last executing test programs:

12.615022442s ago: executing program 2 (id=871):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ipvs(&(0x7f0000001b40), r0)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x103)
r1 = inotify_init1(0x80000)
prlimit64(0x0, 0xe, &(0x7f0000000340)={0xd, 0x200200090}, 0x0)
sched_setscheduler(0x0, 0x5, &(0x7f0000000140)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000040)=0x7)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = syz_io_uring_setup(0x9a, &(0x7f0000000640)={0x0, 0x5867, 0x10, 0xfffffffc, 0x24d}, &(0x7f0000000000)=<r6=>0x0, &(0x7f00000001c0)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f00000002c0)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r5, 0x100847c0, 0x0, 0x1, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r8, 0x0, 0x8}, 0x18)
inotify_add_watch(r1, &(0x7f00000000c0)='./file0\x00', 0x200)
unlinkat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0)
r9 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$SIOCX25SFACILITIES(r9, 0x89e3, 0x0)

11.529397675s ago: executing program 2 (id=873):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x6)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$full(0xffffffffffffff9c, &(0x7f00000002c0), 0x2040, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2f00000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000000000008500000006000000850000000700000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = socket$inet(0x2, 0x2, 0x1)
setsockopt$inet_int(r1, 0x0, 0x13, &(0x7f0000000040)=0x7, 0x4)
bind$inet(r1, &(0x7f0000000140)={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)
pipe(&(0x7f0000000140)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
read$FUSE(r2, &(0x7f0000001380)={0x2020}, 0x2020)
vmsplice(r3, &(0x7f0000000240)=[{&(0x7f0000001340)="e6", 0xfffffeff}], 0x1, 0x0)
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f00000000c0)='veth1_vlan\x00', 0x10)
sendmsg$inet(r1, &(0x7f0000000080)={&(0x7f0000000000)={0x2, 0x4e21, @remote}, 0x10, &(0x7f0000000240)=[{&(0x7f0000000200)="08001efbb0", 0x5}, {&(0x7f0000000180)="d0849e", 0x3}], 0x2, 0x0, 0x0, 0x60000000}, 0x20000004)
timer_getoverrun(0x0)
socket$nl_route(0x10, 0x3, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
creat(&(0x7f00000000c0)='./bus\x00', 0x182)
ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x400454a4, &(0x7f00000000c0))

11.231177579s ago: executing program 2 (id=877):
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
unshare(0x66000080)
r1 = socket$netlink(0x10, 0x3, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100009dea7840b418fbff7bdc010203010902"], 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'veth1_macvtap\x00', <r2=>0x0})
r3 = gettid()
setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, &(0x7f0000000280)=0x8, 0x4)
sendmsg$nl_route(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=ANY=[@ANYBLOB="2800000010000100"/18, @ANYRES32=r2, @ANYBLOB="6d3082610000000008001300", @ANYRES32=r3], 0x28}}, 0x0)
recvmmsg(r0, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}, 0x2}, {{0x0, 0x0, 0x0}, 0x6}, {{0x0, 0x0, 0x0}, 0x1}], 0x3, 0x40000120, 0x0)

8.611513285s ago: executing program 3 (id=885):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)={{0x14}, [@NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x801, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x20, 0x4, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @meta={{0x9}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_META_KEY={0x8, 0x2, 0x1, 0x0, 0xb}]}}}]}]}], {0x14}}, 0x9c}, 0x1, 0x0, 0x0, 0x50}, 0x0) (fail_nth: 4)

8.214409834s ago: executing program 3 (id=886):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
sendmsg$inet_sctp(r0, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000080), 0x0, 0x0, 0x0, 0x804c044}, 0x881)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
syz_usb_connect(0x2, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100009ac0b620110f211066865578ac0109029c000100000400090400bf900b64ea00090587", @ANYRES16], 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r1, &(0x7f0000000040)=""/4092, 0xffc) (fail_nth: 4)

8.033107771s ago: executing program 1 (id=888):
prctl$PR_SET_IO_FLUSHER(0x43, 0xfffffffffffffffd)
mmap(&(0x7f00003d0000/0x1000)=nil, 0x1000, 0x0, 0xb5972, 0xffffffffffffffff, 0x0)
r0 = socket$igmp6(0xa, 0x3, 0x2)
r1 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_mreqsrc(r1, 0x0, 0x27, &(0x7f0000000280)={@multicast2, @local, @remote}, 0xc)
socket$kcm(0x2, 0x5, 0x84)
syz_emit_ethernet(0x2a, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000000fd0a763bb9fc00000008004500081c0007000000029078ac1e0001e0000001167c9078ac141430"], 0x0)
ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
write$RDMA_USER_CM_CMD_BIND_IP(0xffffffffffffffff, 0x0, 0x0)
r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{0x0}, {0x0}], 0x2}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000005c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4}, 0x50)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8b18, &(0x7f0000000000)={'wlan0\x00'})

7.186375332s ago: executing program 2 (id=890):
set_mempolicy(0x6005, &(0x7f0000000080)=0xfffffffffffffffd, 0x4)
r0 = syz_clone(0x42000000, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000200)='kmem_cache_free\x00'}, 0x18)
syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
prlimit64(r0, 0xe, &(0x7f00000000c0)={0xfffffffffffffff5, 0x83}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='cachefiles_link\x00'}, 0x18)
socket$inet_tcp(0x2, 0x1, 0x0)
r3 = syz_usb_connect(0x0, 0x2d, &(0x7f00000003c0)=ANY=[@ANYBLOB="12010000413f5f201d0650c16fce0102030109021b00010000100009043300011870fd00090582020002"], 0x0)
syz_usb_control_io$printer(r3, 0x0, 0x0)
syz_usb_ep_write$ath9k_ep1(r3, 0x82, 0x12, &(0x7f0000000000)=ANY=[@ANYBLOB="a200004ef3b11f948ef66b0ee0b3d41b1b", @ANYRES32=r3])
ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000100)='cgroup\x00')
r5 = syz_open_dev$sndpcmp(&(0x7f0000000040), 0x0, 0x200000)
ioctl$SNDRV_PCM_IOCTL_HW_PARAMS_OLD(r5, 0xc1004111, &(0x7f0000000240)={0x100, [0x2, 0x7c, 0x9], [{0x1600000, 0x0, 0x1, 0x1}, {0x4, 0x2, 0x0, 0x0, 0x1}, {0x6, 0x7, 0x1, 0x0, 0x1}, {0x5, 0x8, 0x1}, {0x1, 0x7f, 0x0, 0x0, 0x1}, {0x4, 0x80000000, 0x1, 0x0, 0x1}, {0xfffffffe, 0x4, 0x0, 0x0, 0x1, 0x1}, {0xc7a7, 0x2, 0x0, 0x1, 0x1}, {0x8, 0x51926c55, 0x0, 0x1, 0x1}, {0x4, 0x8}, {0x3280, 0x5, 0x1, 0x1, 0x1}, {0xa4, 0x1, 0x0, 0x1, 0x1}], 0x4080000})
pread64(r4, &(0x7f00000029c0)=""/4096, 0x1000, 0xd36)

6.919220046s ago: executing program 4 (id=892):
r0 = openat$fb0(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000100)={0x400, 0x300, 0x550, 0x40, 0x1000, 0xfffffffc, 0xd968d5b908ac0cde, 0x0, {0x600, 0x8, 0x1}, {0x350}, {0x28}, {0x0, 0x8, 0x1002}, 0x1, 0x100, 0x0, 0xd614, 0x0, 0x0, 0xffff, 0x0, 0x2, 0x0, 0x0, 0x0, 0x8, 0x4, 0x0, 0xb})

6.826284286s ago: executing program 1 (id=893):
r0 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r0, &(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x3, {0x42, 0x2, 0xffffffff}}, 0x10)
openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
socket(0xa, 0x3, 0xff)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$misdntimer(0xffffffffffffff9c, &(0x7f0000001440), 0x0, 0x0)
r2 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, &(0x7f0000001340))
ioctl$SNDCTL_DSP_CHANNELS(r2, 0xc0045006, &(0x7f0000000180)=0x6f)
r3 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
read$dsp(r3, &(0x7f00000002c0)=""/4096, 0x1000)
write$dsp(r2, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
r4 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000000), 0x4000, 0x0)
read$dsp(r4, &(0x7f0000000080)=""/43, 0x2b)
socket$inet_udp(0x2, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x1)
removexattr(0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000300)=0x2)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
socket(0x400000000010, 0x3, 0x0)

6.763153964s ago: executing program 4 (id=894):
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f00000004c0))
r1 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
r3 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000004800000001"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000019050000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r5}, 0x7)
ioctl$IOCTL_GET_NCIDEV_IDX(r3, 0x0, &(0x7f0000000000)=<r6=>0x0)
bind$nfc_llcp(r2, &(0x7f0000001040)={0x27, r6, 0xffffffffffffffff, 0x5, 0x2, 0x0, "d32984bd1ca44c066af5160e961701a077609475b78411e88509de050000000000f2170e65e3f50327e422000000000000000000001200000000001900", 0x80000000000003c}, 0x60)
openat$userio(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0)
r7 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x3c, 0x800000000004, @tid=r7}, &(0x7f0000bbdffc)=<r8=>0x0)
timer_settime(r8, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
clock_gettime(0x0, &(0x7f0000000140)={<r9=>0x0, <r10=>0x0})
timer_settime(r8, 0x1, &(0x7f0000000180)={{0x0, 0x3938700}, {r9, r10+60000000}}, 0x0)
r11 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r11, &(0x7f00000000c0)={0x27, r6, 0x1, 0x4, 0x0, 0xff, "bac5115c7dad488702b535116fad55baf63cdd52fc30106310abb622a1c3c01c13c04df6b906288e64e96754059e65c39c5759b069d6e6d9589e5f2348878c", 0x24}, 0x60)
bind$nfc_llcp(r11, &(0x7f0000000240)={0x27, r6, 0x0, 0x1, 0x0, 0x6, "e88509de7f1939e8abff005597c8ef039a5be42200", 0x17}, 0x60)
r12 = syz_open_dev$I2C(&(0x7f0000000200), 0xfff, 0x200)
ioctl$I2C_RETRIES(r12, 0x701, 0x3)
socket$nl_route(0x10, 0x3, 0x0)
listen(r11, 0x80000004)
accept4(r1, 0x0, 0x0, 0x800)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r13 = syz_open_dev$MSR(&(0x7f00000001c0), 0xfffffffffffffffe, 0x0)
read$msr(r13, &(0x7f0000019680)=""/102392, 0x18ff8)

6.415520812s ago: executing program 4 (id=895):
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r1 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0)
write$selinux_attr(r1, &(0x7f0000000100)='system_u:object_r:hugetlbfs_t:s0\x00', 0x1d)
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, 0x0, 0x0, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r4 = socket$pppl2tp(0x18, 0x1, 0x1)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x9, 0x4, 0xfff, 0x5}, 0x50)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0x8, 0x6, 0x1}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000580)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
connect$pppl2tp(r4, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r5, 0x2, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, 0x32)
sendmmsg(r4, &(0x7f0000004380)=[{{0x0, 0x0, 0x0}}], 0x34000, 0x0)
r6 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000080)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0)
syz_usb_control_io(r6, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000001a80)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r7 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$FS_IOC_GETVERSION(r7, 0x40045b0a, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newlink={0x38, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x40004}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gtp={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GTP_CREATE_SOCKETS={0x5}]}}}]}, 0x38}}, 0x0)

5.4944294s ago: executing program 3 (id=897):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
mknod$loop(0x0, 0x0, 0x1)
timerfd_create(0x9, 0x800)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r3, 0xffffffffffffffff, 0x0) (fail_nth: 1)

5.358707467s ago: executing program 3 (id=898):
rmdir(&(0x7f0000000000)='./file0\x00')
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000040)=<r0=>0x0)
sched_setattr(r0, &(0x7f0000000080)={0x38, 0xf4c9e0cb8d56e4a5, 0x39, 0x8, 0x3, 0x8, 0x5, 0x39, 0x80, 0x7}, 0x0)
prctl$PR_GET_SECCOMP(0x15)
prctl$PR_GET_SECCOMP(0x15)
prctl$PR_GET_SECCOMP(0x15)
prctl$PR_GET_SECCOMP(0x15)
prctl$PR_GET_SECCOMP(0x15)
setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, &(0x7f00000000c0), 0x4)
prctl$PR_GET_SECCOMP(0x15)
prctl$PR_GET_SECCOMP(0x15)
r1 = fspick(0xffffffffffffffff, &(0x7f0000000100)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x1)
r2 = fsmount(r1, 0x0, 0x4)
r3 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000180), 0x101201, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f00000001c0)={0x80000008})
prctl$PR_GET_SECCOMP(0x15)
timer_create(0x3, &(0x7f0000000380)={0x0, 0x1a, 0x1, @thr={&(0x7f0000000200)="a88b857db48aaaffd415b0ddd604ea32f710835070dd37f69796a8fdfe0fda456d1ed2df96412e4f91dfaf4d7297d0374460d32d76830dc98e7f7a267d1a1cd3adf73f066419aac0a05781d56cc5627f4e80f31bf9f85ae35d76e97526c8652b", &(0x7f0000000280)="f7dac8ebf7dfdbc2786638d3b9ab117dd2c2ef3a51678404932f0820b22e18ff44f26bbd0ff38f019a2dbd9ddf7453700c1b73dfea34a6ff298d5065070859d5459e8eb81fd8a9d2049393dd601b334bb819fcd579f506126bff32f2aa9e728412f4591bd82369dda1bec15cf884a8d61f3c3a71f0e7901b436db346c1399fd81035a70e89ba96a62a9efa337e500de1ef1f1e6b8206129afe6547800200f0f01394b4d3730593ff75ee5d64bd1b7456454d8988616508c6092e3616c87cc90b26944ced6dacc5f06de278396a19ee735bbb54a06136bed918d8fb7a2c4af753ba543229c26bc62f3857e0e72664356a76"}}, &(0x7f00000003c0)=<r4=>0x0)
clock_gettime(0x0, &(0x7f0000000400)={<r5=>0x0, <r6=>0x0})
timer_settime(r4, 0x0, &(0x7f0000000440)={{}, {r5, r6+10000000}}, 0x0)
mount$nfs4(&(0x7f0000000480)='][\x00', &(0x7f00000004c0)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', &(0x7f0000000540), 0x10004, &(0x7f0000000580)={[{'&'}], [{@obj_type={'obj_type', 0x3d, '/dev/ptp0\x00'}}, {@fsmagic={'fsmagic', 0x3d, 0x5}}, {@measure}, {@smackfsdef={'smackfsdef', 0x3d, '/dev/ptp0\x00'}}, {@seclabel}, {@subj_role={'subj_role', 0x3d, '/dev/ptp0\x00'}}, {@dont_hash}]})
prctl$PR_GET_SECCOMP(0x15)
ioctl$TIOCGPTPEER(r2, 0x5441, 0x10001)
socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_GET_SECCOMP(0x15)
r7 = syz_genetlink_get_family_id$tipc(&(0x7f0000000640), r2)
sendmsg$TIPC_CMD_GET_BEARER_NAMES(r2, &(0x7f0000000700)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000006c0)={&(0x7f0000000680)={0x1c, r7, 0x20, 0x70bd29, 0x25dfdbfd, {}, ["", "", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x40001}, 0x40)
socket(0x1e, 0x447a738e99761e9f, 0x77)
prctl$PR_GET_SECCOMP(0x15)
prctl$PR_GET_SECCOMP(0x15)
syz_open_dev$sndmidi(&(0x7f0000000740), 0x80, 0x802)

5.116097415s ago: executing program 0 (id=899):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x2, 0x7}, 0x0)
sched_setscheduler(0x0, 0x0, &(0x7f0000000640)=0x1)
sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc000}, 0x20000045)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000005580)=""/102392, 0x18ff8)
ioctl$BLKCRYPTOPREPAREKEY(r0, 0xc040128b, &(0x7f0000000380)={&(0x7f0000000400)="df525b5fc1c8f653dd2ba5cf8dd5c919d43dc73977bad5f048fafe8056222544b013257017c2d6cef77abefc4a6f2a094385f61b3910a2027778fa412ad2d6ae1692710e6cee2001125e69faadb420feded1bebbda2643", 0x57, &(0x7f0000000200)=""/45, 0x2d})
sendmsg$nl_route_sched(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f000001e580)=@newtaction={0x18, 0x1e, 0x109, 0x0, 0x0, {}, [{0x4}]}, 0x18}, 0x1, 0x2b1e}, 0x0)
r3 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001240)=@newqdisc={0x38, 0x24, 0x3fe3aa0262d8c583, 0x70bd29, 0x25dfdbfe, {0x0, 0x0, 0x0, r4, {0x0, 0xffe0}, {0xffff, 0xffff}, {0x10, 0xe}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_QUANTUM={0x8, 0x3, 0x468fe4e8}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x4048000)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x2)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, 0x7, 0x6, 0x5, 0x0, 0x0, {0x3, 0x0, 0xffff}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20004080}, 0x48810)
mkdir(0x0, 0x0)
mkdir(&(0x7f00000002c0)='./file1\x00', 0x1)
mount$overlay(0x0, &(0x7f0000000340)='./file0\x00', &(0x7f0000000140), 0x200800, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}]})
pivot_root(&(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='./file1\x00')
r6 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r6, 0x40345410, &(0x7f0000000080)={{0x0, 0x1, 0x0, 0x1, 0x3}})
ioctl$SNDRV_TIMER_IOCTL_START(r6, 0x54a0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_STOP(r6, 0x54a1)
r7 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000100)={0x0, 0xffffffffffffff94, &(0x7f0000000000)={&(0x7f0000000280)=@ipv4_delrule={0x28, 0x21, 0x105, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001}, [@FRA_GENERIC_POLICY=@FRA_UID_RANGE={0xc, 0x14, {0x0, 0xffffffffffffffff}}]}, 0x28}}, 0x0)

5.026351954s ago: executing program 3 (id=900):
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
unshare(0x66000080)
r1 = socket$netlink(0x10, 0x3, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100009dea7840b418fbff7bdc010203010902"], 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'veth1_macvtap\x00', <r2=>0x0})
r3 = gettid()
setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, &(0x7f0000000280)=0x8, 0x4)
sendmsg$nl_route(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=ANY=[@ANYBLOB="2800000010000100"/19, @ANYRES32=r2, @ANYBLOB="6d3082610000000008001300", @ANYRES32=r3], 0x28}}, 0x0)
recvmmsg(r0, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}, 0x2}, {{0x0, 0x0, 0x0}, 0x6}, {{0x0, 0x0, 0x0}, 0x1}], 0x3, 0x40000120, 0x0)

4.962849109s ago: executing program 1 (id=901):
r0 = socket$alg(0x26, 0x5, 0x0)
r1 = openat$cuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
r2 = fcntl$dupfd(r1, 0x0, r0)
open(&(0x7f0000000300)='./file0\x00', 0xa042, 0x8)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000280), 0x200800, &(0x7f0000001280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r0])
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x1, 0x100007, 0x4, 0x25, 0x1, 0xffffffffffffffff, 0x400000}, 0x50)
bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x1b, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x2, r3}, 0x38)

4.643209542s ago: executing program 1 (id=902):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x7, 0x4, 0x18, 0xa042, 0x0, 0xffffffffffffffff, 0x401}, 0x50)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000f40)={r1, 0x0, 0x0}, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x5, 0x6, 0x8, 0x3, 0x0, 0xffffffffffffffff, 0x3}, 0x50)
r2 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_TX_RING(r2, 0x11b, 0x3, &(0x7f0000000440)=0x400, 0x4)
setsockopt$XDP_TX_RING(r2, 0x11b, 0x3, &(0x7f0000000200)=0x20022, 0x4)
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x1c, 0x3, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x3}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
bpf$PROG_BIND_MAP(0x23, &(0x7f0000000000)={r3}, 0xc)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1400000015000103000000001c0000000a"], 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x0)
r5 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r5, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c)
setsockopt$XDP_UMEM_COMPLETION_RING(r5, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4)
r6 = socket$inet6_udplite(0xa, 0x2, 0x88)
mmap(&(0x7f0000fa2000/0x3000)=nil, 0x3000, 0x3, 0x13, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000fa4000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000fa2000/0x1000)=nil)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r6, 0x89f2, 0x0)
readv(r4, &(0x7f0000000040)=[{&(0x7f0000002900)=""/4103, 0x1007}], 0x1)

3.472751995s ago: executing program 1 (id=903):
prctl$PR_SET_IO_FLUSHER(0x43, 0xfffffffffffffffd)
mmap(&(0x7f00003d0000/0x1000)=nil, 0x1000, 0x0, 0xb5972, 0xffffffffffffffff, 0x0)
r0 = socket$igmp6(0xa, 0x3, 0x2)
r1 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_mreqsrc(r1, 0x0, 0x27, &(0x7f0000000280)={@multicast2, @local, @remote}, 0xc)
socket$kcm(0x2, 0x5, 0x84)
syz_emit_ethernet(0x2a, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000000fd0a763bb9fc00000008004500081c0007000000029078ac1e0001e0000001167c9078ac141430"], 0x0)
ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
write$RDMA_USER_CM_CMD_BIND_IP(0xffffffffffffffff, 0x0, 0x0)
r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{0x0}, {0x0}], 0x2}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000005c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4}, 0x50)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8b18, &(0x7f0000000000)={'wlan0\x00'})

3.263047372s ago: executing program 2 (id=904):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_PORT_GET(r0, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000001880)={&(0x7f00000004c0)=ANY=[@ANYBLOB="200000000514010028bd7000ffdbdf25080001000000000008000300000000008d4a961150aeb98b1b8aae6347e87e9c7bfab20eefa756c26dca454b361353c5a55ad4bac9b22212e31f6eafa9e406e8b7392877e47cf4056624805fa88336e6848fac854481ddb2793d8c546ccd70221fc173e1bb4737d8ffab85f7a671a2879f8ea58bf3f1da8265f49d4b13c80715048d954516e5124f7ead445d3a8e33b964aaa294c1c6a1a22cc423a3212067636d5ea94a01b45980411bfc1f77e2206f37e378437f13f580fc"], 0x20}, 0x1, 0x0, 0x0, 0x20004004}, 0x4000010)
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$NL80211_CMD_LEAVE_IBSS(r1, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="14d5a444", @ANYRES16=0x0, @ANYBLOB="10002bbd7000fddbdf252c000000"], 0x14}, 0x1, 0x0, 0x0, 0x44840}, 0x4000015)
arch_prctl$ARCH_SHSTK_DISABLE(0x5002, 0x2)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00'})
openat$tun(0xffffffffffffff9c, 0x0, 0x220800, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0)
write$proc_mixer(r4, &(0x7f00000003c0)=ANY=[@ANYBLOB='ALTPCM '], 0xf7)
r5 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000240)='/proc/asound/card0/oss_mixer\x00', 0x101040, 0x0)
dup3(r5, r4, 0x0)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000140)={0xa, 0x4e24, 0x9, @dev={0xfe, 0x80, '\x00', 0xa}}, 0x1c)
r7 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x101080)
ioctl$SNDRV_CTL_IOCTL_HWDEP_INFO(r7, 0x80dc5521, 0xfffffffffffffffe)
creat(&(0x7f0000000100)='./file0\x00', 0x1e6)
bind$inet(r6, &(0x7f00000001c0)={0x2, 0x4e23, @broadcast}, 0x10)
connect$inet(r6, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r6, &(0x7f0000007fc0), 0x800001d, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r6, 0x0, 0x482, &(0x7f0000000040)={0x100000011, @multicast2, 0x0, 0x0, 'sh\x00', 0x27, 0xff, 0xf}, 0x2c)
getpid()

2.91460477s ago: executing program 4 (id=905):
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$can_bcm(0x1d, 0x2, 0x2)
socket$can_bcm(0x1d, 0x2, 0x2)
stat(0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000000)="2400000011005f0414f9f4070009041f810000000e000000000000", 0x1b)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
openat$vim2m(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000100)={'syz', 0x3}, &(0x7f0000000300)="5232dd9391ec2e5948274e59cf78f36f0ca0cdbde79a47603b9e3d9d3d0ff9e53a1f369080799df9cc47a0a175a2fd956e5485a1d058500aaf9e00000000000000000080000fa68a1d3adeec45f5d156d7b74006a669723b01d0ab3fe6c52fd4b5326aca1dd79a6ba7bb899c00ab0bda738b2a0d32463c76644ff8d5b8df33a989cd4ecaa0703df834636db547b924601230e59bdd5377b62cb155766b333606fc91e440ee5233d109f8a3819804a7", 0xaf, 0xffffffffffffffff)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'geneve1\x00', <r2=>0x0})
ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000005c0)={@dev={0xfe, 0x80, '\x00', 0x44}, @empty, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x20006, 0xd7, 0x0, 0x80, 0xd, 0xc20022, r2})
sendto$packet(r1, 0x0, 0x0, 0x4c001, &(0x7f00000002c0)={0x11, 0x3, r2, 0x1, 0x2, 0x6, @random="f838dc54b3cc"}, 0x14)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0)
io_setup(0x3, &(0x7f0000000140)=<r4=>0x0)
io_submit(r4, 0x1, &(0x7f0000000a40)=[&(0x7f0000000840)={0x0, 0x0, 0x0, 0x5, 0x0, r3, 0x0}])
setresuid(0x0, 0xee01, 0x0)
shmget$private(0x0, 0x2000, 0x800, &(0x7f0000ff7000/0x2000)=nil)
msgrcv(0x0, 0x0, 0x0, 0xd3ee73c716b4091b, 0x2000)
msgsnd(0x0, 0x0, 0x0, 0x0)

2.560729848s ago: executing program 2 (id=906):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000000000401e04012800000000000109022400010000000009040100010300000009210000000122070009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000400)='mm_migrate_pages\x00', r3, 0x0, 0x9}, 0x18)
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2) (async)
r4 = fanotify_init(0x0, 0x0)
r5 = dup(r4)
write$nbd(r5, &(0x7f0000000280)=ANY=[@ANYBLOB="6744669801000001"], 0x10) (async)
r6 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$IPVS_CMD_FLUSH(r5, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x44, r6, 0x8, 0x70bd28, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_DAEMON={0x18, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @empty}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xc8df}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x48000}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xa2}]}, 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x1)
mremap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000, 0x4, &(0x7f0000fff000/0x1000)=nil)
syz_usb_control_io$cdc_ecm(r0, &(0x7f0000000000)={0x14, &(0x7f0000000080)=ANY=[@ANYBLOB='\x00#$'], 0x0}, 0x0)

2.3910853s ago: executing program 0 (id=907):
prctl$PR_SET_IO_FLUSHER(0x43, 0xfffffffffffffffd)
mmap(&(0x7f00003d0000/0x1000)=nil, 0x1000, 0x0, 0xb5972, 0xffffffffffffffff, 0x0)
socket$igmp6(0xa, 0x3, 0x2)
syz_emit_ethernet(0x2a, &(0x7f0000000080)=ANY=[], 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
write$RDMA_USER_CM_CMD_BIND_IP(0xffffffffffffffff, 0x0, 0x0)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{0x0}, {&(0x7f0000000580)="d4fa0c511aad03aa5ed217677bc41c027d9c830c439c7f821ddd78b6915cb170e7603acf9e433c2903bb6773f4b0130668a1e5b5e08d21d0b69c28ca3455aed65855c86f3d1e5789d26375a0d85eaf5e92e19c9affcf76e7a94e76556d2b104ebf645747fadc91460f4b3c94e1a89b51be4a6aa4c65285f988329a8163b69c51b801500a5bacd0463976e2960e2679ef2feee5e6ce6bb78a51fb0e15820d", 0x9e}], 0x2}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000005c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4}, 0x50)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8b18, &(0x7f0000000000)={'wlan0\x00'})
set_mempolicy(0x2, 0x0, 0x3)

2.332118488s ago: executing program 4 (id=908):
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_type(r0, &(0x7f00000001c0), 0x2, 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f0000000040)={<r2=>0x0, 0x78, 0x8001, 0x800, 0x4, 0x6, 0xffff, 0x7130, {0x0, @in={{0x2, 0x4e23, @multicast2}}, 0x20c, 0x7f, 0x8, 0x2, 0x84c2}}, &(0x7f0000000100)=0xb0)
getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f0000000140)={r2, 0xb, 0x2, [0x4, 0xb223]}, &(0x7f0000000180)=0xc)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
read$FUSE(r3, &(0x7f0000000700)={0x2020}, 0x2020)
r4 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x28502, 0x0)
ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r9 = socket(0x400000000010, 0x3, 0x0)
r10 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r11=>0x0})
sendmsg$nl_route_sched(r9, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfb, {0x0, 0x0, 0x0, r11, {0x0, 0x1}, {0xffff, 0xffff}, {0xffff, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x4000)
sendmsg$nl_route_sched(r9, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=@newtfilter={0x3c, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, r11, {0x0, 0xf}, {}, {0x7, 0x9}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x8902}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x24000014}, 0x20084084)
ptrace$getregs(0xe, 0xffffffffffffffff, 0xc, 0x0)
r12 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0)
pread64(r12, &(0x7f00000001c0)=""/200, 0xc8, 0x0)
getsockopt$llc_int(r4, 0x10c, 0x2, &(0x7f0000000140), &(0x7f0000000080)=0x4)

2.005942497s ago: executing program 0 (id=909):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000100)={0x2, 0x3, 0x0, 0x3, 0x10, 0x0, 0x0, 0x0, [@sadb_key={0x2, 0x9, 0x8, 0x0, "e4"}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @private1}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @private1}}]}, 0x80}, 0x1, 0x7}, 0x0) (fail_nth: 3)

1.965917715s ago: executing program 1 (id=910):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x9a974000)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x149a82, 0x0)
write$cgroup_int(r2, &(0x7f0000000040)=0x1c9, 0x12)
r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats_percpu\x00')
lseek(r3, 0x36, 0x1)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x800000, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_NESTED_STATE(r6, 0x4048aecb, &(0x7f0000001440)={{0x0, 0x0, 0x80, {0xdddd0000, 0x1}}, "cb31455c9ea4288a70a2a6bb8068fd95dd041cf5b177a3bffe992dfbbdf959487337b92336ce1de32e7695c411c0bf9f852d2d71192f33001fd51f5b396a55cb98699a09d21648c4cb30d9d7e3e397c7a3c041c76c72385a46c48c5302848c3696facce956952c2a85822ddf20434ccee5806294ed563ff3a972cddf6ef16ddace933d8a5adea40cd3ad40c9873c29368838e815ff59723519154856b2d5cd9cd79a97dc2fa08dada1175817886e5f9e7aa3dca783a44c667a4806826570ec6acb57d65efc313a384e11fb633dee17ee600145f2cb3103384606140021be766fcb7fa029f0513bbb466177ca1068192550bbf4e6f5694aec747a16e27688a988fa595bca1761b8e88a7dbcaeaf9758b1faf880dd6f1b6eb4c7beb0582b4007f1a67db1352407adbe1456bfe98e94fd825b9419d74f63cdeb6c6976de1890d773f0c8088d2bd48a838cf5b87f5ddf926352960fb978874b0f175acfa55ddfe84de3fc9f75b58bf7a35f33d3c43ed5e3224e92751fa1b43f94f64b681163ef1360a3f3bb7403afc67a188b2104b45c5814aaa9e218552498bf85f4b221d9acc32a331f5f8c109cc9f335ff4e418ab30b54b91fc8211fcbaf64716afdc4b6d0417e04d5723e4675d282b36bef3a3a19e855029e7a9e8b86a6df19332b63e9d8a0f22d96ac230c67657a4e7f7afab91dc0ce751b68980e5a4f6d9d6d9b98802ba9d8576640eea61b8c308a1745df61560e56108bececa3016d93246fdc8b768634e8319b1ffde103c07378f8f4927baba05e992a4b5af0958a7e495e7ce53f7917451d15a963ca14f5cdc4563775688b6533a4b97e0f84b0a33c30077b20805c1f42cc7815efada97ad59ac486bc9e0ee386b49cb97b47fbf8f919f06c75a49636795054b5ebee3e91602c90d7f4db49220affe56d56b96e4f662b2bf36dae482ffc7ba21cbc55e21b73309d6b7aa5509defcb77c236e43b579c61eae5c8d8f8fa71ad876b96069f2e4352c8aaf16e299d21edf5434c0cd9b25cdc9210fb0de759b1dd3fc7fe4c7118bbde72a5617dff21f7a5036448fba7fe41aaee0c289cd076d757e47b0713b236f6f141ba0112c9312b3ec853aabafdf1eb2cbb517d2d7352725f557214d27d9a340af0128fc960a4ea64c933b0d8dd226b6e024471aaac8a7074b2a8695ab990fabba5bf315d246fbfe4260f1fffe54814e33b6235c5b4095437298858909bcbd40a8a286d1bedb06b7b1775bce0a5bca19b0a5c2fa8dbf7b155ae0a43c5086422e5bacb94047e150451f5996420b0d4a697f59decb49900b2b9c13aade536933e14d672c21a35cb68572c3de02f8edd941bff4b8674b91f7aebf35f056a8d388f67f8ef7cfaf6b28fe745831ef41def1839791647016932c70685752851327f1837d2f1e9d8f93443eefed2317119c8152ca451a5d3aeb253fb484283f52e5db9f61f059ad3c217a860ee0571d254483501b00699208c7fa5571cf58b9715c954115bc2db0af28361938bb95ced7370c8cbb6141ef62fdbf369dfc4eccd98ab9886d79a52cbf91a27dd0f4b29940492e860fb94654dea54fad6290570760e3b59a0cf28053732472dc313b7fedfc583fc702a880971dc61286370aaf167810455cce7654dc4325a41d9d1944abcdc4d81378f1e96a8f94cd95b886a01f086e379601504219d57d531ba34e1ba0905785fb629c61f6b940a652cdee9dbef12b7fcde087b92816db3386a5769049ba00788e31de4ddbb8b56de1fbe3a5e671728effda7cfd0b650cf5df2faf22670812efbbb548e47cbf36c64e05a7877820f08948ceedb35e12a4a143ee0101a7bf0a00a4062b50c39020669700adf739a6f75352a45fd1373d3e85c3867170373f0c7a794d8590f4c22ae62d438ec365b0f6a15cb2ffe0fc6f57185e1760761bd4370027c01dfad0502f00b6898115df3c530d0b0b4a64e623fd580b528a733e4c881cf5843a975a97f92a7833527887c79fa8eec82b9526a15c6c5f2972083ce8aec735810580ffa4ea2cef4823aee044dd70927f7c07bba18b930006aa86ae7399ac6b4c24bc9d6a6ab0c5b428d7255d4d983eadf97e10c1b00867da29ac981acb453073a37236e7ae808e7759b2e0cffc3ec43afb1e95cd090a7d4b9225a0e3cbebfe49b93846ab603891e2da7d85a04bf42d12d16a97c965bc4911d3ba7a9ca505794d8744fef00a436089de67aa8b480070230dfb002eb91edaff428d4908a87afae418dff7ca59aefe1ad8f6935f309fe7985c2310881659c60a66a5e50242497ba1cd5d2bd79496ccd23f9fd901afc6622829cb3701caa50f96e09e3b23bfa31819caab43e49ae1d922a1a1eb3682de026323d9215fcec42c54401a1af81450830a4b784ed1c7922734bf3632409147680dd3fabcef296353705bb5c0e650e12905a05db1e7923923a96ddc783fc1ed46e2010416c37d9d149ad73e808bd6e4464f62893024a8501803b6c88fc55c8bbc1da7cbf580b5a81fb7c61455ae399aaec303fba12e0f2b51ed5e8bd31db40e8bdbd00e7b1ddd364766c974d813d86fc88a27bf82bba60c62e5f0f6af6bda3390f8e72a2811baf3d6325e70d9a3b59cab1abe95290ecb87985567e1243504c038de9d4d100ea64eec45208cd8d2474e646f7d81eed6d59b8b0859552b6fc088d874cde3e75ee30243dc9d88ed5b577851a5bd9e2a453287025777fcac19ac33e1c94b4ad272f1055b16b842a6bd6168fb45f1f74ed2467020df5431068a5f2cbeaa6ac1841308c7c9f752aa06927f91fdf18ef9d9e942367e5ecac0abf4d3b8fc7b80238c04799bde63168becc67c5531e843336fb16ab618d37f95a91937b824bf896b044146bc3a5e264a8f23ddd00729cd9aa56d9a9a24b7ab96ae021b193d8874d43ff4b723d86b7564e550378599c3e0c7a2b3d447ad76eb4cd699733d970a5ab218429a1af81df9c8013d6d16a6bcb019f6ace4461cdaa785d20ea027cfa53d521bb91ad2c04aaa6c0f268b14924803977633280c7b7beb14c88fae542b7a13e96253259e7296e37276da88891c14664340e84ae732edbd71e67047e476735b220ca231de31a380ece372db63dec3cb3ef5ac97ec41148febd2acb15cde1ee5e990ea0aaa95c2df39e2111dd1185d14a194e22d34fda8f54e99d3a73e5a231682c726d40816e048c1d059bf3bb9ee2b5f895365d95aa28f6adbf6e16469926b4d8ee7f04c7dbafaa444df5b88596c17874f0efe35e5ada1a69634f4b430f852d33b032f823c5deb54f47a7a4adb1adf56d5440b7a917580004c13e0b36c8e0a203a2be3f8fffd9efef3af19389a12c67859d4381ac0a02da18e25931b41216b731de25e1245482c84d45de1cddbce2109322a3428bff692012573fe9efd02109dbf35c5d3a287dec105cf3f1a2e5f0b1cc08c7b4759766d25d0f7b42c3ea8bf8101e61159a2ba7602e9c7947cf936ac39bf59b24084709fd61d704bbdba7d282aac778b7ec1dcaf984527c8112d56e75ab774d1598d9816abc77b0e693880bffffffffffffff7fb5cb6967fb0ea8e14efce120947092c3b601002f07cad22e971418092481fcad36ecf0cfd6bc3864115b8507c13554584f1f6fee5ee07eb6a091638d8e7781c1c006166e0f987f9f4de535e9f3df1db8c9328e9a19a73c76059ab4edfe9eda7f16cc6b869229bafb179d194e20ccc6af1d8183b673de8138ddab9a0907278f6eaacc55bf59a450ebc10e0b88c82d9f0deca86ff771f46509250fde94e0c94256b77616d099862ddc9b341838d634a9dc4b55a88fcc6248901135f6aa76365433e7e534e0e5ae8eec2a63df62c3e244a40481189ff54122698c7e2da2c829b2eec9efc9894ee05be04ae6dd48406eaace17827e38bf38b414059aded0343e0711a8d864ff41a8d9ed40fb2aa1a3f4014f691cd0e8af62445a021820ff03afa8a192ee255862f306851df1de96ce36cafb6a60b7069db7aa96fd1ffb2fb01e6247f770304dffe4b1c8d0eeb336dd6806d6ab5d418953b1cae7cbbf53766b61e4aad5cfce8255b78af26f9bd11283a9c7d12cd63b82cd2b506fd4061d1e16fc7c713d80763c3b0aa0faadcd9b7d676101aad80e1ca00369297e1f714003ab8d0b545c335014a522a25a767950963ef821425b79b521076166d0df3ef358c7d60d99cc85463c186e8faf16af79785680382e4cc93f6594f8c4461e0988c08717640df24a5f357db22432fcae21702dc792d201212fb3791e0164bb3d433a8268ec96df73766fdba42965e00e619246cba5d96eb853a7c22c34d2fe5e5d3f3ccf9c627d069517b743cd07f6f7b444074bb9a50269f2e03309c58930e56a9583eb00c37fbcdd391972261f41756c10c8899fcd036e2017e088ef9e6ec31f795d55b3bba214c53c98fc9318e4ade0e7e6fd259aa277fed54c27e5210787a5f6937f56fdbe1da5113f059061ca590ddf536a55cb91ac6ed41cb9c0418b115b29f5e823c1b0ee7c2b3982087763545b34e2c945d587ebce69bbe299a7f52b674f351977370fc700474bc15d7e6ef98c14258ecf401a4f3bba1a9aa76c5ab0b8819fe6efe3fba1899909e5e48554299150ee272451b56142d12ae2bb4942db430239701d494917f2c939a6fb9d98d4751a6f2c4537ec870342d223343a9bd7b8d8c99aff8cbfa298395551185f35dec120228073a1e496a58b59d9ac5986249a7c6db9398395cbf341c08ee910700e2daa042dba1846fef59c72ce872bba2046a14fcf9a47a5686d62bfba76309a9865c26e5fa41dd872fc749fdc57953105ace4978f9eb788c8d061c853ad0313e51e732c5d7bc05e752443c8e99b8e81c688befdb5b14c3cc2f96eb8ce8290303e483992fcbece1ff278d0dc036ad437b6cbc695c7741ba4556e242146d40843c73deaf8fceba40e4a4acd739b3031848b17a210a1ff0dc1908b77c4bb94543af52e1fe2a090c8f217428d02336303f7952c3ddefa7c81850676e7f4cc3d32c3937281fa5ab279c3fe39f92ba077dadb8c2c3df17cc511bd33c41cb161d24aea154f0f5902c94b56fe072d321a983668bd9f4838878e66ec44cb233d7d0ca908a794c844ff8b3ba4c57f6c5fc2f3a54db448b013f0c4998bbc6ed0409b3368391cb28c75f4a909fff90f308ff38c758ff7d8a2920bc221236d89b3b769e44e8ce649b32f5135a0217ba9036a8edddee97d7ba15f2c21fb7d3cae3eb6ef09dd03eed650489c83b5ba5dd9daf7a86cf0544fb8a58e46b860e3e42e10cd6f1c4f81179eb2c3ba611793a32abb4c0768db90e8bdd1694efaa9c2b45c89d203fdfb8b926b6a0d666d91b93065a83184fc2065961f2308056241b66f427c0f0aabc75852c90f0624cf036d537032ca8d73325d2ae2a79a7292c240c34584bb881fe5d468a051cbc0bde061f9eddfb758cd2dfba296eef549e5c4ede097111216a0ec60f90e8d6f5dd843c82e15f505f8c74e854ba9cd386249d552978eb8135a5f8c79c3ceb8dd580800000000000000d6cf3ff2f47c276c8169ab98336582a852c1535018fb2306aca6b8c9f9e38d64c66a722762b76c69d4ca6c14bd6992549e4eec17287fce194467f972d9200c3d1ac4fd4a8f2620e2e4281d28c099946ed90789ba122705326390d3e058ceed24044e542efb36416272eadf6304f30efa0b7bc1ae5be92fe50e591ee6f725726e917ec113506920beb2aa53b39f1d76b31500", "cfb220c7d481332f3f1f8079dfe27e23185fd67a407358db7892789f96b7fa9b14daa48617a10d8a91b820ecbaa470ec0bb1f3cbce7f70ec70b19a4cad082229c2788f8611d7dc306d9a45761a97828c36ed87ebde5d4a3e1609c1422a8ae2f7cca428ebdb0dd38b90b9598a353b18a600bf35a369e6e3e5abb0a1c5c0c0e48e014e7ef1b7d768b3c5657f1adfbb7ff2985082b16c99eb83ec3660990dcf1106efa6b7f8a4798fec811c2c85faec0235c83b7093b3d02367421abc40a554e0b0d7fc1bcaece4222c594f8d20e368fe625ca433c75486fe5c94103cd17291349ee12b877602936688666f82ecd8f4f83d50bb1650e08b96cd25ad147c4c956c98649806a3736d072c8d97c6e3a46a7c18535df8d828b86662400d8e9cc861fa1dd5dc193892d3168396c499e07b279fb76c7e289f2fd955691363bc1de74536dc571817615c88b0d594a136966c129e424ccb7ef1c7c7461eac7ca5f03d72ea4c9c3d1156fb4cb1bb70e097357588b5c49f6716bbae1bd118104b42786f09a3b9f7cb80f383cadfd0c462096ff2bb637b7cf79764b6a4b7ffc5d87c1f063fb48e7f08ad5af534c70079f12f28e8921abbd4280801cdf6101ea494768b1274afd0eea5939843d56022a83590920fe446d52dfe699c33977d5592dbf7e0e236b8175d7faae06e0c50f7402174023ce4b996564e945c416fa823f2f9c3213ac50b20bd1fd55bb8d9fe70ee31ea2f404ae0fcbf857bebcc9196c8c622059fea2e248e4058905b69fb98be312d3193ea1d8ff653173e8c4ad8c81d77a5bea45b3cd6fba19b6336f94ec04c8f86d24e9ca959874577d7ca0baf3c4ff30b554bc3ccc06df46d925373fbf7863e2cf684d3bc9603ab72b851ca4728294de87f2dec6f23ca9e43ed2e5cbba662d13137fc1ce0f6ae6aeb974f72f4b750825fafb67715e425f40c7da83b92d4249a0a4e96b789cceb7b07f38cb83f72dd093a345ab3cb8ae760fc14e40ea182a0d7fe1facc62a1ab0902349fd7e27bb0cd349fb5053f4734823abf020739b4b43bb11f5d69b61295068df31177959903c2ea1bb82d24eeaa93d0d475bd5d15b2a401e7ebe0d3cfbd45b2db2882cdb41408aaa718f8320fbb7f9da4f68d0eebeef175442e807e9908132731fe5e268582dcf6dffa4251ebb7121db8e412089fa9d8af9919799547a26b6b8eb44c28f1ce5f9a3021fe30841be204c1b4b3813dccae6baeef9b53fe413cbec46bb0cd95f3793cdc9bfe6cdd96ce0c4aa4a25e1cbbeeee6c9fa558b279048c7e31d07b125bac68d4e1f4253bd4dc7824cf3d722c94cf2b8f61bc8155731f072fd447082b181a13ffb8c08a1d568298c5de2d969fae2bea070a9e2688f294e76b8c200dfb993ec19778eb56ae3127c1116ccc85ef8806fdcb9ee0cb66ff03fbb0fa6c52b9b101b3830fc1650efa859163a264b4059092e5dc9a415ec09bfd1460f142fe5ef00beb6aa9032bd0de97aefc6f65e8cfeea761b3d8174caf528b6627682ff4d4450cb0f34251fc000ed01dd538ef13260984f44703b89dfb511bfb538d0b1c8aded964e1bcc5ca57437468b14a31ec0000a17e4d24369c40500449c37e7dccedba3eceb59d827dace246b5c48afb6a5988e64c560b3dc76c32d831f51cdbc5cfc4364ac8b25372b87c92bacfedc6bc8feb44098dbebc89cda03c59e4c58a31372bd574704b9e788834b9f83c6703f6709efad97c4ce499ea580dae1de282a019247cb3dce5c1906322e6d3ca5157ea6428bc42416936fac194efe136089c07faf7adf1e923003f1dc63fcbc634b389a4f351a6acee785e23c6bb04ca2f265be1e634362b87c6f9fd369bbe62a1db6b286c7ffde6370bb4d6e9e0cc3ec451e1a99d134726c9075e71319d3a683e91e4b900061c0e6d086481069cd32f4cde7816f8e3a0ac6428a7488f31f06ee0da10df3ed0c150d29085879d064f914407f60018bb588735663647bfeda930407d69abef3f72fd461c2b85b00988b412a180fd267fc646a86d297e7e40912607157b6fa873df6442579b1523d8117f0c06c87adf75843b8bff30a5bfb4fe1e9846b7fdd58774641f9cc9c4e38e53ed24a9d9e9dbc7657aa9b220a8545852b0409f5c0812e953823e841967bf55059acc7a4600818134359e72cfae0d04a0738ac8acca133d6395a455b22cdd6f901d4cdea1cf17415f7d7895a4b65f80d2f7c5c60a0dc04b40c9ae5ffc922e074a82afd704673e1766d19db9f60eab0238fb4a3169a08aded607847e5d752d4e24c4914b95bac3892bcfc2076f16a7f07583f0d418b9dec03afdb2e93335a392e1b1ef2910eb2a4b6a63fe61641f3c02bef73cd7e4a77a6f30ae821598c3160511603541bea89022b54f321c2a55cdeeb19335d78a821ab6ca0f36588a9a79a41e2123905a491d658c2a1caeee998c995bb0f816c92c5dc2b862183f80b9f9786c9c5524723c944d11f6894c7f008ab8194f577e22c03631d2a33201f508ea49653e7600639242dbaba704f700ac227f32dc575c559a0a1f4fe0cf6c22fbf7e1ca2ab4b1e4724e8379021e3c9a7c1509c6a413bd7d9c98938e440762eda2546d636597defa86c1ad31126a1182d365f858927d140fb0a97f80adcc5f4ed5efe11ac503453917a263f1d64692348d30f382e85e464ef7616067a42df5de1a1b622fabefe2ca4ceffa4801f7a02fdef40644cd1d079590d900727628d54b44db7ac700d8d664f7eea12837fcf347360d8e43a354fe51b4c49d2b800b5cc06e22c72af2a67ee7bc8ae894e841f2cf2b0a7e381caf944bf4e91ded63b6f82f7474e4f81e986fff7e5339b8e9f60103a1af81833e120f0c88893ecabac044a4a2867cda4fdcb084459a00507aa9e5a8e761a72df3322a1ae8cd918b4994c23bdb1e459b4f21651bd7fa067a00e2a2877bf6b29f289ed8018e0a78f6fb4ded9749640e0e37f6381b320ab72da404f3d70d60152f6fa6738932387b83250cb3148141edb52f109bfd4bda8054959db01f4c550609a63c08cf01ecd110cfc6f0055638c0dde039d2ac2daafe59e561f9f08a8830c3f661e4325de63e98f4a4216ec3b83fd200201ed3f647147611424286ffc6c4a8aca64a6874743242d4feeaa9153de06e51c512d9cab7ae712c6424069f3e5db4ddebe9b48b5f6caa741162edf97674d2368e03a387f798151a4b9b9fa9e3a5838a34313315836bb7291764b9a3c464c0c54a4c64ca774ad200925ac6bf59508c10a8574afde9b821741af43ec64cedc13aa220b39772195283506dfe899dd6a7b37eb21f154056a2df3564ef2bb918a928651de88c3613b84e7960bddd7b46b1304deb30f57b6fe5a3b4788629e91bcc245e748b3387f52da4bb094782326dcfde0827e2d674e41bb375247d349cade9c704e5431785009b0e53f1b45c70b237c9432e07e4c7a8464ed11608a3d2184338dd9e6f6ef4b3d751e979667b6a3953c89aff4eead7a978071a912b3de21a85a5849c57933cf53cd74a610f3e60f699766fbc7e0bb8a891a429c77bb6f3b6f9f8eb0b1bd9588ef2ce98fdf0a0838e4b0bed807d8b673093c717feec8d697e32542274887d039db7a2daed5d52c8e9767443229f8003c5d67e907376ea2f393484fa70deee159cb56f8d097b8fe2736e95f540137e20725f0940a8d049068ead4c46bb3771a671bb00de88931e03445a55868de0c220db05cbda9f996d5fe7c1070efe5e718fed4d4cb4ecacad3d6b643bc0ffe9a71b720ba7b5adbbdefe29106ef6a6ffe4547f5d02bec312147df0abe80efb2d5e598fc7c8b268e58b59e0d75728e9a18126f013c963ddc92d251405f857fe3a5cbacf443be7772975b7bf4f6d7ed6f80dfcc47a88c6d19120942adb5385be6ef3c0d7e396bcac5affc8f9276d6cd1a0b069aed72a98cde8ea7aabe6cc091b19efcfaf9368dfeb3087a05a42e3b893dae5ffeb72e6ac06e995a2a75ea0b5f7876247bb4c38cf3f0153f1f7473b522f1c440b632270e2b1d654d3a5ae16cb788482760d34ca79c8951b29c628e21029715683a3e6f8f77c5d89ecdae37e0190f79c4c1dbc9d0160e359cd6c94d6662ed53bb01a83374ff593c823acc59241b11f020902069fc0054a9b26cb320bef4fb1f8cc5bd8ae76eb029afab731b9876bc4e8708a8315512823cff1f9375d284ce66e53d4efad6c76d17bb532fc938b8f80c13ce86b5ba3e540164bc5a5d47cd321c241d8740f453ef95bd3878d578561ad6ce20877ffbd44062dce8df1d048d8d5e4045be647886108cbb1f0b26a8b74b66858afedb830a161bb02bde4c46a688a0ea3a7018ce24666aab0f422ede2f78ea29f77e28d87c744cba0285ce33dff5ac45774829699de6d725a9b6db6e7d03ad4ec9d075c386e68ca0bcd9e9911d741ed0168cbddb87a7918a964d206629da4e887277b0ef7d3f9c7082f3f15f29a0dfb39f3b0877a5ec3ac4343e0d808f5aee8f1869923aab6dfc1016821c013109f34aece6183994b853d0e9561375c02cdd26b1b55194757341929a8038864cedd6b5a3b8b51ade44637044c4ebddb190f173969a0ca4cf5d42153763a0b91da0110ae7a25204850927d81b00176d4568a3d444d8029bd010df784e3f673fe855601ec4f1b26b2df58841e6a65f0db66373f63cc14a8b07dfc52ac9957eb542d05ed687c79519609de96df18b63cb294b534ddf7d2e8f41bcc1e5a006191c4db057b6709f0a96f18e02000000be2a19c015b9c4b0b3f42e4de366b71f8da8888809473c3c7a02a1158e375f29997a43bc7118ca4d1abb8f8f21972fc589aaa3d73a4d40a1e1705e169ac6e56cff50d89fc45b6863c8fc67bb2b5939a7f33072539ba4c24077be5711ba368bf7efd4897931531d388eb5c2e56bef337777150dd59518652145c9594e110e41d2615196c6b197916c88cc2814e13a3a922b4ecb044bf31cc90e0bfe0ce07de29188bbcb0ec1a12b509f52582fbb948c3cbe0c6964f46991cec0704bfac08aec6ad8ddfc36dc68c7f547c5ee6af4a8d55c79e3dc1c49b045379811f81e9a185a92cd37ae4ee32c5d3c82d36d6202a6c84fd231fe467071d42072827fd77afa5d757e6f37247f783ef09bdfd7536b666e84bc4bb878005b7829293a04ba090272dec844f4ef0e934617c0851800c6b915ac6f3f03e4a6ab88e21c3f21f93b31d95ea3b9228e0031cb69795de5abd19c4cb4a0cf2984e53ca391cc66e33ee0d510151670331fa264753704fea5e400000f74890c49a74a47e0da13155c5470013d53dea0f05b5e088f1511c209f5be940232318af2757951d399e32eb862d915784713baa8ba93645caf04ba78fa3cf600ff92b9c5be58ad87438a340bac00a5ea9fb17e39478ba61fe36335e48d8c5a0b25f024cbd2ec7f217d0f260951da396dc13a2a74cd90df4b52db686e3b34d27cfa4cebd7bf59cbcfaf4007dc943a1da6e0bd1799a21ab449d7bb42935e50c839c5b567c59742436af15bc8d46095520dcd9273ae2b6f3c1cc2b4311ac9e5d297f0940b1552c5955adb302022022bb7457978998b56328629b7725dfbe3dedb37f37af0697a4471d1d6ff6bec633a38540adeba903f3eaaec5785fbb3c6a598f49dbd9ff93c67dea1ef39a614331b119fa8efccc8bac01595fb95a2a57eec9fc6c6fe82782aa89ea971866fd9a3bca4010182092ab6d1e2b49b964be9e3bb13bd6b77850e435f55a5d46e5bcb3330c7edefd31c33f61275e51600"})
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0900000004000000080000000b"], 0x48)
socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="38000000031401002dbd7000000000000900020073797a30000000000800410073697700140033006c6f"], 0xffaf}, 0x1, 0x0, 0x0, 0x854}, 0x0)
mremap(&(0x7f00001a6000/0x4000)=nil, 0x4000, 0x2000, 0x3, &(0x7f0000208000/0x2000)=nil)
mremap(&(0x7f00003ef000/0x3000)=nil, 0x3000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil)
madvise(&(0x7f000042f000/0x800000)=nil, 0x800000, 0x15)
capset(&(0x7f0000000000)={0x19980330}, 0x0)
r8 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x28a02, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$kcm(0x23, 0x2, 0x0)
r9 = syz_io_uring_setup(0x2f67, &(0x7f0000000240)={0x0, 0x70ef, 0x10100, 0x0, 0x299}, &(0x7f0000000400)=<r10=>0x0, &(0x7f0000000200)=<r11=>0x0)
syz_io_uring_submit(r10, r11, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x6000, @fd_index=0x4, 0x0, &(0x7f0000000140)=[{&(0x7f0000000000)=""/4, 0x4}], 0x1})
io_uring_enter(r9, 0x567, 0x0, 0x0, 0x0, 0x0)
ioctl$TIOCSETD(r8, 0x5423, &(0x7f0000000080)=0x3)
close_range(r8, 0xffffffffffffffff, 0x0)

1.758428468s ago: executing program 0 (id=911):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000140)="5c00000013006bcc9e3be35c6e17aa31076b876c1d0000007ea60864160af36514000cc004000202080002000500010004a10600eab556a705251e618294ff0051f60a84c9f4d4938037e786a6d0001000000e4509c5bbcd72c6c953", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0xc0c4)

1.192205571s ago: executing program 3 (id=912):
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000040)={0x84, @dev={0xac, 0x14, 0x14, 0xb}, 0x18, 0x3, 'sh\x00', 0x1, 0x4, 0x72}, 0x2c)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r0 = socket$inet_icmp(0x2, 0x2, 0x1)
setsockopt$IP_VS_SO_SET_ZERO(r0, 0x0, 0x48f, &(0x7f0000000040)={0x0, @rand_addr, 0x0, 0x0, 'wrr\x00'}, 0x2c)
fanotify_mark(0xffffffffffffffff, 0x469, 0x40001002, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0xa800)
r2 = memfd_create(&(0x7f0000000000)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05\xd7\xe7X\xc7/\xae5\x93wwT\x13\xbd,\xd6\x16\x84\xcd\xd1\xd8\xe1P_\xbf0\xd8\x8d%Yh\xb5\xb4\"\xf5\x93\xdeh\xce\xa5\xe8\xc8\xec\x88\x89\xf07{\x95\xc9\xd0\xee\xe1\x1d\x80\xcc]-\xc2\xa1\x02ELhI\xd9\xf5\xcfk\x8a&i\xc1\xff9T\x8e\xe2rY\xa3\xd2H9\xfe\x0e\x1e\xac\x0f\xc3\xbd{\xd9\xcc\xbe\xa9\x93\xe0\xa4W\x1cn>\xc1\xf1\x9e\"\x93\x19\x19\x1a\xcc\x7fy\xd2~\x05\x99\xe6\x00o\xca\xe0\xc6\xd4\xf5\xa0\xc8P\xd6;\xf3\xc6~E\xacI\xd4\xe9\xa1|>\x91.K\x81\xa9+\xcf\xff\xcb\xfa\x0f\xe7n\x83H\x12\xac\x80\x16\xf8\x87Q\x97Az\n`\xb6\xe13A\xec\x8d(\\D\xec\xa6\t1\xa0h\xfc\x1f\xdd1@-4\xb4:\xf8\xd5wP \x84m\xe2\xd9\xfcb\xa0\xc3\xc9\xe7W\x86\xd7$\xa4ml\xee\x97[\xb7\xfa', 0x2)
r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000207d1eed2c00000000000109022400010000000009040000010300020009210000040122050009058103"], 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io(r3, &(0x7f00000003c0)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="00bf05"], 0x0, 0x0, 0x0, 0x0}, 0x0)
ftruncate(r2, 0x80079a0)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0xb, 0x2012, r2, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
lseek(r2, 0x0, 0x4)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="1c000000680e09030000000000040000f80000000000000004000400e0d95575e3c9bc7b8058a02a1de8ab366c4e43434978f807966207cae332f1efa9ea97add667d80f58911f6b4950f6ca006425590958b48a0e22cdf8e1f1215916d8896f07051028d3fd418779a4a26dfdc0ae9be7037c65a33e0abc91f7d007822a7446b86b9f19cde894170cb77f1e9c05dd8707dda82fd3039c2ce8efdce690ad9a3fd4f7d48754e99418c610fb1a2b426a2dad3a4849f6ac396d42c397dc8c0188de4da64f14bb3898eebac34ea93ac21466a836d6656ce82843e71c5b01af"], 0x1c}}, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f00000003c0)={0x0, &(0x7f0000000300)=[<r5=>0x0], 0x0, 0x0, 0x0, 0x1})
write(r2, &(0x7f0000000400)="b25f5579b78fc460a8482451eac1df26116d12d0d5e79792031e326639765ddc38338820a6ae267bb73d61086f57f2af31e18e50baf4386ecf621a8f2ec417f4fd7bd24bb44840cac4b24474038406509cfee24a1ddcf3773a0fe13bcae6f0609588dc2c9230bf1894274c9f2cdfc7528375dbabfd22f0324d3cc85b0264ec1fb4c3d4afc87879d4cc4920185a85b13262ae7a6a61241624b4fa4faef080083cf316ddc1c283a8780c85", 0xaa)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$NL80211_CMD_ABORT_SCAN(r6, &(0x7f0000000500)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000004c0)={&(0x7f0000000380)={0x14, r7, 0x200, 0x70bd2c, 0x25dfdbfc, {{}, {@void, @void}}, ["", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0xc8090}, 0xe014)
ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f0000000180)={0x0, 0x0, r5, <r8=>0x0})
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x1, &(0x7f0000000640)=0x3ff, 0x4)
sendmsg$NFT_BATCH(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000a00)={{0x14}, [@NFT_MSG_DELFLOWTABLE={0x20, 0x18, 0xa, 0x801, 0x0, 0x0, {0x1, 0x0, 0x1}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x48}}, 0x600c0)
ioctl$FS_IOC_SETFLAGS(r2, 0x40086602, &(0x7f0000000680)=0x10000000)
ioctl$DRM_IOCTL_MODE_DIRTYFB(r1, 0xc01864b1, &(0x7f0000000280)={r8, 0x2, 0xc0, 0x46, &(0x7f0000000040)=[{0x5e5, 0x200, 0x8, 0xff}]})

1.060703893s ago: executing program 0 (id=913):
socket$inet(0x2, 0x4000000000000001, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
r0 = signalfd(0xffffffffffffffff, &(0x7f00000003c0), 0x8)
mkdir(&(0x7f0000000140)='./control\x00', 0x5)
close(r0)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_FILL_RING(r1, 0x11b, 0x5, &(0x7f0000000000), 0x4)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r6 = fanotify_init(0xf00, 0x0)
fanotify_mark(r6, 0x105, 0x40009975, 0xffffffffffffffff, 0x0)
mknod(&(0x7f0000000100)='./file0\x00', 0x8001420, 0x1)
r7 = syz_open_dev$video4linux(&(0x7f0000000080), 0x6d6b, 0x480)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r7, 0x4020565a, &(0x7f00000000c0)={0x3, 0x980900, 0x2})
ioctl$VIDIOC_QUERYMENU(r7, 0xc008561c, 0x0)
statx(r2, 0x0, 0x1000, 0x1, &(0x7f0000000100))
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'veth0_to_hsr\x00', <r8=>0x0})
sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x400c851, &(0x7f0000000080)={0x11, 0xf8, r8, 0x1, 0xdf, 0x6, @random="15ad0541b058"}, 0x14)
inotify_init1(0x800)
fcntl$setstatus(r0, 0x4, 0x2c00)
gettid()

98.227304ms ago: executing program 4 (id=914):
socket$nl_generic(0x10, 0x3, 0x10)
dup(0xffffffffffffffff)
r0 = socket$kcm(0x10, 0x400000002, 0x0)
r1 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000c2bd0b20f8061b3039bb0102030109021b0001000000000904"], 0x0)
syz_usb_control_io$uac1(r1, 0x0, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r3 = socket(0x400000000010, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000003c0)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x7, 0x2, 0x1}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4040001}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f000000bb80)=@newtfilter={0x4c, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0xfff0, 0xe}, {}, {0x7}}, [@filter_kind_options=@f_flow={{0x9}, {0x14, 0x2, [@TCA_FLOW_KEYS={0x8, 0x1, 0x172ed}, @TCA_FLOW_MODE={0x8, 0x2, 0x1}]}}, @TCA_CHAIN={0x8, 0xb, 0x8}]}, 0x4c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
r6 = socket(0x400000000010, 0x3, 0x0)
r7 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r9 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r9, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)
semctl$SETALL(0x0, 0x0, 0x14, &(0x7f0000000740))
sendmsg$nl_route_sched(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=@newtfilter={0x34, 0x2c, 0xd27, 0x30bd29, 0x21dfdbfc, {0x0, 0x0, 0x0, r8, {0x0, 0xf}, {}, {0x7}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x24000014}, 0x200c4004)
sendmsg$inet(r0, &(0x7f0000000100)={0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000140)="600000002e000d190a762d7f089e", 0xfca2}, {&(0x7f0000000280)="68cabf2dfb58fc0a1d6b689866f05d490d010088a8ffff0200258f2e4409b8f9e6aaeb88bea123dc2c6726e89b1ae2f6e8bcb5ee52dcd7298d39093c510293bca0b646a3ce904f6e6b788b3204c233e60ddc", 0x52}], 0x2}, 0x0)

0s ago: executing program 0 (id=915):
socket$nl_generic(0x10, 0x3, 0x10)
dup(0xffffffffffffffff)
r0 = socket$kcm(0x10, 0x400000002, 0x0)
r1 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000c2bd0b20f8061b3039bb0102030109021b0001000000000904"], 0x0)
syz_usb_control_io$uac1(r1, 0x0, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r3 = socket(0x400000000010, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000003c0)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x7, 0x2, 0x1}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4040001}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f000000bb80)=@newtfilter={0x4c, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0xfff0, 0xe}, {}, {0x7}}, [@filter_kind_options=@f_flow={{0x9}, {0x14, 0x2, [@TCA_FLOW_KEYS={0x8, 0x1, 0x172ed}, @TCA_FLOW_MODE={0x8, 0x2, 0x1}]}}, @TCA_CHAIN={0x8, 0xb, 0x8}]}, 0x4c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
r6 = socket(0x400000000010, 0x3, 0x0)
r7 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r9 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r9, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)
semctl$SETALL(0x0, 0x0, 0x14, &(0x7f0000000740))
sendmsg$nl_route_sched(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=@newtfilter={0x34, 0x2c, 0xd27, 0x30bd29, 0x21dfdbfc, {0x0, 0x0, 0x0, r8, {0x0, 0xf}, {}, {0x7}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x24000014}, 0x200c4004)
sendmsg$inet(r0, &(0x7f0000000100)={0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000140)="600000002e000d190a762d7f089e", 0xfca2}, {&(0x7f0000000280)="68cabf2dfb58fc0a1d6b689866f05d490d010088a8ffff0200258f2e4409b8f9e6aaeb88bea123dc2c6726e89b1ae2f6e8bcb5ee52dcd7298d39093c510293bca0b646a3ce904f6e6b788b3204c233e60ddc", 0x52}], 0x2}, 0x0)

kernel console output (not intermixed with test programs):

520.887541][ T8003]  ? rcu_is_watching+0x12/0xc0
[  520.887558][ T8003]  ? irqentry_exit+0x3b/0x90
[  520.887577][ T8003]  ? __pfx_rng_dev_read+0x10/0x10
[  520.887601][ T8003]  ? vfs_readv+0x51f/0x8b0
[  520.887622][ T8003]  ? __pfx_rng_dev_read+0x10/0x10
[  520.887638][ T8003]  vfs_readv+0x5c1/0x8b0
[  520.887662][ T8003]  ? __pfx_vfs_readv+0x10/0x10
[  520.887683][ T8003]  ? find_held_lock+0x2b/0x80
[  520.887713][ T8003]  ? __fget_files+0x20e/0x3c0
[  520.887742][ T8003]  ? do_preadv+0x1a6/0x270
[  520.887760][ T8003]  do_preadv+0x1a6/0x270
[  520.887780][ T8003]  ? __pfx_do_preadv+0x10/0x10
[  520.887807][ T8003]  do_syscall_64+0xcd/0xfa0
[  520.887828][ T8003]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  520.887845][ T8003] RIP: 0033:0x7f5c5cd8eec9
[  520.887860][ T8003] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  520.887877][ T8003] RSP: 002b:00007f5c5db68038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[  520.887894][ T8003] RAX: ffffffffffffffda RBX: 00007f5c5cfe6090 RCX: 00007f5c5cd8eec9
[  520.887905][ T8003] RDX: 0000000000000001 RSI: 00002000000000c0 RDI: 0000000000000007
[  520.887916][ T8003] RBP: 00007f5c5db68090 R08: 0000000000000000 R09: 0000000000000000
[  520.887926][ T8003] R10: 00000000ffff0000 R11: 0000000000000246 R12: 0000000000000001
[  520.887937][ T8003] R13: 00007f5c5cfe6128 R14: 00007f5c5cfe6090 R15: 00007ffd69cd7df8
[  520.887961][ T8003]  </TASK>
[  521.077721][    C0] vkms_vblank_simulate: vblank timer overrun
[  521.389039][ T8010] overlayfs: overlapping lowerdir path
[  521.435477][ T8010] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[  521.468333][ T8011] netlink: 4 bytes leftover after parsing attributes in process `syz.0.509'.
[  522.332544][   T30] audit: type=1326 audit(2000000009.770:345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8005 comm="syz.0.509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdba1b8eec9 code=0x7ffc0000
[  522.843910][   T30] audit: type=1326 audit(2000000009.770:346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8005 comm="syz.0.509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdba1b8eec9 code=0x7ffc0000
[  522.881976][   T30] audit: type=1326 audit(2000000009.770:347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8005 comm="syz.0.509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=228 compat=0 ip=0x7fdba1b8eec9 code=0x7ffc0000
[  522.982600][   T30] audit: type=1326 audit(2000000009.770:348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8005 comm="syz.0.509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdba1b8eec9 code=0x7ffc0000
[  523.043926][   T30] audit: type=1326 audit(2000000009.770:349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8005 comm="syz.0.509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdba1b8eec9 code=0x7ffc0000
[  523.426495][   T30] audit: type=1326 audit(2000000009.770:350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8005 comm="syz.0.509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fdba1b8eec9 code=0x7ffc0000
[  523.489700][   T30] audit: type=1326 audit(2000000009.770:351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8005 comm="syz.0.509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdba1b8eec9 code=0x7ffc0000
[  523.533873][ T5970] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  523.587094][   T30] audit: type=1326 audit(2000000009.770:352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8005 comm="syz.0.509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdba1b8eec9 code=0x7ffc0000
[  523.647374][   T30] audit: type=1326 audit(2000000009.770:353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8005 comm="syz.0.509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fdba1b8eec9 code=0x7ffc0000
[  523.703659][ T5970] usb 3-1: Using ep0 maxpacket: 8
[  523.711373][ T5970] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  523.721632][ T5970] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  523.731994][ T5970] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  523.742276][ T5970] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  523.757211][ T5970] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  523.768787][ T5970] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  523.885650][ T5831] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  523.885677][ T5857] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000040: -71
[  523.904103][  T889] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  523.937808][ T5857] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Error writing E2P_CMD
[  523.949933][ T5857] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  523.962349][ T5857] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71
[  524.074627][ T5857] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset
[  524.075511][ T5831] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  524.085154][ T5857] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[  524.085573][ T5857] smsc75xx 4-1:0.184: probe with driver smsc75xx failed with error -71
[  524.095420][ T5831] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  524.116969][ T5857] usb 4-1: USB disconnect, device number 10
[  524.125257][ T5970] usb 3-1: usb_control_msg returned -71
[  524.135201][ T5970] usbtmc 3-1:16.0: can't read capabilities
[  524.422616][ T5831] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  524.461050][ T5970] usb 3-1: USB disconnect, device number 11
[  524.467213][ T5855] Bluetooth: hci4: command 0x0406 tx timeout
[  524.581589][ T5831] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  524.614239][ T5831] usb 2-1: SerialNumber: syz
[  524.614895][  T889] usb 1-1: config 0 has no interfaces?
[  524.634668][  T889] usb 1-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  524.645489][  T889] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  524.657692][  T889] usb 1-1: Product: syz
[  524.661930][  T889] usb 1-1: Manufacturer: syz
[  524.667232][  T889] usb 1-1: SerialNumber: syz
[  524.684426][  T889] usb 1-1: config 0 descriptor??
[  524.860169][ T5831] usb 2-1: 0:2 : does not exist
[  524.927708][ T8023] netlink: 8 bytes leftover after parsing attributes in process `syz.0.514'.
[  524.958760][ T5831] usb 2-1: USB disconnect, device number 12
[  525.135529][ T8035] genirq: Flags mismatch irq 7. 00200080 (ttyS3) vs. 00200000 (das16m1)
[  525.143811][ T6853] udevd[6853]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  525.144881][  T889] usb 1-1: USB disconnect, device number 8
[  525.540441][ T8044] input: syz0 as /devices/virtual/input/input6
[  525.559854][   T30] kauditd_printk_skb: 5 callbacks suppressed
[  525.559868][   T30] audit: type=1400 audit(2000000013.860:359): avc:  denied  { write } for  pid=8043 comm="syz.2.520" name="urandom" dev="devtmpfs" ino=9 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:urandom_device_t tclass=chr_file permissive=1
[  526.156040][ T8052] ref_tracker: memory allocation failure, unreliable refcount tracker.
[  526.226819][   T30] audit: type=1400 audit(2000000014.520:360): avc:  denied  { create } for  pid=8057 comm="syz.1.525" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  526.427574][ T8060] F2FS-fs (loop9): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  526.435365][ T8060] F2FS-fs (loop9): Can't find valid F2FS filesystem in 1th superblock
[  526.446707][ T8060] F2FS-fs (loop9): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  526.454795][ T8060] F2FS-fs (loop9): Can't find valid F2FS filesystem in 2th superblock
[  526.463859][   T30] audit: type=1400 audit(2000000014.520:361): avc:  denied  { nlmsg_read } for  pid=8057 comm="syz.1.525" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  526.745500][   T30] audit: type=1400 audit(2000000014.560:362): avc:  denied  { connect } for  pid=8057 comm="syz.1.525" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  527.203746][   T30] audit: type=1400 audit(2000000015.420:363): avc:  denied  { mount } for  pid=8063 comm="syz.2.526" name="/" dev="rpc_pipefs" ino=21326 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:rpc_pipefs_t tclass=filesystem permissive=1
[  527.273655][ T5831] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  527.678000][ T8072] netlink: 24 bytes leftover after parsing attributes in process `syz.4.524'.
[  527.710062][ T8070] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  527.764419][ T5831] usb 4-1: Using ep0 maxpacket: 8
[  527.771198][ T5831] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  527.782042][ T5831] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  527.816338][ T5831] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  527.831686][ T5831] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  527.845224][ T5831] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  527.859296][ T5831] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  527.966230][ T8074] genirq: Flags mismatch irq 7. 00200080 (ttyS3) vs. 00200000 (das16m1)
[  527.994780][ T8074] netlink: 20 bytes leftover after parsing attributes in process `syz.2.529'.
[  528.005059][   T30] audit: type=1400 audit(2000000016.310:364): avc:  denied  { read } for  pid=8073 comm="syz.2.529" name="usbmon3" dev="devtmpfs" ino=725 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  528.081978][   T30] audit: type=1400 audit(2000000016.310:365): avc:  denied  { open } for  pid=8073 comm="syz.2.529" path="/dev/usbmon3" dev="devtmpfs" ino=725 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  528.124829][ T5831] usb 4-1: usb_control_msg returned -32
[  528.130473][ T5831] usbtmc 4-1:16.0: can't read capabilities
[  528.246078][ T5831] usb 4-1: USB disconnect, device number 11
[  528.289608][ T8074] genirq: Flags mismatch irq 7. 00200080 (ttyS3) vs. 00200000 (das16m1)
[  529.218436][   T43] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  529.717637][   T30] audit: type=1400 audit(2000000017.720:366): avc:  denied  { name_bind } for  pid=8093 comm="syz.0.535" src=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1
[  529.764800][   T43] usb 3-1: config 0 has no interfaces?
[  529.778364][   T43] usb 3-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  529.793638][   T43] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  529.909410][   T43] usb 3-1: Product: syz
[  529.914207][   T43] usb 3-1: Manufacturer: syz
[  529.918805][   T43] usb 3-1: SerialNumber: syz
[  529.948663][   T43] usb 3-1: config 0 descriptor??
[  530.069801][ T8102] ubi31: attaching mtd0
[  530.095675][ T8102] ubi31: scanning is finished
[  530.100713][ T8102] ubi31: empty MTD device detected
[  530.124909][ T8103] netlink: 28 bytes leftover after parsing attributes in process `syz.3.536'.
[  530.133811][ T8103] netlink: 28 bytes leftover after parsing attributes in process `syz.3.536'.
[  530.703373][ T8110] audit: audit_lost=2 audit_rate_limit=0 audit_backlog_limit=64
[  530.711136][ T8110] audit: out of memory in audit_log_start
[  531.129973][ T8085] netlink: 8 bytes leftover after parsing attributes in process `syz.2.532'.
[  531.242725][ T8102] ubi31 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt31d", error -4
[  531.517190][   T43] usb 3-1: USB disconnect, device number 12
[  531.813706][ T5917] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  532.024113][ T5831] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  532.282629][ T5917] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  532.292112][ T5917] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  532.300231][ T5917] usb 1-1: Product: syz
[  532.304448][ T5831] usb 2-1: Using ep0 maxpacket: 8
[  532.310081][ T5917] usb 1-1: Manufacturer: syz
[  532.313128][ T5831] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  532.318960][ T5917] usb 1-1: SerialNumber: syz
[  532.346857][ T5917] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  532.369992][ T5831] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  532.375018][ T5857] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  532.415303][ T5831] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  532.481893][ T5831] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  532.989166][   T30] audit: type=1400 audit(2000000021.280:367): avc:  denied  { bind } for  pid=8115 comm="syz.0.541" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  533.189979][ T8116] netlink: 'syz.0.541': attribute type 29 has an invalid length.
[  533.412436][ T8116] netlink: 'syz.0.541': attribute type 3 has an invalid length.
[  533.541409][ T5857] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[  533.627916][ T8116] netlink: 76 bytes leftover after parsing attributes in process `syz.0.541'.
[  533.708499][ T5857] ath9k_htc: Failed to initialize the device
[  533.780672][ T5831] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  533.803676][ T5831] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  533.884111][ T8139] FAULT_INJECTION: forcing a failure.
[  533.884111][ T8139] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  533.970065][ T8139] CPU: 0 UID: 0 PID: 8139 Comm: syz.2.547 Not tainted syzkaller #0 PREEMPT(full) 
[  533.970091][ T8139] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  533.970102][ T8139] Call Trace:
[  533.970108][ T8139]  <TASK>
[  533.970114][ T8139]  dump_stack_lvl+0x16c/0x1f0
[  533.970140][ T8139]  should_fail_ex+0x512/0x640
[  533.970168][ T8139]  _copy_from_user+0x2e/0xd0
[  533.970191][ T8139]  get_user_ifreq+0xf1/0x250
[  533.970216][ T8139]  sock_do_ioctl+0x16b/0x280
[  533.970240][ T8139]  ? __pfx_sock_do_ioctl+0x10/0x10
[  533.970272][ T8139]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  533.970292][ T8139]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  533.970322][ T8139]  sock_ioctl+0x227/0x6b0
[  533.970348][ T8139]  ? __pfx_sock_ioctl+0x10/0x10
[  533.970372][ T8139]  ? hook_file_ioctl_common+0x145/0x410
[  533.970396][ T8139]  ? selinux_file_ioctl+0x180/0x270
[  533.970418][ T8139]  ? selinux_file_ioctl+0xb4/0x270
[  533.970442][ T8139]  ? __pfx_sock_ioctl+0x10/0x10
[  533.970469][ T8139]  __x64_sys_ioctl+0x18e/0x210
[  533.970490][ T8139]  do_syscall_64+0xcd/0xfa0
[  533.970512][ T8139]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  533.970529][ T8139] RIP: 0033:0x7f00fdb8eec9
[  533.970543][ T8139] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  533.970560][ T8139] RSP: 002b:00007f00fe970038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  533.970578][ T8139] RAX: ffffffffffffffda RBX: 00007f00fdde5fa0 RCX: 00007f00fdb8eec9
[  533.970589][ T8139] RDX: 0000200000000000 RSI: 0000000000008914 RDI: 0000000000000005
[  533.970600][ T8139] RBP: 00007f00fe970090 R08: 0000000000000000 R09: 0000000000000000
[  533.970610][ T8139] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  533.970619][ T8139] R13: 00007f00fdde6038 R14: 00007f00fdde5fa0 R15: 00007fff4b6c5ea8
[  533.970645][ T8139]  </TASK>
[  534.236441][   T43] usb 1-1: USB disconnect, device number 9
[  534.254719][   T30] audit: type=1400 audit(2000000022.560:368): avc:  denied  { create } for  pid=8140 comm="syz.4.548" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  534.282006][ T5831] usb 2-1: usb_control_msg returned -32
[  534.287761][ T5831] usbtmc 2-1:16.0: can't read capabilities
[  534.301003][ T5831] usb 2-1: USB disconnect, device number 13
[  534.348018][   T43] usb 1-1: ath9k_htc: USB layer deinitialized
[  534.376327][   T30] audit: type=1400 audit(2000000022.680:369): avc:  denied  { write } for  pid=8147 comm="syz.3.551" name="loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  534.634493][ T8157] FAULT_INJECTION: forcing a failure.
[  534.634493][ T8157] name failslab, interval 1, probability 0, space 0, times 0
[  534.648335][ T8157] CPU: 0 UID: 0 PID: 8157 Comm: syz.2.550 Not tainted syzkaller #0 PREEMPT(full) 
[  534.648358][ T8157] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  534.648369][ T8157] Call Trace:
[  534.648375][ T8157]  <TASK>
[  534.648381][ T8157]  dump_stack_lvl+0x16c/0x1f0
[  534.648407][ T8157]  should_fail_ex+0x512/0x640
[  534.648428][ T8157]  ? __kmalloc_cache_noprof+0x5f/0x780
[  534.648451][ T8157]  should_failslab+0xc2/0x120
[  534.648475][ T8157]  __kmalloc_cache_noprof+0x72/0x780
[  534.648491][ T8157]  ? xa_load+0x153/0x2c0
[  534.648512][ T8157]  ? cma_alloc_port+0x9a/0x5b0
[  534.648538][ T8157]  ? cma_alloc_port+0x9a/0x5b0
[  534.648562][ T8157]  cma_alloc_port+0x9a/0x5b0
[  534.648587][ T8157]  rdma_bind_addr_dst+0x1c53/0x2d50
[  534.648611][ T8157]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  534.648634][ T8157]  rdma_listen+0x10c/0xe30
[  534.648654][ T8157]  ? __pfx_rdma_listen+0x10/0x10
[  534.648672][ T8157]  ? __pfx_ucma_get_ctx+0x10/0x10
[  534.648699][ T8157]  ucma_listen+0x173/0x220
[  534.648719][ T8157]  ? __pfx_ucma_listen+0x10/0x10
[  534.648743][ T8157]  ? __pfx_ucma_listen+0x10/0x10
[  534.648762][ T8157]  ucma_write+0x1fb/0x330
[  534.648780][ T8157]  ? __pfx_ucma_write+0x10/0x10
[  534.648798][ T8157]  ? bpf_lsm_file_permission+0x9/0x10
[  534.648820][ T8157]  ? security_file_permission+0x71/0x210
[  534.648854][ T8157]  ? rw_verify_area+0xcf/0x6c0
[  534.648875][ T8157]  ? __pfx_ucma_write+0x10/0x10
[  534.648891][ T8157]  vfs_write+0x2a0/0x11d0
[  534.648919][ T8157]  ? __pfx_vfs_write+0x10/0x10
[  534.648939][ T8157]  ? find_held_lock+0x2b/0x80
[  534.648957][ T8157]  ? __fget_files+0x204/0x3c0
[  534.648983][ T8157]  ? __fget_files+0x20e/0x3c0
[  534.649013][ T8157]  ksys_write+0x1f8/0x250
[  534.649033][ T8157]  ? __pfx_ksys_write+0x10/0x10
[  534.649062][ T8157]  do_syscall_64+0xcd/0xfa0
[  534.649086][ T8157]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  534.649103][ T8157] RIP: 0033:0x7f00fdb8eec9
[  534.649118][ T8157] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  534.649135][ T8157] RSP: 002b:00007f00fe94f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  534.649152][ T8157] RAX: ffffffffffffffda RBX: 00007f00fdde6090 RCX: 00007f00fdb8eec9
[  534.649164][ T8157] RDX: 0000000000000010 RSI: 0000200000000100 RDI: 0000000000000005
[  534.649174][ T8157] RBP: 00007f00fe94f090 R08: 0000000000000000 R09: 0000000000000000
[  534.649185][ T8157] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  534.649195][ T8157] R13: 00007f00fdde6128 R14: 00007f00fdde6090 R15: 00007fff4b6c5ea8
[  534.649222][ T8157]  </TASK>
[  534.973669][  T889] usb 5-1: new full-speed USB device number 6 using dummy_hcd
[  535.033883][ T5970] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  535.140792][  T889] usb 5-1: unable to get BOS descriptor or descriptor too short
[  535.199462][ T5970] usb 4-1: Using ep0 maxpacket: 16
[  535.201716][   T43] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  535.205957][ T5970] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  535.289129][  T889] usb 5-1: not running at top speed; connect to a high speed hub
[  535.389336][  T889] usb 5-1: config 92 has an invalid interface number: 30 but max is 0
[  535.395187][ T5970] usb 4-1: New USB device found, idVendor=04fc, idProduct=05d8, bcdDevice= 0.00
[  535.409942][  T889] usb 5-1: config 92 has an invalid descriptor of length 0, skipping remainder of the config
[  535.420476][  T889] usb 5-1: config 92 has no interface number 0
[  535.427927][ T5970] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  535.438270][ T5970] usb 4-1: config 0 descriptor??
[  535.467952][  T889] usb 5-1: config 92 interface 30 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  535.485520][  T889] usb 5-1: New USB device found, idVendor=0499, idProduct=a80e, bcdDevice=f0.31
[  535.495996][  T889] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=131
[  535.507329][  T889] usb 5-1: Product: syz
[  535.511545][  T889] usb 5-1: Manufacturer: syz
[  535.517029][  T889] usb 5-1: SerialNumber: syz
[  535.533797][   T43] usb 1-1: Using ep0 maxpacket: 32
[  535.542939][   T43] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  535.555991][   T43] usb 1-1: New USB device found, idVendor=06f8, idProduct=301b, bcdDevice=bb.39
[  535.569043][   T43] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  535.619026][   T43] usb 1-1: Product: syz
[  535.640928][   T43] usb 1-1: Manufacturer: syz
[  535.917357][   T43] usb 1-1: SerialNumber: syz
[  535.936975][   T43] usb 1-1: config 0 descriptor??
[  536.004976][ T5970] usbhid 4-1:0.0: can't add hid device: -71
[  536.011439][ T5970] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  536.012911][   T43] gspca_main: gspca_pac7302-2.14.0 probing 06f8:301b
[  536.040429][ T5970] usb 4-1: USB disconnect, device number 12
[  536.051436][  T889] usb 5-1: USB disconnect, device number 6
[  536.098881][ T6853] udevd[6853]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:92.30/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  536.153671][   T30] audit: type=1400 audit(2000000024.440:370): avc:  denied  { connect } for  pid=8171 comm="syz.2.558" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  536.786687][   T43] gspca_pac7302: reg_w() failed i: 78 v: 00 error -110
[  536.895299][   T43] gspca_pac7302 1-1:0.0: probe with driver gspca_pac7302 failed with error -110
[  538.777557][ T8185] netlink: 44 bytes leftover after parsing attributes in process `syz.0.554'.
[  540.422277][ T8188] genirq: Flags mismatch irq 7. 00200080 (ttyS3) vs. 00200000 (das16m1)
[  540.445636][ T8193] netlink: 'syz.1.561': attribute type 1 has an invalid length.
[  540.588652][   T10] usb 1-1: USB disconnect, device number 10
[  540.712185][ T8193] 8021q: adding VLAN 0 to HW filter on device bond1
[  540.745504][ T8195] bond1: (slave ip6erspan0): making interface the new active one
[  540.775265][ T8195] bond1: (slave ip6erspan0): Enslaving as an active interface with an up link
[  541.416462][ T8205] netlink: 96 bytes leftover after parsing attributes in process `syz.0.564'.
[  541.465870][ T8207] binder: BC_ATTEMPT_ACQUIRE not supported
[  541.471690][ T8207] binder: 8206:8207 ioctl c0306201 200000000100 returned -22
[  541.915989][   T10] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  542.133827][   T10] usb 2-1: Using ep0 maxpacket: 8
[  542.142953][   T10] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  542.152918][   T10] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  542.163064][   T10] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  542.172985][   T10] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  542.218741][   T10] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  542.352376][   T30] audit: type=1400 audit(2000000030.650:371): avc:  denied  { setattr } for  pid=8227 comm="syz.4.572" name="loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  542.390839][   T30] audit: type=1400 audit(2000000030.650:372): avc:  denied  { create } for  pid=8227 comm="syz.4.572" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  542.393791][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  542.410434][   T30] audit: type=1400 audit(2000000030.650:373): avc:  denied  { ioctl } for  pid=8227 comm="syz.4.572" path="socket:[22475]" dev="sockfs" ino=22475 ioctlcmd=0x5411 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  542.845738][   T10] usb 2-1: GET_CAPABILITIES returned 0
[  543.399641][   T10] usbtmc 2-1:16.0: can't read capabilities
[  543.566356][   T10] usb 2-1: USB disconnect, device number 14
[  543.598765][   T30] audit: type=1400 audit(2000000030.850:374): avc:  denied  { map } for  pid=8222 comm="syz.3.570" path="socket:[22499]" dev="sockfs" ino=22499 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1
[  543.912778][ T5935] Bluetooth: (null): Invalid header checksum
[  543.919901][ T5935] Bluetooth: (null): Invalid header checksum
[  543.956700][ T5935] Bluetooth: (null): Invalid header checksum
[  544.040773][ T5952] Bluetooth: (null): Invalid header checksum
[  544.655407][ T8243] FAULT_INJECTION: forcing a failure.
[  544.655407][ T8243] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  544.655580][   T30] audit: type=1400 audit(2000000032.960:375): avc:  denied  { mount } for  pid=8240 comm="syz.2.577" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  544.669284][ T8243] CPU: 1 UID: 0 PID: 8243 Comm: syz.2.577 Not tainted syzkaller #0 PREEMPT(full) 
[  544.669303][ T8243] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  544.669313][ T8243] Call Trace:
[  544.669318][ T8243]  <TASK>
[  544.669324][ T8243]  dump_stack_lvl+0x16c/0x1f0
[  544.669347][ T8243]  should_fail_ex+0x512/0x640
[  544.669369][ T8243]  strncpy_from_user+0x3b/0x2e0
[  544.669389][ T8243]  getname_flags.part.0+0x8f/0x550
[  544.669409][ T8243]  getname_flags+0x93/0xf0
[  544.669428][ T8243]  __x64_sys_rename+0x65/0xa0
[  544.669451][ T8243]  do_syscall_64+0xcd/0xfa0
[  544.669470][ T8243]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  544.669485][ T8243] RIP: 0033:0x7f00fdb8eec9
[  544.669498][ T8243] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  544.669519][ T8243] RSP: 002b:00007f00fe970038 EFLAGS: 00000246 ORIG_RAX: 0000000000000052
[  544.669535][ T8243] RAX: ffffffffffffffda RBX: 00007f00fdde5fa0 RCX: 00007f00fdb8eec9
[  544.669545][ T8243] RDX: 0000000000000000 RSI: 0000200000000f00 RDI: 0000200000000400
[  544.669554][ T8243] RBP: 00007f00fe970090 R08: 0000000000000000 R09: 0000000000000000
[  544.669563][ T8243] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  544.669573][ T8243] R13: 00007f00fdde6038 R14: 00007f00fdde5fa0 R15: 00007fff4b6c5ea8
[  544.669595][ T8243]  </TASK>
[  544.694222][ T8251] FAULT_INJECTION: forcing a failure.
[  544.694222][ T8251] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  544.852278][   T30] audit: type=1400 audit(2000000033.140:376): avc:  denied  { ioctl } for  pid=8241 comm="syz.1.576" path="pid:[4026532796]" dev="nsfs" ino=4026532796 ioctlcmd=0xb704 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  544.877115][ T8251] CPU: 0 UID: 0 PID: 8251 Comm: syz.4.579 Not tainted syzkaller #0 PREEMPT(full) 
[  544.877138][ T8251] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  544.877148][ T8251] Call Trace:
[  544.877154][ T8251]  <TASK>
[  544.877160][ T8251]  dump_stack_lvl+0x16c/0x1f0
[  544.877184][ T8251]  should_fail_ex+0x512/0x640
[  544.877209][ T8251]  _copy_from_iter+0x29f/0x1720
[  544.877233][ T8251]  ? __alloc_skb+0x200/0x380
[  544.877252][ T8251]  ? __pfx__copy_from_iter+0x10/0x10
[  544.877271][ T8251]  ? netlink_autobind.isra.0+0x158/0x370
[  544.877296][ T8251]  netlink_sendmsg+0x820/0xdd0
[  544.877318][ T8251]  ? __pfx_netlink_sendmsg+0x10/0x10
[  544.877343][ T8251]  ____sys_sendmsg+0xa98/0xc70
[  544.877365][ T8251]  ? copy_msghdr_from_user+0x10a/0x160
[  544.877380][ T8251]  ? __pfx_____sys_sendmsg+0x10/0x10
[  544.877410][ T8251]  ___sys_sendmsg+0x134/0x1d0
[  544.877427][ T8251]  ? __pfx____sys_sendmsg+0x10/0x10
[  544.877441][ T8251]  ? __lock_acquire+0x622/0x1c90
[  544.877483][ T8251]  __sys_sendmsg+0x16d/0x220
[  544.877499][ T8251]  ? __pfx___sys_sendmsg+0x10/0x10
[  544.877529][ T8251]  do_syscall_64+0xcd/0xfa0
[  544.877546][ T8251]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  544.877560][ T8251] RIP: 0033:0x7f5c5cd8eec9
[  544.877572][ T8251] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  544.877586][ T8251] RSP: 002b:00007f5c5db89038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  544.877600][ T8251] RAX: ffffffffffffffda RBX: 00007f5c5cfe5fa0 RCX: 00007f5c5cd8eec9
[  544.877610][ T8251] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[  544.877618][ T8251] RBP: 00007f5c5db89090 R08: 0000000000000000 R09: 0000000000000000
[  544.877626][ T8251] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  544.877634][ T8251] R13: 00007f5c5cfe6038 R14: 00007f5c5cfe5fa0 R15: 00007ffd69cd7df8
[  544.877654][ T8251]  </TASK>
[  545.081710][   T30] audit: type=1400 audit(2000000033.150:377): avc:  denied  { ioctl } for  pid=8242 comm="syz.0.575" path="socket:[22961]" dev="sockfs" ino=22961 ioctlcmd=0x943d scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  545.085799][ T8245] tmpfs: Cannot change global quota limit on remount
[  545.126535][   T30] audit: type=1400 audit(2000000033.150:378): avc:  denied  { unmount } for  pid=5860 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  545.158140][   T30] audit: type=1400 audit(2000000033.380:379): avc:  denied  { create } for  pid=8244 comm="syz.3.578" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  545.229434][   T30] audit: type=1400 audit(2000000033.390:380): avc:  denied  { read } for  pid=8244 comm="syz.3.578" path="socket:[23558]" dev="sockfs" ino=23558 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  545.481520][ T8269] vxfs: WRONG superblock magic 00000000 at 1
[  545.481736][ T8269] vxfs: WRONG superblock magic 00000000 at 8
[  545.481750][ T8269] vxfs: can't find superblock.
[  545.723689][   T43] usb 4-1: new full-speed USB device number 13 using dummy_hcd
[  545.875168][   T43] usb 4-1: config 0 has an invalid interface number: 4 but max is 0
[  545.883211][   T43] usb 4-1: config 0 has an invalid descriptor of length 199, skipping remainder of the config
[  545.893485][   T43] usb 4-1: config 0 has no interface number 0
[  545.893784][ T5938] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  545.899648][   T43] usb 4-1: config 0 interface 4 altsetting 127 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  545.920160][   T43] usb 4-1: config 0 interface 4 has no altsetting 0
[  545.926767][   T43] usb 4-1: New USB device found, idVendor=0b05, idProduct=1a30, bcdDevice= 0.00
[  545.935864][  T889] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  545.943605][   T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  545.955783][   T43] usb 4-1: config 0 descriptor??
[  545.963770][   T10] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  545.964977][   T43] usbhid 4-1:0.4: couldn't find an input interrupt endpoint
[  546.055113][ T5938] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  546.067069][ T5938] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  546.076997][ T5938] usb 3-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[  546.086083][ T5938] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  546.095603][ T5938] usb 3-1: config 0 descriptor??
[  546.105930][  T889] usb 1-1: Using ep0 maxpacket: 32
[  546.112960][  T889] usb 1-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7
[  546.113665][   T10] usb 2-1: Using ep0 maxpacket: 8
[  546.122378][  T889] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  546.128994][   T10] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  546.137944][  T889] usb 1-1: config 0 descriptor??
[  546.167993][  T889] gspca_main: sunplus-2.14.0 probing 041e:400b
[  546.217541][   T10] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  546.227351][   T10] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  546.239579][   T10] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  546.252612][   T10] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  546.261908][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  546.465991][ T8265] Bluetooth: (null): Invalid header checksum
[  546.472708][ T8265] Bluetooth: (null): Invalid header checksum
[  546.490739][   T10] usb 2-1: GET_CAPABILITIES returned 0
[  546.507968][   T10] usbtmc 2-1:16.0: can't read capabilities
[  546.589887][ T8267] Bluetooth: (null): Invalid header checksum
[  546.655437][ T5938] cp2112 0003:10C4:EA90.0004: unknown main item tag 0x0
[  546.684717][ T5938] cp2112 0003:10C4:EA90.0004: unknown main item tag 0x0
[  546.701792][ T5938] cp2112 0003:10C4:EA90.0004: unknown main item tag 0x0
[  546.704666][   T43] usb 2-1: USB disconnect, device number 15
[  546.708910][ T5938] cp2112 0003:10C4:EA90.0004: unknown main item tag 0x0
[  546.723169][ T5938] cp2112 0003:10C4:EA90.0004: unknown main item tag 0x0
[  546.746021][ T5938] cp2112 0003:10C4:EA90.0004: unknown main item tag 0x0
[  546.753023][ T5938] cp2112 0003:10C4:EA90.0004: unknown main item tag 0x0
[  546.771319][ T5938] cp2112 0003:10C4:EA90.0004: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.2-1/input0
[  546.848432][ T8280] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  546.849318][ T8280] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  547.087849][  T889] gspca_sunplus: reg_r err -71
[  547.093262][  T889] sunplus 1-1:0.0: probe with driver sunplus failed with error -71
[  547.121663][  T889] usb 1-1: USB disconnect, device number 11
[  547.212341][ T8287] misc userio: The device must be registered before sending interrupts
[  547.370772][   T30] kauditd_printk_skb: 4 callbacks suppressed
[  547.370789][   T30] audit: type=1400 audit(2000000035.670:385): avc:  denied  { name_connect } for  pid=8297 comm="syz.1.591" dest=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=sctp_socket permissive=1
[  547.739041][   T30] audit: type=1400 audit(2000000036.040:386): avc:  denied  { bind } for  pid=8303 comm="syz.4.593" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  547.957050][ T8309] netlink: 4 bytes leftover after parsing attributes in process `syz.4.593'.
[  548.560194][ T5930] usb 4-1: USB disconnect, device number 13
[  548.903302][ T5938] cp2112 0003:10C4:EA90.0004: error requesting version
[  549.131476][ T5938] cp2112 0003:10C4:EA90.0004: probe with driver cp2112 failed with error -71
[  550.247122][ T5938] usb 3-1: USB disconnect, device number 13
[  550.585834][   T30] audit: type=1400 audit(2000000038.850:387): avc:  denied  { setopt } for  pid=8326 comm="syz.2.598" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  550.948019][ T5974] Bluetooth: (null): Invalid header checksum
[  550.963722][ T5974] Bluetooth: (null): Invalid header checksum
[  551.084968][ T5974] Bluetooth: (null): Invalid header checksum
[  551.927984][ T8304] syz.4.593: vmalloc error: size 6291456, failed to allocated page array size 12288, mode:0x400dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  551.970178][ T8304] CPU: 0 UID: 0 PID: 8304 Comm: syz.4.593 Not tainted syzkaller #0 PREEMPT(full) 
[  551.970203][ T8304] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  551.970214][ T8304] Call Trace:
[  551.970220][ T8304]  <TASK>
[  551.970228][ T8304]  dump_stack_lvl+0x16c/0x1f0
[  551.970254][ T8304]  warn_alloc+0x248/0x3a0
[  551.970278][ T8304]  ? __pfx_warn_alloc+0x10/0x10
[  551.970307][ T8304]  ? hash_netport4_resize+0x1d8/0x1c50
[  551.970323][ T8304]  ? __vmalloc_node_noprof+0xad/0xf0
[  551.970358][ T8304]  __vmalloc_node_range_noprof+0xfe2/0x1480
[  551.970397][ T8304]  ? hash_netport4_resize+0x1d8/0x1c50
[  551.970422][ T8304]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  551.970456][ T8304]  ? ___kmalloc_large_node+0xed/0x160
[  551.970490][ T8304]  __kvmalloc_node_noprof+0x431/0x9c0
[  551.970523][ T8304]  ? hash_netport4_resize+0x1d8/0x1c50
[  551.970541][ T8304]  ? trace_kmalloc+0x2b/0xd0
[  551.970564][ T8304]  ? __kmalloc_noprof+0x34f/0x880
[  551.970583][ T8304]  ? hash_netport4_resize+0x1d8/0x1c50
[  551.970606][ T8304]  ? hash_netport4_resize+0x1d8/0x1c50
[  551.970623][ T8304]  hash_netport4_resize+0x1d8/0x1c50
[  551.970643][ T8304]  ? __pfx_hash_netport4_add+0x10/0x10
[  551.970661][ T8304]  ? __pfx_hash_netport4_uadt+0x10/0x10
[  551.970688][ T8304]  ? __pfx___mutex_lock+0x10/0x10
[  551.970723][ T8304]  ? __pfx_hash_netport4_resize+0x10/0x10
[  551.970747][ T8304]  call_ad.constprop.0+0x36d/0x940
[  551.970778][ T8304]  ? __pfx_hash_netport4_resize+0x10/0x10
[  551.970799][ T8304]  ? __pfx_call_ad.constprop.0+0x10/0x10
[  551.970829][ T8304]  ? __pfx___nla_validate_parse+0x10/0x10
[  551.970869][ T8304]  ? __nla_parse+0x40/0x60
[  551.970900][ T8304]  ip_set_ad.constprop.0.isra.0+0x3ce/0x870
[  551.970925][ T8304]  ? __pfx_ip_set_ad.constprop.0.isra.0+0x10/0x10
[  551.970947][ T8304]  ? rcu_cleanup_dead_rnp+0x70/0x2e0
[  551.970989][ T8304]  ? find_held_lock+0x2b/0x80
[  551.971014][ T8304]  nfnetlink_rcv_msg+0x9fc/0x1200
[  551.971042][ T8304]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  551.971064][ T8304]  ? __lock_acquire+0x622/0x1c90
[  551.971111][ T8304]  ? avc_has_perm_noaudit+0x149/0x3b0
[  551.971138][ T8304]  netlink_rcv_skb+0x158/0x420
[  551.971163][ T8304]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  551.971183][ T8304]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  551.971220][ T8304]  ? ns_capable+0xd7/0x110
[  551.971252][ T8304]  nfnetlink_rcv+0x1b3/0x430
[  551.971282][ T8304]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  551.971311][ T8304]  ? netlink_deliver_tap+0x1ae/0xd30
[  551.971339][ T8304]  netlink_unicast+0x5aa/0x870
[  551.971368][ T8304]  ? __pfx_netlink_unicast+0x10/0x10
[  551.971402][ T8304]  netlink_sendmsg+0x8c8/0xdd0
[  551.971431][ T8304]  ? __pfx_netlink_sendmsg+0x10/0x10
[  551.971466][ T8304]  ____sys_sendmsg+0xa98/0xc70
[  551.971494][ T8304]  ? copy_msghdr_from_user+0x10a/0x160
[  551.971520][ T8304]  ? __pfx_____sys_sendmsg+0x10/0x10
[  551.971560][ T8304]  ___sys_sendmsg+0x134/0x1d0
[  551.971580][ T8304]  ? futex_private_hash_put+0x176/0x300
[  551.971604][ T8304]  ? __pfx____sys_sendmsg+0x10/0x10
[  551.971624][ T8304]  ? __lock_acquire+0x622/0x1c90
[  551.971681][ T8304]  __sys_sendmsg+0x16d/0x220
[  551.971703][ T8304]  ? __pfx___sys_sendmsg+0x10/0x10
[  551.971725][ T8304]  ? __x64_sys_futex+0x1e0/0x4c0
[  551.971765][ T8304]  do_syscall_64+0xcd/0xfa0
[  551.971789][ T8304]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  551.971808][ T8304] RIP: 0033:0x7f5c5cd8eec9
[  551.971824][ T8304] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  551.971842][ T8304] RSP: 002b:00007f5c5db89038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  551.971859][ T8304] RAX: ffffffffffffffda RBX: 00007f5c5cfe5fa0 RCX: 00007f5c5cd8eec9
[  551.971872][ T8304] RDX: 0000000000000080 RSI: 00002000000002c0 RDI: 0000000000000006
[  551.971883][ T8304] RBP: 00007f5c5ce11f91 R08: 0000000000000000 R09: 0000000000000000
[  551.971894][ T8304] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  551.971905][ T8304] R13: 00007f5c5cfe6038 R14: 00007f5c5cfe5fa0 R15: 00007ffd69cd7df8
[  551.971932][ T8304]  </TASK>
[  551.971939][ T8304] Mem-Info:
[  552.373650][  T889] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  552.376472][ T8304] active_anon:16207 inactive_anon:0 isolated_anon:0
[  552.376472][ T8304]  active_file:5255 inactive_file:40905 isolated_file:0
[  552.376472][ T8304]  unevictable:2816 dirty:99 writeback:0
[  552.376472][ T8304]  slab_reclaimable:13047 slab_unreclaimable:108139
[  552.376472][ T8304]  mapped:34691 shmem:4246 pagetables:1393
[  552.376472][ T8304]  sec_pagetables:0 bounce:0
[  552.376472][ T8304]  kernel_misc_reclaimable:0
[  552.376472][ T8304]  free:1285808 free_pcp:17934 free_cma:0
[  552.433950][ T8304] Node 0 active_anon:65528kB inactive_anon:0kB active_file:21020kB inactive_file:163420kB unevictable:9728kB isolated(anon):0kB isolated(file):0kB mapped:138764kB dirty:392kB writeback:0kB shmem:15448kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12936kB pagetables:5424kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  552.467907][ T8304] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:148kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  552.498960][ T8304] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  552.726406][ T8304] lowmem_reserve[]: 0 2481 2483 2483 2483
[  552.753680][ T8304] Node 0 DMA32 free:1237088kB boost:0kB min:34092kB low:42612kB high:51132kB reserved_highatomic:0KB free_highatomic:0KB active_anon:66028kB inactive_anon:0kB active_file:21020kB inactive_file:163420kB unevictable:9728kB writepending:392kB zspages:0kB present:3129332kB managed:2541344kB mlocked:8192kB bounce:0kB free_pcp:49636kB local_pcp:33932kB free_cma:0kB
[  552.867470][ T8304] lowmem_reserve[]: 0 0 1 1 1
[  552.887195][  T889] usb 1-1: config 0 has no interfaces?
[  552.903396][  T889] usb 1-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  552.914458][  T889] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  552.922446][  T889] usb 1-1: Product: syz
[  552.928978][  T889] usb 1-1: Manufacturer: syz
[  552.934753][ T8304] Node 0 Normal free:0kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  552.984617][   T30] audit: type=1400 audit(2000000041.290:388): avc:  denied  { create } for  pid=8357 comm="syz.1.607" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  553.004616][  T889] usb 1-1: SerialNumber: syz
[  553.029689][  T889] usb 1-1: config 0 descriptor??
[  553.146384][ T8304] lowmem_reserve[]: 0 0 0 0 0
[  553.176865][ T8304] Node 1 Normal free:3889740kB boost:0kB min:55784kB low:69728kB high:83672kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:4kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:22132kB local_pcp:10576kB free_cma:0kB
[  553.362098][ T8304] lowmem_reserve[]: 0 0 0 0 0
[  553.390835][ T8304] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  553.447676][ T8304] Node 0 DMA32: 1767*4kB (UME) 1554*8kB (UM) 468*16kB (UM) 211*32kB (UME) 96*64kB (UME) 15*128kB (UME) 13*256kB (M) 7*512kB (UME) 3*1024kB (ME) 10*2048kB (UME) 285*4096kB (UM) = 1239628kB
[  553.516470][ T8304] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  553.568059][ T8304] Node 1 Normal: 218*4kB (UE) 57*8kB (UME) 42*16kB (UME) 104*32kB (UME) 26*64kB (UME) 8*128kB (UME) 4*256kB (UM) 4*512kB (UM) 4*1024kB (UME) 2*2048kB (UE) 945*4096kB (M) = 3890000kB
[  553.618820][ T8304] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  553.642105][ T8304] Node 0 hugepages_total=2 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB
[  553.653303][ T8304] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  553.673433][ T8304] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  553.700387][ T8304] 47533 total pagecache pages
[  553.720227][ T8304] 0 pages in swap cache
[  553.729541][ T8304] Free swap  = 124996kB
[  553.743386][ T8304] Total swap = 124996kB
[  553.777764][   T30] audit: type=1400 audit(2000000041.320:389): avc:  denied  { write } for  pid=8357 comm="syz.1.607" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  553.804902][ T8304] 2097051 pages RAM
[  553.809437][ T8304] 0 pages HighMem/MovableOnly
[  553.815252][ T8304] 429689 pages reserved
[  553.819407][ T8304] 0 pages cma reserved
[  553.863876][  T889] usb 3-1: new full-speed USB device number 14 using dummy_hcd
[  554.066944][  T889] usb 3-1: config 0 has an invalid interface number: 4 but max is 0
[  554.078093][  T889] usb 3-1: config 0 has an invalid descriptor of length 199, skipping remainder of the config
[  554.113664][  T889] usb 3-1: config 0 has no interface number 0
[  554.120447][  T889] usb 3-1: config 0 interface 4 altsetting 127 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  554.140631][  T889] usb 3-1: config 0 interface 4 has no altsetting 0
[  554.160174][  T889] usb 3-1: New USB device found, idVendor=0b05, idProduct=1a30, bcdDevice= 0.00
[  554.167072][   T30] audit: type=1400 audit(2000000042.460:390): avc:  denied  { read append } for  pid=8372 comm="syz.1.612" name="snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  554.172763][ T8265] Bluetooth: (null): Invalid header checksum
[  554.213661][  T889] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  554.294143][ T8265] Bluetooth: (null): Invalid header checksum
[  554.301661][   T30] audit: type=1400 audit(2000000042.460:391): avc:  denied  { open } for  pid=8372 comm="syz.1.612" path="/dev/snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  554.327311][ T8265] Bluetooth: (null): Invalid header checksum
[  554.344900][  T889] usb 3-1: config 0 descriptor??
[  554.361241][  T889] usbhid 3-1:0.4: couldn't find an input interrupt endpoint
[  554.912106][ T5938] usb 1-1: USB disconnect, device number 12
[  555.207969][ T8391] ptrace attach of "./syz-executor exec"[5849] was attempted by "                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              
[  555.930583][   T30] audit: type=1400 audit(2000000044.230:392): avc:  denied  { create } for  pid=8397 comm="syz.0.617" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  556.620976][ T5855] Bluetooth: hci0: command 0x0406 tx timeout
[  556.652942][   T30] audit: type=1400 audit(2000000044.560:393): avc:  denied  { bind } for  pid=8397 comm="syz.0.617" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  556.676038][ T8374] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  556.688778][   T30] audit: type=1400 audit(2000000044.560:394): avc:  denied  { name_bind } for  pid=8397 comm="syz.0.617" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=icmp_socket permissive=1
[  556.711495][   T30] audit: type=1400 audit(2000000044.560:395): avc:  denied  { node_bind } for  pid=8397 comm="syz.0.617" saddr=fe80::23 src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=icmp_socket permissive=1
[  556.737466][   T30] audit: type=1400 audit(2000000044.570:396): avc:  denied  { create } for  pid=8397 comm="syz.0.617" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1
[  556.758294][   T30] audit: type=1400 audit(2000000044.610:397): avc:  denied  { sys_admin } for  pid=8397 comm="syz.0.617" capability=21  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1
[  556.880420][ T8403] FAULT_INJECTION: forcing a failure.
[  556.880420][ T8403] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  556.895908][ T8403] CPU: 0 UID: 0 PID: 8403 Comm: syz.0.618 Not tainted syzkaller #0 PREEMPT(full) 
[  556.895932][ T8403] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  556.895942][ T8403] Call Trace:
[  556.895949][ T8403]  <TASK>
[  556.895956][ T8403]  dump_stack_lvl+0x16c/0x1f0
[  556.895981][ T8403]  should_fail_ex+0x512/0x640
[  556.896007][ T8403]  _copy_from_iter+0x29f/0x1720
[  556.896034][ T8403]  ? __alloc_skb+0x200/0x380
[  556.896054][ T8403]  ? __pfx__copy_from_iter+0x10/0x10
[  556.896076][ T8403]  ? netlink_autobind.isra.0+0x158/0x370
[  556.896110][ T8403]  netlink_sendmsg+0x820/0xdd0
[  556.896137][ T8403]  ? __pfx_netlink_sendmsg+0x10/0x10
[  556.896170][ T8403]  ____sys_sendmsg+0xa98/0xc70
[  556.896196][ T8403]  ? copy_msghdr_from_user+0x10a/0x160
[  556.896216][ T8403]  ? __pfx_____sys_sendmsg+0x10/0x10
[  556.896253][ T8403]  ___sys_sendmsg+0x134/0x1d0
[  556.896275][ T8403]  ? __pfx____sys_sendmsg+0x10/0x10
[  556.896293][ T8403]  ? __lock_acquire+0x622/0x1c90
[  556.896349][ T8403]  __sys_sendmsg+0x16d/0x220
[  556.896370][ T8403]  ? __pfx___sys_sendmsg+0x10/0x10
[  556.896409][ T8403]  do_syscall_64+0xcd/0xfa0
[  556.896431][ T8403]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  556.896449][ T8403] RIP: 0033:0x7fdba1b8eec9
[  556.896463][ T8403] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  556.896480][ T8403] RSP: 002b:00007fdba29be038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  556.896498][ T8403] RAX: ffffffffffffffda RBX: 00007fdba1de5fa0 RCX: 00007fdba1b8eec9
[  556.896509][ T8403] RDX: 0000000000000000 RSI: 0000200000001380 RDI: 0000000000000003
[  556.896520][ T8403] RBP: 00007fdba29be090 R08: 0000000000000000 R09: 0000000000000000
[  556.896530][ T8403] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  556.896540][ T8403] R13: 00007fdba1de6038 R14: 00007fdba1de5fa0 R15: 00007ffebaf53018
[  556.896566][ T8403]  </TASK>
[  557.119881][ T8374] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  557.132312][ T8374] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  557.138337][ T8374] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  557.146472][ T8374] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  557.152411][ T8374] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  557.160954][ T8374] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  557.167194][ T8374] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  557.177306][ T8374] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  557.183363][ T8374] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  557.243010][ T5938] usb 3-1: USB disconnect, device number 14
[  558.143776][   T10] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  558.323645][   T10] usb 2-1: Using ep0 maxpacket: 16
[  558.335511][   T10] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  558.367343][   T10] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  558.400571][   T10] usb 2-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  558.438253][   T43] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  558.546077][ T8423] netlink: 8 bytes leftover after parsing attributes in process `syz.0.624'.
[  558.578691][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  558.642096][   T43] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  558.748949][   T43] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  558.749473][ T5855] Bluetooth: hci0: command 0x0406 tx timeout
[  558.769911][   T10] usb 2-1: config 0 descriptor??
[  558.787361][   T43] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  558.807750][ T8425] netlink: 12 bytes leftover after parsing attributes in process `syz.4.626'.
[  558.808670][   T10] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[  558.869679][   T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  558.901484][   T43] usb 4-1: SerialNumber: syz
[  558.951023][ T8426] netlink: 24 bytes leftover after parsing attributes in process `syz.2.625'.
[  559.006950][   T30] audit: type=1400 audit(2000000047.310:398): avc:  denied  { read write } for  pid=8430 comm="syz.0.628" dev="sockfs" ino=23400 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  559.138232][ T8432] netlink: 4 bytes leftover after parsing attributes in process `syz.0.628'.
[  559.244877][ T5855] Bluetooth: hci2: command 0x0406 tx timeout
[  559.252181][ T5855] Bluetooth: hci1: command 0x0406 tx timeout
[  559.384036][ T5855] Bluetooth: hci4: command 0x0406 tx timeout
[  559.384046][ T5870] Bluetooth: hci3: command 0x0406 tx timeout
[  559.435522][   T43] usb 4-1: 0:2 : does not exist
[  559.594946][   T43] usb 4-1: USB disconnect, device number 14
[  559.626952][ T5938] usb 2-1: USB disconnect, device number 16
[  559.689908][ T6853] udevd[6853]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  560.107187][ T8448] 9pnet_fd: Insufficient options for proto=fd
[  560.208870][   T30] audit: type=1400 audit(2000000048.400:399): avc:  denied  { mounton } for  pid=8441 comm="syz.0.630" path="/134/file0" dev="tmpfs" ino=728 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=fifo_file permissive=1
[  560.490106][ T8266] Bluetooth: (null): Invalid header checksum
[  560.580068][ T8266] Bluetooth: (null): Invalid header checksum
[  561.294089][ T5870] Bluetooth: hci2: command 0x0406 tx timeout
[  561.303698][ T5870] Bluetooth: hci1: command 0x0406 tx timeout
[  561.552562][ T5855] Bluetooth: hci4: command 0x0406 tx timeout
[  561.552562][ T5870] Bluetooth: hci3: command 0x0406 tx timeout
[  561.803637][   T43] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  562.285322][ T8468] FAULT_INJECTION: forcing a failure.
[  562.285322][ T8468] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  562.298422][ T8468] CPU: 1 UID: 0 PID: 8468 Comm: syz.1.636 Not tainted syzkaller #0 PREEMPT(full) 
[  562.298443][ T8468] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  562.298454][ T8468] Call Trace:
[  562.298460][ T8468]  <TASK>
[  562.298466][ T8468]  dump_stack_lvl+0x16c/0x1f0
[  562.298491][ T8468]  should_fail_ex+0x512/0x640
[  562.298517][ T8468]  _copy_from_user+0x2e/0xd0
[  562.298541][ T8468]  copy_msghdr_from_user+0x98/0x160
[  562.298562][ T8468]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  562.298588][ T8468]  ? __pfx__kstrtoull+0x10/0x10
[  562.298625][ T8468]  ___sys_sendmsg+0xfe/0x1d0
[  562.298647][ T8468]  ? __pfx____sys_sendmsg+0x10/0x10
[  562.298679][ T8468]  ? find_held_lock+0x2b/0x80
[  562.298713][ T8468]  __sys_sendmmsg+0x200/0x420
[  562.298737][ T8468]  ? __pfx___sys_sendmmsg+0x10/0x10
[  562.298766][ T8468]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  562.298800][ T8468]  ? fput+0x9b/0xd0
[  562.298816][ T8468]  ? ksys_write+0x1ac/0x250
[  562.298837][ T8468]  ? __pfx_ksys_write+0x10/0x10
[  562.298863][ T8468]  __x64_sys_sendmmsg+0x9c/0x100
[  562.298882][ T8468]  ? lockdep_hardirqs_on+0x7c/0x110
[  562.298903][ T8468]  do_syscall_64+0xcd/0xfa0
[  562.298925][ T8468]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  562.298942][ T8468] RIP: 0033:0x7fa40958eec9
[  562.298956][ T8468] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  562.298974][ T8468] RSP: 002b:00007fa4077f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  562.298992][ T8468] RAX: ffffffffffffffda RBX: 00007fa4097e6180 RCX: 00007fa40958eec9
[  562.299003][ T8468] RDX: 0000000000000001 RSI: 00002000000032c0 RDI: 0000000000000005
[  562.299013][ T8468] RBP: 00007fa4077f6090 R08: 0000000000000000 R09: 0000000000000000
[  562.299024][ T8468] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  562.299034][ T8468] R13: 00007fa4097e6218 R14: 00007fa4097e6180 R15: 00007ffeb70f8d58
[  562.299059][ T8468]  </TASK>
[  562.527784][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  562.545277][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  562.753723][ T5938] usb 4-1: new full-speed USB device number 15 using dummy_hcd
[  562.777634][   T30] audit: type=1400 audit(2000000051.040:400): avc:  denied  { read } for  pid=8469 comm="syz.0.637" name="nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  562.889491][   T30] audit: type=1400 audit(2000000051.040:401): avc:  denied  { open } for  pid=8469 comm="syz.0.637" path="/dev/nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  563.059793][ T5938] usb 4-1: config 0 has an invalid interface number: 4 but max is 0
[  563.088446][ T5938] usb 4-1: config 0 has an invalid descriptor of length 199, skipping remainder of the config
[  563.106781][   T30] audit: type=1400 audit(2000000051.110:402): avc:  denied  { ioctl } for  pid=8469 comm="syz.0.637" path="/dev/nvram" dev="devtmpfs" ino=623 ioctlcmd=0x7040 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  563.128640][ T5938] usb 4-1: config 0 has no interface number 0
[  563.149623][ T8474] netlink: 12 bytes leftover after parsing attributes in process `syz.0.639'.
[  563.169384][ T5938] usb 4-1: config 0 interface 4 altsetting 127 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  563.194888][ T5938] usb 4-1: config 0 interface 4 has no altsetting 0
[  563.208199][ T5938] usb 4-1: New USB device found, idVendor=0b05, idProduct=1a30, bcdDevice= 0.00
[  563.213627][   T43] usb 5-1: Using ep0 maxpacket: 8
[  563.217689][ T5938] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  563.233390][   T43] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  563.244235][   T43] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  563.251226][ T5938] usb 4-1: config 0 descriptor??
[  563.254207][   T43] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  563.272622][   T43] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  563.293001][   T43] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  563.295670][ T5938] usbhid 4-1:0.4: couldn't find an input interrupt endpoint
[  564.269564][   T43] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  564.304026][   T43] usb 5-1: can't set config #16, error -71
[  564.739424][   T43] usb 5-1: USB disconnect, device number 7
[  565.147862][ T6395] Bluetooth: (null): Invalid header checksum
[  565.160843][ T6395] Bluetooth: (null): Invalid header checksum
[  565.422175][ T8505] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  565.675195][ T8504] netlink: 24 bytes leftover after parsing attributes in process `syz.0.644'.
[  565.688713][ T8513] netlink: 'syz.2.650': attribute type 4 has an invalid length.
[  566.087201][ T8517] netlink: 12 bytes leftover after parsing attributes in process `syz.2.651'.
[  566.431080][ T8520] 9pnet_fd: Insufficient options for proto=fd
[  566.509929][   T10] usb 4-1: USB disconnect, device number 15
[  566.594675][ T8524] netlink: 'syz.2.653': attribute type 1 has an invalid length.
[  566.602577][   T30] audit: type=1400 audit(2000000054.890:403): avc:  denied  { create } for  pid=8523 comm="syz.2.653" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[  566.760971][ T8529] genirq: Flags mismatch irq 7. 00200080 (ttyS3) vs. 00200000 (das16m1)
[  567.022265][ T8524] 8021q: adding VLAN 0 to HW filter on device bond1
[  567.792134][   T30] audit: type=1400 audit(2000000056.070:404): avc:  denied  { write } for  pid=8523 comm="syz.2.653" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[  568.252256][ T8265] Bluetooth: (null): Invalid header checksum
[  568.267110][ T8265] Bluetooth: (null): Invalid header checksum
[  568.323734][ T8265] Bluetooth: (null): Invalid header checksum
[  568.340193][ T8550] netlink: 60 bytes leftover after parsing attributes in process `syz.3.661'.
[  568.783741][  T979] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  569.013666][  T979] usb 1-1: Using ep0 maxpacket: 32
[  569.071812][  T979] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  569.754737][  T979] usb 1-1: New USB device found, idVendor=06f8, idProduct=301b, bcdDevice=bb.39
[  570.019778][  T979] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  570.060970][  T979] usb 1-1: Product: syz
[  570.088535][  T979] usb 1-1: Manufacturer: syz
[  570.093158][  T979] usb 1-1: SerialNumber: syz
[  570.124598][  T979] usb 1-1: config 0 descriptor??
[  570.154387][  T979] gspca_main: gspca_pac7302-2.14.0 probing 06f8:301b
[  570.215329][ T8573] genirq: Flags mismatch irq 7. 00200080 (ttyS3) vs. 00200000 (das16m1)
[  570.274278][   T30] audit: type=1400 audit(2000000058.570:405): avc:  denied  { ioctl } for  pid=8567 comm="syz.4.666" path="socket:[24603]" dev="sockfs" ino=24603 ioctlcmd=0x89a0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  570.313729][   T30] audit: type=1400 audit(2000000058.570:406): avc:  denied  { mount } for  pid=8567 comm="syz.4.666" name="/" dev="autofs" ino=24605 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1
[  570.510599][   T30] audit: type=1400 audit(2000000058.800:407): avc:  denied  { mounton } for  pid=8567 comm="syz.4.666" path="/124/file1" dev="autofs" ino=24605 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=dir permissive=1
[  570.698591][ T8580] netlink: 44 bytes leftover after parsing attributes in process `syz.0.662'.
[  570.923836][  T979] gspca_pac7302: reg_w() failed i: 78 v: 00 error -110
[  571.748402][  T979] gspca_pac7302 1-1:0.0: probe with driver gspca_pac7302 failed with error -110
[  571.848354][  T979] usb 1-1: USB disconnect, device number 13
[  573.646334][   T30] audit: type=1400 audit(2000000061.950:408): avc:  denied  { unmount } for  pid=5851 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  573.788668][   T30] audit: type=1400 audit(2000000061.980:409): avc:  denied  { unmount } for  pid=5851 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1
[  573.806331][ T8594] netlink: 24 bytes leftover after parsing attributes in process `syz.3.671'.
[  573.901919][  T889] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  574.463668][   T43] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  574.483624][  T889] usb 1-1: Using ep0 maxpacket: 32
[  574.490043][  T889] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  574.541040][  T889] usb 1-1: New USB device found, idVendor=06f8, idProduct=301b, bcdDevice=bb.39
[  574.550895][  T889] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  574.561266][  T889] usb 1-1: Product: syz
[  574.568555][  T889] usb 1-1: Manufacturer: syz
[  574.586065][  T889] usb 1-1: SerialNumber: syz
[  574.625275][  T889] usb 1-1: config 0 descriptor??
[  574.631490][   T43] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  574.701162][  T889] gspca_main: gspca_pac7302-2.14.0 probing 06f8:301b
[  574.710136][   T43] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  574.748457][   T43] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  574.895776][   T43] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  574.904378][   T43] usb 2-1: SerialNumber: syz
[  575.018223][   T30] audit: type=1400 audit(2000000063.310:410): avc:  denied  { mounton } for  pid=8612 comm="syz.2.678" path="/dev/binderfs" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  575.124350][ T5938] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  575.343709][ T5938] usb 5-1: Using ep0 maxpacket: 16
[  575.349098][   T43] usb 2-1: 0:2 : does not exist
[  575.373844][  T889] gspca_pac7302: reg_w() failed i: 78 v: 00 error -110
[  575.375280][ T5938] usb 5-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  575.408928][  T889] gspca_pac7302 1-1:0.0: probe with driver gspca_pac7302 failed with error -110
[  575.452340][ T8617] netlink: 44 bytes leftover after parsing attributes in process `syz.0.674'.
[  575.494772][   T43] usb 2-1: USB disconnect, device number 17
[  576.025608][   T30] audit: type=1400 audit(2000000064.320:411): avc:  denied  { write } for  pid=8618 comm="syz.3.680" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  576.048852][ T6231] udevd[6231]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  576.862782][ T8624] netlink: 'syz.3.682': attribute type 2 has an invalid length.
[  576.870605][ T5938] usb 5-1: config 0 interface 0 has no altsetting 0
[  576.870643][ T5938] usb 5-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00
[  576.886635][ T5938] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  576.903089][ T5938] usb 5-1: config 0 descriptor??
[  577.256880][   T30] audit: type=1400 audit(2000000065.450:412): avc:  denied  { remount } for  pid=8628 comm="syz.1.684" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  577.510716][ T5938] nzxt-smart2 0003:1E71:2009.0005: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.4-1/input0
[  577.589957][ T5857] usb 1-1: USB disconnect, device number 14
[  577.665321][   T30] audit: type=1400 audit(2000000065.970:413): avc:  denied  { execute } for  pid=8609 comm="syz.4.677" path="/126/cpu.stat" dev="tmpfs" ino=710 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  577.693548][ T8634] usb usb8: usbfs: process 8634 (syz.0.685) did not claim interface 4 before use
[  577.722133][   T30] audit: type=1400 audit(2000000066.000:414): avc:  denied  { connect } for  pid=8633 comm="syz.0.685" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  577.743977][ T8636] input: syz0 as /devices/virtual/input/input8
[  578.782829][ T5870] Bluetooth: hci4: ACL packet for unknown connection handle 201
[  578.790629][ T5870] Bluetooth: hci4: ACL packet for unknown connection handle 200
[  578.967244][   T30] audit: type=1400 audit(2000000067.270:415): avc:  denied  { write } for  pid=8657 comm="syz.3.692" name="mouse0" dev="devtmpfs" ino=990 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  579.350214][   T30] audit: type=1400 audit(2000000067.420:416): avc:  denied  { ioctl } for  pid=8657 comm="syz.3.692" path="/dev/input/mouse0" dev="devtmpfs" ino=990 ioctlcmd=0x54d2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  579.747920][   T43] usb 5-1: USB disconnect, device number 8
[  580.079557][ T8675] netlink: 4 bytes leftover after parsing attributes in process `syz.3.696'.
[  580.093918][  T889] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  580.230776][ T8677] netlink: 12 bytes leftover after parsing attributes in process `syz.1.697'.
[  580.297041][  T889] usb 3-1: config 0 has no interfaces?
[  580.423468][  T889] usb 3-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  580.493776][  T889] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  580.523640][  T889] usb 3-1: Product: syz
[  580.537729][  T889] usb 3-1: Manufacturer: syz
[  580.543442][  T889] usb 3-1: SerialNumber: syz
[  580.597536][  T889] usb 3-1: config 0 descriptor??
[  580.684455][ T8652] kvm: pic: non byte write
[  580.903159][ T8690] netlink: 4 bytes leftover after parsing attributes in process `syz.4.700'.
[  581.278545][ T8695] netlink: 4 bytes leftover after parsing attributes in process `syz.1.701'.
[  582.630867][ T5938] usb 3-1: USB disconnect, device number 15
[  583.279392][ T8723] netlink: 168 bytes leftover after parsing attributes in process `syz.3.710'.
[  583.964091][   T30] audit: type=1400 audit(2000000072.260:417): avc:  denied  { bind } for  pid=8726 comm="syz.4.711" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  584.502518][ T8754] netlink: 28 bytes leftover after parsing attributes in process `syz.3.717'.
[  584.542173][ T8754] netlink: 16 bytes leftover after parsing attributes in process `syz.3.717'.
[  584.566040][ T8760] smc: net device ip6tnl0 applied user defined pnetid SYZ2
[  584.903684][   T10] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  584.923690][ T5938] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  585.068861][ T8774] netlink: 24 bytes leftover after parsing attributes in process `syz.3.719'.
[  585.094009][   T10] usb 2-1: Using ep0 maxpacket: 16
[  585.104060][ T5938] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  585.543688][   T10] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 8
[  585.570224][ T5938] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  585.678505][   T10] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00
[  585.687932][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  585.697366][ T5938] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  585.708173][   T10] usb 2-1: Product: syz
[  585.712730][   T10] usb 2-1: Manufacturer: syz
[  585.717391][ T5938] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  585.726253][   T10] usb 2-1: SerialNumber: syz
[  585.743681][ T5938] usb 3-1: SerialNumber: syz
[  585.755432][   T10] usb 2-1: config 0 descriptor??
[  585.839092][   T10] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected
[  585.879514][   T10] usb 2-1: Detected FT232R
[  586.033477][   T10] ftdi_sio ttyUSB0: Unable to read latency timer: -32
[  586.074056][ T5938] usb 3-1: 0:2 : does not exist
[  586.133981][ T5938] usb 3-1: unit 5 not found!
[  586.150961][ T5938] usb 3-1: USB disconnect, device number 16
[  586.209481][ T6231] udevd[6231]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  586.317449][   T10] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  586.900792][   T30] audit: type=1400 audit(2000000075.190:418): avc:  denied  { create } for  pid=8755 comm="syz.1.715" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  587.951634][   T10] usb 2-1: USB disconnect, device number 18
[  587.978819][   T10] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  588.034112][   T10] ftdi_sio 2-1:0.0: device disconnected
[  588.683619][  T889] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  588.709943][ T8820] trusted_key: encrypted_key: master key parameter '
[  588.709943][ T8820] ' is invalid
[  588.861560][  T889] usb 5-1: config 54 has an invalid descriptor of length 0, skipping remainder of the config
[  588.934244][ T8829] netlink: 4 bytes leftover after parsing attributes in process `syz.1.736'.
[  588.948025][  T889] usb 5-1: New USB device found, idVendor=15f4, idProduct=0015, bcdDevice=d1.6e
[  588.964799][  T889] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  589.020984][  T889] usb 5-1: Product: syz
[  589.026899][  T889] usb 5-1: Manufacturer: syz
[  589.089239][  T889] usb 5-1: SerialNumber: syz
[  589.273963][   T43] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  589.329263][  T889] dvb-usb: found a 'Hanftek UMT-010 DVB-T USB2.0' in warm state.
[  589.392022][  T889] dvb-usb: bulk message failed: -22 (3/0)
[  589.441880][  T889] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  589.483789][   T43] usb 3-1: Using ep0 maxpacket: 8
[  589.503117][   T43] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  589.513101][   T43] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  589.577769][ T8812] net_ratelimit: 163 callbacks suppressed
[  589.577785][ T8812] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  589.679263][  T889] dvbdev: DVB: registering new adapter (Hanftek UMT-010 DVB-T USB2.0)
[  589.691245][   T43] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  589.701951][  T889] usb 5-1: media controller created
[  589.712368][   T43] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  589.737013][  T889] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  589.762897][   T43] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  589.788208][   T43] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  589.872548][  T889] DVB: Unable to find symbol mt352_attach()
[  589.899466][  T889] dvb-usb: no frontend was attached by 'Hanftek UMT-010 DVB-T USB2.0'
[  589.941453][  T889] dvb-usb: bulk message failed: -22 (3/0)
[  589.983602][  T889] dvb-usb: Hanftek UMT-010 DVB-T USB2.0 successfully initialized and connected.
[  590.010043][  T889] usb 5-1: USB disconnect, device number 9
[  590.173990][   T43] usb 3-1: GET_CAPABILITIES returned 0
[  590.205262][   T43] usbtmc 3-1:16.0: can't read capabilities
[  590.349585][  T889] dvb-usb: Hanftek UMT-010 DVB-T USB2.0 successfully deinitialized and disconnected.
[  590.363942][   T43] usb 3-1: USB disconnect, device number 17
[  591.082412][   T30] audit: type=1400 audit(2000000079.380:419): avc:  denied  { bind } for  pid=8859 comm="syz.1.746" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  591.123528][   T30] audit: type=1400 audit(2000000079.410:420): avc:  denied  { name_bind } for  pid=8859 comm="syz.1.746" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1
[  591.146656][ T8860] netlink: 80 bytes leftover after parsing attributes in process `syz.1.746'.
[  591.148016][   T30] audit: type=1400 audit(2000000079.410:421): avc:  denied  { node_bind } for  pid=8859 comm="syz.1.746" saddr=ff02::1 src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1
[  591.545218][ T8869] FAULT_INJECTION: forcing a failure.
[  591.545218][ T8869] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  591.558364][ T8869] CPU: 1 UID: 0 PID: 8869 Comm: syz.2.748 Not tainted syzkaller #0 PREEMPT(full) 
[  591.558386][ T8869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  591.558396][ T8869] Call Trace:
[  591.558402][ T8869]  <TASK>
[  591.558410][ T8869]  dump_stack_lvl+0x16c/0x1f0
[  591.558434][ T8869]  should_fail_ex+0x512/0x640
[  591.558459][ T8869]  _copy_from_user+0x2e/0xd0
[  591.558482][ T8869]  ____sys_sendmsg+0x607/0xc70
[  591.558511][ T8869]  ? __pfx_____sys_sendmsg+0x10/0x10
[  591.558542][ T8869]  ? find_lowest_rq+0x17c/0x710
[  591.558567][ T8869]  ___sys_sendmsg+0x134/0x1d0
[  591.558584][ T8869]  ? find_lock_lowest_rq+0x4d/0x760
[  591.558610][ T8869]  ? __pfx____sys_sendmsg+0x10/0x10
[  591.558628][ T8869]  ? __lock_acquire+0x622/0x1c90
[  591.558688][ T8869]  __sys_sendmsg+0x16d/0x220
[  591.558708][ T8869]  ? __pfx___sys_sendmsg+0x10/0x10
[  591.558746][ T8869]  do_syscall_64+0xcd/0xfa0
[  591.558768][ T8869]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  591.558786][ T8869] RIP: 0033:0x7f00fdb8eec9
[  591.558799][ T8869] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  591.558816][ T8869] RSP: 002b:00007f00fbdf6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  591.558834][ T8869] RAX: ffffffffffffffda RBX: 00007f00fdde6180 RCX: 00007f00fdb8eec9
[  591.558845][ T8869] RDX: 0000000004004814 RSI: 0000200000000600 RDI: 0000000000000007
[  591.558856][ T8869] RBP: 00007f00fbdf6090 R08: 0000000000000000 R09: 0000000000000000
[  591.558866][ T8869] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  591.558876][ T8869] R13: 00007f00fdde6218 R14: 00007f00fdde6180 R15: 00007fff4b6c5ea8
[  591.558901][ T8869]  </TASK>
[  592.664551][   T30] audit: type=1400 audit(2000000080.390:422): avc:  denied  { module_request } for  pid=8871 comm="syz.0.750" kmod="netdev-syztnl0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  593.008327][ T8884] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method
[  593.369355][ T8897] netlink: 24 bytes leftover after parsing attributes in process `syz.1.754'.
[  594.620920][ T8917] process 'syz.2.763' launched './file1' with NULL argv: empty string added
[  594.751097][   T30] audit: type=1400 audit(2000000083.050:423): avc:  denied  { execute_no_trans } for  pid=8911 comm="syz.2.763" path="/169/file1" dev="tmpfs" ino=904 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  594.888673][ T8916] genirq: Flags mismatch irq 7. 00200080 (ttyS3) vs. 00200000 (das16m1)
[  595.847220][   T30] audit: type=1400 audit(2000000084.150:424): avc:  denied  { write } for  pid=8911 comm="syz.2.763" name="card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  596.984341][   T10] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  597.784737][   T10] usb 3-1: device descriptor read/64, error -71
[  598.084591][   T10] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  598.344219][   T10] usb 3-1: device descriptor read/64, error -71
[  598.951958][   T10] usb usb3-port1: attempt power cycle
[  599.204893][ T8934] kvm: pic: non byte write
[  599.370062][   T10] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  599.505675][   T10] usb 3-1: device descriptor read/8, error -71
[  599.786602][   T10] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  599.834433][   T10] usb 3-1: device descriptor read/8, error -71
[  599.913801][ T5917] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  599.976857][   T10] usb usb3-port1: unable to enumerate USB device
[  600.113658][ T5917] usb 5-1: Using ep0 maxpacket: 32
[  600.122633][ T5917] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  600.141678][ T5917] usb 5-1: New USB device found, idVendor=06f8, idProduct=301b, bcdDevice=bb.39
[  600.163604][ T5917] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  600.174987][ T5917] usb 5-1: Product: syz
[  600.179199][ T5917] usb 5-1: Manufacturer: syz
[  600.185201][ T5917] usb 5-1: SerialNumber: syz
[  600.503729][   T43] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  600.662984][ T5917] usb 5-1: config 0 descriptor??
[  600.678595][ T5917] gspca_main: gspca_pac7302-2.14.0 probing 06f8:301b
[  600.825825][   T43] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  600.903982][   T43] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  600.925640][   T43] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  600.935305][   T43] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  600.946226][   T43] usb 1-1: SerialNumber: syz
[  601.768062][ T5917] gspca_pac7302: reg_w() failed i: 78 v: 00 error -110
[  601.796650][ T5917] gspca_pac7302 5-1:0.0: probe with driver gspca_pac7302 failed with error -110
[  602.443160][ T8992] netlink: 60 bytes leftover after parsing attributes in process `syz.4.777'.
[  603.054404][   T43] usb 1-1: 0:2 : does not exist
[  603.397485][   T43] usb 1-1: unit 5 not found!
[  603.417809][   T43] usb 1-1: USB disconnect, device number 15
[  603.432367][ T8995] netlink: 'syz.1.787': attribute type 10 has an invalid length.
[  603.479121][ T6231] udevd[6231]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  603.522338][ T8995] team0: Device ipvlan1 failed to register rx_handler
[  603.557617][ T5930] usb 5-1: USB disconnect, device number 10
[  604.915388][ T9017] FAULT_INJECTION: forcing a failure.
[  604.915388][ T9017] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  604.928496][ T9017] CPU: 1 UID: 0 PID: 9017 Comm: syz.4.792 Not tainted syzkaller #0 PREEMPT(full) 
[  604.928519][ T9017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  604.928530][ T9017] Call Trace:
[  604.928536][ T9017]  <TASK>
[  604.928543][ T9017]  dump_stack_lvl+0x16c/0x1f0
[  604.928569][ T9017]  should_fail_ex+0x512/0x640
[  604.928594][ T9017]  _copy_from_user+0x2e/0xd0
[  604.928617][ T9017]  ____sys_sendmsg+0x607/0xc70
[  604.928646][ T9017]  ? __pfx_____sys_sendmsg+0x10/0x10
[  604.928684][ T9017]  ___sys_sendmsg+0x134/0x1d0
[  604.928706][ T9017]  ? __pfx____sys_sendmsg+0x10/0x10
[  604.928724][ T9017]  ? __lock_acquire+0x622/0x1c90
[  604.928779][ T9017]  __sys_sendmsg+0x16d/0x220
[  604.928800][ T9017]  ? __pfx___sys_sendmsg+0x10/0x10
[  604.928838][ T9017]  do_syscall_64+0xcd/0xfa0
[  604.928860][ T9017]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  604.928878][ T9017] RIP: 0033:0x7f5c5cd8eec9
[  604.928892][ T9017] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  604.928910][ T9017] RSP: 002b:00007f5c5db47038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  604.928926][ T9017] RAX: ffffffffffffffda RBX: 00007f5c5cfe6180 RCX: 00007f5c5cd8eec9
[  604.928938][ T9017] RDX: 0000000004004814 RSI: 0000200000000600 RDI: 0000000000000008
[  604.928948][ T9017] RBP: 00007f5c5db47090 R08: 0000000000000000 R09: 0000000000000000
[  604.928958][ T9017] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  604.928968][ T9017] R13: 00007f5c5cfe6218 R14: 00007f5c5cfe6180 R15: 00007ffd69cd7df8
[  604.928993][ T9017]  </TASK>
[  604.929693][   T43] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  605.443090][   T43] usb 3-1: New USB device found, idVendor=04a5, idProduct=3035, bcdDevice= d.df
[  605.484522][   T43] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  605.614607][   T43] usb 3-1: config 0 descriptor??
[  605.673970][   T43] gspca_main: benq-2.14.0 probing 04a5:3035
[  606.193045][   T30] audit: type=1400 audit(2000000094.360:425): avc:  denied  { read } for  pid=9027 comm="syz.1.793" name="autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  606.235123][   T30] audit: type=1400 audit(2000000094.360:426): avc:  denied  { open } for  pid=9027 comm="syz.1.793" path="/dev/autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  606.532514][   T30] audit: type=1400 audit(2000000094.360:427): avc:  denied  { ioctl } for  pid=9027 comm="syz.1.793" path="/dev/autofs" dev="devtmpfs" ino=98 ioctlcmd=0x9375 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  606.634002][ T5930] usb 2-1: new full-speed USB device number 19 using dummy_hcd
[  606.713908][ T9030] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  606.854129][ T5930] usb 2-1: device descriptor read/64, error -71
[  607.227896][ T9047] netlink: 12 bytes leftover after parsing attributes in process `syz.0.798'.
[  607.237163][ T5930] usb 2-1: new full-speed USB device number 20 using dummy_hcd
[  607.384456][ T5930] usb 2-1: device descriptor read/64, error -71
[  607.724078][ T5930] usb usb2-port1: attempt power cycle
[  608.123970][ T5930] usb 2-1: new full-speed USB device number 21 using dummy_hcd
[  608.133785][   T43] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  608.144939][ T5930] usb 2-1: device descriptor read/8, error -71
[  608.274157][ T5970] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  608.305148][   T43] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  608.317022][   T43] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  608.327048][   T43] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  608.337329][   T43] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  608.345435][   T43] usb 1-1: SerialNumber: syz
[  608.384206][ T5930] usb 2-1: new full-speed USB device number 22 using dummy_hcd
[  608.404682][ T5930] usb 2-1: device descriptor read/8, error -71
[  608.424085][ T5970] usb 5-1: Using ep0 maxpacket: 8
[  608.430399][ T5970] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  608.440707][ T5970] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  608.450760][ T5970] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  608.460773][ T5970] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  608.474472][ T5970] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  608.483522][ T5970] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  608.514356][ T5930] usb usb2-port1: unable to enumerate USB device
[  608.562525][   T43] usb 1-1: 0:2 : does not exist
[  608.575622][   T43] usb 1-1: USB disconnect, device number 16
[  608.600598][ T6853] udevd[6853]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  608.713723][ T5970] usb 5-1: GET_CAPABILITIES returned 0
[  608.719504][ T5970] usbtmc 5-1:16.0: can't read capabilities
[  608.950104][   T43] usb 5-1: USB disconnect, device number 11
[  609.025443][ T5970] usb 3-1: USB disconnect, device number 22
[  609.272317][ T5857] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  609.463775][ T5857] usb 4-1: Using ep0 maxpacket: 32
[  609.496502][ T5857] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  609.537713][ T5857] usb 4-1: New USB device found, idVendor=06f8, idProduct=301b, bcdDevice=bb.39
[  609.548976][ T5857] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  609.557328][ T5857] usb 4-1: Product: syz
[  609.562102][ T5857] usb 4-1: Manufacturer: syz
[  609.579415][ T5857] usb 4-1: SerialNumber: syz
[  609.635245][ T5857] usb 4-1: config 0 descriptor??
[  609.683913][ T5857] gspca_main: gspca_pac7302-2.14.0 probing 06f8:301b
[  609.784102][   T43] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  609.983666][   T43] usb 1-1: Using ep0 maxpacket: 32
[  610.125481][   T43] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  610.694456][ T9080] netlink: 44 bytes leftover after parsing attributes in process `syz.3.804'.
[  610.800959][ T5857] gspca_pac7302: reg_w() failed i: 78 v: 00 error -110
[  611.740693][ T9087] netlink: 20 bytes leftover after parsing attributes in process `syz.2.810'.
[  611.832488][   T43] usb 1-1: New USB device found, idVendor=06f8, idProduct=301b, bcdDevice=bb.39
[  611.986398][ T5857] gspca_pac7302 4-1:0.0: probe with driver gspca_pac7302 failed with error -110
[  612.212137][   T43] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  612.232372][   T43] usb 1-1: Product: syz
[  612.239266][   T43] usb 1-1: Manufacturer: syz
[  612.245609][   T43] usb 1-1: SerialNumber: syz
[  612.255863][   T43] usb 1-1: config 0 descriptor??
[  612.267271][   T43] gspca_main: gspca_pac7302-2.14.0 probing 06f8:301b
[  612.439221][ T9096] netlink: 112 bytes leftover after parsing attributes in process `syz.2.812'.
[  612.444358][ T5930] usb 4-1: USB disconnect, device number 16
[  612.779361][   T43] gspca_pac7302: reg_w() failed i: ff v: 01 error -71
[  612.823637][   T43] gspca_pac7302 1-1:0.0: probe with driver gspca_pac7302 failed with error -71
[  612.939653][   T43] usb 1-1: USB disconnect, device number 17
[  612.974643][ T5938] usb 3-1: new full-speed USB device number 23 using dummy_hcd
[  613.436188][ T5970] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  613.760585][ T5938] usb 3-1: config index 0 descriptor too short (expected 156, got 27)
[  613.801297][ T5970] usb 2-1: Using ep0 maxpacket: 16
[  613.827225][ T5938] usb 3-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  613.854711][ T5970] usb 2-1: unable to get BOS descriptor or descriptor too short
[  613.871086][ T5938] usb 3-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 10
[  613.888822][ T5970] usb 2-1: unable to read config index 0 descriptor/start: -61
[  613.997920][ T5970] usb 2-1: can't read configurations, error -61
[  614.014188][ T5938] usb 3-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 255, setting to 64
[  614.034219][ T5938] usb 3-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  614.058383][ T5938] usb 3-1: config 0 interface 0 has no altsetting 0
[  614.074555][ T5938] usb 3-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  614.084519][ T5938] usb 3-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  614.092942][ T5938] usb 3-1: Product: syz
[  614.204201][ T5938] usb 3-1: Manufacturer: syz
[  614.219127][ T5938] usb 3-1: SerialNumber: syz
[  614.738812][ T5970] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[  614.767259][ T5938] usb 3-1: config 0 descriptor??
[  614.776125][ T9102] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  614.798365][ T5938] ldusb 3-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  614.837233][ T5938] ldusb 3-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  614.906629][ T9136] capability: warning: `syz.1.822' uses 32-bit capabilities (legacy support in use)
[  614.940242][   T30] audit: type=1400 audit(2000000103.240:428): avc:  denied  { mounton } for  pid=9135 comm="syz.1.822" path="/proc/564/task" dev="proc" ino=27758 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[  615.108719][ T5930] usb 1-1: new low-speed USB device number 18 using dummy_hcd
[  615.153652][   T43] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  615.342570][ T9092] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  615.364593][ T9092] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  615.385620][   T30] audit: type=1400 audit(2000000103.690:429): avc:  denied  { bind } for  pid=9091 comm="syz.2.812" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  615.415438][   T43] usb 5-1: Using ep0 maxpacket: 32
[  615.430735][   T43] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  615.446663][   T43] usb 5-1: New USB device found, idVendor=06f8, idProduct=301b, bcdDevice=bb.39
[  615.457541][   T43] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  615.474806][   T43] usb 5-1: Product: syz
[  615.483281][ T9147] genirq: Flags mismatch irq 7. 00200080 (ttyS3) vs. 00200000 (das16m1)
[  615.507237][   T43] usb 5-1: Manufacturer: syz
[  615.507666][ T5930] usb 1-1: config 0 has an invalid interface number: 55 but max is 0
[  615.520922][ T5930] usb 1-1: config 0 has no interface number 0
[  615.579949][ T5930] usb 1-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  615.597084][   T43] usb 5-1: SerialNumber: syz
[  615.601889][ T5930] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8
[  615.648815][   T43] usb 5-1: config 0 descriptor??
[  615.664917][   T43] gspca_main: gspca_pac7302-2.14.0 probing 06f8:301b
[  616.154813][ T5930] usb 1-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  616.192086][ T5930] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  616.277761][ T9151] netlink: 60 bytes leftover after parsing attributes in process `syz.4.820'.
[  616.339304][ T5930] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8
[  616.423920][   T43] gspca_pac7302: reg_w() failed i: 78 v: 00 error -110
[  616.447281][ T5930] usb 1-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  616.540497][ T5930] usb 1-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  616.565361][   T10] usb 3-1: USB disconnect, device number 23
[  616.572644][   T10] ldusb 3-1:0.0: LD USB Device #0 now disconnected
[  616.592317][ T5930] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  616.676010][ T5930] usb 1-1: config 0 descriptor??
[  616.708863][ T9134] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[  616.729617][ T9134] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[  616.855597][ T5930] ldusb 1-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  617.644040][ T5930] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  617.796577][   T43] gspca_pac7302 5-1:0.0: probe with driver gspca_pac7302 failed with error -110
[  617.819068][ T5930] usb 3-1: Using ep0 maxpacket: 32
[  617.837129][ T5930] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  617.936646][ T5970] usb 5-1: USB disconnect, device number 12
[  617.959482][ T5930] usb 3-1: New USB device found, idVendor=06f8, idProduct=301b, bcdDevice=bb.39
[  617.977506][ T5930] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  618.002967][ T5930] usb 3-1: Product: syz
[  618.009031][ T5930] usb 3-1: Manufacturer: syz
[  618.014842][ T5930] usb 3-1: SerialNumber: syz
[  618.030703][ T5930] usb 3-1: config 0 descriptor??
[  618.050151][ T5930] gspca_main: gspca_pac7302-2.14.0 probing 06f8:301b
[  618.815293][ T5930] gspca_pac7302: reg_w() failed i: 78 v: 00 error -110
[  618.843427][ T5930] gspca_pac7302 3-1:0.0: probe with driver gspca_pac7302 failed with error -110
[  618.884823][ T5857] usb 1-1: USB disconnect, device number 18
[  619.207061][ T5970] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  619.252978][ T5857] ldusb 1-1:0.55: LD USB Device #0 now disconnected
[  619.984217][ T5970] usb 4-1: Using ep0 maxpacket: 16
[  620.111304][ T9166] netlink: 44 bytes leftover after parsing attributes in process `syz.2.826'.
[  620.356206][ T5970] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  620.472505][ T5970] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  620.558819][ T5970] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  620.616138][ T5970] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  620.658508][ T5970] usb 4-1: Product: syz
[  620.673457][ T5970] usb 4-1: Manufacturer: syz
[  620.682234][ T5970] usb 4-1: SerialNumber: syz
[  620.691456][ T9171] genirq: Flags mismatch irq 7. 00200080 (ttyS3) vs. 00200000 (das16m1)
[  620.696341][ T9179] netlink: 12 bytes leftover after parsing attributes in process `syz.1.833'.
[  620.721132][ T5970] usb 4-1: config 0 descriptor??
[  620.759504][ T5970] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  620.793349][ T5970] em28xx 4-1:0.0: Audio interface 0 found (Vendor Class)
[  620.844541][  T979] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  621.004051][  T979] usb 5-1: Using ep0 maxpacket: 32
[  621.039622][  T979] usb 5-1: config 0 has an invalid interface number: 244 but max is 0
[  621.119900][  T979] usb 5-1: config 0 has no interface number 0
[  621.185943][  T979] usb 5-1: config 0 interface 244 has no altsetting 0
[  621.268654][  T979] usb 5-1: New USB device found, idVendor=0e41, idProduct=4750, bcdDevice=26.9c
[  621.311296][  T979] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  621.339571][ T5930] usb 3-1: USB disconnect, device number 24
[  621.353435][ T5970] em28xx 4-1:0.0: unknown em28xx chip ID (0)
[  621.420934][  T979] usb 5-1: Product: syz
[  621.437721][ T5970] em28xx 4-1:0.0: Config register raw data: 0xfffffffb
[  621.477886][  T979] usb 5-1: Manufacturer: syz
[  621.489881][  T979] usb 5-1: SerialNumber: syz
[  621.517842][  T979] usb 5-1: config 0 descriptor??
[  621.562227][  T979] snd_usb_toneport 5-1:0.244: Line 6 GuitarPort found
[  621.665682][ T9190] F2FS-fs (loop5): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  621.674359][ T9190] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  621.684605][ T9190] F2FS-fs (loop5): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  621.692396][ T9190] F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock
[  621.705477][ T5970] em28xx 4-1:0.0: AC97 chip type couldn't be determined
[  621.718829][ T5970] em28xx 4-1:0.0: No AC97 audio processor
[  621.742381][ T9193] netlink: 24 bytes leftover after parsing attributes in process `syz.2.837'.
[  621.805051][ T5970] usb 4-1: USB disconnect, device number 17
[  621.829129][ T5970] em28xx 4-1:0.0: Disconnecting em28xx
[  621.854397][ T5970] em28xx 4-1:0.0: Freeing device
[  622.053703][ T5857] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  622.344509][ T5857] usb 1-1: Using ep0 maxpacket: 32
[  622.351058][ T5857] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  622.364064][ T5857] usb 1-1: New USB device found, idVendor=06f8, idProduct=301b, bcdDevice=bb.39
[  622.376964][ T5857] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  622.454248][ T5930] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[  622.514539][ T5857] usb 1-1: Product: syz
[  622.518769][ T5857] usb 1-1: Manufacturer: syz
[  622.523410][ T5857] usb 1-1: SerialNumber: syz
[  622.542859][ T5857] usb 1-1: config 0 descriptor??
[  622.554651][ T5857] gspca_main: gspca_pac7302-2.14.0 probing 06f8:301b
[  623.154060][ T5930] usb 2-1: Using ep0 maxpacket: 32
[  623.239815][ T9205] netlink: 60 bytes leftover after parsing attributes in process `syz.0.838'.
[  623.858478][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  623.865369][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  623.924184][ T5930] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  623.976378][ T5857] gspca_pac7302: reg_w() failed i: 78 v: 00 error -110
[  624.448055][ T5857] gspca_pac7302 1-1:0.0: probe with driver gspca_pac7302 failed with error -110
[  624.920794][  T979] snd_usb_toneport 5-1:0.244: set_interface failed
[  624.935250][ T5857] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  625.789065][  T979] snd_usb_toneport 5-1:0.244: Line 6 GuitarPort now disconnected
[  625.798144][  T979] snd_usb_toneport 5-1:0.244: probe with driver snd_usb_toneport failed with error -71
[  625.810119][  T979] usb 5-1: USB disconnect, device number 13
[  625.889385][ T5930] usb 2-1: string descriptor 0 read error: -71
[  625.904999][ T5930] usb 2-1: New USB device found, idVendor=06f8, idProduct=301b, bcdDevice=bb.39
[  625.941128][ T5930] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  625.968420][ T5970] usb 1-1: USB disconnect, device number 19
[  625.979637][ T5930] usb 2-1: config 0 descriptor??
[  626.014836][ T5930] usb 2-1: can't set config #0, error -71
[  626.070277][ T5930] usb 2-1: USB disconnect, device number 25
[  626.094176][ T5857] usb 4-1: Using ep0 maxpacket: 32
[  626.109011][ T5857] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  626.228557][ T5857] usb 4-1: New USB device found, idVendor=06f8, idProduct=301b, bcdDevice=bb.39
[  626.265171][ T6282] Bluetooth: (null): Invalid header checksum
[  626.323845][ T5857] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  626.354327][ T6395] Bluetooth: (null): Invalid header checksum
[  626.391164][ T6395] Bluetooth: (null): Invalid header checksum
[  626.397877][ T5857] usb 4-1: Product: syz
[  626.402209][ T5857] usb 4-1: Manufacturer: syz
[  626.412209][ T5857] usb 4-1: SerialNumber: syz
[  626.419743][ T5857] usb 4-1: config 0 descriptor??
[  626.429639][ T5857] gspca_main: gspca_pac7302-2.14.0 probing 06f8:301b
[  626.484085][ T5970] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  626.622646][   T30] audit: type=1400 audit(2000000114.920:430): avc:  denied  { setopt } for  pid=9230 comm="syz.2.851" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  626.658069][ T9232] genirq: Flags mismatch irq 7. 00200080 (ttyS3) vs. 00200000 (das16m1)
[  626.671704][ T5930] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[  626.704550][ T5970] usb 1-1: Using ep0 maxpacket: 32
[  626.727995][ T5970] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  626.781990][ T5970] usb 1-1: New USB device found, idVendor=06f8, idProduct=301b, bcdDevice=bb.39
[  626.800658][ T5970] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  626.825769][ T5970] usb 1-1: Product: syz
[  626.835351][ T5970] usb 1-1: Manufacturer: syz
[  626.847558][ T5970] usb 1-1: SerialNumber: syz
[  626.868316][ T5970] usb 1-1: config 0 descriptor??
[  626.882423][ T5970] gspca_main: gspca_pac7302-2.14.0 probing 06f8:301b
[  626.894317][ T5930] usb 2-1: Using ep0 maxpacket: 32
[  626.904234][ T5930] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  626.984735][   T10] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  626.994845][ T5930] usb 2-1: New USB device found, idVendor=06f8, idProduct=301b, bcdDevice=bb.39
[  627.032625][ T9235] netlink: 44 bytes leftover after parsing attributes in process `syz.3.842'.
[  627.335193][ T5857] gspca_pac7302: reg_w() failed i: 78 v: 00 error -110
[  628.464207][ T5857] gspca_pac7302 4-1:0.0: probe with driver gspca_pac7302 failed with error -110
[  628.506114][ T5970] gspca_pac7302: reg_w() failed i: ff v: 01 error -110
[  628.523242][ T5930] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  628.563421][ T5970] gspca_pac7302 1-1:0.0: probe with driver gspca_pac7302 failed with error -110
[  628.575554][ T5930] usb 2-1: Product: syz
[  628.585178][ T5930] usb 2-1: Manufacturer: syz
[  628.600481][ T5930] usb 2-1: SerialNumber: syz
[  628.624768][ T5930] usb 2-1: config 0 descriptor??
[  628.645856][ T5930] gspca_main: gspca_pac7302-2.14.0 probing 06f8:301b
[  628.684227][   T10] usb 3-1: Using ep0 maxpacket: 8
[  628.692114][   T10] usb 3-1: config index 0 descriptor too short (expected 301, got 45)
[  628.715661][   T10] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  628.742621][   T10] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  628.752729][   T10] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  628.763087][   T10] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  628.778560][   T10] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  628.788132][   T10] usb 3-1: New USB device strings: Mfr=234, Product=255, SerialNumber=0
[  628.796156][ T5857] usb 4-1: USB disconnect, device number 18
[  628.797339][   T10] usb 3-1: Product: syz
[  628.807165][   T10] usb 3-1: Manufacturer: syz
[  629.010498][ T9239] netlink: 44 bytes leftover after parsing attributes in process `syz.0.847'.
[  629.364183][ T5930] gspca_pac7302: reg_w() failed i: 78 v: 00 error -110
[  629.371105][ T5930] gspca_pac7302 2-1:0.0: probe with driver gspca_pac7302 failed with error -110
[  630.474247][   T10] usb 3-1: usb_control_msg returned -71
[  630.493954][   T10] usbtmc 3-1:16.0: can't read capabilities
[  630.510880][ T5970] usb 2-1: USB disconnect, device number 26
[  630.569394][ T9245] netlink: 44 bytes leftover after parsing attributes in process `syz.2.853'.
[  630.593253][   T10] usb 3-1: USB disconnect, device number 25
[  630.640502][ T9245] netlink: 'syz.2.853': attribute type 6 has an invalid length.
[  630.677402][ T9245] netlink: 'syz.2.853': attribute type 5 has an invalid length.
[  631.006932][ T9245] netlink: 'syz.2.853': attribute type 4 has an invalid length.
[  631.679470][ T5857] usb 1-1: USB disconnect, device number 20
[  631.794998][ T5970] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  632.015230][ T5970] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  632.037006][ T5970] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  632.113791][ T5857] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  632.189702][ T5970] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  632.212632][ T5970] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  632.323243][ T5857] usb 1-1: Using ep0 maxpacket: 32
[  632.339017][ T5857] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  632.355244][ T5857] usb 1-1: New USB device found, idVendor=06f8, idProduct=301b, bcdDevice=bb.39
[  632.374653][ T5970] usb 2-1: SerialNumber: syz
[  632.383815][ T5857] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  632.432702][ T5857] usb 1-1: Product: syz
[  632.439640][ T5857] usb 1-1: Manufacturer: syz
[  632.456479][ T5857] usb 1-1: SerialNumber: syz
[  632.547283][ T5857] usb 1-1: config 0 descriptor??
[  632.559116][ T5857] gspca_main: gspca_pac7302-2.14.0 probing 06f8:301b
[  632.794313][ T8265] Bluetooth: (null): Invalid header checksum
[  632.802895][ T8265] Bluetooth: (null): Invalid header checksum
[  632.803942][ T5970] usb 2-1: 0:2 : does not exist
[  632.905957][ T5974] Bluetooth: (null): Invalid header checksum
[  633.021748][ T5883] Bluetooth: (null): Invalid header checksum
[  633.170187][ T6395] Bluetooth: (null): Invalid header checksum
[  633.173399][ T5970] usb 2-1: USB disconnect, device number 27
[  633.283947][ T5857] gspca_pac7302: reg_w() failed i: 78 v: 00 error -110
[  633.307185][ T5857] gspca_pac7302 1-1:0.0: probe with driver gspca_pac7302 failed with error -110
[  633.382924][ T9276] netlink: 44 bytes leftover after parsing attributes in process `syz.0.858'.
[  635.829084][ T5970] usb 1-1: USB disconnect, device number 21
[  636.061979][ T9296] F2FS-fs (loop5): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  636.070306][ T9296] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  636.082471][ T9296] F2FS-fs (loop5): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  636.120320][ T9296] F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock
[  636.227676][ T9299] input: syz0 as /devices/virtual/input/input9
[  636.251936][ T9281] kvm: pic: non byte write
[  637.935640][   T30] audit: type=1400 audit(2000000125.450:431): avc:  denied  { watch } for  pid=9310 comm="syz.2.871" path="/189/file0" dev="tmpfs" ino=1010 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  637.958773][   T30] audit: type=1400 audit(2000000125.460:432): avc:  denied  { associate } for  pid=9306 comm="syz.0.870" name="memory.events" scontext=root:object_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  637.981805][   T30] audit: type=1400 audit(2000000125.500:433): avc:  denied  { create } for  pid=9310 comm="syz.2.871" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  638.002644][   T30] audit: type=1400 audit(2000000125.500:434): avc:  denied  { ioctl } for  pid=9310 comm="syz.2.871" path="socket:[27264]" dev="sockfs" ino=27264 ioctlcmd=0x89e3 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  638.388403][   T30] audit: type=1400 audit(2000000126.560:435): avc:  denied  { setopt } for  pid=9323 comm="syz.2.873" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  638.516125][   T10] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[  638.601680][   T30] audit: type=1400 audit(2000000126.620:436): avc:  denied  { write } for  pid=9323 comm="syz.2.873" laddr=172.30.0.3 lport=20004 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  638.701580][ T5974] Bluetooth: (null): Invalid header checksum
[  638.707865][ T5974] Bluetooth: (null): Invalid header checksum
[  638.734177][   T10] usb 2-1: Using ep0 maxpacket: 16
[  638.746498][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  638.757881][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  638.815880][   T10] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  638.876056][   T10] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  638.888623][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  638.927181][   T10] usb 2-1: config 0 descriptor??
[  638.931421][ T9341] genirq: Flags mismatch irq 7. 00200080 (ttyS3) vs. 00200000 (das16m1)
[  639.014409][ T5930] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  639.185471][ T5930] usb 3-1: config 0 has no interfaces?
[  639.195410][ T5930] usb 3-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  639.219756][ T5930] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  639.234232][ T5930] usb 3-1: Product: syz
[  639.238681][ T5930] usb 3-1: Manufacturer: syz
[  639.252075][ T5930] usb 3-1: SerialNumber: syz
[  639.272212][ T5930] usb 3-1: config 0 descriptor??
[  639.345652][   T10] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0
[  639.352952][   T10] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0
[  639.363467][   T10] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0
[  639.382653][   T10] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0
[  639.395125][   T10] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0
[  639.404313][   T10] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0
[  639.411612][   T10] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0
[  639.419413][   T10] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0
[  639.427143][   T10] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0
[  639.434891][   T10] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0
[  639.488811][   T10] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.0006/input/input10
[  639.515336][ T9335] netlink: 8 bytes leftover after parsing attributes in process `syz.2.877'.
[  639.548195][   T10] microsoft 0003:045E:07DA.0006: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0
[  639.563282][ T9322] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  639.584575][ T9322] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  639.700469][ T5930] usb 2-1: USB disconnect, device number 28
[  639.782227][ T9347] fido_id[9347]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  639.907940][ T9353] netlink: 12 bytes leftover after parsing attributes in process `syz.0.882'.
[  639.919533][ T9353] openvswitch: netlink: Flow key attr not present in new flow.
[  639.955302][   T30] audit: type=1400 audit(2000000128.260:437): avc:  denied  { watch watch_reads } for  pid=9352 comm="syz.0.882" path="/186" dev="tmpfs" ino=997 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  640.016848][ T9356] F2FS-fs (loop7): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  640.025445][ T9356] F2FS-fs (loop7): Can't find valid F2FS filesystem in 1th superblock
[  640.034469][ T9356] F2FS-fs (loop7): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  640.044132][ T9356] F2FS-fs (loop7): Can't find valid F2FS filesystem in 2th superblock
[  641.076183][ T9378] FAULT_INJECTION: forcing a failure.
[  641.076183][ T9378] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  641.121609][ T9378] CPU: 1 UID: 0 PID: 9378 Comm: syz.3.885 Not tainted syzkaller #0 PREEMPT(full) 
[  641.121633][ T9378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  641.121643][ T9378] Call Trace:
[  641.121649][ T9378]  <TASK>
[  641.121656][ T9378]  dump_stack_lvl+0x16c/0x1f0
[  641.121687][ T9378]  should_fail_ex+0x512/0x640
[  641.121712][ T9378]  _copy_from_iter+0x29f/0x1720
[  641.121737][ T9378]  ? __alloc_skb+0x200/0x380
[  641.121756][ T9378]  ? __pfx__copy_from_iter+0x10/0x10
[  641.121777][ T9378]  ? netlink_autobind.isra.0+0x158/0x370
[  641.121810][ T9378]  netlink_sendmsg+0x820/0xdd0
[  641.121836][ T9378]  ? __pfx_netlink_sendmsg+0x10/0x10
[  641.121868][ T9378]  ____sys_sendmsg+0xa98/0xc70
[  641.121893][ T9378]  ? copy_msghdr_from_user+0x10a/0x160
[  641.121912][ T9378]  ? __pfx_____sys_sendmsg+0x10/0x10
[  641.121947][ T9378]  ___sys_sendmsg+0x134/0x1d0
[  641.121968][ T9378]  ? __pfx____sys_sendmsg+0x10/0x10
[  641.121985][ T9378]  ? __lock_acquire+0x622/0x1c90
[  641.122036][ T9378]  __sys_sendmsg+0x16d/0x220
[  641.122055][ T9378]  ? __pfx___sys_sendmsg+0x10/0x10
[  641.122091][ T9378]  do_syscall_64+0xcd/0xfa0
[  641.122112][ T9378]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  641.122129][ T9378] RIP: 0033:0x7f4733b8eec9
[  641.122143][ T9378] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  641.122159][ T9378] RSP: 002b:00007f4734aea038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  641.122175][ T9378] RAX: ffffffffffffffda RBX: 00007f4733de5fa0 RCX: 00007f4733b8eec9
[  641.122186][ T9378] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[  641.122196][ T9378] RBP: 00007f4734aea090 R08: 0000000000000000 R09: 0000000000000000
[  641.122206][ T9378] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  641.122215][ T9378] R13: 00007f4733de6038 R14: 00007f4733de5fa0 R15: 00007ffd88204d38
[  641.122238][ T9378]  </TASK>
[  641.784205][ T5938] usb 4-1: new full-speed USB device number 19 using dummy_hcd
[  641.852680][ T5930] usb 3-1: USB disconnect, device number 26
[  642.500388][ T5938] usb 4-1: config index 0 descriptor too short (expected 156, got 27)
[  642.511720][ T5938] usb 4-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  642.526427][ T5938] usb 4-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 10
[  642.545069][ T5938] usb 4-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 255, setting to 64
[  642.558365][ T5938] usb 4-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  642.594221][ T5938] usb 4-1: config 0 interface 0 has no altsetting 0
[  642.653286][ T5938] usb 4-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  642.670151][ T9398] genirq: Flags mismatch irq 7. 00200080 (ttyS3) vs. 00200000 (das16m1)
[  642.683418][ T5938] usb 4-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  642.721572][ T5938] usb 4-1: Product: syz
[  642.744142][ T5938] usb 4-1: Manufacturer: syz
[  642.782951][ T5938] usb 4-1: SerialNumber: syz
[  642.804900][ T5938] usb 4-1: config 0 descriptor??
[  642.830679][ T9380] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  642.845898][ T5938] ldusb 4-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  642.886157][ T5938] ldusb 4-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  642.918101][   T30] audit: type=1400 audit(2000000131.210:438): avc:  denied  { bind } for  pid=9406 comm="syz.4.894" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  642.946642][   T30] audit: type=1400 audit(2000000131.220:439): avc:  denied  { listen } for  pid=9406 comm="syz.4.894" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  643.069807][   T30] audit: type=1400 audit(2000000131.220:440): avc:  denied  { accept } for  pid=9406 comm="syz.4.894" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  643.222186][ T5938] usb 4-1: USB disconnect, device number 19
[  643.230045][ T5938] ldusb 4-1:0.0: LD USB Device #0 now disconnected
[  644.084788][ T5938] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  644.152678][   T30] audit: type=1400 audit(2000000132.450:441): avc:  denied  { wake_alarm } for  pid=9438 comm="syz.3.897" capability=35  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  644.264210][ T5938] usb 5-1: Using ep0 maxpacket: 8
[  644.353123][ T5938] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  644.374323][ T5938] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  644.396270][   T30] audit: type=1400 audit(2000000132.700:442): avc:  denied  { write } for  pid=9446 comm="syz.3.898" name="ptp0" dev="devtmpfs" ino=1265 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  644.423869][ T5938] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  644.455914][ T5938] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  644.575881][ T5938] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  644.665844][   T30] audit: type=1400 audit(2000000132.970:443): avc:  denied  { read write } for  pid=9450 comm="syz.0.899" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  644.694202][ T5938] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  644.795083][   T30] audit: type=1400 audit(2000000132.970:444): avc:  denied  { open } for  pid=9450 comm="syz.0.899" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  644.828168][   T30] audit: type=1400 audit(2000000133.030:445): avc:  denied  { ioctl } for  pid=9450 comm="syz.0.899" path="/dev/nullb0" dev="devtmpfs" ino=696 ioctlcmd=0x128b scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  644.926837][ T5930] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  645.085127][ T5930] usb 3-1: Using ep0 maxpacket: 32
[  645.144353][  T979] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  645.194086][ T5930] usb 3-1: config 0 has an invalid interface number: 51 but max is 0
[  645.202580][ T5930] usb 3-1: config 0 has no interface number 0
[  645.932566][  T979] usb 4-1: config 0 has no interfaces?
[  645.942445][ T5938] usb 5-1: GET_CAPABILITIES returned 0
[  645.961423][ T5938] usbtmc 5-1:16.0: can't read capabilities
[  646.064781][ T5930] usb 3-1: string descriptor 0 read error: -71
[  646.088697][ T5930] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  646.112557][ T5938] usb 5-1: USB disconnect, device number 14
[  646.118945][  T979] usb 4-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  646.135115][ T5930] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  646.147380][  T979] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  646.164738][  T979] usb 4-1: Product: syz
[  646.170403][ T5930] usb 3-1: config 0 descriptor??
[  646.176237][  T979] usb 4-1: Manufacturer: syz
[  646.180926][  T979] usb 4-1: SerialNumber: syz
[  646.187914][ T5930] usb 3-1: can't set config #0, error -71
[  646.196383][  T979] usb 4-1: config 0 descriptor??
[  646.209013][ T5930] usb 3-1: USB disconnect, device number 27
[  646.407987][ T9453] netlink: 8 bytes leftover after parsing attributes in process `syz.3.900'.
[  647.634168][ T5930] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  647.795976][ T5930] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  648.017248][   T30] audit: type=1400 audit(2000000136.290:446): avc:  denied  { getopt } for  pid=9492 comm="syz.4.908" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  648.038687][ T5930] usb 3-1: config 0 has no interface number 0
[  648.046413][ T5930] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  648.058099][ T5930] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  648.068719][ T5930] usb 3-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.00
[  648.078566][ T5930] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  648.417632][ T9504] block device autoloading is deprecated and will be removed.
[  648.427571][ T9508] netlink: 'syz.0.911': attribute type 2 has an invalid length.
[  648.476902][ T9508] netlink: 4 bytes leftover after parsing attributes in process `syz.0.911'.
[  648.496081][ T5857] usb 4-1: USB disconnect, device number 20
[  648.505706][ T5930] usb 3-1: config 0 descriptor??
[  648.543223][ T9504] lo speed is unknown, defaulting to 1000
[  648.549572][ T9504] lo speed is unknown, defaulting to 1000
[  648.690317][ T9504] lo speed is unknown, defaulting to 1000
[  648.856487][ T9504] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  648.933620][ T5857] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  649.381418][ T5930] hid_parser_main: 5 callbacks suppressed
[  649.381437][ T5930] prodikeys 0003:041E:2801.0007: unknown main item tag 0x0
[  649.395894][ T5930] prodikeys 0003:041E:2801.0007: unknown main item tag 0x0
[  649.403110][ T5930] prodikeys 0003:041E:2801.0007: unknown main item tag 0x0
[  649.411047][ T5930] prodikeys 0003:041E:2801.0007: unknown main item tag 0x0
[  649.418993][ T5930] prodikeys 0003:041E:2801.0007: unknown main item tag 0x0
[  649.460169][ T9504] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  649.467357][ T5930] prodikeys 0003:041E:2801.0007: unknown main item tag 0x0
[  649.480066][ T5930] prodikeys 0003:041E:2801.0007: unknown main item tag 0x0
[  649.495101][ T5857] usb 4-1: device descriptor read/64, error -71
[  649.593509][ T9504] lo speed is unknown, defaulting to 1000
[  649.605082][ T5930] prodikeys 0003:041E:2801.0007: hidraw0: USB HID v0.00 Device [HID 041e:2801] on usb-dummy_hcd.2-1/input1
[  649.635381][ T9504] lo speed is unknown, defaulting to 1000
[  649.656427][ T9504] lo speed is unknown, defaulting to 1000
[  649.665516][ T5930] hid_prodikeys: hid-prodikeys: failed to find output report
[  649.665516][ T5930] 
[  649.692369][ T9504] lo speed is unknown, defaulting to 1000
[  649.717122][ T9504] lo speed is unknown, defaulting to 1000
[  649.727341][ T9525] ==================================================================
[  649.730280][ T5930] usb 3-1: USB disconnect, device number 28
[  649.735400][ T9525] BUG: KASAN: slab-use-after-free in report_descriptor_read+0xbb/0x100
[  649.735434][ T9525] Read of size 7 at addr ffff888025df6b00 by task fido_id/9525
[  649.735448][ T9525] 
[  649.735457][ T9525] CPU: 1 UID: 0 PID: 9525 Comm: fido_id Not tainted syzkaller #0 PREEMPT(full) 
[  649.735477][ T9525] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  649.735488][ T9525] Call Trace:
[  649.735494][ T9525]  <TASK>
[  649.735500][ T9525]  dump_stack_lvl+0x116/0x1f0
[  649.735521][ T9525]  print_report+0xcd/0x630
[  649.735545][ T9525]  ? __virt_addr_valid+0x81/0x610
[  649.735562][ T9525]  ? __phys_addr+0xe8/0x180
[  649.735579][ T9525]  ? report_descriptor_read+0xbb/0x100
[  649.735602][ T9525]  kasan_report+0xe0/0x110
[  649.735625][ T9525]  ? report_descriptor_read+0xbb/0x100
[  649.735651][ T9525]  kasan_check_range+0x100/0x1b0
[  649.735667][ T9525]  __asan_memcpy+0x23/0x60
[  649.735687][ T9525]  report_descriptor_read+0xbb/0x100
[  649.735711][ T9525]  ? __pfx_report_descriptor_read+0x10/0x10
[  649.735735][ T9525]  sysfs_kf_bin_read+0x156/0x210
[  649.735763][ T9525]  kernfs_fop_read_iter+0x32b/0x610
[  649.735786][ T9525]  ? __pfx_sysfs_kf_bin_read+0x10/0x10
[  649.735812][ T9525]  vfs_read+0x8bf/0xcf0
[  649.735835][ T9525]  ? __pfx_vfs_read+0x10/0x10
[  649.735856][ T9525]  ? __pfx_do_sys_openat2+0x10/0x10
[  649.735878][ T9525]  ksys_read+0x12a/0x250
[  649.735897][ T9525]  ? __pfx_ksys_read+0x10/0x10
[  649.735926][ T9525]  do_syscall_64+0xcd/0xfa0
[  649.735947][ T9525]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  649.735964][ T9525] RIP: 0033:0x7f84bc6a7407
[  649.735978][ T9525] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[  649.735995][ T9525] RSP: 002b:00007ffca13e8180 EFLAGS: 00000202 ORIG_RAX: 0000000000000000
[  649.736011][ T9525] RAX: ffffffffffffffda RBX: 00007f84bcd73880 RCX: 00007f84bc6a7407
[  649.736022][ T9525] RDX: 0000000000001000 RSI: 00007ffca13e81d0 RDI: 0000000000000004
[  649.736032][ T9525] RBP: 0000557f1e05c2c0 R08: 0000000000000000 R09: 0000000000000000
[  649.736042][ T9525] R10: 0000000000000000 R11: 0000000000000202 R12: 0000557f1e05b4c0
[  649.736053][ T9525] R13: 00007ffca13e81d0 R14: 0000000000000004 R15: 0000557f117954d8
[  649.736070][ T9525]  </TASK>
[  649.736076][ T9525] 
[  649.736080][ T9525] Allocated by task 5930:
[  649.736088][ T9525]  kasan_save_stack+0x33/0x60
[  649.736109][ T9525]  kasan_save_track+0x14/0x30
[  649.736129][ T9525]  __kasan_kmalloc+0xaa/0xb0
[  649.736148][ T9525]  __kmalloc_node_track_caller_noprof+0x345/0x8a0
[  649.736171][ T9525]  kmemdup_noprof+0x29/0x60
[  649.736189][ T9525]  hid_open_report+0x223/0x830
[  649.736212][ T9525]  pk_probe+0x1f5/0x1130
[  649.736231][ T9525]  hid_device_probe+0x5ba/0x8d0
[  649.736244][ T9525]  really_probe+0x241/0xa90
[  649.736259][ T9525]  __driver_probe_device+0x1de/0x440
[  649.736275][ T9525]  driver_probe_device+0x4c/0x1b0
[  650.022647][ T9525]  __device_attach_driver+0x1df/0x310
[  650.028003][ T9525]  bus_for_each_drv+0x159/0x1e0
[  650.032840][ T9525]  __device_attach+0x1e4/0x4b0
[  650.037578][ T9525]  bus_probe_device+0x17f/0x1c0
[  650.042411][ T9525]  device_add+0x1148/0x1aa0
[  650.046891][ T9525]  hid_add_device+0x31b/0x5c0
[  650.051555][ T9525]  usbhid_probe+0xd38/0x13f0
[  650.056124][ T9525]  usb_probe_interface+0x303/0xa40
[  650.061216][ T9525]  really_probe+0x241/0xa90
[  650.065692][ T9525]  __driver_probe_device+0x1de/0x440
[  650.070952][ T9525]  driver_probe_device+0x4c/0x1b0
[  650.075949][ T9525]  __device_attach_driver+0x1df/0x310
[  650.081296][ T9525]  bus_for_each_drv+0x159/0x1e0
[  650.086128][ T9525]  __device_attach+0x1e4/0x4b0
[  650.090866][ T9525]  bus_probe_device+0x17f/0x1c0
[  650.095700][ T9525]  device_add+0x1148/0x1aa0
[  650.100183][ T9525]  usb_set_configuration+0x1187/0x1e20
[  650.105619][ T9525]  usb_generic_driver_probe+0xb1/0x110
[  650.111053][ T9525]  usb_probe_device+0xef/0x3e0
[  650.115796][ T9525]  really_probe+0x241/0xa90
[  650.120273][ T9525]  __driver_probe_device+0x1de/0x440
[  650.125538][ T9525]  driver_probe_device+0x4c/0x1b0
[  650.130549][ T9525]  __device_attach_driver+0x1df/0x310
[  650.135910][ T9525]  bus_for_each_drv+0x159/0x1e0
[  650.140752][ T9525]  __device_attach+0x1e4/0x4b0
[  650.145494][ T9525]  bus_probe_device+0x17f/0x1c0
[  650.150333][ T9525]  device_add+0x1148/0x1aa0
[  650.154814][ T9525]  usb_new_device+0xd07/0x1a60
[  650.159556][ T9525]  hub_event+0x2f34/0x4fe0
[  650.163950][ T9525]  process_one_work+0x9cf/0x1b70
[  650.168878][ T9525]  worker_thread+0x6c8/0xf10
[  650.173446][ T9525]  kthread+0x3c5/0x780
[  650.177495][ T9525]  ret_from_fork+0x675/0x7d0
[  650.182064][ T9525]  ret_from_fork_asm+0x1a/0x30
[  650.186813][ T9525] 
[  650.189118][ T9525] Freed by task 5930:
[  650.193068][ T9525]  kasan_save_stack+0x33/0x60
[  650.197730][ T9525]  kasan_save_track+0x14/0x30
[  650.202391][ T9525]  __kasan_save_free_info+0x3b/0x60
[  650.207568][ T9525]  __kasan_slab_free+0x5f/0x80
[  650.212324][ T9525]  kfree+0x2b8/0x6d0
[  650.216199][ T9525]  hid_close_report+0x2af/0x560
[  650.221035][ T9525]  hid_device_probe+0x60f/0x8d0
[  650.225861][ T9525]  really_probe+0x241/0xa90
[  650.230343][ T9525]  __driver_probe_device+0x1de/0x440
[  650.235603][ T9525]  driver_probe_device+0x4c/0x1b0
[  650.240610][ T9525]  __device_attach_driver+0x1df/0x310
[  650.245968][ T9525]  bus_for_each_drv+0x159/0x1e0
[  650.250808][ T9525]  __device_attach+0x1e4/0x4b0
[  650.255563][ T9525]  bus_probe_device+0x17f/0x1c0
[  650.260398][ T9525]  device_add+0x1148/0x1aa0
[  650.264879][ T9525]  hid_add_device+0x31b/0x5c0
[  650.269541][ T9525]  usbhid_probe+0xd38/0x13f0
[  650.274109][ T9525]  usb_probe_interface+0x303/0xa40
[  650.279205][ T9525]  really_probe+0x241/0xa90
[  650.283692][ T9525]  __driver_probe_device+0x1de/0x440
[  650.288964][ T9525]  driver_probe_device+0x4c/0x1b0
[  650.293969][ T9525]  __device_attach_driver+0x1df/0x310
[  650.299322][ T9525]  bus_for_each_drv+0x159/0x1e0
[  650.304154][ T9525]  __device_attach+0x1e4/0x4b0
[  650.308894][ T9525]  bus_probe_device+0x17f/0x1c0
[  650.313732][ T9525]  device_add+0x1148/0x1aa0
[  650.318220][ T9525]  usb_set_configuration+0x1187/0x1e20
[  650.323663][ T9525]  usb_generic_driver_probe+0xb1/0x110
[  650.329107][ T9525]  usb_probe_device+0xef/0x3e0
[  650.333859][ T9525]  really_probe+0x241/0xa90
[  650.338344][ T9525]  __driver_probe_device+0x1de/0x440
[  650.343605][ T9525]  driver_probe_device+0x4c/0x1b0
[  650.348612][ T9525]  __device_attach_driver+0x1df/0x310
[  650.353964][ T9525]  bus_for_each_drv+0x159/0x1e0
[  650.358803][ T9525]  __device_attach+0x1e4/0x4b0
[  650.363545][ T9525]  bus_probe_device+0x17f/0x1c0
[  650.368384][ T9525]  device_add+0x1148/0x1aa0
[  650.372866][ T9525]  usb_new_device+0xd07/0x1a60
[  650.377619][ T9525]  hub_event+0x2f34/0x4fe0
[  650.382036][ T9525]  process_one_work+0x9cf/0x1b70
[  650.386969][ T9525]  worker_thread+0x6c8/0xf10
[  650.391547][ T9525]  kthread+0x3c5/0x780
[  650.395602][ T9525]  ret_from_fork+0x675/0x7d0
[  650.400180][ T9525]  ret_from_fork_asm+0x1a/0x30
[  650.404925][ T9525] 
[  650.407230][ T9525] The buggy address belongs to the object at ffff888025df6b00
[  650.407230][ T9525]  which belongs to the cache kmalloc-8 of size 8
[  650.420912][ T9525] The buggy address is located 0 bytes inside of
[  650.420912][ T9525]  freed 8-byte region [ffff888025df6b00, ffff888025df6b08)
[  650.434338][ T9525] 
[  650.436638][ T9525] The buggy address belongs to the physical page:
[  650.443021][ T9525] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x25df6
[  650.451755][ T9525] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  650.458837][ T9525] page_type: f5(slab)
[  650.462796][ T9525] raw: 00fff00000000000 ffff88813ff26500 dead000000000100 dead000000000122
[  650.471357][ T9525] raw: 0000000000000000 0000000000800080 00000000f5000000 0000000000000000
[  650.479912][ T9525] page dumped because: kasan: bad access detected
[  650.486295][ T9525] page_owner tracks the page as allocated
[  650.491981][ T9525] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5860, tgid 5860 (syz-executor), ts 528377145515, free_ts 528377129919
[  650.511405][ T9525]  post_alloc_hook+0x1c0/0x230
[  650.516150][ T9525]  get_page_from_freelist+0x10a3/0x3a30
[  650.521674][ T9525]  __alloc_frozen_pages_noprof+0x25f/0x2470
[  650.527545][ T9525]  alloc_pages_mpol+0x1fb/0x550
[  650.532381][ T9525]  new_slab+0x24a/0x360
[  650.536510][ T9525]  ___slab_alloc+0xdc4/0x1ae0
[  650.541161][ T9525]  __slab_alloc.constprop.0+0x63/0x110
[  650.546595][ T9525]  __kmalloc_node_noprof+0x4dd/0x8a0
[  650.551858][ T9525]  __vmalloc_node_range_noprof+0x3e5/0x1480
[  650.557737][ T9525]  __vmalloc_node_noprof+0xad/0xf0
[  650.562831][ T9525]  do_ip6t_get_ctl+0x6b6/0xae0
[  650.567587][ T9525]  nf_getsockopt+0x7c/0xe0
[  650.571983][ T9525]  ipv6_getsockopt+0x1f7/0x280
[  650.576725][ T9525]  tcp_getsockopt+0xa1/0x100
[  650.581293][ T9525]  do_sock_getsockopt+0x34d/0x440
[  650.586299][ T9525]  __sys_getsockopt+0x12f/0x260
[  650.591126][ T9525] page last free pid 5860 tgid 5860 stack trace:
[  650.597423][ T9525]  __free_frozen_pages+0x7df/0x1160
[  650.602595][ T9525]  kasan_populate_vmalloc+0x160/0x2d0
[  650.607948][ T9525]  alloc_vmap_area+0x960/0x29e0
[  650.612780][ T9525]  __get_vm_area_node+0x1ca/0x330
[  650.617786][ T9525]  __vmalloc_node_range_noprof+0x271/0x1480
[  650.623667][ T9525]  __vmalloc_node_noprof+0xad/0xf0
[  650.628769][ T9525]  do_ip6t_get_ctl+0x6b6/0xae0
[  650.633514][ T9525]  nf_getsockopt+0x7c/0xe0
[  650.637914][ T9525]  ipv6_getsockopt+0x1f7/0x280
[  650.642662][ T9525]  tcp_getsockopt+0xa1/0x100
[  650.647231][ T9525]  do_sock_getsockopt+0x34d/0x440
[  650.652234][ T9525]  __sys_getsockopt+0x12f/0x260
[  650.657060][ T9525]  __x64_sys_getsockopt+0xbd/0x160
[  650.662148][ T9525]  do_syscall_64+0xcd/0xfa0
[  650.666630][ T9525]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  650.672498][ T9525] 
[  650.674796][ T9525] Memory state around the buggy address:
[  650.680399][ T9525]  ffff888025df6a00: fa fc fc fc fa fc fc fc fa fc fc fc 00 fc fc fc
[  650.688435][ T9525]  ffff888025df6a80: fa fc fc fc 07 fc fc fc fa fc fc fc fa fc fc fc
[  650.696471][ T9525] >ffff888025df6b00: fa fc fc fc fa fc fc fc 00 fc fc fc fa fc fc fc
[  650.704504][ T9525]                    ^
[  650.708543][ T9525]  ffff888025df6b80: fa fc fc fc fa fc fc fc fa fc fc fc fa fc fc fc
[  650.716579][ T9525]  ffff888025df6c00: 07 fc fc fc fa fc fc fc fa fc fc fc 06 fc fc fc
[  650.724617][ T9525] ==================================================================
[  650.744868][ T5857] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  650.852135][ T9525] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  650.859349][ T9525] CPU: 1 UID: 0 PID: 9525 Comm: fido_id Not tainted syzkaller #0 PREEMPT(full) 
[  650.868361][ T9525] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  650.878406][ T9525] Call Trace:
[  650.881677][ T9525]  <TASK>
[  650.884600][ T9525]  dump_stack_lvl+0x3d/0x1f0
[  650.889189][ T9525]  vpanic+0x640/0x6f0
[  650.893169][ T9525]  panic+0xca/0xd0
[  650.896890][ T9525]  ? __pfx_panic+0x10/0x10
[  650.901302][ T9525]  ? report_descriptor_read+0xbb/0x100
[  650.906761][ T9525]  ? preempt_schedule_common+0x44/0xc0
[  650.912214][ T9525]  ? preempt_schedule_thunk+0x16/0x30
[  650.917584][ T9525]  ? check_panic_on_warn+0x1f/0xb0
[  650.922691][ T9525]  check_panic_on_warn+0xab/0xb0
[  650.927628][ T9525]  end_report+0x107/0x170
[  650.931960][ T9525]  kasan_report+0xee/0x110
[  650.936377][ T9525]  ? report_descriptor_read+0xbb/0x100
[  650.941839][ T9525]  kasan_check_range+0x100/0x1b0
[  650.946781][ T9525]  __asan_memcpy+0x23/0x60
[  650.951194][ T9525]  report_descriptor_read+0xbb/0x100
[  650.956476][ T9525]  ? __pfx_report_descriptor_read+0x10/0x10
[  650.962358][ T9525]  sysfs_kf_bin_read+0x156/0x210
[  650.967284][ T9525]  kernfs_fop_read_iter+0x32b/0x610
[  650.972463][ T9525]  ? __pfx_sysfs_kf_bin_read+0x10/0x10
[  650.977911][ T9525]  vfs_read+0x8bf/0xcf0
[  650.982052][ T9525]  ? __pfx_vfs_read+0x10/0x10
[  650.986710][ T9525]  ? __pfx_do_sys_openat2+0x10/0x10
[  650.991890][ T9525]  ksys_read+0x12a/0x250
[  650.996112][ T9525]  ? __pfx_ksys_read+0x10/0x10
[  651.000860][ T9525]  do_syscall_64+0xcd/0xfa0
[  651.005345][ T9525]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  651.011217][ T9525] RIP: 0033:0x7f84bc6a7407
[  651.015611][ T9525] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[  651.035196][ T9525] RSP: 002b:00007ffca13e8180 EFLAGS: 00000202 ORIG_RAX: 0000000000000000
[  651.043589][ T9525] RAX: ffffffffffffffda RBX: 00007f84bcd73880 RCX: 00007f84bc6a7407
[  651.051543][ T9525] RDX: 0000000000001000 RSI: 00007ffca13e81d0 RDI: 0000000000000004
[  651.059489][ T9525] RBP: 0000557f1e05c2c0 R08: 0000000000000000 R09: 0000000000000000
[  651.067436][ T9525] R10: 0000000000000000 R11: 0000000000000202 R12: 0000557f1e05b4c0
[  651.075383][ T9525] R13: 00007ffca13e81d0 R14: 0000000000000004 R15: 0000557f117954d8
[  651.083338][ T9525]  </TASK>
[  651.086546][ T9525] Kernel Offset: disabled
[  651.090846][ T9525] Rebooting in 86400 seconds..