 5-1: can't read configurations, error -22
[  536.871702][ T5813] usb 3-1: USB disconnect, device number 56
[  536.871736][    C1] xpad 3-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  537.054565][   T30] audit: type=1400 audit(1760514462.191:807): avc:  denied  { append } for  pid=11954 comm="syz.1.1362" name="usbmon8" dev="devtmpfs" ino=740 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  537.078047][    C1] vkms_vblank_simulate: vblank timer overrun
[  537.446007][ T5813] usb 2-1: new high-speed USB device number 48 using dummy_hcd
[  537.884873][ T5813] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  538.017873][ T5813] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  538.046840][ T5813] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  538.067997][T11963] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci0/hci0:200/input36
[  538.087322][ T5813] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  538.136956][T11958] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  538.159163][ T5813] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  538.333388][ T5897] usb 4-1: new high-speed USB device number 43 using dummy_hcd
[  538.889818][ T5897] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  538.940442][ T5897] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  539.250046][ T5897] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  539.280636][ T5897] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  539.305998][T11967] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  539.340220][ T5897] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  539.450849][T11986] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1370'.
[  539.477078][ T5865] usb 2-1: USB disconnect, device number 48
[  539.493260][   T24] usb 5-1: new full-speed USB device number 52 using dummy_hcd
[  539.690543][   T24] usb 5-1: not running at top speed; connect to a high speed hub
[  539.729642][   T24] usb 5-1: config 6 has an invalid interface number: 6 but max is 3
[  539.846575][   T24] usb 5-1: config 6 contains an unexpected descriptor of type 0x2, skipping
[  539.972365][   T24] usb 5-1: config 6 has an invalid interface number: 14 but max is 3
[  540.004823][   T24] usb 5-1: config 6 has an invalid interface number: 158 but max is 3
[  540.030433][   T24] usb 5-1: config 6 has an invalid interface number: 55 but max is 3
[  540.043125][   T24] usb 5-1: config 6 has no interface number 0
[  540.049275][   T24] usb 5-1: config 6 has no interface number 1
[  540.057206][   T24] usb 5-1: config 6 has no interface number 2
[  540.110655][   T24] usb 5-1: config 6 has no interface number 3
[  540.117555][    T9] usb 4-1: USB disconnect, device number 43
[  540.157293][   T24] usb 5-1: config 6 interface 6 altsetting 7 endpoint 0x5 has invalid maxpacket 512, setting to 64
[  540.186430][   T24] usb 5-1: config 6 interface 6 altsetting 7 has an invalid descriptor for endpoint zero, skipping
[  540.199454][   T24] usb 5-1: config 6 interface 6 altsetting 7 has a duplicate endpoint with address 0xD, skipping
[  540.211939][   T24] usb 5-1: config 6 interface 6 altsetting 7 has a duplicate endpoint with address 0x5, skipping
[  540.222753][   T24] usb 5-1: config 6 interface 6 altsetting 7 has an invalid descriptor for endpoint zero, skipping
[  540.236101][   T24] usb 5-1: config 6 interface 6 altsetting 7 endpoint 0x6 has invalid maxpacket 1024, setting to 64
[  540.256323][   T24] usb 5-1: config 6 interface 6 altsetting 7 has an invalid descriptor for endpoint zero, skipping
[  540.267356][   T24] usb 5-1: config 6 interface 6 altsetting 7 has a duplicate endpoint with address 0x2, skipping
[  540.278211][   T24] usb 5-1: config 6 interface 6 altsetting 7 has a duplicate endpoint with address 0x6, skipping
[  540.301008][   T24] usb 5-1: config 6 interface 14 altsetting 5 has an invalid descriptor for endpoint zero, skipping
[  540.312162][   T24] usb 5-1: config 6 interface 158 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  540.323286][   T24] usb 5-1: config 6 interface 158 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  540.334318][   T24] usb 5-1: config 6 interface 158 altsetting 0 has a duplicate endpoint with address 0x6, skipping
[  540.345789][   T24] usb 5-1: config 6 interface 158 altsetting 0 has a duplicate endpoint with address 0x2, skipping
[  540.391728][   T24] usb 5-1: config 6 interface 158 altsetting 0 has a duplicate endpoint with address 0x8, skipping
[  540.410019][   T24] usb 5-1: config 6 interface 55 altsetting 8 has a duplicate endpoint with address 0x4, skipping
[  540.423807][   T24] usb 5-1: config 6 interface 6 has no altsetting 0
[  540.430692][   T24] usb 5-1: config 6 interface 14 has no altsetting 0
[  540.437587][   T24] usb 5-1: config 6 interface 55 has no altsetting 0
[  540.448570][   T24] usb 5-1: New USB device found, idVendor=05c6, idProduct=9069, bcdDevice=9e.f3
[  540.460495][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  540.473921][   T24] usb 5-1: Product: 瀪뮑봟ꌵₒ啯逅䉧牼�㯜䭟�᮶陴䩸�廈�洹뎡秸襈�礊℉槔޿낊﯑勬蒶韂쪃絭㯄
[  540.488803][   T24] usb 5-1: Manufacturer: Х
[  540.493465][   T24] usb 5-1: SerialNumber: à ’
[  540.509496][T11978] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[  541.449520][   T24] usb 5-1: USB disconnect, device number 52
[  541.643865][T12006] sch_fq: defrate 6 ignored.
[  541.740822][   T43] usb 1-1: new high-speed USB device number 44 using dummy_hcd
[  542.206111][   T43] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  542.220519][   T43] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  542.230490][   T43] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  542.239520][   T43] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  542.287820][T12004] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  542.330140][   T43] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  543.133054][T12026] fuse: Unknown parameter 'grouð_id'
[  543.203546][ T5813] usb 1-1: USB disconnect, device number 44
[  543.371977][ T5819] Bluetooth: hci2: unexpected event for opcode 0x2029
[  544.409488][T12041] FAULT_INJECTION: forcing a failure.
[  544.409488][T12041] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  544.422638][T12041] CPU: 0 UID: 0 PID: 12041 Comm: syz.2.1386 Not tainted syzkaller #0 PREEMPT(full) 
[  544.422664][T12041] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  544.422676][T12041] Call Trace:
[  544.422683][T12041]  <TASK>
[  544.422690][T12041]  dump_stack_lvl+0x16c/0x1f0
[  544.422719][T12041]  should_fail_ex+0x512/0x640
[  544.422747][T12041]  _copy_to_user+0x32/0xd0
[  544.422774][T12041]  simple_read_from_buffer+0xcb/0x170
[  544.422800][T12041]  proc_fail_nth_read+0x197/0x240
[  544.422846][T12041]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  544.422881][T12041]  ? rw_verify_area+0xcf/0x6c0
[  544.422902][T12041]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  544.422930][T12041]  vfs_read+0x1e4/0xcf0
[  544.422957][T12041]  ? __pfx___mutex_lock+0x10/0x10
[  544.422981][T12041]  ? __pfx_vfs_read+0x10/0x10
[  544.423013][T12041]  ? __fget_files+0x20e/0x3c0
[  544.423046][T12041]  ksys_read+0x12a/0x250
[  544.423069][T12041]  ? __pfx_ksys_read+0x10/0x10
[  544.423102][T12041]  do_syscall_64+0xcd/0xfa0
[  544.423128][T12041]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  544.423148][T12041] RIP: 0033:0x7fec1278d8dc
[  544.423165][T12041] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  544.423184][T12041] RSP: 002b:00007fec13620030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  544.423203][T12041] RAX: ffffffffffffffda RBX: 00007fec129e6180 RCX: 00007fec1278d8dc
[  544.423216][T12041] RDX: 000000000000000f RSI: 00007fec136200a0 RDI: 0000000000000008
[  544.423228][T12041] RBP: 00007fec13620090 R08: 0000000000000000 R09: 0000000000000000
[  544.423240][T12041] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  544.423252][T12041] R13: 00007fec129e6218 R14: 00007fec129e6180 R15: 00007ffd4851d528
[  544.423283][T12041]  </TASK>
[  545.220527][T12048] virtio-fs: tag </dev/md0> not found
[  545.270393][ T5977] usb 5-1: new high-speed USB device number 53 using dummy_hcd
[  545.411313][T12052] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12052 comm=syz.2.1390
[  545.510562][T12052] Bluetooth: MGMT ver 1.23
[  545.515119][T12052] Bluetooth: hci0: invalid length 0, exp 2 for type 0
[  545.555876][ T5977] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  545.619417][ T5977] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  545.715499][ T5977] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  545.750390][ T5977] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  545.843422][T12039] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  545.872238][ T5977] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  546.007167][T12059] netlink: 'syz.0.1393': attribute type 1 has an invalid length.
[  546.310500][   T30] audit: type=1400 audit(1760514471.441:808): avc:  denied  { map } for  pid=12064 comm="syz.0.1395" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  546.633375][ T5813] usb 2-1: new high-speed USB device number 49 using dummy_hcd
[  546.661154][T12063] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1394'.
[  546.787931][ T5897] usb 5-1: USB disconnect, device number 53
[  546.832052][ T5813] usb 2-1: config 16 interface 0 altsetting 75 endpoint 0x7 has invalid maxpacket 1032, setting to 1024
[  546.849793][ T5813] usb 2-1: config 16 interface 0 altsetting 75 endpoint 0x6 has invalid wMaxPacketSize 0
[  546.956893][ T5813] usb 2-1: config 16 interface 0 has no altsetting 0
[  547.459918][ T5813] usb 2-1: New USB device found, idVendor=15c2, idProduct=0036, bcdDevice=bb.7a
[  547.487724][ T5813] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  547.516303][T12058] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  547.731090][ T5813] usb 2-1: string descriptor 0 read error: -71
[  547.766537][ T5813] imon:imon_find_endpoints: no valid input (IR) endpoint found
[  547.774587][ T5813] imon 2-1:16.0: unable to initialize intf0, err -19
[  547.913070][ T5813] imon:imon_probe: failed to initialize context!
[  547.926780][ T5813] imon 2-1:16.0: unable to register, err -19
[  548.046100][ T5813] usb 2-1: USB disconnect, device number 49
[  548.700375][ T5897] usb 5-1: new high-speed USB device number 54 using dummy_hcd
[  548.947413][ T5897] usb 5-1: Using ep0 maxpacket: 8
[  548.962786][ T5897] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  548.993070][ T5897] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  549.026639][ T5897] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  549.044703][ T5897] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  549.068042][ T5897] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  549.086282][ T5897] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  549.455497][T12103] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1404'.
[  549.479201][ T5813] usb 2-1: new high-speed USB device number 50 using dummy_hcd
[  549.513305][ T5819] Bluetooth: hci1: unexpected event for opcode 0x2029
[  549.660529][   T30] audit: type=1400 audit(1760514474.781:809): avc:  denied  { watch watch_reads } for  pid=12106 comm="syz.0.1405" path="/68" dev="tmpfs" ino=390 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  549.683850][ T5813] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  549.695025][ T5813] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  549.711132][ T5813] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  549.724068][ T5897] usb 5-1: GET_CAPABILITIES returned 0
[  549.729551][ T5897] usbtmc 5-1:16.0: can't read capabilities
[  549.790618][T12116] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=7346 sclass=netlink_route_socket pid=12116 comm=syz.3.1407
[  549.815765][ T5813] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  549.886459][T12098] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  549.897669][ T5813] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  549.904817][    T9] usb 1-1: new high-speed USB device number 45 using dummy_hcd
[  549.931477][ T5897] usb 5-1: USB disconnect, device number 54
[  551.280088][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  551.309688][ T5865] usb 2-1: USB disconnect, device number 50
[  551.326030][    T9] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  551.357051][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  551.544133][    T9] usb 1-1: config 0 descriptor??
[  551.880433][ T5977] usb 4-1: new high-speed USB device number 44 using dummy_hcd
[  552.043960][   T30] audit: type=1326 audit(1760514477.171:810): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12140 comm="syz.2.1413" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec1278eec9 code=0x7ffc0000
[  552.155995][    T9] keytouch 0003:0926:3333.0018: fixing up Keytouch IEC report descriptor
[  552.169340][    T9] input: HID 0926:3333 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0926:3333.0018/input/input37
[  552.186789][   T30] audit: type=1326 audit(1760514477.171:811): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12140 comm="syz.2.1413" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fec1278eec9 code=0x7ffc0000
[  552.212327][   T30] audit: type=1326 audit(1760514477.171:812): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12140 comm="syz.2.1413" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec1278eec9 code=0x7ffc0000
[  552.232979][T12142] can: request_module (can-proto-4) failed.
[  552.242887][   T30] audit: type=1326 audit(1760514477.181:813): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12140 comm="syz.2.1413" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fec1278eec9 code=0x7ffc0000
[  552.279411][   T30] audit: type=1326 audit(1760514477.181:814): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12140 comm="syz.2.1413" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec1278eec9 code=0x7ffc0000
[  552.307389][   T30] audit: type=1326 audit(1760514477.181:815): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12140 comm="syz.2.1413" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7fec1278eec9 code=0x7ffc0000
[  552.320448][ T5977] usb 4-1: device descriptor read/64, error -71
[  552.348015][    T9] keytouch 0003:0926:3333.0018: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.0-1/input0
[  552.722856][T12113] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  552.740378][   T30] audit: type=1400 audit(1760514477.181:816): avc:  denied  { connect } for  pid=12140 comm="syz.2.1413" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  552.763434][   T30] audit: type=1326 audit(1760514477.181:817): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12140 comm="syz.2.1413" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec1278eec9 code=0x7ffc0000
[  552.790408][   T30] audit: type=1326 audit(1760514477.181:818): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12140 comm="syz.2.1413" exe="/root/syz-executor" sig=0 arch=c000003e syscall=48 compat=0 ip=0x7fec1278eec9 code=0x7ffc0000
[  552.813946][   T30] audit: type=1400 audit(1760514477.181:819): avc:  denied  { shutdown } for  pid=12140 comm="syz.2.1413" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  552.845919][T12113] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  552.980648][ T5977] usb 4-1: new high-speed USB device number 45 using dummy_hcd
[  553.038439][T12158] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1416'.
[  553.200467][ T5977] usb 4-1: device descriptor read/64, error -71
[  553.232417][T12167] 9pnet_fd: Insufficient options for proto=fd
[  553.408021][ T5977] usb usb4-port1: attempt power cycle
[  553.717453][T12172] netlink: 100 bytes leftover after parsing attributes in process `syz.4.1420'.
[  553.728558][   T24] usb 3-1: new high-speed USB device number 57 using dummy_hcd
[  553.790671][ T5977] usb 4-1: new high-speed USB device number 46 using dummy_hcd
[  553.842685][ T5977] usb 4-1: device descriptor read/8, error -71
[  553.891544][   T24] usb 3-1: Using ep0 maxpacket: 8
[  554.004140][   T24] usb 3-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a
[  554.025054][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  554.040344][   T24] usb 3-1: Product: syz
[  554.046697][   T24] usb 3-1: Manufacturer: syz
[  554.052479][   T24] usb 3-1: SerialNumber: syz
[  554.064923][   T24] usb 3-1: config 0 descriptor??
[  554.073476][   T24] gspca_main: sq930x-2.14.0 probing 2770:930c
[  554.130504][   T43] usb 2-1: new high-speed USB device number 51 using dummy_hcd
[  554.281912][   T24] gspca_sq930x: reg_r 001f failed -71
[  554.288785][   T24] sq930x 3-1:0.0: probe with driver sq930x failed with error -71
[  554.300464][ T5977] usb 4-1: new high-speed USB device number 47 using dummy_hcd
[  554.311634][   T24] usb 3-1: USB disconnect, device number 57
[  554.320333][   T43] usb 2-1: Using ep0 maxpacket: 32
[  554.330944][ T5977] usb 4-1: device descriptor read/8, error -71
[  554.358997][   T43] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  554.394503][   T43] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  554.415870][   T43] usb 2-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  554.435384][   T43] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  554.448396][ T5977] usb usb4-port1: unable to enumerate USB device
[  554.709965][   T43] usb 2-1: config 0 descriptor??
[  555.003075][   T24] usb 1-1: USB disconnect, device number 45
[  555.171524][   T43] ft260 0003:0403:6030.0019: unknown main item tag 0x7
[  555.201560][  T911] usb 5-1: new high-speed USB device number 55 using dummy_hcd
[  555.393870][  T911] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  555.438864][  T911] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  555.448824][  T911] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  555.458027][  T911] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  555.469751][T12183] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  555.544058][  T911] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  556.807711][    T9] usb 5-1: USB disconnect, device number 55
[  556.832539][   T43] ft260 0003:0403:6030.0019: failed to retrieve chip version
[  556.840732][   T43] ft260 0003:0403:6030.0019: probe with driver ft260 failed with error -71
[  556.852113][   T43] usb 2-1: USB disconnect, device number 51
[  557.145316][   T30] kauditd_printk_skb: 12 callbacks suppressed
[  557.145331][   T30] audit: type=1400 audit(1760514482.281:832): avc:  denied  { mount } for  pid=12207 comm="syz.0.1429" name="/" dev="rpc_pipefs" ino=34751 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:rpc_pipefs_t tclass=filesystem permissive=1
[  560.276522][   T30] audit: type=1400 audit(1760514485.411:833): avc:  denied  { mounton } for  pid=12246 comm="syz.1.1439" path="/279/file0" dev="tmpfs" ino=1501 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  561.673458][ T5977] usb 5-1: new full-speed USB device number 56 using dummy_hcd
[  561.997272][T12239] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1437'.
[  562.011542][T12239] netlink: 'syz.3.1437': attribute type 5 has an invalid length.
[  562.022478][T12239] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1437'.
[  562.043240][T12239] geneve3: entered promiscuous mode
[  562.049372][T12239] geneve3: entered allmulticast mode
[  562.057537][ T3575] netdevsim netdevsim3 netdevsim0: set [1, 1] type 2 family 0 port 256 - 0
[  562.075593][ T3575] netdevsim netdevsim3 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0
[  562.084790][ T3575] netdevsim netdevsim3 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0
[  562.115678][ T5977] usb 5-1: not running at top speed; connect to a high speed hub
[  562.118831][   T13] netdevsim netdevsim3 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0
[  562.148004][ T5977] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 1023, setting to 64
[  562.192801][ T5977] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  562.206262][ T5977] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  562.217480][ T5977] usb 5-1: Product: syz
[  562.221858][ T5977] usb 5-1: Manufacturer: syz
[  562.226864][ T5977] usb 5-1: SerialNumber: syz
[  562.235385][T12253] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  562.283531][   T30] audit: type=1400 audit(1760514487.411:834): avc:  denied  { map } for  pid=12261 comm="syz.2.1442" path="socket:[35866]" dev="sockfs" ino=35866 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1
[  562.454516][ T5977] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -71
[  562.467176][ T5977] usb 5-1: USB disconnect, device number 56
[  562.616041][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  562.622467][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  562.629821][ T5813] usb 3-1: new high-speed USB device number 58 using dummy_hcd
[  562.638910][ T5897] usb 4-1: new high-speed USB device number 48 using dummy_hcd
[  562.802359][ T5897] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  562.813615][ T5813] usb 3-1: config 0 has no interfaces?
[  562.819126][ T5897] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  562.829102][ T5897] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  562.838239][ T5897] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  562.848730][ T5813] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  562.859298][ T5813] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  562.868542][ T5813] usb 3-1: Product: syz
[  562.868876][T12266] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[  562.872799][ T5813] usb 3-1: Manufacturer: syz
[  562.885638][ T5813] usb 3-1: SerialNumber: syz
[  562.896023][ T5813] usb 3-1: config 0 descriptor??
[  562.912843][ T5897] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  562.948515][T12268] FAULT_INJECTION: forcing a failure.
[  562.948515][T12268] name failslab, interval 1, probability 0, space 0, times 0
[  562.962775][T12268] CPU: 1 UID: 0 PID: 12268 Comm: syz.1.1445 Not tainted syzkaller #0 PREEMPT(full) 
[  562.962803][T12268] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  562.962815][T12268] Call Trace:
[  562.962821][T12268]  <TASK>
[  562.962829][T12268]  dump_stack_lvl+0x16c/0x1f0
[  562.962856][T12268]  should_fail_ex+0x512/0x640
[  562.962878][T12268]  ? fs_reclaim_acquire+0xae/0x150
[  562.962909][T12268]  should_failslab+0xc2/0x120
[  562.962937][T12268]  __kmalloc_noprof+0xdd/0x880
[  562.962956][T12268]  ? __get_fs_type+0x12c/0x170
[  562.962983][T12268]  ? tomoyo_encode2+0x100/0x3e0
[  562.963016][T12268]  ? tomoyo_encode2+0x100/0x3e0
[  562.963039][T12268]  tomoyo_encode2+0x100/0x3e0
[  562.963069][T12268]  tomoyo_encode+0x29/0x50
[  562.963093][T12268]  tomoyo_mount_acl+0x314/0x850
[  562.963116][T12268]  ? bpf_ksym_find+0x127/0x1c0
[  562.963145][T12268]  ? __pfx_tomoyo_mount_acl+0x10/0x10
[  562.963169][T12268]  ? unwind_get_return_address+0x59/0xa0
[  562.963232][T12268]  ? tomoyo_domain+0xbb/0x150
[  562.963249][T12268]  ? tomoyo_profile+0x47/0x60
[  562.963281][T12268]  tomoyo_mount_permission+0x16d/0x420
[  562.963305][T12268]  ? tomoyo_mount_permission+0x14f/0x420
[  562.963331][T12268]  ? __pfx_tomoyo_mount_permission+0x10/0x10
[  562.963375][T12268]  security_sb_mount+0x9b/0x260
[  562.963401][T12268]  path_mount+0x158/0x23a0
[  562.963434][T12268]  ? __pfx_path_mount+0x10/0x10
[  562.963463][T12268]  ? kmem_cache_free+0x2d4/0x6c0
[  562.963485][T12268]  ? putname+0x154/0x1a0
[  562.963518][T12268]  ? putname+0x154/0x1a0
[  562.963543][T12268]  ? putname+0x154/0x1a0
[  562.963574][T12268]  ? __x64_sys_mount+0x293/0x310
[  562.963600][T12268]  __x64_sys_mount+0x293/0x310
[  562.963627][T12268]  ? __pfx___x64_sys_mount+0x10/0x10
[  562.963664][T12268]  do_syscall_64+0xcd/0xfa0
[  562.963690][T12268]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  562.963715][T12268] RIP: 0033:0x7f38e1f8eec9
[  562.963731][T12268] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  562.963749][T12268] RSP: 002b:00007f38e2d47038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  562.963767][T12268] RAX: ffffffffffffffda RBX: 00007f38e21e5fa0 RCX: 00007f38e1f8eec9
[  562.963779][T12268] RDX: 0000200000000080 RSI: 0000200000000000 RDI: 0000000000000000
[  562.963791][T12268] RBP: 00007f38e2d47090 R08: 00002000000000c0 R09: 0000000000000000
[  562.963803][T12268] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000002
[  562.963815][T12268] R13: 00007f38e21e6038 R14: 00007f38e21e5fa0 R15: 00007fffe48b3b18
[  562.963845][T12268]  </TASK>
[  563.459871][   T30] audit: type=1400 audit(1760514488.471:835): avc:  denied  { bind } for  pid=12269 comm="syz.4.1446" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  563.916468][ T5813] usb 4-1: USB disconnect, device number 48
[  564.127928][T12282] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1449'.
[  564.330786][T12284] ptrace attach of "./syz-executor exec"[12285] was attempted by "./syz-executor exec"[12284]
[  565.081010][T12283] tty tty28: ldisc open failed (-12), clearing slot 27
[  566.042679][ T5977] usb 3-1: USB disconnect, device number 58
[  566.411578][T12302] syzkaller0: entered promiscuous mode
[  566.420510][T12302] syzkaller0: entered allmulticast mode
[  566.819109][ T5819] Bluetooth: hci3: unexpected event for opcode 0x2029
[  566.832815][ T5819] Bluetooth: hci2: unexpected event for opcode 0x2029
[  567.144613][T12320] virtio-fs: tag </dev/md0> not found
[  567.878817][T12327] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1458'.
[  568.709153][T12336] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  569.853081][   T30] audit: type=1400 audit(1760514494.991:836): avc:  denied  { kexec_image_load } for  pid=12334 comm="syz.4.1462" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1
[  570.567333][   T30] audit: type=1400 audit(1760514495.691:837): avc:  denied  { write } for  pid=12349 comm="syz.2.1466" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1
[  571.260600][ T5813] usb 5-1: new high-speed USB device number 57 using dummy_hcd
[  571.765399][ T5813] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  571.880353][ T5813] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  571.891542][ T5813] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  571.900641][ T5813] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  571.912730][T12353] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  571.922871][ T5813] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  572.157275][T12375] virtio-fs: tag </dev/md0> not found
[  572.634767][   T30] audit: type=1400 audit(1760514497.741:838): avc:  denied  { unmount } for  pid=5824 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  573.023837][   T30] audit: type=1400 audit(1760514498.161:839): avc:  denied  { write } for  pid=12371 comm="syz.3.1473" name="file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[  573.048242][T12374] x_tables: ip6_tables: cluster.0 match: invalid size 16 (kernel) != (user) 104
[  573.061703][   T30] audit: type=1400 audit(1760514498.161:840): avc:  denied  { open } for  pid=12371 comm="syz.3.1473" path="/305/file0/file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[  573.084918][   T30] audit: type=1400 audit(1760514498.181:841): avc:  denied  { ioctl } for  pid=12371 comm="syz.3.1473" path="/305/file0/file0" dev="fuse" ino=64 ioctlcmd=0x4d06 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[  573.109413][    C0] vkms_vblank_simulate: vblank timer overrun
[  573.220377][ T5897] usb 2-1: new high-speed USB device number 52 using dummy_hcd
[  573.233446][ T5978] usb 5-1: USB disconnect, device number 57
[  573.253352][T12386] netlink: 'syz.2.1474': attribute type 10 has an invalid length.
[  573.262167][   T30] audit: type=1400 audit(1760514498.391:842): avc:  denied  { getopt } for  pid=12384 comm="syz.2.1474" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  573.304648][T12387] netlink: 'syz.2.1474': attribute type 10 has an invalid length.
[  573.326437][T12386] team0: Port device netdevsim0 added
[  573.332223][T12358] Bluetooth: hci0: command 0x0406 tx timeout
[  573.351591][T12387] team0: Port device netdevsim0 removed
[  573.359130][T12389] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1476'.
[  573.393039][ T5897] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  573.404307][ T5897] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  573.415498][ T5897] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  573.430861][ T5897] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  573.440075][ T5897] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  573.452235][ T5897] usb 2-1: config 0 descriptor??
[  573.620757][  T911] usb 1-1: new high-speed USB device number 46 using dummy_hcd
[  573.734694][T12392] bond0: entered promiscuous mode
[  573.739804][T12392] bond_slave_0: entered promiscuous mode
[  573.746210][T12392] bond_slave_1: entered promiscuous mode
[  573.768236][T12392] batadv0: entered promiscuous mode
[  573.775384][T12392] hsr1: entered allmulticast mode
[  573.780535][  T911] usb 1-1: Using ep0 maxpacket: 32
[  573.786764][T12392] bond0: entered allmulticast mode
[  573.792443][T12392] bond_slave_0: entered allmulticast mode
[  573.798490][T12392] bond_slave_1: entered allmulticast mode
[  573.804695][T12392] batadv0: entered allmulticast mode
[  573.812719][  T911] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  573.828861][  T911] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  573.840251][T12392] 8021q: adding VLAN 0 to HW filter on device hsr1
[  573.851815][  T911] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  573.861487][T12392] bond0: left promiscuous mode
[  573.867145][T12392] bond_slave_0: left promiscuous mode
[  573.874459][  T911] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  573.883183][T12392] bond_slave_1: left promiscuous mode
[  573.883238][ T5897] plantronics 0003:047F:FFFF.001A: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  573.904306][T12392] batadv0: left promiscuous mode
[  573.915727][  T911] usb 1-1: config 0 descriptor??
[  573.938374][  T911] hub 1-1:0.0: USB hub found
[  574.136846][  T911] hub 1-1:0.0: 1 port detected
[  574.832241][  T911] usb 1-1: USB disconnect, device number 46
[  575.000521][   T30] audit: type=1400 audit(1760514500.131:843): avc:  denied  { read } for  pid=12405 comm="syz.2.1481" path="socket:[36129]" dev="sockfs" ino=36129 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  575.892610][  T911] usb 2-1: reset high-speed USB device number 52 using dummy_hcd
[  576.105298][ T5978] usb 4-1: new high-speed USB device number 49 using dummy_hcd
[  576.273882][ T5978] usb 4-1: Using ep0 maxpacket: 32
[  576.281929][ T5978] usb 4-1: config 0 has no interfaces?
[  576.301802][ T5978] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  576.316240][ T5978] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  576.340405][ T5978] usb 4-1: Product: syz
[  576.344613][ T5978] usb 4-1: Manufacturer: syz
[  576.349196][ T5978] usb 4-1: SerialNumber: syz
[  576.373789][ T5978] usb 4-1: config 0 descriptor??
[  576.533618][T12428] virtio-fs: tag </dev/md0> not found
[  576.646432][T12358] Bluetooth: hci4: unexpected event for opcode 0x2029
[  576.649503][T12408] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  576.798377][T12408] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  576.978040][T12420] xt_connbytes: Forcing CT accounting to be enabled
[  577.223942][ T5977] usb 2-1: USB disconnect, device number 52
[  577.351247][ T5978] usb 1-1: new high-speed USB device number 47 using dummy_hcd
[  577.365594][T12444] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1491'.
[  577.602142][ T5978] usb 1-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  577.614620][ T5978] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  577.628534][ T5978] usb 1-1: Product: syz
[  577.635031][ T5978] usb 1-1: Manufacturer: syz
[  577.646289][ T5978] usb 1-1: SerialNumber: syz
[  577.658966][ T5977] usb 2-1: new high-speed USB device number 53 using dummy_hcd
[  577.709717][ T5978] usb 1-1: config 0 descriptor??
[  577.840608][ T5977] usb 2-1: Using ep0 maxpacket: 32
[  578.030904][ T5977] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  578.085167][ T5977] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  578.101096][ T5977] usb 2-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  578.149493][ T5977] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  578.173793][ T5977] usb 2-1: config 0 descriptor??
[  578.434654][ T5813] usb 4-1: USB disconnect, device number 49
[  578.895784][   T30] audit: type=1400 audit(1760514503.761:844): avc:  denied  { append } for  pid=12435 comm="syz.0.1489" name="pfkey" dev="proc" ino=4026534099 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1
[  579.982781][ T5977] ft260 0003:0403:6030.001B: unknown main item tag 0x7
[  580.343661][ T5977] ft260 0003:0403:6030.001B: failed to retrieve chip version
[  580.359183][ T5977] ft260 0003:0403:6030.001B: probe with driver ft260 failed with error -71
[  580.816813][ T5977] usb 2-1: USB disconnect, device number 53
[  581.031812][ T5813] usb 1-1: USB disconnect, device number 47
[  582.041993][ T5813] usb 1-1: new high-speed USB device number 48 using dummy_hcd
[  582.260001][ T5813] usb 1-1: Using ep0 maxpacket: 8
[  582.345159][ T5813] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[  582.360409][ T5813] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  582.370366][ T5813] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  582.380103][ T5813] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  582.390301][ T5813] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  583.200363][ T5813] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  583.209438][ T5813] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  583.556510][   T30] audit: type=1400 audit(1760514508.691:845): avc:  denied  { create } for  pid=12509 comm="syz.2.1508" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  583.651420][T12513] netdevsim netdevsim2 netdevsim0: entered promiscuous mode
[  583.662925][T12513] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  584.413912][T12519] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1512'.
[  584.949376][   T30] audit: type=1400 audit(1760514510.081:846): avc:  denied  { bind } for  pid=12491 comm="syz.0.1504" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  585.155868][   T30] audit: type=1400 audit(1760514510.271:847): avc:  denied  { shutdown } for  pid=12528 comm="syz.1.1513" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  585.346112][    T9] usb 3-1: new high-speed USB device number 59 using dummy_hcd
[  585.670444][    T9] usb 3-1: Using ep0 maxpacket: 32
[  585.689726][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  585.747788][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  585.811885][    T9] usb 3-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  585.821162][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  585.834313][    T9] usb 3-1: config 0 descriptor??
[  586.074333][T12535] xt_connbytes: Forcing CT accounting to be enabled
[  586.445636][    T9] ft260 0003:0403:6030.001C: unknown main item tag 0x7
[  587.017926][T12549] netlink: 100 bytes leftover after parsing attributes in process `syz.1.1518'.
[  587.556433][T12358] Bluetooth: hci4: unexpected event for opcode 0x2029
[  587.726447][    T9] ft260 0003:0403:6030.001C: failed to retrieve chip version
[  587.831429][    T9] ft260 0003:0403:6030.001C: probe with driver ft260 failed with error -71
[  587.870616][    T9] usb 3-1: USB disconnect, device number 59
[  588.054588][ T5865] usb 1-1: USB disconnect, device number 48
[  588.069234][   T30] audit: type=1400 audit(1760514513.201:848): avc:  denied  { write } for  pid=12563 comm="syz.1.1522" name="cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1
[  588.095658][T12564] 9pnet_fd: Insufficient options for proto=fd
[  588.178210][   T30] audit: type=1400 audit(1760514513.311:849): avc:  denied  { unmount } for  pid=10626 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  588.405863][    T9] usb 2-1: new full-speed USB device number 54 using dummy_hcd
[  588.604666][T12576] netlink: 165 bytes leftover after parsing attributes in process `syz.2.1525'.
[  588.617586][T12576] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1525'.
[  588.627162][T12576] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1525'.
[  588.955354][T12576] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1525'.
[  588.964459][T12576] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1525'.
[  588.974517][    T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  589.004959][    T9] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2
[  589.024973][    T9] usb 2-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  589.043492][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  589.072429][    T9] usb 2-1: config 0 descriptor??
[  589.114320][    T9] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  589.123379][T12576] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1525'.
[  589.126233][    T9] dvb-usb: bulk message failed: -22 (3/0)
[  589.133114][T12576] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1525'.
[  589.180237][    T9] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  589.210762][    T9] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  589.217858][    T9] usb 2-1: media controller created
[  589.325982][    T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  589.436936][T12358] Bluetooth: hci2: unexpected event for opcode 0x2029
[  589.628219][    T9] dvb-usb: bulk message failed: -22 (6/0)
[  589.774087][    T9] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  589.800677][    T9] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input39
[  589.823642][    T9] dvb-usb: schedule remote query interval to 150 msecs.
[  589.840398][    T9] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  589.861132][    T9] usb 2-1: USB disconnect, device number 54
[  589.924319][T12588] xt_connbytes: Forcing CT accounting to be enabled
[  589.975459][    T9] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  590.219567][T12598] ucma_write: process 1062 (syz.1.1531) changed security contexts after opening file descriptor, this is not allowed.
[  591.471989][   T30] audit: type=1400 audit(1760514517.599:850): avc:  denied  { connect } for  pid=12605 comm="syz.1.1532" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  591.500903][   T30] audit: type=1400 audit(1760514517.609:851): avc:  denied  { setopt } for  pid=12605 comm="syz.1.1532" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  591.520995][ T5865] usb 5-1: new high-speed USB device number 58 using dummy_hcd
[  592.230442][   T30] audit: type=1400 audit(1760514517.849:852): avc:  denied  { listen } for  pid=12605 comm="syz.1.1532" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  592.256250][ T5865] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  592.277629][ T5865] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  592.323638][ T5865] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  592.338147][ T5865] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  592.356061][ T5865] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  592.431046][ T5865] usb 5-1: config 0 descriptor??
[  592.482255][T12613] FAULT_INJECTION: forcing a failure.
[  592.482255][T12613] name failslab, interval 1, probability 0, space 0, times 0
[  592.522468][T12613] CPU: 0 UID: 0 PID: 12613 Comm: syz.1.1533 Not tainted syzkaller #0 PREEMPT(full) 
[  592.522497][T12613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  592.522509][T12613] Call Trace:
[  592.522516][T12613]  <TASK>
[  592.522524][T12613]  dump_stack_lvl+0x16c/0x1f0
[  592.522559][T12613]  should_fail_ex+0x512/0x640
[  592.522582][T12613]  ? __kmalloc_noprof+0xca/0x880
[  592.522606][T12613]  should_failslab+0xc2/0x120
[  592.522634][T12613]  __kmalloc_noprof+0xdd/0x880
[  592.522655][T12613]  ? __svc_create+0x5c0/0x9f0
[  592.522686][T12613]  ? __svc_create+0x5c0/0x9f0
[  592.522710][T12613]  __svc_create+0x5c0/0x9f0
[  592.522740][T12613]  ? __pfx_nfsd+0x10/0x10
[  592.522759][T12613]  svc_create_pooled+0x4ce/0x810
[  592.522787][T12613]  ? nfsd_reset_versions+0x86/0x2d0
[  592.522807][T12613]  ? __init_swait_queue_head+0xca/0x150
[  592.522839][T12613]  nfsd_create_serv+0x2b1/0x480
[  592.522861][T12613]  ? __pfx_nfsd_create_serv+0x10/0x10
[  592.522882][T12613]  ? __nla_validate_parse+0x600/0x2880
[  592.522915][T12613]  nfsd_nl_listener_set_doit+0xdd/0x1b10
[  592.522947][T12613]  ? rcu_is_watching+0x12/0xc0
[  592.522967][T12613]  ? __pfx_nfsd_nl_listener_set_doit+0x10/0x10
[  592.522993][T12613]  ? __nla_parse+0x40/0x60
[  592.523022][T12613]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  592.523051][T12613]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  592.523083][T12613]  genl_family_rcv_msg_doit+0x209/0x2f0
[  592.523112][T12613]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  592.523149][T12613]  ? bpf_lsm_capable+0x9/0x10
[  592.523176][T12613]  ? security_capable+0x7e/0x260
[  592.523204][T12613]  genl_rcv_msg+0x55c/0x800
[  592.523233][T12613]  ? __pfx_genl_rcv_msg+0x10/0x10
[  592.523261][T12613]  ? __pfx_nfsd_nl_listener_set_doit+0x10/0x10
[  592.523292][T12613]  ? __lock_acquire+0x622/0x1c90
[  592.523320][T12613]  netlink_rcv_skb+0x158/0x420
[  592.523345][T12613]  ? __pfx_genl_rcv_msg+0x10/0x10
[  592.523374][T12613]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  592.523412][T12613]  ? netlink_deliver_tap+0x1ae/0xd30
[  592.523441][T12613]  genl_rcv+0x28/0x40
[  592.523465][T12613]  netlink_unicast+0x5aa/0x870
[  592.523494][T12613]  ? __pfx_netlink_unicast+0x10/0x10
[  592.523536][T12613]  netlink_sendmsg+0x8c8/0xdd0
[  592.523566][T12613]  ? __pfx_netlink_sendmsg+0x10/0x10
[  592.523603][T12613]  ____sys_sendmsg+0xa98/0xc70
[  592.523633][T12613]  ? copy_msghdr_from_user+0x10a/0x160
[  592.523656][T12613]  ? __pfx_____sys_sendmsg+0x10/0x10
[  592.523699][T12613]  ___sys_sendmsg+0x134/0x1d0
[  592.523724][T12613]  ? __pfx____sys_sendmsg+0x10/0x10
[  592.523744][T12613]  ? __lock_acquire+0x622/0x1c90
[  592.523807][T12613]  __sys_sendmsg+0x16d/0x220
[  592.523831][T12613]  ? __pfx___sys_sendmsg+0x10/0x10
[  592.523875][T12613]  do_syscall_64+0xcd/0xfa0
[  592.523899][T12613]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  592.523917][T12613] RIP: 0033:0x7f38e1f8eec9
[  592.523933][T12613] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  592.523951][T12613] RSP: 002b:00007f38e2d47038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  592.523971][T12613] RAX: ffffffffffffffda RBX: 00007f38e21e5fa0 RCX: 00007f38e1f8eec9
[  592.523984][T12613] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000004
[  592.523995][T12613] RBP: 00007f38e2d47090 R08: 0000000000000000 R09: 0000000000000000
[  592.524006][T12613] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  592.524018][T12613] R13: 00007f38e21e6038 R14: 00007f38e21e5fa0 R15: 00007fffe48b3b18
[  592.524047][T12613]  </TASK>
[  593.113641][ T5865] plantronics 0003:047F:FFFF.001D: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  593.614544][T12627] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1537'.
[  593.732387][T12627] netlink: 'syz.1.1537': attribute type 7 has an invalid length.
[  593.772289][T12627] netlink: 'syz.1.1537': attribute type 8 has an invalid length.
[  593.780037][T12627] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1537'.
[  593.803540][T12627] ip6gretap0: entered promiscuous mode
[  593.821808][T12627] syz_tun: entered promiscuous mode
[  593.829036][T12627] ip6gretap0: left promiscuous mode
[  593.834935][T12627] syz_tun: left promiscuous mode
[  593.997069][  T911] usb 5-1: USB disconnect, device number 58
[  594.781729][T12637] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  594.946437][   T30] audit: type=1400 audit(1760514521.079:853): avc:  denied  { map } for  pid=12643 comm="syz.2.1543" path="socket:[36570]" dev="sockfs" ino=36570 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1
[  595.457169][  T911] usb 5-1: new high-speed USB device number 59 using dummy_hcd
[  596.043025][T12661] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1546'.
[  596.084035][T12663] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1547'.
[  596.260342][  T911] usb 5-1: Using ep0 maxpacket: 16
[  596.267722][  T911] usb 5-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  596.292825][  T911] usb 5-1: config 0 interface 0 has no altsetting 0
[  596.745507][  T911] usb 5-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00
[  596.795026][  T911] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  596.830018][  T911] usb 5-1: config 0 descriptor??
[  597.170728][ T5897] usb 3-1: new high-speed USB device number 60 using dummy_hcd
[  597.668916][  T911] nzxt-smart2 0003:1E71:2009.001E: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.4-1/input0
[  597.684337][ T5897] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  597.718408][ T5897] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  597.730314][ T5897] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  597.739894][ T5897] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  597.749882][T12648] netlink: 'syz.4.1544': attribute type 1 has an invalid length.
[  597.757837][T12648] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1544'.
[  597.789785][T12675] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  597.810914][ T5897] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  597.885125][  T911] usb 5-1: USB disconnect, device number 59
[  599.222620][ T5897] usb 3-1: USB disconnect, device number 60
[  599.270524][    T9] usb 4-1: new high-speed USB device number 50 using dummy_hcd
[  599.452169][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  599.470410][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  599.480572][    T9] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  599.968255][    T9] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  599.977395][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  599.996975][    T9] usb 4-1: config 0 descriptor??
[  600.084270][T12702] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1558'.
[  600.099859][   T30] audit: type=1400 audit(1760514526.239:854): avc:  denied  { append } for  pid=12701 comm="syz.1.1558" name="hwrng" dev="devtmpfs" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1
[  600.447906][    T9] plantronics 0003:047F:FFFF.001F: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  600.693499][T12714] tipc: Started in network mode
[  600.700699][T12714] tipc: Node identity 1606a2cd1718, cluster identity 4711
[  600.728918][T12714] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  600.744379][T12714] syzkaller0: entered promiscuous mode
[  600.749936][T12714] syzkaller0: entered allmulticast mode
[  600.917068][T12714] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  600.950489][T12714] tipc: Resetting bearer <eth:syzkaller0>
[  601.265560][T12706] tipc: Resetting bearer <eth:syzkaller0>
[  601.282513][T12729] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1565'.
[  601.293337][ T5977] usb 4-1: USB disconnect, device number 50
[  601.310054][T12706] tipc: Disabling bearer <eth:syzkaller0>
[  601.764696][T12744] syzkaller0: entered promiscuous mode
[  601.786353][T12744] syzkaller0: entered allmulticast mode
[  602.287979][   T30] audit: type=1400 audit(1760514528.239:855): avc:  denied  { write } for  pid=12740 comm="syz.1.1569" path="socket:[36807]" dev="sockfs" ino=36807 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  602.508344][T12758] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=15592 sclass=netlink_route_socket pid=12758 comm=syz.3.1573
[  602.601258][   T30] audit: type=1400 audit(1760514528.659:856): avc:  denied  { read } for  pid=12754 comm="syz.3.1573" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  602.620490][    C0] vkms_vblank_simulate: vblank timer overrun
[  603.770393][  T911] usb 3-1: new high-speed USB device number 61 using dummy_hcd
[  603.809640][   T30] audit: type=1400 audit(1760514529.939:857): avc:  denied  { setopt } for  pid=12766 comm="syz.0.1575" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  604.080121][  T911] usb 3-1: Using ep0 maxpacket: 8
[  604.087269][  T911] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  604.100338][  T911] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  604.109402][  T911] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  604.122621][T12780] syzkaller0: entered promiscuous mode
[  604.128244][T12780] syzkaller0: entered allmulticast mode
[  604.136582][T12358] Bluetooth: hci0: unexpected event 0x0b length: 234 > 11
[  604.149788][  T911] usb 3-1: config 0 descriptor??
[  604.650095][  T911] iowarrior 3-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  604.990929][T12791] netlink: 100 bytes leftover after parsing attributes in process `syz.4.1581'.
[  605.560371][  T911] usb 2-1: new high-speed USB device number 55 using dummy_hcd
[  605.791846][  T911] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  605.803381][  T911] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  605.813520][  T911] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  605.827508][  T911] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  605.836982][  T911] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  605.847912][  T911] usb 2-1: config 0 descriptor??
[  606.152538][T12806] netlink: 'syz.4.1586': attribute type 3 has an invalid length.
[  606.160671][T12806] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.1586'.
[  606.276337][  T911] plantronics 0003:047F:FFFF.0020: hiddev1,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  606.443497][  T911] usb 3-1: USB disconnect, device number 61
[  607.140679][ T5897] usb 2-1: USB disconnect, device number 55
[  607.460218][T12818] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci0/hci0:200/input43
[  607.666128][T12835] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1595'.
[  607.681038][  T911] usb 5-1: new high-speed USB device number 60 using dummy_hcd
[  607.715129][T12835] tipc: Invalid UDP bearer configuration
[  607.716146][T12835] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  607.724989][T12837] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  608.050128][  T911] usb 5-1: New USB device found, idVendor=0572, idProduct=cb01, bcdDevice=26.65
[  608.071787][  T911] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  608.079937][  T911] usb 5-1: Product: syz
[  608.085098][  T911] usb 5-1: Manufacturer: syz
[  608.089830][  T911] usb 5-1: SerialNumber: syz
[  608.122636][  T911] usb 5-1: config 0 descriptor??
[  608.338167][  T911] usb 5-1: ignoring: probably an ADSL modem
[  608.640413][    T9] usb 3-1: new high-speed USB device number 62 using dummy_hcd
[  608.901951][    T9] usb 3-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  608.912367][    T9] usb 3-1: config 27 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  608.923370][    T9] usb 3-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  608.936516][    T9] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  608.946742][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  609.465016][   T24] usb 2-1: new high-speed USB device number 56 using dummy_hcd
[  609.522845][    T9] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  609.546300][    T9] snd-usb-audio 3-1:27.0: probe with driver snd-usb-audio failed with error -2
[  609.675474][   T24] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  609.686724][   T24] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  609.697113][   T24] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  609.716699][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  609.872883][ T5977] usb 4-1: new high-speed USB device number 51 using dummy_hcd
[  610.153677][T12851] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22
[  610.171718][  T911] cxacru 5-1:0.0: usbatm_usb_probe: bind failed: -19!
[  610.181313][   T24] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  610.211144][  T911] usb 5-1: USB disconnect, device number 60
[  610.340309][ T5977] usb 4-1: Using ep0 maxpacket: 8
[  610.348390][ T5977] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  610.366967][ T5977] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  610.405253][ T5977] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  610.772812][ T5977] usb 4-1: config 0 descriptor??
[  610.821305][  T911] usb 5-1: new high-speed USB device number 61 using dummy_hcd
[  610.873615][    T9] usb 2-1: USB disconnect, device number 56
[  610.992375][  T911] usb 5-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  611.007679][ T5977] iowarrior 4-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  611.018154][  T911] usb 5-1: config 27 has 0 interfaces, different from the descriptor's value: 1
[  611.039411][  T911] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  611.049759][  T911] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  611.246338][  T911] usb 3-1: USB disconnect, device number 62
[  612.532603][   T30] audit: type=1400 audit(1760514538.669:858): avc:  denied  { map } for  pid=12881 comm="syz.1.1606" path="socket:[37482]" dev="sockfs" ino=37482 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  612.604902][   T30] audit: type=1400 audit(1760514538.669:859): avc:  denied  { read accept } for  pid=12881 comm="syz.1.1606" path="socket:[37482]" dev="sockfs" ino=37482 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  612.628662][    C0] vkms_vblank_simulate: vblank timer overrun
[  612.675265][   T30] audit: type=1400 audit(1760514538.669:860): avc:  denied  { bind } for  pid=12881 comm="syz.1.1606" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  612.753879][ T5813] usb 4-1: USB disconnect, device number 51
[  613.623085][ T5813] usb 5-1: USB disconnect, device number 61
[  614.141756][T12902] FAULT_INJECTION: forcing a failure.
[  614.141756][T12902] name failslab, interval 1, probability 0, space 0, times 0
[  614.154762][T12902] CPU: 0 UID: 0 PID: 12902 Comm: syz.3.1610 Not tainted syzkaller #0 PREEMPT(full) 
[  614.154789][T12902] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  614.154802][T12902] Call Trace:
[  614.154809][T12902]  <TASK>
[  614.154818][T12902]  dump_stack_lvl+0x16c/0x1f0
[  614.154848][T12902]  should_fail_ex+0x512/0x640
[  614.154876][T12902]  ? __kmalloc_cache_noprof+0x5f/0x780
[  614.154901][T12902]  should_failslab+0xc2/0x120
[  614.154929][T12902]  __kmalloc_cache_noprof+0x72/0x780
[  614.154949][T12902]  ? lockdep_hardirqs_on+0x7c/0x110
[  614.154972][T12902]  ? ceph_get_tree+0x18a/0x1ed0
[  614.155001][T12902]  ? ceph_get_tree+0x18a/0x1ed0
[  614.155024][T12902]  ceph_get_tree+0x18a/0x1ed0
[  614.155047][T12902]  ? vfs_get_tree+0x45/0x340
[  614.155072][T12902]  vfs_get_tree+0x8e/0x340
[  614.155093][T12902]  vfs_cmd_create+0xd7/0x2a0
[  614.155115][T12902]  __do_sys_fsconfig+0x7b8/0xbe0
[  614.155139][T12902]  ? __pfx___do_sys_fsconfig+0x10/0x10
[  614.155175][T12902]  do_syscall_64+0xcd/0xfa0
[  614.155201][T12902]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  614.155222][T12902] RIP: 0033:0x7fe98158eec9
[  614.155239][T12902] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  614.155258][T12902] RSP: 002b:00007fe98242a038 EFLAGS: 00000246 ORIG_RAX: 00000000000001af
[  614.155278][T12902] RAX: ffffffffffffffda RBX: 00007fe9817e6180 RCX: 00007fe98158eec9
[  614.155291][T12902] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 000000000000000b
[  614.155303][T12902] RBP: 00007fe98242a090 R08: 0000000000000000 R09: 0000000000000000
[  614.155316][T12902] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  614.155328][T12902] R13: 00007fe9817e6218 R14: 00007fe9817e6180 R15: 00007ffdfc458698
[  614.155359][T12902]  </TASK>
[  614.991749][T12904] workqueue: Failed to create a rescuer kthread for wq "ceph-completion": -EINTR
[  616.877413][ T5819] Bluetooth: hci3: unexpected event for opcode 0x2029
[  619.521183][T12981] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1627'.
[  619.771069][ T5977] usb 4-1: new high-speed USB device number 52 using dummy_hcd
[  619.960698][ T5865] usb 5-1: new high-speed USB device number 62 using dummy_hcd
[  620.207442][ T5977] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  620.264305][ T5977] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  620.332847][ T5977] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  620.389246][ T5977] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  620.398550][ T5865] usb 5-1: Using ep0 maxpacket: 32
[  620.442129][ T5865] usb 5-1: config 0 interface 0 has no altsetting 0
[  620.578770][ T5977] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  620.591816][ T5865] usb 5-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  620.640049][ T5865] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  620.649176][ T5977] usb 4-1: config 0 descriptor??
[  620.656019][ T5865] usb 5-1: Product: syz
[  620.663870][ T5865] usb 5-1: Manufacturer: syz
[  620.668741][ T5865] usb 5-1: SerialNumber: syz
[  620.687918][ T5865] usb 5-1: config 0 descriptor??
[  620.992995][   T30] audit: type=1400 audit(1760514546.979:861): avc:  denied  { module_load } for  pid=12996 comm="syz.0.1632" path="/sys/power/wakeup_count" dev="sysfs" ino=1413 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=system permissive=1
[  621.224950][ T5865] gs_usb 5-1:0.0: Configuring for 1 interfaces
[  621.245554][ T5977] usbhid 4-1:0.0: can't add hid device: -71
[  621.294191][ T5977] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  621.330350][ T5977] usb 4-1: USB disconnect, device number 52
[  621.660465][ T5865] gs_usb 5-1:0.0: Couldn't get bit timing const for channel 0 (-EPROTO)
[  621.685619][ T5865] gs_usb 5-1:0.0: probe with driver gs_usb failed with error -71
[  621.728177][ T5865] usb 5-1: USB disconnect, device number 62
[  621.974487][T13024] lo: entered allmulticast mode
[  621.979758][T13024] lo: entered promiscuous mode
[  621.985396][T13024] lo: left promiscuous mode
[  621.990220][T13024] lo: left allmulticast mode
[  622.152374][ T5977] usb 4-1: new high-speed USB device number 53 using dummy_hcd
[  623.110458][    T9] usb 2-1: new high-speed USB device number 57 using dummy_hcd
[  623.476896][ T5977] usb 4-1: config index 0 descriptor too short (expected 39, got 27)
[  623.523343][ T5977] usb 4-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  623.619599][ T5977] usb 4-1: config 0 interface 0 has no altsetting 0
[  623.645349][ T5977] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  623.658822][ T5977] usb 4-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  623.722310][    T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  623.753414][    T9] usb 2-1: New USB device found, idVendor=1781, idProduct=0938, bcdDevice=9b.49
[  623.762762][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  623.780594][    T9] usb 2-1: Product: syz
[  623.784876][    T9] usb 2-1: Manufacturer: syz
[  623.789471][    T9] usb 2-1: SerialNumber: syz
[  623.801533][    T9] usb 2-1: config 0 descriptor??
[  623.833233][ T5977] usb 4-1: Product: syz
[  623.837922][ T5977] usb 4-1: Manufacturer: syz
[  623.842577][ T5977] usb 4-1: SerialNumber: syz
[  623.856930][ T5977] usb 4-1: config 0 descriptor??
[  623.866788][ T5977] hub 4-1:0.0: bad descriptor, ignoring hub
[  623.879721][ T5977] hub 4-1:0.0: probe with driver hub failed with error -5
[  624.370565][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  624.376945][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  624.388932][   T30] audit: type=1400 audit(1760514550.109:862): avc:  denied  { setopt } for  pid=13033 comm="syz.0.1644" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  624.471008][T13043] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci0/hci0:200/input44
[  624.500138][ T5977] usb 4-1: selecting invalid altsetting 0
[  624.528554][T13024] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  624.570549][   T30] audit: type=1400 audit(1760514550.689:863): avc:  denied  { mounton } for  pid=13015 comm="syz.3.1639" path="/334/file0" dev="tmpfs" ino=1789 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=fifo_file permissive=1
[  625.237915][T13044] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=19 sclass=netlink_audit_socket pid=13044 comm=syz.3.1639
[  625.280382][    T9] usb 2-1: USB disconnect, device number 57
[  625.822830][T13061] netlink: 116 bytes leftover after parsing attributes in process `syz.0.1650'.
[  625.898392][T13060] bridge_slave_1: entered promiscuous mode
[  626.783858][T13072] netlink: 100 bytes leftover after parsing attributes in process `syz.1.1652'.
[  629.250506][   T43] usb 4-1: USB disconnect, device number 53
[  629.388867][T13083] IPVS: set_ctl: invalid protocol: 2 10.1.1.1:20001
[  629.415302][T13083] input: syz1 as /devices/virtual/input/input45
[  630.130453][    T9] usb 2-1: new high-speed USB device number 58 using dummy_hcd
[  630.317271][    T9] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  630.352533][    T9] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  630.382851][    T9] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  630.395854][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  630.407225][T13084] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  630.421105][    T9] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  631.715783][    T9] usb 2-1: USB disconnect, device number 58
[  631.971321][T10352] usb 4-1: new high-speed USB device number 54 using dummy_hcd
[  632.042172][T13113] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  632.049627][T13113] batman_adv: batadv0: Removing interface: batadv_slave_0
[  632.061378][T13113] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  632.068954][T13113] batman_adv: batadv0: Removing interface: batadv_slave_1
[  632.115576][T13115] can: request_module (can-proto-0) failed.
[  632.162049][T10352] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  632.172644][T10352] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  632.187520][T10352] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  632.212108][T10352] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  632.220553][T10352] usb 4-1: Product: syz
[  632.224856][T10352] usb 4-1: Manufacturer: syz
[  632.229525][T10352] usb 4-1: SerialNumber: syz
[  632.239583][T10352] cdc_mbim 4-1:1.0: skipping garbage
[  632.245134][T10352] usb 4-1: selecting invalid altsetting 1
[  632.444633][T10352] cdc_mbim 4-1:1.0: bind() failure
[  632.934739][T10352] usb 4-1: USB disconnect, device number 54
[  634.826496][T13146] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1677'.
[  635.191778][   T30] audit: type=1400 audit(1760514561.319:864): avc:  denied  { create } for  pid=13145 comm="syz.3.1677" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  635.245075][   T30] audit: type=1400 audit(1760514561.319:865): avc:  denied  { setopt } for  pid=13145 comm="syz.3.1677" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  636.853308][T13165] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1680'.
[  637.329676][   T43] usb 3-1: new high-speed USB device number 63 using dummy_hcd
[  637.931426][   T43] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  637.950734][   T43] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  638.230974][T13176] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1683'.
[  638.379011][   T43] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  638.415665][   T43] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  638.456300][   T43] usb 3-1: SerialNumber: syz
[  638.553672][T13183] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1680'.
[  639.007052][   T43] usb 3-1: 0:2 : does not exist
[  639.007569][T13191] kvm: kvm [13190]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc2) = 0x9d00
[  639.021451][T13191] kvm: kvm [13190]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc1) = 0x9d00
[  639.061483][   T43] usb 3-1: unit 5: unexpected type 0x09
[  639.115540][   T43] usb 3-1: USB disconnect, device number 63
[  639.300492][   T30] audit: type=1400 audit(1760514565.419:866): avc:  denied  { read } for  pid=13195 comm="syz.3.1688" name="snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  639.337423][   T30] audit: type=1400 audit(1760514565.429:867): avc:  denied  { open } for  pid=13195 comm="syz.3.1688" path="/dev/snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  639.374241][T13196] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  639.392957][T13196] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  639.424530][T13196] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  639.503268][T13196] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  639.548611][T13196] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  639.601780][T13196] ==================================================================
[  639.609865][T13196] BUG: KASAN: slab-out-of-bounds in __list_del_entry_valid_or_report+0x1d4/0x200
[  639.619006][T13196] Read of size 8 at addr ffff888034c5d568 by task syz.3.1688/13196
[  639.626909][T13196] 
[  639.629231][T13196] CPU: 0 UID: 0 PID: 13196 Comm: syz.3.1688 Not tainted syzkaller #0 PREEMPT(full) 
[  639.629260][T13196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  639.629274][T13196] Call Trace:
[  639.629283][T13196]  <TASK>
[  639.629294][T13196]  dump_stack_lvl+0x116/0x1f0
[  639.629325][T13196]  print_report+0xcd/0x630
[  639.629356][T13196]  ? __virt_addr_valid+0x81/0x610
[  639.629379][T13196]  ? __phys_addr+0xe8/0x180
[  639.629403][T13196]  ? __list_del_entry_valid_or_report+0x1d4/0x200
[  639.629438][T13196]  kasan_report+0xe0/0x110
[  639.629469][T13196]  ? __list_del_entry_valid_or_report+0x1d4/0x200
[  639.629505][T13196]  __list_del_entry_valid_or_report+0x1d4/0x200
[  639.629539][T13196]  bt_accept_unlink+0x34/0x2d0
[  639.629562][T13196]  l2cap_sock_teardown_cb+0x1a3/0x3c0
[  639.629591][T13196]  l2cap_chan_del+0xbd/0x8f0
[  639.629625][T13196]  l2cap_conn_del+0x37a/0x730
[  639.629661][T13196]  l2cap_connect_cfm+0x9e1/0xf80
[  639.629693][T13196]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  639.629717][T13196]  ? hci_connect_le_scan_cleanup+0xb6/0x6b0
[  639.629747][T13196]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  639.629770][T13196]  hci_conn_failed+0x1bd/0x330
[  639.629799][T13196]  hci_abort_conn_sync+0x76a/0xb20
[  639.629830][T13196]  ? __pfx_hci_abort_conn_sync+0x10/0x10
[  639.629859][T13196]  ? find_held_lock+0x2b/0x80
[  639.629880][T13196]  ? hci_disconnect_all_sync.constprop.0+0x77/0x3c0
[  639.629911][T13196]  ? hci_disconnect_all_sync.constprop.0+0x77/0x3c0
[  639.629941][T13196]  hci_disconnect_all_sync.constprop.0+0x104/0x3c0
[  639.629973][T13196]  hci_suspend_sync+0x821/0xb20
[  639.630003][T13196]  ? __pfx_enable_work+0x10/0x10
[  639.630034][T13196]  ? __pfx_hci_suspend_sync+0x10/0x10
[  639.630068][T13196]  hci_suspend_dev+0x308/0x500
[  639.630092][T13196]  ? __pfx_hci_suspend_dev+0x10/0x10
[  639.630114][T13196]  ? kobject_put+0x44/0x5a0
[  639.630141][T13196]  ? kobject_get+0xbb/0x150
[  639.630167][T13196]  hci_suspend_notifier+0x28d/0x2f0
[  639.630193][T13196]  notifier_call_chain+0xbc/0x410
[  639.630218][T13196]  ? __pfx_hci_suspend_notifier+0x10/0x10
[  639.630246][T13196]  blocking_notifier_call_chain_robust+0xc8/0x160
[  639.630269][T13196]  ? __pfx_blocking_notifier_call_chain_robust+0x10/0x10
[  639.630293][T13196]  ? do_raw_spin_unlock+0x172/0x230
[  639.630320][T13196]  pm_notifier_call_chain_robust+0x27/0x60
[  639.630346][T13196]  snapshot_open+0x189/0x2b0
[  639.630370][T13196]  ? __pfx_snapshot_open+0x10/0x10
[  639.630395][T13196]  misc_open+0x26d/0x450
[  639.630419][T13196]  ? __pfx_misc_open+0x10/0x10
[  639.630443][T13196]  chrdev_open+0x234/0x6a0
[  639.630473][T13196]  ? __pfx_chrdev_open+0x10/0x10
[  639.630502][T13196]  ? fsnotify_open_perm_and_set_mode+0x17c/0xa60
[  639.630535][T13196]  do_dentry_open+0x982/0x1530
[  639.630562][T13196]  ? __pfx_chrdev_open+0x10/0x10
[  639.630593][T13196]  vfs_open+0x82/0x3f0
[  639.630626][T13196]  path_openat+0x1de4/0x2cb0
[  639.630658][T13196]  ? __pfx_path_openat+0x10/0x10
[  639.630696][T13196]  ? __lock_acquire+0xb8a/0x1c90
[  639.630725][T13196]  do_filp_open+0x20b/0x470
[  639.630754][T13196]  ? __pfx_do_filp_open+0x10/0x10
[  639.630796][T13196]  ? alloc_fd+0x471/0x7d0
[  639.630827][T13196]  do_sys_openat2+0x11b/0x1d0
[  639.630847][T13196]  ? __pfx_do_sys_openat2+0x10/0x10
[  639.630872][T13196]  __x64_sys_openat+0x174/0x210
[  639.630893][T13196]  ? __pfx___x64_sys_openat+0x10/0x10
[  639.630919][T13196]  do_syscall_64+0xcd/0xfa0
[  639.630946][T13196]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  639.630968][T13196] RIP: 0033:0x7fe98158eec9
[  639.630986][T13196] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  639.631007][T13196] RSP: 002b:00007fe98246c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  639.631027][T13196] RAX: ffffffffffffffda RBX: 00007fe9817e5fa0 RCX: 00007fe98158eec9
[  639.631042][T13196] RDX: 0000000000101080 RSI: 0000200000000080 RDI: ffffffffffffff9c
[  639.631055][T13196] RBP: 00007fe981611f91 R08: 0000000000000000 R09: 0000000000000000
[  639.631069][T13196] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  639.631083][T13196] R13: 00007fe9817e6038 R14: 00007fe9817e5fa0 R15: 00007ffdfc458698
[  639.631107][T13196]  </TASK>
[  639.631115][T13196] 
[  640.036835][T13196] Allocated by task 11939:
[  640.041224][T13196]  kasan_save_stack+0x33/0x60
[  640.045884][T13196]  kasan_save_track+0x14/0x30
[  640.050544][T13196]  __kasan_kmalloc+0xaa/0xb0
[  640.055131][T13196]  __kmalloc_noprof+0x32f/0x880
[  640.059959][T13196]  fbcon_set_font+0x42e/0xc90
[  640.064608][T13196]  con_font_op+0x77e/0x1040
[  640.069089][T13196]  vt_ioctl+0x48f/0x30a0
[  640.073305][T13196]  tty_ioctl+0x661/0x1680
[  640.077620][T13196]  __x64_sys_ioctl+0x18e/0x210
[  640.082363][T13196]  do_syscall_64+0xcd/0xfa0
[  640.086843][T13196]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  640.092724][T13196] 
[  640.095018][T13196] The buggy address belongs to the object at ffff888034c5d000
[  640.095018][T13196]  which belongs to the cache kmalloc-2k of size 2048
[  640.109051][T13196] The buggy address is located 344 bytes to the right of
[  640.109051][T13196]  allocated 1040-byte region [ffff888034c5d000, ffff888034c5d410)
[  640.123776][T13196] 
[  640.126077][T13196] The buggy address belongs to the physical page:
[  640.132456][T13196] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x34c58
[  640.141206][T13196] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  640.149677][T13196] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  640.157212][T13196] page_type: f5(slab)
[  640.161178][T13196] raw: 00fff00000000040 ffff88813ff27000 dead000000000100 dead000000000122
[  640.169734][T13196] raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
[  640.178295][T13196] head: 00fff00000000040 ffff88813ff27000 dead000000000100 dead000000000122
[  640.186951][T13196] head: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
[  640.195624][T13196] head: 00fff00000000003 ffffea0000d31601 00000000ffffffff 00000000ffffffff
[  640.204268][T13196] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  640.212904][T13196] page dumped because: kasan: bad access detected
[  640.219296][T13196] page_owner tracks the page as allocated
[  640.224990][T13196] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5810, tgid 5810 (syz-executor), ts 69514855727, free_ts 68638375762
[  640.246320][T13196]  post_alloc_hook+0x1c0/0x230
[  640.251063][T13196]  get_page_from_freelist+0x10a3/0x3a30
[  640.256584][T13196]  __alloc_frozen_pages_noprof+0x25f/0x2470
[  640.262452][T13196]  alloc_pages_mpol+0x1fb/0x550
[  640.267278][T13196]  new_slab+0x24a/0x360
[  640.271404][T13196]  ___slab_alloc+0xdc4/0x1ae0
[  640.276051][T13196]  __slab_alloc.constprop.0+0x63/0x110
[  640.281485][T13196]  __kmalloc_noprof+0x501/0x880
[  640.286307][T13196]  ops_init+0x77/0x5f0
[  640.290352][T13196]  setup_net+0x100/0x390
[  640.294577][T13196]  copy_net_ns+0x2f8/0x690
[  640.298967][T13196]  create_new_namespaces+0x3ea/0xa90
[  640.304223][T13196]  unshare_nsproxy_namespaces+0xc0/0x1f0
[  640.309822][T13196]  ksys_unshare+0x45b/0xa40
[  640.314317][T13196]  __x64_sys_unshare+0x31/0x40
[  640.319050][T13196]  do_syscall_64+0xcd/0xfa0
[  640.323524][T13196] page last free pid 0 tgid 0 stack trace:
[  640.329296][T13196]  __free_frozen_pages+0x7df/0x1160
[  640.334466][T13196]  __folio_put+0x329/0x450
[  640.338863][T13196]  skb_release_data+0x81a/0x9e0
[  640.343689][T13196]  napi_consume_skb+0x15a/0x220
[  640.348517][T13196]  skb_defer_free_flush+0x1e2/0x280
[  640.353688][T13196]  net_rx_action+0x3b3/0xef0
[  640.358248][T13196]  handle_softirqs+0x219/0x8e0
[  640.362991][T13196]  __irq_exit_rcu+0x109/0x170
[  640.367641][T13196]  irq_exit_rcu+0x9/0x30
[  640.371854][T13196]  common_interrupt+0xbf/0xe0
[  640.376508][T13196]  asm_common_interrupt+0x26/0x40
[  640.381504][T13196] 
[  640.383801][T13196] Memory state around the buggy address:
[  640.389407][T13196]  ffff888034c5d400: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  640.397448][T13196]  ffff888034c5d480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  640.405481][T13196] >ffff888034c5d500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  640.413508][T13196]                                                           ^
[  640.420931][T13196]  ffff888034c5d580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  640.428963][T13196]  ffff888034c5d600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  640.436994][T13196] ==================================================================
[  640.587839][T13196] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  640.595063][T13196] CPU: 0 UID: 0 PID: 13196 Comm: syz.3.1688 Not tainted syzkaller #0 PREEMPT(full) 
[  640.604434][T13196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  640.614484][T13196] Call Trace:
[  640.617754][T13196]  <TASK>
[  640.620676][T13196]  dump_stack_lvl+0x3d/0x1f0
[  640.625268][T13196]  vpanic+0x640/0x6f0
[  640.629253][T13196]  panic+0xca/0xd0
[  640.632969][T13196]  ? __pfx_panic+0x10/0x10
[  640.637383][T13196]  ? __list_del_entry_valid_or_report+0x1d4/0x200
[  640.643813][T13196]  ? preempt_schedule_common+0x44/0xc0
[  640.649285][T13196]  ? preempt_schedule_thunk+0x16/0x30
[  640.654676][T13196]  check_panic_on_warn+0xab/0xb0
[  640.659629][T13196]  end_report+0x107/0x170
[  640.663978][T13196]  kasan_report+0xee/0x110
[  640.668411][T13196]  ? __list_del_entry_valid_or_report+0x1d4/0x200
[  640.674847][T13196]  __list_del_entry_valid_or_report+0x1d4/0x200
[  640.681107][T13196]  bt_accept_unlink+0x34/0x2d0
[  640.685870][T13196]  l2cap_sock_teardown_cb+0x1a3/0x3c0
[  640.691235][T13196]  l2cap_chan_del+0xbd/0x8f0
[  640.695825][T13196]  l2cap_conn_del+0x37a/0x730
[  640.700499][T13196]  l2cap_connect_cfm+0x9e1/0xf80
[  640.705425][T13196]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  640.710866][T13196]  ? hci_connect_le_scan_cleanup+0xb6/0x6b0
[  640.716751][T13196]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  640.722193][T13196]  hci_conn_failed+0x1bd/0x330
[  640.726947][T13196]  hci_abort_conn_sync+0x76a/0xb20
[  640.732051][T13196]  ? __pfx_hci_abort_conn_sync+0x10/0x10
[  640.737676][T13196]  ? find_held_lock+0x2b/0x80
[  640.742333][T13196]  ? hci_disconnect_all_sync.constprop.0+0x77/0x3c0
[  640.748910][T13196]  ? hci_disconnect_all_sync.constprop.0+0x77/0x3c0
[  640.755490][T13196]  hci_disconnect_all_sync.constprop.0+0x104/0x3c0
[  640.761983][T13196]  hci_suspend_sync+0x821/0xb20
[  640.766825][T13196]  ? __pfx_enable_work+0x10/0x10
[  640.771760][T13196]  ? __pfx_hci_suspend_sync+0x10/0x10
[  640.777124][T13196]  hci_suspend_dev+0x308/0x500
[  640.781873][T13196]  ? __pfx_hci_suspend_dev+0x10/0x10
[  640.787146][T13196]  ? kobject_put+0x44/0x5a0
[  640.791644][T13196]  ? kobject_get+0xbb/0x150
[  640.796142][T13196]  hci_suspend_notifier+0x28d/0x2f0
[  640.801332][T13196]  notifier_call_chain+0xbc/0x410
[  640.806344][T13196]  ? __pfx_hci_suspend_notifier+0x10/0x10
[  640.812054][T13196]  blocking_notifier_call_chain_robust+0xc8/0x160
[  640.818457][T13196]  ? __pfx_blocking_notifier_call_chain_robust+0x10/0x10
[  640.825466][T13196]  ? do_raw_spin_unlock+0x172/0x230
[  640.830661][T13196]  pm_notifier_call_chain_robust+0x27/0x60
[  640.836455][T13196]  snapshot_open+0x189/0x2b0
[  640.841031][T13196]  ? __pfx_snapshot_open+0x10/0x10
[  640.846125][T13196]  misc_open+0x26d/0x450
[  640.850354][T13196]  ? __pfx_misc_open+0x10/0x10
[  640.855100][T13196]  chrdev_open+0x234/0x6a0
[  640.859506][T13196]  ? __pfx_chrdev_open+0x10/0x10
[  640.864436][T13196]  ? fsnotify_open_perm_and_set_mode+0x17c/0xa60
[  640.870753][T13196]  do_dentry_open+0x982/0x1530
[  640.875509][T13196]  ? __pfx_chrdev_open+0x10/0x10
[  640.880437][T13196]  vfs_open+0x82/0x3f0
[  640.884497][T13196]  path_openat+0x1de4/0x2cb0
[  640.889078][T13196]  ? __pfx_path_openat+0x10/0x10
[  640.894010][T13196]  ? __lock_acquire+0xb8a/0x1c90
[  640.898937][T13196]  do_filp_open+0x20b/0x470
[  640.903429][T13196]  ? __pfx_do_filp_open+0x10/0x10
[  640.908451][T13196]  ? alloc_fd+0x471/0x7d0
[  640.912773][T13196]  do_sys_openat2+0x11b/0x1d0
[  640.917432][T13196]  ? __pfx_do_sys_openat2+0x10/0x10
[  640.922618][T13196]  __x64_sys_openat+0x174/0x210
[  640.927457][T13196]  ? __pfx___x64_sys_openat+0x10/0x10
[  640.932814][T13196]  do_syscall_64+0xcd/0xfa0
[  640.937308][T13196]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  640.943183][T13196] RIP: 0033:0x7fe98158eec9
[  640.947585][T13196] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  640.967176][T13196] RSP: 002b:00007fe98246c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  640.975580][T13196] RAX: ffffffffffffffda RBX: 00007fe9817e5fa0 RCX: 00007fe98158eec9
[  640.983534][T13196] RDX: 0000000000101080 RSI: 0000200000000080 RDI: ffffffffffffff9c
[  640.991490][T13196] RBP: 00007fe981611f91 R08: 0000000000000000 R09: 0000000000000000
[  640.999441][T13196] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  641.007394][T13196] R13: 00007fe9817e6038 R14: 00007fe9817e5fa0 R15: 00007ffdfc458698
[  641.015359][T13196]  </TASK>
[  641.018586][T13196] Kernel Offset: disabled
[  641.022883][T13196] Rebooting in 86400 seconds..